feat: update compliance flags naming

Signed-off-by: chenk <[email protected]>

go.mod

@@ -27,7 +27,7 @@ require (
 	github.com/aquasecurity/testdocker v0.0.0-20240613070307-2c3868d658ac
 	github.com/aquasecurity/tml v0.6.1
 	github.com/aquasecurity/trivy-aws v0.9.1-0.20240607040622-8a7f09cd891f
-	github.com/aquasecurity/trivy-checks v0.12.1-0.20240613213022-e61345ecd3a3
+	github.com/aquasecurity/trivy-checks v0.12.1-0.20240620143223-f3205bfc8e9b
 	github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d
 	github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48
 	github.com/aquasecurity/trivy-kubernetes v0.6.7-0.20240608070923-cab5e3064198
@@ -387,7 +387,6 @@ require (
 	go.opentelemetry.io/otel/metric v1.27.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.27.0 // indirect
 	go.opentelemetry.io/otel/trace v1.27.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.2.0 // indirect
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect

go.sum

@@ -775,8 +775,8 @@ github.com/aquasecurity/tml v0.6.1 h1:y2ZlGSfrhnn7t4ZJ/0rotuH+v5Jgv6BDDO5jB6A9gw
 github.com/aquasecurity/tml v0.6.1/go.mod h1:OnYMWY5lvI9ejU7yH9LCberWaaTBW7hBFsITiIMY2yY=
 github.com/aquasecurity/trivy-aws v0.9.1-0.20240607040622-8a7f09cd891f h1:LS8Xb8Lb0mosGay+hk7hkt8jVc+L8msTdjJCU+ICcS8=
 github.com/aquasecurity/trivy-aws v0.9.1-0.20240607040622-8a7f09cd891f/go.mod h1:pfwElhU8kilUmgib1xBw91ZBPJya6EZ1unwvqC0ijh4=
-github.com/aquasecurity/trivy-checks v0.12.1-0.20240613213022-e61345ecd3a3 h1:kn9C13UoplqYJP8O7A0G1eNqZsL9FFVp6mdTS96rueQ=
-github.com/aquasecurity/trivy-checks v0.12.1-0.20240613213022-e61345ecd3a3/go.mod h1:sOf8XlqR934VKKHH+OifOuUqVdYV7h9jzRbIEVwIPVI=
+github.com/aquasecurity/trivy-checks v0.12.1-0.20240620143223-f3205bfc8e9b h1:SNu5XZMjJAuGxCPm+pq7zMWdKn6/SuV6RF9tgoaSctM=
+github.com/aquasecurity/trivy-checks v0.12.1-0.20240620143223-f3205bfc8e9b/go.mod h1:Xec/SMVGV66I7RgUqOX9MEr+YxBqHXDVLTYmpspPi3E=
 github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d h1:fjI9mkoTUAkbGqpzt9nJsO24RAdfG+ZSiLFj0G2jO8c=
 github.com/aquasecurity/trivy-db v0.0.0-20231005141211-4fc651f7ac8d/go.mod h1:cj9/QmD9N3OZnKQMp+/DvdV+ym3HyIkd4e+F0ZM3ZGs=
 github.com/aquasecurity/trivy-java-db v0.0.0-20240109071736-184bd7481d48 h1:JVgBIuIYbwG+ekC5lUHUpGJboPYiCcxiz06RCtz8neI=

pkg/commands/app.go

@@ -242,7 +242,7 @@ func NewImageCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
 	reportFlagGroup.ReportFormat = report
 
 	compliance := flag.ComplianceFlag.Clone()
-	compliance.Values = []string{types.ComplianceDockerCIS}
+	compliance.Values = []string{types.ComplianceDockerCIS160}
 	reportFlagGroup.Compliance = compliance // override usage as the accepted values differ for each subcommand.
 
 	misconfFlagGroup := flag.NewMisconfFlagGroup()
@@ -941,10 +941,11 @@ func NewKubernetesCommand(globalFlags *flag.GlobalFlagGroup) *cobra.Command {
 	reportFlagGroup := flag.NewReportFlagGroup()
 	compliance := flag.ComplianceFlag.Clone()
 	compliance.Values = []string{
-		types.ComplianceK8sNsa,
-		types.ComplianceK8sCIS,
-		types.ComplianceK8sPSSBaseline,
-		types.ComplianceK8sPSSRestricted,
+		types.ComplianceK8sNsa10,
+		types.ComplianceK8sCIS123,
+		types.ComplianceEksCIS14,
+		types.ComplianceK8sPSSBaseline01,
+		types.ComplianceK8sPSSRestricted01,
 	}
 	reportFlagGroup.Compliance = compliance // override usage as the accepted values differ for each subcommand.
 	reportFlagGroup.ExitOnEOL = nil         // disable '--exit-on-eol'

pkg/flag/options.go

@@ -373,7 +373,7 @@ func (o *Options) Align() error {
 		o.Scanners = scanners
 		o.ImageConfigScanners = nil
 		// TODO: define image-config-scanners in the spec
-		if o.Compliance.Spec.ID == types.ComplianceDockerCIS {
+		if o.Compliance.Spec.ID == types.ComplianceDockerCIS160 {
 			o.Scanners = types.Scanners{types.VulnerabilityScanner}
 			o.ImageConfigScanners = types.Scanners{
 				types.MisconfigScanner,

pkg/iac/rules/register.go

@@ -5,7 +5,7 @@ import (
 
 	"gopkg.in/yaml.v3"
 
-	"github.com/aquasecurity/trivy-checks/specs"
+	"github.com/aquasecurity/trivy-checks/pkg/specs"
 	"github.com/aquasecurity/trivy/pkg/iac/framework"
 	"github.com/aquasecurity/trivy/pkg/iac/scan"
 	dftypes "github.com/aquasecurity/trivy/pkg/iac/types"

pkg/types/report.go

@@ -53,13 +53,14 @@ const (
 	ClassLicenseFile ResultClass = "license-file" // For detected licenses in files
 	ClassCustom      ResultClass = "custom"
 
-	ComplianceK8sNsa           = Compliance("k8s-nsa")
-	ComplianceK8sCIS           = Compliance("k8s-cis")
-	ComplianceK8sPSSBaseline   = Compliance("k8s-pss-baseline")
-	ComplianceK8sPSSRestricted = Compliance("k8s-pss-restricted")
-	ComplianceAWSCIS12         = Compliance("aws-cis-1.2")
-	ComplianceAWSCIS14         = Compliance("aws-cis-1.4")
-	ComplianceDockerCIS        = Compliance("docker-cis")
+	ComplianceK8sNsa10           = Compliance("k8s-nsa-1.0")
+	ComplianceK8sCIS123          = Compliance("k8s-cis-1.23")
+	ComplianceK8sPSSBaseline01   = Compliance("k8s-pss-baseline-0.1")
+	ComplianceK8sPSSRestricted01 = Compliance("k8s-pss-restricted-0.1")
+	ComplianceAWSCIS12           = Compliance("aws-cis-1.2")
+	ComplianceAWSCIS14           = Compliance("aws-cis-1.4")
+	ComplianceDockerCIS160       = Compliance("docker-cis-1.6.0")
+	ComplianceEksCIS14           = Compliance("eks-cis-1.4")
 
 	FormatTable      Format = "table"
 	FormatJSON       Format = "json"
@@ -91,13 +92,13 @@ var (
 		FormatGitHub,
 	}
 	SupportedCompliances = []string{
-		ComplianceK8sNsa,
-		ComplianceK8sCIS,
-		ComplianceK8sPSSBaseline,
-		ComplianceK8sPSSRestricted,
+		ComplianceK8sNsa10,
+		ComplianceK8sCIS123,
+		ComplianceK8sPSSBaseline01,
+		ComplianceK8sPSSRestricted01,
 		ComplianceAWSCIS12,
 		ComplianceAWSCIS14,
-		ComplianceDockerCIS,
+		ComplianceDockerCIS160,
 	}
 )