Improve documentation on custom Rego policy for 'unsupported' resources

[brsolomon-deloitte]

Description

The Trivy documentation around how to write custom Rego policies, or otherwise how to contribute back to Trivy to write any required Go modules, would be useful for resources that are not currently supported by trivy config.

For example: we would like to write a custom .rego that checks Terraform aws_ec2_client_vpn_endpoint and verifies that, if any aws_ec2_client_vpn_endpoint is provisioned, the argument client_login_banner_options.enabled is set to true and the argument client_login_banner_options.banner_text is a non-empty string.
link=https://aquasecurity.github.io/trivy/v0.48/docs/scanner/misconfiguration/custom/

We see that AWS Client VPN does not appear to be a supported resource currently as it is not present at cloud.json or in the AWS provider.

Link

https://aquasecurity.github.io/trivy/v0.48/docs/scanner/misconfiguration/custom/

Suggestions

• Describe the extent to which this is supported, or not supported. Does Trivy have extensibility to add-on supported resources using Go or Rego from the user side?
• If not, it would be useful for the docs to mention briefly how to develop against/contribute to Trivy upstream to add support for new resource types.

[itaysk]

@AnaisUrlichs @simar7
this is similar to the defsec schema clarification issue