docs(misconf): add comparison with Conftest and tfsec (#1111 )

feat(report): add schema version (#1110 )
fix(scan): change unknown os from info to debug (#1109 )
2025-12-10 23:00:48 -08:00 · 2021-07-12 13:43:39 +03:00 · 2021-07-12 12:27:27 +03:00 · 2021-07-12 12:26:48 +03:00 · 2021-07-12 03:14:17 +03:00 · 2021-07-11 16:55:13 +03:00
329 changed files with 15294 additions and 5147 deletions
--- a/.github/workflows/mkdocs-latest.yaml
+++ b/.github/workflows/mkdocs-latest.yaml
@@ -1,5 +1,10 @@
 name: Deploy the latest documentation
 on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: Version to be deployed
+        required: true
  push:
    tags:
      - "v*"
@@ -27,7 +32,11 @@ jobs:
        run: |
          git config user.name "knqyf263"
          git config user.email "knqyf263@gmail.com"
-      - name: Deploy the latest documents
+      - name: Deploy the latest documents from new tag push
+        if: ${{ github.event.inputs.version == '' }}
        run: |
          VERSION=$(echo ${{ github.ref }} | sed -e "s#refs/tags/##g")
          mike deploy --push --update-aliases $VERSION latest
+      - name: Deploy the latest documents from manual trigger
+        if: ${{ github.event.inputs.version != '' }}
+        run: mike deploy --push --update-aliases ${{ github.event.inputs.version }} latest
--- a/.github/workflows/publish-chart.yaml
+++ b/.github/workflows/publish-chart.yaml
@@ -33,7 +33,7 @@ jobs:
        continue-on-error: true
        ## Upload the tar in the Releases repository
        run: |
-          ./cr upload -o ${{ env.GH_OWNER }} -r ${{ env.HELM_REP }} --token ${{ secrets.ORG_GITHUB_TOKEN }} -p .cr-release-packages
+          ./cr upload -o ${{ env.GH_OWNER }} -r ${{ env.HELM_REP }} --token ${{ secrets.ORG_REPO_TOKEN }} -p .cr-release-packages
      - name: Index helm chart
        run: |
          ./cr index -o ${{ env.GH_OWNER }} -r ${{ env.HELM_REP }} -c https://${{ env.GH_OWNER }}.github.io/${{ env.HELM_REP }}/ -i index.yaml
@@ -41,7 +41,7 @@ jobs:
      - name: Push index file
        uses: dmnemec/copy_file_to_another_repo_action@v1.0.4
        env:
-          API_TOKEN_GITHUB: ${{ secrets.ORG_GITHUB_TOKEN }}
+          API_TOKEN_GITHUB: ${{ secrets.ORG_REPO_TOKEN }}
        with:
          source_file: 'index.yaml'
          destination_repo: '${{ env.GH_OWNER }}/${{ env.HELM_REP }}'
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -49,27 +49,33 @@ jobs:
        with:
          registry: ghcr.io
          username: ${{ env.GH_USER }}
-          password: ${{ secrets.ORG_GITHUB_TOKEN }}
+          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Login to ECR
        uses: docker/login-action@v1
        with:
          registry: public.ecr.aws
          username: ${{ secrets.ECR_ACCESS_KEY_ID }}
          password: ${{ secrets.ECR_SECRET_ACCESS_KEY }}
+      - name: Generate SBOM
+        uses: CycloneDX/gh-gomod-generate-sbom@v0.2.0
+        with:
+          json: true
+          output: bom.json
+          version: latest
      - name: Release
        uses: goreleaser/goreleaser-action@v2
        with:
          version: v0.164.0
          args: release --rm-dist
        env:
-          GITHUB_TOKEN: ${{ secrets.ORG_GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
      - name: Checkout trivy-repo
        uses: actions/checkout@v2
        with:
          repository: ${{ github.repository_owner }}/trivy-repo
          path: trivy-repo
          fetch-depth: 0
-          token: ${{ secrets.ORG_GITHUB_TOKEN }}
+          token: ${{ secrets.ORG_REPO_TOKEN }}
      - name: Setup git settings
        run: |
          git config --global user.email "knqyf263@gmail.com"
--- a/.github/workflows/scan.yaml
+++ b/.github/workflows/scan.yaml
@@ -0,0 +1,25 @@
+name: Scan
+on: [push, pull_request]
+jobs:
+  build:
+    name: Scan Go vulnerabilities
+    runs-on: ubuntu-18.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Run Trivy vulnerability scanner to scan for Critical Vulnerabilities
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          exit-code: '1'
+          severity: 'CRITICAL'
+          skip-dirs: integration
+
+      - name: Run Trivy vulnerability scanner to scan for Medium and High Vulnerabilities
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          exit-code: '0'
+          severity: 'HIGH,MEDIUM'
+          skip-dirs: integration
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -1,5 +1,14 @@
 name: Test
-on: pull_request
+on:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - '*.md'
+      - 'docs/**'
+      - 'mkdocs.yml'
+      - 'LICENSE'
+  pull_request:
 env:
  GO_VERSION: "1.16"
 jobs:
@@ -17,17 +26,12 @@ jobs:
      - name: Lint
        uses: golangci/golangci-lint-action@v2
        with:
-          version: v1.31
+          version: v1.41
          args: --deadline=30m

      - name: Run unit tests
        run: make test

-      - name: Upload code coverage
-        uses: codecov/codecov-action@v1
-        with:
-          files: ./coverage.txt
-
  integration:
    name: Integration Test
    runs-on: ubuntu-latest
--- a/.gitignore
+++ b/.gitignore
@@ -23,4 +23,7 @@ thumbs.db

 # test fixtures
 coverage.txt
-integration/testdata/fixtures/
+integration/testdata/fixtures/images
+
+# SBOMs generated during CI
+/bom.json
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -6,12 +6,10 @@ linters-settings:
    check-shadowing: false
  gofmt:
    simplify: false
-  golint:
-    min-confidence: 0
+  revive:
+    ignore-generated-header: true
  gocyclo:
    min-complexity: 10
-  maligned:
-    suggest-new: true
  dupl:
    threshold: 100
  goconst:
@@ -32,14 +30,13 @@ linters:
    - errcheck
    - varcheck
    - deadcode
-    - golint
+    - revive
    - gosec
    - unconvert
    - goconst
    - gocyclo
    - gofmt
    - goimports
-    - maligned
    - misspell

 run:
--- a/18
+++ b/18
@@ -15,7 +15,7 @@ $(GOBIN)/wire:

 .PHONY: wire
 wire: $(GOBIN)/wire
-	wire gen ./pkg/... ./internal/...
+	wire gen ./pkg/...

 .PHONY: mock
 mock: $(GOBIN)/mockery
@@ -27,22 +27,22 @@ deps:
 	go mod tidy

 $(GOBIN)/golangci-lint:
-	curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh| sh -s -- -b $(GOBIN) v1.21.0
+	curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh| sh -s -- -b $(GOBIN) v1.41.1

 .PHONY: test
 test:
 	go test -v -short -coverprofile=coverage.txt -covermode=atomic ./...

-integration/testdata/fixtures/*.tar.gz:
-	git clone https://github.com/aquasecurity/trivy-test-images.git integration/testdata/fixtures
+integration/testdata/fixtures/images/*.tar.gz:
+	git clone https://github.com/aquasecurity/trivy-test-images.git integration/testdata/fixtures/images

 .PHONY: test-integration
-test-integration: integration/testdata/fixtures/*.tar.gz
+test-integration: integration/testdata/fixtures/images/*.tar.gz
 	go test -v -tags=integration ./integration/...

 .PHONY: lint
 lint: $(GOBIN)/golangci-lint
-	$(GOBIN)/golangci-lint run
+	$(GOBIN)/golangci-lint run --timeout 5m

 .PHONY: fmt
 fmt:
@@ -54,7 +54,7 @@ build:

 .PHONY: protoc
 protoc:
-	find ./rpc/ -name "*.proto" -type f -exec protoc --proto_path=$(GOSRC):. --twirp_out=. --go_out=. {} \;
+	find ./rpc/ -name "*.proto" -type f -exec protoc --proto_path=$(GOSRC):. --twirp_out=. --twirp_opt=paths=source_relative --go_out=. --go_opt=paths=source_relative {} \;

 .PHONY: install
 install:
@@ -62,10 +62,10 @@ install:

 .PHONY: clean
 clean:
-	rm -rf integration/testdata/fixtures/
+	rm -rf integration/testdata/fixtures/images

 $(GOBIN)/labeler:
-	GO111MODULE=off go get github.com/knqyf263/labeler
+	go install github.com/knqyf263/labeler@latest

 .PHONY: label
 label: $(GOBIN)/labeler
--- a/README.md
+++ b/README.md
@@ -1,89 +1,45 @@
-<img src="docs/imgs/logo.png" width="150">
+<p align="center">
+  <img src="docs/imgs/logo.png" width="200">
+</p>

+<p align="center">
+  <a href="https://aquasecurity.github.io/trivy/">Documentation</a> 
+</p>
+
+<p align="center">
+Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
+</p>

 [![GitHub Release][release-img]][release]
-[![Go Report Card](https://goreportcard.com/badge/github.com/aquasecurity/trivy)](https://goreportcard.com/report/github.com/aquasecurity/trivy)
-[![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)][license]
-[![codecov](https://codecov.io/gh/aquasecurity/trivy/branch/main/graph/badge.svg)](https://codecov.io/gh/aquasecurity/trivy)
+[![Test][test-img]][test]
+[![Go Report Card][go-report-img]][go-report]
+[![License: Apache-2.0][license-img]][license]
 [![GitHub All Releases][github-all-releases-img]][release]
 ![Docker Pulls][docker-pulls]

-[release]: https://github.com/aquasecurity/trivy/releases
-[release-img]: https://img.shields.io/github/release/aquasecurity/trivy.svg?logo=github
-[github-all-releases-img]: https://img.shields.io/github/downloads/aquasecurity/trivy/total?logo=github
-[docker-pulls]: https://img.shields.io/docker/pulls/aquasec/trivy?logo=docker&label=docker%20pulls%20%2F%20trivy
-[license]: https://github.com/aquasecurity/trivy/blob/main/LICENSE
-
-
-A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI.

 # Abstract
-`Trivy` (`tri` pronounced like **tri**gger, `vy` pronounced like en**vy**) is a simple and comprehensive vulnerability scanner for containers and other artifacts.
-A software vulnerability is a glitch, flaw, or weakness present in the software or in an Operating System.
-`Trivy` detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.).
-`Trivy` is easy to use. Just install the binary and you're ready to scan. All you need to do for scanning is to specify a target such as an image name of the container.
+`Trivy` (`tri` pronounced like **tri**gger, `vy` pronounced like en**vy**) is a simple and comprehensive scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues.
+`Trivy` detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and language-specific packages (Bundler, Composer, npm, yarn, etc.).
+In addition, `Trivy` scans Infrastructure as Code (IaC) files such as Terraform, Dockerfile and Kubernetes, to detect potential configuration issues that expose your deployments to the risk of attack.
+`Trivy` is easy to use. Just install the binary and you're ready to scan.

-<img src="docs/imgs/overview.png" width="700">
+<p align="center">
+  <img src="docs/imgs/overview.png" width="800" alt="Trivy Overview">
+</p>

-Trivy can be run in two different modes:
-
- [Standalone](https://aquasecurity.github.io/trivy/latest/modes/standalone/)
- [Client/Server](https://aquasecurity.github.io/trivy/latest/modes/client-server/)
-
-Trivy can scan three different artifacts:
-
- [Container Images](https://aquasecurity.github.io/trivy/latest/scanning/image/)
- [Filesystem](https://aquasecurity.github.io/trivy/latest/scanning/filesystem/)
- [Git Repositories](https://aquasecurity.github.io/trivy/latest/scanning/git-repository/)
-
-<img src="docs/imgs/usage.gif" width="700">
-<img src="docs/imgs/usage1.png" width="600">
-<img src="docs/imgs/usage2.png" width="600">
-
-It is considered to be used in CI. Before pushing to a container registry or deploying your application, you can scan your local container image and other artifacts easily.
-See [here](https://aquasecurity.github.io/trivy/latest/integrations/) for details.
-
-# Features
-
- Detect comprehensive vulnerabilities
-  - OS packages (Alpine, **Red Hat Universal Base Image**, Red Hat Enterprise Linux, CentOS, Oracle Linux, Debian, Ubuntu, Amazon Linux, openSUSE Leap, SUSE Enterprise Linux, Photon OS and Distroless)
-  - **Application dependencies** (Bundler, Composer, Pipenv, Poetry, npm, yarn, Cargo, NuGet, Maven, and Go)
- Simple
-  - Specify only an image name or artifact name
-  - See [Quick Start](#quick-start) and [Examples](#examples)
- Fast
-  - The first scan will finish within 10 seconds (depending on your network). Consequent scans will finish in single seconds.
-  - Unlike other scanners that take long to fetch vulnerability information (~10 minutes) on the first run, and encourage you to maintain a durable vulnerability database, Trivy is stateless and requires no maintenance or preparation.
- Easy installation
-  - `apt-get install`, `yum install` and `brew install` is possible (See [Installation](#installation))
-  - **No pre-requisites** such as installation of DB, libraries, etc.
- High accuracy
-  - **Especially Alpine Linux and RHEL/CentOS**
-  - Other OSes are also high
- DevSecOps
-  - **Suitable for CI** such as Travis CI, CircleCI, Jenkins, GitLab CI, etc.
-  - See [CI Example](#continuous-integration-ci)
- Support multiple formats
-  - container image
-    - A local image in Docker Engine which is running as a daemon
-    - A local image in Podman (>=2.0) which is exposing a socket
-    - A remote image in Docker Registry such as Docker Hub, ECR, GCR and ACR
-    - A tar archive stored in the `docker save` / `podman save` formatted file
-    - An image directory compliant with [OCI Image Format](https://github.com/opencontainers/image-spec)
-  - local filesystem
-  - remote git repository
-
-Please see [LICENSE][license] for Trivy licensing information. Note that Trivy uses vulnerability information from a variety of sources, some of which are licensed for non-commercial use only.
-
-# Documentation
-The official documentation, which provides detailed installation, configuration, and quick start guides, is available at https://aquasecurity.github.io/trivy/.
-
-# Installation
-See [here](https://aquasecurity.github.io/trivy/latest/installation/)
+### Demo: Vulnerability Detection (Container Image)
+<p align="center">
+  <img src="docs/imgs/vuln-demo.gif" width="1000" alt="Vulnerability Detection">
+</p>

+### Demo: Misconfiguration Detection (IaC Files)
+<p align="center">
+  <img src="docs/imgs/misconf-demo.gif" width="1000" alt="Misconfiguration Detection">
+</p>

 # Quick Start
-
+## Scan Image for Vulnerabilities
 Simply specify an image name (and a tag).

 ```
@@ -114,21 +70,140 @@ Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
 |         |                  |          |                   |               | with long nonces               |
 +---------+------------------+----------+-------------------+---------------+--------------------------------+
 ```
+</details>
+
+## Scan Filesystem for Vulnerabilities and Misconfigurations
+Simply specify a directory to scan.
+
+```bash
+$ trivy fs --security-checks vuln,config [YOUR_PROJECT_DIR]
+```
+
+For example:
+
+```bash
+$ trivy fs --security-checks vuln,config myproject/
+```
+
+<details>
+<summary>Result</summary>
+
+```bash
+2021-07-09T12:03:27.564+0300    INFO    Number of language-specific files: 1
+2021-07-09T12:03:27.564+0300    INFO    Detecting pipenv vulnerabilities...
+2021-07-09T12:03:27.566+0300    INFO    Detected config files: 1
+
+Pipfile.lock (pipenv)
+=====================
+Total: 1 (HIGH: 1, CRITICAL: 0)
+
+----------+------------------+----------+-------------------+---------------+---------------------------------------+
+| LIBRARY  | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                 TITLE                 |
+----------+------------------+----------+-------------------+---------------+---------------------------------------+
+| httplib2 | CVE-2021-21240   | HIGH     | 0.12.1            | 0.19.0        | python-httplib2: Regular              |
+|          |                  |          |                   |               | expression denial of                  |
+|          |                  |          |                   |               | service via malicious header          |
+|          |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-21240 |
+----------+------------------+----------+-------------------+---------------+---------------------------------------+
+
+Dockerfile (dockerfile)
+=======================
+Tests: 23 (SUCCESSES: 22, FAILURES: 1, EXCEPTIONS: 0)
+Failures: 1 (HIGH: 1, CRITICAL: 0)
+
+---------------------------+------------+----------------------+----------+------------------------------------------+
+|           TYPE            | MISCONF ID |        CHECK         | SEVERITY |                 MESSAGE                  |
+---------------------------+------------+----------------------+----------+------------------------------------------+
+| Dockerfile Security Check |   DS002    | Image user is 'root' |   HIGH   | Last USER command in                     |
+|                           |            |                      |          | Dockerfile should not be 'root'          |
+|                           |            |                      |          | -->avd.aquasec.com/appshield/ds002       |
+---------------------------+------------+----------------------+----------+------------------------------------------+
+```
+</details>
+
+## Scan Directory for Misconfigurations
+
+Simply specify a directory containing IaC files such as Terraform and Dockerfile.
+
+```
+$ trivy config [YOUR_IAC_DIR]
+```
+
+For example:
+
+```
+$ ls build/
+Dockerfile
+$ trivy config ./build
+```
+
+<details>
+<summary>Result</summary>
+
+```
+2021-07-09T10:06:29.188+0300    INFO    Need to update the built-in policies
+2021-07-09T10:06:29.188+0300    INFO    Downloading the built-in policies...
+2021-07-09T10:06:30.520+0300    INFO    Detected config files: 1
+
+Dockerfile (dockerfile)
+=======================
+Tests: 23 (SUCCESSES: 22, FAILURES: 1, EXCEPTIONS: 0)
+Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
+
+---------------------------+------------+----------------------+----------+------------------------------------------+
+|           TYPE            | MISCONF ID |        CHECK         | SEVERITY |                 MESSAGE                  |
+---------------------------+------------+----------------------+----------+------------------------------------------+
+| Dockerfile Security Check |   DS002    | Image user is 'root' |   HIGH   | Last USER command in                     |
+|                           |            |                      |          | Dockerfile should not be 'root'          |
+|                           |            |                      |          | -->avd.aquasec.com/appshield/ds002       |
+---------------------------+------------+----------------------+----------+------------------------------------------+
+```

 </details>

-# Examples
-See [here](https://aquasecurity.github.io/trivy/latest/examples/filter/)

-# Continuous Integration (CI)
-See [here](https://aquasecurity.github.io/trivy/latest/integrations/)
+# Features

-# Vulnerability Detection
-See [here](https://aquasecurity.github.io/trivy/latest/vuln-detection/)
+- Comprehensive vulnerability detection
+  - OS packages (Alpine Linux, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, Oracle Linux, Debian, Ubuntu, Amazon Linux, openSUSE Leap, SUSE Enterprise Linux, Photon OS and Distroless)
+  - **Language-specific packages** (Bundler, Composer, Pipenv, Poetry, npm, yarn, Cargo, NuGet, Maven, and Go)
+- Misconfiguration detection (IaC scanning) 
+  - A wide variety of built-in policies are provided **out of the box**
+    - Kubernetes, Docker, Terraform, and more coming soon
+  - Support custom policies
+- Simple
+  - Specify only an image name, a path to config files, or an artifact name
+- Fast
+  - The first scan will finish within 10 seconds (depending on your network). Consequent scans will finish in single seconds.
+- Easy installation
+  - `apt-get install`, `yum install` and `brew install` are possible.
+  - **No pre-requisites** such as installation of DB, libraries, etc.
+- High accuracy
+  - **Especially [Alpine Linux][alpine] and RHEL/CentOS**
+  - Other OSes are also high
+- DevSecOps
+  - **Suitable for CI** such as GitHub Actions, Jenkins, GitLab CI, etc.
+- Support multiple targets
+  - container image, local filesystem and remote git repository

-# Usage
-See [here](https://aquasecurity.github.io/trivy/latest/usage/)
+# Integrations
+- [GitHub Actions][action]
+- [Visual Studio Code][vscode]

-# Author
+# Documentation
+The official documentation, which provides detailed installation, configuration, and quick start guides, is available at https://aquasecurity.github.io/trivy/.

-[Teppei Fukuda](https://github.com/knqyf263) (knqyf263)
+[test]: https://github.com/aquasecurity/trivy/actions/workflows/test.yaml
+[test-img]: https://github.com/aquasecurity/trivy/actions/workflows/test.yaml/badge.svg
+[go-report]: https://goreportcard.com/report/github.com/aquasecurity/trivy
+[go-report-img]: https://goreportcard.com/badge/github.com/aquasecurity/trivy
+[release]: https://github.com/aquasecurity/trivy/releases
+[release-img]: https://img.shields.io/github/release/aquasecurity/trivy.svg?logo=github
+[github-all-releases-img]: https://img.shields.io/github/downloads/aquasecurity/trivy/total?logo=github
+[docker-pulls]: https://img.shields.io/docker/pulls/aquasec/trivy?logo=docker&label=docker%20pulls%20%2F%20trivy
+[license]: https://github.com/aquasecurity/trivy/blob/main/LICENSE
+[license-img]: https://img.shields.io/badge/License-Apache%202.0-blue.svg
+
+[alpine]: https://ariadne.space/2021/06/08/the-vulnerability-remediation-lifecycle-of-alpine-containers/
+[action]: https://github.com/aquasecurity/trivy-action
+[vscode]: https://github.com/aquasecurity/trivy-vscode-extension
--- a/codecov.yml
+++ b/codecov.yml
@@ -1,12 +0,0 @@
-coverage:
-  status:
-    project:
-      default:
-        informational: true
-        target: auto
-        threshold: 100%
-    patch:
-      default:
-        informational: true
-        target: auto
-        threshold: 100%
--- a/contrib/asff.tpl
+++ b/contrib/asff.tpl
@@ -8,24 +8,13 @@
 {{- else -}}
  ,
 {{- end -}}
-{{- $trivyProductSev := 0 -}}
-{{- $trivyNormalizedSev := 0 -}}
-{{- if eq .Severity "LOW" -}}
-    {{- $trivyProductSev = 1 -}}
-    {{- $trivyNormalizedSev = 10 -}}
-  {{- else if eq .Severity "MEDIUM" -}}
-    {{- $trivyProductSev = 4 -}}
-    {{- $trivyNormalizedSev = 40 -}}
-  {{- else if eq .Severity "HIGH" -}}
-    {{- $trivyProductSev = 7 -}}
-    {{- $trivyNormalizedSev = 70 -}}
-  {{- else if eq .Severity "CRITICAL" -}}
-    {{- $trivyProductSev = 9 -}}
-    {{- $trivyNormalizedSev = 90 -}}
-{{- end }}
+{{- $severity := .Severity -}}
+{{- if eq $severity "UNKNOWN" -}}
+{{- $severity = "INFORMATIONAL" -}}
+{{- end -}}
 {{- $description := .Description -}}
 {{- if gt (len $description ) 1021 -}}
-    {{- $description = (slice $description 0 1021) | printf "%v .." -}}
+    {{- $description = (substr 0 1021 $description) | printf "%v .." -}}
 {{- end}}
    {
        "SchemaVersion": "2018-10-08",
@@ -37,8 +26,7 @@
        "CreatedAt": "{{ getCurrentTime }}",
        "UpdatedAt": "{{ getCurrentTime }}",
        "Severity": {
-            "Product": {{ $trivyProductSev }},
-            "Normalized": {{ $trivyNormalizedSev }}
+            "Label": "{{ $severity }}"
        },
        "Title": "Trivy found a vulnerability to {{ .VulnerabilityID }} in container {{ $target }}",
        "Description": {{ escapeString $description | printf "%q" }},
@@ -75,4 +63,4 @@
    }
   {{- end -}}
  {{- end }}
-]
+]
--- a/contrib/gitlab-codequality.tpl
+++ b/contrib/gitlab-codequality.tpl
@@ -0,0 +1,38 @@
+{{- /* Template based on https://github.com/codeclimate/platform/blob/master/spec/analyzers/SPEC.md#data-types */ -}}
+[
+  {{- $t_first := true }}
+  {{- range . }}
+  {{- $target := .Target }}
+    {{- range .Vulnerabilities -}}
+    {{- if $t_first -}}
+      {{- $t_first = false -}}
+    {{ else -}}
+      ,
+    {{- end }}
+    {
+      "type": "issue",
+      "check_name": "container_scanning",
+      "categories": [ "Security" ],
+      "description": "{{ .VulnerabilityID }}: {{ .Title }}",
+      "content": {{ .Description | printf "%q" }},
+      "severity": {{ if eq .Severity "LOW" -}}
+                    "info"
+                  {{- else if eq .Severity "MEDIUM" -}}
+                    "minor"
+                  {{- else if eq .Severity "HIGH" -}}
+                    "major"
+                  {{- else if eq .Severity "CRITICAL" -}}
+                    "critical"
+                  {{-  else -}}
+                    "info"
+                  {{- end }},
+      "location": {
+        "path": "{{ .PkgName }}-{{ .InstalledVersion }}",
+        "lines": {
+          "begin": 1
+        }
+      }
+    }
+    {{- end -}}
+  {{- end }}
+]
--- a/contrib/sarif.tpl
+++ b/contrib/sarif.tpl
@@ -11,7 +11,7 @@
          "version": "0.15.0",
          "rules": [
        {{- $t_first := true }}
-        {{- range . }}
+        {{- range $result := . }}
            {{- $vulnerabilityType := .Type }}
            {{- range .Vulnerabilities -}}
              {{- if $t_first -}}
@@ -20,7 +20,7 @@
                ,
              {{- end }}
            {
-              "id": "{{ .VulnerabilityID }}/{{ .PkgName }}",
+              "id": {{ printf "%s: %s-%s %s" $result.Target .PkgName .InstalledVersion .VulnerabilityID | toJson }},
              "name": "{{ toSarifRuleName $vulnerabilityType }}",
              "shortDescription": {
                "text": {{ printf "%v Package: %v" .VulnerabilityID .PkgName | printf "%q" }}
@@ -57,7 +57,7 @@
      },
      "results": [
    {{- $t_first := true }}
-    {{- range . }}
+    {{- range $result := . }}
        {{- $filePath := .Target }}
        {{- range $index, $vulnerability := .Vulnerabilities -}}
          {{- if $t_first -}}
@@ -66,7 +66,7 @@
            ,
          {{- end }}
        {
-          "ruleId": "{{ $vulnerability.VulnerabilityID }}/{{ $vulnerability.PkgName }}",
+          "ruleId": {{ printf "%s: %s-%s %s" $result.Target .PkgName .InstalledVersion .VulnerabilityID | toJson }},
          "ruleIndex": {{ $index }},
          "level": "{{ toSarifErrorLevel $vulnerability.Vulnerability.Severity }}",
          "message": {
@@ -92,4 +92,4 @@
      }
    }
  ]
-}
+}
--- a/docs/advanced/air-gap.md
+++ b/docs/advanced/air-gap.md
--- a/docs/advanced/container/embed-in-dockerfile.md
+++ b/docs/advanced/container/embed-in-dockerfile.md
--- a/docs/advanced/container/oci.md
+++ b/docs/advanced/container/oci.md
@@ -1,6 +1,6 @@
-# OCI
+# OCI Image Layout

-An image directory compliant with "Open Container Image Layout Specification".
+An image directory compliant with [Open Container Image Layout Specification](https://github.com/opencontainers/image-spec/blob/master/spec.md).

 Buildah:

--- a/docs/advanced/container/podman.md
+++ b/docs/advanced/container/podman.md
@@ -1,10 +1,12 @@
 # Podman

-[EXPERIMENTAL] This feature might change without preserving backwards compatibility.
+!!! warning "EXPERIMENTAL"
+    This feature might change without preserving backwards compatibility.

 Scan your image in Podman (>=2.0) running locally. The remote Podman is not supported.
 Before performing Trivy commands, you must enable the podman.sock systemd service on your machine.
-For more details, see [here][sock]
+For more details, see [here][sock].
+

 ```bash
 $ systemctl --user enable --now podman.socket
--- a/docs/advanced/container/unpacked-filesystem.md
+++ b/docs/advanced/container/unpacked-filesystem.md
--- a/docs/advanced/contrib/help-wanted.md
+++ b/docs/advanced/contrib/help-wanted.md
--- a/docs/advanced/contrib/triage.md
+++ b/docs/advanced/contrib/triage.md
@@ -185,7 +185,7 @@ We use two labels [help wanted](https://github.com/aquasecurity/trivy/issues?q=i
 and [good first issue](https://github.com/aquasecurity/trivy/issues?q=is%3Aopen+is%3Aissue+label%3A%22good+first+issue%22)
 to identify issues that have been specially groomed for new contributors.

-We have specific [guidelines](/docs/contrib/help-wanted.md)
+We have specific [guidelines](/docs/advanced/contribd/contrib/help-wanted.md)
 for how to use these labels. If you see an issue that satisfies these
 guidelines, you can add the `help wanted` label and the `good first issue` label.
 Please note that adding the `good first issue` label must also 
--- a/docs/advanced/index.md
+++ b/docs/advanced/index.md
@@ -0,0 +1,2 @@
+# Advanced
+This section describes advanced features, integrations, etc.
--- a/docs/advanced/integrations/aws-codepipeline.md
+++ b/docs/advanced/integrations/aws-codepipeline.md
--- a/docs/advanced/integrations/aws-security-hub.md
+++ b/docs/advanced/integrations/aws-security-hub.md
--- a/docs/advanced/integrations/circleci.md
+++ b/docs/advanced/integrations/circleci.md
--- a/docs/advanced/integrations/github-actions.md
+++ b/docs/advanced/integrations/github-actions.md
@@ -1,7 +1,7 @@
 # GitHub Actions

 - Here is the [Trivy Github Action][action]
- The Microsoft Azure team have written a [container-scan action][azuer] that uses Trivy and Dockle
+- The Microsoft Azure team have written a [container-scan action][azure] that uses Trivy and Dockle
 - For full control over the options specified to Trivy, this [blog post][blog] describes adding Trivy into your own GitHub action workflows 

 [action]: https://github.com/aquasecurity/trivy-action
--- a/docs/advanced/integrations/gitlab-ci.md
+++ b/docs/advanced/integrations/gitlab-ci.md
@@ -1,7 +1,6 @@
 # GitLab CI

-```
-$ cat .gitlab-ci.yml
+```yaml
 stages:
  - test

@@ -78,7 +77,7 @@ container_scanning:
        --output "$CI_PROJECT_DIR/gl-container-scanning-report.json" "$FULL_IMAGE_NAME"
    # Prints full report
    - time trivy --exit-code 0 --cache-dir .trivycache/ --no-progress "$FULL_IMAGE_NAME"
-    # Fails on high and critical vulnerabilities
+    # Fail on critical vulnerabilities
    - time trivy --exit-code 1 --cache-dir .trivycache/ --severity CRITICAL --no-progress "$FULL_IMAGE_NAME"
  cache:
    paths:
@@ -94,3 +93,59 @@ container_scanning:

 [example]: https://gitlab.com/aquasecurity/trivy-ci-test/pipelines
 [repository]: https://github.com/aquasecurity/trivy-ci-test
+
+### Gitlab CI alternative template
+
+Depending on the edition of gitlab you have or your desired workflow, the
+container scanning template may not meet your needs. As an addition to the
+above container scanning template, a template for
+[code climate](https://docs.gitlab.com/ee/user/project/merge_requests/code_quality.html)
+has been included. The key things to update from the above examples are
+the `template` and `report` type. An updated example is below.
+
+```yaml
+stages:
+  - test
+
+trivy:
+  stage: test
+  image: docker:stable
+  services:
+    - name: docker:dind
+      entrypoint: ["env", "-u", "DOCKER_HOST"]
+      command: ["dockerd-entrypoint.sh"]
+  variables:
+    DOCKER_HOST: tcp://docker:2375/
+    DOCKER_DRIVER: overlay2
+    # See https://github.com/docker-library/docker/pull/166
+    DOCKER_TLS_CERTDIR: ""
+    IMAGE: trivy-ci-test:$CI_COMMIT_SHA
+  before_script:
+    - export TRIVY_VERSION=$(wget -qO - "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
+    - echo $TRIVY_VERSION
+    - wget --no-verbose https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz -O - | tar -zxvf -
+  allow_failure: true
+  script:
+    # Build image
+    - docker build -t $IMAGE .
+    # Build report
+    - ./trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@contrib/gitlab-codeclimate.tpl" -o gl-codeclimate.json $IMAGE
+  cache:
+    paths:
+      - .trivycache/
+  # Enables https://docs.gitlab.com/ee/user/application_security/container_scanning/ (Container Scanning report is available on GitLab EE Ultimate or GitLab.com Gold)
+  artifacts:
+    paths:
+      gl-codeclimate.json
+    reports:
+      codequality: gl-codeclimate.json
+```
+
+Currently gitlab only supports a single code quality report. There is an
+open [feature request](https://gitlab.com/gitlab-org/gitlab/-/issues/9014)
+to support multiple reports. Until this has been implemented, if you
+already have a code quality report in your pipeline, you can use
+`jq` to combine reports. Depending on how you name your artifacts, it may
+be necessary to rename the artifact if you want to reuse the name. To then
+combine the previous artifact with the output of trivy, the following `jq`
+command can be used, `jq -s 'add' prev-codeclimate.json trivy-codeclimate.json > gl-codeclimate.json`.
--- a/docs/advanced/integrations/index.md
+++ b/docs/advanced/integrations/index.md
@@ -1,3 +1,4 @@
+# Integrations
 Scan your image automatically as part of your CI workflow, failing the workflow if a vulnerability is found. When you don't want to fail the test, specify `--exit-code 0`.

 Since in automated scenarios such as CI/CD you are only interested in the end result, and not the full report, use the `--light` flag to optimize for this scenario and get fast results.
--- a/docs/advanced/integrations/travis-ci.md
+++ b/docs/advanced/integrations/travis-ci.md
--- a/docs/advanced/modes/client-server.md
+++ b/docs/advanced/modes/client-server.md
@@ -55,5 +55,5 @@ $ trivy client --remote http://localhost:8080 --token dummy alpine:3.10

 ## Architecture

-![architecture](../imgs/client-server.png)
+![architecture](../../imgs/client-server.png)

--- a/docs/advanced/modes/standalone.md
+++ b/docs/advanced/modes/standalone.md
@@ -4,13 +4,13 @@

 ## Image

-![standalone](../imgs/image.png)
+![standalone](../../imgs/image.png)

 ## Filesystem

-![fs](../imgs/fs.png)
+![fs](../../imgs/fs.png)

 ## Git Repository

-![repo](../imgs/repo.png)
+![repo](../../imgs/repo.png)

--- a/docs/advanced/plugins.md
+++ b/docs/advanced/plugins.md
--- a/docs/advanced/private-registries/docker-hub.md
+++ b/docs/advanced/private-registries/docker-hub.md
--- a/docs/advanced/private-registries/ecr.md
+++ b/docs/advanced/private-registries/ecr.md
--- a/docs/advanced/private-registries/gcr.md
+++ b/docs/advanced/private-registries/gcr.md
--- a/docs/advanced/private-registries/index.md
+++ b/docs/advanced/private-registries/index.md
--- a/docs/advanced/private-registries/self.md
+++ b/docs/advanced/private-registries/self.md
--- a/docs/build/Dockerfile
+++ b/docs/build/Dockerfile
@@ -1,4 +1,4 @@
-FROM squidfunk/mkdocs-material
+FROM squidfunk/mkdocs-material:7.0.6

 ## If you want to see exactly the same version as is published to GitHub pages
 ## use a private image for insiders, which requires authentication.
--- a/docs/comparison.md
+++ b/docs/comparison.md
@@ -1,17 +0,0 @@
-# Comparison with other scanners
-
-| Scanner        | OS<br>Packages  | Application<br>Dependencies | Easy to use  | Accuracy    | Suitable<br>for CI  |
-| -------------- | :-------------: | :-------------------------: | :----------: | :---------: | :-----------------: |
-| Trivy          |       ✅        |       ✅<br>(8 languages)   |    ⭐ ⭐ ⭐    |  ⭐ ⭐ ⭐    |      ⭐ ⭐ ⭐         |
-| Clair          |       ✅        |              ×              |      ⭐       |   ⭐ ⭐      |      ⭐ ⭐           |
-| Anchore Engine |       ✅        |       ✅<br>(4 languages)   |     ⭐ ⭐      |   ⭐ ⭐      |     ⭐ ⭐ ⭐         |
-| Quay           |       ✅        |              ×              |    ⭐ ⭐ ⭐    |   ⭐ ⭐      |        ×            |
-| Docker Hub     |       ✅        |              ×              |    ⭐ ⭐ ⭐    |    ⭐        |        ×            |
-| GCR            |       ✅        |              ×              |    ⭐ ⭐ ⭐    |   ⭐ ⭐      |        ×            |
-
- [Open Source CVE Scanner Round-Up: Clair vs Anchore vs Trivy][round-up]
- [Docker Image Security: Static Analysis Tool Comparison – Anchore Engine vs Clair vs Trivy][tool-comparison]
- [Research Spike: evaluate Trivy for scanning running containers](https://gitlab.com/gitlab-org/gitlab/-/issues/270888)
-
-[round-up]: https://boxboat.com/2020/04/24/image-scanning-tech-compared/
-[tool-comparison]: https://www.a10o.net/devsecops/docker-image-security-static-analysis-tool-comparison-anchore-engine-vs-clair-vs-trivy/
--- a/docs/credit.md
+++ b/docs/credit.md
@@ -1,14 +0,0 @@
-# Special Thanks to 
-
- [Tomoya Amachi][tomoyamachi]
- [Masahiro Fujimura][masahiro331]
- [Naoki Harima][XapiMa]
-
-# Author
-
-[Teppei Fukuda][knqyf263] (knqyf263)
-
-[tomoyamachi]: https://github.com/tomoyamachi
-[masahiro331]: https://github.com/masahiro331
-[XapiMa]: https://github.com/XapiMa
-[knqyf263]: https://github.com/knqyf263
--- a/docs/examples/index.md
+++ b/docs/examples/index.md
@@ -1,3 +0,0 @@
-# Examples
-
-There are plenty of examples.
--- a/docs/examples/skip.md
+++ b/docs/examples/skip.md
@@ -1,17 +0,0 @@
-# Skip Traversal of Files/Directories
-
-## Skip Files
-Trivy traversals directories and looks for all lock files by default.
-If your image contains lock files which are not maintained by you, you can skip the file.
-
-```
-$ trivy image --skip-files "/Gemfile.lock" --skip-files "/var/lib/gems/2.5.0/gems/http_parser.rb-0.6.0/Gemfile.lock" quay.io/fluentd_elasticsearch/fluentd:v2.9.0
-```
-
-## Skip Directories
-Trivy traversals directories and look for all lock files by default.
-If your image contains lock files which are not maintained by you, you can skip traversal in the specific directory.
-
-```
-$ trivy image --skip-dirs /var/lib/gems/2.5.0/gems/fluent-plugin-detect-exceptions-0.0.13 --skip-dirs "/var/lib/gems/2.5.0/gems/http_parser.rb-0.6.0" quay.io/fluentd_elasticsearch/fluentd:v2.9.0
-```
--- a/docs/getting-started/cli/client.md
+++ b/docs/getting-started/cli/client.md
@@ -21,6 +21,7 @@ OPTIONS:
   --ignorefile value          specify .trivyignore file (default: ".trivyignore") [$TRIVY_IGNOREFILE]
   --timeout value             timeout (default: 5m0s) [$TRIVY_TIMEOUT]
   --ignore-policy value       specify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]
+   --list-all-pkgs             enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]
   --token value               for authentication [$TRIVY_TOKEN]
   --token-header value        specify a header name for token (default: "Trivy-Token") [$TRIVY_TOKEN_HEADER]
   --remote value              server address (default: "http://localhost:4954") [$TRIVY_REMOTE]
--- a/docs/getting-started/cli/config.md
+++ b/docs/getting-started/cli/config.md
@@ -0,0 +1,29 @@
+# Config
+
+``` bash
+NAME:
+   trivy config - scan config files
+
+USAGE:
+   trivy config [command options] dir
+
+OPTIONS:
+   --template value, -t value                     output template [$TRIVY_TEMPLATE]
+   --format value, -f value                       format (table, json, template) (default: "table") [$TRIVY_FORMAT]
+   --severity value, -s value                     severities of vulnerabilities to be displayed (comma separated) (default: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL") [$TRIVY_SEVERITY]
+   --output value, -o value                       output file name [$TRIVY_OUTPUT]
+   --exit-code value                              Exit code when vulnerabilities were found (default: 0) [$TRIVY_EXIT_CODE]
+   --skip-policy-update                           skip updating built-in policies (default: false) [$TRIVY_SKIP_POLICY_UPDATE]
+   --reset                                        remove all caches and database (default: false) [$TRIVY_RESET]
+   --clear-cache, -c                              clear image caches without scanning (default: false) [$TRIVY_CLEAR_CACHE]
+   --ignorefile value                             specify .trivyignore file (default: ".trivyignore") [$TRIVY_IGNOREFILE]
+   --timeout value                                timeout (default: 5m0s) [$TRIVY_TIMEOUT]
+   --skip-files value                             specify the file paths to skip traversal [$TRIVY_SKIP_FILES]
+   --skip-dirs value                              specify the directories where the traversal is skipped [$TRIVY_SKIP_DIRS]
+   --policy value, --config-policy value          specify paths to the Rego policy files directory, applying config files [$TRIVY_POLICY]
+   --data value, --config-data value              specify paths from which data for the Rego policies will be recursively loaded [$TRIVY_DATA]
+   --policy-namespaces value, --namespaces value  Rego namespaces (default: "users") [$TRIVY_POLICY_NAMESPACES]
+   --file-patterns value                          specify file patterns [$TRIVY_FILE_PATTERNS]
+   --include-successes                            include successes of misconfigurations (default: false) [$TRIVY_INCLUDE_SUCCESSES]
+   --help, -h                                     show help (default: false)
+```
--- a/docs/getting-started/cli/fs.md
+++ b/docs/getting-started/cli/fs.md
@@ -0,0 +1,36 @@
+# Filesystem
+
+```bash
+NAME:
+   trivy filesystem - scan local filesystem
+
+USAGE:
+   trivy filesystem [command options] dir
+
+OPTIONS:
+   --template value, -t value                     output template [$TRIVY_TEMPLATE]
+   --format value, -f value                       format (table, json, template) (default: "table") [$TRIVY_FORMAT]
+   --input value, -i value                        input file path instead of image name [$TRIVY_INPUT]
+   --severity value, -s value                     severities of vulnerabilities to be displayed (comma separated) (default: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL") [$TRIVY_SEVERITY]
+   --output value, -o value                       output file name [$TRIVY_OUTPUT]
+   --exit-code value                              Exit code when vulnerabilities were found (default: 0) [$TRIVY_EXIT_CODE]
+   --skip-db-update, --skip-update                skip updating vulnerability database (default: false) [$TRIVY_SKIP_UPDATE, $TRIVY_SKIP_DB_UPDATE]
+   --skip-policy-update                           skip updating built-in policies (default: false) [$TRIVY_SKIP_POLICY_UPDATE]
+   --clear-cache, -c                              clear image caches without scanning (default: false) [$TRIVY_CLEAR_CACHE]
+   --ignore-unfixed                               display only fixed vulnerabilities (default: false) [$TRIVY_IGNORE_UNFIXED]
+   --removed-pkgs                                 detect vulnerabilities of removed packages (only for Alpine) (default: false) [$TRIVY_REMOVED_PKGS]
+   --vuln-type value                              comma-separated list of vulnerability types (os,library) (default: "os,library") [$TRIVY_VULN_TYPE]
+   --security-checks value                        comma-separated list of what security issues to detect (vuln,config) (default: "vuln") [$TRIVY_SECURITY_CHECKS]
+   --ignorefile value                             specify .trivyignore file (default: ".trivyignore") [$TRIVY_IGNOREFILE]
+   --cache-backend value                          cache backend (e.g. redis://localhost:6379) (default: "fs") [$TRIVY_CACHE_BACKEND]
+   --timeout value                                timeout (default: 5m0s) [$TRIVY_TIMEOUT]
+   --no-progress                                  suppress progress bar (default: false) [$TRIVY_NO_PROGRESS]
+   --ignore-policy value                          specify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]
+   --list-all-pkgs                                enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]
+   --skip-files value                             specify the file paths to skip traversal [$TRIVY_SKIP_FILES]
+   --skip-dirs value                              specify the directories where the traversal is skipped [$TRIVY_SKIP_DIRS]
+   --config-policy value                          specify paths to the Rego policy files directory, applying config files [$TRIVY_CONFIG_POLICY]
+   --config-data value                            specify paths from which data for the Rego policies will be recursively loaded [$TRIVY_CONFIG_DATA]
+   --policy-namespaces value, --namespaces value  Rego namespaces (default: "users") [$TRIVY_POLICY_NAMESPACES]
+   --help, -h                                     show help (default: false)
+```
--- a/docs/getting-started/cli/image.md
+++ b/docs/getting-started/cli/image.md
--- a/docs/getting-started/cli/index.md
+++ b/docs/getting-started/cli/index.md
@@ -1,6 +1,6 @@
 Trivy has several sub commands, image, fs, repo, client and server.

-```
+``` bash
 NAME:
   trivy - A simple and comprehensive vulnerability scanner for containers

@@ -8,7 +8,7 @@ USAGE:
   trivy [global options] command [command options] target

 VERSION:
-   v0.15.0
+   dev

 COMMANDS:
   image, i          scan an image
@@ -16,6 +16,8 @@ COMMANDS:
   repository, repo  scan remote repository
   client, c         client mode
   server, s         server mode
+   config, conf      scan config files
+   plugin, p         manage plugins
   help, h           Shows a list of commands or help for one command

 GLOBAL OPTIONS:
@@ -24,4 +26,5 @@ GLOBAL OPTIONS:
   --cache-dir value  cache directory (default: "/Users/teppei/Library/Caches/trivy") [$TRIVY_CACHE_DIR]
   --help, -h         show help (default: false)
   --version, -v      print the version (default: false)
+
 ```
--- a/docs/getting-started/cli/repo.md
+++ b/docs/getting-started/cli/repo.md
--- a/docs/getting-started/cli/server.md
+++ b/docs/getting-started/cli/server.md
--- a/docs/getting-started/credit.md
+++ b/docs/getting-started/credit.md
@@ -0,0 +1,10 @@
+# Author
+
+[Teppei Fukuda][knqyf263] (knqyf263)
+
+# Contributors
+
+Thanks to all [contributors][contributors]
+
+[knqyf263]: https://github.com/knqyf263
+[contributors]: https://github.com/aquasecurity/trivy/graphs/contributors
--- a/docs/getting-started/further.md
+++ b/docs/getting-started/further.md
@@ -18,6 +18,10 @@
 - [Find Image Vulnerabilities Using GitHub and Aqua Security Trivy Action][actions2]
 - [Using Trivy to Discover Vulnerabilities in VS Code Projects][vscode]

+## External Blogs
+- [Open Source CVE Scanner Round-Up: Clair vs Anchore vs Trivy][round-up]
+- [Docker Image Security: Static Analysis Tool Comparison – Anchore Engine vs Clair vs Trivy][tool-comparison]
+- [Research Spike: evaluate Trivy for scanning running containers][gitlab]

 [intro]: https://www.youtube.com/watch?v=AzOBGm7XxOA
 [cncf]: https://www.youtube.com/watch?v=XnYxX9uueoQ
@@ -31,3 +35,7 @@
 [actions]: https://blog.aquasec.com/devsecops-with-trivy-github-actions
 [actions2]: https://blog.aquasec.com/github-vulnerability-scanner-trivy
 [vscode]: https://blog.aquasec.com/trivy-open-source-vulnerability-scanner-vs-code
+
+[round-up]: https://boxboat.com/2020/04/24/image-scanning-tech-compared/
+[tool-comparison]: https://www.a10o.net/devsecops/docker-image-security-static-analysis-tool-comparison-anchore-engine-vs-clair-vs-trivy/
+[gitlab]: https://gitlab.com/gitlab-org/gitlab/-/issues/270888
--- a/docs/getting-started/installation.md
+++ b/docs/getting-started/installation.md
@@ -2,56 +2,63 @@

 ## RHEL/CentOS

-Add repository setting to `/etc/yum.repos.d`.

-```bash
-$ sudo vim /etc/yum.repos.d/trivy.repo
-[trivy]
-name=Trivy repository
-baseurl=https://aquasecurity.github.io/trivy-repo/rpm/releases/$releasever/$basearch/
-gpgcheck=0
-enabled=1
-$ sudo yum -y update
-$ sudo yum -y install trivy
-```
+=== "Repository"
+    Add repository setting to `/etc/yum.repos.d`.

-or
+    ``` bash
+    $ sudo vim /etc/yum.repos.d/trivy.repo
+    [trivy]
+    name=Trivy repository
+    baseurl=https://aquasecurity.github.io/trivy-repo/rpm/releases/$releasever/$basearch/
+    gpgcheck=0
+    enabled=1
+    $ sudo yum -y update
+    $ sudo yum -y install trivy
+    ```

-```bash
-rpm -ivh https://github.com/aquasecurity/trivy/releases/download/{{ git.tag }}/trivy_{{ git.tag[1:] }}_Linux-64bit.rpm
-```
+=== "RPM"
+
+    ``` bash
+    rpm -ivh https://github.com/aquasecurity/trivy/releases/download/{{ git.tag }}/trivy_{{ git.tag[1:] }}_Linux-64bit.rpm
+    ```

 ## Debian/Ubuntu

-Add repository to `/etc/apt/sources.list.d`.
+=== "Repository"
+    Add repository setting to `/etc/apt/sources.list.d`.

-```bash
-sudo apt-get install wget apt-transport-https gnupg lsb-release
-wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
-echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
-sudo apt-get update
-sudo apt-get install trivy
-```
+    ``` bash
+    sudo apt-get install wget apt-transport-https gnupg lsb-release
+    wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
+    echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
+    sudo apt-get update
+    sudo apt-get install trivy
+    ```

-or
+=== "DEB"

-```bash
-wget https://github.com/aquasecurity/trivy/releases/download/{{ git.tag }}/trivy_{{ git.tag[1:] }}_Linux-64bit.deb
-sudo dpkg -i trivy_{{ git.tag[1:] }}_Linux-64bit.deb
-```
+    ``` bash
+    wget https://github.com/aquasecurity/trivy/releases/download/{{ git.tag }}/trivy_{{ git.tag[1:] }}_Linux-64bit.deb
+    sudo dpkg -i trivy_{{ git.tag[1:] }}_Linux-64bit.deb
+    ```



 ## Arch Linux
-Package trivy-bin can be installed from the Arch User Repository. Examples:
+Package trivy-bin can be installed from the Arch User Repository.

-```bash
-pikaur -Sy trivy-bin
-```
-or
-```bash
-yay -Sy trivy-bin
-```
+=== "pikaur"
+
+    ``` bash
+    pikaur -Sy trivy-bin
+    ```
+
+=== "yay"
+
+    ``` bash
+    yay -Sy trivy-bin
+    ```

 ## Homebrew

@@ -106,17 +113,20 @@ Replace [YOUR_CACHE_DIR] with the cache directory on your machine.
 docker pull aquasec/trivy:{{ git.tag[1:] }}
 ```

-Example for Linux:
+Example:

-```bash
-docker run --rm -v [YOUR_CACHE_DIR]:/root/.cache/ aquasec/trivy:{{ git.tag[1:] }} [YOUR_IMAGE_NAME]
-```
+=== "Linux"

-Example for macOS:
+    ``` bash
+    docker run --rm -v [YOUR_CACHE_DIR]:/root/.cache/ aquasec/trivy:{{ git.tag[1:] }} [YOUR_IMAGE_NAME]
+    ```

-```bash
-docker run --rm -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy:{{ git.tag[1:] }} python:3.4-alpine
-```
+=== "macOS"
+
+    ``` bash
+    yay -Sy trivy-bin
+    docker run --rm -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy:{{ git.tag[1:] }} python:3.4-alpine
+    ```

 If you would like to scan the image on your host machine, you need to mount `docker.sock`.

@@ -156,11 +166,10 @@ The same image is hosted on [GitHub Container Registry][registry] as well.
 docker pull ghcr.io/aquasecurity/trivy:{{ git.tag[1:] }}
 ```

-[registry]: https://github.com/orgs/aquasecurity/packages/container/package/trivy

 ### Amazon ECR Public

-The same image is hosted on [Amazon ECR Public](https://gallery.ecr.aws/aquasecurity/trivy) as well.
+The same image is hosted on [Amazon ECR Public][ecr] as well.

 ```bash
 docker pull public.ecr.aws/aquasecurity/trivy:{{ git.tag[1:] }}
@@ -183,7 +192,11 @@ To install the chart with the release name `my-release`:
 helm install my-release .
 ```

-The command deploys Trivy on the Kubernetes cluster in the default configuration. The [Parameters](#parameters)
+The command deploys Trivy on the Kubernetes cluster in the default configuration. The [Parameters][helm]
 section lists the parameters that can be configured during installation.

 > **Tip**: List all releases using `helm list`.
+
+[ecr]: https://gallery.ecr.aws/aquasecurity/trivy
+[registry]: https://github.com/orgs/aquasecurity/packages/container/package/trivy
+[helm]: https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/helm/trivy
--- a/docs/getting-started/overview.md
+++ b/docs/getting-started/overview.md
@@ -0,0 +1,82 @@
+# Overview
+
+Trivy detects two types of security issues:
+
+- [Vulnerabilities][vuln]
+- [Misconfigurations][misconf]
+
+Trivy can scan three different artifacts:
+
+- [Container Images][container]
+- [Filesystem][filesystem]
+- [Git Repositories][repo]
+
+Trivy can be run in two different modes:
+
+- [Standalone][standalone]
+- [Client/Server][client-server]
+
+It is designed to be used in CI. Before pushing to a container registry or deploying your application, you can scan your local container image and other artifacts easily.
+See [Integrations][integrations] for details.
+
+## Features
+
+- Comprehensive vulnerability detection
+    - [OS packages][os] (Alpine, Red Hat Universal Base Image, Red Hat Enterprise Linux, CentOS, Oracle Linux, Debian, Ubuntu, Amazon Linux, openSUSE Leap, SUSE Enterprise Linux, Photon OS and Distroless)
+    - [**Language-specific packages**][lang] (Bundler, Composer, Pipenv, Poetry, npm, yarn, Cargo, NuGet, Maven, and Go)
+- Detect IaC misconfigurations
+    - A wide variety of [built-in policies][builtin] are provided **out of the box**:
+        - Kubernetes
+        - Docker
+        - Terraform
+        - more coming soon
+    - Support custom policies
+- Simple
+    - Specify only an image name, a directory containing IaC configs, or an artifact name
+    - See [Quick Start][quickstart]
+- Fast
+    - The first scan will finish within 10 seconds (depending on your network). Consequent scans will finish in single seconds.
+    - Unlike other scanners that take long to fetch vulnerability information (~10 minutes) on the first run, and encourage you to maintain a durable vulnerability database, Trivy is stateless and requires no maintenance or preparation.
+- Easy installation
+    - `apt-get install`, `yum install` and `brew install` is possible (See [Installation](installation.md))
+    - **No pre-requisites** such as installation of DB, libraries, etc.
+- High accuracy
+    - **Especially Alpine Linux and RHEL/CentOS**
+    - Other OSes are also high
+- DevSecOps
+    - **Suitable for CI** such as Travis CI, CircleCI, Jenkins, GitLab CI, etc.
+    - See [CI Example][integrations]
+- Support multiple formats
+    - container image
+        - A local image in Docker Engine which is running as a daemon
+        - A local image in [Podman][podman] (>=2.0) which is exposing a socket
+        - A remote image in Docker Registry such as Docker Hub, ECR, GCR and ACR
+        - A tar archive stored in the `docker save` / `podman save` formatted file
+        - An image directory compliant with [OCI Image Format][oci]
+    - local filesystem
+    - remote git repository
+
+Please see [LICENSE][license] for Trivy licensing information.
+
+!!! note
+    Trivy uses vulnerability information from a variety of sources, some of which are licensed for non-commercial use only.
+
+[vuln]: ../vulnerability/scanning/index.md
+[misconf]: ../misconfiguration/index.md
+[container]: ../vulnerability/scanning/image.md
+[filesystem]: ../vulnerability/scanning/filesystem.md
+[repo]: ../vulnerability/scanning/git-repository.md
+
+[standalone]: ../advanced/modes/standalone.md
+[client-server]: ../advanced/modes/client-server.md
+[integrations]: ../advanced/integrations/index.md
+
+[os]: ../vulnerability/detection/os.md
+[lang]: ../vulnerability/detection/language.md
+
+[builtin]: ../misconfiguration/policy/builtin.md
+[quickstart]: quickstart.md
+[podman]: ../advanced/container/podman.md
+
+[oci]: https://github.com/opencontainers/image-spec
+[license]:  https://github.com/aquasecurity/trivy/blob/main/LICENSE
--- a/docs/getting-started/quickstart.md
+++ b/docs/getting-started/quickstart.md
@@ -0,0 +1,83 @@
+# Quick Start
+
+## Scan image for vulnerabilities
+
+Simply specify an image name (and a tag).
+
+```
+$ trivy image [YOUR_IMAGE_NAME]
+```
+
+For example:
+
+```
+$ trivy image python:3.4-alpine
+```
+
+<details>
+<summary>Result</summary>
+
+```
+2019-05-16T01:20:43.180+0900    INFO    Updating vulnerability database...
+2019-05-16T01:20:53.029+0900    INFO    Detecting Alpine vulnerabilities...
+
+python:3.4-alpine3.9 (alpine 3.9.2)
+===================================
+Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
+
+---------+------------------+----------+-------------------+---------------+--------------------------------+
+| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |             TITLE              |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
+| openssl | CVE-2019-1543    | MEDIUM   | 1.1.1a-r1         | 1.1.1b-r1     | openssl: ChaCha20-Poly1305     |
+|         |                  |          |                   |               | with long nonces               |
+---------+------------------+----------+-------------------+---------------+--------------------------------+
+```
+
+</details>
+
+For more details, see [here][vulnerability].
+
+## Scan directory for misconfigurations
+
+Simply specify a directory containing IaC files such as Terraform and Dockerfile.
+
+```
+$ trivy config [YOUR_IAC_DIR]
+```
+
+For example:
+
+```
+$ ls build/
+Dockerfile
+$ trivy config ./build
+```
+
+<details>
+<summary>Result</summary>
+
+```
+2021-07-09T10:06:29.188+0300    INFO    Need to update the built-in policies
+2021-07-09T10:06:29.188+0300    INFO    Downloading the built-in policies...
+2021-07-09T10:06:30.520+0300    INFO    Detected config files: 1
+
+Dockerfile (dockerfile)
+=======================
+Tests: 23 (SUCCESSES: 22, FAILURES: 1, EXCEPTIONS: 0)
+Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
+
+---------------------------+------------+----------------------+----------+------------------------------------------+
+|           TYPE            | MISCONF ID |        CHECK         | SEVERITY |                 MESSAGE                  |
+---------------------------+------------+----------------------+----------+------------------------------------------+
+| Dockerfile Security Check |   DS002    | Image user is 'root' |   HIGH   | Last USER command in                     |
+|                           |            |                      |          | Dockerfile should not be 'root'          |
+|                           |            |                      |          | -->avd.aquasec.com/appshield/ds002       |
+---------------------------+------------+----------------------+----------+------------------------------------------+
+```
+
+</details>
+
+For more details, see [here][misconf].
+
+[vulnerability]: ../vulnerability/scanning/index.md
+[misconf]: ../misconfiguration/index.md
--- a/docs/getting-started/troubleshooting.md
+++ b/docs/getting-started/troubleshooting.md
@@ -1,11 +1,57 @@
-# FAQ
+# Troubleshooting

 ## Scan
-### analyze error: timeout: context deadline exceeded
+### Timeout
+
+!!! error
+    ``` bash
+    $ trivy image ...
+    ...
+    analyze error: timeout: context deadline exceeded
+    ```
+
 Your scan may time out. Java takes a particularly long time to scan. Try increasing the value of the ---timeout option such as `--timeout 15m`.

+### Certification
+
+!!! error
+    Error: x509: certificate signed by unknown authority
+
+`TRIVY_INSECURE` can be used to allow insecure connections to a container registry when using SSL.
+
+```
+$ TRIVY_INSECURE=true trivy image [YOUR_IMAGE]
+```
+
+### GitHub Rate limiting
+
+!!! error
+    ``` bash
+    $ trivy image ...
+    ...
+    API rate limit exceeded for xxx.xxx.xxx.xxx.
+    ```
+
+Specify GITHUB_TOKEN for authentication
+https://developer.github.com/v3/#rate-limiting
+
+```
+$ GITHUB_TOKEN=XXXXXXXXXX trivy alpine:3.10
+```
+
+### Running in parallel takes same time as series run
+When running trivy on multiple images simultaneously, it will take same time as running trivy in series.  
+This is because of a limitation of boltdb.
+> Bolt obtains a file lock on the data file so multiple processes cannot open the same database at the same time. Opening an already open Bolt database will cause it to hang until the other process closes it.
+
+Reference : [boltdb: Opening a database][boltdb].
+
+[boltdb]: https://github.com/boltdb/bolt#opening-a-database
+
 ## Homebrew
-### Error: Your macOS keychain GitHub credentials do not have sufficient scope!
+### Scope error
+!!! error
+    Error: Your macOS keychain GitHub credentials do not have sufficient scope!

 ```
 $ brew tap aquasecurity/trivy
@@ -23,7 +69,9 @@ Try:
 $ printf "protocol=https\nhost=github.com\n" | git credential-osxkeychain erase
 ```

-### Error: aquasecurity/trivy/trivy 64 already installed
+### Already installed
+!!! error
+    Error: aquasecurity/trivy/trivy 64 already installed

 ```
 $ brew upgrade
@@ -39,31 +87,8 @@ $ brew unlink trivy && brew uninstall trivy
 $ brew install aquasecurity/trivy/trivy
 ```

-### Error: x509: certificate signed by unknown authority
-`TRIVY_INSECURE` can be used to allow insecure connections to a container registry when using SSL.
-
-```
-$ TRIVY_INSECURE=true trivy image [YOUR_IMAGE]
-```
-
-### Running in parallel takes same time as series run
-When running trivy on multiple images simultaneously, it will take same time as running trivy in series.  
-This is because of a limitation of boltdb.
-> Bolt obtains a file lock on the data file so multiple processes cannot open the same database at the same time. Opening an already open Bolt database will cause it to hang until the other process closes it.
-Reference : [boltdb: Opening a database][boltdb].
-
-[boltdb]: https://github.com/boltdb/bolt#opening-a-database

 ## Others
-### GitHub Rate limiting
-
-Specify GITHUB_TOKEN for authentication
-https://developer.github.com/v3/#rate-limiting
-
-```
-$ GITHUB_TOKEN=XXXXXXXXXX trivy alpine:3.10
-```
-
 ### Unknown error

 Try again with `--reset` option:
--- a/docs/imgs/excalidraw/misconf.excalidraw
+++ b/docs/imgs/excalidraw/misconf.excalidraw
@@ -0,0 +1,352 @@
+{
+  "type": "excalidraw",
+  "version": 2,
+  "source": "https://excalidraw.com",
+  "elements": [
+    {
+      "type": "rectangle",
+      "version": 573,
+      "versionNonce": 2034670720,
+      "isDeleted": false,
+      "id": "BkXuq_6BxgqZGZWc8oCtu",
+      "fillStyle": "hachure",
+      "strokeWidth": 1,
+      "strokeStyle": "solid",
+      "roughness": 1,
+      "opacity": 100,
+      "angle": 0,
+      "x": 599.211669921875,
+      "y": 376.32061767578125,
+      "strokeColor": "#000000",
+      "backgroundColor": "#fd7e14",
+      "width": 867.8921508789062,
+      "height": 151.39703369140625,
+      "seed": 1632394695,
+      "groupIds": [],
+      "strokeSharpness": "sharp",
+      "boundElementIds": []
+    },
+    {
+      "type": "text",
+      "version": 572,
+      "versionNonce": 425683840,
+      "isDeleted": false,
+      "id": "YQURTHNPSe05RPSlYRcok",
+      "fillStyle": "hachure",
+      "strokeWidth": 1,
+      "strokeStyle": "solid",
+      "roughness": 1,
+      "opacity": 100,
+      "angle": 0,
+      "x": 983.89404296875,
+      "y": 399.98724365234375,
+      "strokeColor": "#000000",
+      "backgroundColor": "transparent",
+      "width": 88,
+      "height": 45,
+      "seed": 891391049,
+      "groupIds": [],
+      "strokeSharpness": "sharp",
+      "boundElementIds": [],
+      "fontSize": 36,
+      "fontFamily": 1,
+      "text": "Trivy",
+      "baseline": 32,
+      "textAlign": "left",
+      "verticalAlign": "top"
+    },
+    {
+      "type": "text",
+      "version": 822,
+      "versionNonce": 1061096576,
+      "isDeleted": false,
+      "id": "6dpF2EyZBtYgO6MrvGj0-",
+      "fillStyle": "hachure",
+      "strokeWidth": 1,
+      "strokeStyle": "solid",
+      "roughness": 1,
+      "opacity": 100,
+      "angle": 0,
+      "x": 771.2554931640625,
+      "y": 469.7777099609375,
+      "strokeColor": "#000000",
+      "backgroundColor": "transparent",
+      "width": 507,
+      "height": 35,
+      "seed": 687997545,
+      "groupIds": [],
+      "strokeSharpness": "sharp",
+      "boundElementIds": [],
+      "fontSize": 28,
+      "fontFamily": 1,
+      "text": "Vulnerability/Misconfiguration Scanner",
+      "baseline": 25,
+      "textAlign": "left",
+      "verticalAlign": "top"
+    },
+    {
+      "type": "rectangle",
+      "version": 763,
+      "versionNonce": 560331648,
+      "isDeleted": false,
+      "id": "cpnTMy7L2AUg9IDJppF4H",
+      "fillStyle": "hachure",
+      "strokeWidth": 1,
+      "strokeStyle": "solid",
+      "roughness": 1,
+      "opacity": 100,
+      "angle": 0,
+      "x": 602.28369140625,
+      "y": 258.8445587158203,
+      "strokeColor": "#000000",
+      "backgroundColor": "#fab005",
+      "width": 397.493408203125,
+      "height": 103.28388977050778,
+      "seed": 77164935,
+      "groupIds": [],
+      "strokeSharpness": "sharp",
+      "boundElementIds": []
+    },
+    {
+      "type": "text",
+      "version": 1072,
+      "versionNonce": 212434048,
+      "isDeleted": false,
+      "id": "9-blmNVtLesthMSY_f60t",
+      "fillStyle": "hachure",
+      "strokeWidth": 1,
+      "strokeStyle": "solid",
+      "roughness": 1,
+      "opacity": 100,
+      "angle": 0,
+      "x": 630.9301147460938,
+      "y": 292.4002990722656,
+      "strokeColor": "#000000",
+      "backgroundColor": "transparent",
+      "width": 331,
+      "height": 35,
+      "seed": 860091815,
+      "groupIds": [],
+      "strokeSharpness": "sharp",
+      "boundElementIds": [],
+      "fontSize": 28,
+      "fontFamily": 1,
+      "text": "Infrastructure as Code",
+      "baseline": 25,
+      "textAlign": "center",
+      "verticalAlign": "top"
+    },
+    {
+      "type": "rectangle",
+      "version": 1194,
+      "versionNonce": 131337088,
+      "isDeleted": false,
+      "id": "gugZxhi7ThlcjWY_MFO7q",
+      "fillStyle": "hachure",
+      "strokeWidth": 1,
+      "strokeStyle": "solid",
+      "roughness": 1,
+      "opacity": 100,
+      "angle": 0,
+      "x": 1021.5928955078125,
+      "y": 261.56090545654297,
+      "strokeColor": "#000000",
+      "backgroundColor": "#be4bdb",
+      "width": 441.0702514648438,
+      "height": 99.05134582519533,
+      "seed": 1232790121,
+      "groupIds": [],
+      "strokeSharpness": "sharp",
+      "boundElementIds": []
+    },
+    {
+      "type": "text",
+      "version": 1270,
+      "versionNonce": 591785088,
+      "isDeleted": false,
+      "id": "K48gtpesBxIGJxLTnI2CB",
+      "fillStyle": "hachure",
+      "strokeWidth": 1,
+      "strokeStyle": "solid",
+      "roughness": 1,
+      "opacity": 100,
+      "angle": 0,
+      "x": 1173.3179931640625,
+      "y": 294.12510681152344,
+      "strokeColor": "#000000",
+      "backgroundColor": "transparent",
+      "width": 137,
+      "height": 35,
+      "seed": 449264361,
+      "groupIds": [],
+      "strokeSharpness": "sharp",
+      "boundElementIds": [],
+      "fontSize": 28,
+      "fontFamily": 1,
+      "text": "Filesystem",
+      "baseline": 25,
+      "textAlign": "center",
+      "verticalAlign": "top"
+    },
+    {
+      "type": "rectangle",
+      "version": 1319,
+      "versionNonce": 1264839808,
+      "isDeleted": false,
+      "id": "BYJwfkhd1BilbLQGc973f",
+      "fillStyle": "hachure",
+      "strokeWidth": 1,
+      "strokeStyle": "solid",
+      "roughness": 1,
+      "opacity": 100,
+      "angle": 0,
+      "x": 1233.3157348632812,
+      "y": 168.29967880249023,
+      "strokeColor": "#000000",
+      "backgroundColor": "#82c91e",
+      "width": 229.03393554687523,
+      "height": 77.80606079101562,
+      "seed": 1923498546,
+      "groupIds": [],
+      "strokeSharpness": "sharp",
+      "boundElementIds": []
+    },
+    {
+      "type": "text",
+      "version": 659,
+      "versionNonce": 2122259328,
+      "isDeleted": false,
+      "id": "eedUyCpr8i1aY_3PHsHAB",
+      "fillStyle": "hachure",
+      "strokeWidth": 1,
+      "strokeStyle": "solid",
+      "roughness": 1,
+      "opacity": 100,
+      "angle": 0,
+      "x": 1241.1352844238281,
+      "y": 191.2939567565918,
+      "strokeColor": "#000000",
+      "backgroundColor": "#82c91e",
+      "width": 216,
+      "height": 35,
+      "seed": 595309038,
+      "groupIds": [],
+      "strokeSharpness": "sharp",
+      "boundElementIds": [],
+      "fontSize": 28,
+      "fontFamily": 1,
+      "text": "Misconfiguration",
+      "baseline": 25,
+      "textAlign": "center",
+      "verticalAlign": "middle"
+    },
+    {
+      "type": "rectangle",
+      "version": 1397,
+      "versionNonce": 20077696,
+      "isDeleted": false,
+      "id": "SPkrBrH6DGvkgQXtZQjIJ",
+      "fillStyle": "hachure",
+      "strokeWidth": 1,
+      "strokeStyle": "solid",
+      "roughness": 1,
+      "opacity": 100,
+      "angle": 0,
+      "x": 1023.8157043457031,
+      "y": 168.7816276550293,
+      "strokeColor": "#000000",
+      "backgroundColor": "#fa5252",
+      "width": 200.7496337890626,
+      "height": 77.80606079101562,
+      "seed": 1896460914,
+      "groupIds": [],
+      "strokeSharpness": "sharp",
+      "boundElementIds": []
+    },
+    {
+      "type": "text",
+      "version": 840,
+      "versionNonce": 655338368,
+      "isDeleted": false,
+      "id": "n06MNIqirDmVZBkDg_UPV",
+      "fillStyle": "hachure",
+      "strokeWidth": 1,
+      "strokeStyle": "solid",
+      "roughness": 1,
+      "opacity": 100,
+      "angle": 0,
+      "x": 1040.526611328125,
+      "y": 194.3111228942871,
+      "strokeColor": "#000000",
+      "backgroundColor": "#82c91e",
+      "width": 160,
+      "height": 35,
+      "seed": 1131832750,
+      "groupIds": [],
+      "strokeSharpness": "sharp",
+      "boundElementIds": [],
+      "fontSize": 28,
+      "fontFamily": 1,
+      "text": "Vulnerability",
+      "baseline": 25,
+      "textAlign": "center",
+      "verticalAlign": "middle"
+    },
+    {
+      "type": "rectangle",
+      "version": 1441,
+      "versionNonce": 1393118080,
+      "isDeleted": false,
+      "id": "8SHSNGf7PNddFLi2ZA3Vi",
+      "fillStyle": "hachure",
+      "strokeWidth": 1,
+      "strokeStyle": "solid",
+      "roughness": 1,
+      "opacity": 100,
+      "angle": 0,
+      "x": 673.6463928222656,
+      "y": 167.8159294128418,
+      "strokeColor": "#000000",
+      "backgroundColor": "#82c91e",
+      "width": 278.48516845703136,
+      "height": 77.80606079101562,
+      "seed": 1986948530,
+      "groupIds": [],
+      "strokeSharpness": "sharp",
+      "boundElementIds": []
+    },
+    {
+      "type": "text",
+      "version": 851,
+      "versionNonce": 2114620544,
+      "isDeleted": false,
+      "id": "3Z5w3RXdgpvP43dlHqq26",
+      "fillStyle": "hachure",
+      "strokeWidth": 1,
+      "strokeStyle": "solid",
+      "roughness": 1,
+      "opacity": 100,
+      "angle": 0,
+      "x": 701.5146789550781,
+      "y": 189.60757064819336,
+      "strokeColor": "#000000",
+      "backgroundColor": "#82c91e",
+      "width": 216,
+      "height": 35,
+      "seed": 1077804654,
+      "groupIds": [],
+      "strokeSharpness": "sharp",
+      "boundElementIds": [],
+      "fontSize": 28,
+      "fontFamily": 1,
+      "text": "Misconfiguration",
+      "baseline": 25,
+      "textAlign": "center",
+      "verticalAlign": "middle"
+    }
+  ],
+  "appState": {
+    "gridSize": null,
+    "viewBackgroundColor": "#ffffff"
+  }
+}
--- a/docs/imgs/excalidraw/overview.excalidraw
+++ b/docs/imgs/excalidraw/overview.excalidraw
@@ -5,31 +5,8 @@
  "elements": [
    {
      "type": "rectangle",
-      "version": 560,
-      "versionNonce": 1400582380,
-      "isDeleted": false,
-      "id": "zULZ64ij5HLsp2cFZILSX",
-      "fillStyle": "hachure",
-      "strokeWidth": 1,
-      "strokeStyle": "solid",
-      "roughness": 1,
-      "opacity": 50,
-      "angle": 0,
-      "x": 904.2628784179688,
-      "y": 99.2658462524414,
-      "strokeColor": "#000000",
-      "backgroundColor": "#15aabf",
-      "width": 130.58160400390628,
-      "height": 79.7976837158203,
-      "seed": 1174361836,
-      "groupIds": [],
-      "strokeSharpness": "sharp",
-      "boundElementIds": []
-    },
-    {
-      "type": "rectangle",
-      "version": 283,
-      "versionNonce": 431858644,
+      "version": 476,
+      "versionNonce": 916788210,
      "isDeleted": false,
      "id": "BkXuq_6BxgqZGZWc8oCtu",
      "fillStyle": "hachure",
@@ -38,11 +15,11 @@
      "roughness": 1,
      "opacity": 100,
      "angle": 0,
-      "x": 760.100830078125,
+      "x": 599.211669921875,
      "y": 376.32061767578125,
      "strokeColor": "#000000",
      "backgroundColor": "#fd7e14",
-      "width": 792.3008422851561,
+      "width": 1076.4584350585938,
      "height": 151.39703369140625,
      "seed": 1632394695,
      "groupIds": [],
@@ -51,8 +28,8 @@
    },
    {
      "type": "text",
-      "version": 217,
-      "versionNonce": 605539564,
+      "version": 423,
+      "versionNonce": 931200686,
      "isDeleted": false,
      "id": "YQURTHNPSe05RPSlYRcok",
      "fillStyle": "hachure",
@@ -61,12 +38,12 @@
      "roughness": 1,
      "opacity": 100,
      "angle": 0,
-      "x": 1106.6643676757812,
-      "y": 411.25714111328125,
+      "x": 1119.1937866210938,
+      "y": 403.56756591796875,
      "strokeColor": "#000000",
      "backgroundColor": "transparent",
-      "width": 86,
-      "height": 46,
+      "width": 88,
+      "height": 45,
      "seed": 891391049,
      "groupIds": [],
      "strokeSharpness": "sharp",
@@ -80,8 +57,8 @@
    },
    {
      "type": "text",
-      "version": 222,
-      "versionNonce": 1855404140,
+      "version": 758,
+      "versionNonce": 813811122,
      "isDeleted": false,
      "id": "6dpF2EyZBtYgO6MrvGj0-",
      "fillStyle": "hachure",
@@ -90,27 +67,27 @@
      "roughness": 1,
      "opacity": 100,
      "angle": 0,
-      "x": 941.25830078125,
-      "y": 471.68231201171875,
+      "x": 922.1328735351562,
+      "y": 470.18975830078125,
      "strokeColor": "#000000",
      "backgroundColor": "transparent",
-      "width": 474,
-      "height": 25,
+      "width": 507,
+      "height": 35,
      "seed": 687997545,
      "groupIds": [],
      "strokeSharpness": "sharp",
      "boundElementIds": [],
-      "fontSize": 20,
+      "fontSize": 28,
      "fontFamily": 1,
-      "text": "A Simple and Comprehensive Vulnerability Scanner",
-      "baseline": 18,
+      "text": "Vulnerability/Misconfiguration Scanner",
+      "baseline": 25,
      "textAlign": "left",
      "verticalAlign": "top"
    },
    {
      "type": "rectangle",
-      "version": 297,
-      "versionNonce": 239159404,
+      "version": 595,
+      "versionNonce": 1705780846,
      "isDeleted": false,
      "id": "cpnTMy7L2AUg9IDJppF4H",
      "fillStyle": "hachure",
@@ -119,12 +96,12 @@
      "roughness": 1,
      "opacity": 100,
      "angle": 0,
-      "x": 759.0067749023438,
-      "y": 192.9658660888672,
+      "x": 597.4796142578125,
+      "y": 258.9286651611328,
      "strokeColor": "#000000",
-      "backgroundColor": "#fa5252",
-      "width": 283.0587768554687,
-      "height": 79.7976837158203,
+      "backgroundColor": "#fab005",
+      "width": 349.1224975585937,
+      "height": 103.28388977050778,
      "seed": 77164935,
      "groupIds": [],
      "strokeSharpness": "sharp",
@@ -132,8 +109,8 @@
    },
    {
      "type": "text",
-      "version": 527,
-      "versionNonce": 1738982484,
+      "version": 921,
+      "versionNonce": 929185650,
      "isDeleted": false,
      "id": "9-blmNVtLesthMSY_f60t",
      "fillStyle": "hachure",
@@ -142,27 +119,27 @@
      "roughness": 1,
      "opacity": 100,
      "angle": 0,
-      "x": 851.9727783203125,
-      "y": 206.49542236328125,
+      "x": 655.6057739257812,
+      "y": 292.4844055175781,
      "strokeColor": "#000000",
      "backgroundColor": "transparent",
-      "width": 94,
-      "height": 50,
+      "width": 238,
+      "height": 35,
      "seed": 860091815,
      "groupIds": [],
      "strokeSharpness": "sharp",
      "boundElementIds": [],
-      "fontSize": 20,
+      "fontSize": 28,
      "fontFamily": 1,
-      "text": "Container\nImages",
-      "baseline": 43,
+      "text": "Container Images",
+      "baseline": 25,
      "textAlign": "center",
      "verticalAlign": "top"
    },
    {
      "type": "rectangle",
-      "version": 475,
-      "versionNonce": 1582652140,
+      "version": 853,
+      "versionNonce": 377039022,
      "isDeleted": false,
      "id": "gugZxhi7ThlcjWY_MFO7q",
      "fillStyle": "hachure",
@@ -171,12 +148,12 @@
      "roughness": 1,
      "opacity": 100,
      "angle": 0,
-      "x": 1052.2297973632812,
-      "y": 191.91817474365234,
+      "x": 955.929443359375,
+      "y": 262.11351776123047,
      "strokeColor": "#000000",
      "backgroundColor": "#be4bdb",
-      "width": 272.31054687500006,
-      "height": 79.7976837158203,
+      "width": 359.85211181640625,
+      "height": 99.05134582519533,
      "seed": 1232790121,
      "groupIds": [],
      "strokeSharpness": "sharp",
@@ -184,8 +161,8 @@
    },
    {
      "type": "text",
-      "version": 705,
-      "versionNonce": 1618155988,
+      "version": 1065,
+      "versionNonce": 126714162,
      "isDeleted": false,
      "id": "K48gtpesBxIGJxLTnI2CB",
      "fillStyle": "hachure",
@@ -194,27 +171,27 @@
      "roughness": 1,
      "opacity": 100,
      "angle": 0,
-      "x": 1137.923828125,
-      "y": 218.9615020751953,
+      "x": 1064.449462890625,
+      "y": 296.9230194091797,
      "strokeColor": "#000000",
      "backgroundColor": "transparent",
-      "width": 98,
-      "height": 25,
+      "width": 137,
+      "height": 35,
      "seed": 449264361,
      "groupIds": [],
      "strokeSharpness": "sharp",
      "boundElementIds": [],
-      "fontSize": 20,
+      "fontSize": 28,
      "fontFamily": 1,
      "text": "Filesystem",
-      "baseline": 18,
+      "baseline": 25,
      "textAlign": "center",
      "verticalAlign": "top"
    },
    {
      "type": "rectangle",
-      "version": 509,
-      "versionNonce": 1528748884,
+      "version": 896,
+      "versionNonce": 585884398,
      "isDeleted": false,
      "id": "La6f87LDZ0uEIZB947bXo",
      "fillStyle": "hachure",
@@ -223,12 +200,12 @@
      "roughness": 1,
      "opacity": 100,
      "angle": 0,
-      "x": 1342.2451782226562,
-      "y": 190.3844223022461,
+      "x": 1329.0839233398438,
+      "y": 264.9097213745117,
      "strokeColor": "#000000",
      "backgroundColor": "#12b886",
-      "width": 202.7937011718749,
-      "height": 79.7976837158203,
+      "width": 346.5517578125,
+      "height": 96.3990020751953,
      "seed": 2005637801,
      "groupIds": [],
      "strokeSharpness": "sharp",
@@ -236,8 +213,8 @@
    },
    {
      "type": "text",
-      "version": 866,
-      "versionNonce": 27928788,
+      "version": 1186,
+      "versionNonce": 1013615346,
      "isDeleted": false,
      "id": "aOgRPVQ81jhOfkvzjWTMF",
      "fillStyle": "hachure",
@@ -246,450 +223,282 @@
      "roughness": 1,
      "opacity": 100,
      "angle": 0,
-      "x": 1380.880859375,
-      "y": 202.2483367919922,
+      "x": 1392.300048828125,
+      "y": 294.1288604736328,
      "strokeColor": "#000000",
      "backgroundColor": "transparent",
-      "width": 122,
-      "height": 50,
+      "width": 223,
+      "height": 35,
      "seed": 1284472935,
      "groupIds": [],
      "strokeSharpness": "sharp",
      "boundElementIds": [],
-      "fontSize": 20,
+      "fontSize": 28,
      "fontFamily": 1,
-      "text": "Git\nRepositories",
-      "baseline": 43,
+      "text": "Git Repositories",
+      "baseline": 25,
      "textAlign": "center",
      "verticalAlign": "top"
    },
-    {
-      "type": "text",
-      "version": 247,
-      "versionNonce": 653112532,
-      "isDeleted": false,
-      "id": "p_mUPP7FjgXD4cyuwbbDb",
-      "fillStyle": "hachure",
-      "strokeWidth": 1,
-      "strokeStyle": "solid",
-      "roughness": 1,
-      "opacity": 100,
-      "angle": 0,
-      "x": 918.9429321289062,
-      "y": 104.1267318725586,
-      "strokeColor": "#000000",
-      "backgroundColor": "transparent",
-      "width": 106,
-      "height": 80,
-      "seed": 2021123719,
-      "groupIds": [],
-      "strokeSharpness": "sharp",
-      "boundElementIds": [],
-      "fontSize": 16,
-      "fontFamily": 1,
-      "text": "Programming\nLanguage\nDependencies\n",
-      "baseline": 75,
-      "textAlign": "center",
-      "verticalAlign": "middle"
-    },
    {
      "type": "rectangle",
-      "version": 223,
-      "versionNonce": 1335079532,
+      "version": 974,
+      "versionNonce": 1011959534,
      "isDeleted": false,
-      "id": "JPMgfRuI6H4FPW8-vegMJ",
+      "id": "BYJwfkhd1BilbLQGc973f",
      "fillStyle": "hachure",
      "strokeWidth": 1,
      "strokeStyle": "solid",
      "roughness": 1,
      "opacity": 100,
      "angle": 0,
-      "x": 759.9201354980469,
-      "y": 286.07564544677734,
+      "x": 1141.5093994140625,
+      "y": 171.09759140014648,
      "strokeColor": "#000000",
-      "backgroundColor": "#868e96",
-      "width": 157.08227539062494,
-      "height": 79.7976837158203,
-      "seed": 1163532908,
+      "backgroundColor": "#82c91e",
+      "width": 169.93957519531259,
+      "height": 77.80606079101562,
+      "seed": 1923498546,
      "groupIds": [],
      "strokeSharpness": "sharp",
      "boundElementIds": []
    },
    {
-      "id": "i6l1cTY8BN5dM9gV3TY1q",
      "type": "text",
-      "x": 774.47998046875,
-      "y": 303.88873291015625,
-      "width": 127,
-      "height": 50,
-      "angle": 0,
-      "strokeColor": "#000000",
-      "backgroundColor": "transparent",
-      "fillStyle": "hachure",
-      "strokeWidth": 1,
-      "strokeStyle": "solid",
-      "roughness": 1,
-      "opacity": 100,
-      "groupIds": [],
-      "strokeSharpness": "sharp",
-      "seed": 1614647380,
-      "version": 88,
-      "versionNonce": 1787296340,
+      "version": 403,
+      "versionNonce": 1635608306,
      "isDeleted": false,
-      "boundElementIds": null,
-      "text": "Client/Server\nMode",
-      "fontSize": 20,
-      "fontFamily": 1,
-      "textAlign": "center",
-      "verticalAlign": "top",
-      "baseline": 43
-    },
-    {
-      "type": "rectangle",
-      "version": 298,
-      "versionNonce": 1573553388,
-      "isDeleted": false,
-      "id": "zmjzAP9R7DY9tKjqvFBoB",
+      "id": "eedUyCpr8i1aY_3PHsHAB",
      "fillStyle": "hachure",
      "strokeWidth": 1,
      "strokeStyle": "solid",
      "roughness": 1,
      "opacity": 100,
      "angle": 0,
-      "x": 927.6312561035156,
-      "y": 285.23946380615234,
+      "x": 1149.8379821777344,
+      "y": 197.31159591674805,
      "strokeColor": "#000000",
-      "backgroundColor": "#ced4da",
-      "width": 621.8212890625001,
-      "height": 79.7976837158203,
-      "seed": 1660611796,
-      "groupIds": [],
-      "strokeSharpness": "sharp",
-      "boundElementIds": []
-    },
-    {
-      "id": "cvVouJIyT22r3RP8klygl",
-      "type": "text",
-      "x": 1137.06494140625,
-      "y": 312.9378967285156,
-      "width": 164,
+      "backgroundColor": "#82c91e",
+      "width": 155,
      "height": 25,
-      "angle": 0,
-      "strokeColor": "#000000",
-      "backgroundColor": "transparent",
-      "fillStyle": "hachure",
-      "strokeWidth": 1,
-      "strokeStyle": "solid",
-      "roughness": 1,
-      "opacity": 100,
-      "groupIds": [],
-      "strokeSharpness": "sharp",
-      "seed": 1325348180,
-      "version": 130,
-      "versionNonce": 498962388,
-      "isDeleted": false,
-      "boundElementIds": null,
-      "text": "Standalone Mode",
-      "fontSize": 20,
-      "fontFamily": 1,
-      "textAlign": "left",
-      "verticalAlign": "top",
-      "baseline": 18
-    },
-    {
-      "type": "rectangle",
-      "version": 452,
-      "versionNonce": 1384318828,
-      "isDeleted": false,
-      "id": "uZJjI0NYZ64gKin-_7cR5",
-      "fillStyle": "hachure",
-      "strokeWidth": 1,
-      "strokeStyle": "solid",
-      "roughness": 1,
-      "opacity": 100,
-      "angle": 0,
-      "x": 761.1866760253906,
-      "y": 100.00330352783203,
-      "strokeColor": "#000000",
-      "backgroundColor": "#4c6ef5",
-      "width": 128.17041015625003,
-      "height": 79.7976837158203,
-      "seed": 401388012,
-      "groupIds": [],
-      "strokeSharpness": "sharp",
-      "boundElementIds": []
-    },
-    {
-      "id": "zeDNXaEe6KkqqNB6hWn2v",
-      "type": "text",
-      "x": 778.9382934570312,
-      "y": 115.62533569335938,
-      "width": 91,
-      "height": 50,
-      "angle": 0,
-      "strokeColor": "#000000",
-      "backgroundColor": "transparent",
-      "fillStyle": "hachure",
-      "strokeWidth": 1,
-      "strokeStyle": "solid",
-      "roughness": 1,
-      "opacity": 100,
-      "groupIds": [],
-      "strokeSharpness": "sharp",
-      "seed": 2105824340,
-      "version": 137,
-      "versionNonce": 1352955220,
-      "isDeleted": false,
-      "boundElementIds": null,
-      "text": "OS\nPackages",
-      "fontSize": 20,
-      "fontFamily": 1,
-      "textAlign": "center",
-      "verticalAlign": "top",
-      "baseline": 43
-    },
-    {
-      "type": "text",
-      "version": 332,
-      "versionNonce": 1376205292,
-      "isDeleted": false,
-      "id": "8af38RMLhE245Uzw94tk3",
-      "fillStyle": "hachure",
-      "strokeWidth": 1,
-      "strokeStyle": "solid",
-      "roughness": 1,
-      "opacity": 100,
-      "angle": 0,
-      "x": 1205.6143035888672,
-      "y": 103.33536529541016,
-      "strokeColor": "#000000",
-      "backgroundColor": "transparent",
-      "width": 106,
-      "height": 80,
-      "seed": 1813092204,
+      "seed": 595309038,
      "groupIds": [],
      "strokeSharpness": "sharp",
      "boundElementIds": [],
-      "fontSize": 16,
+      "fontSize": 20,
      "fontFamily": 1,
-      "text": "Programming\nLanguage\nDependencies\n",
-      "baseline": 75,
+      "text": "Misconfiguration",
+      "baseline": 18,
      "textAlign": "center",
      "verticalAlign": "middle"
    },
    {
      "type": "rectangle",
-      "version": 523,
-      "versionNonce": 546482900,
+      "version": 1035,
+      "versionNonce": 1646453614,
      "isDeleted": false,
-      "id": "EW10DZBtAPDl2g3lG4Khk",
+      "id": "SPkrBrH6DGvkgQXtZQjIJ",
      "fillStyle": "hachure",
      "strokeWidth": 1,
      "strokeStyle": "solid",
      "roughness": 1,
      "opacity": 100,
      "angle": 0,
-      "x": 1050.4884185791016,
-      "y": 98.33513641357422,
+      "x": 959.9851989746094,
+      "y": 170.4835319519043,
      "strokeColor": "#000000",
-      "backgroundColor": "#4c6ef5",
-      "width": 128.3895263671875,
-      "height": 79.7976837158203,
-      "seed": 1225188692,
-      "groupIds": [],
-      "strokeSharpness": "sharp",
-      "boundElementIds": []
-    },
-    {
-      "id": "rAQf9FyIl2L5AB1n9JzFk",
-      "type": "text",
-      "x": 1069.5552215576172,
-      "y": 113.51881408691406,
-      "width": 91,
-      "height": 50,
-      "angle": 0,
-      "strokeColor": "#000000",
-      "backgroundColor": "transparent",
-      "fillStyle": "hachure",
-      "strokeWidth": 1,
-      "strokeStyle": "solid",
-      "roughness": 1,
-      "opacity": 100,
-      "groupIds": [],
-      "strokeSharpness": "sharp",
-      "seed": 1531169260,
-      "version": 213,
-      "versionNonce": 1734417516,
-      "isDeleted": false,
-      "boundElementIds": null,
-      "text": "OS\nPackages",
-      "fontSize": 20,
-      "fontFamily": 1,
-      "textAlign": "center",
-      "verticalAlign": "top",
-      "baseline": 43
-    },
-    {
-      "type": "rectangle",
-      "version": 705,
-      "versionNonce": 270413908,
-      "isDeleted": false,
-      "id": "nMqoqCtyNfMXk8kWry8kH",
-      "fillStyle": "hachure",
-      "strokeWidth": 1,
-      "strokeStyle": "solid",
-      "roughness": 1,
-      "opacity": 50,
-      "angle": 0,
-      "x": 1191.5499114990234,
-      "y": 97.8214340209961,
-      "strokeColor": "#000000",
-      "backgroundColor": "#15aabf",
-      "width": 130.7032470703125,
-      "height": 79.7976837158203,
-      "seed": 1126636244,
+      "backgroundColor": "#fa5252",
+      "width": 169.93957519531259,
+      "height": 77.80606079101562,
+      "seed": 1896460914,
      "groupIds": [],
      "strokeSharpness": "sharp",
      "boundElementIds": []
    },
    {
      "type": "text",
-      "version": 412,
-      "versionNonce": 1904079212,
+      "version": 532,
+      "versionNonce": 1887556210,
      "isDeleted": false,
-      "id": "J5C9c2LNI5fqAAEYp_jI2",
+      "id": "n06MNIqirDmVZBkDg_UPV",
      "fillStyle": "hachure",
      "strokeWidth": 1,
      "strokeStyle": "solid",
      "roughness": 1,
      "opacity": 100,
      "angle": 0,
-      "x": 1385.1761474609375,
-      "y": 103.10254669189453,
+      "x": 988.8137817382812,
+      "y": 196.69753646850586,
      "strokeColor": "#000000",
-      "backgroundColor": "transparent",
-      "width": 106,
-      "height": 80,
-      "seed": 546673900,
+      "backgroundColor": "#82c91e",
+      "width": 114,
+      "height": 25,
+      "seed": 1131832750,
      "groupIds": [],
      "strokeSharpness": "sharp",
      "boundElementIds": [],
-      "fontSize": 16,
+      "fontSize": 20,
      "fontFamily": 1,
-      "text": "Programming\nLanguage\nDependencies\n",
-      "baseline": 75,
+      "text": "Vulnerability",
+      "baseline": 18,
      "textAlign": "center",
      "verticalAlign": "middle"
    },
    {
      "type": "rectangle",
-      "version": 701,
-      "versionNonce": 1654991700,
+      "version": 1072,
+      "versionNonce": 789595566,
      "isDeleted": false,
-      "id": "PFi9vxp5euUTYOTLNztVZ",
+      "id": "0JP6OL7EFfoH4E4vFARFl",
      "fillStyle": "hachure",
      "strokeWidth": 1,
      "strokeStyle": "solid",
      "roughness": 1,
-      "opacity": 50,
+      "opacity": 100,
      "angle": 0,
-      "x": 1344.9087524414062,
-      "y": 96.26885223388672,
+      "x": 1508.9087371826172,
+      "y": 170.7038917541504,
      "strokeColor": "#000000",
-      "backgroundColor": "#15aabf",
-      "width": 198.17065429687491,
-      "height": 79.7976837158203,
-      "seed": 216760276,
+      "backgroundColor": "#82c91e",
+      "width": 169.93957519531259,
+      "height": 77.80606079101562,
+      "seed": 101784622,
      "groupIds": [],
      "strokeSharpness": "sharp",
      "boundElementIds": []
    },
    {
-      "id": "Uk7ac4Fk6B7eXS2IYB51e",
      "type": "text",
-      "x": 1613.747314453125,
-      "y": 305.670166015625,
-      "width": 81,
-      "height": 35,
-      "angle": 0,
-      "strokeColor": "#000000",
-      "backgroundColor": "transparent",
+      "version": 496,
+      "versionNonce": 1027781682,
+      "isDeleted": false,
+      "id": "jRmlh5MZuRKm3FtbC6qdZ",
      "fillStyle": "hachure",
      "strokeWidth": 1,
      "strokeStyle": "solid",
      "roughness": 1,
      "opacity": 100,
+      "angle": 0,
+      "x": 1517.237319946289,
+      "y": 196.91789627075195,
+      "strokeColor": "#000000",
+      "backgroundColor": "#82c91e",
+      "width": 155,
+      "height": 25,
+      "seed": 1950385586,
      "groupIds": [],
      "strokeSharpness": "sharp",
-      "seed": 1115855212,
-      "version": 77,
-      "versionNonce": 1712645100,
-      "isDeleted": false,
-      "boundElementIds": null,
-      "text": "Modes",
-      "fontSize": 28,
+      "boundElementIds": [],
+      "fontSize": 20,
      "fontFamily": 1,
+      "text": "Misconfiguration",
+      "baseline": 18,
      "textAlign": "center",
-      "verticalAlign": "top",
-      "baseline": 25
+      "verticalAlign": "middle"
    },
    {
-      "id": "AP0rLiNYZgZh6NpOg7FQl",
-      "type": "text",
-      "x": 1587.2977294921875,
-      "y": 214.689453125,
-      "width": 128,
-      "height": 35,
-      "angle": 0,
-      "strokeColor": "#000000",
-      "backgroundColor": "transparent",
+      "type": "rectangle",
+      "version": 1133,
+      "versionNonce": 882335726,
+      "isDeleted": false,
+      "id": "EQRF92xU4o9CfeHHvbd-a",
      "fillStyle": "hachure",
      "strokeWidth": 1,
      "strokeStyle": "solid",
      "roughness": 1,
      "opacity": 100,
+      "angle": 0,
+      "x": 1327.384536743164,
+      "y": 170.0898323059082,
+      "strokeColor": "#000000",
+      "backgroundColor": "#fa5252",
+      "width": 169.93957519531259,
+      "height": 77.80606079101562,
+      "seed": 1379493486,
      "groupIds": [],
      "strokeSharpness": "sharp",
-      "seed": 1133151724,
-      "version": 172,
-      "versionNonce": 1561108692,
-      "isDeleted": false,
-      "boundElementIds": null,
-      "text": "Artifacts",
-      "fontSize": 28,
-      "fontFamily": 1,
-      "textAlign": "center",
-      "verticalAlign": "top",
-      "baseline": 25
+      "boundElementIds": []
    },
    {
-      "id": "hyBBGwYCM6J4CIKDn9IYh",
      "type": "text",
-      "x": 1592.9608154296875,
-      "y": 118.49179077148438,
-      "width": 110,
-      "height": 35,
-      "angle": 0,
-      "strokeColor": "#000000",
-      "backgroundColor": "transparent",
+      "version": 569,
+      "versionNonce": 184638962,
+      "isDeleted": false,
+      "id": "_04YR8geM-ar9vZhNZtSj",
      "fillStyle": "hachure",
      "strokeWidth": 1,
      "strokeStyle": "solid",
      "roughness": 1,
      "opacity": 100,
+      "angle": 0,
+      "x": 1356.213119506836,
+      "y": 196.30383682250977,
+      "strokeColor": "#000000",
+      "backgroundColor": "#82c91e",
+      "width": 114,
+      "height": 25,
+      "seed": 357105522,
      "groupIds": [],
      "strokeSharpness": "sharp",
-      "seed": 733312980,
-      "version": 248,
-      "versionNonce": 1076463212,
+      "boundElementIds": [],
+      "fontSize": 20,
+      "fontFamily": 1,
+      "text": "Vulnerability",
+      "baseline": 18,
+      "textAlign": "center",
+      "verticalAlign": "middle"
+    },
+    {
+      "type": "rectangle",
+      "version": 1215,
+      "versionNonce": 650195502,
      "isDeleted": false,
-      "boundElementIds": null,
-      "text": "Targets",
+      "id": "8SHSNGf7PNddFLi2ZA3Vi",
+      "fillStyle": "hachure",
+      "strokeWidth": 1,
+      "strokeStyle": "solid",
+      "roughness": 1,
+      "opacity": 100,
+      "angle": 0,
+      "x": 599.9767150878906,
+      "y": 169.0025749206543,
+      "strokeColor": "#000000",
+      "backgroundColor": "#fa5252",
+      "width": 344.1738281250001,
+      "height": 77.80606079101562,
+      "seed": 1986948530,
+      "groupIds": [],
+      "strokeSharpness": "sharp",
+      "boundElementIds": []
+    },
+    {
+      "type": "text",
+      "version": 680,
+      "versionNonce": 113561522,
+      "isDeleted": false,
+      "id": "3Z5w3RXdgpvP43dlHqq26",
+      "fillStyle": "hachure",
+      "strokeWidth": 1,
+      "strokeStyle": "solid",
+      "roughness": 1,
+      "opacity": 100,
+      "angle": 0,
+      "x": 700.3721618652344,
+      "y": 190.79421615600586,
+      "strokeColor": "#000000",
+      "backgroundColor": "#82c91e",
+      "width": 160,
+      "height": 35,
+      "seed": 1077804654,
+      "groupIds": [],
+      "strokeSharpness": "sharp",
+      "boundElementIds": [],
      "fontSize": 28,
      "fontFamily": 1,
+      "text": "Vulnerability",
+      "baseline": 25,
      "textAlign": "center",
-      "verticalAlign": "top",
-      "baseline": 25
+      "verticalAlign": "middle"
    }
  ],
  "appState": {
--- a/docs/imgs/logo.png
+++ b/docs/imgs/logo.png
--- a/docs/imgs/misconf-demo.gif
+++ b/docs/imgs/misconf-demo.gif
--- a/docs/imgs/misconf.png
+++ b/docs/imgs/misconf.png
--- a/docs/imgs/overview.png
+++ b/docs/imgs/overview.png
--- a/docs/imgs/usage.gif
+++ b/docs/imgs/usage.gif
--- a/docs/imgs/usage1.png
+++ b/docs/imgs/usage1.png
--- a/docs/imgs/usage2.png
+++ b/docs/imgs/usage2.png
--- a/docs/imgs/vuln-demo.gif
+++ b/docs/imgs/vuln-demo.gif
--- a/docs/imgs/vulnerability.png
+++ b/docs/imgs/vulnerability.png
--- a/docs/index.md
+++ b/docs/index.md
@@ -1,64 +1,39 @@
-# Welcome to {{ config.site_name }} 
+---
+hide:
+- navigation
+- toc
+---

-A Simple and Comprehensive Vulnerability Scanner for Containers and other Artifacts, Suitable for CI.
+![logo](imgs/logo.png){ align=left }

-# Abstract
-`Trivy` (`tri` pronounced like **tri**gger, `vy` pronounced like en**vy**) is a simple and comprehensive vulnerability scanner for containers and other artifacts.
+`Trivy` (`tri` pronounced like **tri**gger, `vy` pronounced like en**vy**) is a simple and comprehensive [vulnerability][vulnerability]/[misconfiguration][misconf] scanner for containers and other artifacts.
 A software vulnerability is a glitch, flaw, or weakness present in the software or in an Operating System.
-`Trivy` detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.).
-`Trivy` is easy to use. Just install the binary and you're ready to scan. All you need to do for scanning is to specify a target such as an image name of the container.
+`Trivy` detects vulnerabilities of [OS packages][os] (Alpine, RHEL, CentOS, etc.) and [language-specific packages][lang] (Bundler, Composer, npm, yarn, etc.).
+In addition, `Trivy` scans [Infrastructure as Code (IaC) files][iac] such as Terraform and Kubernetes, to detect potential configuration issues that expose your deployments to the risk of attack.
+`Trivy` is easy to use. Just install the binary and you're ready to scan.
+All you need to do for scanning is to specify a target such as an image name of the container.

-<img src="imgs/overview.png" width="700">
+<div style="text-align: center">
+    <img src="imgs/overview.png" width="800">
+</div>

-Trivy can be run in two different modes:

- [Standalone](./modes/standalone.md)
- [Client/Server](./modes/client-server.md)
+<div style="text-align: center; margin-top: 150px">
+    <h1 id="demo">Demo</h1>
+</div>

-Trivy can scan three different artifacts:
+<figure style="text-aligh: center">
+  <img src="imgs/vuln-demo.gif" width="1000">
+  <figcaption>Demo: Vulnerability Detection</figcaption>
+</figure>

- [Container Images](./scanning/image.md)
- [Filesystem](./scanning/filesystem.md)
- [Git Repositories](./scanning/git-repository.md)
+<figure style="text-aligh: center">
+  <img src="imgs/misconf-demo.gif" width="1000">
+  <figcaption>Demo: Misconfiguration Detection</figcaption>
+</figure>

-<img src="imgs/usage.gif" width="700">
-<img src="imgs/usage1.png" width="600">
-<img src="imgs/usage2.png" width="600">
-
-It is considered to be used in CI. Before pushing to a container registry or deploying your application, you can scan your local container image and other artifacts easily.
-See [here](./integrations/index.md) for details.
-
-## Features
-
- Detect comprehensive vulnerabilities
-    - OS packages (Alpine, **Red Hat Universal Base Image**, Red Hat Enterprise Linux, CentOS, Oracle Linux, Debian, Ubuntu, Amazon Linux, openSUSE Leap, SUSE Enterprise Linux, Photon OS and Distroless)
-    - **Application dependencies** (Bundler, Composer, Pipenv, Poetry, npm, yarn, Cargo, NuGet, Maven, and Go)
- Simple
-    - Specify only an image name or artifact name
-    - See [Quick Start](quickstart.md) and [Examples](examples/index.md)
- Fast
-    - The first scan will finish within 10 seconds (depending on your network). Consequent scans will finish in single seconds.
-    - Unlike other scanners that take long to fetch vulnerability information (~10 minutes) on the first run, and encourage you to maintain a durable vulnerability database, Trivy is stateless and requires no maintenance or preparation.
- Easy installation
-    - `apt-get install`, `yum install` and `brew install` is possible (See [Installation](installation.md))
-    - **No pre-requisites** such as installation of DB, libraries, etc.
- High accuracy
-    - **Especially Alpine Linux and RHEL/CentOS**
-    - Other OSes are also high
- DevSecOps
-    - **Suitable for CI** such as Travis CI, CircleCI, Jenkins, GitLab CI, etc.
-    - See [CI Example](integrations/index.md)
- Support multiple formats
-    - container image
-        - A local image in Docker Engine which is running as a daemon
-        - A local image in Podman (>=2.0) which is exposing a socket
-        - A remote image in Docker Registry such as Docker Hub, ECR, GCR and ACR
-        - A tar archive stored in the `docker save` / `podman save` formatted file
-        - An image directory compliant with [OCI Image Format](https://github.com/opencontainers/image-spec)
-    - local filesystem
-    - remote git repository
-
-Please see [LICENSE](https://github.com/aquasecurity/trivy/blob/main/LICENSE) for Trivy licensing information.
-
-!!! note
-    Trivy uses vulnerability information from a variety of sources, some of which are licensed for non-commercial use only.
+[vulnerability]: vulnerability/scanning/index.md
+[misconf]: misconfiguration/index.md
+[os]: vulnerability/detection/os.md
+[lang]: vulnerability/detection/language.md
+[iac]: misconfiguration/iac.md
--- a/docs/misconfiguration/comparison/conftest.md
+++ b/docs/misconfiguration/comparison/conftest.md
@@ -0,0 +1,43 @@
+# vs Conftest
+[Conftest][conftest] is a really nice tool to help you write tests against structured configuration data.
+Misconfiguration detection in Trivy is heavily inspired by Conftest and provides similar features Conftest has.
+This section describes the differences between Trivy and Conftest.
+
+| Feature                     | Trivy                | Conftest             |
+| --------------------------- | -------------------- | -------------------- |
+| Support Rego Language       | :material-check:     | :material-check:     |
+| Built-in Policies           | :material-check:     | :material-close:     |
+| Custom Policies             | :material-check:     | :material-check:     |
+| Custom Data                 | :material-check:     | :material-check:     |
+| Combine                     | :material-check:     | :material-check:     |
+| Combine per Policy          | :material-check:     | :material-close:     |
+| Policy Input Selector[^1]   | :material-check:     | :material-close:     |
+| Policy Metadata[^2]         | :material-check:     | :material-close:[^3] |
+| Filtering by Severity       | :material-check:     | :material-close:     |
+| Rule-based Exceptions       | :material-check:     | :material-check:     |
+| Namespace-based Exceptions  | :material-check:     | :material-close:     |
+| Sharing Policies            | :material-close:     | :material-check:     |
+| Show Successes              | :material-check:     | :material-close:     |
+| Flexible Exit Code          | :material-check:     | :material-close:     |
+| Rego Unit Tests             | :material-close:[^4] | :material-check:     |
+| Go Testing                  | :material-check:     | :material-close:     |
+| Verbose Trace               | :material-check:     | :material-check:     |
+| Supported Formats           | 6 formats[^5]        | 14 formats[^6]       |
+
+Trivy offers built-in policies and a variety of options, while Conftest only supports custom policies.
+In other words, Conftest is simpler and lighter.
+
+Conftest is a general testing tool for configuration files, and Trivy is more security-focused.
+People who need an out-of-the-box misconfiguration scanner should use Trivy.
+People who don't need built-in policies and write your policies should use Conftest.
+
+[^1]: Pass only the types of configuration file as input, specified in selector
+[^2]: To enrich the results such as ID, Title, Description, etc.
+[^3]: Conftest supports [structured errors in rules][conftest-structured], but they are free format and not natively supported by Conftest.
+[^4]: Trivy is not able to run `*_test.rego` like `conftest verify`.
+[^5]: Dockerfile, HCL, HCL2, JSON, TOML, and YAML
+[^6]: CUE, Dockerfile, EDN, HCL, HCL2, HOCON, Ignore files, INI, JSON, Jsonnet, TOML, VCL, XML, and YAML
+
+
+[conftest-structured]: https://github.com/open-policy-agent/conftest/pull/243
+[conftest]: https://github.com/open-policy-agent/conftest
--- a/docs/misconfiguration/comparison/tfsec.md
+++ b/docs/misconfiguration/comparison/tfsec.md
@@ -0,0 +1,26 @@
+# vs tfsec
+[tfsec][tfsec] uses static analysis of your Terraform templates to spot potential security issues.
+Trivy uses tfsec internally to scan Terraform HCL files, but Trivy doesn't support some features provided by tfsec.
+This section describes the differences between Trivy and tfsec.
+
+| Feature                     | Trivy                                   | tfsec                |
+| --------------------------- | --------------------------------------- | -------------------- |
+| Built-in Policies           | :material-check:                        | :material-check:     |
+| Custom Policies             | Rego[^1]                                | JSON and YAML        |
+| Policy Metadata[^2]         | :material-check:                        | :material-check:     |
+| Show Successes              | :material-check:                        | :material-check:     |
+| Disable Policies            | :material-check:                        | :material-check:     |
+| Show Issue Lines            | :material-close:                        | :material-check:     |
+| Support .tfvars             | :material-close:                        | :material-check:     |
+| View Statistics             | :material-close:                        | :material-check:     |
+| Filtering by Severity       | :material-check:                        | :material-close:     |
+| Supported Formats           | Dockerfile, JSON, YAML, Terraform, etc. | Terraform            |
+
+[^1]: Terraform HCL files are not supported.
+[^2]: To enrich the results such as ID, Title, Description, Severity, etc.
+
+tfsec is designed for Terraform.
+People who use only Terraform should use tfsec.
+People who want to scan a wide range of configuration files should use Trivy.
+
+[tfsec]: https://github.com/tfsec/tfsec
--- a/docs/misconfiguration/custom/combine.md
+++ b/docs/misconfiguration/custom/combine.md
@@ -0,0 +1,44 @@
+# Combined input
+
+## Overview
+Trivy usually scans each configuration file individually. 
+Sometimes it might be useful to compare values from different configuration files simultaneously.
+
+When `combine` is set to true, all config files under the specified directory are combined into one input data structure.
+
+!!! example
+    ```
+    __rego_input__ := {
+        "combine": false,
+    }
+    ```
+
+In "combine" mode, the `input` document becomes an array, where each element is an object with two fields:
+
+- `"path": "path/to/file"`: the relative file path of the respective file
+- `"contents": ...`: the parsed content of the respective file
+
+Now you can ensure that duplicate values match across the entirety of your configuration files.
+
+## Return value
+In "combine" mode, the `deny` entrypoint must return an object with two keys
+
+`filepath` (required)
+: the relative file path of the file being evaluated
+
+`msg` (required)
+: the message describing an issue
+
+!!! example
+    ```
+    deny[res] {
+        resource := input[i].contents
+        ... some logic ...
+
+    	res := {
+    		"filepath": input[i].path,
+    		"msg": "something bad",
+    	}
+    }
+    ```
+
--- a/docs/misconfiguration/custom/data.md
+++ b/docs/misconfiguration/custom/data.md
@@ -0,0 +1,35 @@
+# Custom Data
+
+Custom policies may require additional data in order to determine an answer.
+
+For example, an allowed list of resources that can be created. 
+Instead of hardcoding this information inside of your policy, Trivy allows passing paths to data files with the `--data` flag.
+
+Given the following yaml file:
+
+```bash
+$ cd examples/misconf/custom-data
+$ cat data/ports.yaml                                                                                                                                                                      [~/src/github.com/aquasecurity/trivy/examples/misconf/custom-data]
+services:
+  ports:
+    - "20"
+    - "20/tcp"
+    - "20/udp"
+    - "23"
+    - "23/tcp"
+```
+
+This can be imported into your policy:
+
+```rego
+import data.services
+
+ports := services.ports
+```
+
+Then, you need to pass data paths through `--data` option.
+Trivy recursively searches the specified paths for JSON (`*.json`) and YAML (`*.yaml`) files.
+
+```bash
+$ trivy conf --policy ./policy --data data --namespaces user ./configs
+```
--- a/docs/misconfiguration/custom/debug.md
+++ b/docs/misconfiguration/custom/debug.md
@@ -0,0 +1,225 @@
+# Debugging policies
+When working on more complex queries (or when learning Rego), it's useful to see exactly how the policy is applied.
+For this purpose you can use the `--trace` flag.
+This will output a large trace from Open Policy Agent like the following:
+
+!!! tip
+    Only failed policies show traces. If you want to debug a passed policy, you need to make it fail on purpose.
+
+```bash
+$ trivy conf --trace configs/
+2021-07-11T16:45:58.493+0300    INFO    Detected config files: 1
+
+Dockerfile (dockerfile)
+=======================
+Tests: 23 (SUCCESSES: 22, FAILURES: 1, EXCEPTIONS: 0)
+Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
+
+---------------------------+------------+----------------------+----------+------------------------------------------+
+|           TYPE            | MISCONF ID |        CHECK         | SEVERITY |                 MESSAGE                  |
+---------------------------+------------+----------------------+----------+------------------------------------------+
+| Dockerfile Security Check |   DS002    | Image user is 'root' |   HIGH   | Last USER command in                     |
+|                           |            |                      |          | Dockerfile should not be 'root'          |
+|                           |            |                      |          | -->avd.aquasec.com/appshield/ds002       |
+---------------------------+------------+----------------------+----------+------------------------------------------+
+
+ID: DS002
+File: Dockerfile
+Namespace: appshield.dockerfile.DS002
+Query: data.appshield.dockerfile.DS002.deny
+Message: Last USER command in Dockerfile should not be 'root'
+TRACE  Enter data.appshield.dockerfile.DS002.deny = _
+TRACE  | Eval data.appshield.dockerfile.DS002.deny = _
+TRACE  | Index data.appshield.dockerfile.DS002.deny matched 2 rules)
+TRACE  | Enter data.appshield.dockerfile.DS002.deny
+TRACE  | | Eval data.appshield.dockerfile.DS002.fail_user_count
+TRACE  | | Index data.appshield.dockerfile.DS002.fail_user_count (matched 1 rule)
+TRACE  | | Enter data.appshield.dockerfile.DS002.fail_user_count
+TRACE  | | | Eval __local559__ = data.appshield.dockerfile.DS002.get_user
+TRACE  | | | Index data.appshield.dockerfile.DS002.get_user (matched 1 rule)
+TRACE  | | | Enter data.appshield.dockerfile.DS002.get_user
+TRACE  | | | | Eval user = data.lib.docker.user[_]
+TRACE  | | | | Index data.lib.docker.user (matched 1 rule)
+TRACE  | | | | Enter data.lib.docker.user
+TRACE  | | | | | Eval instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Exit data.lib.docker.user
+TRACE  | | | | Eval username = user.Value[_]
+TRACE  | | | | Exit data.appshield.dockerfile.DS002.get_user
+TRACE  | | | Redo data.appshield.dockerfile.DS002.get_user
+TRACE  | | | | Redo username = user.Value[_]
+TRACE  | | | | Redo user = data.lib.docker.user[_]
+TRACE  | | | | Redo data.lib.docker.user
+TRACE  | | | | | Redo instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Exit data.lib.docker.user
+TRACE  | | | | Eval username = user.Value[_]
+TRACE  | | | | Exit data.appshield.dockerfile.DS002.get_user
+TRACE  | | | Redo data.appshield.dockerfile.DS002.get_user
+TRACE  | | | | Redo username = user.Value[_]
+TRACE  | | | | Redo user = data.lib.docker.user[_]
+TRACE  | | | | Redo data.lib.docker.user
+TRACE  | | | | | Redo instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | Eval count(__local559__, __local391__)
+TRACE  | | | Eval lt(__local391__, 1)
+TRACE  | | | Fail lt(__local391__, 1)
+TRACE  | | | Redo count(__local559__, __local391__)
+TRACE  | | | Redo __local559__ = data.appshield.dockerfile.DS002.get_user
+TRACE  | | Fail data.appshield.dockerfile.DS002.fail_user_count
+TRACE  | Enter data.appshield.dockerfile.DS002.deny
+TRACE  | | Eval data.appshield.dockerfile.DS002.fail_last_user_root
+TRACE  | | Index data.appshield.dockerfile.DS002.fail_last_user_root (matched 1 rule)
+TRACE  | | Enter data.appshield.dockerfile.DS002.fail_last_user_root
+TRACE  | | | Eval __local560__ = data.appshield.dockerfile.DS002.get_user
+TRACE  | | | Index data.appshield.dockerfile.DS002.get_user (matched 1 rule)
+TRACE  | | | Enter data.appshield.dockerfile.DS002.get_user
+TRACE  | | | | Eval user = data.lib.docker.user[_]
+TRACE  | | | | Index data.lib.docker.user (matched 1 rule)
+TRACE  | | | | Enter data.lib.docker.user
+TRACE  | | | | | Eval instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Exit data.lib.docker.user
+TRACE  | | | | Eval username = user.Value[_]
+TRACE  | | | | Exit data.appshield.dockerfile.DS002.get_user
+TRACE  | | | Redo data.appshield.dockerfile.DS002.get_user
+TRACE  | | | | Redo username = user.Value[_]
+TRACE  | | | | Redo user = data.lib.docker.user[_]
+TRACE  | | | | Redo data.lib.docker.user
+TRACE  | | | | | Redo instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Exit data.lib.docker.user
+TRACE  | | | | Eval username = user.Value[_]
+TRACE  | | | | Exit data.appshield.dockerfile.DS002.get_user
+TRACE  | | | Redo data.appshield.dockerfile.DS002.get_user
+TRACE  | | | | Redo username = user.Value[_]
+TRACE  | | | | Redo user = data.lib.docker.user[_]
+TRACE  | | | | Redo data.lib.docker.user
+TRACE  | | | | | Redo instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | Eval cast_array(__local560__, __local392__)
+TRACE  | | | Eval user = __local392__
+TRACE  | | | Eval __local561__ = data.appshield.dockerfile.DS002.get_user
+TRACE  | | | Index data.appshield.dockerfile.DS002.get_user (matched 1 rule)
+TRACE  | | | Enter data.appshield.dockerfile.DS002.get_user
+TRACE  | | | | Eval user = data.lib.docker.user[_]
+TRACE  | | | | Index data.lib.docker.user (matched 1 rule)
+TRACE  | | | | Enter data.lib.docker.user
+TRACE  | | | | | Eval instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Exit data.lib.docker.user
+TRACE  | | | | Eval username = user.Value[_]
+TRACE  | | | | Exit data.appshield.dockerfile.DS002.get_user
+TRACE  | | | Redo data.appshield.dockerfile.DS002.get_user
+TRACE  | | | | Redo username = user.Value[_]
+TRACE  | | | | Redo user = data.lib.docker.user[_]
+TRACE  | | | | Redo data.lib.docker.user
+TRACE  | | | | | Redo instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Exit data.lib.docker.user
+TRACE  | | | | Eval username = user.Value[_]
+TRACE  | | | | Exit data.appshield.dockerfile.DS002.get_user
+TRACE  | | | Redo data.appshield.dockerfile.DS002.get_user
+TRACE  | | | | Redo username = user.Value[_]
+TRACE  | | | | Redo user = data.lib.docker.user[_]
+TRACE  | | | | Redo data.lib.docker.user
+TRACE  | | | | | Redo instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | | | Eval instruction.Cmd = "user"
+TRACE  | | | | | Fail instruction.Cmd = "user"
+TRACE  | | | | | Redo instruction = input.stages[_][_]
+TRACE  | | | Eval count(__local561__, __local393__)
+TRACE  | | | Eval len = __local393__
+TRACE  | | | Eval minus(len, 1, __local394__)
+TRACE  | | | Eval user[__local394__] = "root"
+TRACE  | | | Exit data.appshield.dockerfile.DS002.fail_last_user_root
+TRACE  | | Eval res = "Last USER command in Dockerfile should not be 'root'"
+TRACE  | | Exit data.appshield.dockerfile.DS002.deny
+TRACE  | Redo data.appshield.dockerfile.DS002.deny
+TRACE  | | Redo res = "Last USER command in Dockerfile should not be 'root'"
+TRACE  | | Redo data.appshield.dockerfile.DS002.fail_last_user_root
+TRACE  | | Redo data.appshield.dockerfile.DS002.fail_last_user_root
+TRACE  | | | Redo user[__local394__] = "root"
+TRACE  | | | Redo minus(len, 1, __local394__)
+TRACE  | | | Redo len = __local393__
+TRACE  | | | Redo count(__local561__, __local393__)
+TRACE  | | | Redo __local561__ = data.appshield.dockerfile.DS002.get_user
+TRACE  | | | Redo user = __local392__
+TRACE  | | | Redo cast_array(__local560__, __local392__)
+TRACE  | | | Redo __local560__ = data.appshield.dockerfile.DS002.get_user
+TRACE  | Exit data.appshield.dockerfile.DS002.deny = _
+TRACE  Redo data.appshield.dockerfile.DS002.deny = _
+TRACE  | Redo data.appshield.dockerfile.DS002.deny = _
+```
--- a/docs/misconfiguration/custom/examples.md
+++ b/docs/misconfiguration/custom/examples.md
@@ -0,0 +1,296 @@
+# Examples
+
+## Custom Policy
+### Kubernetes
+See [here][k8s].
+
+The custom policy is defined in `user.kubernetes.ID001` package.
+You need to pass the package prefix you want to evaluate through `--namespaces` option.
+In this case, the package prefix should be `user`, `user.kuberntes`, or `user.kubernetes.ID001`.
+
+### Dockerfile
+See [here][dockerfile].
+
+The input will be a dictionary of stages.
+
+#### Single Stage
+
+??? example
+    Dockerfile
+    ```dockerfile
+    FROM foo
+    COPY . /
+    RUN echo hello
+    ```
+
+    Rego Input
+    ```json
+    {
+        "stages": {
+            "foo": [
+                {
+                    "Cmd": "from",
+                    "EndLine": 1,
+                    "Flags": [],
+                    "JSON": false,
+                    "Original": "FROM foo",
+                    "Stage": 0,
+                    "StartLine": 1,
+                    "SubCmd": "",
+                    "Value": [
+                        "foo"
+                    ]
+                },
+                {
+                    "Cmd": "copy",
+                    "EndLine": 2,
+                    "Flags": [],
+                    "JSON": false,
+                    "Original": "COPY . /",
+                    "Stage": 0,
+                    "StartLine": 2,
+                    "SubCmd": "",
+                    "Value": [
+                        ".",
+                        "/"
+                    ]
+                },
+                {
+                    "Cmd": "run",
+                    "EndLine": 3,
+                    "Flags": [],
+                    "JSON": false,
+                    "Original": "RUN echo hello",
+                    "Stage": 0,
+                    "StartLine": 3,
+                    "SubCmd": "",
+                    "Value": [
+                        "echo hello"
+                    ]
+                }
+            ]
+        }
+    }
+    ```
+
+#### Multi Stage
+
+??? example
+    Dockerfile
+    ```dockerfile
+    FROM golang:1.16 AS builder
+    WORKDIR /go/src/github.com/alexellis/href-counter/
+    RUN go get -d -v golang.org/x/net/html
+    COPY app.go .
+    RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app .
+    
+    FROM alpine:latest
+    RUN apk --no-cache add ca-certificates \
+    && apk add --no-cache bash
+    WORKDIR /root/
+    COPY --from=builder /go/src/github.com/alexellis/href-counter/app .
+    CMD ["./app"]
+    ```
+
+    Rego Input
+    ```json
+    {
+        "stages": {
+            "alpine:latest": [
+                {
+                    "Cmd": "from",
+                    "EndLine": 7,
+                    "Flags": [],
+                    "JSON": false,
+                    "Original": "FROM alpine:latest",
+                    "Stage": 1,
+                    "StartLine": 7,
+                    "SubCmd": "",
+                    "Value": [
+                        "alpine:latest"
+                    ]
+                },
+                {
+                    "Cmd": "run",
+                    "EndLine": 9,
+                    "Flags": [],
+                    "JSON": false,
+                    "Original": "RUN apk --no-cache add ca-certificates     \u0026\u0026 apk add --no-cache bash",
+                    "Stage": 1,
+                    "StartLine": 8,
+                    "SubCmd": "",
+                    "Value": [
+                        "apk --no-cache add ca-certificates     \u0026\u0026 apk add --no-cache bash"
+                    ]
+                },
+                {
+                    "Cmd": "workdir",
+                    "EndLine": 10,
+                    "Flags": [],
+                    "JSON": false,
+                    "Original": "WORKDIR /root/",
+                    "Stage": 1,
+                    "StartLine": 10,
+                    "SubCmd": "",
+                    "Value": [
+                        "/root/"
+                    ]
+                },
+                {
+                    "Cmd": "copy",
+                    "EndLine": 11,
+                    "Flags": [
+                        "--from=builder"
+                    ],
+                    "JSON": false,
+                    "Original": "COPY --from=builder /go/src/github.com/alexellis/href-counter/app .",
+                    "Stage": 1,
+                    "StartLine": 11,
+                    "SubCmd": "",
+                    "Value": [
+                        "/go/src/github.com/alexellis/href-counter/app",
+                        "."
+                    ]
+                },
+                {
+                    "Cmd": "cmd",
+                    "EndLine": 12,
+                    "Flags": [],
+                    "JSON": true,
+                    "Original": "CMD [\"./app\"]",
+                    "Stage": 1,
+                    "StartLine": 12,
+                    "SubCmd": "",
+                    "Value": [
+                        "./app"
+                    ]
+                }
+            ],
+            "golang:1.16 AS builder": [
+                {
+                    "Cmd": "from",
+                    "EndLine": 1,
+                    "Flags": [],
+                    "JSON": false,
+                    "Original": "FROM golang:1.16 AS builder",
+                    "Stage": 0,
+                    "StartLine": 1,
+                    "SubCmd": "",
+                    "Value": [
+                        "golang:1.16",
+                        "AS",
+                        "builder"
+                    ]
+                },
+                {
+                    "Cmd": "workdir",
+                    "EndLine": 2,
+                    "Flags": [],
+                    "JSON": false,
+                    "Original": "WORKDIR /go/src/github.com/alexellis/href-counter/",
+                    "Stage": 0,
+                    "StartLine": 2,
+                    "SubCmd": "",
+                    "Value": [
+                        "/go/src/github.com/alexellis/href-counter/"
+                    ]
+                    },
+                {
+                    "Cmd": "run",
+                    "EndLine": 3,
+                    "Flags": [],
+                    "JSON": false,
+                    "Original": "RUN go get -d -v golang.org/x/net/html",
+                    "Stage": 0,
+                    "StartLine": 3,
+                    "SubCmd": "",
+                    "Value": [
+                        "go get -d -v golang.org/x/net/html"
+                    ]
+                },
+                {
+                    "Cmd": "copy",
+                    "EndLine": 4,
+                    "Flags": [],
+                    "JSON": false,
+                    "Original": "COPY app.go .",
+                    "Stage": 0,
+                    "StartLine": 4,
+                    "SubCmd": "",
+                    "Value": [
+                        "app.go",
+                        "."
+                    ]
+                },
+                {
+                    "Cmd": "run",
+                    "EndLine": 5,
+                    "Flags": [],
+                    "JSON": false,
+                    "Original": "RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app .",
+                    "Stage": 0,
+                    "StartLine": 5,
+                    "SubCmd": "",
+                    "Value": [
+                        "CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app ."
+                    ]
+                }
+            ]
+        }
+    }
+    ```
+
+### Docker Compose
+See [here][compose].
+
+Docker Compose uses YAML format for configurations. You can apply your Rego policies to `docker-compose.yml`.
+
+### HCL
+See [here][hcl].
+
+Trivy parses HCL files and converts into structured data.
+
+!!! warning
+    Terraform HCL files are not supported yet.
+
+### Terraform Plan
+See [here][tfplan].
+
+Use the command [terraform show][terraform-show] to convert the Terraform plan into JSON so that OPA can read the plan.
+
+```bash
+$ terraform init
+$ terraform plan --out tfplan.binary
+$ terraform show -json tfplan.binary > tfplan.json
+```
+
+For more details, see also [OPA document][opa-terraform].
+
+### Serverless Framework
+See [here][serverless].
+
+Server Framework uses YAML format for configurations. You can apply your Rego policies to `serverless.yaml`.
+
+## Custom Data
+See [here][data].
+
+## Combined Input
+See [here][combine].
+
+## Go Testing
+See [here][go-testing].
+
+[k8s]:https://github.com/aquasecurity/trivy/tree/{{ git.commit }}/examples/misconf/custom-policy/kubernetes/
+[dockerfile]:https://github.com/aquasecurity/trivy/tree/{{ git.commit }}/examples/misconf/custom-policy/dockerfile/
+[compose]:https://github.com/aquasecurity/trivy/tree/{{ git.commit }}/examples/misconf/custom-policy/docker-compose/
+[hcl]:https://github.com/aquasecurity/trivy/tree/{{ git.commit }}/examples/misconf/custom-policy/hcl/
+[serverless]:https://github.com/aquasecurity/trivy/tree/{{ git.commit }}/examples/misconf/custom-policy/serverless/
+[tfplan]:https://github.com/aquasecurity/trivy/tree/{{ git.commit }}/examples/misconf/custom-policy/terraform-plan/
+[terraform-show]: https://www.terraform.io/docs/cli/commands/show.html
+[opa-terraform]: https://www.openpolicyagent.org/docs/latest/terraform/
+
+[custom]: https://github.com/aquasecurity/trivy/tree/{{ git.commit }}/examples/misconf/custom-policy
+[data]: https://github.com/aquasecurity/trivy/tree/{{ git.commit }}/examples/misconf/custom-data
+[combine]: https://github.com/aquasecurity/trivy/tree/{{ git.commit }}/examples/misconf/combine
+[go-testing]: https://github.com/aquasecurity/trivy/tree/{{ git.commit }}/examples/misconf/go-testing
+
--- a/docs/misconfiguration/custom/index.md
+++ b/docs/misconfiguration/custom/index.md
@@ -0,0 +1,183 @@
+# Custom Policies
+
+## Overview
+You can write custom policies in [Rego][rego].
+Once you fisnish writing custom policies, you can pass the directory where those policies are stored with `--policy` option.
+
+``` bash
+trivy conf --policy /path/to/custom_policies --namespaces user /path/to/config_dir
+```
+
+As for `--namespaces` option, the detail is described as below.
+
+### File formats
+If a file name matches the following file patterns, Trivy will parse the file and pass it as input to your Rego policy.
+
+| File format    | File pattern                                     |
+| -------------- | ------------------------------------------------ |
+| JSON           | `*.json`                                         |
+| YAML           | `*.yaml`                                         |
+| TOML           | `*.toml`                                         |
+| HCL            | `*.hcl`, `*.hcl1`, and `*.hcl2`                  |
+| Dockerfile     | `Dockerfile`, `Dockerfile.*`, and `*.Dockerfile` |
+
+### Configuration languages
+In the above general file formats, Trivy automatically identifies the following types of configuration files:
+
+- Ansible (YAML)
+- CloudFormation (JSON/YAML)
+- Kubernetes (JSON/YAML)
+
+This is useful for filtering inputs, as described below.
+
+!!! warning
+    Custom policies do not support Terraform at the moment.
+
+## Rego format
+A single package must contain only one policy.
+
+!!!example
+    ``` rego
+    package user.kubernetes.ID001
+    
+    __rego_metadata__ := {
+    	"id": "ID001",
+    	"title": "Deployment not allowed",
+    	"severity": "LOW",
+    	"type": "Custom Kubernetes Check",
+    	"description": "Deployments are not allowed because of some reasons.",
+    }
+
+    __rego_input__ := {
+        "selector": [
+            {"type": "kubernetes"},
+        ],
+    }
+    
+    deny[msg] {
+    	input.kind == "Deployment"
+    	msg = sprintf("Found deployment '%s' but deployments are not allowed", [input.metadata.name])
+    }
+    ```
+
+In this example, ID001 "Deployment not allowed" is defined under `user.kubernetes.ID001`.
+If you add a new custom policy, it must be defined under a new package like `user.kubernetes.ID002`.
+
+### Policy structure
+
+`package` (required)
+:   - MUST follow the Rego's [specification][package]
+    - MUST be unique per policy
+    - SHOULD include policy id for uniqueness
+    - MAY include the group name such as `kubernetes` for clarity
+        - Group name has no effect on policy evaluation
+
+`__rego_metadata__` (optional)
+:   - SHOULD be defined for clarity since these values will be displayed in the scan results
+
+`__rego_input__` (optional)
+:   - MAY be defined when you want to specify input format
+
+`deny` (required)
+:   - SHOULD be `deny` or start with `deny_`
+        - Although `warn`, `warn_*`, `violation`, `violation_` also work for compatibility, `deny` is recommended as severity can be defined in `__rego_metadata__`.
+    - SHOULD return `string`
+        - Although `object` with `msg` field is accepted, other fields are dropped and `string` is recommended.
+        - e.g. `{"msg": "deny message", "details": "something"}`
+    
+
+### Package
+A package name must be unique per policy.
+
+!!!example
+    ``` rego
+    package user.kubernetes.ID001
+    ```
+
+By default, only `appshield.*` packages will be evaluated.
+If you define custom packages, you have to specify the package prefix via `--namespaces` option. 
+
+``` bash
+trivy conf --policy /path/to/custom_policies --namespaces user /path/to/config_dir
+```
+
+In this case, `user.*` will be evaluated.
+Any package prefixes such as `main` and `user` are allowed.
+
+### Metadata
+Metadata helps enrich Trivy's scan results with useful information.
+
+!!!example
+    ``` rego
+    __rego_metadata__ := {
+    	"id": "ID001",
+    	"title": "Deployment not allowed",
+    	"severity": "LOW",
+    	"type": "Custom Kubernetes Check",
+    	"description": "Deployments are not allowed because of some reasons.",
+    	"recommended_actions": "Remove Deployment",
+    	"url": "https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits",
+    }
+    ```
+  
+All fields under `__rego_metadata__` are optional.
+
+| Field name         | Allowed values                      | Default value | In table           | In JSON          |
+| ------------------ | ------------------------------------| :-----------: | :----------------: |:---------------: |
+| id                 | Any characters                      | N/A           | :material-check:   | :material-check: |
+| title              | Any characters                      | N/A           | :material-check:   | :material-check: |
+| severity           | `LOW`, `MEDIUM`, `HIGH`, `CRITICAL` | UNKNOWN       | :material-check:   | :material-check: |
+| type               | Any characters                      | N/A           | :material-check:   | :material-check: |
+| description        | Any characters                      |               | :material-close:   | :material-check: |
+| recommended_actions| Any characters                      |               | :material-close:   | :material-check: | 
+| url                | Any characters                      |               | :material-close:   | :material-check: |
+
+Some fields are displayed in scan results.
+
+``` bash
+deployment.yaml (kubernetes)
+============================
+Tests: 28 (SUCCESSES: 14, FAILURES: 14, EXCEPTIONS: 0)
+Failures: 14 (HIGH: 1)
+
+---------------------------+------------+-------------------------------------+----------+------------------------------------------+
+|           TYPE            | MISCONF ID |                CHECK                | SEVERITY |                 MESSAGE                  |
+---------------------------+------------+-------------------------------------+----------+------------------------------------------+
+| Custom Kubernetes Check   |   ID001    | Deployment not allowed              |   LOW    | Found deployment 'test' but deployments  |
+|                           |            |                                     |          | are not allowed                          |
+---------------------------+------------+-------------------------------------+----------+------------------------------------------+
+```
+
+### Input
+You can specify input format via `__rego_input__`.
+All fields under `__rego_input` are optional.
+
+!!!example
+    ``` rego
+    __rego_input__ := {
+        "combine": false,
+        "selector": [
+            {"type": "kubernetes"},
+        ],
+    }
+    ```
+
+`combine` (boolean)
+: The details is [here](combine.md).
+
+`selector` (array)
+:   This option filters the input by file formats or configuration languages. 
+    In the above example, Trivy passes only Kubernetes files to this policy.
+    Even if Dockerfile exists in the specified directory, it will not be passed to the policy as input.
+
+    When configuration language such as Kubernetes is not identified, file format such as JSON will be used as `type`.
+    When configuration language is identified, it will overwrite `type`.
+    
+    !!! example
+        `pod.yaml` including Kubernetes Pod will be handled as `kubernetes`, not `yaml`.
+        `type` is overwritten by `kubernetes` from `yaml`.
+
+    `type` accepts `kubernetes`, `dockerfile`, `ansible`, `cloudformation`, `json`, `yaml`, `toml`, or `hcl`.
+
+[rego]: https://www.openpolicyagent.org/docs/latest/policy-language/
+[package]: https://www.openpolicyagent.org/docs/latest/policy-language/#packages
--- a/docs/misconfiguration/custom/testing.md
+++ b/docs/misconfiguration/custom/testing.md
@@ -0,0 +1,90 @@
+# Testing
+It is highly recommended to write tests for your custom policies.
+
+## Rego testing
+To help you verify the correctness of your custom policies, OPA gives you a framework that you can use to write tests for your policies. 
+By writing tests for your custom policies you can speed up the development process of new rules and reduce the amount of time it takes to modify rules as requirements evolve.
+
+For more details, see [Policy Testing][opa-testing].
+
+!!! example
+    ```
+    package user.dockerfile.ID002
+
+    test_add_denied {
+        r := deny with input as {"stages": {"alpine:3.13": [
+            {"Cmd": "add", "Value": ["/target/resources.tar.gz", "resources.jar"]},
+            {"Cmd": "add", "Value": ["/target/app.jar", "app.jar"]},
+        ]}}
+
+        count(r) == 1
+        r[_] == "Consider using 'COPY /target/app.jar app.jar' command instead of 'ADD /target/app.jar app.jar'"
+    }
+    ```
+
+To write tests for custom policies, you can refer to existing tests under [AppShield][appshield].
+
+## Go testing
+[Fanal][fanal] which is a core library of Trivy can be imported as a Go library.
+You can scan config files in Go and test your custom policies using Go's testing methods, such as [table-driven tests][table].
+This allows you to use the actual configuration file as input, making it easy to prepare test data and ensure that your custom policies work in practice.
+
+In particular, Dockerfile and HCL need to be converted to structural data as input, which may be different from the expected input format.
+
+!!! tip
+    We recommend writing OPA and Go tests both since they have different roles, like unit tests and integration tests.
+
+The following example stores allowed and denied configuration files in a directory.
+`Successes` contains the result of successes, and `Failures` contains the result of failures.
+
+``` go
+{
+	name:  "disallowed ports",
+	input: "configs/",
+	fields: fields{
+		policyPaths: []string{"policy"},
+		dataPaths:   []string{"data"},
+		namespaces:  []string{"user"},
+	},
+	want: []types.Misconfiguration{
+		{
+			FileType: types.Dockerfile,
+			FilePath: "Dockerfile.allowed",
+			Successes: types.MisconfResults{
+				{
+					Namespace: "user.dockerfile.ID002",
+					PolicyMetadata: types.PolicyMetadata{
+						ID:          "ID002",
+						Type:        "Docker Custom Check",
+						Title:       "Disallowed ports exposed",
+						Severity:    "HIGH",
+					},
+				},
+			},
+		},
+		{
+			FileType: types.Dockerfile,
+			FilePath: "Dockerfile.denied",
+			Failures: types.MisconfResults{
+				{
+					Namespace: "user.dockerfile.ID002",
+					Message:   "Port 23 should not be exposed",
+					PolicyMetadata: types.PolicyMetadata{
+						ID:          "ID002",
+						Type:        "Docker Custom Check",
+						Title:       "Disallowed ports exposed",
+						Severity:    "HIGH",
+					},
+				},
+			},
+		},
+	},
+},
+```
+
+`Dockerfile.allowed` has one successful result in `Successes`, while `Dockerfile.denied` has one failure result in `Failures`.
+
+[opa-testing]: https://www.openpolicyagent.org/docs/latest/policy-testing/
+[appshield]: https://github.com/aquasecurity/appshield
+[table]: https://github.com/golang/go/wiki/TableDrivenTests
+[fanal]: https://github.com/aquasecurity/fanal
--- a/docs/misconfiguration/filesystem.md
+++ b/docs/misconfiguration/filesystem.md
@@ -0,0 +1,56 @@
+# Filesystem
+
+## Quick start
+
+Trivy scans a filesystem such as a virtual machine to detect misconfigurations.
+
+You have to specify `--security-checks config` to enable misconfiguration detection.
+
+```bash
+$ trivy fs --security-checks config /path/to/dir
+```
+
+Internally, it is the same as [config subcommand](iac.md).
+
+## Vulnerability and Misconfiguration scanning
+The difference between `fs` and `config` subcommand is that `fs` can detect both vulnerabilities and misconfiguration at the same time.
+
+You have to specify `--security-checks vuln,config` to enable vulnerability and misconfiguration detection.
+
+``` bash
+$ ls myapp/
+Dockerfile Pipfile.lock
+$ trivy fs --security-checks vuln,config --severity HIGH,CRITICAL myapp/
+2021-07-09T12:03:27.564+0300    INFO    Detected OS: unknown
+2021-07-09T12:03:27.564+0300    INFO    Number of language-specific files: 1
+2021-07-09T12:03:27.564+0300    INFO    Detecting pipenv vulnerabilities...
+2021-07-09T12:03:27.566+0300    INFO    Detected config files: 1
+
+Pipfile.lock (pipenv)
+=====================
+Total: 1 (HIGH: 1, CRITICAL: 0)
+
+----------+------------------+----------+-------------------+---------------+---------------------------------------+
+| LIBRARY  | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                 TITLE                 |
+----------+------------------+----------+-------------------+---------------+---------------------------------------+
+| httplib2 | CVE-2021-21240   | HIGH     | 0.12.1            | 0.19.0        | python-httplib2: Regular              |
+|          |                  |          |                   |               | expression denial of                  |
+|          |                  |          |                   |               | service via malicious header          |
+|          |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-21240 |
+----------+------------------+----------+-------------------+---------------+---------------------------------------+
+
+Dockerfile (dockerfile)
+=======================
+Tests: 23 (SUCCESSES: 22, FAILURES: 1, EXCEPTIONS: 0)
+Failures: 1 (HIGH: 1, CRITICAL: 0)
+
+---------------------------+------------+----------------------+----------+------------------------------------------+
+|           TYPE            | MISCONF ID |        CHECK         | SEVERITY |                 MESSAGE                  |
+---------------------------+------------+----------------------+----------+------------------------------------------+
+| Dockerfile Security Check |   DS002    | Image user is 'root' |   HIGH   | Last USER command in                     |
+|                           |            |                      |          | Dockerfile should not be 'root'          |
+|                           |            |                      |          | -->avd.aquasec.com/appshield/ds002       |
+---------------------------+------------+----------------------+----------+------------------------------------------+
+```
+
+In the above example, Trivy detected vulnerabilities of Python dependencies and misconfigurations in Dockerfile.
--- a/docs/misconfiguration/iac.md
+++ b/docs/misconfiguration/iac.md
@@ -0,0 +1,157 @@
+# Infrastructure as Code (IaC)
+
+## Quick start
+
+Simply specify a directory containing IaC files such as Terraform and Dockerfile.
+
+``` bash
+$ trivy config [YOUR_IaC_DIRECTORY]
+```
+
+Trivy will automatically fetch the managed policies and will keep them up-to-date in future scans.
+
+!!! example
+    ```
+    $ ls build/
+    Dockerfile
+    $ trivy config ./build
+    2021-07-09T10:06:29.188+0300    INFO    Need to update the built-in policies
+    2021-07-09T10:06:29.188+0300    INFO    Downloading the built-in policies...
+    2021-07-09T10:06:30.520+0300    INFO    Detected config files: 1
+    
+    Dockerfile (dockerfile)
+    =======================
+    Tests: 23 (SUCCESSES: 22, FAILURES: 1, EXCEPTIONS: 0)
+    Failures: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)
+    
+    +---------------------------+------------+----------------------+----------+------------------------------------------+
+    |           TYPE            | MISCONF ID |        CHECK         | SEVERITY |                 MESSAGE                  |
+    +---------------------------+------------+----------------------+----------+------------------------------------------+
+    | Dockerfile Security Check |   DS002    | Image user is 'root' |   HIGH   | Last USER command in                     |
+    |                           |            |                      |          | Dockerfile should not be 'root'          |
+    |                           |            |                      |          | -->avd.aquasec.com/appshield/ds002       |
+    +---------------------------+------------+----------------------+----------+------------------------------------------+
+    ```
+    
+## Type detection
+The specified directory can contain mixed types of IaC files.
+Trivy automatically detects config types and applies relevant policies.
+
+For example, the following example holds IaC files for Terraform, Kubernetes, and Dockerfile in the same directory.
+
+``` bash
+$ ls iac/
+Dockerfile  deployment.yaml  main.tf
+$ trivy conf --severith HIGH,CRITICAL ./iac
+```
+
+<details>
+<summary>Result</summary>
+
+```
+2021-07-09T11:51:08.212+0300    INFO    Need to update the built-in policies
+2021-07-09T11:51:08.212+0300    INFO    Downloading the built-in policies...
+2021-07-09T11:51:09.527+0300    INFO    Detected config files: 3
+
+Dockerfile (dockerfile)
+=======================
+Tests: 23 (SUCCESSES: 22, FAILURES: 1, EXCEPTIONS: 0)
+Failures: 1 (HIGH: 1, CRITICAL: 0)
+
+---------------------------+------------+----------------------+----------+------------------------------------------+
+|           TYPE            | MISCONF ID |        CHECK         | SEVERITY |                 MESSAGE                  |
+---------------------------+------------+----------------------+----------+------------------------------------------+
+| Dockerfile Security Check |   DS002    | Image user is 'root' |   HIGH   | Last USER command in                     |
+|                           |            |                      |          | Dockerfile should not be 'root'          |
+|                           |            |                      |          | -->avd.aquasec.com/appshield/ds002       |
+---------------------------+------------+----------------------+----------+------------------------------------------+
+
+deployment.yaml (kubernetes)
+============================
+Tests: 28 (SUCCESSES: 15, FAILURES: 13, EXCEPTIONS: 0)
+Failures: 13 (HIGH: 1, CRITICAL: 0)
+
+---------------------------+------------+----------------------------+----------+------------------------------------------+
+|           TYPE            | MISCONF ID |           CHECK            | SEVERITY |                 MESSAGE                  |
+---------------------------+------------+----------------------------+----------+------------------------------------------+
+| Kubernetes Security Check |   KSV005   | SYS_ADMIN capability added |   HIGH   | Container 'hello-kubernetes' of          |
+|                           |            |                            |          | Deployment 'hello-kubernetes'            |
+|                           |            |                            |          | should not include 'SYS_ADMIN' in        |
+|                           |            |                            |          | 'securityContext.capabilities.add'       |
+|                           |            |                            |          | -->avd.aquasec.com/appshield/ksv005      |
+---------------------------+------------+----------------------------+----------+------------------------------------------+
+
+main.tf (terraform)
+===================
+Tests: 23 (SUCCESSES: 14, FAILURES: 9, EXCEPTIONS: 0)
+Failures: 9 (HIGH: 6, CRITICAL: 1)
+
+------------------------------------------+------------+------------------------------------------+----------+--------------------------------------------------------+
+|                   TYPE                   | MISCONF ID |                  CHECK                   | SEVERITY |                        MESSAGE                         |
+------------------------------------------+------------+------------------------------------------+----------+--------------------------------------------------------+
+|   Terraform Security Check powered by    |   AWS003   | AWS Classic resource usage.              |   HIGH   | Resource                                               |
+|                  tfsec                   |            |                                          |          | 'aws_db_security_group.my-group'                       |
+|                                          |            |                                          |          | uses EC2 Classic. Use a VPC instead.                   |
+|                                          |            |                                          |          | -->tfsec.dev/docs/aws/AWS003/                          |
+                                          +------------+------------------------------------------+----------+--------------------------------------------------------+
+|                                          |   AWS004   | Use of plain HTTP.                       | CRITICAL | Resource                                               |
+|                                          |            |                                          |          | 'aws_alb_listener.my-alb-listener'                     |
+|                                          |            |                                          |          | uses plain HTTP instead of HTTPS.                      |
+|                                          |            |                                          |          | -->tfsec.dev/docs/aws/AWS004/                          |
+                                          +------------+------------------------------------------+----------+--------------------------------------------------------+
+|                                          |   AWS018   | Missing description for security         |   HIGH   | Resource                                               |
+|                                          |            | group/security group rule.               |          | 'aws_security_group_rule.my-rule' should               |
+|                                          |            |                                          |          | include a description for auditing                     |
+|                                          |            |                                          |          | purposes. -->tfsec.dev/docs/aws/AWS018/                |
+                                          +------------+------------------------------------------+          +--------------------------------------------------------+
+|                                          |   AWS025   | API Gateway domain name uses outdated    |          | Resource                                               |
+|                                          |            | SSL/TLS protocols.                       |          | 'aws_api_gateway_domain_name.empty_security_policy'    |
+|                                          |            |                                          |          | defines outdated SSL/TLS policies (not using           |
+|                                          |            |                                          |          | TLS_1_2). -->tfsec.dev/docs/aws/AWS025/                |
+                                          +            +                                          +          +--------------------------------------------------------+
+|                                          |            |                                          |          | Resource                                               |
+|                                          |            |                                          |          | 'aws_api_gateway_domain_name.missing_security_policy'  |
+|                                          |            |                                          |          | should include security_policy (defauls to outdated    |
+|                                          |            |                                          |          | SSL/TLS policy). -->tfsec.dev/docs/aws/AWS025/         |
+                                          +            +                                          +          +--------------------------------------------------------+
+|                                          |            |                                          |          | Resource                                               |
+|                                          |            |                                          |          | 'aws_api_gateway_domain_name.outdated_security_policy' |
+|                                          |            |                                          |          | defines outdated SSL/TLS policies (not using TLS_1_2). |
+|                                          |            |                                          |          | -->tfsec.dev/docs/aws/AWS025/                          |
+                                          +------------+------------------------------------------+          +--------------------------------------------------------+
+|                                          |   AZU003   | Unencrypted managed disk.                |          | Resource 'azurerm_managed_disk.source'                 |
+|                                          |            |                                          |          | defines an unencrypted managed disk.                   |
+|                                          |            |                                          |          | -->tfsec.dev/docs/azure/AZU003/                        |
+------------------------------------------+------------+------------------------------------------+----------+--------------------------------------------------------+
+```
+
+</details>
+
+You can see the config type next to each file name.
+
+!!! example
+    ``` bash
+    Dockerfile (dockerfile)
+    =======================
+    Tests: 23 (SUCCESSES: 22, FAILURES: 1, EXCEPTIONS: 0)
+    Failures: 1 (HIGH: 1, CRITICAL: 0)
+    
+    ...
+    
+    deployment.yaml (kubernetes)
+    ============================
+    Tests: 28 (SUCCESSES: 15, FAILURES: 13, EXCEPTIONS: 0)
+    Failures: 13 (HIGH: 1, CRITICAL: 0)
+    
+    ...
+    
+    main.tf (terraform)
+    ===================
+    Tests: 23 (SUCCESSES: 14, FAILURES: 9, EXCEPTIONS: 0)
+    Failures: 9 (HIGH: 6, CRITICAL: 1)
+    
+    ...
+    ```
+
+## Example
+See [here](https://github.com/aquasecurity/trivy/tree/125c457517f05b6498bc68eaeec6e683dd36c49a/examples/misconf/mixed)
--- a/docs/misconfiguration/index.md
+++ b/docs/misconfiguration/index.md
@@ -0,0 +1,8 @@
+# Misconfiguration Scanning
+Trivy provides built-in policies to detect configuration issues in Docker, Kubernetes and Terraform.
+Also, you can write your own policies in [Rego][rego] to scan JSON, YAML, HCL, etc, like [Conftest][conftest].
+
+![misconf](../imgs/misconf.png)
+
+[rego]: https://www.openpolicyagent.org/docs/latest/policy-language/
+[conftest]: https://github.com/open-policy-agent/conftest/
--- a/docs/misconfiguration/options/filter.md
+++ b/docs/misconfiguration/options/filter.md
@@ -0,0 +1,212 @@
+# Filter Misconfigurations
+
+## By Severity
+
+Use `--severity` option.
+
+```bash
+trivy conf --severity HIGH,CRITICAL examples/misconf/mixed
+```
+
+<details>
+<summary>Result</summary>
+
+```bash
+2021-07-10T17:37:13.267+0300    INFO    Detected config files: 4
+
+configs/Dockerfile (dockerfile)
+===============================
+Tests: 23 (SUCCESSES: 21, FAILURES: 2, EXCEPTIONS: 0)
+Failures: 2 (HIGH: 1, CRITICAL: 0)
+
+---------------------------+------------+----------------------+----------+------------------------------------------+
+|           TYPE            | MISCONF ID |        CHECK         | SEVERITY |                 MESSAGE                  |
+---------------------------+------------+----------------------+----------+------------------------------------------+
+| Dockerfile Security Check |   DS002    | Image user is 'root' |   HIGH   | Specify at least 1 USER                  |
+|                           |            |                      |          | command in Dockerfile with               |
+|                           |            |                      |          | non-root user as argument                |
+|                           |            |                      |          | -->avd.aquasec.com/appshield/ds002       |
+---------------------------+------------+----------------------+----------+------------------------------------------+
+
+configs/deployment.yaml (kubernetes)
+====================================
+Tests: 28 (SUCCESSES: 14, FAILURES: 14, EXCEPTIONS: 0)
+Failures: 14 (HIGH: 1, CRITICAL: 0)
+
+---------------------------+------------+-------------------------------------+----------+------------------------------------------+
+|           TYPE            | MISCONF ID |                CHECK                | SEVERITY |                 MESSAGE                  |
+---------------------------+------------+-------------------------------------+----------+------------------------------------------+
+| Kubernetes Security Check |   KSV006   | docker.sock is mounted to container |   HIGH   | Deployment 'hello-kubernetes' should     |
+|                           |            |                                     |          | not specify '/var/run/docker.socker' in  |
+|                           |            |                                     |          | 'spec.template.volumes.hostPath.path'    |
+|                           |            |                                     |          | -->avd.aquasec.com/appshield/ksv006      |
+---------------------------+------------+-------------------------------------+----------+------------------------------------------+
+
+configs/main.tf (terraform)
+===========================
+Tests: 19 (SUCCESSES: 11, FAILURES: 8, EXCEPTIONS: 0)
+Failures: 8 (HIGH: 6, CRITICAL: 1)
+
+------------------------------------------+------------+------------------------------------------+----------+--------------------------------------------------------+
+|                   TYPE                   | MISCONF ID |                  CHECK                   | SEVERITY |                        MESSAGE                         |
+------------------------------------------+------------+------------------------------------------+----------+--------------------------------------------------------+
+|   Terraform Security Check powered by    |   AWS003   | AWS Classic resource usage.              |   HIGH   | Resource                                               |
+|                  tfsec                   |            |                                          |          | 'aws_db_security_group.my-group'                       |
+|                                          |            |                                          |          | uses EC2 Classic. Use a VPC instead.                   |
+|                                          |            |                                          |          | -->tfsec.dev/docs/aws/AWS003/                          |
+                                          +------------+------------------------------------------+----------+--------------------------------------------------------+
+|                                          |   AWS004   | Use of plain HTTP.                       | CRITICAL | Resource                                               |
+|                                          |            |                                          |          | 'aws_alb_listener.my-alb-listener'                     |
+|                                          |            |                                          |          | uses plain HTTP instead of HTTPS.                      |
+|                                          |            |                                          |          | -->tfsec.dev/docs/aws/AWS004/                          |
+                                          +------------+------------------------------------------+----------+--------------------------------------------------------+
+|                                          |   AWS018   | Missing description for security         |   HIGH   | Resource                                               |
+|                                          |            | group/security group rule.               |          | 'aws_security_group_rule.my-rule' should               |
+|                                          |            |                                          |          | include a description for auditing                     |
+|                                          |            |                                          |          | purposes. -->tfsec.dev/docs/aws/AWS018/                |
+                                          +------------+------------------------------------------+          +--------------------------------------------------------+
+|                                          |   AWS025   | API Gateway domain name uses outdated    |          | Resource                                               |
+|                                          |            | SSL/TLS protocols.                       |          | 'aws_api_gateway_domain_name.empty_security_policy'    |
+|                                          |            |                                          |          | defines outdated SSL/TLS policies (not using           |
+|                                          |            |                                          |          | TLS_1_2). -->tfsec.dev/docs/aws/AWS025/                |
+                                          +            +                                          +          +--------------------------------------------------------+
+|                                          |            |                                          |          | Resource                                               |
+|                                          |            |                                          |          | 'aws_api_gateway_domain_name.missing_security_policy'  |
+|                                          |            |                                          |          | should include security_policy (defauls to outdated    |
+|                                          |            |                                          |          | SSL/TLS policy). -->tfsec.dev/docs/aws/AWS025/         |
+                                          +            +                                          +          +--------------------------------------------------------+
+|                                          |            |                                          |          | Resource                                               |
+|                                          |            |                                          |          | 'aws_api_gateway_domain_name.outdated_security_policy' |
+|                                          |            |                                          |          | defines outdated SSL/TLS policies (not using TLS_1_2). |
+|                                          |            |                                          |          | -->tfsec.dev/docs/aws/AWS025/                          |
+                                          +------------+------------------------------------------+          +--------------------------------------------------------+
+|                                          |   AZU003   | Unencrypted managed disk.                |          | Resource 'azurerm_managed_disk.source'                 |
+|                                          |            |                                          |          | defines an unencrypted managed disk.                   |
+|                                          |            |                                          |          | -->tfsec.dev/docs/azure/AZU003/                        |
+------------------------------------------+------------+------------------------------------------+----------+--------------------------------------------------------+
+
+configs/variables.tf (terraform)
+================================
+Tests: 1 (SUCCESSES: 1, FAILURES: 0, EXCEPTIONS: 0)
+Failures: 0 (HIGH: 0, CRITICAL: 0)
+```
+
+</details>
+
+## By Misconfiguration IDs
+
+Use `.trivyignore`.
+
+```bash
+$ cat .trivyignore
+# Accept the risk
+AWS003
+AWS018
+AWS025
+
+$ trivy conf --severity HIGH,CRITICAL examples/misconf/mixed
+```
+
+<details>
+<summary>Result</summary>
+
+```bash
+2021-07-10T17:38:51.306+0300    INFO    Detected config files: 4
+
+configs/Dockerfile (dockerfile)
+===============================
+Tests: 23 (SUCCESSES: 21, FAILURES: 2, EXCEPTIONS: 0)
+Failures: 2 (HIGH: 1, CRITICAL: 0)
+
+---------------------------+------------+----------------------+----------+------------------------------------------+
+|           TYPE            | MISCONF ID |        CHECK         | SEVERITY |                 MESSAGE                  |
+---------------------------+------------+----------------------+----------+------------------------------------------+
+| Dockerfile Security Check |   DS002    | Image user is 'root' |   HIGH   | Specify at least 1 USER                  |
+|                           |            |                      |          | command in Dockerfile with               |
+|                           |            |                      |          | non-root user as argument                |
+|                           |            |                      |          | -->avd.aquasec.com/appshield/ds002       |
+---------------------------+------------+----------------------+----------+------------------------------------------+
+
+configs/deployment.yaml (kubernetes)
+====================================
+Tests: 28 (SUCCESSES: 14, FAILURES: 14, EXCEPTIONS: 0)
+Failures: 14 (HIGH: 1, CRITICAL: 0)
+
+---------------------------+------------+-------------------------------------+----------+------------------------------------------+
+|           TYPE            | MISCONF ID |                CHECK                | SEVERITY |                 MESSAGE                  |
+---------------------------+------------+-------------------------------------+----------+------------------------------------------+
+| Kubernetes Security Check |   KSV006   | docker.sock is mounted to container |   HIGH   | Deployment 'hello-kubernetes' should     |
+|                           |            |                                     |          | not specify '/var/run/docker.socker' in  |
+|                           |            |                                     |          | 'spec.template.volumes.hostPath.path'    |
+|                           |            |                                     |          | -->avd.aquasec.com/appshield/ksv006      |
+---------------------------+------------+-------------------------------------+----------+------------------------------------------+
+
+configs/main.tf (terraform)
+===========================
+Tests: 19 (SUCCESSES: 11, FAILURES: 8, EXCEPTIONS: 0)
+Failures: 8 (HIGH: 1, CRITICAL: 1)
+
+------------------------------------------+------------+---------------------------+----------+------------------------------------------+
+|                   TYPE                   | MISCONF ID |           CHECK           | SEVERITY |                 MESSAGE                  |
+------------------------------------------+------------+---------------------------+----------+------------------------------------------+
+|   Terraform Security Check powered by    |   AWS004   | Use of plain HTTP.        | CRITICAL | Resource                                 |
+|                  tfsec                   |            |                           |          | 'aws_alb_listener.my-alb-listener'       |
+|                                          |            |                           |          | uses plain HTTP instead of HTTPS.        |
+|                                          |            |                           |          | -->tfsec.dev/docs/aws/AWS004/            |
+                                          +------------+---------------------------+----------+------------------------------------------+
+|                                          |   AZU003   | Unencrypted managed disk. |   HIGH   | Resource 'azurerm_managed_disk.source'   |
+|                                          |            |                           |          | defines an unencrypted managed disk.     |
+|                                          |            |                           |          | -->tfsec.dev/docs/azure/AZU003/          |
+------------------------------------------+------------+---------------------------+----------+------------------------------------------+
+
+configs/variables.tf (terraform)
+================================
+Tests: 1 (SUCCESSES: 1, FAILURES: 0, EXCEPTIONS: 0)
+Failures: 0 (HIGH: 0, CRITICAL: 0)
+```
+
+</details>
+
+## By Exceptions
+See [Exceptions](../policy/exceptions.md)
+
+## Show Successes and Exceptions
+Use `--include-non-failures` option to show successes and exceptions as well as failures.
+
+```bash
+trivy conf --severity CRITICAL --include-non-failures examples/misconf/mixed
+```
+
+<details>
+<summary>Result</summary>
+```
+2021-07-10T17:44:02.049+0300    INFO    Detected config files: 4
+
+configs/Dockerfile (dockerfile)
+===============================
+Tests: 23 (SUCCESSES: 21, FAILURES: 2, EXCEPTIONS: 0)
+Failures: 2 (CRITICAL: 0)
+
+---------------------------+------------+------------------------------------------+----------+--------+-----------------+
+|           TYPE            | MISCONF ID |                  CHECK                   | SEVERITY | STATUS |     MESSAGE     |
+---------------------------+------------+------------------------------------------+----------+--------+-----------------+
+| Dockerfile Security Check |   DS006    | COPY '--from' refers to the current      | CRITICAL |  PASS  | No issues found |
+|                           |            | image                                    |          |        |                 |
+                           +------------+------------------------------------------+          +        +                 +
+|                           |   DS007    | Multiple ENTRYPOINT instructions are     |          |        |                 |
+|                           |            | listed                                   |          |        |                 |
+                           +------------+------------------------------------------+          +        +                 +
+|                           |   DS008    | Exposed port is out of range             |          |        |                 |
+                           +------------+------------------------------------------+          +        +                 +
+|                           |   DS010    | 'sudo' is used                           |          |        |                 |
+                           +------------+------------------------------------------+          +        +                 +
+|                           |   DS011    | COPY with more than two arguments is not |          |        |                 |
+|                           |            | ending with slash                        |          |        |                 |
+                           +------------+------------------------------------------+          +        +                 +
+|                           |   DS012    | Duplicate aliases are defined in         |          |        |                 |
+|                           |            | different FROMs                          |          |        |                 |
+---------------------------+------------+------------------------------------------+----------+--------+-----------------+
+
+...
+```
+</details>
--- a/docs/misconfiguration/options/others.md
+++ b/docs/misconfiguration/options/others.md
@@ -0,0 +1,22 @@
+# Others
+
+!!! hint
+    See also [Others](../../vulnerability/examples/others.md) in Vulnerability section.
+
+## File patterns
+When a directory is given as an input, Trivy will recursively look for and test all files based on file patterns.
+The default file patterns are [here](../custom/index.md).
+
+In addition to the default file patterns, the `--file-patterns` option takes regexp patterns to look for your files.
+For example, it may be useful when your file name of Dockerfile doesn't match the default patterns.
+
+This can be repeated for specifying multiple file patterns.
+Allowed values are here:
+
+- dockerfile
+- yaml
+- json
+- toml
+- hcl
+
+For more details, see [an example](https://github.com/aquasecurity/trivy/tree/{{ git.commit }}/examples/misconf/file-patterns)
--- a/docs/misconfiguration/options/policy.md
+++ b/docs/misconfiguration/options/policy.md
@@ -0,0 +1,88 @@
+# Policy
+
+## Pass custom policies
+You can pass directories including your custom policies through `--policy` option.
+This can be repeated for specifying multiple directories.
+
+```bash
+cd examplex/misconf/
+trivy conf --policy custom-policy/policy --policy combine/policy --namespaces user misconf/mixed
+```
+
+For more details, see [Custom Policies](../custom/index.md).
+
+!!! tip
+    You also need to specify `--namespaces` option.
+
+## Pass custom data
+You can pass directories including your custom data through `--data` option.
+This can be repeated for specifying multiple directories.
+
+```bash
+cd examples/misconf/custom-data
+trivy conf --policy ./policy --data ./data --namespaces user ./configs
+```
+
+For more details, see [Custom Data](../custom/data.md).
+
+## Pass namespaces
+By default, Trivy evaluate policies defined in `appshield.*`.
+If you want to evaluate custom policies in other packages, you have to specify package prefixes through `--namespaces` option.
+This can be repeated for specifying multiple packages.
+
+``` bash
+trivy conf --policy ./policy --namespaces main --namespaces user ./configs
+```
+
+## Skip update of built-in policies
+`Trivy` downloads built-in policies when it starts operating.
+Then, it checks for updates every 24 hours.
+You can use the `--skip-policy-update` option to skip it.
+If you skip it the first time, the built-in policies will not be loaded.
+
+!!! note
+    Even if you specify the option the first time, it will be loaded as Terraform policies are written in Go.
+
+```
+trivy conf --skip-policy-update examples/misconf/mixed                                                                                           [~/src/github.com/aquasecurity/trivy]
+
+```
+
+<details>
+<summary>Result</summary>
+
+```
+2021-07-10T18:04:19.083+0300    INFO    No builtin policies were loaded
+2021-07-10T18:04:19.174+0300    INFO    Detected config files: 2
+
+configs/main.tf (terraform)
+===========================
+Tests: 19 (SUCCESSES: 11, FAILURES: 8, EXCEPTIONS: 0)
+Failures: 8 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 1)
+
+------------------------------------------+------------+------------------------------------------+----------+------------------------------------------+
+|                   TYPE                   | MISCONF ID |                  CHECK                   | SEVERITY |                 MESSAGE                  |
+------------------------------------------+------------+------------------------------------------+----------+------------------------------------------+
+|   Terraform Security Check powered by    |   AWS004   | Use of plain HTTP.                       | CRITICAL | Resource                                 |
+|                  tfsec                   |            |                                          |          | 'aws_alb_listener.my-alb-listener'       |
+|                                          |            |                                          |          | uses plain HTTP instead of HTTPS.        |
+|                                          |            |                                          |          | -->tfsec.dev/docs/aws/AWS004/            |
+                                          +------------+------------------------------------------+----------+------------------------------------------+
+|                                          |   AWS006   | An ingress security group rule allows    |  MEDIUM  | Resource                                 |
+|                                          |            | traffic from /0.                         |          | 'aws_security_group_rule.my-rule'        |
+|                                          |            |                                          |          | defines a fully open                     |
+|                                          |            |                                          |          | ingress security group rule.             |
+|                                          |            |                                          |          | -->tfsec.dev/docs/aws/AWS006/            |
+                                          +------------+------------------------------------------+----------+------------------------------------------+
+|                                          |   AZU003   | Unencrypted managed disk.                |   HIGH   | Resource 'azurerm_managed_disk.source'   |
+|                                          |            |                                          |          | defines an unencrypted managed disk.     |
+|                                          |            |                                          |          | -->tfsec.dev/docs/azure/AZU003/          |
+------------------------------------------+------------+------------------------------------------+----------+------------------------------------------+
+
+configs/variables.tf (terraform)
+================================
+Tests: 1 (SUCCESSES: 1, FAILURES: 0, EXCEPTIONS: 0)
+Failures: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
+```
+</details>
+
--- a/docs/misconfiguration/options/report.md
+++ b/docs/misconfiguration/options/report.md
@@ -0,0 +1,6 @@
+# Report Formats
+
+See [Reports Formats](../../vulnerability/examples/report.md) in Vulnerability section.
+
+!!! caution
+    Misconfiguration scanning doesn't support default templates such as XML and SARIF for now.
--- a/docs/misconfiguration/policy/builtin.md
+++ b/docs/misconfiguration/policy/builtin.md
@@ -0,0 +1,38 @@
+# Built-in Policies
+
+## Policy Sources
+
+Built-in policies are mainly written in [Rego][rego].
+Those policies are managed under [AppShield repository][appshield].
+Only Terraform's policies are currently powered by [tfsec][tfsec].
+
+| Config type    | Source                        |
+| ---------------| ----------------------------- |
+| Kubernetes     | [AppShield][kubernetes]       |
+| Dockerfile     | [AppShield][docker]           |
+| Terraform      | [tfsec][tfsec-checks]         |
+
+For suggestions or issues regarding policy content, please open an issue under [AppShield][appshield] or [tfsec][tfsec] repository.
+
+CloudFormation and Ansible are coming soon.
+
+## Policy Distribution
+AppShield policies are destributed as OPA bundle on [GitHub Container Registry][ghcr] (GHCR).
+When misconfiguration detection is enabled, Trivy pulls OPA bundle from GHCR as OCI artifact and stores it in the cache.
+Then, those policies are loaded into Trivy OPA engine and used for detecting misconfigurations.
+
+## Update Interval
+Trivy checks for updates to OPA bundle on GHCR every 24 hours and pulls it if there are any updates.
+
+[rego]: https://www.openpolicyagent.org/docs/latest/policy-language/
+[appshield]: https://github.com/aquasecurity/appshield
+[kubernetes]: https://github.com/aquasecurity/appshield/tree/master/kubernetes
+[docker]: https://github.com/aquasecurity/appshield/tree/master/docker
+[tfsec-checks]: https://tfsec.dev/docs/aws/home/
+[tfsec]: https://github.com/tfsec/tfsec
+[ghcr]: https://github.com/aquasecurity/appshield/pkgs/container/appshield
+
+[dockerfile-bestpractice]: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
+[pss]: https://kubernetes.io/docs/concepts/security/pod-security-standards/
+[azure]: https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices
+[kics]: https://github.com/Checkmarx/kics/
--- a/docs/misconfiguration/policy/exceptions.md
+++ b/docs/misconfiguration/policy/exceptions.md
@@ -0,0 +1,98 @@
+# Exceptions
+Exceptions lets you to specify cases where you allow policy violations.
+Trivy supports two types of exceptions.
+
+!!! info
+    Exceptions can be applied to built-in policies as well as custom policies.
+
+## Namespace-based exceptions
+There are some cases where you need to disable built-in policies partially or fully.
+Namespace-based exceptions lets you rough choose which individual packages to exempt.
+
+To use namespace-based exceptions, create a Rego rule with the name `exception` that returns the package names to exempt.
+The `exception` rule must be defined under `namespace.exceptions`.
+`data.namespaces` includes all package names.
+
+
+!!! example
+    ``` rego
+    package namespace.exceptions
+
+    import data.namespaces
+        
+    exception[ns] {
+        ns := data.namespaces[_]
+        startswith(ns, "appshield")
+    }
+    ```
+
+This example exempts all built-in policies for Kubernetes.
+
+For more details, see [an example][ns-example].
+
+## Rule-based exceptions
+There are some cases where you need more flexibility and granularity in defining which cases to exempt.
+Rule-based exceptions lets you granularly choose which individual rules to exempt, while also declaring under which conditions to exempt them.
+
+To use rule-based exceptions, create a Rego rule with the name `exception` that returns the rule name suffixes to exempt, prefixed by `deny_` (for example, returning `foo` will exempt `deny_foo`). 
+The rule can make any other assertion, for example, on the input or data documents. 
+This is useful to specify the exemption for a specific case.
+
+Note that if you specify the empty string, the exception will match all rules named `deny`.
+
+```
+exception[rules] {
+    # Logic
+
+    rules = ["foo","bar"]
+}
+```
+
+The above would provide an exception from `deny_foo` and `deny_bar`.
+
+
+!!! example
+    ```
+    package user.kubernetes.ID100
+
+    __rego_metadata := {
+        "id": "ID100",
+        "title": "Deployment not allowed",
+        "severity": "HIGH",
+        "type": "Kubernetes Custom Check",
+    }
+    
+    deny_deployment[msg] {
+        input.kind == "Deployment"
+    	msg = sprintf("Found deployment '%s' but deployments are not allowed", [name])
+    }
+    
+    exception[rules] {
+        input.kind == "Deployment"
+        input.metadata.name == "allow-deployment"
+        
+        rules := ["deployment"]
+    }
+    ```
+
+If you want to apply rule-based exceptions to built-in policies, you have to define the exception under the same package.
+
+!!! example
+    ``` rego
+    package appshield.kubernetes.KSV012
+
+    exception[rules] {
+        input.metadata.name == "can-run-as-root"
+        rules := [""]
+    }
+    ```
+
+This exception is applied to [KSV012][ksv012] in AppShield.
+You can get the package names in [AppShield repository][appshield] or the JSON output from Trivy.
+
+For more details, see [an example][rule-example].
+
+[ns-example]: https://github.com/aquasecurity/trivy/tree/{{ git.commit }}/examples/misconf/namespace-exception
+[rule-example]: https://github.com/aquasecurity/trivy/tree/{{ git.commit }}/examples/misconf/rule-exception
+[ksv012]: https://github.com/aquasecurity/appshield/blob/57bccc1897b2500a731415bda3990b0d4fbc959e/kubernetes/policies/pss/restricted/3_runs_as_root.rego
+[appshield]: https://github.com/aquasecurity/appshield/
--- a/docs/quickstart.md
+++ b/docs/quickstart.md
@@ -1,34 +0,0 @@
-# Quick Start
-
-Simply specify an image name (and a tag).
-
-```
-$ trivy image [YOUR_IMAGE_NAME]
-```
-
-For example:
-
-```
-$ trivy image python:3.4-alpine
-```
-
-<details>
-<summary>Result</summary>
-
-```
-2019-05-16T01:20:43.180+0900    INFO    Updating vulnerability database...
-2019-05-16T01:20:53.029+0900    INFO    Detecting Alpine vulnerabilities...
-
-python:3.4-alpine3.9 (alpine 3.9.2)
-===================================
-Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 0, CRITICAL: 0)
-
-+---------+------------------+----------+-------------------+---------------+--------------------------------+
-| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |             TITLE              |
-+---------+------------------+----------+-------------------+---------------+--------------------------------+
-| openssl | CVE-2019-1543    | MEDIUM   | 1.1.1a-r1         | 1.1.1b-r1     | openssl: ChaCha20-Poly1305     |
-|         |                  |          |                   |               | with long nonces               |
-+---------+------------------+----------+-------------------+---------------+--------------------------------+
-```
-
-</details>
--- a/docs/scanning/index.md
+++ b/docs/scanning/index.md
@@ -1,7 +0,0 @@
-# Scanning
-
-Trivy can be used to scan 
-
- [Container Images](image.md)
- [Filesystem](filesystem.md)
- [Git Repositores](git-repository.md)
--- a/docs/usage/fs.md
+++ b/docs/usage/fs.md
@@ -1,31 +0,0 @@
-# Filesystem
-
-```bash
-NAME:
-   trivy filesystem - scan local filesystem
-
-USAGE:
-   trivy filesystem [command options] dir
-
-OPTIONS:
-   --template value, -t value  output template [$TRIVY_TEMPLATE]
-   --format value, -f value    format (table, json, template) (default: "table") [$TRIVY_FORMAT]
-   --input value, -i value     input file path instead of image name [$TRIVY_INPUT]
-   --severity value, -s value  severities of vulnerabilities to be displayed (comma separated) (default: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL") [$TRIVY_SEVERITY]
-   --output value, -o value    output file name [$TRIVY_OUTPUT]
-   --exit-code value           Exit code when vulnerabilities were found (default: 0) [$TRIVY_EXIT_CODE]
-   --skip-update               skip db update (default: false) [$TRIVY_SKIP_UPDATE]
-   --clear-cache, -c           clear image caches without scanning (default: false) [$TRIVY_CLEAR_CACHE]
-   --ignore-unfixed            display only fixed vulnerabilities (default: false) [$TRIVY_IGNORE_UNFIXED]
-   --removed-pkgs              detect vulnerabilities of removed packages (only for Alpine) (default: false) [$TRIVY_REMOVED_PKGS]
-   --vuln-type value           comma-separated list of vulnerability types (os,library) (default: "os,library") [$TRIVY_VULN_TYPE]
-   --ignorefile value          specify .trivyignore file (default: ".trivyignore") [$TRIVY_IGNOREFILE]
-   --cache-backend value       cache backend (e.g. redis://localhost:6379) (default: "fs") [$TRIVY_CACHE_BACKEND]
-   --timeout value             timeout (default: 5m0s) [$TRIVY_TIMEOUT]
-   --no-progress               suppress progress bar (default: false) [$TRIVY_NO_PROGRESS]
-   --ignore-policy value       specify the Rego file to evaluate each vulnerability [$TRIVY_IGNORE_POLICY]
-   --list-all-pkgs             enabling the option will output all packages regardless of vulnerability (default: false) [$TRIVY_LIST_ALL_PKGS]
-   --skip-files value          specify the file path to skip traversal [$TRIVY_SKIP_FILES]
-   --skip-dirs value           specify the directory where the traversal is skipped [$TRIVY_SKIP_DIRS]
-   --help, -h                  show help (default: false)
-```
--- a/docs/vuln-detection/data-source.md
+++ b/docs/vuln-detection/data-source.md
@@ -1,23 +0,0 @@
-# Data Sources
-
- PHP
-    - https://github.com/FriendsOfPHP/security-advisories
-    - https://github.com/advisories?query=ecosystem%3Acomposer
- Python
-    - https://github.com/pyupio/safety-db
-    - https://github.com/advisories?query=ecosystem%3Apip
- Ruby
-    - https://github.com/rubysec/ruby-advisory-db
-    - https://github.com/advisories?query=ecosystem%3Arubygems
- Node.js
-    - https://github.com/nodejs/security-wg
-    - https://github.com/advisories?query=ecosystem%3Anpm
- Rust
-    - https://github.com/RustSec/advisory-db
- .NET
-    - https://github.com/advisories?query=ecosystem%3Anuget
- Java
-    - https://github.com/advisories?query=ecosystem%3Amaven
-    - https://gitlab.com/gitlab-org/advisories-community
- Go
-    - https://gitlab.com/gitlab-org/advisories-community
--- a/docs/vuln-detection/image-tar-format.md
+++ b/docs/vuln-detection/image-tar-format.md
@@ -1,9 +0,0 @@
-# Supported Image Tar Formats
-Trivy scans a tar image with the following format.
-
- Docker Image Specification (https://github.com/moby/moby/tree/master/image/spec)
-    - Moby Project (https://github.com/moby/moby/)
-    - Buildah, Podman (https://github.com/containers/buildah)
-    - img (https://github.com/genuinetools/img)
- Kaniko
-    - Kaniko (https://github.com/GoogleContainerTools/kaniko)
--- a/docs/vuln-detection/index.md
+++ b/docs/vuln-detection/index.md
@@ -1,4 +0,0 @@
-Trivy detects vulnerabilities in [OS packages][os] and [application libraries][library]
-
-[os]: os.md
-[library]: library.md
--- a/docs/vuln-detection/library.md
+++ b/docs/vuln-detection/library.md
@@ -1,26 +0,0 @@
-# Application Dependencies
-
-`Trivy` automatically detects the following files in the container and scans vulnerabilities in the application dependencies.
-
- Ruby
-    - Gemfile.lock
- Python
-    - Pipfile.lock
-    - poetry.lock
- PHP
-    - composer.lock
- Node.js
-    - package-lock.json
-    - yarn.lock
- Rust
-    - Cargo.lock
- .NET
-    - packages.lock.json
- Java
-    - JAR/WAR/EAR files (*.jar, *.war, and *.ear)
- Go
-    - Binaries built by Go (UPX-compressed binaries don't work)
-
-The path of these files does not matter.
-
-Example: https://github.com/aquasecurity/trivy-ci-test/blob/main/Dockerfile
--- a/docs/vuln-detection/os.md
+++ b/docs/vuln-detection/os.md
@@ -1,20 +0,0 @@
-# Supported OS
-
-The unfixed/unfixable vulnerabilities mean that the patch has not yet been provided on their distribution. Trivy doesn't support self-compiled packages/binaries, but official packages provided by vendors such as Red Hat and Debian.
-
-| OS                           | Supported Versions                       | Target Packages               | Detection of unfixed vulnerabilities |
-| ---------------------------- | ---------------------------------------- | ----------------------------- | :----------------------------------: |
-| Alpine Linux                 | 2.2 - 2.7, 3.0 - 3.13                    | Installed by apk              |                  NO                  |
-| Red Hat Universal Base Image | 7, 8                                     | Installed by yum/rpm          |                 YES                  |
-| Red Hat Enterprise Linux     | 6, 7, 8                                  | Installed by yum/rpm          |                 YES                  |
-| CentOS                       | 6, 7                                     | Installed by yum/rpm          |                 YES                  |
-| Oracle Linux                 | 5, 6, 7, 8                               | Installed by yum/rpm          |                  NO                  |
-| Amazon Linux                 | 1, 2                                     | Installed by yum/rpm          |                  NO                  |
-| openSUSE Leap                | 42, 15                                   | Installed by zypper/rpm       |                  NO                  |
-| SUSE Enterprise Linux        | 11, 12, 15                               | Installed by zypper/rpm       |                  NO                  |
-| Photon OS                    | 1.0, 2.0, 3.0                            | Installed by tdnf/yum/rpm     |                  NO                  |
-| Debian GNU/Linux             | wheezy, jessie, stretch, buster          | Installed by apt/apt-get/dpkg |                 YES                  |
-| Ubuntu                       | 12.04, 14.04, 16.04, 18.04, 18.10, 19.04 | Installed by apt/apt-get/dpkg |                 YES                  |
-| Distroless*                  | Any                                      | Installed by apt/apt-get/dpkg |                 YES                  |
-
-*Distroless: https://github.com/GoogleContainerTools/distroless
--- a/docs/vulnerability/detection/data-source.md
+++ b/docs/vulnerability/detection/data-source.md
@@ -0,0 +1,73 @@
+# OS
+
+| OS             | Source                                                                              |
+| ---------------| ---------------------------------------- |
+| Arch Linux     | [Vulnerable Issues][arch]                |
+| Alpine Linux   | [secdb][alpine]                          |
+| Amazon Linux 1 | [Amazon Linux Security Center][amazon1]  |
+| Amazon Linux 2 | [Amazon Linux Security Center][amazon2]  |
+| Debian         | [Security Bug Tracker][debian-tracker]   |
+|                | [OVAL][debian-oval]                      |
+| Ubuntu         | [Ubuntu CVE Tracker][ubuntu]             |
+| RHEL/CentOS    | [OVAL][rhel-oval]                        |
+|                | [Security Data][rhel-api]                |
+| Oracle Linux   | [OVAL][oracle]                           |
+| OpenSUSE/SLES	 | [CVRF][suse]                             |
+| Photon OS      | [Photon Security Advisory][photon]       |
+
+# Programming Language
+
+| Language                     | Source                                           | Commercial Use  | Delay[^1]|
+| ---------------------------- | -------------------------------------------------|:---------------:|:--------:|
+| PHP                          | [PHP Security Advisories Database][php]          | ✅              | -        |
+|                              | [GitHub Advisory Database (Composer)][php-ghsa]  | ✅              | -        |
+| Python                       | [Safety DB][python]                              | ❌              | 1 month  |
+|                              | [GitHub Advisory Database (pip)][python-ghsa]    | ✅              | -        |
+| Ruby                         | [Ruby Advisory Database][ruby]                   | ❌ (partially)  | -        |
+|                              | [GitHub Advisory Database (RubyGems)][ruby-ghsa] | ✅              | -        |
+| Node.js                      | [Ecosystem Security Working Group][nodejs]       | ✅              | -        |
+|                              | [GitHub Advisory Database (npm)][nodejs-ghsa]    | ✅              | -        |
+| Java                         | [GitLab Advisories Community][gitlab]            | ✅              | 1 month  |
+|                              | [GitHub Advisory Database (Maven)][java-ghsa]    | ✅              | -        |
+| Go                           | [GitLab Advisories Community][gitlab]            | ✅              | 1 month  |
+|                              | [The Go Vulnerability Database][go]              | ✅              | -        |
+| Rust                         | [RustSec Advisory Database][rust]                | ✅              | -        |
+| .NET                         | [GitHub Advisory Database (NuGet)][dotnet-ghsa]  | ✅              | -        |
+
+[^1]: Intentional delay between vulnerability disclosure and registration in the DB
+
+# Others
+
+| Name                            | Source     |  
+| --------------------------------|------------|
+| National Vulnerability Database | [NVD][nvd] | 
+
+[arch]: https://security.archlinux.org/
+[alpine]: https://secdb.alpinelinux.org/
+[amazon1]: https://alas.aws.amazon.com/
+[amazon2]: https://alas.aws.amazon.com/alas2.html
+[debian-tracker]: https://security-tracker.debian.org/tracker/
+[debian-oval]: https://www.debian.org/security/oval/
+[ubuntu]: https://ubuntu.com/security/cve
+[rhel-oval]: https://www.redhat.com/security/data/oval/v2/
+[rhel-api]: https://www.redhat.com/security/data/metrics/
+[oracle]: https://linux.oracle.com/security/oval/
+[suse]: http://ftp.suse.com/pub/projects/security/cvrf/
+[photon]: https://packages.vmware.com/photon/photon_cve_metadata/
+
+[php-ghsa]: https://github.com/advisories?query=ecosystem%3Acomposer
+[python-ghsa]: https://github.com/advisories?query=ecosystem%3Apip
+[ruby-ghsa]: https://github.com/advisories?query=ecosystem%3Arubygems
+[nodejs-ghsa]: https://github.com/advisories?query=ecosystem%3Anpm
+[java-ghsa]: https://github.com/advisories?query=ecosystem%3Amaven
+[dotnet-ghsa]: https://github.com/advisories?query=ecosystem%3Anuget
+
+[php]: https://github.com/FriendsOfPHP/security-advisories
+[python]: https://github.com/pyupio/safety-db
+[ruby]: https://github.com/rubysec/ruby-advisory-db
+[nodejs]: https://github.com/nodejs/security-wg
+[gitlab]: https://gitlab.com/gitlab-org/advisories-community
+[go]: https://github.com/golang/vulndb
+[rust]: (https://github.com/RustSec/advisory-db)
+
+[nvd]: https://nvd.nist.gov/
--- a/docs/vulnerability/detection/language.md
+++ b/docs/vulnerability/detection/language.md
@@ -0,0 +1,24 @@
+# Language-specific Packages
+
+`Trivy` automatically detects the following files in the container and scans vulnerabilities in the application dependencies.
+
+| Language | File                                            | Dev dependencies |
+| ---------| ------------------------------------------------| -----------------|
+| Ruby     | Gemfile.lock                                    | included         |
+| Python   | Pipfile.lock                                    | excluded         |
+|          | poetry.lock                                     | included         |
+| PHP      | composer.lock                                   | excluded         |
+| Node.js  | package-lock.json                               | excluded         |
+|          | yarn.lock                                       | included         |
+| .NET     | packages.lock.json                              | included         |
+| Java     | JAR/WAR/EAR (`*.jar`, `*.war`, and `*.ear`)[^1] | included         |
+| Go       | Binaries built by Go[^2]                        | excluded         |
+|          | go.sum                                          | included         |
+
+
+The path of these files does not matter.
+
+Example: [Dockerfile](https://github.com/aquasecurity/trivy-ci-test/blob/main/Dockerfile)
+
+[^1]: It requires the Internet access
+[^2]: UPX-compressed binaries don't work
--- a/docs/vulnerability/detection/os.md
+++ b/docs/vulnerability/detection/os.md
@@ -0,0 +1,21 @@
+# Supported OS
+
+The unfixed/unfixable vulnerabilities mean that the patch has not yet been provided on their distribution. Trivy doesn't support self-compiled packages/binaries, but official packages provided by vendors such as Red Hat and Debian.
+
+| OS                               | Supported Versions                       | Target Packages               | Detection of unfixed vulnerabilities |
+| -------------------------------- | ---------------------------------------- | ----------------------------- | :----------------------------------: |
+| Alpine Linux                     | 2.2 - 2.7, 3.0 - 3.13                    | Installed by apk              |                  NO                  |
+| Red Hat Universal Base Image[^1] | 7, 8                                     | Installed by yum/rpm          |                 YES                  |
+| Red Hat Enterprise Linux         | 6, 7, 8                                  | Installed by yum/rpm          |                 YES                  |
+| CentOS                           | 6, 7                                     | Installed by yum/rpm          |                 YES                  |
+| Oracle Linux                     | 5, 6, 7, 8                               | Installed by yum/rpm          |                  NO                  |
+| Amazon Linux                     | 1, 2                                     | Installed by yum/rpm          |                  NO                  |
+| openSUSE Leap                    | 42, 15                                   | Installed by zypper/rpm       |                  NO                  |
+| SUSE Enterprise Linux            | 11, 12, 15                               | Installed by zypper/rpm       |                  NO                  |
+| Photon OS                        | 1.0, 2.0, 3.0                            | Installed by tdnf/yum/rpm     |                  NO                  |
+| Debian GNU/Linux                 | wheezy, jessie, stretch, buster          | Installed by apt/apt-get/dpkg |                 YES                  |
+| Ubuntu                           | All versions supported by Canonical      | Installed by apt/apt-get/dpkg |                 YES                  |
+| Distroless[^2]                   | Any                                      | Installed by apt/apt-get/dpkg |                 YES                  |
+
+[^1]: https://developers.redhat.com/products/rhel/ubi
+[^2]: https://github.com/GoogleContainerTools/distroless
--- a/docs/vulnerability/detection/supported.md
+++ b/docs/vulnerability/detection/supported.md
@@ -0,0 +1,22 @@
+# Supported
+
+## Container Runtime
+- [Docker Engine](https://docs.docker.com/engine/)
+- [Podman](../../advanced/container/podman.md)
+
+## Container Registry
+- [Docker Registry HTTP API V2](https://docs.docker.com/registry/spec/api/)
+- [OCI Distribution Specification](https://github.com/opencontainers/distribution-spec)
+
+## Image Tar Formats
+Trivy scans a tar image with the following format.
+
+- [Docker Image Specification](https://github.com/moby/moby/tree/master/image/spec)
+    - [Moby Project](https://github.com/moby/moby/)
+    - [Buildah](https://github.com/containers/buildah)
+    - [Podman](https://github.com/containers/podman)
+    - [img](https://github.com/genuinetools/img)
+- [Kaniko](https://github.com/GoogleContainerTools/kaniko)
+
+## Image Layout
+- [OCI Image Format Specification](https://github.com/opencontainers/image-spec)
--- a/docs/vulnerability/examples/cache.md
+++ b/docs/vulnerability/examples/cache.md
@@ -27,7 +27,8 @@ $ trivy --cache-dir /tmp/trivy/ image python:3.4-alpine3.9
 ```

 ## Cache Backend
-[EXPERIMENTAL] This feature might change without preserving backwards compatibility.
+!!! warning "EXPERIMENTAL"
+    This feature might change without preserving backwards compatibility.

 Trivy supports local filesystem and Redis as the cache backend. This option is useful especially for client/server mode.

--- a/docs/vulnerability/examples/db.md
+++ b/docs/vulnerability/examples/db.md
@@ -3,10 +3,10 @@
 ## Skip update of vulnerability DB
 `Trivy` downloads its vulnerability database every 12 hours when it starts operating.
 This is usually fast, as the size of the DB is only 10~30MB.
-But if you want to skip even that, use the `--skip-update` option.
+But if you want to skip even that, use the `--skip-db-update` option.

 ```
-$ trivy image --skip-update python:3.4-alpine3.9
+$ trivy image --skip-db-update python:3.4-alpine3.9
 ```

 <details>
--- a/docs/vulnerability/examples/filter.md
+++ b/docs/vulnerability/examples/filter.md
@@ -283,7 +283,8 @@ Total: 4751 (UNKNOWN: 1, LOW: 150, MEDIUM: 3504, HIGH: 1013, CRITICAL: 83)

 ## By Open Policy Agent

-[EXPERIMENTAL] This feature might change without preserving backwards compatibility.
+!!! warning "EXPERIMENTAL"
+    This feature might change without preserving backwards compatibility.

 Trivy supports Open Policy Agent (OPA) to filter vulnerabilities. You can specify a Rego file with `--ignore-policy` option.

@@ -316,5 +317,5 @@ Total: 1 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 1, CRITICAL: 0)

 </details>

-[helper]: https://github.com/aquasecurity/trivy/tree/main/pkg/vulnerability/module.go
-[policy]: https://github.com/aquasecurity/trivy/tree/main/contrib/example_policy
+[helper]: https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/pkg/vulnerability/module.go
+[policy]: https://github.com/aquasecurity/trivy/tree/{{ git.tag }}/contrib/example_policy
--- a/docs/vulnerability/examples/others.md
+++ b/docs/vulnerability/examples/others.md
@@ -1,5 +1,21 @@
 # Others

+## Skip Files
+Trivy traversals directories and looks for all lock files by default.
+If your image contains lock files which are not maintained by you, you can skip the file.
+
+```
+$ trivy image --skip-files "/Gemfile.lock" --skip-files "/var/lib/gems/2.5.0/gems/http_parser.rb-0.6.0/Gemfile.lock" quay.io/fluentd_elasticsearch/fluentd:v2.9.0
+```
+
+## Skip Directories
+Trivy traversals directories and look for all lock files by default.
+If your image contains lock files which are not maintained by you, you can skip traversal in the specific directory.
+
+```
+$ trivy image --skip-dirs /var/lib/gems/2.5.0/gems/fluent-plugin-detect-exceptions-0.0.13 --skip-dirs "/var/lib/gems/2.5.0/gems/http_parser.rb-0.6.0" quay.io/fluentd_elasticsearch/fluentd:v2.9.0
+```
+
 ## Exit Code
 By default, `Trivy` exits with code 0 even when vulnerabilities are detected.
 Use the `--exit-code` option if you want to exit with a non-zero exit code.
--- a/docs/vulnerability/examples/report.md
+++ b/docs/vulnerability/examples/report.md
@@ -12,6 +12,9 @@ $ trivy image -f table golang:1.12-alpine
 $ trivy image -f json -o results.json golang:1.12-alpine
 ```

+!!! caution
+    v0.20.0 changes the JSON schema. For more details, see [here][new-json].
+
 <details>
 <summary>Result</summary>

@@ -201,7 +204,8 @@ Trivy also supports an [ASFF template for reporting findings to AWS Security Hub
 $ trivy image --format template --template "@contrib/html.tpl" -o report.html golang:1.12-alpine
 ```

+[new-json]: https://github.com/aquasecurity/trivy/discussions/1050
 [action]: https://github.com/aquasecurity/trivy-action
-[asff]: https://github.com/aquasecurity/trivy/tree/main/docs/integration/security-hub.md
+[asff]: https://github.com/aquasecurity/trivy/blob/main/docs/integrations/aws-security-hub.md
 [sarif]: https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/managing-results-from-code-scanning
 [sprig]: http://masterminds.github.io/sprig/
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Teppei Fukuda	dea3428804	docs(misconf): add comparison with Conftest and tfsec (#1111 )	2021-07-12 13:43:39 +03:00
Teppei Fukuda	47d600a9b4	feat(report): add schema version (#1110 )	2021-07-12 12:27:27 +03:00
Teppei Fukuda	eae4bafff3	fix(scan): change unknown os from info to debug (#1109 )	2021-07-12 12:26:48 +03:00
Teppei Fukuda	9e08bd44fb	docs: add misconfiguration (#1101 ) Co-authored-by: Itay Shakury <itay@itaysk.com>	2021-07-12 03:14:17 +03:00
Teppei Fukuda	d9883e4442	fix(config): rename include-successes with include-non-failures (#1107 )	2021-07-11 16:55:13 +03:00
Teppei Fukuda	e6f7e556e8	feat(config): support --trace (#1106 )	2021-07-11 16:07:30 +03:00
Teppei Fukuda	4b84e79cc3	fix(policy): reduce the Internet access (#1105 ) * fix(policy): send a request only when it needs update * fix(policy): update DownloadedAt after fetching image manifest	2021-07-10 23:17:04 +03:00
Teppei Fukuda	05ae22a85c	chore: bump golangci-lint to v1.41.1 (#1104 )	2021-07-10 21:23:00 +03:00
Teppei Fukuda	a0e5c3a2e2	feat: support config scanning (#931 )	2021-07-09 08:18:53 +03:00
Teppei Fukuda	712f9eba35	feat(report): add artifact metadata (#1079 )	2021-06-30 12:53:33 +03:00
Vinod Anandan	803b2f9a93	Generate SBOM (#1076 ) * Generate SBOM Generate and publish SBOM as part of the release. * Publish bom.json * Ignore SBOMs generated during CI	2021-06-22 09:53:08 +03:00
Teppei Fukuda	92f980f4b7	fix(db): multiple prefixed data sources (#1070 )	2021-06-20 16:23:26 +03:00
Chris Novakovic	52e98f1bd9	Add EOL date for Alpine 3.14 (#1072 ) Per https://alpinelinux.org/releases/, Alpine 3.14 is supported until 2023-05-01. Closes #1071.	2021-06-20 11:15:22 +03:00
Dirk Mueller	6cd9a328a4	suse: mark sle 15.3 as maintained, add opensuse 15.3 (#1059 ) SLE 15.3 is about to be released and will be maintained until 6 months after 15.4. this allows us to guess the 15 SP2 EOL date, so updating that as well.	2021-06-17 12:09:46 +03:00
Teppei Fukuda	03a73667db	docs: improve data sources (#1069 ) * docs: improve data sources * docs: add os data sources * refactor	2021-06-16 16:43:42 +03:00
Teppei Fukuda	a29d6d8c5b	chore(label): add kind/security-advisory (#1068 )	2021-06-16 15:33:06 +03:00
Teppei Fukuda	2a08969ddc	fix(asff): replace slice with substr (#1058 )	2021-06-10 16:19:28 +03:00
Abhinav Khanna	3a94b7399b	fix(helm-chart): parametrized ingress host path (#1049 ) Signed-off-by: Abhinav Khanna <abhinav.khanna@salesforce.com>	2021-06-10 16:03:48 +03:00
Tauseef	41d000c97e	feat: support Google Artifact Repository (#1055 ) * Update Fanal library reference This commit updates Fanal library version to latest which includes support for Google artifact repository. * chore(mod): tidy Co-authored-by: knqyf263 <knqyf263@gmail.com>	2021-06-10 12:19:40 +03:00
David Wittman	78da283c1b	Update ASFF template to use label for severity (#1047 ) * Update ASFF template to use label for severity Use of the `Normalized` and `Product` fields is deprecated in the [ASFF spec](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-attributes.html#asff-severity). Instead, we should just provide the severity as a `Label`, which simplifies the logic in this template quite a bit as well. * fix(asff): use severity var Co-authored-by: knqyf263 <knqyf263@gmail.com>	2021-06-10 12:12:53 +03:00
Teppei Fukuda	e362843705	BREAKING: migrate to a new JSON schema (#782 ) * feat: introduce a new JSON schema * test: update * chore(mod): update fanal * refactor: add a comment * test(report): fix * refactor(writer): add omitempty * refactor: replace url * test(scanner): fix	2021-06-08 18:03:24 +03:00
David Wittman	097b8d4881	docs: Fix link to AWS Security Hub template (#1046 )	2021-06-07 10:14:18 +03:00
Teppei Fukuda	3b6122f86d	refactor(server): support gzip (#1045 )	2021-06-06 17:54:12 +03:00
Teppei Fukuda	f75a36945c	chore(rpc): update protoc and twirp (#1044 )	2021-06-06 16:33:25 +03:00
tonaim	e4c32cdb77	Added support for list all packages flag in client (#1032 ) * Added support for list all packages flag in client This commit is to support --list-all_pkgs argument in client command Example command: trivy -d client --list-all-pkgs --remote http://localhost:8080 ubuntu:18.04. * Updated argument in client.md * Fixed all format issues	2021-06-03 22:47:48 +03:00
Carol Valencia	fb19abd09a	chore: chart with 0.18.3 (#1033 ) Co-authored-by: krol3 <krol3@users.noreply.github.com>	2021-06-01 08:29:21 +03:00
bmagistro	d2afc206b2	feat: add gitlab codequality template (#895 ) * Add gitlab codequality template * add unit test for gitlab codequality template * update line endings to msdos (\r\n) from unix * update gitlab docs for codeclimate template	2021-05-31 11:20:59 +03:00
Teppei Fukuda	43ff5f93e8	feat(plugin): add aqua plugin (#1029 )	2021-05-31 10:54:46 +03:00
rahul2393	5e6a50b2f9	fix(go): if patchedVersion is empty mark it as vulnerable (#1030 ) * fix(go): if patchedVersion is empty mark it as vulnerable * fix(go): skip checking for vulnerable version if empty * fix(go): refactored empty check at start of match * fix(go): added unit test for empty patched/vulnerable version	2021-05-30 15:43:14 +03:00
Teppei Fukuda	23b9533791	docs(ubuntu): fix supported versions (#1028 )	2021-05-30 14:13:45 +03:00
Huang Huang	d1f8cfcfdc	Support Ubuntu 21.04 (#1027 )	2021-05-30 11:10:19 +03:00
Teppei Fukuda	aa2336be92	chore: remove codecov (#1016 )	2021-05-27 09:25:37 +03:00
Tomoya Amachi	e64617212e	fix typo on github-actions.md (#1022 )	2021-05-27 09:10:46 +03:00
Teppei Fukuda	85e45cad95	chore(ci): change to more granular tokens (#1014 )	2021-05-24 02:35:44 +03:00
rahul2393	9fa512a652	chore(ci): add Go scanning and update dependencies (#1001 ) * Fixed dependency * Scan repo action added * only check for Critical with exit-code=1 * Fix vulnerability in go.sum * more fixes	2021-05-23 11:21:23 +03:00
skovati	349371bbc9	docs: Add HIGH severity to Trivy command in GitLab CI example to match comment (#1013 ) * Add HIGH severity to Trivy command in GitLab CI example to match comment * Change comment to accurately reflect Trivy command that fails only on CRITICAL vulnerabilities	2021-05-23 04:55:46 +03:00
Teppei Fukuda	4446961167	fix(image): disable go.sum scanning (#1007 )	2021-05-20 10:01:19 +03:00
Teppei Fukuda	04473ada48	fix(gomod): handle go.sum with an empty line (#1006 )	2021-05-20 09:39:06 +03:00
Teppei Fukuda	1b66b77f69	feat: prepare for config scanning (#1005 ) * temp: disable config scanning	2021-05-20 09:05:36 +03:00
gboer	8fc6ea6489	Clarify that dev dependencies are excluded (#986 ) Co-authored-by: knqyf263 <knqyf263@gmail.com>	2021-05-19 05:47:05 +03:00
rahul2393	eaf2da20a6	Include target value in Sarif template ruleID (#991 ) * Include target value in Sarif template ruleID * Fix format	2021-05-13 20:10:34 +03:00
rahul2393	083c157b05	chore(mkdocs): allow workflow_dispatch (#989 ) * Updated docs for go libraries. * Add option to manually trigger doc publish	2021-05-12 19:57:14 +03:00
rahul2393	e26e39a7f8	fix(vuln) unique vulnerabilities from different data sources (#984 ) * Fix duplicate Rule in sarif template * Fix integration tests * Fixed tests * Update certs validity upto 2100 * Moved deduplication logic to Filter * Fix linting issue * Fix liniting issue * fix: deduplicate vulnerabilities * refactor * fix: add installed versions to uniq keys * Fix tests * Fix Unit tests. * Revert port change Co-authored-by: knqyf263 <knqyf263@gmail.com>	2021-05-12 13:10:05 +03:00
rahul2393	04e7ccabea	feat(go): added support of gomod analyzer (#978 ) * Added support of gomod analyzer. * add imports * fix gocyclo * Ran go fmt	2021-05-11 04:18:13 +03:00