Skip to content

Built-in Policies

Policy Sources

Built-in policies are mainly written in Rego and Go. Those policies are managed under defsec repository.

Config type Source
Kubernetes defsec
Dockerfile, Containerfile defsec
Terraform defsec
CloudFormation defsec
Helm Chart defsec
RBAC defsec[rbac]

For suggestions or issues regarding policy content, please open an issue under the defsec repository.

Helm Chart scanning will resolve the chart to Kubernetes manifests then run the kubernetes checks.

Ansible scanning is coming soon.