forked from aquasecurity/tfsec
-
Notifications
You must be signed in to change notification settings - Fork 0
/
mkdocs.yml
391 lines (379 loc) · 22.6 KB
/
mkdocs.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
site_name: tfsec
site_url: https://aquasecurity.github.io/tfsec/
site_description: A static analysis security scanner for your Terraform code
docs_dir: docs/
repo_name: aquasecurity/tfsec
repo_url: https://github.com/aquasecurity/tfsec
edit_uri: ''
theme:
favicon: favicon.ico
features:
- navigation.tabs
- navigation.tabs.sticky
- navigation.sections
language: en
logo: imgs/tfsec.png
name: material
nav:
- HOME: index.md
- Getting Started:
- Installation: getting-started/installation.md
- Signature Verification: getting-started/signing.md
- Quick Start: getting-started/quickstart.md
- Parameters: getting-started/usage.md
- Credits: getting-started/credit.md
- Configuration:
- Config File: getting-started/configuration/config.md
- Custom Checks: getting-started/configuration/custom-checks.md
- Ignoring Checks: getting-started/configuration/ignores.md
- GitHub Actions:
- GitHub Action: getting-started/configuration/github-actions/github-action.md
- PR Commenter: getting-started/configuration/github-actions/pr-commenter.md
- Checks:
- aws:
- api-gateway:
- enable-access-logging: checks/aws/api-gateway/enable-access-logging/index.md
- enable-cache-encryption: checks/aws/api-gateway/enable-cache-encryption/index.md
- enable-tracing: checks/aws/api-gateway/enable-tracing/index.md
- no-public-access: checks/aws/api-gateway/no-public-access/index.md
- use-secure-tls-policy: checks/aws/api-gateway/use-secure-tls-policy/index.md
- athena:
- enable-at-rest-encryption: checks/aws/athena/enable-at-rest-encryption/index.md
- no-encryption-override: checks/aws/athena/no-encryption-override/index.md
- autoscaling:
- enable-at-rest-encryption: checks/aws/autoscaling/enable-at-rest-encryption/index.md
- enforce-http-token-imds: checks/aws/autoscaling/enforce-http-token-imds/index.md
- no-public-ip: checks/aws/autoscaling/no-public-ip/index.md
- no-secrets-in-user-data: checks/aws/autoscaling/no-secrets-in-user-data/index.md
- no-sensitive-info: checks/aws/autoscaling/no-sensitive-info/index.md
- cloudfront:
- enable-logging: checks/aws/cloudfront/enable-logging/index.md
- enable-waf: checks/aws/cloudfront/enable-waf/index.md
- enforce-https: checks/aws/cloudfront/enforce-https/index.md
- use-secure-tls-policy: checks/aws/cloudfront/use-secure-tls-policy/index.md
- cloudtrail:
- enable-all-regions: checks/aws/cloudtrail/enable-all-regions/index.md
- enable-at-rest-encryption: checks/aws/cloudtrail/enable-at-rest-encryption/index.md
- enable-log-validation: checks/aws/cloudtrail/enable-log-validation/index.md
- cloudwatch:
- log-group-customer-key: checks/aws/cloudwatch/log-group-customer-key/index.md
- codebuild:
- enable-encryption: checks/aws/codebuild/enable-encryption/index.md
- config:
- aggregate-all-regions: checks/aws/config/aggregate-all-regions/index.md
- documentdb:
- enable-log-export: checks/aws/documentdb/enable-log-export/index.md
- enable-storage-encryption: checks/aws/documentdb/enable-storage-encryption/index.md
- encryption-customer-key: checks/aws/documentdb/encryption-customer-key/index.md
- dynamodb:
- enable-at-rest-encryption: checks/aws/dynamodb/enable-at-rest-encryption/index.md
- enable-recovery: checks/aws/dynamodb/enable-recovery/index.md
- table-customer-key: checks/aws/dynamodb/table-customer-key/index.md
- ebs:
- enable-volume-encryption: checks/aws/ebs/enable-volume-encryption/index.md
- encryption-customer-key: checks/aws/ebs/encryption-customer-key/index.md
- ec2:
- enable-at-rest-encryption: checks/aws/ec2/enable-at-rest-encryption/index.md
- enforce-http-token-imds: checks/aws/ec2/enforce-http-token-imds/index.md
- no-secrets-in-user-data: checks/aws/ec2/no-secrets-in-user-data/index.md
- ecr:
- enable-image-scans: checks/aws/ecr/enable-image-scans/index.md
- enforce-immutable-repository: checks/aws/ecr/enforce-immutable-repository/index.md
- no-public-access: checks/aws/ecr/no-public-access/index.md
- repository-customer-key: checks/aws/ecr/repository-customer-key/index.md
- ecs:
- enable-container-insight: checks/aws/ecs/enable-container-insight/index.md
- enable-in-transit-encryption: checks/aws/ecs/enable-in-transit-encryption/index.md
- no-plaintext-secrets: checks/aws/ecs/no-plaintext-secrets/index.md
- efs:
- enable-at-rest-encryption: checks/aws/efs/enable-at-rest-encryption/index.md
- eks:
- enable-control-plane-logging: checks/aws/eks/enable-control-plane-logging/index.md
- encrypt-secrets: checks/aws/eks/encrypt-secrets/index.md
- no-public-cluster-access: checks/aws/eks/no-public-cluster-access/index.md
- no-public-cluster-access-to-cidr: checks/aws/eks/no-public-cluster-access-to-cidr/index.md
- elastic-search:
- enable-domain-encryption: checks/aws/elastic-search/enable-domain-encryption/index.md
- enable-domain-logging: checks/aws/elastic-search/enable-domain-logging/index.md
- enable-in-transit-encryption: checks/aws/elastic-search/enable-in-transit-encryption/index.md
- enforce-https: checks/aws/elastic-search/enforce-https/index.md
- use-secure-tls-policy: checks/aws/elastic-search/use-secure-tls-policy/index.md
- elasticache:
- add-description-for-security-group: checks/aws/elasticache/add-description-for-security-group/index.md
- enable-at-rest-encryption: checks/aws/elasticache/enable-at-rest-encryption/index.md
- enable-backup-retention: checks/aws/elasticache/enable-backup-retention/index.md
- enable-in-transit-encryption: checks/aws/elasticache/enable-in-transit-encryption/index.md
- elb:
- alb-not-public: checks/aws/elb/alb-not-public/index.md
- drop-invalid-headers: checks/aws/elb/drop-invalid-headers/index.md
- http-not-used: checks/aws/elb/http-not-used/index.md
- use-secure-tls-policy: checks/aws/elb/use-secure-tls-policy/index.md
- iam:
- enforce-mfa: checks/aws/iam/enforce-mfa/index.md
- no-password-reuse: checks/aws/iam/no-password-reuse/index.md
- no-policy-wildcards: checks/aws/iam/no-policy-wildcards/index.md
- require-lowercase-in-passwords: checks/aws/iam/require-lowercase-in-passwords/index.md
- require-numbers-in-passwords: checks/aws/iam/require-numbers-in-passwords/index.md
- require-symbols-in-passwords: checks/aws/iam/require-symbols-in-passwords/index.md
- require-uppercase-in-passwords: checks/aws/iam/require-uppercase-in-passwords/index.md
- set-max-password-age: checks/aws/iam/set-max-password-age/index.md
- set-minimum-password-length: checks/aws/iam/set-minimum-password-length/index.md
- aws: checks/aws/home.md
- kinesis:
- enable-in-transit-encryption: checks/aws/kinesis/enable-in-transit-encryption/index.md
- kms:
- auto-rotate-keys: checks/aws/kms/auto-rotate-keys/index.md
- lambda:
- enable-tracing: checks/aws/lambda/enable-tracing/index.md
- restrict-source-arn: checks/aws/lambda/restrict-source-arn/index.md
- mq:
- enable-audit-logging: checks/aws/mq/enable-audit-logging/index.md
- enable-general-logging: checks/aws/mq/enable-general-logging/index.md
- no-public-access: checks/aws/mq/no-public-access/index.md
- msk:
- enable-in-transit-encryption: checks/aws/msk/enable-in-transit-encryption/index.md
- enable-logging: checks/aws/msk/enable-logging/index.md
- neptune:
- enable-log-export: checks/aws/neptune/enable-log-export/index.md
- enable-storage-encryption: checks/aws/neptune/enable-storage-encryption/index.md
- encryption-customer-key: checks/aws/neptune/encryption-customer-key/index.md
- rds:
- enable-performance-insights: checks/aws/rds/enable-performance-insights/index.md
- enable-performance-insights-encryption: checks/aws/rds/enable-performance-insights-encryption/index.md
- encrypt-cluster-storage-data: checks/aws/rds/encrypt-cluster-storage-data/index.md
- encrypt-instance-storage-data: checks/aws/rds/encrypt-instance-storage-data/index.md
- no-classic-resources: checks/aws/rds/no-classic-resources/index.md
- no-public-db-access: checks/aws/rds/no-public-db-access/index.md
- specify-backup-retention: checks/aws/rds/specify-backup-retention/index.md
- redshift:
- encryption-customer-key: checks/aws/redshift/encryption-customer-key/index.md
- use-vpc: checks/aws/redshift/use-vpc/index.md
- s3:
- block-public-acls: checks/aws/s3/block-public-acls/index.md
- block-public-policy: checks/aws/s3/block-public-policy/index.md
- enable-bucket-encryption: checks/aws/s3/enable-bucket-encryption/index.md
- enable-bucket-logging: checks/aws/s3/enable-bucket-logging/index.md
- enable-versioning: checks/aws/s3/enable-versioning/index.md
- encryption-customer-key: checks/aws/s3/encryption-customer-key/index.md
- ignore-public-acls: checks/aws/s3/ignore-public-acls/index.md
- no-public-access-with-acl: checks/aws/s3/no-public-access-with-acl/index.md
- no-public-buckets: checks/aws/s3/no-public-buckets/index.md
- specify-public-access-block: checks/aws/s3/specify-public-access-block/index.md
- sns:
- enable-topic-encryption: checks/aws/sns/enable-topic-encryption/index.md
- sqs:
- enable-queue-encryption: checks/aws/sqs/enable-queue-encryption/index.md
- no-wildcards-in-policy-documents: checks/aws/sqs/no-wildcards-in-policy-documents/index.md
- ssm:
- secret-use-customer-key: checks/aws/ssm/secret-use-customer-key/index.md
- vpc:
- add-description-to-security-group: checks/aws/vpc/add-description-to-security-group/index.md
- add-description-to-security-group-rule: checks/aws/vpc/add-description-to-security-group-rule/index.md
- no-default-vpc: checks/aws/vpc/no-default-vpc/index.md
- no-excessive-port-access: checks/aws/vpc/no-excessive-port-access/index.md
- no-public-egress-sgr: checks/aws/vpc/no-public-egress-sgr/index.md
- no-public-ingress-acl: checks/aws/vpc/no-public-ingress-acl/index.md
- no-public-ingress-sgr: checks/aws/vpc/no-public-ingress-sgr/index.md
- workspaces:
- enable-disk-encryption: checks/aws/workspaces/enable-disk-encryption/index.md
- azure:
- appservice:
- account-identity-registered: checks/azure/appservice/account-identity-registered/index.md
- authentication-enabled: checks/azure/appservice/authentication-enabled/index.md
- enable-http2: checks/azure/appservice/enable-http2/index.md
- enforce-https: checks/azure/appservice/enforce-https/index.md
- require-client-cert: checks/azure/appservice/require-client-cert/index.md
- use-secure-tls-policy: checks/azure/appservice/use-secure-tls-policy/index.md
- authorization:
- limit-role-actions: checks/azure/authorization/limit-role-actions/index.md
- compute:
- disable-password-authentication: checks/azure/compute/disable-password-authentication/index.md
- enable-disk-encryption: checks/azure/compute/enable-disk-encryption/index.md
- no-secrets-in-custom-data: checks/azure/compute/no-secrets-in-custom-data/index.md
- container:
- configured-network-policy: checks/azure/container/configured-network-policy/index.md
- limit-authorized-ips: checks/azure/container/limit-authorized-ips/index.md
- logging: checks/azure/container/logging/index.md
- use-rbac-permissions: checks/azure/container/use-rbac-permissions/index.md
- database:
- all-threat-alerts-enabled: checks/azure/database/all-threat-alerts-enabled/index.md
- enable-audit: checks/azure/database/enable-audit/index.md
- enable-ssl-enforcement: checks/azure/database/enable-ssl-enforcement/index.md
- no-public-access: checks/azure/database/no-public-access/index.md
- no-public-firewall-access: checks/azure/database/no-public-firewall-access/index.md
- postgres-configuration-connection-throttling: checks/azure/database/postgres-configuration-connection-throttling/index.md
- postgres-configuration-log-checkpoints: checks/azure/database/postgres-configuration-log-checkpoints/index.md
- postgres-configuration-log-connections: checks/azure/database/postgres-configuration-log-connections/index.md
- retention-period-set: checks/azure/database/retention-period-set/index.md
- secure-tls-policy: checks/azure/database/secure-tls-policy/index.md
- threat-alert-email-set: checks/azure/database/threat-alert-email-set/index.md
- threat-alert-email-to-owner: checks/azure/database/threat-alert-email-to-owner/index.md
- datafactory:
- no-public-access: checks/azure/datafactory/no-public-access/index.md
- datalake:
- enable-at-rest-encryption: checks/azure/datalake/enable-at-rest-encryption/index.md
- azure: checks/azure/home.md
- keyvault:
- content-type-for-secret: checks/azure/keyvault/content-type-for-secret/index.md
- ensure-key-expiry: checks/azure/keyvault/ensure-key-expiry/index.md
- ensure-secret-expiry: checks/azure/keyvault/ensure-secret-expiry/index.md
- no-purge: checks/azure/keyvault/no-purge/index.md
- specify-network-acl: checks/azure/keyvault/specify-network-acl/index.md
- monitor:
- activity-log-retention-set: checks/azure/monitor/activity-log-retention-set/index.md
- capture-all-activities: checks/azure/monitor/capture-all-activities/index.md
- capture-all-regions: checks/azure/monitor/capture-all-regions/index.md
- network:
- disable-rdp-from-internet: checks/azure/network/disable-rdp-from-internet/index.md
- no-public-egress: checks/azure/network/no-public-egress/index.md
- no-public-ingress: checks/azure/network/no-public-ingress/index.md
- retention-policy-set: checks/azure/network/retention-policy-set/index.md
- ssh-blocked-from-internet: checks/azure/network/ssh-blocked-from-internet/index.md
- security-center:
- alert-on-severe-notifications: checks/azure/security-center/alert-on-severe-notifications/index.md
- enable-standard-subscription: checks/azure/security-center/enable-standard-subscription/index.md
- set-required-contact-details: checks/azure/security-center/set-required-contact-details/index.md
- storage:
- allow-microsoft-service-bypass: checks/azure/storage/allow-microsoft-service-bypass/index.md
- default-action-deny: checks/azure/storage/default-action-deny/index.md
- enforce-https: checks/azure/storage/enforce-https/index.md
- no-public-access: checks/azure/storage/no-public-access/index.md
- queue-services-logging-enabled: checks/azure/storage/queue-services-logging-enabled/index.md
- use-secure-tls-policy: checks/azure/storage/use-secure-tls-policy/index.md
- synapse:
- virtual-network-enabled: checks/azure/synapse/virtual-network-enabled/index.md
- cloudstack:
- compute:
- no-sensitive-info: checks/cloudstack/compute/no-sensitive-info/index.md
- cloudstack: checks/cloudstack/home.md
- digitalocean:
- compute:
- enforce-https: checks/digitalocean/compute/enforce-https/index.md
- kubernetes-auto-upgrades-not-enabled: checks/digitalocean/compute/kubernetes-auto-upgrades-not-enabled/index.md
- no-public-egress: checks/digitalocean/compute/no-public-egress/index.md
- no-public-ingress: checks/digitalocean/compute/no-public-ingress/index.md
- surge-upgrades-not-enabled: checks/digitalocean/compute/surge-upgrades-not-enabled/index.md
- use-ssh-keys: checks/digitalocean/compute/use-ssh-keys/index.md
- digitalocean: checks/digitalocean/home.md
- spaces:
- acl-no-public-read: checks/digitalocean/spaces/acl-no-public-read/index.md
- disable-force-destroy: checks/digitalocean/spaces/disable-force-destroy/index.md
- versioning-enabled: checks/digitalocean/spaces/versioning-enabled/index.md
- general:
- general: checks/general/home.md
- secrets:
- no-plaintext-exposure: checks/general/secrets/no-plaintext-exposure/index.md
- github:
- actions:
- no-plain-text-action-secrets: checks/github/actions/no-plain-text-action-secrets/index.md
- github: checks/github/home.md
- repositories:
- enable_vulnerability_alerts: checks/github/repositories/enable_vulnerability_alerts/index.md
- private: checks/github/repositories/private/index.md
- google:
- bigquery:
- no-public-access: checks/google/bigquery/no-public-access/index.md
- compute:
- disk-encryption-customer-key: checks/google/compute/disk-encryption-customer-key/index.md
- disk-encryption-no-plaintext-key: checks/google/compute/disk-encryption-no-plaintext-key/index.md
- enable-shielded-vm-im: checks/google/compute/enable-shielded-vm-im/index.md
- enable-shielded-vm-vtpm: checks/google/compute/enable-shielded-vm-vtpm/index.md
- enable-vpc-flow-logs: checks/google/compute/enable-vpc-flow-logs/index.md
- no-default-service-account: checks/google/compute/no-default-service-account/index.md
- no-ip-forwarding: checks/google/compute/no-ip-forwarding/index.md
- no-oslogin-override: checks/google/compute/no-oslogin-override/index.md
- no-project-wide-ssh-keys: checks/google/compute/no-project-wide-ssh-keys/index.md
- no-public-egress: checks/google/compute/no-public-egress/index.md
- no-public-ingress: checks/google/compute/no-public-ingress/index.md
- no-public-ip: checks/google/compute/no-public-ip/index.md
- no-serial-port: checks/google/compute/no-serial-port/index.md
- project-level-oslogin: checks/google/compute/project-level-oslogin/index.md
- use-secure-tls-policy: checks/google/compute/use-secure-tls-policy/index.md
- vm-disk-encryption-customer-key: checks/google/compute/vm-disk-encryption-customer-key/index.md
- dns:
- enable-dnssec: checks/google/dns/enable-dnssec/index.md
- no-rsa-sha1: checks/google/dns/no-rsa-sha1/index.md
- gke:
- enable-auto-repair: checks/google/gke/enable-auto-repair/index.md
- enable-auto-upgrade: checks/google/gke/enable-auto-upgrade/index.md
- enable-ip-aliasing: checks/google/gke/enable-ip-aliasing/index.md
- enable-master-networks: checks/google/gke/enable-master-networks/index.md
- enable-network-policy: checks/google/gke/enable-network-policy/index.md
- enable-private-cluster: checks/google/gke/enable-private-cluster/index.md
- enable-stackdriver-logging: checks/google/gke/enable-stackdriver-logging/index.md
- enable-stackdriver-monitoring: checks/google/gke/enable-stackdriver-monitoring/index.md
- enforce-pod-security-policy: checks/google/gke/enforce-pod-security-policy/index.md
- metadata-endpoints-disabled: checks/google/gke/metadata-endpoints-disabled/index.md
- no-legacy-authentication: checks/google/gke/no-legacy-authentication/index.md
- no-public-control-plane: checks/google/gke/no-public-control-plane/index.md
- node-metadata-security: checks/google/gke/node-metadata-security/index.md
- node-pool-uses-cos: checks/google/gke/node-pool-uses-cos/index.md
- node-shielding-enabled: checks/google/gke/node-shielding-enabled/index.md
- use-cluster-labels: checks/google/gke/use-cluster-labels/index.md
- use-rbac-permissions: checks/google/gke/use-rbac-permissions/index.md
- use-service-account: checks/google/gke/use-service-account/index.md
- iam:
- no-default-network: checks/google/iam/no-default-network/index.md
- no-folder-level-default-service-account-assignment: checks/google/iam/no-folder-level-default-service-account-assignment/index.md
- no-folder-level-service-account-impersonation: checks/google/iam/no-folder-level-service-account-impersonation/index.md
- no-org-level-default-service-account-assignment: checks/google/iam/no-org-level-default-service-account-assignment/index.md
- no-org-level-service-account-impersonation: checks/google/iam/no-org-level-service-account-impersonation/index.md
- no-privileged-service-accounts: checks/google/iam/no-privileged-service-accounts/index.md
- no-project-level-default-service-account-assignment: checks/google/iam/no-project-level-default-service-account-assignment/index.md
- no-project-level-service-account-impersonation: checks/google/iam/no-project-level-service-account-impersonation/index.md
- no-user-granted-permissions: checks/google/iam/no-user-granted-permissions/index.md
- google: checks/google/home.md
- kms:
- rotate-kms-keys: checks/google/kms/rotate-kms-keys/index.md
- sql:
- enable-backup: checks/google/sql/enable-backup/index.md
- enable-pg-temp-file-logging: checks/google/sql/enable-pg-temp-file-logging/index.md
- encrypt-in-transit-data: checks/google/sql/encrypt-in-transit-data/index.md
- mysql-no-local-infile: checks/google/sql/mysql-no-local-infile/index.md
- no-contained-db-auth: checks/google/sql/no-contained-db-auth/index.md
- no-cross-db-ownership-chaining: checks/google/sql/no-cross-db-ownership-chaining/index.md
- no-public-access: checks/google/sql/no-public-access/index.md
- pg-log-checkpoints: checks/google/sql/pg-log-checkpoints/index.md
- pg-log-connections: checks/google/sql/pg-log-connections/index.md
- pg-log-disconnections: checks/google/sql/pg-log-disconnections/index.md
- pg-log-errors: checks/google/sql/pg-log-errors/index.md
- pg-log-lock-waits: checks/google/sql/pg-log-lock-waits/index.md
- pg-no-min-statement-logging: checks/google/sql/pg-no-min-statement-logging/index.md
- storage:
- enable-ubla: checks/google/storage/enable-ubla/index.md
- no-public-access: checks/google/storage/no-public-access/index.md
- kubernetes:
- kubernetes: checks/kubernetes/home.md
- network:
- no-public-egress: checks/kubernetes/network/no-public-egress/index.md
- no-public-ingress: checks/kubernetes/network/no-public-ingress/index.md
- openstack:
- compute:
- no-plaintext-password: checks/openstack/compute/no-plaintext-password/index.md
- no-public-access: checks/openstack/compute/no-public-access/index.md
- openstack: checks/openstack/home.md
- oracle:
- compute:
- no-public-ip: checks/oracle/compute/no-public-ip/index.md
- oracle: checks/oracle/home.md
plugins:
- search
- macros
- include-markdown
extra:
generator: false
version:
method: mike
provider: mike
markdown_extensions:
- pymdownx.highlight
- pymdownx.superfences
- admonition
- footnotes
- attr_list
- pymdownx.tabbed
- def_list
- pymdownx.details
- tables
extra_css:
- css/extra.css