Skip to content

Commit

Permalink
feat(misconf): Register checks only when needed (aquasecurity#7435)
Browse files Browse the repository at this point in the history
  • Loading branch information
simar7 authored and fhielpos committed Dec 20, 2024
1 parent 2decfbf commit ad0feca
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 3 deletions.
6 changes: 3 additions & 3 deletions pkg/iac/rego/embed.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"io/fs"
"path/filepath"
"strings"
"sync"

"github.com/open-policy-agent/opa/ast"

Expand All @@ -14,8 +15,7 @@ import (
"github.com/aquasecurity/trivy/pkg/log"
)

func init() {

var LoadAndRegister = sync.OnceFunc(func() {
modules, err := LoadEmbeddedPolicies()
if err != nil {
// we should panic as the policies were not embedded properly
Expand All @@ -30,7 +30,7 @@ func init() {
}

RegisterRegoRules(modules)
}
})

func RegisterRegoRules(modules map[string]*ast.Module) {
ctx := context.TODO()
Expand Down
1 change: 1 addition & 0 deletions pkg/iac/rego/embed_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import (
)

func Test_EmbeddedLoading(t *testing.T) {
LoadAndRegister()

frameworkRules := rules.GetRegistered()
var found bool
Expand Down
2 changes: 2 additions & 0 deletions pkg/iac/rego/scanner.go
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,8 @@ type DynamicMetadata struct {
}

func NewScanner(source types.Source, opts ...options.ScannerOption) *Scanner {
LoadAndRegister()

schema, ok := schemas.SchemaMap[source]
if !ok {
schema = schemas.Anything
Expand Down

0 comments on commit ad0feca

Please sign in to comment.