refactor(deps): Restructure into checks/

aquasecurity · Nov 29, 2023 · 8e43b25 · 8e43b25
1 parent 6338827
commit 8e43b25
Show file tree

Hide file tree

Showing 1,450 changed files with 696 additions and 1,087 deletions.
diff --git a/rules/.manifest → checks/.manifest b/rules/.manifest → checks/.manifest
diff --git a/.../accessanalyzer/enable_access_analyzer.go → .../accessanalyzer/enable_access_analyzer.go b/.../accessanalyzer/enable_access_analyzer.go → .../accessanalyzer/enable_access_analyzer.go
@@ -7,10 +7,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
 	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var CheckEnableAccessAnalyzer = rules.Register(
+var CheckEnableAccessAnalyzer = checks.Register(
 	scan.Rule{
 		AVDID:     "AVD-AWS-0175",
 		Provider:  providers.AWSProvider,

diff --git a/...ssanalyzer/enable_access_analyzer_test.go → ...ssanalyzer/enable_access_analyzer_test.go b/...ssanalyzer/enable_access_analyzer_test.go → ...ssanalyzer/enable_access_analyzer_test.go
diff --git a/...ws/apigateway/enable_access_logging.cf.go → ...ws/apigateway/enable_access_logging.cf.go b/...ws/apigateway/enable_access_logging.cf.go → ...ws/apigateway/enable_access_logging.cf.go
diff --git a/...s/aws/apigateway/enable_access_logging.go → ...d/aws/apigateway/enable_access_logging.go b/...s/aws/apigateway/enable_access_logging.go → ...d/aws/apigateway/enable_access_logging.go
@@ -5,10 +5,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/scan"
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var CheckEnableAccessLogging = rules.Register(
+var CheckEnableAccessLogging = checks.Register(
 	scan.Rule{
 		AVDID:       "AVD-AWS-0001",
 		Provider:    providers.AWSProvider,

diff --git a/...ws/apigateway/enable_access_logging.tf.go → ...ws/apigateway/enable_access_logging.tf.go b/...ws/apigateway/enable_access_logging.tf.go → ...ws/apigateway/enable_access_logging.tf.go
diff --git a/.../apigateway/enable_access_logging_test.go → .../apigateway/enable_access_logging_test.go b/.../apigateway/enable_access_logging_test.go → .../apigateway/enable_access_logging_test.go
diff --git a/...d/policies/aws/apigateway/enable_cache.go → checks/cloud/aws/apigateway/enable_cache.go b/...d/policies/aws/apigateway/enable_cache.go → checks/cloud/aws/apigateway/enable_cache.go
@@ -5,10 +5,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/scan"
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var CheckEnableCache = rules.Register(
+var CheckEnableCache = checks.Register(
 	scan.Rule{
 		AVDID:       "AVD-AWS-0190",
 		Provider:    providers.AWSProvider,

diff --git a/...olicies/aws/apigateway/enable_cache.tf.go → ...s/cloud/aws/apigateway/enable_cache.tf.go b/...olicies/aws/apigateway/enable_cache.tf.go → ...s/cloud/aws/apigateway/enable_cache.tf.go
diff --git a/...aws/apigateway/enable_cache_encryption.go → ...aws/apigateway/enable_cache_encryption.go b/...aws/apigateway/enable_cache_encryption.go → ...aws/apigateway/enable_cache_encryption.go
@@ -5,10 +5,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/scan"
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var CheckEnableCacheEncryption = rules.Register(
+var CheckEnableCacheEncryption = checks.Register(
 	scan.Rule{
 		AVDID:       "AVD-AWS-0002",
 		Provider:    providers.AWSProvider,

diff --git a/.../apigateway/enable_cache_encryption.tf.go → .../apigateway/enable_cache_encryption.tf.go b/.../apigateway/enable_cache_encryption.tf.go → .../apigateway/enable_cache_encryption.tf.go
diff --git a/...pigateway/enable_cache_encryption_test.go → ...pigateway/enable_cache_encryption_test.go b/...pigateway/enable_cache_encryption_test.go → ...pigateway/enable_cache_encryption_test.go
diff --git a/...icies/aws/apigateway/enable_cache_test.go → ...cloud/aws/apigateway/enable_cache_test.go b/...icies/aws/apigateway/enable_cache_test.go → ...cloud/aws/apigateway/enable_cache_test.go
diff --git a/...policies/aws/apigateway/enable_tracing.go → ...ks/cloud/aws/apigateway/enable_tracing.go b/...policies/aws/apigateway/enable_tracing.go → ...ks/cloud/aws/apigateway/enable_tracing.go
@@ -5,10 +5,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/scan"
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var CheckEnableTracing = rules.Register(
+var CheckEnableTracing = checks.Register(
 	scan.Rule{
 		AVDID:       "AVD-AWS-0003",
 		Provider:    providers.AWSProvider,

diff --git a/...icies/aws/apigateway/enable_tracing.tf.go → ...cloud/aws/apigateway/enable_tracing.tf.go b/...icies/aws/apigateway/enable_tracing.tf.go → ...cloud/aws/apigateway/enable_tracing.tf.go
diff --git a/...ies/aws/apigateway/enable_tracing_test.go → ...oud/aws/apigateway/enable_tracing_test.go b/...ies/aws/apigateway/enable_tracing_test.go → ...oud/aws/apigateway/enable_tracing_test.go
diff --git a/...licies/aws/apigateway/no_public_access.go → .../cloud/aws/apigateway/no_public_access.go b/...licies/aws/apigateway/no_public_access.go → .../cloud/aws/apigateway/no_public_access.go
@@ -6,10 +6,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/scan"
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var CheckNoPublicAccess = rules.Register(
+var CheckNoPublicAccess = checks.Register(
 	scan.Rule{
 		AVDID:       "AVD-AWS-0004",
 		Provider:    providers.AWSProvider,

diff --git a/...ies/aws/apigateway/no_public_access.tf.go → ...oud/aws/apigateway/no_public_access.tf.go b/...ies/aws/apigateway/no_public_access.tf.go → ...oud/aws/apigateway/no_public_access.tf.go
diff --git a/...s/aws/apigateway/no_public_access_test.go → ...d/aws/apigateway/no_public_access_test.go b/...s/aws/apigateway/no_public_access_test.go → ...d/aws/apigateway/no_public_access_test.go
diff --git a/...s/aws/apigateway/use_secure_tls_policy.go → ...d/aws/apigateway/use_secure_tls_policy.go b/...s/aws/apigateway/use_secure_tls_policy.go → ...d/aws/apigateway/use_secure_tls_policy.go
@@ -5,10 +5,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/scan"
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var CheckUseSecureTlsPolicy = rules.Register(
+var CheckUseSecureTlsPolicy = checks.Register(
 	scan.Rule{
 		AVDID:       "AVD-AWS-0005",
 		Provider:    providers.AWSProvider,

diff --git a/...ws/apigateway/use_secure_tls_policy.tf.go → ...ws/apigateway/use_secure_tls_policy.tf.go b/...ws/apigateway/use_secure_tls_policy.tf.go → ...ws/apigateway/use_secure_tls_policy.tf.go
diff --git a/.../apigateway/use_secure_tls_policy_test.go → .../apigateway/use_secure_tls_policy_test.go b/.../apigateway/use_secure_tls_policy_test.go → .../apigateway/use_secure_tls_policy_test.go
diff --git a/...ws/athena/enable_at_rest_encryption.cf.go → ...ws/athena/enable_at_rest_encryption.cf.go b/...ws/athena/enable_at_rest_encryption.cf.go → ...ws/athena/enable_at_rest_encryption.cf.go
diff --git a/...s/aws/athena/enable_at_rest_encryption.go → ...d/aws/athena/enable_at_rest_encryption.go b/...s/aws/athena/enable_at_rest_encryption.go → ...d/aws/athena/enable_at_rest_encryption.go
@@ -6,10 +6,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/scan"
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var CheckEnableAtRestEncryption = rules.Register(
+var CheckEnableAtRestEncryption = checks.Register(
 	scan.Rule{
 		AVDID:       "AVD-AWS-0006",
 		Provider:    providers.AWSProvider,

diff --git a/...ws/athena/enable_at_rest_encryption.tf.go → ...ws/athena/enable_at_rest_encryption.tf.go b/...ws/athena/enable_at_rest_encryption.tf.go → ...ws/athena/enable_at_rest_encryption.tf.go
diff --git a/.../athena/enable_at_rest_encryption_test.go → .../athena/enable_at_rest_encryption_test.go b/.../athena/enable_at_rest_encryption_test.go → .../athena/enable_at_rest_encryption_test.go
diff --git a/...s/aws/athena/no_encryption_override.cf.go → ...d/aws/athena/no_encryption_override.cf.go b/...s/aws/athena/no_encryption_override.cf.go → ...d/aws/athena/no_encryption_override.cf.go
diff --git a/...cies/aws/athena/no_encryption_override.go → ...loud/aws/athena/no_encryption_override.go b/...cies/aws/athena/no_encryption_override.go → ...loud/aws/athena/no_encryption_override.go
@@ -5,10 +5,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/scan"
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var CheckNoEncryptionOverride = rules.Register(
+var CheckNoEncryptionOverride = checks.Register(
 	scan.Rule{
 		AVDID:       "AVD-AWS-0007",
 		Provider:    providers.AWSProvider,

diff --git a/...s/aws/athena/no_encryption_override.tf.go → ...d/aws/athena/no_encryption_override.tf.go b/...s/aws/athena/no_encryption_override.tf.go → ...d/aws/athena/no_encryption_override.tf.go
diff --git a/...aws/athena/no_encryption_override_test.go → ...aws/athena/no_encryption_override_test.go b/...aws/athena/no_encryption_override_test.go → ...aws/athena/no_encryption_override_test.go
diff --git a/...icies/aws/cloudfront/enable_logging.cf.go → ...cloud/aws/cloudfront/enable_logging.cf.go b/...icies/aws/cloudfront/enable_logging.cf.go → ...cloud/aws/cloudfront/enable_logging.cf.go
diff --git a/...policies/aws/cloudfront/enable_logging.go → ...ks/cloud/aws/cloudfront/enable_logging.go b/...policies/aws/cloudfront/enable_logging.go → ...ks/cloud/aws/cloudfront/enable_logging.go
@@ -5,10 +5,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/scan"
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var CheckEnableLogging = rules.Register(
+var CheckEnableLogging = checks.Register(
 	scan.Rule{
 		AVDID:       "AVD-AWS-0010",
 		Provider:    providers.AWSProvider,

diff --git a/...icies/aws/cloudfront/enable_logging.tf.go → ...cloud/aws/cloudfront/enable_logging.tf.go b/...icies/aws/cloudfront/enable_logging.tf.go → ...cloud/aws/cloudfront/enable_logging.tf.go
diff --git a/...ies/aws/cloudfront/enable_logging_test.go → ...oud/aws/cloudfront/enable_logging_test.go b/...ies/aws/cloudfront/enable_logging_test.go → ...oud/aws/cloudfront/enable_logging_test.go
diff --git a/.../policies/aws/cloudfront/enable_waf.cf.go → checks/cloud/aws/cloudfront/enable_waf.cf.go b/.../policies/aws/cloudfront/enable_waf.cf.go → checks/cloud/aws/cloudfront/enable_waf.cf.go
diff --git a/...oud/policies/aws/cloudfront/enable_waf.go → checks/cloud/aws/cloudfront/enable_waf.go b/...oud/policies/aws/cloudfront/enable_waf.go → checks/cloud/aws/cloudfront/enable_waf.go
@@ -5,10 +5,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/scan"
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var CheckEnableWaf = rules.Register(
+var CheckEnableWaf = checks.Register(
 	scan.Rule{
 		AVDID:       "AVD-AWS-0011",
 		Provider:    providers.AWSProvider,

diff --git a/.../policies/aws/cloudfront/enable_waf.tf.go → checks/cloud/aws/cloudfront/enable_waf.tf.go b/.../policies/aws/cloudfront/enable_waf.tf.go → checks/cloud/aws/cloudfront/enable_waf.tf.go
diff --git a/...olicies/aws/cloudfront/enable_waf_test.go → ...s/cloud/aws/cloudfront/enable_waf_test.go b/...olicies/aws/cloudfront/enable_waf_test.go → ...s/cloud/aws/cloudfront/enable_waf_test.go
diff --git a/...licies/aws/cloudfront/enforce_https.cf.go → .../cloud/aws/cloudfront/enforce_https.cf.go b/...licies/aws/cloudfront/enforce_https.cf.go → .../cloud/aws/cloudfront/enforce_https.cf.go
diff --git a/.../policies/aws/cloudfront/enforce_https.go → checks/cloud/aws/cloudfront/enforce_https.go b/.../policies/aws/cloudfront/enforce_https.go → checks/cloud/aws/cloudfront/enforce_https.go
@@ -6,10 +6,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/scan"
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var CheckEnforceHttps = rules.Register(
+var CheckEnforceHttps = checks.Register(
 	scan.Rule{
 		AVDID:      "AVD-AWS-0012",
 		Provider:   providers.AWSProvider,

diff --git a/...licies/aws/cloudfront/enforce_https.tf.go → .../cloud/aws/cloudfront/enforce_https.tf.go b/...licies/aws/cloudfront/enforce_https.tf.go → .../cloud/aws/cloudfront/enforce_https.tf.go
diff --git a/...cies/aws/cloudfront/enforce_https_test.go → ...loud/aws/cloudfront/enforce_https_test.go b/...cies/aws/cloudfront/enforce_https_test.go → ...loud/aws/cloudfront/enforce_https_test.go
diff --git a/...ws/cloudfront/use_secure_tls_policy.cf.go → ...ws/cloudfront/use_secure_tls_policy.cf.go b/...ws/cloudfront/use_secure_tls_policy.cf.go → ...ws/cloudfront/use_secure_tls_policy.cf.go
diff --git a/...s/aws/cloudfront/use_secure_tls_policy.go → ...d/aws/cloudfront/use_secure_tls_policy.go b/...s/aws/cloudfront/use_secure_tls_policy.go → ...d/aws/cloudfront/use_secure_tls_policy.go
@@ -6,10 +6,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/scan"
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var CheckUseSecureTlsPolicy = rules.Register(
+var CheckUseSecureTlsPolicy = checks.Register(
 	scan.Rule{
 		AVDID:      "AVD-AWS-0013",
 		Provider:   providers.AWSProvider,

diff --git a/...ws/cloudfront/use_secure_tls_policy.tf.go → ...ws/cloudfront/use_secure_tls_policy.tf.go b/...ws/cloudfront/use_secure_tls_policy.tf.go → ...ws/cloudfront/use_secure_tls_policy.tf.go
diff --git a/.../cloudfront/use_secure_tls_policy_test.go → .../cloudfront/use_secure_tls_policy_test.go b/.../cloudfront/use_secure_tls_policy_test.go → .../cloudfront/use_secure_tls_policy_test.go
diff --git a/...s/aws/cloudtrail/enable_all_regions.cf.go → ...d/aws/cloudtrail/enable_all_regions.cf.go b/...s/aws/cloudtrail/enable_all_regions.cf.go → ...d/aws/cloudtrail/enable_all_regions.cf.go
diff --git a/...cies/aws/cloudtrail/enable_all_regions.go → ...loud/aws/cloudtrail/enable_all_regions.go b/...cies/aws/cloudtrail/enable_all_regions.go → ...loud/aws/cloudtrail/enable_all_regions.go
@@ -6,10 +6,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/scan"
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var CheckEnableAllRegions = rules.Register(
+var CheckEnableAllRegions = checks.Register(
 	scan.Rule{
 		AVDID:     "AVD-AWS-0014",
 		Provider:  providers.AWSProvider,

diff --git a/...s/aws/cloudtrail/enable_all_regions.tf.go → ...d/aws/cloudtrail/enable_all_regions.tf.go b/...s/aws/cloudtrail/enable_all_regions.tf.go → ...d/aws/cloudtrail/enable_all_regions.tf.go
diff --git a/...aws/cloudtrail/enable_all_regions_test.go → ...aws/cloudtrail/enable_all_regions_test.go b/...aws/cloudtrail/enable_all_regions_test.go → ...aws/cloudtrail/enable_all_regions_test.go
diff --git a/...loudtrail/enable_at_rest_encryption.cf.go → ...loudtrail/enable_at_rest_encryption.cf.go b/...loudtrail/enable_at_rest_encryption.cf.go → ...loudtrail/enable_at_rest_encryption.cf.go
diff --git a/...s/cloudtrail/enable_at_rest_encryption.go → ...s/cloudtrail/enable_at_rest_encryption.go b/...s/cloudtrail/enable_at_rest_encryption.go → ...s/cloudtrail/enable_at_rest_encryption.go
@@ -5,10 +5,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/scan"
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var CheckEnableAtRestEncryption = rules.Register(
+var CheckEnableAtRestEncryption = checks.Register(
 	scan.Rule{
 		AVDID:       "AVD-AWS-0015",
 		Provider:    providers.AWSProvider,

diff --git a/...loudtrail/enable_at_rest_encryption.tf.go → ...loudtrail/enable_at_rest_encryption.tf.go b/...loudtrail/enable_at_rest_encryption.tf.go → ...loudtrail/enable_at_rest_encryption.tf.go
diff --git a/...udtrail/enable_at_rest_encryption_test.go → ...udtrail/enable_at_rest_encryption_test.go b/...udtrail/enable_at_rest_encryption_test.go → ...udtrail/enable_at_rest_encryption_test.go
diff --git a/...ws/cloudtrail/enable_log_validation.cf.go → ...ws/cloudtrail/enable_log_validation.cf.go b/...ws/cloudtrail/enable_log_validation.cf.go → ...ws/cloudtrail/enable_log_validation.cf.go
diff --git a/...s/aws/cloudtrail/enable_log_validation.go → ...d/aws/cloudtrail/enable_log_validation.go b/...s/aws/cloudtrail/enable_log_validation.go → ...d/aws/cloudtrail/enable_log_validation.go
@@ -5,10 +5,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/scan"
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var CheckEnableLogValidation = rules.Register(
+var CheckEnableLogValidation = checks.Register(
 	scan.Rule{
 		AVDID:       "AVD-AWS-0016",
 		Provider:    providers.AWSProvider,

diff --git a/...ws/cloudtrail/enable_log_validation.tf.go → ...ws/cloudtrail/enable_log_validation.tf.go b/...ws/cloudtrail/enable_log_validation.tf.go → ...ws/cloudtrail/enable_log_validation.tf.go
diff --git a/.../cloudtrail/enable_log_validation_test.go → .../cloudtrail/enable_log_validation_test.go b/.../cloudtrail/enable_log_validation_test.go → .../cloudtrail/enable_log_validation_test.go
diff --git a/...trail/ensure_cloudwatch_integration.cf.go → ...trail/ensure_cloudwatch_integration.cf.go b/...trail/ensure_cloudwatch_integration.cf.go → ...trail/ensure_cloudwatch_integration.cf.go
diff --git a/...oudtrail/ensure_cloudwatch_integration.go → ...oudtrail/ensure_cloudwatch_integration.go b/...oudtrail/ensure_cloudwatch_integration.go → ...oudtrail/ensure_cloudwatch_integration.go
@@ -6,10 +6,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/scan"
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var checkEnsureCloudwatchIntegration = rules.Register(
+var checkEnsureCloudwatchIntegration = checks.Register(
 	scan.Rule{
 		AVDID:     "AVD-AWS-0162",
 		Provider:  providers.AWSProvider,

diff --git a/...trail/ensure_cloudwatch_integration.tf.go → ...trail/ensure_cloudwatch_integration.tf.go b/...trail/ensure_cloudwatch_integration.tf.go → ...trail/ensure_cloudwatch_integration.tf.go
diff --git a/...ail/ensure_cloudwatch_integration_test.go → ...ail/ensure_cloudwatch_integration_test.go b/...ail/ensure_cloudwatch_integration_test.go → ...ail/ensure_cloudwatch_integration_test.go
diff --git a/...aws/cloudtrail/no_public_log_access.cf.go → ...aws/cloudtrail/no_public_log_access.cf.go b/...aws/cloudtrail/no_public_log_access.cf.go → ...aws/cloudtrail/no_public_log_access.cf.go
diff --git a/...es/aws/cloudtrail/no_public_log_access.go → ...ud/aws/cloudtrail/no_public_log_access.go b/...es/aws/cloudtrail/no_public_log_access.go → ...ud/aws/cloudtrail/no_public_log_access.go
@@ -6,10 +6,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/scan"
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var checkNoPublicLogAccess = rules.Register(
+var checkNoPublicLogAccess = checks.Register(
 	scan.Rule{
 		AVDID:     "AVD-AWS-0161",
 		Provider:  providers.AWSProvider,

diff --git a/...aws/cloudtrail/no_public_log_access.tf.go → ...aws/cloudtrail/no_public_log_access.tf.go b/...aws/cloudtrail/no_public_log_access.tf.go → ...aws/cloudtrail/no_public_log_access.tf.go
diff --git a/...s/cloudtrail/no_public_log_access_test.go → ...s/cloudtrail/no_public_log_access_test.go b/...s/cloudtrail/no_public_log_access_test.go → ...s/cloudtrail/no_public_log_access_test.go
diff --git a/...trail/require_bucket_access_logging.cf.go → ...trail/require_bucket_access_logging.cf.go b/...trail/require_bucket_access_logging.cf.go → ...trail/require_bucket_access_logging.cf.go
diff --git a/...oudtrail/require_bucket_access_logging.go → ...oudtrail/require_bucket_access_logging.go b/...oudtrail/require_bucket_access_logging.go → ...oudtrail/require_bucket_access_logging.go
@@ -6,10 +6,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/scan"
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var checkBucketAccessLoggingRequired = rules.Register(
+var checkBucketAccessLoggingRequired = checks.Register(
 	scan.Rule{
 		AVDID:     "AVD-AWS-0163",
 		Provider:  providers.AWSProvider,

diff --git a/...trail/require_bucket_access_logging.tf.go → ...trail/require_bucket_access_logging.tf.go b/...trail/require_bucket_access_logging.tf.go → ...trail/require_bucket_access_logging.tf.go
diff --git a/...ail/require_bucket_access_logging_test.go → ...ail/require_bucket_access_logging_test.go b/...ail/require_bucket_access_logging_test.go → ...ail/require_bucket_access_logging_test.go
diff --git a/...s/cloudwatch/log_group_customer_key.cf.go → ...s/cloudwatch/log_group_customer_key.cf.go b/...s/cloudwatch/log_group_customer_key.cf.go → ...s/cloudwatch/log_group_customer_key.cf.go
diff --git a/.../aws/cloudwatch/log_group_customer_key.go → .../aws/cloudwatch/log_group_customer_key.go b/.../aws/cloudwatch/log_group_customer_key.go → .../aws/cloudwatch/log_group_customer_key.go
@@ -5,10 +5,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/scan"
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var CheckLogGroupCustomerKey = rules.Register(
+var CheckLogGroupCustomerKey = checks.Register(
 	scan.Rule{
 		AVDID:       "AVD-AWS-0017",
 		Provider:    providers.AWSProvider,

diff --git a/...s/cloudwatch/log_group_customer_key.tf.go → ...s/cloudwatch/log_group_customer_key.tf.go b/...s/cloudwatch/log_group_customer_key.tf.go → ...s/cloudwatch/log_group_customer_key.tf.go
diff --git a/...cloudwatch/log_group_customer_key_test.go → ...cloudwatch/log_group_customer_key_test.go b/...cloudwatch/log_group_customer_key_test.go → ...cloudwatch/log_group_customer_key_test.go
diff --git a/...dwatch/require_cloudtrail_change_alarm.go → ...dwatch/require_cloudtrail_change_alarm.go b/...dwatch/require_cloudtrail_change_alarm.go → ...dwatch/require_cloudtrail_change_alarm.go
@@ -8,10 +8,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
 	"github.com/aquasecurity/defsec/pkg/types"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var requireCloudTrailChangeAlarm = rules.Register(
+var requireCloudTrailChangeAlarm = checks.Register(
 	scan.Rule{
 		AVDID:      "AVD-AWS-0151",
 		Provider:   providers.AWSProvider,

diff --git a/...h/require_cloudtrail_change_alarm_test.go → ...h/require_cloudtrail_change_alarm_test.go b/...h/require_cloudtrail_change_alarm_test.go → ...h/require_cloudtrail_change_alarm_test.go
diff --git a/.../cloudwatch/require_cmk_disabled_alarm.go → .../cloudwatch/require_cmk_disabled_alarm.go b/.../cloudwatch/require_cmk_disabled_alarm.go → .../cloudwatch/require_cmk_disabled_alarm.go
@@ -8,10 +8,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
 	"github.com/aquasecurity/defsec/pkg/types"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var requireCMKDisabledAlarm = rules.Register(
+var requireCMKDisabledAlarm = checks.Register(
 	scan.Rule{
 		AVDID:      "AVD-AWS-0153",
 		Provider:   providers.AWSProvider,

diff --git a/...dwatch/require_cmk_disabled_alarm_test.go → ...dwatch/require_cmk_disabled_alarm_test.go b/...dwatch/require_cmk_disabled_alarm_test.go → ...dwatch/require_cmk_disabled_alarm_test.go
diff --git a/...uire_config_configuration_change_alarm.go → ...uire_config_configuration_change_alarm.go b/...uire_config_configuration_change_alarm.go → ...uire_config_configuration_change_alarm.go
@@ -8,10 +8,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
 	"github.com/aquasecurity/defsec/pkg/types"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var requireConfigConfigurationChangeAlarm = rules.Register(
+var requireConfigConfigurationChangeAlarm = checks.Register(
 	scan.Rule{
 		AVDID:      "AVD-AWS-0155",
 		Provider:   providers.AWSProvider,

diff --git a/...config_configuration_change_alarm_test.go → ...config_configuration_change_alarm_test.go b/...config_configuration_change_alarm_test.go → ...config_configuration_change_alarm_test.go
diff --git a/...ch/require_console_login_failure_alarm.go → ...ch/require_console_login_failure_alarm.go b/...ch/require_console_login_failure_alarm.go → ...ch/require_console_login_failure_alarm.go
@@ -8,10 +8,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
 	"github.com/aquasecurity/defsec/pkg/types"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var requireConsoleLoginFailureAlarm = rules.Register(
+var requireConsoleLoginFailureAlarm = checks.Register(
 	scan.Rule{
 		AVDID:      "AVD-AWS-0152",
 		Provider:   providers.AWSProvider,

diff --git a/...quire_console_login_failure_alarm_test.go → ...quire_console_login_failure_alarm_test.go b/...quire_console_login_failure_alarm_test.go → ...quire_console_login_failure_alarm_test.go
diff --git a/...dwatch/require_iam_policy_change_alarm.go → ...dwatch/require_iam_policy_change_alarm.go b/...dwatch/require_iam_policy_change_alarm.go → ...dwatch/require_iam_policy_change_alarm.go
@@ -8,10 +8,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
 	"github.com/aquasecurity/defsec/pkg/types"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var requireIAMPolicyChangeAlarm = rules.Register(
+var requireIAMPolicyChangeAlarm = checks.Register(
 	scan.Rule{
 		AVDID:      "AVD-AWS-0150",
 		Provider:   providers.AWSProvider,

diff --git a/...h/require_iam_policy_change_alarm_test.go → ...h/require_iam_policy_change_alarm_test.go b/...h/require_iam_policy_change_alarm_test.go → ...h/require_iam_policy_change_alarm_test.go
diff --git a/...s/cloudwatch/require_nacl_change_alarm.go → ...s/cloudwatch/require_nacl_change_alarm.go b/...s/cloudwatch/require_nacl_change_alarm.go → ...s/cloudwatch/require_nacl_change_alarm.go
@@ -8,10 +8,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
 	"github.com/aquasecurity/defsec/pkg/types"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var requireNACLChangeAlarm = rules.Register(
+var requireNACLChangeAlarm = checks.Register(
 	scan.Rule{
 		AVDID:      "AVD-AWS-0157",
 		Provider:   providers.AWSProvider,

diff --git a/...udwatch/require_nacl_change_alarm_test.go → ...udwatch/require_nacl_change_alarm_test.go b/...udwatch/require_nacl_change_alarm_test.go → ...udwatch/require_nacl_change_alarm_test.go
diff --git a/...h/require_network_gateway_change_alarm.go → ...h/require_network_gateway_change_alarm.go b/...h/require_network_gateway_change_alarm.go → ...h/require_network_gateway_change_alarm.go
@@ -8,10 +8,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
 	"github.com/aquasecurity/defsec/pkg/types"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var requireNetworkGatewayChangeAlarm = rules.Register(
+var requireNetworkGatewayChangeAlarm = checks.Register(
 	scan.Rule{
 		AVDID:      "AVD-AWS-0158",
 		Provider:   providers.AWSProvider,

diff --git a/...uire_network_gateway_change_alarm_test.go → ...uire_network_gateway_change_alarm_test.go b/...uire_network_gateway_change_alarm_test.go → ...uire_network_gateway_change_alarm_test.go
diff --git a/...cloudwatch/require_non_mfa_login_alarm.go → ...cloudwatch/require_non_mfa_login_alarm.go b/...cloudwatch/require_non_mfa_login_alarm.go → ...cloudwatch/require_non_mfa_login_alarm.go
@@ -8,10 +8,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
 	"github.com/aquasecurity/defsec/pkg/types"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var requireNonMFALoginAlarm = rules.Register(
+var requireNonMFALoginAlarm = checks.Register(
 	scan.Rule{
 		AVDID:      "AVD-AWS-0148",
 		Provider:   providers.AWSProvider,

diff --git a/...watch/require_non_mfa_login_alarm_test.go → ...watch/require_non_mfa_login_alarm_test.go b/...watch/require_non_mfa_login_alarm_test.go → ...watch/require_non_mfa_login_alarm_test.go
diff --git a/...s/cloudwatch/require_org_changes_alarm.go → ...s/cloudwatch/require_org_changes_alarm.go b/...s/cloudwatch/require_org_changes_alarm.go → ...s/cloudwatch/require_org_changes_alarm.go
@@ -8,10 +8,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
 	"github.com/aquasecurity/defsec/pkg/types"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var CheckRequireOrgChangesAlarm = rules.Register(
+var CheckRequireOrgChangesAlarm = checks.Register(
 	scan.Rule{
 		AVDID:      "AVD-AWS-0174",
 		Provider:   providers.AWSProvider,

diff --git a/...udwatch/require_org_changes_alarm_test.go → ...udwatch/require_org_changes_alarm_test.go b/...udwatch/require_org_changes_alarm_test.go → ...udwatch/require_org_changes_alarm_test.go
diff --git a/...oudwatch/require_root_user_usage_alarm.go → ...oudwatch/require_root_user_usage_alarm.go b/...oudwatch/require_root_user_usage_alarm.go → ...oudwatch/require_root_user_usage_alarm.go
@@ -8,10 +8,10 @@ import (
 	"github.com/aquasecurity/defsec/pkg/severity"
 	"github.com/aquasecurity/defsec/pkg/state"
 	"github.com/aquasecurity/defsec/pkg/types"
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy-policies/pkg/checks"
 )
 
-var requireRootUserUsageAlarm = rules.Register(
+var requireRootUserUsageAlarm = checks.Register(
 	scan.Rule{
 		AVDID:      "AVD-AWS-0149",
 		Provider:   providers.AWSProvider,

diff --git a/...tch/require_root_user_usage_alarm_test.go → ...tch/require_root_user_usage_alarm_test.go b/...tch/require_root_user_usage_alarm_test.go → ...tch/require_root_user_usage_alarm_test.go