fix: Add missing reference URLs to all rego policies (#987)

* fix: Add missing reference URLs to all rego policies

internal/rules/docker/policies/apt_get_missing_yes_flag_to_avoid_manual_input.rego

@@ -2,6 +2,8 @@
 # title: "'apt-get' missing '-y' to avoid manual input"
 # description: "'apt-get' calls should use the flag '-y' to avoid manual user input."
 # scope: package
+# related_resources:
+# - https://docs.docker.com/engine/reference/builder/#run
 # schemas:
 # - input: schema["input"]
 # custom:

internal/rules/docker/policies/copy_from_references_current_from_alias.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/develop/develop-images/multistage-build/
 # custom:
 #   id: DS006
 #   avd_id: AVD-DS-0006

internal/rules/docker/policies/copy_with_more_than_two_arguments_not_ending_with_slash.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/engine/reference/builder/#copy
 # custom:
 #   id: DS011
 #   avd_id: AVD-DS-0011

internal/rules/docker/policies/maintainer_is_deprecated.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/engine/deprecated/#maintainer-in-dockerfile
 # custom:
 #   id: DS022
 #   avd_id: AVD-DS-0022

internal/rules/docker/policies/missing_dnf_clean_all.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
 # custom:
 #   id: DS019
 #   avd_id: AVD-DS-0019

internal/rules/docker/policies/missing_zypper_clean.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run
 # custom:
 #   id: DS020
 #   avd_id: AVD-DS-0020

internal/rules/docker/policies/multiple_cmd_instructions_listed.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/engine/reference/builder/#cmd
 # custom:
 #   id: DS016
 #   avd_id: AVD-DS-0016

internal/rules/docker/policies/multiple_entrypoint_instructions_listed.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/engine/reference/builder/#entrypoint
 # custom:
 #   id: DS007
 #   avd_id: AVD-DS-0007

internal/rules/docker/policies/multiple_healthcheck_instructions.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/engine/reference/builder/#healthcheck
 # custom:
 #   id: DS023
 #   avd_id: AVD-DS-0023

internal/rules/docker/policies/root_user.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
 # custom:
 #   id: DS002
 #   avd_id: AVD-DS-0002

internal/rules/docker/policies/run_command_cd_instead_of_workdir.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#workdir
 # custom:
 #   id: DS013
 #   avd_id: AVD-DS-0013

internal/rules/docker/policies/run_using_sudo.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/engine/reference/builder/#run
 # custom:
 #   id: DS010
 #   avd_id: AVD-DS-0010

internal/rules/docker/policies/run_using_wget_and_curl.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run
 # custom:
 #   id: DS014
 #   avd_id: AVD-DS-0014

internal/rules/docker/policies/same_alias_in_different_froms.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/develop/develop-images/multistage-build/
 # custom:
 #   id: DS012
 #   avd_id: AVD-DS-0012

internal/rules/docker/policies/unix_ports_out_of_range.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/engine/reference/builder/#expose
 # custom:
 #   id: DS008
 #   avd_id: AVD-DS-0008

internal/rules/docker/policies/update_instruction_alone.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run
 # custom:
 #   id: DS017
 #   avd_id: AVD-DS-0017

internal/rules/docker/policies/workdir_path_not_absolute.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#workdir
 # custom:
 #   id: DS009
 #   avd_id: AVD-DS-0009

internal/rules/docker/policies/yum_clean_all_missing.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run
 # custom:
 #   id: DS015
 #   avd_id: AVD-DS-0015

internal/rules/kubernetes/policies/advanced/optional/capabilities_no_drop_at_least_one.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
 # custom:
 #   id: KSV004
 #   avd_id: AVD-KSV-0004

internal/rules/kubernetes/policies/advanced/optional/use_limit_range.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy/
 # custom:
 #   id: KSV039
 #   avd_id: AVD-KSV-0039

internal/rules/kubernetes/policies/advanced/optional/use_resource_quota.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/quota-memory-cpu-namespace/
 # custom:
 #   id: KSV040
 #   avd_id: AVD-KSV-0040

internal/rules/kubernetes/policies/advanced/protect_core_components_namespace.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema.input
+# related_resources:
+# - https://kubernetes.io/docs/reference/setup-tools/kubeadm/implementation-details/
 # custom:
 #   id: KSV037
 #   avd_id: AVD-KSV-0037

internal/rules/kubernetes/policies/advanced/protecting_pod_service_account_tokens.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#serviceaccount-admission-controller
 # custom:
 #   id: KSV036
 #   avd_id: AVD-KSV-0036

internal/rules/kubernetes/policies/advanced/selector_usage_in_network_policies.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy/
 # custom:
 #   id: KSV038
 #   avd_id: AVD-KSV-0038

internal/rules/kubernetes/policies/cisbenchmarks/apiserver/always_admit_plugin.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0011
 #   avd_id: AVD-KCV-0011

internal/rules/kubernetes/policies/cisbenchmarks/apiserver/always_pull_images_plugin.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KSV0012
 #   avd_id: AVD-KCV-0012

internal/rules/kubernetes/policies/cisbenchmarks/apiserver/anonymous_auth.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0001
 #   avd_id: AVD-KCV-0001

internal/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxage.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0020
 #   avd_id: AVD-KCV-0020

internal/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxbackup.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0021
 #   avd_id: AVD-KCV-0021

internal/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxsize.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0022
 #   avd_id: AVD-KCV-0022

internal/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_path.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0019
 #   avd_id: AVD-KCV-0019

internal/rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0007
 #   avd_id: AVD-KCV-0007

internal/rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode_includes_node.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0008
 #   avd_id: AVD-KCV-0008

internal/rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode_includes_rbac.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0009
 #   avd_id: AVD-KCV-0009

internal/rules/kubernetes/policies/cisbenchmarks/apiserver/client_ca_file.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0028
 #   avd_id: AVD-KCV-0028

internal/rules/kubernetes/policies/cisbenchmarks/apiserver/deny_service_external_ips_plugin.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0003
 #   avd_id: AVD-KCV-0003

internal/rules/kubernetes/policies/cisbenchmarks/apiserver/encryption_provider_config.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0030
 #   avd_id: AVD-KCV-0030

internal/rules/kubernetes/policies/cisbenchmarks/apiserver/etcd_cafile.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0029
 #   avd_id: AVD-KCV-0029

internal/rules/kubernetes/policies/cisbenchmarks/apiserver/etcd_certfile_and_keyfile.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0026
 #   avd_id: AVD-KCV-0026

internal/rules/kubernetes/policies/cisbenchmarks/apiserver/event_rate_limit_plugin.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0010
 #   avd_id: AVD-KCV-0010

internal/rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_certificate_authority.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0006
 #   avd_id: AVD-KCV-0006

internal/rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_client_certificate_and_key.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0005
 #   avd_id: AVD-KCV-0005

internal/rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_https.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0004
 #   avd_id: AVD-KCV-0004

internal/rules/kubernetes/policies/cisbenchmarks/apiserver/namespace_lifecycle_plugin.rego

@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0015
 #   avd_id: AVD-KCV-0015