gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-23 15:37:50 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
d6418cf0de46e37a3d1cc7bd4692fa60c0f41eff
trivy/docs/misconfiguration/comparison/cfsec.md
Owen Rumney 9076a49b0f docs: Add comparison for cfsec (#1388) 
* Add cfsec comparison

* Add to mkdocs.yml
2021-11-17 16:42:17 +02:00

25 lines
1.7 KiB
Markdown
Raw Blame History

# vs cfsec
[cfsec][cfsec] uses static analysis of your CloudFormation templates to spot potential security issues.
Trivy uses cfsec internally to scan both JSON and YAML configuration files, but Trivy doesn't support some features provided by cfsec.
This section describes the differences between Trivy and cfsec.
| Feature | Trivy | cfsec |
| --------------------------- | --------------------------------------- | -------------------- |
| Built-in Policies | :material-check: | :material-check: |
| Custom Policies | Rego[^1] | :material-close: |
| Policy Metadata[^2] | :material-check: | :material-check: |
| Show Successes | :material-check: | :material-check: |
| Disable Policies | :material-check: | :material-check: |
| Show Issue Lines | :material-close: | :material-check: |
| View Statistics | :material-close: | :material-check: |
| Filtering by Severity | :material-check: | :material-close: |
| Supported Formats | Dockerfile, JSON, YAML, Terraform, etc. | CloudFormation JSON and YAML |
[^1]: CloudFormation files are not supported
[^2]: To enrich the results such as ID, Title, Description, Severity, etc.
cfsec is designed for CloudFormation.
People who use only want to scan their CloudFormation templates should use cfsec.
People who want to scan a wide range of configuration files should use Trivy.
[cfsec]: https://github.com/aquasecurity/cfsec
Reference in New Issue View Git Blame Copy Permalink