Available rulesets
vulnetix/opa-fugue-regula
275 rules · Terraform, CloudFormation, Kubernetes manifests, ARM templates.
--rule vulnetix/opa-fugue-regula
vulnetix/community-rules
243 rules · curated index of community rule packs across Terraform, Kubernetes, Dockerfile, OpenAPI.
--rule vulnetix/community-rules
vulnetix/opa-checkmarx-kics
203 rules · KICS misconfiguration coverage for Terraform, Ansible, Dockerfile.
--rule vulnetix/opa-checkmarx-kics
vulnetix/opa-aquasecurity-trivy
107 rules · Trivy IaC misconfiguration checks for Docker and Kubernetes.
--rule vulnetix/opa-aquasecurity-trivy
vulnetix/opa-cigna-tf
47 rules · AWS Terraform controls for ACM, API Gateway, CloudFront, IAM, RDS.
--rule vulnetix/opa-cigna-tf
vulnetix/opa-cds-aws-tf
16 rules · CDS hardening for IAM, RDS, CloudFront, WAF, ECS, Lambda.
--rule vulnetix/opa-cds-aws-tf
vulnetix/opa-snyk-labs-iac
6 rules · reference IaC custom rules — AMI allowlists, password policies, S3 controls, required tagging.
--rule vulnetix/opa-snyk-labs-iac
Authoring
- Repo with a
rules/directory at the root. Subdirs walked recursively._lib/reserved for shared helpers. - Each
.regofile declaresmetadata := {...}and afindingsset. Required metadata:id,name,description,languages,severity,kind. - Push to any Git host. Load with
--rule org/repo. Override the registry via--rule-registry <url>for GitLab, Gitea, GHE, or SSH.
Cache lives at ~/.cache/vulnetix/rules/<org>/<repo>/ on Linux. Pulls automatically on subsequent runs.