From e87152bad0cb2e791faeb02745ec183ed7fc18e4 Mon Sep 17 00:00:00 2001
From: Liam Galvin <liam.galvin@aquasec.com>
Date: Wed, 5 Oct 2022 12:34:12 +0100
Subject: [PATCH] fix: Add missing reference URLs to all rego policies (#987)

* fix: Add missing reference URLs to all rego policies
---
 ...get_missing_yes_flag_to_avoid_manual_input.rego |  2 ++
 .../copy_from_references_current_from_alias.rego   |  2 ++
 ...e_than_two_arguments_not_ending_with_slash.rego |  2 ++
 .../docker/policies/maintainer_is_deprecated.rego  |  2 ++
 .../docker/policies/missing_dnf_clean_all.rego     |  2 ++
 .../docker/policies/missing_zypper_clean.rego      |  2 ++
 .../policies/multiple_cmd_instructions_listed.rego |  2 ++
 .../multiple_entrypoint_instructions_listed.rego   |  2 ++
 .../multiple_healthcheck_instructions.rego         |  2 ++
 internal/rules/docker/policies/root_user.rego      |  2 ++
 .../run_command_cd_instead_of_workdir.rego         |  2 ++
 internal/rules/docker/policies/run_using_sudo.rego |  2 ++
 .../docker/policies/run_using_wget_and_curl.rego   |  2 ++
 .../policies/same_alias_in_different_froms.rego    |  2 ++
 .../docker/policies/unix_ports_out_of_range.rego   |  2 ++
 .../docker/policies/update_instruction_alone.rego  |  2 ++
 .../docker/policies/workdir_path_not_absolute.rego |  2 ++
 .../docker/policies/yum_clean_all_missing.rego     |  2 ++
 .../capabilities_no_drop_at_least_one.rego         |  2 ++
 .../advanced/optional/use_limit_range.rego         |  2 ++
 .../advanced/optional/use_resource_quota.rego      |  2 ++
 .../protect_core_components_namespace.rego         |  2 ++
 .../protecting_pod_service_account_tokens.rego     |  2 ++
 .../selector_usage_in_network_policies.rego        |  2 ++
 .../apiserver/always_admit_plugin.rego             |  2 ++
 .../apiserver/always_pull_images_plugin.rego       |  2 ++
 .../cisbenchmarks/apiserver/anonymous_auth.rego    |  2 ++
 .../cisbenchmarks/apiserver/audit_log_maxage.rego  |  2 ++
 .../apiserver/audit_log_maxbackup.rego             |  2 ++
 .../cisbenchmarks/apiserver/audit_log_maxsize.rego |  2 ++
 .../cisbenchmarks/apiserver/audit_log_path.rego    |  2 ++
 .../apiserver/authorization_mode.rego              |  2 ++
 .../authorization_mode_includes_node.rego          |  2 ++
 .../authorization_mode_includes_rbac.rego          |  2 ++
 .../cisbenchmarks/apiserver/client_ca_file.rego    |  2 ++
 .../deny_service_external_ips_plugin.rego          |  2 ++
 .../apiserver/encryption_provider_config.rego      |  2 ++
 .../cisbenchmarks/apiserver/etcd_cafile.rego       |  2 ++
 .../apiserver/etcd_certfile_and_keyfile.rego       |  2 ++
 .../apiserver/event_rate_limit_plugin.rego         |  2 ++
 .../apiserver/kubelet_certificate_authority.rego   |  2 ++
 .../kubelet_client_certificate_and_key.rego        |  2 ++
 .../cisbenchmarks/apiserver/kubelet_https.rego     |  2 ++
 .../apiserver/namespace_lifecycle_plugin.rego      |  2 ++
 .../apiserver/node_restriction_plugin.rego         |  2 ++
 .../cisbenchmarks/apiserver/profiling.rego         |  2 ++
 .../cisbenchmarks/apiserver/secure_port.rego       |  2 ++
 .../apiserver/security_context_deny_plugin.rego    |  2 ++
 .../apiserver/service_account_key_file.rego        |  2 ++
 .../apiserver/service_account_lookup.rego          |  2 ++
 .../apiserver/service_account_plugin.rego          |  2 ++
 .../tls_cert_file_and_private_key_file.rego        |  2 ++
 .../cisbenchmarks/apiserver/token_auth_file.rego   |  2 ++
 .../controllermamager/bind_address.rego            |  2 ++
 .../cisbenchmarks/controllermamager/profiling.rego |  2 ++
 .../controllermamager/root_ca_file.rego            |  2 ++
 .../rotate_kubelet_server_certificate.rego         |  2 ++
 .../service_account_private_key_file.rego          |  2 ++
 .../terminated_pod_gc_threshold.rego               |  2 ++
 .../use_service_account_credentials.rego           |  2 ++
 .../policies/cisbenchmarks/etcd/auto_tls.rego      |  2 ++
 .../cisbenchmarks/etcd/cert_file_and_key_file.rego |  2 ++
 .../cisbenchmarks/etcd/client_cert_auth.rego       |  2 ++
 .../policies/cisbenchmarks/etcd/peer_auto_tls.rego |  2 ++
 .../etcd/peer_cert_file_and_key_file.rego          |  2 ++
 .../cisbenchmarks/etcd/peer_client_cert_auth.rego  |  2 ++
 .../cisbenchmarks/scheduler/bind_address.rego      |  2 ++
 .../cisbenchmarks/scheduler/profiling.rego         |  2 ++
 .../policies/general/CPU_not_limited.rego          |  2 ++
 .../general/CPU_requests_not_specified.rego        |  2 ++
 .../policies/general/SYS_ADMIN_capability.rego     |  2 ++
 .../policies/general/capabilities_no_drop_all.rego |  2 ++
 .../general/file_system_not_read_only.rego         |  2 ++
 .../policies/general/memory_not_limited.rego       |  2 ++
 .../general/memory_requests_not_specified.rego     |  2 ++
 .../policies/general/mounts_docker_socket.rego     |  2 ++
 .../policies/general/runs_with_GID_le_10000.rego   |  2 ++
 .../policies/general/runs_with_UID_le_10000.rego   |  2 ++
 .../policies/general/uses_image_tag_latest.rego    |  2 ++
 .../pss/baseline/10_windows_host_process.rego      |  2 ++
 .../baseline/11_seccomp_profile_unconfined.rego    |  2 ++
 .../policies/pss/baseline/1_host_network.rego      |  2 ++
 .../policies/pss/baseline/1_host_pid.rego          |  2 ++
 .../policies/pss/baseline/2_privileged.rego        |  2 ++
 .../baseline/3_specific_capabilities_added.rego    |  2 ++
 .../pss/baseline/4_hostpath_volumes_mounted.rego   |  2 ++
 .../pss/baseline/5_access_to_host_ports.rego       |  2 ++
 .../pss/baseline/6_apparmor_policy_disabled.rego   |  2 ++
 .../pss/baseline/7_selinux_custom_options_set.rego |  2 ++
 .../pss/baseline/8_non_default_proc_masks_set.rego |  2 ++
 .../pss/baseline/9_unsafe_sysctl_options_set.rego  |  2 ++
 .../pss/restricted/1_non_core_volume_types.rego    |  2 ++
 .../2_can_elevate_its_own_privileges.rego          |  2 ++
 .../policies/pss/restricted/3_runs_as_root.rego    |  2 ++
 .../pss/restricted/4_runs_with_a_root_uid.rego     |  2 ++
 .../5_runtime_default_seccomp_profile_not_set.rego |  2 ++
 ...all_capabilities_only_add_net_bind_service.rego |  2 ++
 pkg/rego/metadata.go                               | 14 ++++++++++++++
 98 files changed, 208 insertions(+)

diff --git a/internal/rules/docker/policies/apt_get_missing_yes_flag_to_avoid_manual_input.rego b/internal/rules/docker/policies/apt_get_missing_yes_flag_to_avoid_manual_input.rego
index fe9f9bbce..a80633442 100644
--- a/internal/rules/docker/policies/apt_get_missing_yes_flag_to_avoid_manual_input.rego
+++ b/internal/rules/docker/policies/apt_get_missing_yes_flag_to_avoid_manual_input.rego
@@ -2,6 +2,8 @@
 # title: "'apt-get' missing '-y' to avoid manual input"
 # description: "'apt-get' calls should use the flag '-y' to avoid manual user input."
 # scope: package
+# related_resources:
+# - https://docs.docker.com/engine/reference/builder/#run
 # schemas:
 # - input: schema["input"]
 # custom:
diff --git a/internal/rules/docker/policies/copy_from_references_current_from_alias.rego b/internal/rules/docker/policies/copy_from_references_current_from_alias.rego
index 62628e386..fff0906d0 100644
--- a/internal/rules/docker/policies/copy_from_references_current_from_alias.rego
+++ b/internal/rules/docker/policies/copy_from_references_current_from_alias.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/develop/develop-images/multistage-build/
 # custom:
 #   id: DS006
 #   avd_id: AVD-DS-0006
diff --git a/internal/rules/docker/policies/copy_with_more_than_two_arguments_not_ending_with_slash.rego b/internal/rules/docker/policies/copy_with_more_than_two_arguments_not_ending_with_slash.rego
index 3d6f4ecef..fd8025dfe 100644
--- a/internal/rules/docker/policies/copy_with_more_than_two_arguments_not_ending_with_slash.rego
+++ b/internal/rules/docker/policies/copy_with_more_than_two_arguments_not_ending_with_slash.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/engine/reference/builder/#copy
 # custom:
 #   id: DS011
 #   avd_id: AVD-DS-0011
diff --git a/internal/rules/docker/policies/maintainer_is_deprecated.rego b/internal/rules/docker/policies/maintainer_is_deprecated.rego
index 043c9f2c7..260e95eae 100644
--- a/internal/rules/docker/policies/maintainer_is_deprecated.rego
+++ b/internal/rules/docker/policies/maintainer_is_deprecated.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/engine/deprecated/#maintainer-in-dockerfile
 # custom:
 #   id: DS022
 #   avd_id: AVD-DS-0022
diff --git a/internal/rules/docker/policies/missing_dnf_clean_all.rego b/internal/rules/docker/policies/missing_dnf_clean_all.rego
index ff45b51b3..e952686d1 100644
--- a/internal/rules/docker/policies/missing_dnf_clean_all.rego
+++ b/internal/rules/docker/policies/missing_dnf_clean_all.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
 # custom:
 #   id: DS019
 #   avd_id: AVD-DS-0019
diff --git a/internal/rules/docker/policies/missing_zypper_clean.rego b/internal/rules/docker/policies/missing_zypper_clean.rego
index b2ca66cfa..0cf69db4d 100644
--- a/internal/rules/docker/policies/missing_zypper_clean.rego
+++ b/internal/rules/docker/policies/missing_zypper_clean.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run
 # custom:
 #   id: DS020
 #   avd_id: AVD-DS-0020
diff --git a/internal/rules/docker/policies/multiple_cmd_instructions_listed.rego b/internal/rules/docker/policies/multiple_cmd_instructions_listed.rego
index d2bc8fb74..cadb1e6ce 100644
--- a/internal/rules/docker/policies/multiple_cmd_instructions_listed.rego
+++ b/internal/rules/docker/policies/multiple_cmd_instructions_listed.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/engine/reference/builder/#cmd
 # custom:
 #   id: DS016
 #   avd_id: AVD-DS-0016
diff --git a/internal/rules/docker/policies/multiple_entrypoint_instructions_listed.rego b/internal/rules/docker/policies/multiple_entrypoint_instructions_listed.rego
index f5be3d797..12bc2539f 100644
--- a/internal/rules/docker/policies/multiple_entrypoint_instructions_listed.rego
+++ b/internal/rules/docker/policies/multiple_entrypoint_instructions_listed.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/engine/reference/builder/#entrypoint
 # custom:
 #   id: DS007
 #   avd_id: AVD-DS-0007
diff --git a/internal/rules/docker/policies/multiple_healthcheck_instructions.rego b/internal/rules/docker/policies/multiple_healthcheck_instructions.rego
index c9a51c864..31e82612d 100644
--- a/internal/rules/docker/policies/multiple_healthcheck_instructions.rego
+++ b/internal/rules/docker/policies/multiple_healthcheck_instructions.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/engine/reference/builder/#healthcheck
 # custom:
 #   id: DS023
 #   avd_id: AVD-DS-0023
diff --git a/internal/rules/docker/policies/root_user.rego b/internal/rules/docker/policies/root_user.rego
index b04242908..8d468f8af 100644
--- a/internal/rules/docker/policies/root_user.rego
+++ b/internal/rules/docker/policies/root_user.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
 # custom:
 #   id: DS002
 #   avd_id: AVD-DS-0002
diff --git a/internal/rules/docker/policies/run_command_cd_instead_of_workdir.rego b/internal/rules/docker/policies/run_command_cd_instead_of_workdir.rego
index 527ede6d0..696f818cb 100644
--- a/internal/rules/docker/policies/run_command_cd_instead_of_workdir.rego
+++ b/internal/rules/docker/policies/run_command_cd_instead_of_workdir.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#workdir
 # custom:
 #   id: DS013
 #   avd_id: AVD-DS-0013
diff --git a/internal/rules/docker/policies/run_using_sudo.rego b/internal/rules/docker/policies/run_using_sudo.rego
index 7682afde8..72fc37ab6 100644
--- a/internal/rules/docker/policies/run_using_sudo.rego
+++ b/internal/rules/docker/policies/run_using_sudo.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/engine/reference/builder/#run
 # custom:
 #   id: DS010
 #   avd_id: AVD-DS-0010
diff --git a/internal/rules/docker/policies/run_using_wget_and_curl.rego b/internal/rules/docker/policies/run_using_wget_and_curl.rego
index 276b499db..777f7a72d 100644
--- a/internal/rules/docker/policies/run_using_wget_and_curl.rego
+++ b/internal/rules/docker/policies/run_using_wget_and_curl.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run
 # custom:
 #   id: DS014
 #   avd_id: AVD-DS-0014
diff --git a/internal/rules/docker/policies/same_alias_in_different_froms.rego b/internal/rules/docker/policies/same_alias_in_different_froms.rego
index 0c46583f0..c0cef3e4f 100644
--- a/internal/rules/docker/policies/same_alias_in_different_froms.rego
+++ b/internal/rules/docker/policies/same_alias_in_different_froms.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/develop/develop-images/multistage-build/
 # custom:
 #   id: DS012
 #   avd_id: AVD-DS-0012
diff --git a/internal/rules/docker/policies/unix_ports_out_of_range.rego b/internal/rules/docker/policies/unix_ports_out_of_range.rego
index 43b263cc8..91f8823d4 100644
--- a/internal/rules/docker/policies/unix_ports_out_of_range.rego
+++ b/internal/rules/docker/policies/unix_ports_out_of_range.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/engine/reference/builder/#expose
 # custom:
 #   id: DS008
 #   avd_id: AVD-DS-0008
diff --git a/internal/rules/docker/policies/update_instruction_alone.rego b/internal/rules/docker/policies/update_instruction_alone.rego
index 9b43c38cc..704ab5a7b 100644
--- a/internal/rules/docker/policies/update_instruction_alone.rego
+++ b/internal/rules/docker/policies/update_instruction_alone.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run
 # custom:
 #   id: DS017
 #   avd_id: AVD-DS-0017
diff --git a/internal/rules/docker/policies/workdir_path_not_absolute.rego b/internal/rules/docker/policies/workdir_path_not_absolute.rego
index 240da5c2d..52b6555b7 100644
--- a/internal/rules/docker/policies/workdir_path_not_absolute.rego
+++ b/internal/rules/docker/policies/workdir_path_not_absolute.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#workdir
 # custom:
 #   id: DS009
 #   avd_id: AVD-DS-0009
diff --git a/internal/rules/docker/policies/yum_clean_all_missing.rego b/internal/rules/docker/policies/yum_clean_all_missing.rego
index 4a3613cec..a1c5b787d 100644
--- a/internal/rules/docker/policies/yum_clean_all_missing.rego
+++ b/internal/rules/docker/policies/yum_clean_all_missing.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run
 # custom:
 #   id: DS015
 #   avd_id: AVD-DS-0015
diff --git a/internal/rules/kubernetes/policies/advanced/optional/capabilities_no_drop_at_least_one.rego b/internal/rules/kubernetes/policies/advanced/optional/capabilities_no_drop_at_least_one.rego
index ad06cd7b6..3e827dde8 100644
--- a/internal/rules/kubernetes/policies/advanced/optional/capabilities_no_drop_at_least_one.rego
+++ b/internal/rules/kubernetes/policies/advanced/optional/capabilities_no_drop_at_least_one.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
 # custom:
 #   id: KSV004
 #   avd_id: AVD-KSV-0004
diff --git a/internal/rules/kubernetes/policies/advanced/optional/use_limit_range.rego b/internal/rules/kubernetes/policies/advanced/optional/use_limit_range.rego
index 77851d2e4..3c87f626d 100644
--- a/internal/rules/kubernetes/policies/advanced/optional/use_limit_range.rego
+++ b/internal/rules/kubernetes/policies/advanced/optional/use_limit_range.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy/
 # custom:
 #   id: KSV039
 #   avd_id: AVD-KSV-0039
diff --git a/internal/rules/kubernetes/policies/advanced/optional/use_resource_quota.rego b/internal/rules/kubernetes/policies/advanced/optional/use_resource_quota.rego
index 565f6c77e..d2ef5667e 100644
--- a/internal/rules/kubernetes/policies/advanced/optional/use_resource_quota.rego
+++ b/internal/rules/kubernetes/policies/advanced/optional/use_resource_quota.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/quota-memory-cpu-namespace/
 # custom:
 #   id: KSV040
 #   avd_id: AVD-KSV-0040
diff --git a/internal/rules/kubernetes/policies/advanced/protect_core_components_namespace.rego b/internal/rules/kubernetes/policies/advanced/protect_core_components_namespace.rego
index 429cb3000..0b020fbe3 100644
--- a/internal/rules/kubernetes/policies/advanced/protect_core_components_namespace.rego
+++ b/internal/rules/kubernetes/policies/advanced/protect_core_components_namespace.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema.input
+# related_resources:
+# - https://kubernetes.io/docs/reference/setup-tools/kubeadm/implementation-details/
 # custom:
 #   id: KSV037
 #   avd_id: AVD-KSV-0037
diff --git a/internal/rules/kubernetes/policies/advanced/protecting_pod_service_account_tokens.rego b/internal/rules/kubernetes/policies/advanced/protecting_pod_service_account_tokens.rego
index 630163066..9d1363f00 100644
--- a/internal/rules/kubernetes/policies/advanced/protecting_pod_service_account_tokens.rego
+++ b/internal/rules/kubernetes/policies/advanced/protecting_pod_service_account_tokens.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#serviceaccount-admission-controller
 # custom:
 #   id: KSV036
 #   avd_id: AVD-KSV-0036
diff --git a/internal/rules/kubernetes/policies/advanced/selector_usage_in_network_policies.rego b/internal/rules/kubernetes/policies/advanced/selector_usage_in_network_policies.rego
index 9e552f48b..56561fccb 100644
--- a/internal/rules/kubernetes/policies/advanced/selector_usage_in_network_policies.rego
+++ b/internal/rules/kubernetes/policies/advanced/selector_usage_in_network_policies.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy/
 # custom:
 #   id: KSV038
 #   avd_id: AVD-KSV-0038
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/always_admit_plugin.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/always_admit_plugin.rego
index 60ffe7a2e..1a3571226 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/always_admit_plugin.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/always_admit_plugin.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0011
 #   avd_id: AVD-KCV-0011
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/always_pull_images_plugin.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/always_pull_images_plugin.rego
index 7b98ed11b..16cd1b84e 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/always_pull_images_plugin.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/always_pull_images_plugin.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KSV0012
 #   avd_id: AVD-KCV-0012
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/anonymous_auth.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/anonymous_auth.rego
index 6eaeed754..15e678b56 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/anonymous_auth.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/anonymous_auth.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0001
 #   avd_id: AVD-KCV-0001
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxage.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxage.rego
index a2865c052..fd566d339 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxage.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxage.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0020
 #   avd_id: AVD-KCV-0020
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxbackup.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxbackup.rego
index c021b2acf..990e2930b 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxbackup.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxbackup.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0021
 #   avd_id: AVD-KCV-0021
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxsize.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxsize.rego
index 8eeca9502..c9b83645c 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxsize.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_maxsize.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0022
 #   avd_id: AVD-KCV-0022
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_path.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_path.rego
index fd9320bc9..9056d0179 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_path.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/audit_log_path.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0019
 #   avd_id: AVD-KCV-0019
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode.rego
index ab6b142b4..351bc9c9c 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0007
 #   avd_id: AVD-KCV-0007
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode_includes_node.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode_includes_node.rego
index 4529f1cbf..7a3ad8601 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode_includes_node.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode_includes_node.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0008
 #   avd_id: AVD-KCV-0008
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode_includes_rbac.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode_includes_rbac.rego
index e9d5fbb26..50bdf5987 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode_includes_rbac.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/authorization_mode_includes_rbac.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0009
 #   avd_id: AVD-KCV-0009
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/client_ca_file.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/client_ca_file.rego
index ec4649980..4c2882f0e 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/client_ca_file.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/client_ca_file.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0028
 #   avd_id: AVD-KCV-0028
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/deny_service_external_ips_plugin.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/deny_service_external_ips_plugin.rego
index acb12d3ab..44780c340 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/deny_service_external_ips_plugin.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/deny_service_external_ips_plugin.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0003
 #   avd_id: AVD-KCV-0003
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/encryption_provider_config.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/encryption_provider_config.rego
index 0d88bdfd6..146c94853 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/encryption_provider_config.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/encryption_provider_config.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0030
 #   avd_id: AVD-KCV-0030
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/etcd_cafile.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/etcd_cafile.rego
index e854d0aea..fbc39bd96 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/etcd_cafile.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/etcd_cafile.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0029
 #   avd_id: AVD-KCV-0029
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/etcd_certfile_and_keyfile.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/etcd_certfile_and_keyfile.rego
index 8594b76af..4eaa16d99 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/etcd_certfile_and_keyfile.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/etcd_certfile_and_keyfile.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0026
 #   avd_id: AVD-KCV-0026
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/event_rate_limit_plugin.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/event_rate_limit_plugin.rego
index 88c68e41f..948e90486 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/event_rate_limit_plugin.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/event_rate_limit_plugin.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0010
 #   avd_id: AVD-KCV-0010
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_certificate_authority.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_certificate_authority.rego
index c09bbe949..1bb50eb03 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_certificate_authority.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_certificate_authority.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0006
 #   avd_id: AVD-KCV-0006
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_client_certificate_and_key.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_client_certificate_and_key.rego
index 10435d654..7cbbb5630 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_client_certificate_and_key.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_client_certificate_and_key.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0005
 #   avd_id: AVD-KCV-0005
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_https.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_https.rego
index 1f722fb22..e932decdc 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_https.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/kubelet_https.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0004
 #   avd_id: AVD-KCV-0004
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/namespace_lifecycle_plugin.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/namespace_lifecycle_plugin.rego
index f0e4d418b..20b4b7fd8 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/namespace_lifecycle_plugin.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/namespace_lifecycle_plugin.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0015
 #   avd_id: AVD-KCV-0015
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/node_restriction_plugin.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/node_restriction_plugin.rego
index cbc7c8727..01eab6c90 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/node_restriction_plugin.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/node_restriction_plugin.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0016
 #   avd_id: AVD-KCV-0016
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/profiling.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/profiling.rego
index 7849bf39d..dbcfff1ab 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/profiling.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/profiling.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0018
 #   avd_id: AVD-KCV-0018
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/secure_port.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/secure_port.rego
index d7df64bbd..6e0d0d08e 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/secure_port.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/secure_port.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0017
 #   avd_id: AVD-KCV-0017
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/security_context_deny_plugin.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/security_context_deny_plugin.rego
index 2a875c300..5636b9b94 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/security_context_deny_plugin.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/security_context_deny_plugin.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0013
 #   avd_id: AVD-KCV-0013
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_key_file.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_key_file.rego
index 7c7c4e618..b8b683b9e 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_key_file.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_key_file.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0025
 #   avd_id: AVD-KCV-0025
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_lookup.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_lookup.rego
index d672d732c..3a763a334 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_lookup.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_lookup.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0024
 #   avd_id: AVD-KCV-0024
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_plugin.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_plugin.rego
index 575e84583..b4e973326 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_plugin.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/service_account_plugin.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0014
 #   avd_id: AVD-KCV-0014
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/tls_cert_file_and_private_key_file.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/tls_cert_file_and_private_key_file.rego
index dfd878efa..03e0666b5 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/tls_cert_file_and_private_key_file.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/tls_cert_file_and_private_key_file.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0027
 #   avd_id: AVD-KCV-0027
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/token_auth_file.rego b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/token_auth_file.rego
index b18158750..529a1829a 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/token_auth_file.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/apiserver/token_auth_file.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0002
 #   avd_id: AVD-KCV-0002
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/bind_address.rego b/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/bind_address.rego
index 7943874a1..3e48f494c 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/bind_address.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/bind_address.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0039
 #   avd_id: AVD-KCV-0039
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/profiling.rego b/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/profiling.rego
index 0c55057ce..1114ba1ff 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/profiling.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/profiling.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0034
 #   avd_id: AVD-KCV-0034
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/root_ca_file.rego b/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/root_ca_file.rego
index e4ec153f8..897f31d18 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/root_ca_file.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/root_ca_file.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0037
 #   avd_id: AVD-KCV-0037
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/rotate_kubelet_server_certificate.rego b/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/rotate_kubelet_server_certificate.rego
index f597024ad..150b20a8c 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/rotate_kubelet_server_certificate.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/rotate_kubelet_server_certificate.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0038
 #   avd_id: AVD-KCV-0038
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/service_account_private_key_file.rego b/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/service_account_private_key_file.rego
index 18dca5473..576fcead1 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/service_account_private_key_file.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/service_account_private_key_file.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0036
 #   avd_id: AVD-KCV-0036
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/terminated_pod_gc_threshold.rego b/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/terminated_pod_gc_threshold.rego
index 20b9dbfc6..fd0c4babe 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/terminated_pod_gc_threshold.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/terminated_pod_gc_threshold.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0033
 #   avd_id: AVD-KCV-0033
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/use_service_account_credentials.rego b/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/use_service_account_credentials.rego
index da0432ec9..fca2763ce 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/use_service_account_credentials.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/controllermamager/use_service_account_credentials.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0135
 #   avd_id: AVD-KCV-0035
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/etcd/auto_tls.rego b/internal/rules/kubernetes/policies/cisbenchmarks/etcd/auto_tls.rego
index e5b9d1175..ab82846d7 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/etcd/auto_tls.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/etcd/auto_tls.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0044
 #   avd_id: AVD-KCV-0044
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/etcd/cert_file_and_key_file.rego b/internal/rules/kubernetes/policies/cisbenchmarks/etcd/cert_file_and_key_file.rego
index 2db1812fa..1ba73d4a2 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/etcd/cert_file_and_key_file.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/etcd/cert_file_and_key_file.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0042
 #   avd_id: AVD-KCV-0042
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/etcd/client_cert_auth.rego b/internal/rules/kubernetes/policies/cisbenchmarks/etcd/client_cert_auth.rego
index 987bda39b..42f470021 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/etcd/client_cert_auth.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/etcd/client_cert_auth.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0043
 #   avd_id: AVD-KCV-0043
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/etcd/peer_auto_tls.rego b/internal/rules/kubernetes/policies/cisbenchmarks/etcd/peer_auto_tls.rego
index 70b4af6e4..a4a853f76 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/etcd/peer_auto_tls.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/etcd/peer_auto_tls.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0047
 #   avd_id: AVD-KCV-0047
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/etcd/peer_cert_file_and_key_file.rego b/internal/rules/kubernetes/policies/cisbenchmarks/etcd/peer_cert_file_and_key_file.rego
index b7f4d7622..cc3baedde 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/etcd/peer_cert_file_and_key_file.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/etcd/peer_cert_file_and_key_file.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0045
 #   avd_id: AVD-KCV-0045
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/etcd/peer_client_cert_auth.rego b/internal/rules/kubernetes/policies/cisbenchmarks/etcd/peer_client_cert_auth.rego
index af930c9b6..e5dd04682 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/etcd/peer_client_cert_auth.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/etcd/peer_client_cert_auth.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0046
 #   avd_id: AVD-KCV-0046
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/scheduler/bind_address.rego b/internal/rules/kubernetes/policies/cisbenchmarks/scheduler/bind_address.rego
index 6162ec46f..3bf872ba7 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/scheduler/bind_address.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/scheduler/bind_address.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0041
 #   avd_id: AVD-KCV-0041
diff --git a/internal/rules/kubernetes/policies/cisbenchmarks/scheduler/profiling.rego b/internal/rules/kubernetes/policies/cisbenchmarks/scheduler/profiling.rego
index 82715229b..c16d25cdd 100644
--- a/internal/rules/kubernetes/policies/cisbenchmarks/scheduler/profiling.rego
+++ b/internal/rules/kubernetes/policies/cisbenchmarks/scheduler/profiling.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://www.cisecurity.org/benchmark/kubernetes
 # custom:
 #   id: KCV0040
 #   avd_id: AVD-KCV-0040
diff --git a/internal/rules/kubernetes/policies/general/CPU_not_limited.rego b/internal/rules/kubernetes/policies/general/CPU_not_limited.rego
index c9e5561d2..a6c342e96 100644
--- a/internal/rules/kubernetes/policies/general/CPU_not_limited.rego
+++ b/internal/rules/kubernetes/policies/general/CPU_not_limited.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
 # custom:
 #   id: KSV011
 #   avd_id: AVD-KSV-0011
diff --git a/internal/rules/kubernetes/policies/general/CPU_requests_not_specified.rego b/internal/rules/kubernetes/policies/general/CPU_requests_not_specified.rego
index b400c1763..81325f991 100644
--- a/internal/rules/kubernetes/policies/general/CPU_requests_not_specified.rego
+++ b/internal/rules/kubernetes/policies/general/CPU_requests_not_specified.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
 # custom:
 #   id: KSV015
 #   avd_id: AVD-KSV-0015
diff --git a/internal/rules/kubernetes/policies/general/SYS_ADMIN_capability.rego b/internal/rules/kubernetes/policies/general/SYS_ADMIN_capability.rego
index 5fe71e771..cd1e27fe9 100644
--- a/internal/rules/kubernetes/policies/general/SYS_ADMIN_capability.rego
+++ b/internal/rules/kubernetes/policies/general/SYS_ADMIN_capability.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubesec.io/basics/containers-securitycontext-capabilities-add-index-sys-admin/
 # custom:
 #   id: KSV005
 #   avd_id: AVD-KSV-0005
diff --git a/internal/rules/kubernetes/policies/general/capabilities_no_drop_all.rego b/internal/rules/kubernetes/policies/general/capabilities_no_drop_all.rego
index d64dff42f..b3bc08a7a 100644
--- a/internal/rules/kubernetes/policies/general/capabilities_no_drop_all.rego
+++ b/internal/rules/kubernetes/policies/general/capabilities_no_drop_all.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
 # custom:
 #   id: KSV003
 #   avd_id: AVD-KSV-0003
diff --git a/internal/rules/kubernetes/policies/general/file_system_not_read_only.rego b/internal/rules/kubernetes/policies/general/file_system_not_read_only.rego
index 0b6f58148..731a3d196 100644
--- a/internal/rules/kubernetes/policies/general/file_system_not_read_only.rego
+++ b/internal/rules/kubernetes/policies/general/file_system_not_read_only.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
 # custom:
 #   id: KSV014
 #   avd_id: AVD-KSV-0014
diff --git a/internal/rules/kubernetes/policies/general/memory_not_limited.rego b/internal/rules/kubernetes/policies/general/memory_not_limited.rego
index 719c93ec9..d817c41da 100644
--- a/internal/rules/kubernetes/policies/general/memory_not_limited.rego
+++ b/internal/rules/kubernetes/policies/general/memory_not_limited.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubesec.io/basics/containers-resources-limits-memory/
 # custom:
 #   id: KSV018
 #   avd_id: AVD-KSV-0018
diff --git a/internal/rules/kubernetes/policies/general/memory_requests_not_specified.rego b/internal/rules/kubernetes/policies/general/memory_requests_not_specified.rego
index 392698030..75990e363 100644
--- a/internal/rules/kubernetes/policies/general/memory_requests_not_specified.rego
+++ b/internal/rules/kubernetes/policies/general/memory_requests_not_specified.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubesec.io/basics/containers-resources-limits-memory/
 # custom:
 #   id: KSV016
 #   avd_id: AVD-KSV-0016
diff --git a/internal/rules/kubernetes/policies/general/mounts_docker_socket.rego b/internal/rules/kubernetes/policies/general/mounts_docker_socket.rego
index 7a8b8f0d2..756516b2b 100644
--- a/internal/rules/kubernetes/policies/general/mounts_docker_socket.rego
+++ b/internal/rules/kubernetes/policies/general/mounts_docker_socket.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubesec.io/basics/spec-volumes-hostpath-path-var-run-docker-sock/
 # custom:
 #   id: KSV006
 #   avd_id: AVD-KSV-0006
diff --git a/internal/rules/kubernetes/policies/general/runs_with_GID_le_10000.rego b/internal/rules/kubernetes/policies/general/runs_with_GID_le_10000.rego
index 0e0adf99c..b81b1d3ac 100644
--- a/internal/rules/kubernetes/policies/general/runs_with_GID_le_10000.rego
+++ b/internal/rules/kubernetes/policies/general/runs_with_GID_le_10000.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubesec.io/basics/containers-securitycontext-runasuser/
 # custom:
 #   id: KSV021
 #   avd_id: AVD-KSV-0021
diff --git a/internal/rules/kubernetes/policies/general/runs_with_UID_le_10000.rego b/internal/rules/kubernetes/policies/general/runs_with_UID_le_10000.rego
index c97f757fe..c7bb73d30 100644
--- a/internal/rules/kubernetes/policies/general/runs_with_UID_le_10000.rego
+++ b/internal/rules/kubernetes/policies/general/runs_with_UID_le_10000.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubesec.io/basics/containers-securitycontext-runasuser/
 # custom:
 #   id: KSV020
 #   avd_id: AVD-KSV-0020
diff --git a/internal/rules/kubernetes/policies/general/uses_image_tag_latest.rego b/internal/rules/kubernetes/policies/general/uses_image_tag_latest.rego
index 5f1f6428b..57ffda450 100644
--- a/internal/rules/kubernetes/policies/general/uses_image_tag_latest.rego
+++ b/internal/rules/kubernetes/policies/general/uses_image_tag_latest.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/concepts/configuration/overview/#container-images
 # custom:
 #   id: KSV013
 #   avd_id: AVD-KSV-0013
diff --git a/internal/rules/kubernetes/policies/pss/baseline/10_windows_host_process.rego b/internal/rules/kubernetes/policies/pss/baseline/10_windows_host_process.rego
index c8f114f12..052afcc58 100644
--- a/internal/rules/kubernetes/policies/pss/baseline/10_windows_host_process.rego
+++ b/internal/rules/kubernetes/policies/pss/baseline/10_windows_host_process.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
 # custom:
 #   id: KSV103
 #   avd_id: AVD-KSV-0103
diff --git a/internal/rules/kubernetes/policies/pss/baseline/11_seccomp_profile_unconfined.rego b/internal/rules/kubernetes/policies/pss/baseline/11_seccomp_profile_unconfined.rego
index bd4c9a028..80a2b80e1 100644
--- a/internal/rules/kubernetes/policies/pss/baseline/11_seccomp_profile_unconfined.rego
+++ b/internal/rules/kubernetes/policies/pss/baseline/11_seccomp_profile_unconfined.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
 # custom:
 #   id: KSV104
 #   avd_id: AVD-KSV-0104
diff --git a/internal/rules/kubernetes/policies/pss/baseline/1_host_network.rego b/internal/rules/kubernetes/policies/pss/baseline/1_host_network.rego
index 282787c80..26260683c 100644
--- a/internal/rules/kubernetes/policies/pss/baseline/1_host_network.rego
+++ b/internal/rules/kubernetes/policies/pss/baseline/1_host_network.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
 # custom:
 #   id: KSV009
 #   avd_id: AVD-KSV-0009
diff --git a/internal/rules/kubernetes/policies/pss/baseline/1_host_pid.rego b/internal/rules/kubernetes/policies/pss/baseline/1_host_pid.rego
index 953db0650..186626f97 100644
--- a/internal/rules/kubernetes/policies/pss/baseline/1_host_pid.rego
+++ b/internal/rules/kubernetes/policies/pss/baseline/1_host_pid.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
 # custom:
 #   id: KSV010
 #   avd_id: AVD-KSV-0010
diff --git a/internal/rules/kubernetes/policies/pss/baseline/2_privileged.rego b/internal/rules/kubernetes/policies/pss/baseline/2_privileged.rego
index 515b5312b..9c3a19e30 100644
--- a/internal/rules/kubernetes/policies/pss/baseline/2_privileged.rego
+++ b/internal/rules/kubernetes/policies/pss/baseline/2_privileged.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
 # custom:
 #   id: KSV017
 #   avd_id: AVD-KSV-0017
diff --git a/internal/rules/kubernetes/policies/pss/baseline/3_specific_capabilities_added.rego b/internal/rules/kubernetes/policies/pss/baseline/3_specific_capabilities_added.rego
index 53053387e..1cd10dd1b 100644
--- a/internal/rules/kubernetes/policies/pss/baseline/3_specific_capabilities_added.rego
+++ b/internal/rules/kubernetes/policies/pss/baseline/3_specific_capabilities_added.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
 # custom:
 #   id: KSV022
 #   avd_id: AVD-KSV-0022
diff --git a/internal/rules/kubernetes/policies/pss/baseline/4_hostpath_volumes_mounted.rego b/internal/rules/kubernetes/policies/pss/baseline/4_hostpath_volumes_mounted.rego
index 707c1cdeb..3ab6f5558 100644
--- a/internal/rules/kubernetes/policies/pss/baseline/4_hostpath_volumes_mounted.rego
+++ b/internal/rules/kubernetes/policies/pss/baseline/4_hostpath_volumes_mounted.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
 # custom:
 #   id: KSV023
 #   avd_id: AVD-KSV-0023
diff --git a/internal/rules/kubernetes/policies/pss/baseline/5_access_to_host_ports.rego b/internal/rules/kubernetes/policies/pss/baseline/5_access_to_host_ports.rego
index 96acd2a11..3835b0e7e 100644
--- a/internal/rules/kubernetes/policies/pss/baseline/5_access_to_host_ports.rego
+++ b/internal/rules/kubernetes/policies/pss/baseline/5_access_to_host_ports.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
 # custom:
 #   id: KSV024
 #   avd_id: AVD-KSV-0024
diff --git a/internal/rules/kubernetes/policies/pss/baseline/6_apparmor_policy_disabled.rego b/internal/rules/kubernetes/policies/pss/baseline/6_apparmor_policy_disabled.rego
index 12c412ccd..1ab2a7695 100644
--- a/internal/rules/kubernetes/policies/pss/baseline/6_apparmor_policy_disabled.rego
+++ b/internal/rules/kubernetes/policies/pss/baseline/6_apparmor_policy_disabled.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
 # custom:
 #   id: KSV002
 #   avd_id: AVD-KSV-0002
diff --git a/internal/rules/kubernetes/policies/pss/baseline/7_selinux_custom_options_set.rego b/internal/rules/kubernetes/policies/pss/baseline/7_selinux_custom_options_set.rego
index 2eee7a673..a9595650e 100644
--- a/internal/rules/kubernetes/policies/pss/baseline/7_selinux_custom_options_set.rego
+++ b/internal/rules/kubernetes/policies/pss/baseline/7_selinux_custom_options_set.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
 # custom:
 #   id: KSV025
 #   avd_id: AVD-KSV-0025
diff --git a/internal/rules/kubernetes/policies/pss/baseline/8_non_default_proc_masks_set.rego b/internal/rules/kubernetes/policies/pss/baseline/8_non_default_proc_masks_set.rego
index 194cee636..5092b4dea 100644
--- a/internal/rules/kubernetes/policies/pss/baseline/8_non_default_proc_masks_set.rego
+++ b/internal/rules/kubernetes/policies/pss/baseline/8_non_default_proc_masks_set.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
 # custom:
 #   id: KSV027
 #   avd_id: AVD-KSV-0027
diff --git a/internal/rules/kubernetes/policies/pss/baseline/9_unsafe_sysctl_options_set.rego b/internal/rules/kubernetes/policies/pss/baseline/9_unsafe_sysctl_options_set.rego
index 38dc1e672..081199e3a 100644
--- a/internal/rules/kubernetes/policies/pss/baseline/9_unsafe_sysctl_options_set.rego
+++ b/internal/rules/kubernetes/policies/pss/baseline/9_unsafe_sysctl_options_set.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
 # custom:
 #   id: KSV026
 #   avd_id: AVD-KSV-0026
diff --git a/internal/rules/kubernetes/policies/pss/restricted/1_non_core_volume_types.rego b/internal/rules/kubernetes/policies/pss/restricted/1_non_core_volume_types.rego
index 0b5485601..904c3689b 100644
--- a/internal/rules/kubernetes/policies/pss/restricted/1_non_core_volume_types.rego
+++ b/internal/rules/kubernetes/policies/pss/restricted/1_non_core_volume_types.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
 # custom:
 #   id: KSV028
 #   avd_id: AVD-KSV-0028
diff --git a/internal/rules/kubernetes/policies/pss/restricted/2_can_elevate_its_own_privileges.rego b/internal/rules/kubernetes/policies/pss/restricted/2_can_elevate_its_own_privileges.rego
index d26ec5bed..c28e47b42 100644
--- a/internal/rules/kubernetes/policies/pss/restricted/2_can_elevate_its_own_privileges.rego
+++ b/internal/rules/kubernetes/policies/pss/restricted/2_can_elevate_its_own_privileges.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
 # custom:
 #   id: KSV001
 #   avd_id: AVD-KSV-0001
diff --git a/internal/rules/kubernetes/policies/pss/restricted/3_runs_as_root.rego b/internal/rules/kubernetes/policies/pss/restricted/3_runs_as_root.rego
index 5f90f8a0c..a62c1e443 100644
--- a/internal/rules/kubernetes/policies/pss/restricted/3_runs_as_root.rego
+++ b/internal/rules/kubernetes/policies/pss/restricted/3_runs_as_root.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
 # custom:
 #   id: KSV012
 #   avd_id: AVD-KSV-0012
diff --git a/internal/rules/kubernetes/policies/pss/restricted/4_runs_with_a_root_uid.rego b/internal/rules/kubernetes/policies/pss/restricted/4_runs_with_a_root_uid.rego
index 128e40fe6..223c4fc40 100644
--- a/internal/rules/kubernetes/policies/pss/restricted/4_runs_with_a_root_uid.rego
+++ b/internal/rules/kubernetes/policies/pss/restricted/4_runs_with_a_root_uid.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
 # custom:
 #   id: KSV105
 #   avd_id: AVD-KSV-0105
diff --git a/internal/rules/kubernetes/policies/pss/restricted/5_runtime_default_seccomp_profile_not_set.rego b/internal/rules/kubernetes/policies/pss/restricted/5_runtime_default_seccomp_profile_not_set.rego
index 29bf8c4d7..f4f3f6417 100644
--- a/internal/rules/kubernetes/policies/pss/restricted/5_runtime_default_seccomp_profile_not_set.rego
+++ b/internal/rules/kubernetes/policies/pss/restricted/5_runtime_default_seccomp_profile_not_set.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
 # custom:
 #   id: KSV030
 #   avd_id: AVD-KSV-0030
diff --git a/internal/rules/kubernetes/policies/pss/restricted/6_drop_all_capabilities_only_add_net_bind_service.rego b/internal/rules/kubernetes/policies/pss/restricted/6_drop_all_capabilities_only_add_net_bind_service.rego
index a07496ea2..435fedf99 100644
--- a/internal/rules/kubernetes/policies/pss/restricted/6_drop_all_capabilities_only_add_net_bind_service.rego
+++ b/internal/rules/kubernetes/policies/pss/restricted/6_drop_all_capabilities_only_add_net_bind_service.rego
@@ -4,6 +4,8 @@
 # scope: package
 # schemas:
 # - input: schema["input"]
+# related_resources:
+# - https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
 # custom:
 #   id: KSV106
 #   avd_id: AVD-KSV-0106
diff --git a/pkg/rego/metadata.go b/pkg/rego/metadata.go
index 0eb2685a5..be751ef2f 100644
--- a/pkg/rego/metadata.go
+++ b/pkg/rego/metadata.go
@@ -165,6 +165,7 @@ func (m *MetadataRetriever) RetrieveMetadata(ctx context.Context, module *ast.Mo
 	return &metadata, nil
 }
 
+// nolint
 func (m *MetadataRetriever) updateMetadata(meta map[string]interface{}, metadata *StaticMetadata) error {
 	if raw, ok := meta["id"]; ok {
 		metadata.ID = fmt.Sprintf("%s", raw)
@@ -213,6 +214,19 @@ func (m *MetadataRetriever) updateMetadata(meta map[string]interface{}, metadata
 			metadata.Frameworks[framework.Framework(fw)] = sections
 		}
 	}
+	if raw, ok := meta["related_resources"]; ok {
+		if relatedResources, ok := raw.([]interface{}); ok {
+			for _, relatedResource := range relatedResources {
+				if relatedResourceMap, ok := relatedResource.(map[string]interface{}); ok {
+					if raw, ok := relatedResourceMap["ref"]; ok {
+						metadata.References = append(metadata.References, fmt.Sprintf("%s", raw))
+					}
+				} else if relatedResourceString, ok := relatedResource.(string); ok {
+					metadata.References = append(metadata.References, fmt.Sprintf("%s", relatedResourceString))
+				}
+			}
+		}
+	}
 	return nil
 }