All
Queries List¶
This page contains all queries.
| Query | Platform | Severity | Category | More info |
|---|---|---|---|---|
| Client Certificate Authentication Not Setup Properly e0e00aba-5f1c-4981-a542-9a9563c0ee20 |
Kubernetes | High | Access Control | Query details Documentation |
| Service Account Lookup Set To False a5530bd7-225a-48f9-91bb-f40b04200165 |
Kubernetes | High | Access Control | Query details Documentation |
| Token Auth File Is Set 32ecd76e-7bbf-402e-bf48-8b9485749558 |
Kubernetes | High | Access Control | Query details Documentation |
| Use Service Account Credentials Not Set To True 1acd93f1-5a37-45c0-aaac-82ece818be7d |
Kubernetes | High | Access Control | Query details Documentation |
| RBAC Wildcard In Rule 6b896afb-ca07-467a-b256-1a0077a1c08e |
Kubernetes | High | Access Control | Query details Documentation |
| Basic Auth File Is Set 5da47109-f8d6-4585-9e2b-96a8958a12f5 |
Kubernetes | High | Access Control | Query details Documentation |
| Always Admit Admission Control Plugin Set ce30e584-b33f-4c7d-b418-a3d7027f8f60 |
Kubernetes | High | Access Control | Query details Documentation |
| Node Restriction Admission Control Plugin Not Set 33fc6923-6553-4fe6-9d3a-4efa51eb874b |
Kubernetes | High | Access Control | Query details Documentation |
| Pod Security Policy Admission Control Plugin Not Set afa36afb-39fe-4d94-b9b6-afb236f7a03d |
Kubernetes | High | Build Process | Query details Documentation |
| Service Account Private Key File Not Defined ccc98ff7-68a7-436e-9218-185cb0b0b780 |
Kubernetes | High | Encryption | Query details Documentation |
| PSP Allows Containers To Share The Host Network Namespace a33e9173-b674-4dfb-9d82-cf3754816e4b |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| Container Is Privileged dd29336b-fe57-445b-a26e-e6aa867ae609 |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| Shared Host PID Namespace 302736f4-b16c-41b8-befe-c0baffa0bd9d |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| Privilege Escalation Allowed 5572cc5e-1e4c-4113-92a6-7a8a3bd25e6d |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| Not Limited Capabilities For Pod Security Policy caa93370-791f-4fc6-814b-ba6ce0cb4032 |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| Tiller (Helm v2) Is Deployed 6d173be7-545a-46c6-a81d-2ae52ed1605d |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| Tiller Service Is Not Deleted 8b862ca9-0fbd-4959-ad72-b6609bdaa22d |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| Cluster Allows Unsafe Sysctls 9127f0d9-2310-42e7-866f-5fd9d20dcbad |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| Role Binding To Default Service Account 1e749bc9-fde8-471c-af0c-8254efd2dee5 |
Kubernetes | High | Insecure Defaults | Query details Documentation |
| Insecure Port Not Properly Set fa4def8c-1898-4a35-a139-7b76b1acdef0 |
Kubernetes | High | Networking and Firewall | Query details Documentation |
| Etcd TLS Certificate Not Properly Configured 895a5a95-3756-4b04-9924-2f3bc93181bd |
Kubernetes | High | Networking and Firewall | Query details Documentation |
| Kubelet HTTPS Set To False cdc8b54e-6b16-4538-a1b0-35849dbe29cf |
Kubernetes | High | Networking and Firewall | Query details Documentation |
| Insecure Bind Address Set b9380fd3-5ffe-4d10-9290-13e18e71eee1 |
Kubernetes | High | Networking and Firewall | Query details Documentation |
| Etcd TLS Certificate Files Not Properly Set 075ca296-6768-4322-aea2-ba5063b969a9 |
Kubernetes | High | Networking and Firewall | Query details Documentation |
| TSL Connection Certificate Not Setup fa750c81-93c2-4fab-9c6d-d3fd3ce3b89f |
Kubernetes | High | Networking and Firewall | Query details Documentation |
| Tiller Deployment Is Accessible From Within The Cluster e17fa86a-6222-4584-a914-56e8f6c87e06 |
Kubernetes | High | Networking and Firewall | Query details Documentation |
| Secure Port Set To Zero 3d24b204-b73d-42cb-b0bf-1a5438c5f71e |
Kubernetes | High | Networking and Firewall | Query details Documentation |
| Etcd Peer TLS Certificate Files Not Properly Set 09bb9e96-8da3-4736-b89a-b36814acca60 |
Kubernetes | High | Networking and Firewall | Query details Documentation |
| Bind Address Not Properly Set 46a2e9ec-6a5f-4faa-9d39-4ea44d5d87a2 |
Kubernetes | High | Networking and Firewall | Query details Documentation |
| PSP With Unrestricted Access to Host Path de4421f1-4e35-43b4-9783-737dd4e4a47e |
Kubernetes | High | Resource Management | Query details Documentation |
| Auto TLS Set To True 98ce8b81-7707-4734-aa39-627c6db3d84b |
Kubernetes | High | Secret Management | Query details Documentation |
| Peer Auto TLS Set To True ae8827e2-4af9-4baa-9998-87539ae0d6f0 |
Kubernetes | High | Secret Management | Query details Documentation |
| Authorization Mode RBAC Not Set 1aa4a1ae-5dbb-48a1-9aa2-630ea4be208e |
Kubernetes | Medium | Access Control | Query details Documentation |
| RBAC Roles with Impersonate Permission 9f85c3f6-26fd-4007-938a-2e0cb0100980 |
Kubernetes | Medium | Access Control | Query details Documentation |
| Non Kube System Pod With Host Mount aa8f7a35-9923-4cad-bd61-a19b7f6aac91 |
Kubernetes | Medium | Access Control | Query details Documentation |
| RBAC Roles Allow Privilege Escalation 8320826e-7a9c-4b0b-9535-578333193432 |
Kubernetes | Medium | Access Control | Query details Documentation |
| Authorization Mode Set To Always Allow f1f4d8da-1ac4-47d0-b1aa-91e69d33f7d5 |
Kubernetes | Medium | Access Control | Query details Documentation |
| RBAC Roles with Port-Forwarding Permission 38fa11ef-dbcc-4da8-9680-7e1fd855b6fb |
Kubernetes | Medium | Access Control | Query details Documentation |
| RBAC Roles with Exec Permission c589f42c-7924-4871-aee2-1cede9bc7cbc |
Kubernetes | Medium | Access Control | Query details Documentation |
| RBAC Roles with Attach Permission d45330fd-f58d-45fb-a682-6481477a0f84 |
Kubernetes | Medium | Access Control | Query details Documentation |
| RBAC Roles with Read Secrets Permissions b7bca5c4-1dab-4c2c-8cbe-3050b9d59b14 |
Kubernetes | Medium | Access Control | Query details Documentation |
| Anonymous Auth Is Not Set To False 1de5cc51-f376-4638-a940-20f2e85ae238 |
Kubernetes | Medium | Access Control | Query details Documentation |
| Permissive Access to Create Pods 592ad21d-ad9b-46c6-8d2d-fad09d62a942 |
Kubernetes | Medium | Access Control | Query details Documentation |
| Service Account Admission Control Plugin Disabled 9587c890-0524-40c2-9ce2-663af7c2f063 |
Kubernetes | Medium | Access Control | Query details Documentation |
| Readiness Probe Is Not Configured a659f3b5-9bf0-438a-bd9a-7d3a6427f1e3 |
Kubernetes | Medium | Availability | Query details Documentation |
| Request Timeout Not Properly Set d89a15bb-8dba-4c71-9529-bef6729b9c09 |
Kubernetes | Medium | Availability | Query details Documentation |
| Terminated Pod Garbage Collector Threshold Not Properly Set 49113af4-29ca-458e-b8d4-724c01a4a24f |
Kubernetes | Medium | Availability | Query details Documentation |
| Container Running With Low UID 02323c00-cdc3-4fdc-a310-4f2b3e7a1660 |
Kubernetes | Medium | Best Practices | Query details Documentation |
| Root Containers Admitted e3aa0612-4351-4a0d-983f-aefea25cf203 |
Kubernetes | Medium | Best Practices | Query details Documentation |
| Container Running As Root cf34805e-3872-4c08-bf92-6ff7bb0cfadb |
Kubernetes | Medium | Best Practices | Query details Documentation |
| Incorrect Volume Claim Access Mode ReadWriteOnce 3878dc92-8e5d-47cf-9cdd-7590f71d21b9 |
Kubernetes | Medium | Build Process | Query details Documentation |
| Always Pull Images Admission Control Plugin Not Set a77f4d07-c6e0-4a48-8b35-0eeb51576f4f |
Kubernetes | Medium | Build Process | Query details Documentation |
| Weak TLS Cipher Suites 510d5810-9a30-443a-817d-5c1fa527b110 |
Kubernetes | Medium | Encryption | Query details Documentation |
| Encryption Provider Config Is Not Defined cbd2db69-0b21-4c14-8a40-7710a50571a9 |
Kubernetes | Medium | Encryption | Query details Documentation |
| Encryption Provider Not Properly Configured 10efce34-5af6-4d83-b414-9e096d5a06a9 |
Kubernetes | Medium | Encryption | Query details Documentation |
| Root CA File Not Defined 05fb986f-ac73-4ebb-a5b2-7faafa93d882 |
Kubernetes | Medium | Encryption | Query details Documentation |
| Containers With Sys Admin Capabilities 235236ee-ad78-4065-bd29-61b061f28ce0 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| Containers With Added Capabilities 19ebaa28-fc86-4a58-bcfa-015c9e22fe40 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| Using Unrecommended Namespace 611ab018-c4aa-4ba2-b0f6-a448337509a6 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| PSP Allows Sharing Host PID 91dacd0e-d189-4a9c-8272-5999a3cc32d9 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| PSP Allows Privilege Escalation 87554eef-154d-411d-bdce-9dbd91e56851 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| Kubelet Protect Kernel Defaults Set To False 6cf42c97-facd-4fda-b8af-ea4529123355 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| Authorization Mode Node Not Set 4d7ee40f-fc5d-427d-8cac-dffbe22d42d1 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| PSP Set To Privileged c48e57d3-d642-4e0b-90db-37f807b41b91 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| NET_RAW Capabilities Disabled for PSP 2270987f-bb51-479f-b8be-3ca73e5ad648 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| PSP Allows Sharing Host IPC 80f93444-b240-4ebb-a4c6-5c40b76c04ea |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| PSP With Added Capabilities 7307579a-3abb-46ad-9ce5-2a915634d5c8 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| Security Context Deny Admission Control Plugin Not Set 6a68bebe-c021-492e-8ddb-55b0567fb768 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| Not Limited Capabilities For Container 2f1a0619-b12b-48a0-825f-993bb6f01d58 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| Container Runs Unmasked f922827f-aab6-447c-832a-e1ff63312bd3 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| Ingress Controller Exposes Workload 69bbc5e3-0818-4150-89cc-1e989b48f23b |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| Seccomp Profile Is Not Configured f377b83e-bd07-4f48-a591-60c82b14a78b |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| NET_RAW Capabilities Not Being Dropped dbbc6705-d541-43b0-b166-dd4be8208b54 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| Workload Mounting With Sensitive OS Directory 5308a7a8-06f8-45ac-bf10-791fe21de46e |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| Service Account Token Automount Not Disabled 48471392-d4d0-47c0-b135-cdec95eb3eef |
Kubernetes | Medium | Insecure Defaults | Query details Documentation |
| Service Account Name Undefined Or Empty 591ade62-d6b0-4580-b1ae-209f80ba1cd9 |
Kubernetes | Medium | Insecure Defaults | Query details Documentation |
| Network Policy Is Not Targeting Any Pod 85ab1c5b-014e-4352-b5f8-d7dea3bb4fd3 |
Kubernetes | Medium | Networking and Firewall | Query details Documentation |
| Pod Misconfigured Network Policy 0401f71b-9c1e-4821-ab15-a955caa621be |
Kubernetes | Medium | Networking and Firewall | Query details Documentation |
| Service With External Load Balancer 26763a1c-5dda-4772-b507-5fca7fb5f165 |
Kubernetes | Medium | Networking and Firewall | Query details Documentation |
| Kubelet Not Managing Ip Tables 5f89001f-6dd9-49ff-9b15-d8cd71b617f4 |
Kubernetes | Medium | Networking and Firewall | Query details Documentation |
| Kubelet Streaming Connection Timeout Disabled ed89b97d-04e9-4fd4-919f-ee5b27e555e9 |
Kubernetes | Medium | Networking and Firewall | Query details Documentation |
| CNI Plugin Does Not Support Network Policies 03aabc8c-35d6-481e-9c85-20139cf72d23 |
Kubernetes | Medium | Networking and Firewall | Query details Documentation |
| Kubelet Read Only Port Is Not Set To Zero 2940d48a-dc5e-4178-a3f8-bfbd80720b41 |
Kubernetes | Medium | Networking and Firewall | Query details Documentation |
| Audit Policy File Not Defined 13a49a2e-488e-4309-a7c0-d6b05577a5fb |
Kubernetes | Medium | Observability | Query details Documentation |
| Audit Log Path Not Set 73e251f0-363d-4e53-86e2-0a93592437eb |
Kubernetes | Medium | Observability | Query details Documentation |
| Shared Host IPC Namespace cd290efd-6c82-4e9d-a698-be12ae31d536 |
Kubernetes | Medium | Resource Management | Query details Documentation |
| CPU Requests Not Set ca469dd4-c736-448f-8ac1-30a642705e0a |
Kubernetes | Medium | Resource Management | Query details Documentation |
| Memory Requests Not Defined 229588ef-8fde-40c8-8756-f4f2b5825ded |
Kubernetes | Medium | Resource Management | Query details Documentation |
| Memory Limits Not Defined b14d1bc4-a208-45db-92f0-e21f8e2588e9 |
Kubernetes | Medium | Resource Management | Query details Documentation |
| Shared Host Network Namespace 6b6bdfb3-c3ae-44cb-88e4-7405c1ba2c8a |
Kubernetes | Medium | Resource Management | Query details Documentation |
| Volume Mount With OS Directory Write Permissions b7652612-de4e-4466-a0bf-1cd81f0c6063 |
Kubernetes | Medium | Resource Management | Query details Documentation |
| CPU Limits Not Set 4ac0e2b7-d2d2-4af7-8799-e8de6721ccda |
Kubernetes | Medium | Resource Management | Query details Documentation |
| Kubelet Certificate Authority Not Set ec18a0d3-0069-4a58-a7fb-fbfe0b4bbbe0 |
Kubernetes | Medium | Secret Management | Query details Documentation |
| ServiceAccount Allows Access Secrets 056ac60e-fe07-4acc-9b34-8e1d51716ab9 |
Kubernetes | Medium | Secret Management | Query details Documentation |
| Service Account Key File Not Properly Set dab4ec72-ce2e-4732-b7c3-1757dcce01a1 |
Kubernetes | Medium | Secret Management | Query details Documentation |
| Etcd Client Certificate Authentication Set To False 9391103a-d8d7-4671-ac5d-606ba7ccb0ac |
Kubernetes | Medium | Secret Management | Query details Documentation |
| Kubelet Client Periodic Certificate Switch Disabled 52d70f2e-3257-474c-b3dc-8ad9ba6a061a |
Kubernetes | Medium | Secret Management | Query details Documentation |
| Rotate Kubelet Server Certificate Not Active 1c621b8e-2c6a-44f5-bd6a-fb0fb7ba33e2 |
Kubernetes | Medium | Secret Management | Query details Documentation |
| Not Unique Certificate Authority cb7e695d-6a85-495c-b15f-23aed2519303 |
Kubernetes | Medium | Secret Management | Query details Documentation |
| Etcd Client Certificate File Not Defined 3f5ff8a7-5ad6-4d02-86f5-666307da1b20 |
Kubernetes | Medium | Secret Management | Query details Documentation |
| Kubelet Client Certificate Or Key Not Set 36a27826-1bf5-49da-aeb0-a60a30c0e834 |
Kubernetes | Medium | Secret Management | Query details Documentation |
| Etcd Peer Client Certificate Authentication Set To False b7d0181d-0a9b-4611-9d1c-1ad4f0b620ff |
Kubernetes | Medium | Secret Management | Query details Documentation |
| Shared Service Account c1032cf7-3628-44e2-bd53-38c17cf31b6b |
Kubernetes | Medium | Secret Management | Query details Documentation |
| Docker Daemon Socket is Exposed to Containers a6f34658-fdfb-4154-9536-56d516f65828 |
Kubernetes | Low | Access Control | Query details Documentation |
| Cluster Admin Rolebinding With Superuser Permissions 249328b8-5f0f-409f-b1dd-029f07882e11 |
Kubernetes | Low | Access Control | Query details Documentation |
| Missing AppArmor Profile 8b36775e-183d-4d46-b0f7-96a6f34a723f |
Kubernetes | Low | Access Control | Query details Documentation |
| StatefulSet Without Service Name bb241e61-77c3-4b97-9575-c0f8a1e008d0 |
Kubernetes | Low | Availability | Query details Documentation |
| Event Rate Limit Admission Control Plugin Not Set e0099af2-fe17-411f-9991-0de28fe15f3c |
Kubernetes | Low | Availability | Query details Documentation |
| HPA Targets Invalid Object 2f652c42-619d-4361-b361-9f599688f8ca |
Kubernetes | Low | Availability | Query details Documentation |
| StatefulSet Without PodDisruptionBudget 1db3a5a5-bf75-44e5-9e44-c56cfc8b1ac5 |
Kubernetes | Low | Availability | Query details Documentation |
| Liveness Probe Is Not Defined ade74944-a674-4e00-859e-c6eab5bde441 |
Kubernetes | Low | Availability | Query details Documentation |
| Deployment Without PodDisruptionBudget b23e9b98-0cb6-4fc9-b257-1f3270442678 |
Kubernetes | Low | Availability | Query details Documentation |
| HPA Targeted Deployments With Configured Replica Count 5744cbb8-5946-4b75-a196-ade44449525b |
Kubernetes | Low | Availability | Query details Documentation |
| Object Is Using A Deprecated API Version 94b76ea5-e074-4ca2-8a03-c5a606e30645 |
Kubernetes | Low | Best Practices | Query details Documentation |
| Metadata Label Is Invalid 1123031a-f921-4c5b-bd86-ef354ecfd37a |
Kubernetes | Low | Best Practices | Query details Documentation |
| No Drop Capabilities for Containers 268ca686-7fb7-4ae9-b129-955a2a89064e |
Kubernetes | Low | Best Practices | Query details Documentation |
| StatefulSet Requests Storage 8cf4671a-cf3d-46fc-8389-21e7405063a2 |
Kubernetes | Low | Build Process | Query details Documentation |
| Image Policy Webhook Admission Control Plugin Not Set 14abda69-8e91-4acb-9931-76e2bee90284 |
Kubernetes | Low | Build Process | Query details Documentation |
| Namespace Lifecycle Admission Control Plugin Disabled 1ffe7bf7-563b-4b3d-a71d-ba6bd8d49b37 |
Kubernetes | Low | Build Process | Query details Documentation |
| Root Container Not Mounted Read-only a9c2f49d-0671-4fc9-9ece-f4e261e128d0 |
Kubernetes | Low | Build Process | Query details Documentation |
| Image Without Digest 7c81d34c-8e5a-402b-9798-9f442630e678 |
Kubernetes | Low | Insecure Configurations | Query details Documentation |
| Kubelet Hostname Override Is Set bf36b900-b5ef-4828-adb7-70eb543b7cfb |
Kubernetes | Low | Insecure Configurations | Query details Documentation |
| Service Does Not Target Pod 3ca03a61-3249-4c16-8427-6f8e47dda729 |
Kubernetes | Low | Insecure Configurations | Query details Documentation |
| Pod or Container Without Security Context a97a340a-0063-418e-b3a1-3028941d0995 |
Kubernetes | Low | Insecure Configurations | Query details Documentation |
| Pod or Container Without LimitRange 4a20ebac-1060-4c81-95d1-1f7f620e983b |
Kubernetes | Low | Insecure Configurations | Query details Documentation |
| Dashboard Is Enabled d2ad057f-0928-41ef-a83c-f59203bb855b |
Kubernetes | Low | Insecure Configurations | Query details Documentation |
| Pod or Container Without ResourceQuota 48a5beba-e4c0-4584-a2aa-e6894e4cf424 |
Kubernetes | Low | Insecure Configurations | Query details Documentation |
| Image Pull Policy Of The Container Is Not Set To Always caa3479d-885d-4882-9aac-95e5e78ef5c2 |
Kubernetes | Low | Insecure Configurations | Query details Documentation |
| Workload Host Port Not Specified 2b1836f1-dcce-416e-8e16-da8c71920633 |
Kubernetes | Low | Networking and Firewall | Query details Documentation |
| Service Type is NodePort 845acfbe-3e10-4b8e-b656-3b404d36dfb2 |
Kubernetes | Low | Networking and Firewall | Query details Documentation |
| Audit Policy Not Cover Key Security Concerns 1828a670-5957-4bc5-9974-47da228f75e2 |
Kubernetes | Low | Observability | Query details Documentation |
| Audit Log Maxage Not Properly Set da9f3aa8-fbfb-472f-b5a1-576127944218 |
Kubernetes | Low | Observability | Query details Documentation |
| Kubelet Event QPS Not Properly Set 1a07a446-8e61-4e4d-bc16-b0781fcb8211 |
Kubernetes | Low | Observability | Query details Documentation |
| Profiling Not Set To False 2f491173-6375-4a84-b28e-a4e2b9a58a69 |
Kubernetes | Low | Observability | Query details Documentation |
| Audit Log Maxbackup Not Properly Set 768aab52-2504-4a2f-a3e3-329d5a679848 |
Kubernetes | Low | Observability | Query details Documentation |
| Audit Log Maxsize Not Properly Set 35c0a471-f7c8-4993-aa2c-503a3c712a66 |
Kubernetes | Low | Observability | Query details Documentation |
| Container Requests Not Equal To It's Limits aee3c7d2-a811-4201-90c7-11c028be9a46 |
Kubernetes | Low | Resource Management | Query details Documentation |
| CronJob Deadline Not Configured 192fe40b-b1c3-448a-aba2-6cc19a300fe3 |
Kubernetes | Low | Resource Management | Query details Documentation |
| StatefulSet Has No PodAntiAffinity d740d048-8ed3-49d3-b77b-6f072f3b669e |
Kubernetes | Low | Resource Management | Query details Documentation |
| Deployment Has No PodAntiAffinity a31b7b82-d994-48c4-bd21-3bab6c31827a |
Kubernetes | Low | Resource Management | Query details Documentation |
| Container CPU Requests Not Equal To It's Limits 9d43040e-e703-4e16-8bfe-8d4da10fa7e6 |
Kubernetes | Low | Resource Management | Query details Documentation |
| Container Memory Requests Not Equal To It's Limits aafa7d94-62de-4fbf-8838-b69ee217b0e6 |
Kubernetes | Low | Resource Management | Query details Documentation |
| Secrets As Environment Variables 3d658f8b-d988-41a0-a841-40043121de1e |
Kubernetes | Low | Secret Management | Query details Documentation |
| Invalid Image Tag 583053b7-e632-46f0-b989-f81ff8045385 |
Kubernetes | Low | Supply-Chain | Query details Documentation |
| Ensure Administrative Boundaries Between Resources e84eaf4d-2f45-47b2-abe8-e581b06deb66 |
Kubernetes | Info | Access Control | Query details Documentation |
| Using Kubernetes Native Secret Management b9c83569-459b-4110-8f79-6305aa33cb37 |
Kubernetes | Info | Secret Management | Query details Documentation |
| BOM - AWS S3 Buckets b5d6a2e0-8f15-4664-bd5b-68ec5c9bab83 |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS Kinesis d53323be-dde6-4457-9a43-42df737e71d2 |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS EFS ef05a925-8568-4054-8ff1-f5ba82631c16 |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS MQ 209189f3-c879-48a7-9703-fbcfa96d0cef |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS Elasticache c689f51b-9203-43b3-9d8b-caed123f706c |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS SQS 59a849c2-1127-4023-85a5-ef906dcd458c |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS RDS 6ef03ff6-a2bd-483c-851f-631f248bc0ea |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS Cassandra 124b173b-e06d-48a6-8acd-f889443d97a4 |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS SNS 42e7dca3-8cce-4325-8df0-108888259136 |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS MSK 2730c169-51d7-4ae7-99b5-584379eff1bb |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS DynamoDB 4e67c0ae-38a0-47f4-a50c-f0c9b75826df |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS EBS 0b0556ea-9cd9-476f-862e-20679dda752b |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| Serverless Function Environment Variables Not Encrypted a7f8ac28-eed1-483d-87c8-4c325f022572 |
CloudFormation | High | Encryption | Query details Documentation |
| Serverless API Without Content Encoding a2f2800e-614b-4bc8-89e6-fec8afd24800 |
CloudFormation | Medium | Encryption | Query details Documentation |
| Serverless Function Without Tags a71ecabe-03b6-456a-b3bc-d1a39aa20c98 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| Serverless Function Without Unique IAM Role 4ba74f01-aba5-4be2-83bc-be79ff1a3b92 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| Serverless API Endpoint Config Not Private 6b5b0313-771b-4319-ad7a-122ee78700ef |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| Serverless API Access Logging Setting Undefined 0a994e04-c6dc-471d-817e-d37451d18a3b |
CloudFormation | Medium | Observability | Query details Documentation |
| Serverless API X-Ray Tracing Disabled c757c6a3-ac87-4b9d-b28d-e5a5add6a315 |
CloudFormation | Medium | Observability | Query details Documentation |
| Serverless API Cache Cluster Disabled 60a05ede-0a68-4d0d-a58f-f538cf55ff79 |
CloudFormation | Low | Insecure Configurations | Query details Documentation |
| Serverless Function Without Dead Letter Queue cb2f612b-ed42-4ff5-9fb9-255c73d39a18 |
CloudFormation | Low | Insecure Configurations | Query details Documentation |
| Serverless Function Without X-Ray Tracing dc1ab429-1481-4540-9b1d-280e3f15f1f8 |
CloudFormation | Low | Observability | Query details Documentation |
| S3 Bucket ACL Allows Read to All Users 219f4c95-aa50-44e0-97de-cf71f4641170 |
CloudFormation | High | Access Control | Query details Documentation |
| S3 Bucket Allows Delete Action From All Principals acc78859-765e-4011-a229-a65ea57db252 |
CloudFormation | High | Access Control | Query details Documentation |
| S3 Bucket Allows Put Action From All Principals f6397a20-4cf1-4540-a997-1d363c25ef58 |
CloudFormation | High | Access Control | Query details Documentation |
| S3 Bucket Access to Any Principal 7772bb8c-c0f3-42d4-8e4e-f1b8939ad085 |
CloudFormation | High | Access Control | Query details Documentation |
| ECS Service Admin Role Is Present 01986452-bdd8-4aaa-b5df-d6bf61d616ff |
CloudFormation | High | Access Control | Query details Documentation |
| IAM Policies With Full Privileges 953b3cdb-ce13-428a-aa12-318726506661 |
CloudFormation | High | Access Control | Query details Documentation |
| Amazon DMS Replication Instance Is Publicly Accessible 5864fb39-d719-4182-80e2-89dbe627be63 |
CloudFormation | High | Access Control | Query details Documentation |
| SNS Topic is Publicly Accessible ae53ce91-42b5-46bf-a84f-9a13366a4f13 |
CloudFormation | High | Access Control | Query details Documentation |
| Lambda Functions With Full Privileges a0ae0a4e-712b-4115-8112-51b9eeed9d69 |
CloudFormation | High | Access Control | Query details Documentation |
| MSK Broker Is Publicly Accessible 0ce1ba20-8ba8-4364-836f-40c24b8cb0ab |
CloudFormation | High | Access Control | Query details Documentation |
| S3 Bucket Allows Public Policy 860ba89b-b8de-4e72-af54-d6aee4138a69 |
CloudFormation | High | Access Control | Query details Documentation |
| S3 Bucket Allows Get Action From All Principals f97b7d23-568f-4bcc-9ac9-02df0d57fbba |
CloudFormation | High | Access Control | Query details Documentation |
| IAM Policy Grants Full Permissions f62aa827-4ade-4dc4-89e4-1433d384a368 |
CloudFormation | High | Access Control | Query details Documentation |
| S3 Bucket ACL Allows Read to Any Authenticated User 835d5497-a526-4aea-a23f-98a9afd1635f |
CloudFormation | High | Access Control | Query details Documentation |
| S3 Bucket Allows List Action From All Principals faa8fddf-c0aa-4b2d-84ff-e993e233ebe9 |
CloudFormation | High | Access Control | Query details Documentation |
| S3 Bucket ACL Allows Read Or Write to All Users 07dda8de-d90d-469e-9b37-1aca53526ced |
CloudFormation | High | Access Control | Query details Documentation |
| S3 Bucket With All Permissions 4ae8af91-5108-42cb-9471-3bdbe596eac9 |
CloudFormation | High | Access Control | Query details Documentation |
| S3 Bucket Allows Restore Actions From All Principals 456b00a3-1072-4149-9740-6b8bb60251b0 |
CloudFormation | High | Access Control | Query details Documentation |
| ELB Using Weak Ciphers 809f77f8-d10e-4842-a84f-3be7b6ff1190 |
CloudFormation | High | Encryption | Query details Documentation |
| ElastiCache With Disabled Transit Encryption 3b02569b-fc6f-4153-b3a3-ba91022fed68 |
CloudFormation | High | Encryption | Query details Documentation |
| Kinesis SSE Not Configured 7f65be75-90ab-4036-8c2a-410aef7bb650 |
CloudFormation | High | Encryption | Query details Documentation |
| Redshift Cluster Without KMS CMK de76a0d6-66d5-45c9-9022-f05545b85c78 |
CloudFormation | High | Encryption | Query details Documentation |
| S3 Bucket Without SSL In Write Actions 38c64e76-c71e-4d92-a337-60174d1de1c9 |
CloudFormation | High | Encryption | Query details Documentation |
| ELB Without Secure Protocol 80908a75-586b-4c61-ab04-490f4f4525b8 |
CloudFormation | High | Encryption | Query details Documentation |
| ECS Task Definition Container With Plaintext Password f9b10cdb-eaab-4e39-9793-e12b94a582ad |
CloudFormation | High | Encryption | Query details Documentation |
| Secure Ciphers Disabled be96849c-3df6-49c2-bc16-778a7be2519c |
CloudFormation | High | Encryption | Query details Documentation |
| SageMaker Data Encryption Disabled 709e6da6-fa1f-44cc-8f17-7f25f96dadbe |
CloudFormation | High | Encryption | Query details Documentation |
| CloudFormation Specifying Credentials Not Safe 9ecb6b21-18bc-4aa7-bd07-db20f1c746db |
CloudFormation | High | Encryption | Query details Documentation |
| ECS Cluster Not Encrypted At Rest 6c131358-c54d-419b-9dd6-1f7dd41d180c |
CloudFormation | High | Encryption | Query details Documentation |
| API Gateway Cache Encrypted Disabled 37cca703-b74c-48ba-ac81-595b53398e9b |
CloudFormation | High | Encryption | Query details Documentation |
| DynamoDB With Aws Owned CMK c8dee387-a2e6-4a73-a942-183c975549ac |
CloudFormation | High | Encryption | Query details Documentation |
| MSK Cluster Encryption Disabled a976d63f-af0e-46e8-b714-8c1a9c4bf768 |
CloudFormation | High | Encryption | Query details Documentation |
| User Data Shell Script Is Encoded 48c3bc58-6959-4f27-b647-4fedeace23be |
CloudFormation | High | Encryption | Query details Documentation |
| CMK Unencrypted Storage ffee2785-c347-451e-89f3-11aeb08e5c84 |
CloudFormation | High | Encryption | Query details Documentation |
| Redshift Not Encrypted 3b316b05-564c-44a7-9c3f-405bb95e211e |
CloudFormation | High | Encryption | Query details Documentation |
| ELB Using Insecure Protocols 61a94903-3cd3-4780-88ec-fc918819b9c8 |
CloudFormation | High | Encryption | Query details Documentation |
| RDS Storage Not Encrypted 5beacce3-4020-4a3d-9e1d-a36f953df630 |
CloudFormation | High | Encryption | Query details Documentation |
| User Data Contains Encoded Private Key 568cc372-ca64-420d-9015-ee347d00d288 |
CloudFormation | High | Encryption | Query details Documentation |
| Cloudfront Viewer Protocol Policy Allows HTTP 31733ee2-fef0-4e87-9778-65da22a8ecf1 |
CloudFormation | High | Encryption | Query details Documentation |
| IAM Database Auth Not Enabled 9fcd0a0a-9b6f-4670-a215-d94e6bf3f184 |
CloudFormation | High | Encryption | Query details Documentation |
| EFS Without KMS 6d087495-2a42-4735-abf7-02ef5660a7e6 |
CloudFormation | High | Encryption | Query details Documentation |
| S3 Bucket Without Server-side-encryption b2e8752c-3497-4255-98d2-e4ae5b46bbf5 |
CloudFormation | High | Encryption | Query details Documentation |
| S3 Bucket SSE Disabled 64ab651b-f5b2-4af0-8c89-ddd03c4d0e61 |
CloudFormation | High | Encryption | Query details Documentation |
| EFS Not Encrypted 2ff8e83c-90e1-4d68-a300-6d652112e622 |
CloudFormation | High | Encryption | Query details Documentation |
| ElastiCache With Disabled at Rest Encryption e4ee3903-9225-4b6a-bdfb-e62dbadef821 |
CloudFormation | High | Encryption | Query details Documentation |
| Connection Between CloudFront Origin Not Encrypted a5366a50-932f-4085-896b-41402714a388 |
CloudFormation | High | Encryption | Query details Documentation |
| EFS Volume With Disabled Transit Encryption c1282e03-b285-4637-aee7-eefe3a7bb658 |
CloudFormation | High | Encryption | Query details Documentation |
| API Gateway Without Security Policy 8275fab0-68ec-4705-bbf4-86975edb170e |
CloudFormation | High | Insecure Configurations | Query details Documentation |
| RDS DB Instance Publicly Accessible de38e1d5-54cb-4111-a868-6f7722695007 |
CloudFormation | High | Insecure Configurations | Query details Documentation |
| S3 Bucket With Unsecured CORS Rule 3609d27c-3698-483a-9402-13af6ae80583 |
CloudFormation | High | Insecure Configurations | Query details Documentation |
| CloudFront Without Minimum Protocol TLS 1.2 dc17ee4b-ddf2-4e23-96e8-7a36abad1303 |
CloudFormation | High | Insecure Configurations | Query details Documentation |
| Batch Job Definition With Privileged Container Properties 76ddf32c-85b1-4808-8935-7eef8030ab36 |
CloudFormation | High | Insecure Configurations | Query details Documentation |
| S3 Static Website Host Enabled 90501b1b-cded-4cc1-9e8b-206b85cda317 |
CloudFormation | High | Insecure Configurations | Query details Documentation |
| ECS Task Definition Network Mode Not Recommended 027a4b7a-8a59-4938-a04f-ed532512cf45 |
CloudFormation | High | Insecure Configurations | Query details Documentation |
| S3 Bucket Without Restriction Of Public Bucket 350cd468-0e2c-44ef-9d22-cfb73a62523c |
CloudFormation | High | Insecure Configurations | Query details Documentation |
| Root Account Has Active Access Keys 4c137350-7307-4803-8c04-17c09a7a9fcf |
CloudFormation | High | Insecure Configurations | Query details Documentation |
| Redshift Publicly Accessible bdf8dcb4-75df-4370-92c4-606e4ae6c4d3 |
CloudFormation | High | Insecure Configurations | Query details Documentation |
| KMS Key With Full Permissions da905474-7454-43c0-b8d2-5756ab951aba |
CloudFormation | High | Insecure Configurations | Query details Documentation |
| Vulnerable Default SSL Certificate b4d9c12b-bfba-4aeb-9cb8-2358546d8041 |
CloudFormation | High | Insecure Defaults | Query details Documentation |
| Permissive Web ACL Default Action 6d64f311-3da6-45f3-80f1-14db9771ea40 |
CloudFormation | High | Insecure Defaults | Query details Documentation |
| RDS Associated with Public Subnet 4e88adee-a8eb-4605-a78d-9fb1096e3091 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| ALB Listening on HTTP 275a3217-ca37-40c1-a6cf-bb57d245ab32 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| EC2 Public Instance Exposed Through Subnet c44c95fc-ae92-4bb8-bdf8-bb9bc412004a |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Remote Desktop Port Open To Internet c9846969-d066-431f-9b34-8c4abafe422a |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| HTTP Port Open To Internet ddfc4eaa-af23-409f-b96c-bf5c45dc4daa |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| EC2 Sensitive Port Is Publicly Exposed 494b03d3-bf40-4464-8524-7c56ad0700ed |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Security Group With Unrestricted Access To SSH 6e856af2-62d7-4ba2-adc1-73b62cef9cc1 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Security Groups With Meta IP adcd0082-e90b-4b63-862b-21899f6e6a48 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Elasticsearch with HTTPS disabled 4cdc88e6-c0c8-4081-a639-bb3a557cbedf |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| EKS node group remote access 73d59e76-a12c-4b74-a3d8-d3e1e19c25b3 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| DB Security Group Open To Large Scope 0104165b-02d5-426f-abc9-91fb48189899 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Default Security Groups With Unrestricted Traffic ea33fcf7-394b-4d11-a228-985c5d08f205 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Unrestricted Security Group Ingress 4a1e6b34-1008-4e61-a5f2-1f7c276f8d14 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| DB Security Group With Public Scope 9564406d-e761-4e61-b8d7-5926e3ab8e79 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Fully Open Ingress e415f8d3-fc2b-4f52-88ab-1129e8c8d3f5 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Security Groups With Exposed Admin Ports cdbb0467-2957-4a77-9992-7b55b29df7b7 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Route53 Record Undefined 24d932e1-91f0-46ea-836f-fdbd81694151 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Security Group Unrestricted Access To RDP 3ae83918-7ec7-4cb8-80db-b91ef0f94002 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| EC2 Network ACL Overlapping Ports 77b6f1e2-bde4-4a6a-ae7e-a40659ff1576 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| SageMaker Notebook Not Placed In VPC 9c7028d9-04c2-45be-b8b2-1188ccaefb36 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Security Groups Allows Unrestricted Outbound Traffic 66f2d8f9-a911-4ced-ae27-34f09690bb2c |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Unknown Port Exposed To Internet 829ce3b8-065c-41a3-ad57-e0accfea82d2 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| ELB Sensitive Port Is Exposed To Entire Network 78055456-f670-4d2e-94d5-392d1cf4f5e4 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| EC2 Instance Subnet Has Public IP Mapping On Launch b3de4e4c-14be-4159-b99d-9ad194365e4c |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| CloudTrail Logging Disabled 5c0b06d5-b7a4-484c-aeb0-75a836269ff0 |
CloudFormation | High | Observability | Query details Documentation |
| S3 Bucket CloudTrail Logging Disabled c3ce69fd-e3df-49c6-be78-1db3f802261c |
CloudFormation | High | Observability | Query details Documentation |
| CMK Rotation Disabled 1c07bfaf-663c-4f6f-b22b-8e2d481e4df5 |
CloudFormation | High | Observability | Query details Documentation |
| IoT Policy Allows Action as Wildcard 4d32780f-43a4-424a-a06d-943c543576a5 |
CloudFormation | Medium | Access Control | Query details Documentation |
| SNS Topic Publicity Has Allow and NotAction Simultaneously 818f38ed-8446-4132-9c03-474d49e10195 |
CloudFormation | Medium | Access Control | Query details Documentation |
| IAM Policies Attached To User edc95c10-7366-4f30-9b4b-f995c84eceb5 |
CloudFormation | Medium | Access Control | Query details Documentation |
| IAM Policy On User e4239438-e639-44aa-adb8-866e400e3ade |
CloudFormation | Medium | Access Control | Query details Documentation |
| Neptune Cluster With IAM Database Authentication Disabled a3aa0087-8228-4e7e-b202-dc9036972d02 |
CloudFormation | Medium | Access Control | Query details Documentation |
| SQS Queue Policy Allows NotAction 4fbfee74-8186-40d5-a24e-4baa76a855de |
CloudFormation | Medium | Access Control | Query details Documentation |
| API Gateway Method Does Not Contains An API Key 3641d5b4-d339-4bc2-bfb9-208fe8d3477f |
CloudFormation | Medium | Access Control | Query details Documentation |
| ECR Repository Is Publicly Accessible 75be209d-1948-41f6-a8c8-e22dd0121134 |
CloudFormation | Medium | Access Control | Query details Documentation |
| Public Lambda via API Gateway 57b12981-3816-4c31-b190-a1e614361dd2 |
CloudFormation | Medium | Access Control | Query details Documentation |
| SQS Policy With Public Access 9b6a3f5b-5fd6-40ee-9bc0-ed604911212d |
CloudFormation | Medium | Access Control | Query details Documentation |
| EC2 Network ACL Ineffective Denied Traffic 2623d682-dccb-44cd-99d0-54d9fd62f8f2 |
CloudFormation | Medium | Access Control | Query details Documentation |
| IoT Policy Allows Wildcard Resource be5b230d-4371-4a28-a441-85dc760e2aa3 |
CloudFormation | Medium | Access Control | Query details Documentation |
| EC2 Instance Has No IAM Role f914357d-8386-4d56-9ba6-456e5723f9a6 |
CloudFormation | Medium | Access Control | Query details Documentation |
| Cross-Account IAM Assume Role Policy Without ExternalId or MFA 85138beb-ce7c-4ca3-a09f-e8fbcc57ddd7 |
CloudFormation | Medium | Access Control | Query details Documentation |
| S3 Bucket Allows Public ACL 48f100d9-f499-4c6d-b2b8-deafe47ffb26 |
CloudFormation | Medium | Access Control | Query details Documentation |
| SQS Queue Policy Allows NotPrincipal 4a8fc9a2-2b2f-4b3f-aa8d-401425872034 |
CloudFormation | Medium | Access Control | Query details Documentation |
| API Gateway Without Configured Authorizer 7fd0d461-5b8c-4815-898c-f2b4b117eb28 |
CloudFormation | Medium | Access Control | Query details Documentation |
| KMS Allows Wildcard Principal f6049677-ec4a-43af-8779-5190b6d03cba |
CloudFormation | Medium | Access Control | Query details Documentation |
| Lambda Permission Principal Is Wildcard 1d6e16f1-5d8a-4379-bfb3-2dadd38ed5a7 |
CloudFormation | Medium | Access Control | Query details Documentation |
| Elasticsearch Without IAM Authentication 5c666ed9-b586-49ab-9873-c495a833b705 |
CloudFormation | Medium | Access Control | Query details Documentation |
| Empty Roles For ECS Cluster Task Definitions 7f384a5f-b5a2-4d84-8ca3-ee0a5247becb |
CloudFormation | Medium | Access Control | Query details Documentation |
| Auto Scaling Group With No Associated ELB ad21e616-5026-4b9d-990d-5b007bfe679c |
CloudFormation | Medium | Availability | Query details Documentation |
| CMK Is Unusable 2844c749-bd78-4cd1-90e8-b179df827602 |
CloudFormation | Medium | Availability | Query details Documentation |
| ECS Service Without Running Tasks 79d745f0-d5f3-46db-9504-bef73e9fd528 |
CloudFormation | Medium | Availability | Query details Documentation |
| ElastiCache Nodes Not Created Across Multi AZ cfdef2e5-1fe4-4ef4-bea8-c56e08963150 |
CloudFormation | Medium | Availability | Query details Documentation |
| EBS Volume Not Attached To Instances 1819ac03-542b-4026-976b-f37addd59f3b |
CloudFormation | Medium | Availability | Query details Documentation |
| RDS Multi-AZ Deployment Disabled 2b1d4935-9acf-48a7-8466-10d18bf51a69 |
CloudFormation | Medium | Backup | Query details Documentation |
| Stack Retention Disabled fe974ae9-858e-4991-bbd5-e040a834679f |
CloudFormation | Medium | Backup | Query details Documentation |
| RDS With Backup Disabled 8c415f6f-7b90-4a27-a44a-51047e1506f9 |
CloudFormation | Medium | Backup | Query details Documentation |
| Low RDS Backup Retention Period e649a218-d099-4550-86a4-1231e1fcb60d |
CloudFormation | Medium | Backup | Query details Documentation |
| IAM Password Without Symbol d72a7869-e8b9-4e12-bcd2-e8be10b39fa7 |
CloudFormation | Medium | Best Practices | Query details Documentation |
| IAM User Without Password Reset a964d6e3-8e1e-4d93-8120-61fa640dd55a |
CloudFormation | Medium | Best Practices | Query details Documentation |
| Cognito UserPool Without MFA 74a18d1a-cf02-4a31-8791-ed0967ad7fdc |
CloudFormation | Medium | Best Practices | Query details Documentation |
| IAM Password Without Uppercase Letter 445020f6-b69e-4484-847f-02d4b7768902 |
CloudFormation | Medium | Best Practices | Query details Documentation |
| IAM Password Without Minimum Length b1b20ae3-8fa7-4af5-a74d-a2145920fcb1 |
CloudFormation | Medium | Best Practices | Query details Documentation |
| IAM Password Without Number 839f238f-2e3a-4a72-b945-8abdf91af955 |
CloudFormation | Medium | Best Practices | Query details Documentation |
| IAM Password Without Lowercase Letter f4cf35d6-da92-48de-ab70-57be2b2e6497 |
CloudFormation | Medium | Best Practices | Query details Documentation |
| ECS No Load Balancer Attached fb2b0ecf-1492-491a-a70d-ba1df579175d |
CloudFormation | Medium | Best Practices | Query details Documentation |
| DynamoDB Table Point In Time Recovery Disabled 0f04217d-488f-4e7a-bec8-f16159686cd6 |
CloudFormation | Medium | Best Practices | Query details Documentation |
| IAM Managed Policy Applied to a User 0e5872b4-19a0-4165-8b2f-56d9e14b909f |
CloudFormation | Medium | Best Practices | Query details Documentation |
| EBS Volume Encryption Disabled 80b7ac3f-d2b7-4577-9b10-df7913497162 |
CloudFormation | Medium | Encryption | Query details Documentation |
| RDS Storage Encryption Disabled 65844ba3-03a1-40a8-b3dd-919f122e8c95 |
CloudFormation | Medium | Encryption | Query details Documentation |
| CloudTrail Log Files Not Encrypted With KMS 050a9ba8-d1cb-4c61-a5e8-8805a70d3b85 |
CloudFormation | Medium | Encryption | Query details Documentation |
| ElasticSearch Not Encrypted At Rest 86a248ab-0e01-4564-a82a-878303e253bb |
CloudFormation | Medium | Encryption | Query details Documentation |
| Unscanned ECR Image 9025b2b3-e554-4842-ba87-db7aeec36d35 |
CloudFormation | Medium | Encryption | Query details Documentation |
| Default KMS Key Usage e52395b4-250b-4c60-81d5-2e58c1d37abc |
CloudFormation | Medium | Encryption | Query details Documentation |
| Neptune Database Cluster Encryption Disabled bf4473f1-c8a2-4b1b-8134-bd32efabab93 |
CloudFormation | Medium | Encryption | Query details Documentation |
| DynamoDB Table Not Encrypted 4bd21e68-38c1-4d58-acdc-6a14b203237f |
CloudFormation | Medium | Encryption | Query details Documentation |
| SQS With SSE Disabled 12726829-93ed-4d51-9cbe-13423f4299e1 |
CloudFormation | Medium | Encryption | Query details Documentation |
| AmazonMQ Broker Encryption Disabled 316278b3-87ac-444c-8f8f-a733a28da60f |
CloudFormation | Medium | Encryption | Query details Documentation |
| CodeBuild Not Encrypted d7467bb6-3ed1-4c82-8095-5e7a818d0aad |
CloudFormation | Medium | Encryption | Query details Documentation |
| Workspace Without Encryption 89827c57-5a8a-49eb-9731-976a606d70db |
CloudFormation | Medium | Encryption | Query details Documentation |
| API Gateway With Invalid Compression d6653eee-2d4d-4e6a-976f-6794a497999a |
CloudFormation | Medium | Encryption | Query details Documentation |
| Alexa Skill Plaintext Client Secret Exposed 3c3b7a58-b018-4d07-9444-d9ee7156e111 |
CloudFormation | Medium | Encryption | Query details Documentation |
| ElasticSearch Encryption With KMS Disabled d926aa95-0a04-4abc-b20c-acf54afe38a1 |
CloudFormation | Medium | Encryption | Query details Documentation |
| SageMaker EndPoint Config Should Specify KmsKeyId Attribute 44034eda-1c3f-486a-831d-e09a7dd94354 |
CloudFormation | Medium | Encryption | Query details Documentation |
| IAM Group Inline Policies a58d1a2d-4078-4b80-855b-84cc3f7f4540 |
CloudFormation | Medium | Encryption | Query details Documentation |
| Config Rule For Encrypted Volumes Disabled 1b6322d9-c755-4f8c-b804-32c19250f2d9 |
CloudFormation | Medium | Encryption | Query details Documentation |
| KMS Key Rotation Disabled 235ca980-eb71-48f4-9030-df0c371029eb |
CloudFormation | Medium | Encryption | Query details Documentation |
| EMR Security Configuration Encryption Disabled 5b033ec8-f079-4323-b5c8-99d4620433a9 |
CloudFormation | Medium | Encryption | Query details Documentation |
| Lambda Function Without Tags 8df8e857-bd59-44fa-9f4c-d77594b95b46 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| IAM User Has Too Many Access Keys 48677914-6fdf-40ec-80c4-2b0e94079f54 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| Inline Policies Are Attached To ECS Service 9e8c89b3-7997-4d15-93e4-7911b9db99fd |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| SageMaker Enabling Internet Access 88d55d94-315d-4564-beee-d2d725feab11 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| API Gateway With Open Access 1056dfbb-5802-4762-bf2b-8b9b9684b1b0 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| Instance With No VPC 8a6d36cd-0bc6-42b7-92c4-67acc8576861 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| EMR Cluster Without Security Configuration 48af92a5-c89b-4936-bc62-1086fe2bab23 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| MQ Broker Is Publicly Accessible 68b6a789-82f8-4cfd-85de-e95332fe6a61 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| Lambda Functions Without Unique IAM Roles ae03f542-1423-402f-9cef-c834e7ee9583 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| ECR Image Tag Not Immutable 33f41d31-86b1-46a4-81f7-9c9a671f59ac |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| API Gateway Without SSL Certificate ed4c48b8-eccc-4881-95c1-09fdae23db25 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| GitHub Repository Set To Public 5906092d-5f74-490d-9a03-78febe0f65e1 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| IAM User LoginProfile Password Is In Plaintext 06adef8c-c284-4de7-aad2-af43b07a8ca1 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| RouterTable with Default Routing 4f0908b9-eb66-433f-9145-134274e1e944 |
CloudFormation | Medium | Insecure Defaults | Query details Documentation |
| S3 Bucket Should Have Bucket Policy 37fa8188-738b-42c8-bf82-6334ea567738 |
CloudFormation | Medium | Insecure Defaults | Query details Documentation |
| Security Group Egress With All Protocols ee464fc2-54a6-4e22-b10a-c6dcd2474d0c |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| Security Group Egress With Port Range dae9c373-8287-462f-8746-6f93dad93610 |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| EC2 Permissive Network ACL Protocols 03879981-efa2-47a0-a818-c843e1441b88 |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| API Gateway Endpoint Config is Not Private 4a8daf95-709d-4a36-9132-d3e19878fa34 |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| GameLift Fleet EC2 InboundPermissions With Port Range 43356255-495d-4148-ad8d-f6af5eac09dd |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| API Gateway without WAF fcbf9019-566c-4832-a65c-af00d8137d2b |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| ELB With Security Group Without Outbound Rules 01d5a458-a6c4-452a-ac50-054d59275b7c |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| ALB Is Not Integrated With WAF 105ba098-1e34-48cd-b0f2-a8a43a51bf9b |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| ELB With Security Group Without Inbound Rules e200a6f3-c589-49ec-9143-7421d4a2c845 |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| Security Group Ingress With All Protocols 1a427b25-2e9e-4298-9530-0499a55e736b |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| TCP/UDP Protocol Network ACL Entry Allows All Ports f57f849c-883b-4cb7-85e7-f7b199dff163 |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| VPC Without Network Firewall 3e293410-d5b8-411f-85fd-7d26294f20c9 |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| Security Group Egress CIDR Open To World 1cc2fbd7-816c-4fbf-ad6d-38a4afa4312a |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| Security Group Ingress With Port Range 87482183-a8e7-4e42-a566-7a23ec231c16 |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| Security Groups Without VPC Attached 493d9591-6249-47bf-8dc0-5c10161cc558 |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| CloudTrail SNS Topic Name Undefined 3e09413f-471e-40f3-8626-990c79ae63f3 |
CloudFormation | Medium | Observability | Query details Documentation |
| Configuration Aggregator to All Regions Disabled 9f3cf08e-72a2-4eb1-8007-e3b1b0e10d4d |
CloudFormation | Medium | Observability | Query details Documentation |
| CloudTrail Not Integrated With CloudWatch 65d07da5-9af5-44df-8983-52d2e6f24c44 |
CloudFormation | Medium | Observability | Query details Documentation |
| MQ Broker Logging Disabled e519ed6a-8328-4b69-8eb7-8fa549ac3050 |
CloudFormation | Medium | Observability | Query details Documentation |
| CloudFront Logging Disabled de77cd9f-0e8b-46cc-b4a4-b6b436838642 |
CloudFormation | Medium | Observability | Query details Documentation |
| API Gateway X-Ray Disabled 4ab10c48-bedb-4deb-8f3b-ff12783b61de |
CloudFormation | Medium | Observability | Query details Documentation |
| ELBv2 ALB Access Log Disabled c62e8b7d-1fdf-4050-ac4c-76ba9e1d9621 |
CloudFormation | Medium | Observability | Query details Documentation |
| CloudTrail Multi Region Disabled 058ac855-989f-4378-ba4d-52d004020da7 |
CloudFormation | Medium | Observability | Query details Documentation |
| S3 Bucket Without Versioning a227ec01-f97a-4084-91a4-47b350c1db54 |
CloudFormation | Medium | Observability | Query details Documentation |
| Stack Notifications Disabled 837e033c-4717-40bd-807e-6abaa30161b7 |
CloudFormation | Medium | Observability | Query details Documentation |
| API Gateway Deployment Without Access Log Setting 06ec63e3-9f72-4fe2-a218-2eb9200b8db5 |
CloudFormation | Medium | Observability | Query details Documentation |
| S3 Bucket Logging Disabled 4552b71f-0a2a-4bc4-92dd-ed7ec1b4674c |
CloudFormation | Medium | Observability | Query details Documentation |
| GuardDuty Detector Disabled a25cd877-375c-4121-a640-730929936fac |
CloudFormation | Medium | Observability | Query details Documentation |
| Elasticsearch Logs Disabled edbd62d4-8700-41de-b000-b3cfebb5e996 |
CloudFormation | Medium | Observability | Query details Documentation |
| CloudWatch Metrics Disabled 5d3c1807-acb3-4bb0-be4e-0440230feeaf |
CloudFormation | Medium | Observability | Query details Documentation |
| ElasticSearch Without Slow Logs 086ea2eb-14a6-4fd4-914b-38e0bc8703e8 |
CloudFormation | Medium | Observability | Query details Documentation |
| Redshift Cluster Logging Disabled 3de2d4ff-fe53-4fc9-95d3-2f8a69bf90d6 |
CloudFormation | Medium | Observability | Query details Documentation |
| ELB Access Log Disabled ee12ad32-2863-4c0f-b13f-28272d115028 |
CloudFormation | Medium | Observability | Query details Documentation |
| MSK Cluster Logging Disabled fc7c2c15-f5d0-4b80-adb2-c89019f8f62b |
CloudFormation | Medium | Observability | Query details Documentation |
| CloudWatch Logging Disabled 0f0fb06b-0f2f-4374-8588-f2c7c348c7a0 |
CloudFormation | Medium | Observability | Query details Documentation |
| API Gateway Access Logging Disabled 80d45af4-4920-4236-a56e-b7ef419d1941 |
CloudFormation | Medium | Observability | Query details Documentation |
| DMS Endpoint Password Exposed 5f700072-b7ce-4e84-b3f3-497bf1c24a4d |
CloudFormation | Medium | Secret Management | Query details Documentation |
| RefreshToken Is Exposed 5b48c507-0d1f-41b0-a630-76817c6b4189 |
CloudFormation | Medium | Secret Management | Query details Documentation |
| Hardcoded AWS Access Key In Lambda 2564172f-c92b-4261-9acd-464aed511696 |
CloudFormation | Medium | Secret Management | Query details Documentation |
| Directory Service Simple AD Password Exposed 6685d912-d81f-4cfa-95ad-e316ea31c989 |
CloudFormation | Medium | Secret Management | Query details Documentation |
| High Access Key Rotation Period 800fa019-49dd-421b-9042-7331fdd83fa2 |
CloudFormation | Medium | Secret Management | Query details Documentation |
| Amplify Branch Basic Auth Config Password Exposed dfb56e5d-ee68-446e-b32a-657b62befe69 |
CloudFormation | Medium | Secret Management | Query details Documentation |
| Amplify App Access Token Exposed 73980e43-f399-4fcc-a373-658228f7adf7 |
CloudFormation | Medium | Secret Management | Query details Documentation |
| Amplify App OAuth Token Exposed 03b38885-8f4e-480c-a0e4-12c1affd15db |
CloudFormation | Medium | Secret Management | Query details Documentation |
| DocDB Cluster Master Password In Plaintext 39423ce4-9011-46cd-b6b1-009edcd9385d |
CloudFormation | Medium | Secret Management | Query details Documentation |
| Directory Service Microsoft AD Password Set to Plaintext or Default Ref 06b9f52a-8cd5-459b-bdc6-21a22521e1be |
CloudFormation | Medium | Secret Management | Query details Documentation |
| DMS Endpoint MongoDB Settings Password Exposed f988a17f-1139-46a3-8928-f27eafd8b024 |
CloudFormation | Medium | Secret Management | Query details Documentation |
| EBS Volume Without KmsKeyId b7063015-6c31-4658-a8e7-14f98f37fd42 |
CloudFormation | Medium | Secret Management | Query details Documentation |
| Secrets Manager Should Specify KmsKeyId c8ae9ba9-c2f7-4e5c-b32e-a4b7712d4d22 |
CloudFormation | Medium | Secret Management | Query details Documentation |
| Amplify App Basic Auth Config Password Exposed 71493c8b-3014-404c-9802-078b74496fb7 |
CloudFormation | Medium | Secret Management | Query details Documentation |
| SNS Topic Without KmsMasterKeyId 9d13b150-a2ab-42a1-b6f4-142e41f81e52 |
CloudFormation | Medium | Secret Management | Query details Documentation |
| Support Has No Role Associated d71b5fd7-9020-4b2d-9ec8-b3839faa2744 |
CloudFormation | Low | Access Control | Query details Documentation |
| IAM User With No Group 06933df4-0ea7-461c-b9b5-104d27390e0e |
CloudFormation | Low | Access Control | Query details Documentation |
| IAM Group Without Users 8f957abd-9703-413d-87d3-c578950a753c |
CloudFormation | Low | Access Control | Query details Documentation |
| IAM Policy Grants 'AssumeRole' Permission Across All Services e835bd0d-65da-49f7-b6d1-b646da8727e6 |
CloudFormation | Low | Access Control | Query details Documentation |
| EC2 Instance Using Default Security Group 08b81bb3-0985-4023-8602-b606ad81d279 |
CloudFormation | Low | Access Control | Query details Documentation |
| IAM Role Allows All Principals To Assume f80e3aa7-7b34-4185-954e-440a6894dde6 |
CloudFormation | Low | Access Control | Query details Documentation |
| VPC Attached With Too Many Gateways 97e94d17-e2c7-4109-a53b-6536ac1bb64e |
CloudFormation | Low | Availability | Query details Documentation |
| RDS DB Instance With Deletion Protection Disabled 2c161e58-cb52-454f-abea-6470c37b5e6e |
CloudFormation | Low | Backup | Query details Documentation |
| Security Group Ingress Has CIDR Not Recommended a3e4e39a-e5fc-4ee9-8cf5-700febfa86dd |
CloudFormation | Low | Best Practices | Query details Documentation |
| IAM Policies Without Groups 5e7acff5-095b-40ac-9073-ac2e4ad8a512 |
CloudFormation | Low | Best Practices | Query details Documentation |
| Automatic Minor Upgrades Disabled f0104061-8bfc-4b45-8a7d-630eb502f281 |
CloudFormation | Low | Best Practices | Query details Documentation |
| IAM Access Analyzer Not Enabled 8d29754a-2a18-460d-a1ba-9509f8d359da |
CloudFormation | Low | Best Practices | Query details Documentation |
| Lambda Permission Misconfigured 9b83114b-b2a1-4534-990d-06da015e47aa |
CloudFormation | Low | Best Practices | Query details Documentation |
| Geo Restriction Disabled 7f8843f0-9ea5-42b4-a02b-753055113195 |
CloudFormation | Low | Best Practices | Query details Documentation |
| CDN Configuration Is Missing e4f54ff4-d352-40e8-a096-5141073c37a2 |
CloudFormation | Low | Best Practices | Query details Documentation |
| DynamoDB With Not Recommented Table Billing Mode c333e906-8d8b-4275-b999-78b6318f8dc6 |
CloudFormation | Low | Build Process | Query details Documentation |
| EFS Without Tags 08e39832-5e42-4304-98a0-aa5b43393162 |
CloudFormation | Low | Build Process | Query details Documentation |
| Wildcard In ACM Certificate Domain Name cc8b294f-006f-4f8f-b5bb-0a9140c33131 |
CloudFormation | Low | Insecure Configurations | Query details Documentation |
| Lambda Function Without Dead Letter Queue c2eae442-d3ba-4cb1-84ca-1db4f80eae3d |
CloudFormation | Low | Insecure Configurations | Query details Documentation |
| S3 Bucket Without Ignore Public ACL 6c8d51af-218d-4bfb-94a9-94eabaa0703a |
CloudFormation | Low | Insecure Configurations | Query details Documentation |
| API Gateway Cache Cluster Disabled 52790cad-d60d-41d5-8483-146f9f21208d |
CloudFormation | Low | Insecure Configurations | Query details Documentation |
| EC2 Network ACL Duplicate Rule 045ddb54-cfc5-4abb-9e05-e427b2bc96fe |
CloudFormation | Low | Networking and Firewall | Query details Documentation |
| ElastiCache Using Default Port 323db967-c68e-44e6-916c-a777f95af34b |
CloudFormation | Low | Networking and Firewall | Query details Documentation |
| EC2 Instance Using Default VPC e42a3ef0-5325-4667-84bf-075ba1c9d58e |
CloudFormation | Low | Networking and Firewall | Query details Documentation |
| Shield Advanced Not In Use ad7444cf-817a-4765-a79e-2145f7981faf |
CloudFormation | Low | Networking and Firewall | Query details Documentation |
| Redshift Using Default Port a478af30-8c3a-404d-aa64-0b673cee509a |
CloudFormation | Low | Networking and Firewall | Query details Documentation |
| RDS Using Default Port 1fe9d958-ddce-4228-a124-05265a959a8b |
CloudFormation | Low | Networking and Firewall | Query details Documentation |
| EMR Without VPC bf89373a-be40-4c04-99f5-746742dfd7f3 |
CloudFormation | Low | Networking and Firewall | Query details Documentation |
| ElastiCache Without VPC ba766c53-fe71-4bbb-be35-b6803f2ef13e |
CloudFormation | Low | Networking and Firewall | Query details Documentation |
| CloudFront Without WAF 0f139403-303f-467c-96bd-e717e6cfd62d |
CloudFormation | Low | Networking and Firewall | Query details Documentation |
| CloudTrail Log File Validation Disabled 2a3560fe-52ca-4443-b34f-bf0ed5eb74c8 |
CloudFormation | Low | Observability | Query details Documentation |
| ECS Task Definition HealthCheck Missing d24389b4-b209-4ff0-8345-dc7a4569dcdd |
CloudFormation | Low | Observability | Query details Documentation |
| ECS Cluster with Container Insights Disabled ab759fde-e1e8-4b0e-ad73-ba856e490ed8 |
CloudFormation | Low | Observability | Query details Documentation |
| VPC FlowLogs Disabled f6d299d2-21eb-41cc-b1e1-fe12d857500b |
CloudFormation | Low | Observability | Query details Documentation |
| Lambda Functions Without X-Ray Tracing 9488c451-074e-4cd3-aee3-7db6104f542c |
CloudFormation | Low | Observability | Query details Documentation |
| DocDB Logging Is Disabled 1bf3b3d4-f373-4d7c-afbb-7d85948a67a5 |
CloudFormation | Low | Observability | Query details Documentation |
| API Gateway Deployment Without API Gateway UsagePlan Associated 783860a3-6dca-4c8b-81d0-7b62769ccbca |
CloudFormation | Low | Observability | Query details Documentation |
| VPC Without Attached Subnet 3b3b4411-ad1f-40e7-b257-a78a6bb9673a |
CloudFormation | Low | Resource Management | Query details Documentation |
| API Gateway Stage Without API Gateway UsagePlan Associated 7f8f1b60-43df-4c28-aa21-fb836dbd8071 |
CloudFormation | Low | Resource Management | Query details Documentation |
| SDB Domain Declared As A Resource 6ea57c8b-f9c0-4ec7-bae3-bd75a9dee27d |
CloudFormation | Low | Resource Management | Query details Documentation |
| ECS Task Definition Invalid CPU or Memory f4c9b5f5-68b8-491f-9e48-4f96644a1d51 |
CloudFormation | Low | Resource Management | Query details Documentation |
| EC2 Not EBS Optimized 8dd0ff1f-0da4-48df-9bb3-7f338ae36a40 |
CloudFormation | Info | Best Practices | Query details Documentation |
| Security Group Rule Without Description 5e6c9c68-8a82-408e-8749-ddad78cbb9c5 |
CloudFormation | Info | Best Practices | Query details Documentation |
| EC2 Instance Monitoring Disabled 0264093f-6791-4475-af34-4b8102dcbcd0 |
CloudFormation | Info | Observability | Query details Documentation |
| BOM - AWS S3 Buckets 2d16c3fb-35ba-4ec0-b4e4-06ee3cbd4045 |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS Kinesis 0e59d33e-bba2-4037-8f88-9765647ca7ad |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS EFS f53f16d6-46a9-4277-9fbe-617b1e24cdca |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS MQ fcb1b388-f558-4b7f-9b6e-f4e98abb7380 |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS Elasticache 54229498-850b-4f78-b3a7-218d24ef2c37 |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS SQS baecd2da-492a-4d59-b9dc-29540a1398e0 |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS RDS 12933609-c5bf-44b4-9a41-a6467c3b685b |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS SNS eccc4d59-74b9-4974-86f1-74386e0c7f33 |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS MSK 051f2063-2517-4295-ad8e-ba88c1bf5cfc |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS DynamoDB 23edf35f-7c22-4ff9-87e6-0ca74261cfbf |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS EBS 86571149-eef3-4280-a645-01e60df854b0 |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| Disk Encryption Disabled 1ee0f202-31da-49ba-bbce-04a989912e4b |
Terraform | Medium | Encryption | Query details Documentation |
| RAM Security Preference Not Enforce MFA Login dcda2d32-e482-43ee-a926-75eaabeaa4e0 |
Terraform | High | Access Control | Query details Documentation |
| OSS Bucket Allows List Action From All Principals 88541597-6f88-42c8-bac6-7e0b855e8ff6 |
Terraform | High | Access Control | Query details Documentation |
| Ram Policy Admin Access Not Attached to Users Groups Roles e8e62026-da63-4904-b402-65adfe3ca975 |
Terraform | High | Access Control | Query details Documentation |
| OSS Bucket Allows All Actions From All Principals ec62a32c-a297-41ca-a850-cab40b42094a |
Terraform | High | Access Control | Query details Documentation |
| OSS Bucket Allows Delete Action From All Principals 8c0695d8-2378-4cd6-8243-7fd5894fa574 |
Terraform | High | Access Control | Query details Documentation |
| OSS Bucket Public Access Enabled 62232513-b16f-4010-83d7-51d0e1d45426 |
Terraform | High | Access Control | Query details Documentation |
| OSS Bucket Allows Put Action From All Principals fe286195-e75c-4359-bd58-00847c4f855a |
Terraform | High | Access Control | Query details Documentation |
| NAS File System Without KMS 5f670f9d-b1b4-4c90-8618-2288f1ab9676 |
Terraform | High | Encryption | Query details Documentation |
| Launch Template Is Not Encrypted 1455cb21-1d48-46d6-8ae3-cef911b71fd5 |
Terraform | High | Encryption | Query details Documentation |
| NAS File System Not Encrypted 67bfdff1-31ce-4525-b564-e94368735360 |
Terraform | High | Encryption | Query details Documentation |
| Ecs Data Disk Kms Key Id Undefined f262118c-1ac6-4bb3-8495-cc48f1775b85 |
Terraform | High | Encryption | Query details Documentation |
| RDS Instance TDE Status Disabled 44d434ca-a9bf-4203-8828-4c81a8d5a598 |
Terraform | High | Encryption | Query details Documentation |
| RDS DB Instance Publicly Accessible 1b4565c0-4877-49ac-ab03-adebbccd42ae |
Terraform | High | Insecure Configurations | Query details Documentation |
| OSS Bucket Has Static Website 2b13c6ff-b87a-484d-86fd-21ef6e97d426 |
Terraform | High | Insecure Configurations | Query details Documentation |
| RDS DB Instance Publicly Accessible faaefc15-51a5-419e-bb5e-51a4b5ab3485 |
Terraform | High | Insecure Configurations | Query details Documentation |
| ALB Listening on HTTP ee3b1557-9fb5-4685-a95d-93f1edf2a0d7 |
Terraform | High | Networking and Firewall | Query details Documentation |
| OSS Bucket Ip Restriction Disabled 6107c530-7178-464a-88bc-df9cdd364ac8 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Public Security Group Rule Sensitive Port 2ae9d554-23fb-4065-bfd1-fe43d5f7c419 |
Terraform | High | Networking and Firewall | Query details Documentation |
| API Gateway API Protocol Not HTTPS 1bcdf9f0-b1aa-40a4-b8c6-cd7785836843 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Public Security Group Rule All Ports or Protocols 60587dbd-6b67-432e-90f7-a8cf1892d968 |
Terraform | High | Networking and Firewall | Query details Documentation |
| OSS Buckets Secure Transport Disabled c01d10de-c468-4790-b3a0-fc887a56f289 |
Terraform | High | Networking and Firewall | Query details Documentation |
| RDS Instance SSL Action Disabled 7a1ee8a9-71be-4b11-bb70-efb62d16863b |
Terraform | High | Networking and Firewall | Query details Documentation |
| ActionTrail Trail OSS Bucket is Publicly Accessible 69b5d7da-a5db-4db9-a42e-90b65d0efb0b |
Terraform | High | Observability | Query details Documentation |
| RDS Instance Events Not Logged b9c524a4-fe76-4021-a6a2-cb978fb4fde1 |
Terraform | High | Observability | Query details Documentation |
| Ram Account Password Policy Not Required Minimum Length a9dfec39-a740-4105-bbd6-721ba163c053 |
Terraform | High | Secret Management | Query details Documentation |
| Ram Account Password Policy Max Login Attempts Unrecommended e76fd7ab-7333-40c6-a2d8-ea28af4a319e |
Terraform | High | Secret Management | Query details Documentation |
| Ram Policy Attached to User 66505003-7aba-45a1-8d83-5162d5706ef5 |
Terraform | Medium | Access Control | Query details Documentation |
| CMK Is Unusable ed6e3ba0-278f-47b6-a1f5-173576b40b7e |
Terraform | Medium | Availability | Query details Documentation |
| ROS Stack Retention Disabled 4bb06fa1-2114-4a00-b7b5-6aeab8b896f0 |
Terraform | Medium | Backup | Query details Documentation |
| OSS Bucket Versioning Disabled 70919c0b-2548-4e6b-8d7a-3d84ab6dabba |
Terraform | Medium | Backup | Query details Documentation |
| ROS Stack Without Template 92d65c51-5d82-4507-a2a1-d252e9706855 |
Terraform | Medium | Build Process | Query details Documentation |
| SLB Policy With Insecure TLS Version In Use dbfc834a-56e5-4750-b5da-73fda8e73f70 |
Terraform | Medium | Encryption | Query details Documentation |
| OSS Bucket Encryption Using CMK Disabled f20e97f9-4919-43f1-9be9-f203cd339cdd |
Terraform | Medium | Encryption | Query details Documentation |
| Disk Encryption Disabled 39750e32-3fe9-453b-8c33-dd277acdb2cc |
Terraform | Medium | Encryption | Query details Documentation |
| CS Kubernetes Node Pool Auto Repair Disabled 81ce9394-013d-4731-8fcc-9d229b474073 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Public Security Group Rule Unknown Port dd706080-b7a8-47dc-81fb-3e8184430ec0 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Kubernetes Cluster Without Terway as CNI Network Plugin b9b7ada8-3868-4a35-854e-6100a2bb863d |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| ROS Stack Notifications Disabled 9ef08939-ea40-489c-8851-667870b2ef50 |
Terraform | Medium | Observability | Query details Documentation |
| Action Trail Logging For All Regions Disabled c065b98e-1515-4991-9dca-b602bd6a2fbb |
Terraform | Medium | Observability | Query details Documentation |
| Log Retention Is Not Greater Than 90 Days ed6cf6ff-9a1f-491c-9f88-e03c0807f390 |
Terraform | Medium | Observability | Query details Documentation |
| RDS Instance Retention Period Not Recommended dc158941-28ce-481d-a7fa-dc80761edf46 |
Terraform | Medium | Observability | Query details Documentation |
| OSS Bucket Logging Disabled 05db341e-de7d-4972-a106-3e2bd5ee53e1 |
Terraform | Medium | Observability | Query details Documentation |
| No ROS Stack Policy 72ceb736-0aee-43ea-a191-3a69ab135681 |
Terraform | Medium | Resource Management | Query details Documentation |
| RAM Account Password Policy without Reuse Prevention a8128dd2-89b0-464b-98e9-5d629041dfe0 |
Terraform | Medium | Secret Management | Query details Documentation |
| Ram Account Password Policy Not Required Numbers 063234c0-91c0-4ab5-bbd0-47ddb5f23786 |
Terraform | Medium | Secret Management | Query details Documentation |
| RAM Account Password Policy Not Require at Least one Uppercase Character 5e0fb613-ba9b-44c3-88f0-b44188466bfd |
Terraform | Medium | Secret Management | Query details Documentation |
| Ram Account Password Policy Max Password Age Unrecommended 2bb13841-7575-439e-8e0a-cccd9ede2fa8 |
Terraform | Medium | Secret Management | Query details Documentation |
| Ram Account Password Policy Not Require At Least one Lowercase Character 89143358-cec6-49f5-9392-920c591c669c |
Terraform | Medium | Secret Management | Query details Documentation |
| RAM Account Password Policy Not Required Symbols 41a38329-d81b-4be4-aef4-55b2615d3282 |
Terraform | Medium | Secret Management | Query details Documentation |
| High KMS Key Rotation Period cb319d87-b90f-485e-a7e7-f2408380f309 |
Terraform | Medium | Secret Management | Query details Documentation |
| OSS Bucket Transfer Acceleration Disabled 8f98334a-99aa-4d85-b72a-1399ca010413 |
Terraform | Low | Availability | Query details Documentation |
| OSS Bucket Lifecycle Rule Disabled 7db8bd7e-9772-478c-9ec5-4bc202c5686f |
Terraform | Low | Backup | Query details Documentation |
| RDS Instance Log Disconnections Disabled d53f4123-f8d8-4224-8cb3-f920b151cc98 |
Terraform | Low | Observability | Query details Documentation |
| RDS Instance Log Duration Disabled a597e05a-c065-44e7-9cc8-742f572a504a |
Terraform | Low | Observability | Query details Documentation |
| RDS Instance Log Connections Disabled 140869ea-25f2-40d4-a595-0c0da135114e |
Terraform | Low | Observability | Query details Documentation |
| VPC Flow Logs Disabled d2731f3d-a992-44ed-812e-f4f1c2747d71 |
Terraform | Low | Observability | Query details Documentation |
| Role Assignment Not Limit Guest User Permissions 8e75e431-449f-49e9-b56a-c8f1378025cf |
Terraform | High | Access Control | Query details Documentation |
| Role Assignment Of Guest Users 2bc626a8-0751-446f-975d-8139214fc790 |
Terraform | High | Access Control | Query details Documentation |
| Storage Container Is Publicly Accessible dd5230f8-a577-4bbb-b7ac-f2c2fe7d5299 |
Terraform | High | Access Control | Query details Documentation |
| Function App Authentication Disabled e65a0733-94a0-4826-82f4-df529f4c593f |
Terraform | High | Access Control | Query details Documentation |
| Public Storage Account 17f75827-0684-48f4-8747-61129c7e4198 |
Terraform | High | Access Control | Query details Documentation |
| Admin User Enabled For Container Registry b897dfbf-322c-45a8-b67c-1e698beeaa51 |
Terraform | High | Access Control | Query details Documentation |
| Geo Redundancy Is Disabled 8b042c30-e441-453f-b162-7696982ebc58 |
Terraform | High | Backup | Query details Documentation |
| Azure Instance Using Basic Authentication dafe30ec-325d-4516-85d1-e8e6776f012c |
Terraform | High | Best Practices | Query details Documentation |
| MySQL SSL Connection Disabled 73e42469-3a86-4f39-ad78-098f325b4e9f |
Terraform | High | Encryption | Query details Documentation |
| SSL Enforce Disabled 0437633b-daa6-4bbc-8526-c0d2443b946e |
Terraform | High | Encryption | Query details Documentation |
| Function App Not Using Latest TLS Encryption Version 45fc717a-bd86-415c-bdd8-677901be1aa6 |
Terraform | High | Encryption | Query details Documentation |
| Storage Account Not Forcing HTTPS 12944ec4-1fa0-47be-8b17-42a034f937c2 |
Terraform | High | Encryption | Query details Documentation |
| App Service Not Using Latest TLS Encryption Version b7b9d1c7-2d3b-49b4-b867-ebbe68d0b643 |
Terraform | High | Encryption | Query details Documentation |
| App Service FTPS Enforce Disabled 85da374f-b00f-4832-9d44-84a1ca1e89f8 |
Terraform | High | Insecure Configurations | Query details Documentation |
| VM Not Attached To Network bbf6b3df-4b65-4f87-82cc-da9f30f8c033 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Azure Container Registry With No Locks a187ac47-8163-42ce-8a63-c115236be6fb |
Terraform | High | Insecure Configurations | Query details Documentation |
| AD Admin Not Configured For SQL Server a3a055d2-9a2e-4cc9-b9fb-12850a1a3a4b |
Terraform | High | Insecure Configurations | Query details Documentation |
| Function App FTPS Enforce Disabled 9dab0179-433d-4dff-af8f-0091025691df |
Terraform | High | Insecure Configurations | Query details Documentation |
| Azure App Service Client Certificate Disabled a81573f9-3691-4d83-88a0-7d4af63e17a3 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Redis Not Updated Regularly b947809d-dd2f-4de9-b724-04d101c515aa |
Terraform | High | Insecure Configurations | Query details Documentation |
| Web App Accepting Traffic Other Than HTTPS 11e9a948-c6c3-4a0f-8dcf-b5cf1763cdbe |
Terraform | High | Insecure Configurations | Query details Documentation |
| AKS Private Cluster Disabled 599318f2-6653-4569-9e21-041d06c63a89 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Network Watcher Flow Disabled b90842e5-6779-44d4-9760-972f4c03ba1c |
Terraform | High | Insecure Configurations | Query details Documentation |
| Sensitive Port Is Exposed To Entire Network 594c198b-4d79-41b8-9b36-fde13348b619 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Trusted Microsoft Services Not Enabled 5400f379-a347-4bdd-a032-446465fdcc6f |
Terraform | High | Networking and Firewall | Query details Documentation |
| RDP Is Exposed To The Internet efbf6449-5ec5-4cfe-8f15-acc51e0d787c |
Terraform | High | Networking and Firewall | Query details Documentation |
| MySQL Server Public Access Enabled f118890b-2468-42b1-9ce9-af35146b425b |
Terraform | High | Networking and Firewall | Query details Documentation |
| SQLServer Ingress From Any IP 25c0ea09-f1c5-4380-b055-3b83863f2bb8 |
Terraform | High | Networking and Firewall | Query details Documentation |
| SSH Is Exposed To The Internet 3e3c175e-aadf-4e2b-a464-3fdac5748d24 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Redis Publicly Accessible 5089d055-53ff-421b-9482-a5267bdce629 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Redis Entirely Accessible fd8da341-6760-4450-b26c-9f6d8850575e |
Terraform | High | Networking and Firewall | Query details Documentation |
| CosmosDB Account IP Range Filter Not Set c2a3efb6-8a58-481c-82f2-bfddf34bb4b7 |
Terraform | High | Networking and Firewall | Query details Documentation |
| MSSQL Server Public Network Access Enabled ade36cf4-329f-4830-a83d-9db72c800507 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Vault Auditing Disabled 38c71c00-c177-4cd7-8d36-cd1007cdb190 |
Terraform | High | Observability | Query details Documentation |
| PostgreSQL Server Threat Detection Policy Disabled c407c3cf-c409-4b29-b590-db5f4138d332 |
Terraform | High | Resource Management | Query details Documentation |
| SQL Database Audit Disabled 83a229ba-483e-47c6-8db7-dc96969bce5a |
Terraform | High | Resource Management | Query details Documentation |
| App Service Managed Identity Disabled b61cce4b-0cc4-472b-8096-15617a6d769b |
Terraform | High | Resource Management | Query details Documentation |
| Secret Expiration Not Set dfa20ffa-f476-428f-a490-424b41e91c7f |
Terraform | High | Secret Management | Query details Documentation |
| Key Expiration Not Set 4d080822-5ee2-49a4-8984-68f3d4c890fc |
Terraform | High | Secret Management | Query details Documentation |
| Storage Share File Allows All ACL Permissions 48bbe0fd-57e4-4678-a4a1-119e79c90fc3 |
Terraform | Medium | Access Control | Query details Documentation |
| Role Definition Allows Custom Role Creation 3fa5900f-9aac-4982-96b2-a6143d9c99fb |
Terraform | Medium | Access Control | Query details Documentation |
| Storage Table Allows All ACL Permissions 3ac3e75c-6374-4a32-8ba0-6ed69bda404e |
Terraform | Medium | Access Control | Query details Documentation |
| AKS RBAC Disabled 86f92117-eed8-4614-9c6c-b26da20ff37f |
Terraform | Medium | Access Control | Query details Documentation |
| Virtual Network with DDoS Protection Plan disabled b4cc2c52-34a6-4b43-b57c-4bdeb4514a5a |
Terraform | Medium | Availability | Query details Documentation |
| Security Contact Email 34664094-59e0-4524-b69f-deaa1a68cce3 |
Terraform | Medium | Best Practices | Query details Documentation |
| SQL Server Predictable Admin Account Name 2ab6de9a-0136-415c-be92-79d2e4fd750f |
Terraform | Medium | Best Practices | Query details Documentation |
| SQL Server Predictable Active Directory Account Name bcd3fc01-5902-4f2a-b05a-227f9bbf5450 |
Terraform | Medium | Best Practices | Query details Documentation |
| Cosmos DB Account Without Tags 56dad03e-e94f-4dd6-93a4-c253a03ff7a0 |
Terraform | Medium | Build Process | Query details Documentation |
| Encryption On Managed Disk Disabled a99130ab-4c0e-43aa-97f8-78d4fcb30024 |
Terraform | Medium | Encryption | Query details Documentation |
| Storage Account Not Using Latest TLS Encryption Version 8263f146-5e03-43e0-9cfe-db960d56d1e7 |
Terraform | Medium | Encryption | Query details Documentation |
| AKS Disk Encryption Set ID Undefined b17d8bb8-4c08-4785-867e-cb9e62a622aa |
Terraform | Medium | Encryption | Query details Documentation |
| Small Flow Logs Retention Period 7750fcca-dd03-4d38-b663-4b70289bcfd4 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Security Group is Not Configured 5c822443-e1ea-46b8-84eb-758ec602e844 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Function App Client Certificates Unrequired 9bb3c639-5edf-458c-8ee5-30c17c7d671d |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Redis Cache Allows Non SSL Connections e29a75e6-aba3-4896-b42d-b87818c16b58 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Function App Managed Identity Disabled c87749b3-ff10-41f5-9df2-c421e8151759 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| AKS Network Policy Misconfigured f5342045-b935-402d-adf1-8dbbd09c0eef |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Security Center Pricing Tier Is Not Standard 819d50fd-1cdf-45c3-9936-be408aaad93e |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Default Azure Storage Account Network Access Is Too Permissive a5613650-32ec-4975-a305-31af783153ea |
Terraform | Medium | Insecure Defaults | Query details Documentation |
| Firewall Rule Allows Too Many Hosts To Access Redis Cache a829b715-cf75-4e92-b645-54c9b739edfb |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Azure Cognitive Search Public Network Access Enabled 4a9e0f00-0765-4f72-a0d4-d31110b78279 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| MariaDB Server Public Network Access Enabled 7f0a8696-7159-4337-ad0d-8a3ab4a78195 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Network Interfaces IP Forwarding Enabled 4216ebac-d74c-4423-b437-35025cb88af5 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| WAF Is Disabled For Azure Application Gateway 2e48d91c-50e4-45c8-9312-27b625868a72 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Unrestricted SQL Server Access d7ba74da-2da0-4d4b-83c8-2fd72a3f6c28 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Sensitive Port Is Exposed To Wide Private Network c6c7b33d-d7f6-4ab8-8c82-ca0431ecdb7e |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Sensitive Port Is Exposed To Small Public Network e9dee01f-2505-4df2-b9bf-7804d1fd9082 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Network Interfaces With Public IP c1573577-e494-4417-8854-7e119368dc8b |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| PostgreSQL Server Without Connection Throttling 2b3c671f-1b76-4741-8789-ed1fe0785dc4 |
Terraform | Medium | Observability | Query details Documentation |
| Small MSSQL Audit Retention Period 9c301481-e6ec-44f7-8a49-8ec63e2969ea |
Terraform | Medium | Observability | Query details Documentation |
| Small MSSQL Server Audit Retention 59acb56b-2b10-4c2c-ba38-f2223c3f5cfc |
Terraform | Medium | Observability | Query details Documentation |
| Small Activity Log Retention Period 2b856bf9-8e8c-4005-875f-303a8cba3918 |
Terraform | Medium | Observability | Query details Documentation |
| Email Alerts Disabled 9db38e87-f6aa-4b5e-a1ec-7266df259409 |
Terraform | Medium | Observability | Query details Documentation |
| PostgreSQL Log Checkpoints Disabled 3790d386-be81-4dcf-9850-eaa7df6c10d9 |
Terraform | Medium | Observability | Query details Documentation |
| PostgreSQL Log Disconnections Not Set 07f7134f-9f37-476e-8664-670c218e4702 |
Terraform | Medium | Observability | Query details Documentation |
| Log Retention Is Not Set ffb02aca-0d12-475e-b77c-a726f7aeff4b |
Terraform | Medium | Observability | Query details Documentation |
| PostgreSQL Log Duration Not Set 16e0879a-c4ae-4ff8-a67d-a2eed5d67b8f |
Terraform | Medium | Observability | Query details Documentation |
| PostgreSQL Log Connections Not Set c640d783-10c5-4071-b6c1-23507300d333 |
Terraform | Medium | Observability | Query details Documentation |
| Small PostgreSQL DB Server Log Retention Period 261a83f8-dd72-4e8c-b5e1-ebf06e8fe606 |
Terraform | Medium | Observability | Query details Documentation |
| SQL Server Auditing Disabled f7e296b0-6660-4bc5-8f87-22ac4a815edf |
Terraform | Medium | Observability | Query details Documentation |
| MSSQL Server Auditing Disabled 609839ae-bd81-4375-9910-5bce72ae7b92 |
Terraform | Medium | Observability | Query details Documentation |
| Azure Active Directory Authentication a21c8da9-41bf-40cf-941d-330cf0d11fc7 |
Terraform | Low | Access Control | Query details Documentation |
| MariaDB Server Geo-redundant Backup Disabled 0a70d5f3-1ecd-4c8e-9292-928fc9a8c4f1 |
Terraform | Low | Backup | Query details Documentation |
| App Service Without Latest Python Version cc4aaa9d-1070-461a-b519-04e00f42db8a |
Terraform | Low | Best Practices | Query details Documentation |
| Key Vault Secrets Content Type Undefined f8e08a38-fc6e-4915-abbe-a7aadf1d59ef |
Terraform | Low | Best Practices | Query details Documentation |
| AKS Uses Azure Policies Add-On Disabled 43789711-161b-4708-b5bb-9d1c626f7492 |
Terraform | Low | Best Practices | Query details Documentation |
| App Service Without Latest PHP Version 96fe318e-d631-4156-99fa-9080d57280ae |
Terraform | Low | Best Practices | Query details Documentation |
| PostgreSQL Server Infrastructure Encryption Disabled 6425c98b-ca4e-41fe-896a-c78772c131f8 |
Terraform | Low | Encryption | Query details Documentation |
| App Service HTTP2 Disabled 525b53be-62ed-4244-b4df-41aecfcb4071 |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Function App HTTP2 Disabled ace823d1-4432-4dee-945b-cdf11a5a6bd0 |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Dashboard Is Enabled 61c3cb8b-0715-47e4-b788-86dde40dd2db |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Azure Front Door WAF Disabled 835a4f2f-df43-437d-9943-545ccfc55961 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| App Service Authentication Disabled c7fc1481-2899-4490-bbd8-544a3a61a2f3 |
Terraform | Info | Access Control | Query details Documentation |
| SQL Server Alert Email Disabled 55975007-f6e7-4134-83c3-298f1fe4b519 |
Terraform | Info | Best Practices | Query details Documentation |
| SSO Policy with full privileges 132a8c31-9837-4203-9fd1-15ca210c7b73 |
Terraform | High | Access Control | Query details Documentation |
| S3 Bucket Access to Any Principal 7af43613-6bb9-4a0e-8c4d-1314b799425e |
Terraform | High | Access Control | Query details Documentation |
| S3 Bucket ACL Grants WRITE_ACP Permission 64a222aa-7793-4e40-915f-4b302c76e4d4 |
Terraform | High | Access Control | Query details Documentation |
| ECS Service Admin Role Is Present 3206240f-2e87-4e58-8d24-3e19e7c83d7c |
Terraform | High | Access Control | Query details Documentation |
| IAM Policies With Full Privileges 2f37c4a3-58b9-4afe-8a87-d7f1d2286f84 |
Terraform | High | Access Control | Query details Documentation |
| SQS Queue Exposed abb06e5f-ef9a-4a99-98c6-376d396bfcdf |
Terraform | High | Access Control | Query details Documentation |
| Amazon DMS Replication Instance Is Publicly Accessible 030d3b18-1821-45b4-9e08-50efbe7becbb |
Terraform | High | Access Control | Query details Documentation |
| S3 Bucket Allows Delete Action From All Principals ffdf4b37-7703-4dfe-a682-9d2e99bc6c09 |
Terraform | High | Access Control | Query details Documentation |
| S3 Bucket Allows Get Action From All Principals 1df37f4b-7197-45ce-83f8-9994d2fcf885 |
Terraform | High | Access Control | Query details Documentation |
| SNS Topic is Publicly Accessible b26d2b7e-60f6-413d-a3a1-a57db24aa2b3 |
Terraform | High | Access Control | Query details Documentation |
| Authentication Without MFA 3ddfa124-6407-4845-a501-179f90c65097 |
Terraform | High | Access Control | Query details Documentation |
| S3 Bucket Allows List Action From All Principals 66c6f96f-2d9e-417e-a998-9058aeeecd44 |
Terraform | High | Access Control | Query details Documentation |
| MSK Broker Is Publicly Accessible 54378d69-dd7c-4b08-a43e-80d563396857 |
Terraform | High | Access Control | Query details Documentation |
| IAM Role With Full Privileges b1ffa705-19a3-4b73-b9d0-0c97d0663842 |
Terraform | High | Access Control | Query details Documentation |
| EFS With Vulnerable Policy fae52418-bb8b-4ac2-b287-0b9082d6a3fd |
Terraform | High | Access Control | Query details Documentation |
| S3 Bucket Allows Public Policy 1a4bc881-9f69-4d44-8c9a-d37d08f54c50 |
Terraform | High | Access Control | Query details Documentation |
| Neptune Cluster Instance is Publicly Accessible 9ba198e0-fef4-464a-8a4d-75ea55300de7 |
Terraform | High | Access Control | Query details Documentation |
| IAM Policy Grants Full Permissions 575a2155-6af1-4026-b1af-d5bc8fe2a904 |
Terraform | High | Access Control | Query details Documentation |
| S3 Bucket ACL Allows Read to Any Authenticated User 57b9893d-33b1-4419-bcea-a717ea87e139 |
Terraform | High | Access Control | Query details Documentation |
| S3 Bucket ACL Allows Read Or Write to All Users 38c5ee0d-7f22-4260-ab72-5073048df100 |
Terraform | High | Access Control | Query details Documentation |
| S3 Bucket With All Permissions a4966c4f-9141-48b8-a564-ffe9959945bc |
Terraform | High | Access Control | Query details Documentation |
| S3 Bucket Allows Put Action From All Principals d24c0755-c028-44b1-b503-8e719c898832 |
Terraform | High | Access Control | Query details Documentation |
| ELB Using Weak Ciphers 4a800e14-c94a-442d-9067-5a2e9f6c0a4c |
Terraform | High | Encryption | Query details Documentation |
| Kinesis SSE Not Configured 5c6dd5e7-1fe0-4cae-8f81-4c122717cef3 |
Terraform | High | Encryption | Query details Documentation |
| AMI Not Encrypted 8bbb242f-6e38-4127-86d4-d8f0b2687ae2 |
Terraform | High | Encryption | Query details Documentation |
| ECS Task Definition Container With Plaintext Password d40210ea-64b9-4cce-a4fb-e8604f3c062c |
Terraform | High | Encryption | Query details Documentation |
| Secure Ciphers Disabled 5c0003fb-9aa0-42c1-9da3-eb0e332bef21 |
Terraform | High | Encryption | Query details Documentation |
| ECS Task Definition Volume Not Encrypted 4d46ff3b-7160-41d1-a310-71d6d370b08f |
Terraform | High | Encryption | Query details Documentation |
| Redis Not Compliant 254c932d-e3bf-44b2-bc9d-eb5fdb09f8d4 |
Terraform | High | Encryption | Query details Documentation |
| Sagemaker Notebook Instance Without KMS f3674e0c-f6be-43fa-b71c-bf346d1aed99 |
Terraform | High | Encryption | Query details Documentation |
| MSK Cluster Encryption Disabled 6db52fa6-d4da-4608-908a-89f0c59e743e |
Terraform | High | Encryption | Query details Documentation |
| User Data Shell Script Is Encoded 9cf718ce-46f9-430e-89ec-c456f8b469ee |
Terraform | High | Encryption | Query details Documentation |
| Redshift Not Encrypted cfdcabb0-fc06-427c-865b-c59f13e898ce |
Terraform | High | Encryption | Query details Documentation |
| Athena Workgroup Not Encrypted d364984a-a222-4b5f-a8b0-e23ab19ebff3 |
Terraform | High | Encryption | Query details Documentation |
| Sagemaker Endpoint Configuration Encryption Disabled 58b35504-0287-4154-bf69-02c0573deab8 |
Terraform | High | Encryption | Query details Documentation |
| Glue Security Configuration Encryption Disabled ad5b4e97-2850-4adf-be17-1d293e0b85ee |
Terraform | High | Encryption | Query details Documentation |
| ELB Using Insecure Protocols 126c1788-23c2-4a10-906c-ef179f4f96ec |
Terraform | High | Encryption | Query details Documentation |
| Aurora With Disabled at Rest Encryption 1a690d1d-0ae7-49fa-b2db-b75ae0dd1d3e |
Terraform | High | Encryption | Query details Documentation |
| RDS Storage Not Encrypted 3199c26c-7871-4cb3-99c2-10a59244ce7f |
Terraform | High | Encryption | Query details Documentation |
| DAX Cluster Not Encrypted f11aec39-858f-4b6f-b946-0a1bf46c0c87 |
Terraform | High | Encryption | Query details Documentation |
| User Data Contains Encoded Private Key 443488f5-c734-460b-a36d-5b3f330174dc |
Terraform | High | Encryption | Query details Documentation |
| Cloudfront Viewer Protocol Policy Allows HTTP 55af1353-2f62-4fa0-a8e1-a210ca2708f5 |
Terraform | High | Encryption | Query details Documentation |
| IAM Database Auth Not Enabled 88fd05e0-ac0e-43d2-ba6d-fc0ba60ae1a6 |
Terraform | High | Encryption | Query details Documentation |
| API Gateway Method Settings Cache Not Encrypted b7c9a40c-23e4-4a2d-8d39-a3352f10f288 |
Terraform | High | Encryption | Query details Documentation |
| Athena Database Not Encrypted b2315cae-b110-4426-81e0-80bb8640cdd3 |
Terraform | High | Encryption | Query details Documentation |
| EFS Without KMS 25d251f3-f348-4f95-845c-1090e41a615c |
Terraform | High | Encryption | Query details Documentation |
| EBS Default Encryption Disabled 3d3f6270-546b-443c-adb4-bb6fb2187ca6 |
Terraform | High | Encryption | Query details Documentation |
| S3 Bucket SSE Disabled 6726dcc0-5ff5-459d-b473-a780bef7665c |
Terraform | High | Encryption | Query details Documentation |
| EFS Not Encrypted 48207659-729f-4b5c-9402-f884257d794f |
Terraform | High | Encryption | Query details Documentation |
| EKS Cluster Encryption Disabled 63ebcb19-2739-4d3f-aa5c-e8bbb9b85281 |
Terraform | High | Encryption | Query details Documentation |
| DOCDB Cluster Not Encrypted bc1f9009-84a0-490f-ae09-3e0ea6d74ad6 |
Terraform | High | Encryption | Query details Documentation |
| Launch Configuration Is Not Encrypted 4de9de27-254e-424f-bd70-4c1e95790838 |
Terraform | High | Encryption | Query details Documentation |
| DOCDB Cluster Without KMS 4766d3ea-241c-4ee6-93ff-c380c996bd1a |
Terraform | High | Encryption | Query details Documentation |
| CodeBuild Project Encrypted With AWS Managed Key 3deec14b-03d2-4d27-9670-7d79322e3340 |
Terraform | High | Encryption | Query details Documentation |
| CA Certificate Identifier Is Outdated 9f40c07e-699e-4410-8856-3ba0f2e3a2dd |
Terraform | High | Encryption | Query details Documentation |
| S3 Bucket Object Not Encrypted 5fb49a69-8d46-4495-a2f8-9c8c622b2b6e |
Terraform | High | Encryption | Query details Documentation |
| Workspaces Workspace Volume Not Encrypted b9033580-6886-401a-8631-5f19f5bb24c7 |
Terraform | High | Encryption | Query details Documentation |
| Glue Data Catalog Encryption Disabled 01d50b14-e933-4c99-b314-6d08cd37ad35 |
Terraform | High | Encryption | Query details Documentation |
| EBS Volume Snapshot Not Encrypted e6b4b943-6883-47a9-9739-7ada9568f8ca |
Terraform | High | Encryption | Query details Documentation |
| RDS Database Cluster not Encrypted 656880aa-1388-488f-a6d4-8f73c23149b2 |
Terraform | High | Encryption | Query details Documentation |
| DB Instance Storage Not Encrypted 08bd0760-8752-44e1-9779-7bb369b2b4e4 |
Terraform | High | Encryption | Query details Documentation |
| Kinesis Not Encrypted With KMS 862fe4bf-3eec-4767-a517-40f378886b88 |
Terraform | High | Encryption | Query details Documentation |
| API Gateway Without Security Policy 4e1cc5d3-2811-4fb2-861c-ee9b3cb7f90b |
Terraform | High | Insecure Configurations | Query details Documentation |
| RDS DB Instance Publicly Accessible 35113e6f-2c6b-414d-beec-7a9482d3b2d1 |
Terraform | High | Insecure Configurations | Query details Documentation |
| S3 Bucket with Unsecured CORS Rule 98a8f708-121b-455b-ae2f-da3fb59d17e1 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Lambda Function With Privileged Role 1b3af2f9-af8c-4dfc-a0f1-a03adb70deb2 |
Terraform | High | Insecure Configurations | Query details Documentation |
| CloudFront Without Minimum Protocol TLS 1.2 00e5e55e-c2ff-46b3-a757-a7a1cd802456 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Batch Job Definition With Privileged Container Properties 66cd88ac-9ddf-424a-b77e-e55e17630bee |
Terraform | High | Insecure Configurations | Query details Documentation |
| DB Security Group Has Public Interface f0d8781f-99bf-4958-9917-d39283b168a0 |
Terraform | High | Insecure Configurations | Query details Documentation |
| S3 Static Website Host Enabled 42bb6b7f-6d54-4428-b707-666f669d94fb |
Terraform | High | Insecure Configurations | Query details Documentation |
| ECS Task Definition Network Mode Not Recommended 9f4a9409-9c60-4671-be96-9716dbf63db1 |
Terraform | High | Insecure Configurations | Query details Documentation |
| S3 Bucket Without Enabled MFA Delete c5b31ab9-0f26-4a49-b8aa-4cc064392f4d |
Terraform | High | Insecure Configurations | Query details Documentation |
| S3 Bucket Without Restriction Of Public Bucket 1ec253ab-c220-4d63-b2de-5b40e0af9293 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Root Account Has Active Access Keys 970d224d-b42a-416b-81f9-8f4dfe70c4bc |
Terraform | High | Insecure Configurations | Query details Documentation |
| Redshift Publicly Accessible af173fde-95ea-4584-b904-bb3923ac4bda |
Terraform | High | Insecure Configurations | Query details Documentation |
| KMS Key With Full Permissions 7ebc9038-0bde-479a-acc4-6ed7b6758899 |
Terraform | High | Insecure Configurations | Query details Documentation |
| No Password Policy Enabled b592ffd4-0577-44b6-bd35-8c5ee81b5918 |
Terraform | High | Insecure Configurations | Query details Documentation |
| IAM User Policy Without MFA b5681959-6c09-4f55-b42b-c40fa12d03ec |
Terraform | High | Insecure Configurations | Query details Documentation |
| Vulnerable Default SSL Certificate 3a1e94df-6847-4c0e-a3b6-6c6af4e128ef |
Terraform | High | Insecure Defaults | Query details Documentation |
| RDS Associated with Public Subnet 2f737336-b18a-4602-8ea0-b200312e1ac1 |
Terraform | High | Networking and Firewall | Query details Documentation |
| ALB Listening on HTTP de7f5e83-da88-4046-871f-ea18504b1d43 |
Terraform | High | Networking and Firewall | Query details Documentation |
| EKS Cluster Has Public Access CIDRs 61cf9883-1752-4768-b18c-0d57f2737709 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Remote Desktop Port Open To Internet 151187cb-0efc-481c-babd-ad24e3c9bc22 |
Terraform | High | Networking and Firewall | Query details Documentation |
| HTTP Port Open To Internet ffac8a12-322e-42c1-b9b9-81ff85c39ef7 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Sensitive Port Is Exposed To Entire Network 381c3f2a-ef6f-4eff-99f7-b169cda3422c |
Terraform | High | Networking and Firewall | Query details Documentation |
| Elasticsearch with HTTPS disabled 2e9e0729-66d5-4148-9d39-5e6fb4bf2a4e |
Terraform | High | Networking and Firewall | Query details Documentation |
| Security Group With Unrestricted Access To SSH 65905cec-d691-4320-b320-2000436cb696 |
Terraform | High | Networking and Firewall | Query details Documentation |
| DB Security Group Open To Large Scope 4f615f3e-fb9c-4fad-8b70-2e9f781806ce |
Terraform | High | Networking and Firewall | Query details Documentation |
| Default Security Groups With Unrestricted Traffic 46883ce1-dc3e-4b17-9195-c6a601624c73 |
Terraform | High | Networking and Firewall | Query details Documentation |
| EKS node group remote access disabled ba40ace1-a047-483c-8a8d-bc2d3a67a82d |
Terraform | High | Networking and Firewall | Query details Documentation |
| Unrestricted Security Group Ingress 4728cd65-a20c-49da-8b31-9c08b423e4db |
Terraform | High | Networking and Firewall | Query details Documentation |
| VPC Default Security Group Accepts All Traffic 9a4ef195-74b9-4c58-b8ed-2b2fe4353a75 |
Terraform | High | Networking and Firewall | Query details Documentation |
| DB Security Group With Public Scope 1e0ef61b-ad85-4518-a3d3-85eaad164885 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Route53 Record Undefined 25db74bf-fa3b-44da-934e-8c3e005c0453 |
Terraform | High | Networking and Firewall | Query details Documentation |
| VPC Peering Route Table with Unrestricted CIDR b3a41501-f712-4c4f-81e5-db9a7dc0e34e |
Terraform | High | Networking and Firewall | Query details Documentation |
| Unknown Port Exposed To Internet 590d878b-abdc-428f-895a-e2b68a0e1998 |
Terraform | High | Networking and Firewall | Query details Documentation |
| EC2 Instance Has Public IP 5a2486aa-facf-477d-a5c1-b010789459ce |
Terraform | High | Networking and Firewall | Query details Documentation |
| Network ACL With Unrestricted Access To SSH 3af7f2fd-06e6-4dab-b996-2912bea19ba4 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Network ACL With Unrestricted Access To RDP a20be318-cac7-457b-911d-04cc6e812c25 |
Terraform | High | Networking and Firewall | Query details Documentation |
| CloudWatch Console Sign-in Without MFA Alarm Missing 44ceb4fa-0897-4fd2-b676-30e7a58f2933 |
Terraform | High | Observability | Query details Documentation |
| CloudTrail Log Files S3 Bucket with Logging Disabled ee9e50e8-b2ed-4176-ad42-8fc0cf7593f4 |
Terraform | High | Observability | Query details Documentation |
| CloudTrail Logging Disabled 4bb76f17-3d63-4529-bdca-2b454529d774 |
Terraform | High | Observability | Query details Documentation |
| CloudTrail Log Files S3 Bucket is Publicly Accessible bd0088a5-c133-4b20-b129-ec9968b16ef3 |
Terraform | High | Observability | Query details Documentation |
| CloudWatch Root Account Use Missing 8b1b1e67-6248-4dca-bbad-93486bb181c0 |
Terraform | High | Observability | Query details Documentation |
| CloudWatch IAM Policy Changes Alarm Missing eaaba502-2f94-411a-a3c2-83d63cc1776d |
Terraform | High | Observability | Query details Documentation |
| CMK Rotation Disabled 22fbfeac-7b5a-421a-8a27-7a2178bb910b |
Terraform | High | Observability | Query details Documentation |
| CloudWatch Unauthorized Access Alarm Missing 4c18a45b-4ab1-4790-9f83-399ac695f1e5 |
Terraform | High | Observability | Query details Documentation |
| KMS Key With No Deletion Window 0b530315-0ea4-497f-b34c-4ff86268f59d |
Terraform | High | Observability | Query details Documentation |
| CloudWatch Logs Destination With Vulnerable Policy db0ec4c4-852c-46a2-b4f3-7ec13cdb12a8 |
Terraform | Medium | Access Control | Query details Documentation |
| AMI Shared With Multiple Accounts ba4e0031-3e9d-4d7d-b0d6-bd8f003f8698 |
Terraform | Medium | Access Control | Query details Documentation |
| IAM User With Access To Console 9ec311bf-dfd9-421f-8498-0b063c8bc552 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'cloudformation:CreateStack' And 'iam:PassRole' 9b0ffadc-a61f-4c2a-b1e6-68fab60f6267 |
Terraform | Medium | Access Control | Query details Documentation |
| SSO Permission With Inadequate User Session Duration ce9dfce0-5fc8-433b-944a-3b16153111a8 |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:UpdateLoginProfile' 35ccf766-0e4d-41ed-9ec4-2dab155082b4 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:PutGroupPolicy' e77c89f6-9c85-49ea-b95b-5f960fe5be92 |
Terraform | Medium | Access Control | Query details Documentation |
| Secrets Manager With Vulnerable Policy fa00ce45-386d-4718-8392-fb485e1f3c5b |
Terraform | Medium | Access Control | Query details Documentation |
| SNS Topic Publicity Has Allow and NotAction Simultaneously 5ea624e4-c8b1-4bb3-87a4-4235a776adcc |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:SetDefaultPolicyVersion' 7782d4b3-e23e-432b-9742-d9528432e771 |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'lambda:CreateFunction' And 'iam:PassRole' And 'lambda:InvokeFunction' fa62ac4f-f5b9-45b9-97c1-625c8b6253ca |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:AttachRolePolicy' f465fff1-0a0f-457d-aa4d-1bddb6f204ff |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:AttachGroupPolicy' 6d23d87e-1c5b-4308-b224-92624300f29b |
Terraform | Medium | Access Control | Query details Documentation |
| IAM Policies Attached To User b4378389-a9aa-44ee-91e7-ef183f11079e |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:PutGroupPolicy' d6047119-a0b2-4b59-a4f2-127a36fb685b |
Terraform | Medium | Access Control | Query details Documentation |
| Glue With Vulnerable Policy d25edb51-07fb-4a73-97d4-41cecdc53a22 |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'cloudformation:CreateStack' And 'iam:PassRole' be2aa235-bd93-4b68-978a-1cc65d49082f |
Terraform | Medium | Access Control | Query details Documentation |
| SES Policy With Allowed IAM Actions 34b921bd-90a0-402e-a0a5-dc73371fd963 |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:PutRolePolicy' eb64f1e9-f67d-4e35-8a3c-3d6a2f9efea7 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'glue:CreateDevEndpoint' And 'iam:PassRole' 7d544dad-8a6c-431c-84c1-5f07fe9afc0e |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:PutGroupPolicy' 8bfbf7ab-d5e8-4100-8618-798956e101e0 |
Terraform | Medium | Access Control | Query details Documentation |
| Neptune Cluster With IAM Database Authentication Disabled c91d7ea0-d4d1-403b-8fe1-c9961ac082c5 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:AttachRolePolicy' 3dd96caa-0b5f-4a85-b929-acfac4646cc2 |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:CreateAccessKey' 5b4d4aee-ac94-4810-9611-833636e5916d |
Terraform | Medium | Access Control | Query details Documentation |
| IAM Access Key Is Exposed 7081f85c-b94d-40fd-8b45-a4f1cac75e46 |
Terraform | Medium | Access Control | Query details Documentation |
| IAM Role Policy passRole Allows All e39bee8c-fe54-4a3f-824d-e5e2d1cca40a |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:AttachGroupPolicy' f906113d-cdc0-415a-ba60-609cc6daaf4d |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:CreatePolicyVersion' ec49cbfd-fae4-45f3-81b1-860526d66e3f |
Terraform | Medium | Access Control | Query details Documentation |
| API Gateway Method Does Not Contains An API Key 671211c5-5d2a-4e97-8867-30fc28b02216 |
Terraform | Medium | Access Control | Query details Documentation |
| ECR Repository Is Publicly Accessible e86e26fc-489e-44f0-9bcd-97305e4ba69a |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:CreateAccessKey' 846646e3-2af1-428c-ac5d-271eccfa6faf |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:AddUserToGroup' b8a31292-509d-4b61-bc40-13b167db7e9c |
Terraform | Medium | Access Control | Query details Documentation |
| REST API With Vulnerable Policy b161c11b-a59b-4431-9a29-4e19f63e6b27 |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:UpdateAssumeRolePolicy' And 'sts:AssumeRole' f1173d8c-3264-4148-9fdb-61181e031b51 |
Terraform | Medium | Access Control | Query details Documentation |
| Public Lambda via API Gateway 3ef8696c-e4ae-4872-92c7-520bb44dfe77 |
Terraform | Medium | Access Control | Query details Documentation |
| Lambda With Vulnerable Policy ad9dabc7-7839-4bae-a957-aa9120013f39 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:CreateLoginProfile' 04c686f1-e0cd-4812-88e1-4e038410074c |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'lambda:UpdateFunctionCode' b69247e5-7e73-464e-ba74-ec9b715c6e12 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:SetDefaultPolicyVersion' 43a41523-386a-4cb1-becb-42af6b414433 |
Terraform | Medium | Access Control | Query details Documentation |
| SQS Policy With Public Access 730675f9-52ed-49b6-8ead-0acb5dd7df7f |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:UpdateLoginProfile' ad296c0d-8131-4d6b-b030-1b0e73a99ad3 |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:CreatePolicyVersion' ee49557d-750c-4cc1-aa95-94ab36cbefde |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'glue:UpdateDevEndpoint' 8f3c16b3-354d-45db-8ad5-5066778a9485 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:UpdateLoginProfile' 6deb34e2-5d9c-499a-801b-ea6d9eda894f |
Terraform | Medium | Access Control | Query details Documentation |
| Elasticsearch Domain With Vulnerable Policy 16c4216a-50d3-4785-bfb2-4adb5144a8ba |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:UpdateAssumeRolePolicy' And 'sts:AssumeRole' 33627268-1445-4385-988a-318fd9d1a512 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'lambda:UpdateFunctionCode' 571254d8-aa6a-432e-9725-535d3ef04d69 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'lambda:CreateFunction' And 'iam:PassRole' And 'lambda:InvokeFunction' 034d0aee-620f-4bf7-b7fb-efdf661fdb9e |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:AttachRolePolicy' e227091e-2228-4b40-b046-fc13650d8e88 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:PutUserPolicy' 60263b4a-6801-4587-911d-919c37ed733b |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:CreatePolicyVersion' 1743f5f1-0bb0-4934-acef-c80baa5dadfa |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'ec2:RunInstances' And 'iam:PassRole' 15e6ad8c-f420-49a6-bafb-074f5eb1ec74 |
Terraform | Medium | Access Control | Query details Documentation |
| SQS Policy Allows All Actions 816ea8cf-d589-442d-a917-2dd0ce0e45e3 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:AddUserToGroup' bf9d42c7-c2f9-4dfe-942c-c8cc8249a081 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:UpdateAssumeRolePolicy' And 'sts:AssumeRole' 78f1ec6f-5659-41ea-bd48-d0a142dce4f2 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:CreateLoginProfile' 0fd7d920-4711-46bd-aff2-d307d82cd8b7 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:PutRolePolicy' c0c1e744-0f37-445e-924a-1846f0839f69 |
Terraform | Medium | Access Control | Query details Documentation |
| Cross-Account IAM Assume Role Policy Without ExternalId or MFA 09c35abf-5852-4622-ac7a-b987b331232e |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:CreateLoginProfile' 9a205ba3-0dd1-42eb-8d54-2ffec836b51a |
Terraform | Medium | Access Control | Query details Documentation |
| S3 Bucket Allows Public ACL d0cc8694-fcad-43ff-ac86-32331d7e867f |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:PutRolePolicy' eeb4d37a-3c59-4789-a00c-1509bc3af1e5 |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'glue:CreateDevEndpoint' And 'iam:PassRole' 0a592060-8166-49f5-8e65-99ac6dce9871 |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:SetDefaultPolicyVersion' 118281d0-6471-422e-a7c5-051bc667926e |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:AttachUserPolicy' 7c96920c-6fd0-449d-9a52-0aa431b6beaf |
Terraform | Medium | Access Control | Query details Documentation |
| Policy Without Principal bbe3dd3d-fea9-4b68-a785-cfabe2bbbc54 |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'lambda:UpdateFunctionCode' c583f0f9-7dfd-476b-a056-f47c62b47b46 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:AddUserToGroup' 970ed7a2-0aca-4425-acf1-0453c9ecbca1 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:PutUserPolicy' 0c10d7da-85c4-4d62-b2a8-d6c104f1bd77 |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'glue:UpdateDevEndpoint' eda48c88-2b7d-4e34-b6ca-04c0194aee17 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'glue:CreateDevEndpoint' And 'iam:PassRole' 94fbe150-27e3-4eba-9ca6-af32865e4503 |
Terraform | Medium | Access Control | Query details Documentation |
| Certificate Has Expired c3831315-5ae6-4fa8-b458-3d4d5ab7a3f6 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:AttachUserPolicy' 70cb518c-d990-46f6-bc05-44a5041493d6 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'ec2:RunInstances' And 'iam:PassRole' 89561b03-cb35-44a9-a7e9-8356e71606f4 |
Terraform | Medium | Access Control | Query details Documentation |
| API Gateway Without Configured Authorizer 0a96ce49-4163-4ee6-8169-eb3b0797d694 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'glue:UpdateDevEndpoint' 9b877bd8-94b4-4c10-a060-8e0436cc09fa |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:PutUserPolicy' 8f75840d-9ee7-42f3-b203-b40e3979eb12 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'cloudformation:CreateStack' And 'iam:PassRole' 19ffbe31-9d72-4379-9768-431195eae328 |
Terraform | Medium | Access Control | Query details Documentation |
| Lambda Permission Principal Is Wildcard e08ed7eb-f3ef-494d-9d22-2e3db756a347 |
Terraform | Medium | Access Control | Query details Documentation |
| Public and Private EC2 Share Role c53c7a89-f9d7-4c7b-8b66-8a555be99593 |
Terraform | Medium | Access Control | Query details Documentation |
| Elasticsearch Without IAM Authentication e7530c3c-b7cf-4149-8db9-d037a0b5268e |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:AttachGroupPolicy' 70b42736-efee-4bce-80d5-50358ed94990 |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'ec2:RunInstances' And 'iam:PassRole' 30b88745-eebe-4ecb-a3a9-5cf886e96204 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:AttachUserPolicy' db78d14b-10e5-4e6e-84b1-dace6327b1ec |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:CreateAccessKey' 113208f2-a886-4526-9ecc-f3218600e12c |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'lambda:CreateFunction' And 'iam:PassRole' And 'lambda:InvokeFunction' 8055dec2-efb8-4fe6-8837-d9bed6ff202a |
Terraform | Medium | Access Control | Query details Documentation |
| Auto Scaling Group With No Associated ELB 8e94dced-9bcc-4203-8eb7-7e41202b2505 |
Terraform | Medium | Availability | Query details Documentation |
| CMK Is Unusable 7350fa23-dcf7-4938-916d-6a60b0c73b50 |
Terraform | Medium | Availability | Query details Documentation |
| ECS Service Without Running Tasks 91f16d09-689e-4926-aca7-155157f634ed |
Terraform | Medium | Availability | Query details Documentation |
| ElastiCache Nodes Not Created Across Multi AZ 6db03a91-f933-4f13-ab38-a8b87a7de54d |
Terraform | Medium | Availability | Query details Documentation |
| Stack Retention Disabled 6e0e2f68-3fd9-4cd8-a5e4-e2213ef0df97 |
Terraform | Medium | Backup | Query details Documentation |
| ElastiCache Redis Cluster Without Backup 8fdb08a0-a868-4fdf-9c27-ccab0237f1ab |
Terraform | Medium | Backup | Query details Documentation |
| RDS With Backup Disabled 1dc73fb4-5b51-430c-8c5f-25dcf9090b02 |
Terraform | Medium | Backup | Query details Documentation |
| Misconfigured Password Policy Expiration ce60d060-efb8-4bfd-9cf7-ff8945d00d90 |
Terraform | Medium | Best Practices | Query details Documentation |
| IAM Password Without Symbol 7a70eed6-de3a-4da2-94da-a2bbc8fe2a48 |
Terraform | Medium | Best Practices | Query details Documentation |
| ALB Not Dropping Invalid Headers 6e3fd2ed-5c83-4c68-9679-7700d224d379 |
Terraform | Medium | Best Practices | Query details Documentation |
| Cognito UserPool Without MFA ec28bf61-a474-4dbe-b414-6dd3a067d6f0 |
Terraform | Medium | Best Practices | Query details Documentation |
| IAM Password Without Uppercase Letter c5ff7bc9-d8ea-46dd-81cb-8286f3222249 |
Terraform | Medium | Best Practices | Query details Documentation |
| IAM Password Without Minimum Length 1bc1c685-e593-450e-88fb-19db4c82aa1d |
Terraform | Medium | Best Practices | Query details Documentation |
| IAM Password Without Lowercase Letter bbc7c137-6c7b-4fc4-984a-0c88e91fcaf9 |
Terraform | Medium | Best Practices | Query details Documentation |
| Password Without Reuse Prevention 89806cdc-9c2e-4bd1-a0dc-53f339bcfb2a |
Terraform | Medium | Best Practices | Query details Documentation |
| RDS Cluster With Backup Disabled e542bd46-58c4-4e0f-a52a-1fb4f9548e02 |
Terraform | Medium | Best Practices | Query details Documentation |
| DynamoDB Table Point In Time Recovery Disabled 741f1291-47ac-4a85-a07b-3d32a9d6bd3e |
Terraform | Medium | Best Practices | Query details Documentation |
| Stack Without Template 91bea7b8-0c31-4863-adc9-93f6177266c4 |
Terraform | Medium | Build Process | Query details Documentation |
| Elasticsearch Domain Not Encrypted Node To Node 967eb3e6-26fc-497d-8895-6428beb6e8e2 |
Terraform | Medium | Encryption | Query details Documentation |
| Redis Disabled 4bd15dd9-8d5e-4008-8532-27eb0c3706d3 |
Terraform | Medium | Encryption | Query details Documentation |
| EBS Volume Encryption Disabled cc997676-481b-4e93-aa81-d19f8c5e9b12 |
Terraform | Medium | Encryption | Query details Documentation |
| SNS Topic Encrypted With AWS Managed Key b1a72f66-2236-4f3b-87ba-0da1b366956f |
Terraform | Medium | Encryption | Query details Documentation |
| ElasticSearch Not Encrypted At Rest 24e16922-4330-4e9d-be8a-caa90299466a |
Terraform | Medium | Encryption | Query details Documentation |
| Unscanned ECR Image 9630336b-3fed-4096-8173-b9afdfe346a7 |
Terraform | Medium | Encryption | Query details Documentation |
| Neptune Database Cluster Encryption Disabled 98d59056-f745-4ef5-8613-32bca8d40b7e |
Terraform | Medium | Encryption | Query details Documentation |
| DynamoDB Table Not Encrypted ce089fd4-1406-47bd-8aad-c259772bb294 |
Terraform | Medium | Encryption | Query details Documentation |
| DOCDB Cluster Encrypted With AWS Managed Key 2134641d-30a4-4b16-8ffc-2cd4c4ffd15d |
Terraform | Medium | Encryption | Query details Documentation |
| SQS With SSE Disabled 6e8849c1-3aa7-40e3-9063-b85ee300f29f |
Terraform | Medium | Encryption | Query details Documentation |
| AmazonMQ Broker Encryption Disabled 3db3f534-e3a3-487f-88c7-0a9fbf64b702 |
Terraform | Medium | Encryption | Query details Documentation |
| CloudWatch Log Group Without KMS 0afbcfe9-d341-4b92-a64c-7e6de0543879 |
Terraform | Medium | Encryption | Query details Documentation |
| Secretsmanager Secret Encrypted With AWS Managed Key b0d3ef3f-845d-4b1b-83d6-63a5a380375f |
Terraform | Medium | Encryption | Query details Documentation |
| SNS Topic Not Encrypted 28545147-2fc6-42d5-a1f9-cf226658e591 |
Terraform | Medium | Encryption | Query details Documentation |
| API Gateway With Invalid Compression ed35928e-195c-4405-a252-98ccb664ab7b |
Terraform | Medium | Encryption | Query details Documentation |
| SSM Session Transit Encryption Disabled ce60cc6b-6831-4bd7-84a2-cc7f8ee71433 |
Terraform | Medium | Encryption | Query details Documentation |
| ElasticSearch Encryption With KMS Disabled 7af2f4a3-00d9-47f3-8d15-ca0888f4e5b2 |
Terraform | Medium | Encryption | Query details Documentation |
| ElastiCache Replication Group Not Encrypted At Rest 76976de7-c7b1-4f64-a94f-90c1345914c2 |
Terraform | Medium | Encryption | Query details Documentation |
| Secretsmanager Secret Without KMS a2f548f2-188c-4fff-b172-e9a6acb216bd |
Terraform | Medium | Encryption | Query details Documentation |
| ElastiCache Replication Group Not Encrypted At Transit 1afbb3fa-cf6c-4a3d-b730-95e9f4df343e |
Terraform | Medium | Encryption | Query details Documentation |
| S3 Bucket Policy Accepts HTTP Requests 4bc4dd4c-7d8d-405e-a0fb-57fa4c31b4d9 |
Terraform | Medium | Encryption | Query details Documentation |
| Config Rule For Encrypted Volumes Disabled abdb29d4-5ca1-4e91-800b-b3569bbd788c |
Terraform | Medium | Encryption | Query details Documentation |
| IAM User Has Too Many Access Keys 3561130e-9c5f-485b-9e16-2764c82763e5 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| EKS Cluster Has Public Access 42f4b905-3736-4213-bfe9-c0660518cda8 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| API Gateway With Open Access 15ccec05-5476-4890-ad19-53991eba1db8 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| AWS Password Policy With Unchangeable Passwords 9ef7d25d-9764-4224-9968-fa321c56ef76 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Redshift Cluster Without VPC 0a494a6a-ebe2-48a0-9d77-cf9d5125e1b3 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Instance With No VPC a31a5a29-718a-4ff4-8001-a69e5e4d029e |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| MQ Broker Is Publicly Accessible 4eb5f791-c861-4afd-9f94-f2a6a3fe49cb |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Certificate RSA Key Bytes Lower Than 256 874d68a3-bfbe-4a4b-aaa0-9e74d7da634b |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| ECR Image Tag Not Immutable d1846b12-20c5-4d45-8798-fc35b79268eb |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| API Gateway Without SSL Certificate 0b4869fc-a842-4597-aa00-1294df425440 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Service Control Policies Disabled 5ba6229c-8057-433e-91d0-21cf13569ca9 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| API Gateway Endpoint Config is Not Private 6b2739db-9c49-4db7-b980-7816e0c248c1 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| SQS VPC Endpoint Without DNS Resolution e9b7acf9-9ba0-4837-a744-31e7df1e434d |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| API Gateway without WAF a186e82c-1078-4a7b-85d8-579561fde884 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Sensitive Port Is Exposed To Wide Private Network 92fe237e-074c-4262-81a4-2077acb928c1 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| SQL Analysis Services Port 2383 (TCP) Is Publicly Accessible 54c417bf-c762-48b9-9d31-b3d87047e3f0 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| ALB Is Not Integrated With WAF 0afa6ab8-a047-48cf-be07-93a2f8c34cf7 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Sensitive Port Is Exposed To Small Public Network e35c16a2-d54e-419d-8546-a804d8e024d0 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| VPC Without Network Firewall fd632aaf-b8a1-424d-a4d1-0de22fd3247a |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Dynamodb VPC Endpoint Without Route Table Association 0bc534c5-13d1-4353-a7fe-b8665d5c1d7d |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| VPC Subnet Assigns Public IP 52f04a44-6bfa-4c41-b1d3-4ae99a2de05c |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| CloudTrail SNS Topic Name Undefined 482b7d26-0bdb-4b5f-bf6f-545826c0a3dd |
Terraform | Medium | Observability | Query details Documentation |
| Configuration Aggregator to All Regions Disabled ac5a0bc0-a54c-45aa-90c3-15f7703b9132 |
Terraform | Medium | Observability | Query details Documentation |
| CloudWatch S3 policy Change Alarm Missing 27c6a499-895a-4dc7-9617-5c485218db13 |
Terraform | Medium | Observability | Query details Documentation |
| Cloudwatch Security Group Changes Alarm Missing 4beaf898-9f8b-4237-89e2-5ffdc7ee6006 |
Terraform | Medium | Observability | Query details Documentation |
| CloudTrail Not Integrated With CloudWatch 17b30f8f-8dfb-4597-adf6-57600b6cf25e |
Terraform | Medium | Observability | Query details Documentation |
| MQ Broker Logging Disabled 31245f98-a6a9-4182-9fc1-45482b9d030a |
Terraform | Medium | Observability | Query details Documentation |
| CloudFront Logging Disabled 94690d79-b3b0-43de-b656-84ebef5753e5 |
Terraform | Medium | Observability | Query details Documentation |
| API Gateway X-Ray Disabled 5813ef56-fa94-406a-b35d-977d4a56ff2b |
Terraform | Medium | Observability | Query details Documentation |
| ELB Access Log Disabled 20018359-6fd7-4d05-ab26-d4dffccbdf79 |
Terraform | Medium | Observability | Query details Documentation |
| CloudWatch Management Console Auth Failed Alarm Missing 5864d189-ee9a-4009-ac0c-8a582e6b7919 |
Terraform | Medium | Observability | Query details Documentation |
| CloudTrail Multi Region Disabled 8173d5eb-96b5-4aa6-a71b-ecfa153c123d |
Terraform | Medium | Observability | Query details Documentation |
| S3 Bucket Without Versioning 568a4d22-3517-44a6-a7ad-6a7eed88722c |
Terraform | Medium | Observability | Query details Documentation |
| Stack Notifications Disabled b72d0026-f649-4c91-a9ea-15d8f681ac09 |
Terraform | Medium | Observability | Query details Documentation |
| API Gateway Deployment Without Access Log Setting 625abc0e-f980-4ac9-a775-f7519ee34296 |
Terraform | Medium | Observability | Query details Documentation |
| S3 Bucket Logging Disabled f861041c-8c9f-4156-acfc-5e6e524f5884 |
Terraform | Medium | Observability | Query details Documentation |
| S3 Bucket Object Level CloudTrail Logging Disabled a8fc2180-b3ac-4c93-bd0d-a55b974e4b07 |
Terraform | Medium | Observability | Query details Documentation |
| CloudWatch Without Retention Period Specified ef0b316a-211e-42f1-888e-64efe172b755 |
Terraform | Medium | Observability | Query details Documentation |
| API Gateway With CloudWatch Logging Disabled 982aa526-6970-4c59-8b9b-2ce7e019fe36 |
Terraform | Medium | Observability | Query details Documentation |
| GuardDuty Detector Disabled 704dadd3-54fc-48ac-b6a0-02f170011473 |
Terraform | Medium | Observability | Query details Documentation |
| CloudWatch Disabling Or Scheduled Deletion Of Customer Created CMK Alarm Missing 56a585f5-555c-48b2-8395-e64e4740a9cf |
Terraform | Medium | Observability | Query details Documentation |
| Cloudwatch Cloudtrail Configuration Changes Alarm Missing 0f6cbf69-41bb-47dc-93f3-3844640bf480 |
Terraform | Medium | Observability | Query details Documentation |
| Elasticsearch Log Disabled acb6b4e2-a086-4f35-aefd-4db6ea51ada2 |
Terraform | Medium | Observability | Query details Documentation |
| Default VPC Exists 96ed3526-0179-4c73-b1b2-372fde2e0d13 |
Terraform | Medium | Observability | Query details Documentation |
| CloudWatch Metrics Disabled 081069cb-588b-4ce1-884c-2a1ce3029fe5 |
Terraform | Medium | Observability | Query details Documentation |
| ElasticSearch Without Slow Logs e979fcbc-df6c-422d-9458-c33d65e71c45 |
Terraform | Medium | Observability | Query details Documentation |
| Redshift Cluster Logging Disabled 15ffbacc-fa42-4f6f-a57d-2feac7365caa |
Terraform | Medium | Observability | Query details Documentation |
| MSK Cluster Logging Disabled 2f56b7ab-7fba-4e93-82f0-247e5ddeb239 |
Terraform | Medium | Observability | Query details Documentation |
| CloudWatch AWS Organizations Changes Missing Alarm 38b85c45-e772-4de8-a247-69619ca137b3 |
Terraform | Medium | Observability | Query details Documentation |
| CloudWatch Logging Disabled 7dbba512-e244-42dc-98bb-422339827967 |
Terraform | Medium | Observability | Query details Documentation |
| API Gateway Access Logging Disabled 1b6799eb-4a7a-4b04-9001-8cceb9999326 |
Terraform | Medium | Observability | Query details Documentation |
| No Stack Policy 2f01fb2d-828a-499d-b98e-b83747305052 |
Terraform | Medium | Resource Management | Query details Documentation |
| Hardcoded AWS Access Key d7b9d850-3e06-4a75-852f-c46c2e92240b |
Terraform | Medium | Secret Management | Query details Documentation |
| Hardcoded AWS Access Key In Lambda 1402afd8-a95c-4e84-8b0b-6fb43758e6ce |
Terraform | Medium | Secret Management | Query details Documentation |
| SSO Identity User Unsafe Creation 4003118b-046b-4640-b200-b8c7a4c8b89f |
Terraform | Low | Access Control | Query details Documentation |
| S3 Bucket Public ACL Overridden By Public Access Block bf878b1a-7418-4de3-b13c-3a86cf894920 |
Terraform | Low | Access Control | Query details Documentation |
| EC2 Instance Using API Keys 0b93729a-d882-4803-bdc3-ac429a21f158 |
Terraform | Low | Access Control | Query details Documentation |
| IAM Group Without Users fc101ca7-c9dd-4198-a1eb-0fbe92e80044 |
Terraform | Low | Access Control | Query details Documentation |
| IAM Policy Grants 'AssumeRole' Permission Across All Services bcdcbdc6-a350-4855-ae7c-d1e6436f7c97 |
Terraform | Low | Access Control | Query details Documentation |
| EC2 Instance Using Default Security Group f1adc521-f79a-4d71-b55b-a68294687432 |
Terraform | Low | Access Control | Query details Documentation |
| IAM Role Allows All Principals To Assume 12b7e704-37f0-4d1e-911a-44bf60c48c21 |
Terraform | Low | Access Control | Query details Documentation |
| Autoscaling Groups Supply Tags ba48df05-eaa1-4d64-905e-4a4b051e7587 |
Terraform | Low | Availability | Query details Documentation |
| Automatic Minor Upgrades Disabled 3b6d777b-76e3-4133-80a3-0d6f667ade7f |
Terraform | Low | Best Practices | Query details Documentation |
| IAM Access Analyzer Not Enabled e592a0c5-5bdb-414c-9066-5dba7cdea370 |
Terraform | Low | Best Practices | Query details Documentation |
| Lambda Permission Misconfigured 75ec6890-83af-4bf1-9f16-e83726df0bd0 |
Terraform | Low | Best Practices | Query details Documentation |
| ECR Repository Without Policy 69e7c320-b65d-41bb-be02-d63ecc0bcc9d |
Terraform | Low | Best Practices | Query details Documentation |
| Lambda IAM InvokeFunction Misconfigured 0ca1017d-3b80-423e-bb9c-6cd5898d34bd |
Terraform | Low | Best Practices | Query details Documentation |
| CDN Configuration Is Missing 1bc367f6-901d-4870-ad0c-71d79762ef52 |
Terraform | Low | Best Practices | Query details Documentation |
| CloudTrail Log Files Not Encrypted With KMS 5d9e3164-9265-470c-9a10-57ae454ac0c7 |
Terraform | Low | Encryption | Query details Documentation |
| ECR Repository Not Encrypted With CMK 0e32d561-4b5a-4664-a6e3-a3fa85649157 |
Terraform | Low | Encryption | Query details Documentation |
| S3 Bucket Without Ignore Public ACL 4fa66806-0dd9-4f8d-9480-3174d39c7c91 |
Terraform | Low | Insecure Configurations | Query details Documentation |
| ALB Deletion Protection Disabled afecd1f1-6378-4f7e-bb3b-60c35801fdd4 |
Terraform | Low | Insecure Configurations | Query details Documentation |
| ElastiCache Using Default Port 5d89db57-8b51-4b38-bb76-b9bd42bd40f0 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| EC2 Instance Using Default VPC 7e4a6e76-568d-43ef-8c4e-36dea481bff1 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Shield Advanced Not In Use 084c6686-2a70-4710-91b1-000393e54c12 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| EMR Without VPC 2b3c8a6d-9856-43e6-ab1d-d651094f03b4 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Redshift Using Default Port 41abc6cc-dde1-4217-83d3-fb5f0cc09d8f |
Terraform | Low | Networking and Firewall | Query details Documentation |
| RDS Using Default Port bca7cc4d-b3a4-4345-9461-eb69c68fcd26 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| ElastiCache Without VPC 8c849af7-a399-46f7-a34c-32d3dc96f1fc |
Terraform | Low | Networking and Firewall | Query details Documentation |
| CloudFront Without WAF 1419b4c6-6d5c-4534-9cf6-6a5266085333 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| CloudTrail Log File Validation Disabled 52ffcfa6-6c70-4ea6-8376-d828d3961669 |
Terraform | Low | Observability | Query details Documentation |
| EKS cluster logging is not enabled 37304d3f-f852-40b8-ae3f-725e87a7cedf |
Terraform | Low | Observability | Query details Documentation |
| Missing Cluster Log Types 66f130d9-b81d-4e8e-9b08-da74b9c891df |
Terraform | Low | Observability | Query details Documentation |
| CloudWatch Route Table Changes Alarm Missing 2285e608-ddbc-47f3-ba54-ce7121e31216 |
Terraform | Low | Observability | Query details Documentation |
| Global Accelerator Flow Logs Disabled 96e8183b-e985-457b-90cd-61c0503a3369 |
Terraform | Low | Observability | Query details Documentation |
| ECS Cluster with Container Insights Disabled 97cb0688-369a-4d26-b1f7-86c4c91231bc |
Terraform | Low | Observability | Query details Documentation |
| VPC FlowLogs Disabled f83121ea-03da-434f-9277-9cd247ab3047 |
Terraform | Low | Observability | Query details Documentation |
| CloudWatch VPC Changes Alarm Missing 9d0d4512-1959-43a2-a17f-72360ff06d1b |
Terraform | Low | Observability | Query details Documentation |
| CloudWatch Changes To NACL Alarm Missing 0a8e8dc5-b6fc-44fc-b5a1-969ec950f9b0 |
Terraform | Low | Observability | Query details Documentation |
| CloudWatch AWS Config Configuration Changes Alarm Missing 5b8d7527-de8e-4114-b9dd-9d988f1f418f |
Terraform | Low | Observability | Query details Documentation |
| Lambda Functions Without X-Ray Tracing 8152e0cf-d2f0-47ad-96d5-d003a76eabd1 |
Terraform | Low | Observability | Query details Documentation |
| CloudWatch Network Gateways Changes Alarm Missing 6b6874fe-4c2f-4eea-8b90-7cceaa4a125e |
Terraform | Low | Observability | Query details Documentation |
| DocDB Logging Is Disabled 56f6a008-1b14-4af4-b9b2-ab7cf7e27641 |
Terraform | Low | Observability | Query details Documentation |
| API Gateway Deployment Without API Gateway UsagePlan Associated b3a59b8e-94a3-403e-b6e2-527abaf12034 |
Terraform | Low | Observability | Query details Documentation |
| API Gateway Stage Without API Gateway UsagePlan Associated c999cf62-0920-40f8-8dda-0caccd66ed7e |
Terraform | Low | Resource Management | Query details Documentation |
| Security Group Not Used 4849211b-ac39-479e-ae78-5694d506cb24 |
Terraform | Info | Access Control | Query details Documentation |
| Security Group Rule Without Description 68eb4bf3-f9bf-463d-b5cf-e029bb446d2e |
Terraform | Info | Best Practices | Query details Documentation |
| Resource Not Using Tags e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10 |
Terraform | Info | Best Practices | Query details Documentation |
| EC2 Not EBS Optimized 60224630-175a-472a-9e23-133827040766 |
Terraform | Info | Best Practices | Query details Documentation |
| Security Group Rule Without Description cb3f5ed6-0d18-40de-a93d-b3538db31e8c |
Terraform | Info | Best Practices | Query details Documentation |
| RDS Without Logging 8d7f7b8c-6c7c-40f8-baa6-62006c6c7b56 |
Terraform | Info | Observability | Query details Documentation |
| Neptune Logging Is Disabled 45cff7b6-3b80-40c1-ba7b-2cf480678bb8 |
Terraform | Info | Observability | Query details Documentation |
| EC2 Instance Monitoring Disabled 23b70e32-032e-4fa6-ba5c-82f56b9980e6 |
Terraform | Info | Observability | Query details Documentation |
| Github Organization Webhook With SSL Disabled ce7c874e-1b88-450b-a5e4-cb76ada3c8a9 |
Terraform | Medium | Encryption | Query details Documentation |
| GitHub Repository Set To Public 15d8a7fd-465a-4d15-a868-add86552f17b |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Nifcloud LB Use Insecure TLS Policy ID 944439c7-b4b8-476a-8f83-14641ea876ba |
Terraform | High | Insecure Configurations | Query details Documentation |
| Nifcloud LB Listener Use HTTP Port 9f751a80-31f0-43a3-926c-20772791a038 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Nifcloud ELB Use HTTP Protocol e2de2b80-2fc2-4502-a764-40930dfcc70a |
Terraform | High | Insecure Configurations | Query details Documentation |
| Nifcloud ELB Listener Use HTTP Protocol afcb0771-4f94-44ed-ad4a-9f73f11ce6e0 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Nifcloud LB Use HTTP Port 94e47f3f-b90b-43a1-a36d-521580bae863 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Nifcloud LB Use Insecure TLS Policy Name 675e8eaa-2754-42b7-bf33-bfa295d1601d |
Terraform | High | Insecure Configurations | Query details Documentation |
| Nifcloud DNS Has Verified Record a1defcb6-55e8-4511-8c2a-30b615b0e057 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Nifcloud Computing Has Public Ingress Security Group Rule b2ea2367-8dc9-4231-a035-d0b28bfa3dde |
Terraform | High | Networking and Firewall | Query details Documentation |
| Nifcloud NAS Has Public Ingress NAS Security Group Rule 8d7758a7-d9cd-499a-a83e-c9bdcbff728d |
Terraform | High | Networking and Firewall | Query details Documentation |
| Nifcloud RDB Has Public DB Ingress Security Group Rule a0b846e8-815f-4f15-b660-bc4ab9fa1e1a |
Terraform | High | Networking and Firewall | Query details Documentation |
| Nifcloud Vpn Gateway Undefined Security Group To Vpn Gateway b3535a48-910c-47f8-8b3b-14222f29ef80 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Nifcloud RDB Has Public DB Access fb387023-e4bb-42a8-9a70-6708aa7ff21b |
Terraform | High | Networking and Firewall | Query details Documentation |
| Nifcloud Router Undefined Security Group To Router e7dada38-af20-4899-8955-dabea84ab1f0 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Nifcloud Computing Undefined Security Group To Instance 89218b48-75c9-4cb3-aaba-5299e852e8bc |
Terraform | High | Networking and Firewall | Query details Documentation |
| Nifcloud RDB Has Backup Retention Less Than 2 Day e5071f76-cbe7-468d-bb2b-d10f02d2b713 |
Terraform | Medium | Backup | Query details Documentation |
| Nifcloud Computing Has Common Private Network df58dd45-8009-43c2-90f7-c90eb9d53ed9 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Nifcloud Computing Undefined Description To Security Group Rule e4610872-0b1c-4fb7-ab57-d81c0afdb291 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Nifcloud Router Has Common Private Network 30c2760c-740e-4672-9d7f-2c29e0cb385d |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Nifcloud RDB Has Common Private Network 9bf57c23-fbab-4222-85f3-3f207a53c6a8 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Nifcloud RDB Undefined Description To DB Security Group 940ddce2-26bd-4e31-a9b4-382714f73231 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Nifcloud NAS Undefined Description To NAS Security Group e840c54a-7a4c-405f-b8c1-c49a54b87d11 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Nifcloud ELB Has Common Private Network 5061f84c-ab66-4660-90b9-680c9df346c0 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Nifcloud NAS Has Common Private Network 4b801c38-ebb4-4c81-984b-1ba525d43adf |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Nifcloud Computing Undefined Description To Security Group 41c127a9-3a85-4bc3-a333-ed374eb9c3e4 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Name Is Not Snake Case 1e434b25-8763-4b00-a5ca-ca03b7abbb66 |
Terraform | Info | Best Practices | Query details Documentation |
| Variable Without Description 2a153952-2544-4687-bcc9-cc8fea814a9b |
Terraform | Info | Best Practices | Query details Documentation |
| Variable Without Type fc5109bf-01fd-49fb-8bde-4492b543c34a |
Terraform | Info | Best Practices | Query details Documentation |
| Generic Git Module Without Revision 3a81fc06-566f-492a-91dd-7448e409e2cd |
Terraform | Info | Best Practices | Query details Documentation |
| Output Without Description 59312e8a-a64e-41e7-a252-618533dd1ea8 |
Terraform | Info | Best Practices | Query details Documentation |
| Container Is Privileged 87065ef8-de9b-40d8-9753-f4a4303e27a4 |
Terraform | High | Insecure Configurations | Query details Documentation |
| PSP Allows Containers To Share The Host Network Namespace 4950837c-0ce5-4e42-9bee-a25eae73740b |
Terraform | High | Insecure Configurations | Query details Documentation |
| Privilege Escalation Allowed c878abb4-cca5-4724-92b9-289be68bd47c |
Terraform | High | Insecure Configurations | Query details Documentation |
| Not Limited Capabilities For Pod Security Policy 2acb555f-f4ad-4b1b-b984-84e6588f4b05 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Tiller (Helm v2) Is Deployed ca2fba76-c1a7-4afd-be67-5249f861cb0e |
Terraform | High | Insecure Configurations | Query details Documentation |
| Cluster Allows Unsafe Sysctls a9174d31-d526-4ad9-ace4-ce7ddbf52e03 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Role Binding To Default Service Account 3360c01e-c8c0-4812-96a2-a6329b9b7f9f |
Terraform | High | Insecure Defaults | Query details Documentation |
| Non Kube System Pod With Host Mount 86a947ea-f577-4efb-a8b0-5fc00257d521 |
Terraform | Medium | Access Control | Query details Documentation |
| RBAC Roles with Read Secrets Permissions 826abb30-3cd5-4e0b-a93b-67729b4f7e63 |
Terraform | Medium | Access Control | Query details Documentation |
| Permissive Access to Create Pods 522d4a64-4dc9-44bd-9240-7d8a0d5cb5ba |
Terraform | Medium | Access Control | Query details Documentation |
| Readiness Probe Is Not Configured 8657197e-3f87-4694-892b-8144701d83c1 |
Terraform | Medium | Availability | Query details Documentation |
| Root Containers Admitted 4c415497-7410-4559-90e8-f2c8ac64ee38 |
Terraform | Medium | Best Practices | Query details Documentation |
| Incorrect Volume Claim Access Mode ReadWriteOnce 26b047a9-0329-48fd-8fb7-05bbe5ba80ee |
Terraform | Medium | Build Process | Query details Documentation |
| Containers With Sys Admin Capabilities 3f55386d-75cd-4e9a-ac47-167b26c04724 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Container Resources Limits Undefined 60af03ff-a421-45c8-b214-6741035476fa |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Using Default Namespace abcb818b-5af7-4d72-aba9-6dd84956b451 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Container Host Pid Is True 587d5d82-70cf-449b-9817-f60f9bccb88c |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| PSP Allows Privilege Escalation 2bff9906-4e9b-4f71-9346-8ebedfdf43ef |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| PSP Set To Privileged a6a4d4fc-4e8f-47d1-969f-e9d4a084f3b9 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| NET_RAW Capabilities Disabled for PSP 9aa32890-ac1a-45ee-81ca-5164e2098556 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| PSP Allows Sharing Host IPC 51bed0ac-a8ae-407a-895e-90c6cb0610ce |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| PSP With Added Capabilities 48388bd2-7201-4dcc-b56d-e8a9efa58fad |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Container Runs Unmasked 0ad60203-c050-4115-83b6-b94bde92541d |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Ingress Controller Exposes Workload e2c83c1f-84d7-4467-966c-ed41fd015bb9 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Seccomp Profile Is Not Configured 455f2e0c-686d-4fcb-8b5f-3f953f12c43c |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Default Service Account In Use 737a0dd9-0aaa-4145-8118-f01778262b8a |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Containers With Added Capabilities fe771ff7-ba15-4f8f-ad7a-8aa232b49a28 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| NET_RAW Capabilities Not Being Dropped e5587d53-a673-4a6b-b3f2-ba07ec274def |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Workload Mounting With Sensitive OS Directory a737be28-37d8-4bff-aa6d-1be8aa0a0015 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Service Account Token Automount Not Disabled a9a13d4f-f17a-491b-b074-f54bffffcb4a |
Terraform | Medium | Insecure Defaults | Query details Documentation |
| Service Account Name Undefined Or Empty 24b132df-5cc7-4823-8029-f898e1c50b72 |
Terraform | Medium | Insecure Defaults | Query details Documentation |
| Network Policy Is Not Targeting Any Pod b80b14c6-aaa2-4876-b651-8a48b6c32fbf |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Service With External Load Balancer 2a52567c-abb8-4651-a038-52fa27c77aed |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Shared Host IPC Namespace e94d3121-c2d1-4e34-a295-139bfeb73ea3 |
Terraform | Medium | Resource Management | Query details Documentation |
| CPU Requests Not Set 577ac19c-6a77-46d7-9f14-e049cdd15ec2 |
Terraform | Medium | Resource Management | Query details Documentation |
| Memory Requests Not Defined 21719347-d02b-497d-bda4-04a03c8e5b61 |
Terraform | Medium | Resource Management | Query details Documentation |
| Memory Limits Not Defined fd097ed0-7fe6-4f58-8b71-fef9f0820a21 |
Terraform | Medium | Resource Management | Query details Documentation |
| Shared Host Network Namespace ac1564a3-c324-4747-9fa1-9dfc234dace0 |
Terraform | Medium | Resource Management | Query details Documentation |
| Volume Mount With OS Directory Write Permissions a62a99d1-8196-432f-8f80-3c100b05d62a |
Terraform | Medium | Resource Management | Query details Documentation |
| CPU Limits Not Set 5f4735ce-b9ba-4d95-a089-a37a767b716f |
Terraform | Medium | Resource Management | Query details Documentation |
| Service Account Allows Access Secrets 07fc3413-e572-42f7-9877-5c8fc6fccfb5 |
Terraform | Medium | Secret Management | Query details Documentation |
| Shared Service Account f74b9c43-161a-4799-bc95-0b0ec81801b9 |
Terraform | Medium | Secret Management | Query details Documentation |
| Docker Daemon Socket is Exposed to Containers 4e203a65-c8d8-49a2-b749-b124d43c9dc1 |
Terraform | Low | Access Control | Query details Documentation |
| Cluster Admin Rolebinding With Superuser Permissions 17172bc2-56fb-4f17-916f-a014147706cd |
Terraform | Low | Access Control | Query details Documentation |
| Missing App Armor Config bd6bd46c-57db-4887-956d-d372f21291b6 |
Terraform | Low | Access Control | Query details Documentation |
| StatefulSet Without Service Name 420e6360-47bb-46f6-9072-b20ed22c842d |
Terraform | Low | Availability | Query details Documentation |
| HPA Targets Invalid Object 17e52ca3-ddd0-4610-9d56-ce107442e110 |
Terraform | Low | Availability | Query details Documentation |
| StatefulSet Without PodDisruptionBudget 7249e3b0-9231-4af3-bc5f-5daf4988ecbf |
Terraform | Low | Availability | Query details Documentation |
| Liveness Probe Is Not Defined 5b6d53dd-3ba3-4269-b4d7-f82e880e43c3 |
Terraform | Low | Availability | Query details Documentation |
| Deployment Without PodDisruptionBudget a05331ee-1653-45cb-91e6-13637a76e4f0 |
Terraform | Low | Availability | Query details Documentation |
| Metadata Label Is Invalid bc3dabb6-fd50-40f8-b9ba-7429c9f1fb0e |
Terraform | Low | Best Practices | Query details Documentation |
| No Drop Capabilities for Containers 21cef75f-289f-470e-8038-c7cee0664164 |
Terraform | Low | Best Practices | Query details Documentation |
| StatefulSet Requests Storage fcc2612a-1dfe-46e4-8ce6-0320959f0040 |
Terraform | Low | Build Process | Query details Documentation |
| Root Container Not Mounted As Read-only d532566b-8d9d-4f3b-80bd-361fe802f9c2 |
Terraform | Low | Build Process | Query details Documentation |
| Image Without Digest 228c4c19-feeb-4c18-848c-800ac70fdfb7 |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Pod or Container Without Security Context ad69e38a-d92e-4357-a8da-f2f29d545883 |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Image Pull Policy Of The Container Is Not Set To Always aa737abf-6b1d-4aba-95aa-5c160bd7f96e |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Workload Host Port Not Specified 4e74cf4f-ff65-4c1a-885c-67ab608206ce |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Service Type is NodePort 5c281bf8-d9bb-47f2-b909-3f6bb11874ad |
Terraform | Low | Networking and Firewall | Query details Documentation |
| CronJob Deadline Not Configured 58876b44-a690-4e9f-9214-7735fa0dd15d |
Terraform | Low | Resource Management | Query details Documentation |
| Deployment Has No PodAntiAffinity 461ed7e4-f8d5-4bc1-b3c6-64ddb4fd00a3 |
Terraform | Low | Resource Management | Query details Documentation |
| Secrets As Environment Variables 6d8f1a10-b6cd-48f0-b960-f7c535d5cdb8 |
Terraform | Low | Secret Management | Query details Documentation |
| Invalid Image e76cca7c-c3f9-4fc9-884c-b2831168ebd8 |
Terraform | Low | Supply-Chain | Query details Documentation |
| BOM - GCP Dataflow 895ed0d9-6fec-4567-8614-d7a74b599a53 |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - GCP Redis bc75ce52-a60a-4660-b533-bce837a5019b |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - GCP PST 4b82202a-b18e-4891-a1eb-a0989850bbb3 |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - GCP FI c9d81239-c818-4869-9917-1570c62b81fd |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - GCP SB 2f06d22c-56bd-4f73-8a51-db001fcf2150 |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - GCP PD dd7d70aa-a6ec-460d-b5d2-38b40253b16f |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| OSLogin Disabled 32ecd6eb-0711-421f-9627-1a28d9eff217 |
Terraform | High | Access Control | Query details Documentation |
| Cloud Storage Bucket Is Publicly Accessible c010082c-76e0-4b91-91d9-6e8439e455dd |
Terraform | High | Access Control | Query details Documentation |
| BigQuery Dataset Is Public e576ce44-dd03-4022-a8c0-3906acca2ab4 |
Terraform | High | Access Control | Query details Documentation |
| VM With Full Cloud Access bc280331-27b9-4acb-a010-018e8098aa5d |
Terraform | High | Access Control | Query details Documentation |
| Cloud Storage Anonymous or Publicly Accessible a6cd52a1-3056-4910-96a5-894de9f3f3b3 |
Terraform | High | Access Control | Query details Documentation |
| SQL DB Instance Backup Disabled cf3c7631-cd1e-42f3-8801-a561214a6e79 |
Terraform | High | Backup | Query details Documentation |
| KMS Crypto Key is Publicly Accessible 16cc87d1-dd47-4f46-b3ce-4dfcac8fd2f5 |
Terraform | High | Encryption | Query details Documentation |
| DNSSEC Using RSASHA1 ccc3100c-0fdd-4a5e-9908-c10107291860 |
Terraform | High | Encryption | Query details Documentation |
| SQL DB Instance With SSL Disabled 02474449-71aa-40a1-87ae-e14497747b00 |
Terraform | High | Encryption | Query details Documentation |
| Not Proper Email Account In Use 9356962e-4a4f-4d06-ac59-dc8008775eaa |
Terraform | High | Insecure Configurations | Query details Documentation |
| GKE Legacy Authorization Enabled 5baa92d2-d8ee-4c75-88a4-52d9d8bb8067 |
Terraform | High | Insecure Configurations | Query details Documentation |
| IP Aliasing Disabled c606ba1d-d736-43eb-ac24-e16108f3a9e0 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Network Policy Disabled 11e7550e-c4b6-472e-adff-c698f157cdd7 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Cluster Labels Disabled 65c1bc7a-4835-4ac4-a2b6-13d310b0648d |
Terraform | High | Insecure Configurations | Query details Documentation |
| Pod Security Policy Disabled 9192e0f9-eca5-4056-9282-ae2a736a4088 |
Terraform | High | Insecure Configurations | Query details Documentation |
| SQL DB Instance Publicly Accessible b187edca-b81e-4fdc-aff4-aab57db45edb |
Terraform | High | Insecure Configurations | Query details Documentation |
| Legacy Client Certificate Auth Enabled 73fb21a1-b19a-45b1-b648-b47b1678681e |
Terraform | High | Insecure Configurations | Query details Documentation |
| Private Cluster Disabled 6ccb85d7-0420-4907-9380-50313f80946b |
Terraform | High | Insecure Configurations | Query details Documentation |
| IAM Audit Not Properly Configured 89fe890f-b480-460c-8b6b-7d8b1468adb4 |
Terraform | High | Observability | Query details Documentation |
| Stackdriver Monitoring Disabled 30e8dfd2-3591-4d19-8d11-79e93106c93d |
Terraform | High | Observability | Query details Documentation |
| Cloud Storage Bucket Logging Not Enabled d6cabc3a-d57e-48c2-b341-bf3dd4f4a120 |
Terraform | High | Observability | Query details Documentation |
| Cloud Storage Bucket Versioning Disabled e7e961ac-d17e-4413-84bc-8a1fbe242944 |
Terraform | High | Observability | Query details Documentation |
| Stackdriver Logging Disabled 4c7ebcb2-eae2-461e-bc83-456ee2d4f694 |
Terraform | High | Observability | Query details Documentation |
| Node Auto Upgrade Disabled b139213e-7d24-49c2-8025-c18faa21ecaa |
Terraform | High | Resource Management | Query details Documentation |
| KMS Admin and CryptoKey Roles In Use 92e4464a-4139-4d57-8742-b5acc0347680 |
Terraform | Medium | Access Control | Query details Documentation |
| Google Project IAM Binding Service Account has Token Creator or Account User Role 617ef6ff-711e-4bd7-94ae-e965911b1b40 |
Terraform | Medium | Access Control | Query details Documentation |
| Google Project IAM Member Service Account has Token Creator or Account User Role c68b4e6d-4e01-4ca1-b256-1e18e875785c |
Terraform | Medium | Access Control | Query details Documentation |
| Google Project IAM Member Service Account Has Admin Role 84d36481-fd63-48cb-838e-635c44806ec2 |
Terraform | Medium | Access Control | Query details Documentation |
| Disk Encryption Disabled b1d51728-7270-4991-ac2f-fc26e2695b38 |
Terraform | Medium | Encryption | Query details Documentation |
| Google Compute SSL Policy Weak Cipher In Use 14a457f0-473d-4d1d-9e37-6d99b355b336 |
Terraform | Medium | Encryption | Query details Documentation |
| Shielded GKE Nodes Disabled 579a0727-9c29-4d58-8195-fc5802a8bdb4 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Google Storage Bucket Level Access Disabled bb0db090-5509-4853-a827-75ced0b3caa0 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Cloud DNS Without DNSSEC 5ef61c88-bbb4-4725-b1df-55d23c9676bb |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| COS Node Image Not Used 8a893e46-e267-485a-8690-51f39951de58 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Google Project Auto Create Network Disabled 59571246-3f62-4965-a96f-c7d97e269351 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Google Container Node Pool Auto Repair Disabled acfdbec6-4a17-471f-b412-169d77553332 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Shielded VM Disabled 1b44e234-3d73-41a8-9954-0b154135280e |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| OSLogin Is Disabled For VM Instance d0b4d550-c001-46c3-bbdb-d5d75d33f05f |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Using Default Service Account 3cb4af0b-056d-4fb1-8b95-fdc4593625ff |
Terraform | Medium | Insecure Defaults | Query details Documentation |
| GKE Using Default Service Account 1c8eef02-17b1-4a3e-b01d-dcc3292d2c38 |
Terraform | Medium | Insecure Defaults | Query details Documentation |
| Google Compute Network Using Default Firewall Rule 40abce54-95b1-478c-8e5f-ea0bf0bb0e33 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Google Compute Network Using Firewall Rule that Allows All Ports 22ef1d26-80f8-4a6c-8c15-f35aab3cac78 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Serial Ports Are Enabled For VM Instances 97fa667a-d05b-4f16-9071-58b939f34751 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| IP Forwarding Enabled f34c0c25-47b4-41eb-9c79-249b4dd47b89 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| SSH Access Is Not Restricted c4dcdcdf-10dd-4bf4-b4a0-8f6239e6aaa0 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| RDP Access Is Not Restricted 678fd659-96f2-454a-a2a0-c2571f83a4a3 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Google Compute Subnetwork Logging Disabled 40430747-442d-450a-a34f-dc57149f4609 |
Terraform | Medium | Observability | Query details Documentation |
| Service Account with Improper Privileges cefdad16-0dd5-4ac5-8ed2-a37502c78672 |
Terraform | Medium | Resource Management | Query details Documentation |
| Project-wide SSH Keys Are Enabled In VM Instances 3e4d5ce6-3280-4027-8010-c26eeea1ec01 |
Terraform | Medium | Secret Management | Query details Documentation |
| High Google KMS Crypto Key Rotation Period d8c57c4e-bf6f-4e32-a2bf-8643532de77b |
Terraform | Medium | Secret Management | Query details Documentation |
| Outdated GKE Version 128df7ec-f185-48bc-8913-ce756a3ccb85 |
Terraform | Low | Best Practices | Query details Documentation |
| User with IAM Role 704fcc44-a58f-4af5-82e2-93f2a58ef918 |
Terraform | Low | Best Practices | Query details Documentation |
| Google Compute Subnetwork with Private Google Access Disabled ee7b93c1-b3f8-4a3b-9588-146d481814f5 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Google Compute Network Using Firewall Rule that Allows Port Range e6f61c37-106b-449f-a5bb-81bfcaceb8b4 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Databricks Cluster or Job With None Or Insecure Permission(s) a4edb7e1-c0e0-4f7f-9d7c-d1b603e81ad5 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Unrestricted Databricks ACL 2c4fe4a9-f44b-4c70-b09b-5b75cd251805 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Job's Task is Legacy (spark_submit_task) 375cdab9-3f94-4ae0-b1e3-8fbdf9cdf4d7 |
Terraform | Medium | Best Practices | Query details Documentation |
| Check Databricks Cluster AWS Attribute Best Practices b0749c53-e3ff-4d09-bbe4-dca94e2e7a38 |
Terraform | Medium | Best Practices | Query details Documentation |
| Check Databricks Cluster GCP Attribute Best Practices 539e4557-d2b5-4d57-a001-cb01140a4e2d |
Terraform | Medium | Best Practices | Query details Documentation |
| Check Databricks Cluster Azure Attribute Best Practices 38028698-e663-4ef7-aa92-773fef0ca86f |
Terraform | Medium | Best Practices | Query details Documentation |
| Check use no LTS Spark Version 5a627dfa-a4dd-4020-a4c6-5f3caf4abcd6 |
Terraform | Medium | Best Practices | Query details Documentation |
| Indefinitely Databricks OBO Token Lifetime 23e1f5f0-12b7-4d7e-9087-f60f42ccd514 |
Terraform | Medium | Insecure Defaults | Query details Documentation |
| Indefinitely Databricks Token Lifetime 7d05ca25-91b4-42ee-b6f6-b06611a87ce8 |
Terraform | Medium | Insecure Defaults | Query details Documentation |
| Databricks Autoscale Badly Setup 953c0cc6-5f30-44cb-a803-bf4ef2571be8 |
Terraform | Medium | Resource Management | Query details Documentation |
| Databricks Group Without User Or Instance Profile 23c3067a-8cc9-480c-b645-7c1e0ad4bf60 |
Terraform | Low | Access Control | Query details Documentation |
| Serverless Role With Full Privileges 59ebb4f3-2a6c-46dc-b4f0-cc5418dcddcd |
ServerlessFW | High | Access Control | Query details Documentation |
| Serverless Function Environment Variables Not Encrypted 4495bc5d-4d1e-4a26-ae92-152d18195648 |
ServerlessFW | High | Encryption | Query details Documentation |
| Serverless API Without Content Encoding d5d1fe08-89db-440c-8725-b93223387309 |
ServerlessFW | Medium | Encryption | Query details Documentation |
| Serverless Function Without Tags f99d3482-fa8c-4f79-bad9-35212dded164 |
ServerlessFW | Medium | Insecure Configurations | Query details Documentation |
| Serverless Function Without Unique IAM Role 165aae3b-a56a-48f3-b76d-d2b5083f5b8f |
ServerlessFW | Medium | Insecure Configurations | Query details Documentation |
| Serverless API Endpoint Config Not Private 4d424558-c6d1-453c-be98-9a7f877abd9a |
ServerlessFW | Medium | Networking and Firewall | Query details Documentation |
| Serverless API Access Logging Setting Undefined a4d32883-aac7-42e1-b403-9415af0f3846 |
ServerlessFW | Medium | Observability | Query details Documentation |
| Serverless API X-Ray Tracing Disabled 434945e5-4dfd-41b1-aba1-47075ccd9265 |
ServerlessFW | Medium | Observability | Query details Documentation |
| Serverless Function Without Dead Letter Queue dec7bc85-d156-4f64-9a33-96ed3d9f3fed |
ServerlessFW | Low | Insecure Configurations | Query details Documentation |
| Serverless Function Without X-Ray Tracing 0d7ef70f-e176-44e6-bdba-add3e429788d |
ServerlessFW | Low | Observability | Query details Documentation |
| AKS RBAC Disabled b2418936-cd47-4ea2-8346-623c0bdb87bd |
Crossplane | Medium | Access Control | Query details Documentation |
| Redis Cache Allows Non SSL Connections 6c7cfec3-c686-4ed2-bf58-a1ec054b63fc |
Crossplane | Medium | Encryption | Query details Documentation |
| ELB Using Weak Ciphers a507daa5-0795-4380-960b-dd7bb7c56661 |
Crossplane | High | Encryption | Query details Documentation |
| EFS Without KMS bdecd6db-2600-47dd-a10c-72c97cf17ae9 |
Crossplane | High | Encryption | Query details Documentation |
| EFS Not Encrypted 72840c35-3876-48be-900d-f21b2f0c2ea1 |
Crossplane | High | Encryption | Query details Documentation |
| DB Instance Storage Not Encrypted e50eb68a-a4af-4048-8bbe-8ec324421469 |
Crossplane | High | Encryption | Query details Documentation |
| RDS DB Instance Publicly Accessible d9dc6429-5140-498a-8f55-a10daac5f000 |
Crossplane | High | Insecure Configurations | Query details Documentation |
| CloudFront Without Minimum Protocol TLS 1.2 255b0fcc-9f82-41fe-9229-01b163e3376b |
Crossplane | High | Insecure Configurations | Query details Documentation |
| DB Security Group Has Public Interface dd667399-8d9d-4a8d-bbb4-e49ab53b2f52 |
Crossplane | High | Insecure Configurations | Query details Documentation |
| Neptune Database Cluster Encryption Disabled 83bf5aca-138a-498e-b9cd-ad5bc5e117b4 |
Crossplane | Medium | Encryption | Query details Documentation |
| SQS With SSE Disabled 9296f1cc-7a40-45de-bd41-f31745488a0e |
Crossplane | Medium | Encryption | Query details Documentation |
| CloudFront Logging Disabled 7b590235-1ff4-421b-b9ff-5227134be9bb |
Crossplane | Medium | Observability | Query details Documentation |
| CloudWatch Without Retention Period Specified 934613fe-b12c-4e5a-95f5-c1dcdffac1ff |
Crossplane | Medium | Observability | Query details Documentation |
| CloudFront Without WAF 6d19ce0f-b3d8-4128-ac3d-1064e0f00494 |
Crossplane | Low | Networking and Firewall | Query details Documentation |
| ECS Cluster with Container Insights Disabled 0c7a76d9-7dc5-499e-81ac-9245839177cb |
Crossplane | Low | Observability | Query details Documentation |
| DocDB Logging Is Disabled e6cd49ba-77ed-417f-9bca-4f5303554308 |
Crossplane | Low | Observability | Query details Documentation |
| Cloud Storage Bucket Logging Not Enabled 6c2d627c-de0f-45fb-b33d-dad9bffbb421 |
Crossplane | High | Observability | Query details Documentation |
| Google Container Node Pool Auto Repair Disabled b4f65d13-a609-4dc1-af7c-63d2e08bffe9 |
Crossplane | Medium | Insecure Configurations | Query details Documentation |
| Enum Name Not CamelCase daaace5f-c0dc-4835-b526-7a116b7f4b4e |
GRPC | Low | Best Practices | Query details Documentation |
| Script Block Injection 62ff6823-927a-427f-acf9-f1ea2932d616 |
CICD | High | Insecure Configurations | Query details Documentation |
| Run Block Injection 20f14e1a-a899-4e79-9f09-b6a84cd4649b |
CICD | High | Insecure Configurations | Query details Documentation |
| Unsecured Commands 60fd272d-15f4-4d8f-afe4-77d9c6cc0453 |
CICD | Medium | Insecure Configurations | Query details Documentation |
| Unpinned Actions Full Length Commit SHA 555ab8f9-2001-455e-a077-f2d0f41e2fb9 |
CICD | Medium | Supply-Chain | Query details Documentation |
| Serving Revision Spec Without Timeout Seconds e8bb41e4-2f24-4e84-8bea-8c7c070cf93d |
Knative | Info | Insecure Configurations | Query details Documentation |
| Key Vault Not Recoverable 7c25f361-7c66-44bf-9b69-022acd5eb4bd |
AzureResourceManager | High | Backup | Query details Documentation |
| Secret Without Expiration Date cff9c3f7-e8f0-455f-9fb4-5f72326da96e |
AzureResourceManager | High | Best Practices | Query details Documentation |
| Azure Instance Using Basic Authentication 6797f581-0433-4768-ae3e-7ceb2f8b138e |
AzureResourceManager | High | Best Practices | Query details Documentation |
| Storage Account Allows Unsecure Transfer 1367dd13-2c90-4020-80b7-e4339a3dc2c4 |
AzureResourceManager | High | Encryption | Query details Documentation |
| Web App Not Using TLS Last Version b5c851d5-00f1-43dc-a8de-3218fd6f71be |
AzureResourceManager | High | Encryption | Query details Documentation |
| Azure Managed Disk Without Encryption 350f3955-b5be-436f-afaa-3d2be2fa6cdd |
AzureResourceManager | High | Encryption | Query details Documentation |
| Website Not Forcing HTTPS 488847ff-6031-487c-bf42-98fd6ac5c9a0 |
AzureResourceManager | High | Insecure Configurations | Query details Documentation |
| Network Security Group With Unrestricted Access To SSH 2ade1579-4b2c-4590-bebb-f99bf597f612 |
AzureResourceManager | High | Networking and Firewall | Query details Documentation |
| Storage Blob Service Container With Public Access a0ab985d-660b-41f7-ac81-70957ee8e627 |
AzureResourceManager | High | Networking and Firewall | Query details Documentation |
| SQL Database Server Firewall Allows All IPS 6a3201a5-1630-494b-b294-3129d06b0eca |
AzureResourceManager | High | Networking and Firewall | Query details Documentation |
| Trusted Microsoft Services Not Enabled e25b56cd-a4d6-498f-ab92-e6296a082097 |
AzureResourceManager | High | Networking and Firewall | Query details Documentation |
| Website with Client Certificate Auth Disabled 92302b47-b0cc-46cb-a28f-5610ecda140b |
AzureResourceManager | High | Networking and Firewall | Query details Documentation |
| Network Security Group With Unrestricted Access To RDP 59cb3da7-f206-4ae6-b827-7abf0a9cab9d |
AzureResourceManager | High | Networking and Firewall | Query details Documentation |
| MySQL Server SSL Enforcement Disabled 90120147-f2e7-4fda-bb21-6fa9109afd63 |
AzureResourceManager | High | Networking and Firewall | Query details Documentation |
| PostgreSQL Database Server SSL Disabled bf500309-da53-4dd3-bcf7-95f7974545a5 |
AzureResourceManager | High | Networking and Firewall | Query details Documentation |
| Default Azure Storage Account Network Access Is Too Permissive d855ced8-6157-448f-9f1d-f05a41d046f7 |
AzureResourceManager | Medium | Access Control | Query details Documentation |
| AKS Cluster RBAC Disabled 9307a2ed-35c2-413d-94de-a1a0682c2158 |
AzureResourceManager | Medium | Access Control | Query details Documentation |
| Role Definitions Allow Custom Subscription Role Creation 8fa9ceea-881f-4ef0-b0b8-728f589699a7 |
AzureResourceManager | Medium | Access Control | Query details Documentation |
| SQL Server Database With Alerts Disabled 574e8d82-1db2-4b9c-b526-e320ede9a9ff |
AzureResourceManager | Medium | Best Practices | Query details Documentation |
| AKS Cluster Network Policy Not Configured 25c0228e-4444-459b-a2df-93c7df40b7ed |
AzureResourceManager | Medium | Insecure Configurations | Query details Documentation |
| Standard Price Is Not Selected 2081c7d6-2851-4cce-bda5-cb49d462da42 |
AzureResourceManager | Medium | Networking and Firewall | Query details Documentation |
| PostgreSQL Database Server Log Checkpoints Disabled f9112910-c7bb-4864-9f5e-2059ba413bb7 |
AzureResourceManager | Medium | Networking and Firewall | Query details Documentation |
| AKS With Authorized IP Ranges Disabled 2583fab1-953b-4fae-bd02-4a136a6c21f9 |
AzureResourceManager | Medium | Networking and Firewall | Query details Documentation |
| PostgreSQL Database Server Log Connections Disabled e69bda39-e1e2-47ca-b9ee-b6531b23aedd |
AzureResourceManager | Medium | Networking and Firewall | Query details Documentation |
| PostgresSQL Database Server Connection Throttling Disabled a6d774b6-d9ea-4bf4-8433-217bf15d2fb8 |
AzureResourceManager | Medium | Networking and Firewall | Query details Documentation |
| Unrecommended Log Profile Retention Policy 25684eac-daaa-4c2c-94b4-8d2dbb627909 |
AzureResourceManager | Medium | Observability | Query details Documentation |
| SQL Server Database Without Auditing e055285c-bc01-48b4-8aa5-8a54acdd29df |
AzureResourceManager | Medium | Observability | Query details Documentation |
| AKS Logging To Azure Monitoring Is Disabled 9b09dee1-f09b-4013-91d2-158fa4695f4b |
AzureResourceManager | Medium | Observability | Query details Documentation |
| SQL Server Database With Unrecommended Retention Days c09cdac2-7670-458a-bf6c-efad6880973a |
AzureResourceManager | Medium | Observability | Query details Documentation |
| Unrecommended Network Watcher Flow Log Retention Policy 564b70f8-41cd-4690-aff8-bb53add86bc9 |
AzureResourceManager | Medium | Observability | Query details Documentation |
| Log Profile Incorrect Category 4d522e7b-f938-4d51-a3b1-974ada528bd3 |
AzureResourceManager | Medium | Observability | Query details Documentation |
| Storage Logging For Read Write And Delete Requests Disabled 43f6e60c-9cdb-4e77-864d-a66595d26518 |
AzureResourceManager | Medium | Observability | Query details Documentation |
| Hardcoded SecureString Parameter Default Value 4d2cf896-c053-4be5-9c95-8b4771112f29 |
AzureResourceManager | Medium | Secret Management | Query details Documentation |
| Website Azure Active Directory Disabled e9c133e5-c2dd-4b7b-8fff-40f2de367b56 |
AzureResourceManager | Low | Access Control | Query details Documentation |
| Phone Number Not Set For Security Contacts 3e9fcc67-1f64-405f-b2f9-0a6be17598f0 |
AzureResourceManager | Low | Best Practices | Query details Documentation |
| AKS Dashboard Is Enabled c62d3b92-9a11-4ffd-b7b7-6faaae83faed |
AzureResourceManager | Low | Insecure Configurations | Query details Documentation |
| Storage Account Allows Default Network Access 9073f073-5d60-4b46-b569-0d6baa80ed95 |
AzureResourceManager | Low | Networking and Firewall | Query details Documentation |
| Website with 'Http20Enabled' Disabled 70111098-7f85-48f0-b1b4-e4261cf5f61b |
AzureResourceManager | Low | Networking and Firewall | Query details Documentation |
| App Service Authentication Is Not Set 83130a07-235b-4a80-918b-a370e53f0bd9 |
AzureResourceManager | Info | Access Control | Query details Documentation |
| Account Admins Not Notified By Email a8852cc0-fd4b-4fc7-9372-1e43fad0732e |
AzureResourceManager | Info | Best Practices | Query details Documentation |
| SQL Alert Policy Without Emails 89b79fe5-49bd-4d39-84ce-55f5fc6f7764 |
AzureResourceManager | Info | Best Practices | Query details Documentation |
| Email Notifications Disabled 79c2c2c0-eb00-47c0-ac16-f8b0e2c81c92 |
AzureResourceManager | Info | Networking and Firewall | Query details Documentation |
| UNIX Ports Out Of Range 71bf8cf8-f0a1-42fa-b9d2-d10525e0a38e |
Dockerfile | High | Availability | Query details Documentation |
| Multiple ENTRYPOINT Instructions Listed 6938958b-3f1a-451c-909b-baeee14bdc97 |
Dockerfile | High | Build Process | Query details Documentation |
| WORKDIR Path Not Absolute 6b376af8-cfe8-49ab-a08d-f32de23661a4 |
Dockerfile | High | Build Process | Query details Documentation |
| Same Alias In Different Froms f2daed12-c802-49cd-afed-fe41d0b82fed |
Dockerfile | High | Build Process | Query details Documentation |
| Missing User Instruction fd54f200-402c-4333-a5a4-36ef6709af2f |
Dockerfile | High | Build Process | Query details Documentation |
| Copy With More Than Two Arguments Not Ending With Slash 6db6e0c2-32a3-4a2e-93b5-72c35f4119db |
Dockerfile | High | Build Process | Query details Documentation |
| COPY '--from' References Current FROM Alias cdddb86f-95f6-4fc4-b5a1-483d9afceb2b |
Dockerfile | High | Build Process | Query details Documentation |
| Run Using Sudo 8ada6e80-0ade-439e-b176-0b28f6bce35a |
Dockerfile | High | Insecure Configurations | Query details Documentation |
| Vulnerable OpenSSL Version 5fa731ea-e844-47a6-a1e8-abc25e95847e |
Dockerfile | High | Supply-Chain | Query details Documentation |
| Changing Default Shell Using RUN Command 8a301064-c291-4b20-adcb-403fe7fd95fd |
Dockerfile | Medium | Best Practices | Query details Documentation |
| Last User Is 'root' 67fd0c4a-68cf-46d7-8c41-bc9fba7e40ae |
Dockerfile | Medium | Best Practices | Query details Documentation |
| Multiple CMD Instructions Listed 41c195f4-fc31-4a5c-8a1b-90605538d49f |
Dockerfile | Medium | Build Process | Query details Documentation |
| Not Using JSON In CMD And ENTRYPOINT Arguments b86987e1-6397-4619-81d5-8807f2387c79 |
Dockerfile | Medium | Build Process | Query details Documentation |
| Update Instruction Alone 9bae49be-0aa3-4de5-bab2-4c3a069e40cd |
Dockerfile | Medium | Build Process | Query details Documentation |
| RUN Instruction Using 'cd' Instead of WORKDIR f4a6bcd3-e231-4acf-993c-aa027be50d2e |
Dockerfile | Medium | Build Process | Query details Documentation |
| Shell Running A Pipe Without Pipefail Flag efbf148a-67e9-42d2-ac47-02fa1c0d0b22 |
Dockerfile | Medium | Insecure Defaults | Query details Documentation |
| Gem Install Without Version 22cd11f7-9c6c-4f6e-84c0-02058120b341 |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Missing Flag From Dnf Install 7ebd323c-31b7-4e5b-b26f-de5e9e477af8 |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Yum install Without Version 6452c424-1d92-4deb-bb18-a03e95d579c4 |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Missing Zypper Clean 38300d1a-feb2-4a48-936a-d1ef1cd24313 |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Image Version Not Explicit 9efb0b2d-89c9-41a3-91ca-dcc0aec911fd |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Apt Get Install Pin Version Not Defined 965a08d7-ef86-4f14-8792-4a3b2098937e |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Missing Version Specification In dnf install 93d88cf7-f078-46a8-8ddc-178e03aeacf1 |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Unpinned Package Version in Pip Install 02d9c71f-3ee8-4986-9c27-1a20d0d19bfc |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Using Platform Flag with FROM Command b16e8501-ef3c-44e1-a543-a093238099c9 |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Unpinned Package Version in Apk Add d3499f6d-1651-41bb-a9a7-de925fea487b |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Yum Install Allows Manual Input 6e19193a-8753-436d-8a09-76dcff91bb03 |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Missing Dnf Clean All 295acb63-9246-4b21-b441-7c1f1fb62dc0 |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Pip install Keeping Cached Packages f2f903fb-b977-461e-98d7-b3e2185c6118 |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Yum Clean All Missing 00481784-25aa-4a55-8633-3136dfcf4f37 |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| NPM Install Command Without Pinned Version e36d8880-3f78-4546-b9a1-12f0745ca0d5 |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Missing Zypper Non-interactive Switch 45e1fca5-f90e-465d-825f-c2cb63fa3944 |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| APT-GET Missing '-y' To Avoid Manual Input 77783205-c4ca-4f80-bb80-c777f267c547 |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Add Instead of Copy 9513a694-aa0d-41d8-be61-3271e056f36b |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Run Using 'wget' and 'curl' fc775e75-fcfb-4c98-b2f2-910c5858b359 |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Run Using apt b84a0b47-2e99-4c9f-8933-98bcabe2b94d |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Image Version Using 'latest' f45ea400-6bbe-4501-9fc7-1c3d75c32067 |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Zypper Install Without Version 562952e4-0348-4dea-9826-44f3a2c6117b |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Chown Flag Exists aa93e17f-b6db-4162-9334-c70334e7ac28 |
Dockerfile | Low | Best Practices | Query details Documentation |
| Curl or Wget Instead of Add 4b410d24-1cbe-4430-a632-62c9a931cf1c |
Dockerfile | Low | Best Practices | Query details Documentation |
| MAINTAINER Instruction Being Used 99614418-f82b-4852-a9ae-5051402b741c |
Dockerfile | Low | Best Practices | Query details Documentation |
| Exposing Port 22 (SSH) 5907595b-5b6d-4142-b173-dbb0e73fbff8 |
Dockerfile | Low | Best Practices | Query details Documentation |
| Multiple RUN, ADD, COPY, Instructions Listed 0008c003-79aa-42d8-95b8-1c2fe37dbfe6 |
Dockerfile | Low | Best Practices | Query details Documentation |
| Using Unnamed Build Stages 68a51e22-ae5a-4d48-8e87-b01a323605c9 |
Dockerfile | Low | Build Process | Query details Documentation |
| Healthcheck Instruction Missing b03a748a-542d-44f4-bb86-9199ab4fd2d5 |
Dockerfile | Low | Insecure Configurations | Query details Documentation |
| Apk Add Using Local Cache Path ae9c56a6-3ed1-4ac0-9b54-31267f51151d |
Dockerfile | Info | Supply-Chain | Query details Documentation |
| APT-GET Not Avoiding Additional Packages 7384dfb2-fcd1-4fbf-91cd-6c44c318c33c |
Dockerfile | Info | Supply-Chain | Query details Documentation |
| Run Utilities And POSIX Commands 9b6b0f38-92a2-41f9-b881-3a1083d99f1b |
Dockerfile | Info | Supply-Chain | Query details Documentation |
| Apt Get Install Lists Were Not Deleted df746b39-6564-4fed-bf85-e9c44382303c |
Dockerfile | Info | Supply-Chain | Query details Documentation |
| BOM - GCP PST 9ed08714-b2f3-4c6d-8fb0-ac0b74ad71d8 |
GoogleDeploymentManager | Trace | Bill Of Materials | Query details Documentation |
| BOM - GCP SB c7781feb-a955-4f9f-b9cf-0d7c6f54bb59 |
GoogleDeploymentManager | Trace | Bill Of Materials | Query details Documentation |
| BOM - GCP PD 268c65a8-58ad-43e4-9019-1a9bbc56749f |
GoogleDeploymentManager | Trace | Bill Of Materials | Query details Documentation |
| Cloud Storage Bucket Is Publicly Accessible 77c1fa3f-83dc-4c9d-bfed-e1d0cc8fd9dc |
GoogleDeploymentManager | High | Access Control | Query details Documentation |
| Cloud Storage Anonymous or Publicly Accessible 63ae3638-a38c-4ff4-b616-6e1f72a31a6a |
GoogleDeploymentManager | High | Access Control | Query details Documentation |
| BigQuery Dataset Is Public 83103dff-d57f-42a8-bd81-40abab64c1a7 |
GoogleDeploymentManager | High | Access Control | Query details Documentation |
| SQL DB Instance Backup Disabled a5bf1a1c-92c7-401c-b4c6-ebdc8b686c01 |
GoogleDeploymentManager | High | Backup | Query details Documentation |
| DNSSEC Using RSASHA1 6d7b121a-a2ed-4e37-bd2f-80d9df1dfd35 |
GoogleDeploymentManager | High | Encryption | Query details Documentation |
| SQL DB Instance With SSL Disabled 660360d3-9ca7-46d1-b147-3acc4002953f |
GoogleDeploymentManager | High | Encryption | Query details Documentation |
| Not Proper Email Account In Use a21b8df3-c840-4b3d-a41a-10fb2afda171 |
GoogleDeploymentManager | High | Insecure Configurations | Query details Documentation |
| Cluster Master Authentication Disabled 7ef7d141-9fbb-4679-a977-fd0883436906 |
GoogleDeploymentManager | High | Insecure Configurations | Query details Documentation |
| GKE Legacy Authorization Enabled df58d46c-783b-43e0-bdd0-d99164f712ee |
GoogleDeploymentManager | High | Insecure Configurations | Query details Documentation |
| IP Aliasing Disabled 28727987-e398-49b8-aef1-8a3e7789d111 |
GoogleDeploymentManager | High | Insecure Configurations | Query details Documentation |
| Network Policy Disabled c47f90e8-4a19-43f0-8413-cc434d286c4e |
GoogleDeploymentManager | High | Insecure Configurations | Query details Documentation |
| MySQL Instance With Local Infile On c759d6f2-4dd3-4160-82d3-89202ef10d87 |
GoogleDeploymentManager | High | Insecure Configurations | Query details Documentation |
| Cluster Labels Disabled 8810968b-4b15-421d-918b-d91eb4bb8d1d |
GoogleDeploymentManager | High | Insecure Configurations | Query details Documentation |
| Private Cluster Disabled 48c61fbd-09c9-46cc-a521-012e0c325412 |
GoogleDeploymentManager | High | Insecure Configurations | Query details Documentation |
| Client Certificate Disabled dd690686-2bf9-4012-a821-f61912dd77be |
GoogleDeploymentManager | High | Insecure Configurations | Query details Documentation |
| GKE Master Authorized Networks Disabled 62c8cf50-87f0-4295-a974-8184ed78fe02 |
GoogleDeploymentManager | High | Networking and Firewall | Query details Documentation |
| Compute Instance Is Publicly Accessible 8212e2d7-e683-49bc-bf78-d6799075c5a7 |
GoogleDeploymentManager | High | Networking and Firewall | Query details Documentation |
| Stackdriver Monitoring Disabled bbfc97ab-e92a-4a7b-954c-e88cec815011 |
GoogleDeploymentManager | High | Observability | Query details Documentation |
| Cloud Storage Bucket Versioning Disabled ad0875c1-0b39-4890-9149-173158ba3bba |
GoogleDeploymentManager | High | Observability | Query details Documentation |
| Stackdriver Logging Disabled 95601b9a-7fe8-4aee-9b58-d36fd9382dfc |
GoogleDeploymentManager | High | Observability | Query details Documentation |
| Node Auto Upgrade Disabled dc5c5fee-6c53-43b0-ab11-4c660e064aaf |
GoogleDeploymentManager | High | Resource Management | Query details Documentation |
| Disk Encryption Disabled fc040fb6-4c23-4c0d-b12a-39edac35debb |
GoogleDeploymentManager | Medium | Encryption | Query details Documentation |
| Google Storage Bucket Level Access Disabled 1239f54b-33de-482a-8132-faebe288e6a6 |
GoogleDeploymentManager | Medium | Insecure Configurations | Query details Documentation |
| Cloud DNS Without DNSSEC 313d6deb-3b67-4948-b41d-35b699c2492e |
GoogleDeploymentManager | Medium | Insecure Configurations | Query details Documentation |
| COS Node Image Not Used dbe058d7-b82e-430b-8426-992b2e4677e7 |
GoogleDeploymentManager | Medium | Insecure Configurations | Query details Documentation |
| Shielded VM Disabled 9038b526-4c19-4928-bca2-c03d503bdb79 |
GoogleDeploymentManager | Medium | Insecure Configurations | Query details Documentation |
| OSLogin Is Disabled In VM Instance e66e1b71-c810-4b4e-a737-0ab59e7f5e41 |
GoogleDeploymentManager | Medium | Insecure Configurations | Query details Documentation |
| IP Forwarding Enabled 7c98538a-81c6-444b-bf04-e60bc3ceeec0 |
GoogleDeploymentManager | Medium | Networking and Firewall | Query details Documentation |
| SSH Access Is Not Restricted dee21308-2a7a-49de-8ff7-c9b87e188575 |
GoogleDeploymentManager | Medium | Networking and Firewall | Query details Documentation |
| RDP Access Is Not Restricted 50cb6c3b-c878-4b88-b50e-d1421bada9e8 |
GoogleDeploymentManager | Medium | Networking and Firewall | Query details Documentation |
| Bucket Without Versioning 227c2f58-70c6-4432-8e9a-a89c1a548cf5 |
GoogleDeploymentManager | Medium | Observability | Query details Documentation |
| Project-wide SSH Keys Are Enabled In VM Instances 6e2b1ec1-1eca-4eb7-9d4d-2882680b4811 |
GoogleDeploymentManager | Medium | Secret Management | Query details Documentation |
| Volume Mounted In Multiple Containers baa452f0-1f21-4a25-ace5-844e7a5f410d |
DockerCompose | High | Build Process | Query details Documentation |
| Docker Socket Mounted In Container d6355c88-1e8d-49e9-b2f2-f8a1ca12c75b |
DockerCompose | High | Build Process | Query details Documentation |
| Volume Has Sensitive Host Directory 1c1325ff-831d-43a1-973e-839ae57dfcc0 |
DockerCompose | High | Build Process | Query details Documentation |
| No New Privileges Not Set 27fcc7d6-c49b-46e0-98f1-6c082a6a2750 |
DockerCompose | High | Resource Management | Query details Documentation |
| Privileged Containers Enabled ae5b6871-7f45-42e0-bb4c-ab300c4d2026 |
DockerCompose | High | Resource Management | Query details Documentation |
| Healthcheck Not Set 698ed579-b239-4f8f-a388-baa4bcb13ef8 |
DockerCompose | Medium | Availability | Query details Documentation |
| Restart Policy On Failure Not Set To 5 2fc99041-ddad-49d5-853f-e35e70a48391 |
DockerCompose | Medium | Build Process | Query details Documentation |
| Cgroup Not Default 4d9f44c6-2f4a-4317-9bb5-267adbea0232 |
DockerCompose | Medium | Build Process | Query details Documentation |
| Privileged Ports Mapped In Container bc2908f3-f73c-40a9-8793-c1b7d5544f79 |
DockerCompose | Medium | Networking and Firewall | Query details Documentation |
| Container Traffic Not Bound To Host Interface 451d79dc-0588-476a-ad03-3c7f0320abb3 |
DockerCompose | Medium | Networking and Firewall | Query details Documentation |
| Pids Limit Not Set 221e0658-cb2a-44e3-b08a-db96a341d6fa |
DockerCompose | Medium | Resource Management | Query details Documentation |
| Shared Host IPC Namespace baa3890f-bed7-46f5-ab8f-1da8fc91c729 |
DockerCompose | Medium | Resource Management | Query details Documentation |
| Memory Not Limited bb9ac4f7-e13b-423d-a010-c74a1bfbe492 |
DockerCompose | Medium | Resource Management | Query details Documentation |
| Security Opt Not Set 610e266e-6c12-4bca-9925-1ed0cd29742b |
DockerCompose | Medium | Resource Management | Query details Documentation |
| Shared Host Network Namespace 071a71ff-f868-47a4-ac0b-3c59e4ab5443 |
DockerCompose | Medium | Resource Management | Query details Documentation |
| Default Seccomp Profile Disabled 404fde2c-bc4b-4371-9747-7054132ac953 |
DockerCompose | Medium | Resource Management | Query details Documentation |
| Host Namespace is Shared 4f31dd9f-2cc3-4751-9b53-67e4af83dac0 |
DockerCompose | Medium | Resource Management | Query details Documentation |
| Shared Host User Namespace 8af7162d-6c98-482f-868e-0d33fb675ca8 |
DockerCompose | Medium | Resource Management | Query details Documentation |
| Cpus Not Limited 6b610c50-99fb-4ef0-a5f3-e312fd945bc3 |
DockerCompose | Low | Resource Management | Query details Documentation |
| Container Capabilities Unrestricted ce76b7d0-9e77-464d-b86f-c5c48e03e22d |
DockerCompose | Low | Resource Management | Query details Documentation |
| Shared Volumes Between Containers 8c978947-0ff6-485c-b0c2-0bfca6026466 |
DockerCompose | Info | Insecure Configurations | Query details Documentation |
| Storage Account Not Forcing HTTPS cb8e4bf0-903d-45c6-a278-9a947d82a27b |
Pulumi | High | Encryption | Query details Documentation |
| Redis Cache Allows Non SSL Connections 49e30ac8-f58e-4222-b488-3dcb90158ec1 |
Pulumi | Medium | Encryption | Query details Documentation |
| Amazon DMS Replication Instance Is Publicly Accessible bccb296f-362c-4b05-9221-86d1437a1016 |
Pulumi | High | Access Control | Query details Documentation |
| RDS DB Instance Publicly Accessible 647de8aa-5a42-41b5-9faf-22136f117380 |
Pulumi | High | Insecure Configurations | Query details Documentation |
| Elasticsearch with HTTPS disabled 00603add-7f72-448f-a6c0-9e456a7a3f94 |
Pulumi | High | Networking and Firewall | Query details Documentation |
| ElastiCache Nodes Not Created Across Multi AZ 9b18fc19-7fb8-49b1-8452-9c757c70f926 |
Pulumi | Medium | Availability | Query details Documentation |
| ElastiCache Redis Cluster Without Backup e93bbe63-a631-4c0f-b6ef-700d48441ff2 |
Pulumi | Medium | Backup | Query details Documentation |
| IAM Password Without Minimum Length 9850d621-7485-44f7-8bdd-b3cf426315cf |
Pulumi | Medium | Best Practices | Query details Documentation |
| IAM Password Without Lowercase Letter de92dd34-1b88-43e8-b825-6e02d73c4549 |
Pulumi | Medium | Best Practices | Query details Documentation |
| DynamoDB Table Point In Time Recovery Disabled 327b0729-4c5c-4c44-8b5c-e476cd9c7290 |
Pulumi | Medium | Best Practices | Query details Documentation |
| DynamoDB Table Not Encrypted b6a7e0ae-aed8-4a19-a993-a95760bf8836 |
Pulumi | Medium | Encryption | Query details Documentation |
| API Gateway Without SSL Certificate f27791a5-e2ae-4905-8910-6f995c576d09 |
Pulumi | Medium | Insecure Configurations | Query details Documentation |
| Elasticsearch Logs Disabled a1120ee4-a712-42d9-8fb5-22595fed643b |
Pulumi | Medium | Observability | Query details Documentation |
| API Gateway Access Logging Disabled bf4b48b9-fc1f-4552-984a-4becdb5bf503 |
Pulumi | Medium | Observability | Query details Documentation |
| ECS Cluster with Container Insights Disabled abcefee4-a0c1-4245-9f82-a473f79a9e2f |
Pulumi | Low | Observability | Query details Documentation |
| DocDB Logging Is Disabled 2ca87964-fe7e-4cdc-899c-427f0f3525f8 |
Pulumi | Low | Observability | Query details Documentation |
| EC2 Not EBS Optimized d991e4ae-42ab-429b-ab43-d5e5fa9ca633 |
Pulumi | Info | Best Practices | Query details Documentation |
| EC2 Instance Monitoring Disabled daa581ef-731c-4121-832d-cf078f67759d |
Pulumi | Info | Observability | Query details Documentation |
| PSP Set To Privileged ee305555-6b1d-4055-94cf-e22131143c34 |
Pulumi | Medium | Insecure Configurations | Query details Documentation |
| Missing App Armor Config 95588189-1abd-4df1-9588-b0a5034f9e87 |
Pulumi | Low | Access Control | Query details Documentation |
| Cloud Storage Bucket Logging Not Enabled 48f7e44d-d1d1-44c2-b336-9f11b65c4fb0 |
Pulumi | High | Observability | Query details Documentation |
| Google Compute SSL Policy Weak Cipher In Use 965e8830-2bec-4b9b-a7f0-24dbc200a68f |
Pulumi | Medium | Encryption | Query details Documentation |
| Security Definitions Undefined or Empty e3f026e8-fdb4-4d5a-bcfd-bd94452073fe |
OpenAPI | High | Access Control | Query details Documentation |
| Non OAuth2 Security Requirement Defining OAuth2 Scopes ba239cb9-f342-4c20-812d-7b5a2aa6969e |
OpenAPI | High | Structure and Semantics | Query details Documentation |
| Security Requirement Not Defined In Security Definition a599b0d1-ff89-4cb8-9ece-9951854c06f6 |
OpenAPI | High | Structure and Semantics | Query details Documentation |
| Implicit Flow in OAuth2 (v2) e9817ad8-a8c9-4038-8a2f-db0e6e7b284b |
OpenAPI | Medium | Access Control | Query details Documentation |
| Global Security Using Password Flow 2da46be4-4317-4650-9285-56d7103c4f93 |
OpenAPI | Medium | Access Control | Query details Documentation |
| Security Definitions Allows Password Flow 773116aa-2e6d-416f-bd85-f0301cc05d76 |
OpenAPI | Medium | Access Control | Query details Documentation |
| Invalid OAuth2 Authorization URL (v2) 33d96c65-977d-4c33-943f-440baca49185 |
OpenAPI | Medium | Access Control | Query details Documentation |
| Invalid OAuth2 Token URL (v2) 274f910a-0665-4f08-b66d-7058fe927dba |
OpenAPI | Medium | Access Control | Query details Documentation |
| Operation Using Password Flow 2e44e632-d617-43cb-b294-6bfe72a08938 |
OpenAPI | Medium | Access Control | Query details Documentation |
| Path Scheme Accepts HTTP (v2) a6847dc6-f4ea-45ac-a81f-93291ae6c573 |
OpenAPI | Medium | Encryption | Query details Documentation |
| Global Schemes Uses HTTP f30ee711-0082-4480-85ab-31d922d9a2b2 |
OpenAPI | Medium | Encryption | Query details Documentation |
| Schemes Uses HTTP a46928f1-43d7-4671-94e0-2dd99746f389 |
OpenAPI | Medium | Encryption | Query details Documentation |
| Operation Object Without 'consumes' 0c79e50e-b3cf-490c-b8f6-587c644d4d0c |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| Operation Object Without 'produces' be3e170e-1572-461e-a8b6-d963def581ec |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| Undefined Scope 'securityDefinition' On Global 'security' Field 9aa6e95c-d964-4239-a3a8-9f37a3c5a31f |
OpenAPI | Low | Access Control | Query details Documentation |
| Undefined Scope 'securityDefinition' On 'security' Field On Operations 3847280c-9193-40bc-8009-76168e822ce2 |
OpenAPI | Low | Access Control | Query details Documentation |
| Security Definitions Using Basic Auth 221015a8-aa2a-43f5-b00b-ad7d2b1d47a8 |
OpenAPI | Low | Access Control | Query details Documentation |
| Operation Using Basic Auth ceefb058-8065-418f-9c4c-584a78c7e104 |
OpenAPI | Low | Access Control | Query details Documentation |
| Operation Using Implicit Flow f42dfe7e-787d-4478-a75e-a5f3d8a2269e |
OpenAPI | Low | Access Control | Query details Documentation |
| Operation Summary Too Long d47940ca-5970-45cc-bdd1-4d81398cee1f |
OpenAPI | Low | Best Practices | Query details Documentation |
| Unknown Prefix (v2) 3b615f00-c443-4ba9-acc4-7c308716917d |
OpenAPI | Info | Best Practices | Query details Documentation |
| Schema with 'additionalProperties' set as Boolean 3a01790c-ebee-4da6-8fd3-e78657383b75 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Invalid Media Type Value (v2) f985a7d2-d404-4a7f-9814-f645f791e46e |
OpenAPI | Info | Best Practices | Query details Documentation |
| Global Responses Definition Not Being Used 0b76d993-ee52-43e0-8b39-3787d2ddabf1 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Constraining Enum Property be1d8733-3731-40c7-a845-734741c6871d |
OpenAPI | Info | Best Practices | Query details Documentation |
| Global Schema Definition Not Being Used 6d2e0790-cc3d-4c74-b973-d4e8b09f4455 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Global Parameter Definition Not Being Used b30981fa-a12e-49c7-a5bb-eeafb61d0f0f |
OpenAPI | Info | Best Practices | Query details Documentation |
| Object Without Required Property (v2) 5e5ecb9d-04b5-4e4f-b5a5-6ee04279b275 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| BasePath With Wrong Format b4803607-ed72-4d60-99e2-3fa6edf471c6 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Operation Object Parameters With 'body' And 'formatData' locations eb3f9744-d24e-4614-b1ff-2a9514eca21c |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Unknown Property (v2) 429b2106-ba37-43ba-9727-7f699cc611e1 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| File Parameter With Wrong Consumes Property 7f91992f-b4c8-43bf-9bf9-fae9ecdb6e3a |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Responses JSON Reference Does Not Exists (v2) e9db5fb4-6a84-4abb-b4af-3b94fbdace6d |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Multi 'collectionformat' Not Valid For 'in' Parameter 750f6448-27c0-49f8-a153-b81735c1e19c |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Parameter File Type Not In 'formData' c3cab8c4-6c52-47a9-942b-c27f26fbd7d2 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Operation Example Mismatch Produces MimeType 2cf35b40-ded3-43d6-9633-c8dcc8bcc822 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Parameter Object With Incorrect Ref (v2) 2596545e-1757-4ff7-a15a-8a9a180a42f3 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Non Body Parameter Without Schema 73c3bc54-3cc6-4c0a-b30a-e19f2abfc951 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Body Parameter With Wrong Property c38d630d-a415-4e3e-bac2-65475979ba88 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Body Parameter Without Schema ed48229d-d43e-4da7-b453-5f98d964a57a |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Multiple Body Parameters In The Same Operation b90033cf-ad9f-4fb9-acd1-1b9d6d278c87 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Property Not Unique 750b40be-4bac-4f59-bdc4-1ca0e6c3450e |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Response Object With Incorrect Ref (v2) bccfa089-89e4-47e0-a0e5-185fe6902220 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Parameter JSON Reference Does Not Exists (v2) fb889ae9-2d16-40b5-b41f-9da716c5abc1 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Host With Invalid Pattern 3d7d7b6c-fb0a-475e-8a28-c125e30d15f0 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema Object Incorrect Ref (v2) 0220e1c5-65d1-49dd-b7c2-cef6d6cb5283 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema JSON Reference Does Not Exists (v2) 98295b32-ec09-4b5b-89a9-39853197f914 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Global Security Field Is Undefined (v2) 74703c89-0ea2-49ab-a7db-bf04f19f5a57 |
OpenAPI | High | Access Control | Global security field should be defined to prevent API to have insecure paths and have this rules defined on securityDefinitions Documentation |
| Global Security Field Is Undefined (v3) 8af270ce-298b-4405-9922-82a10aee7a4f |
OpenAPI | High | Access Control | Query details Documentation |
| Global security field has an empty object (v2) 292919fb-7b26-4454-bee9-ce29094768dd |
OpenAPI | High | Access Control | Documentation |
| Global security field has an empty object (v3) 543e38f4-1eee-479e-8eb0-15257013aa0a |
OpenAPI | High | Access Control | Query details Documentation |
| Security Field On Operations Has An Empty Array (v2) 5d29effc-5d68-481f-9721-d74e5919226b |
OpenAPI | High | Access Control | Documentation |
| Security Field On Operations Has An Empty Array (v3) 663c442d-f918-4f62-b096-0bf5dcbeb655 |
OpenAPI | High | Access Control | Query details Documentation |
| Security Field On Operations Has An Empty Object Definition (v2) 74581e3b-1d55-4323-a139-5959a7b3abc5 |
OpenAPI | High | Access Control | Documentation |
| Security Field On Operations Has An Empty Object Definition (v3) baade968-7467-41e4-bf22-83ca222f5800 |
OpenAPI | High | Access Control | Query details Documentation |
| No Global And Operation Security Defined (v2) 586abcee-9653-462d-ad7b-2638a32bd6e6 |
OpenAPI | High | Access Control | Documentation |
| No Global And Operation Security Defined (v3) 96729c6b-7400-4d9e-9807-17f00cdde4d2 |
OpenAPI | High | Access Control | Query details Documentation |
| Cleartext API Key In Operation Security (v2) 99733b39-6413-4ed8-8acf-dc7cdc9b4e51 |
OpenAPI | High | Access Control | Documentation |
| Cleartext API Key In Operation Security (v3) d90d4e40-44c1-4125-87a0-e072c3e195b5 |
OpenAPI | High | Access Control | Query details Documentation |
| Global Security Field Has An Empty Array (v2) da31d54b-ad54-41dc-95eb-8b3828629213 |
OpenAPI | High | Access Control | Documentation |
| Global Security Field Has An Empty Array (v3) d674aea4-ba8b-454b-bb97-88a772ea33f0 |
OpenAPI | High | Access Control | Query details Documentation |
| Array Without Maximum Number of Items (v2) 99eb2c95-2040-4104-9e7c-e16f7474d218 |
OpenAPI | High | Insecure Configurations | Array schema/parameter should have the field 'maxItems' set Documentation |
| Array Without Maximum Number of Items (v3) 6998389e-66b2-473d-8d05-c8d71ac4d04d |
OpenAPI | High | Insecure Configurations | Query details Documentation |
| Array Items Has No Type (v2) 8697a1a4-82c6-4603-8ac8-57529756744e |
OpenAPI | High | Insecure Configurations | Schema/Parameter array items type should be defined Documentation |
| Array Items Has No Type (v3) be0e0df7-f3d9-42a1-9b6f-d425f94872c4 |
OpenAPI | High | Insecure Configurations | Query details Documentation |
| Cleartext API Key In Global Security (v2) 70d3873e-d537-46e5-ac3b-4e48fbdd29b4 |
OpenAPI | Medium | Access Control | Documentation |
| Cleartext API Key In Global Security (v3) 9c238c97-1991-4c0b-9c7d-6c7912e1dc7c |
OpenAPI | Medium | Access Control | Query details Documentation |
| API Key Exposed In Global Security (v2) 533a0d13-6e89-4551-ae33-bce14e5849c1 |
OpenAPI | Medium | Access Control | Documentation |
| API Key Exposed In Global Security (v3) aecee30b-8ea1-4776-a99c-d6d600f0862f |
OpenAPI | Medium | Access Control | Query details Documentation |
| JSON Object Schema Without Type (v2) 62d52544-82ef-4b75-8308-cad49d50212b |
OpenAPI | Medium | Insecure Configurations | Documentation |
| JSON Object Schema Without Type (v3) e2ffa504-d22a-4c94-b6c5-f661849d2db7 |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| Numeric Schema Without Format (v2) 3ed8fc82-c2bb-49e0-811f-c53923674c49 |
OpenAPI | Medium | Insecure Configurations | Documentation |
| Numeric Schema Without Format (v3) fbf699b5-ef74-4542-9cf1-f6eeac379373 |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| Pattern Undefined (v2) afde15cf-9444-4126-8c62-41cd79db1d1d |
OpenAPI | Medium | Insecure Configurations | String schema/parameter/header should have 'pattern' defined. Documentation |
| Pattern Undefined (v3) 00b78adf-b83f-419c-8ed8-c6018441dd3a |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| Schema Object is Empty (v2) 967575e5-eb44-4c24-aadb-7e33608ed30a |
OpenAPI | Medium | Insecure Configurations | Documentation |
| Schema Object is Empty (v3) 500ce696-d501-41dd-86eb-eceb011a386f |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| String Schema with Broad Pattern (v2) e4a019f0-9af3-49c8-bf68-1939a6ff240d |
OpenAPI | Medium | Insecure Configurations | Documentation |
| String Schema with Broad Pattern (v3) 8c81d6c0-716b-49ec-afa5-2d62da4e3f3c |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| JSON Object Schema Without Properties (v2) 3d28f751-bc18-4f83-ace0-216b6086410b |
OpenAPI | Medium | Insecure Configurations | Documentation |
| JSON Object Schema Without Properties (v3) 9d967a2b-9d64-41a6-abea-dfc4960299bd |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| Maximum Length Undefined (v2) 2ec86e48-ab90-4cb6-a131-0502afd1f442 |
OpenAPI | Medium | Insecure Configurations | String schema/parameter/header should have 'maxLength' defined. Documentation |
| Maximum Length Undefined (v3) 8c8261c2-19a9-4ef7-ad37-b8bc7bdd4d85 |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| Numeric Schema Without Minimum (v2) efd1dfc8-da91-4909-a3f3-c23abc5ec799 |
OpenAPI | Medium | Insecure Configurations | Documentation |
| Numeric Schema Without Minimum (v3) 181bd815-767e-4e95-a24d-bb3c87328e19 |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| Numeric Schema Without Maximum (v2) 203eee11-15b6-4d47-b888-4c7f534967ee |
OpenAPI | Medium | Insecure Configurations | Documentation |
| Numeric Schema Without Maximum (v3) 2ea04bef-c769-409e-9179-ee3a50b5c0ac |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| Success Response Code Undefined for Patch Operation (v2) f36e87cc-a209-4f37-8571-66833e4aead7 |
OpenAPI | Medium | Networking and Firewall | Documentation |
| Success Response Code Undefined for Patch Operation (v3) 1908a8ee-927d-4166-8f18-241152170cc1 |
OpenAPI | Medium | Networking and Firewall | Query details Documentation |
| Success Response Code Undefined for Post Operation (v2) 9fedee41-2e6d-4091-b011-4a16b4c18c70 |
OpenAPI | Medium | Networking and Firewall | Documentation |
| Success Response Code Undefined for Post Operation (v3) f368dd2d-9344-4146-a05b-7c6faa1269ad |
OpenAPI | Medium | Networking and Firewall | Query details Documentation |
| Success Response Code Undefined for Delete Operation (v2) ad432855-b7fb-4429-92a3-93b5ce34f0b1 |
OpenAPI | Medium | Networking and Firewall | Documentation |
| Success Response Code Undefined for Delete Operation (v3) 3b497874-ae59-46dd-8d72-1868a3b8f150 |
OpenAPI | Medium | Networking and Firewall | Query details Documentation |
| Success Response Code Undefined for Head Operation (v2) 4f0b30e3-a498-4dd7-b3f2-f4b6471a8d5a |
OpenAPI | Medium | Networking and Firewall | Documentation |
| Success Response Code Undefined for Head Operation (v3) 3b066059-f411-4554-ac8d-96f32bff90da |
OpenAPI | Medium | Networking and Firewall | Query details Documentation |
| Success Response Code Undefined for Get Operation (v2) 9b633f3b-c94b-4fbb-a65b-1a4e9134fb63 |
OpenAPI | Medium | Networking and Firewall | Documentation |
| Success Response Code Undefined for Get Operation (v3) b2f275be-7d64-4064-b418-be6b431363a7 |
OpenAPI | Medium | Networking and Firewall | Query details Documentation |
| Response Code Missing (v2) 6e96ed39-bf45-4089-99ba-f1fe7cf6966f |
OpenAPI | Medium | Networking and Firewall | Documentation |
| Response Code Missing (v3) 6c35d2c6-09f2-4e5c-a094-e0e91327071d |
OpenAPI | Medium | Networking and Firewall | Query details Documentation |
| Response on operations that should not have a body has declared content (v2) 268defd2-2839-4e15-8cbc-de86eb38c231 |
OpenAPI | Medium | Networking and Firewall | If a response is head or its code is 204 or 304, it shouldn't have a schema defined Documentation |
| Response on operations that should not have a body has declared content (v3) 12a7210b-f4b4-47d0-acac-0a819e2a0ca3 |
OpenAPI | Medium | Networking and Firewall | Query details Documentation |
| Response on operations that should have a body has undefined schema (v2) 31afbcb7-70e0-48bb-a31a-3374f95cf859 |
OpenAPI | Medium | Networking and Firewall | Documentation |
| Response on operations that should have a body has undefined schema (v3) a92be1d5-d762-484a-86d6-8cd0907ba100 |
OpenAPI | Medium | Networking and Firewall | Query details Documentation |
| Success Response Code Undefined for Put Operation (v2) 965a043f-5f3c-4d0a-be72-d9ce12fdb4d6 |
OpenAPI | Medium | Networking and Firewall | Documentation |
| Success Response Code Undefined for Put Operation (v3) 60b5f56b-66ff-4e1c-9b62-5753e16825bc |
OpenAPI | Medium | Networking and Firewall | Query details Documentation |
| Default Response Undefined On Operations (v2) 5f34c7ae-4f3f-4cbb-8fe3-a11d6961062f |
OpenAPI | Medium | Networking and Firewall | Documentation |
| Default Response Undefined On Operations (v3) 86e3702f-c868-44b2-b61d-ea5316c18110 |
OpenAPI | Medium | Networking and Firewall | Query details Documentation |
| API Key Exposed In Operation Security (v2) 392599e4-a4e2-403d-bc56-3fe05755782d |
OpenAPI | Low | Access Control | Documentation |
| API Key Exposed In Operation Security (v3) 281b8071-6226-4a43-911d-fec246d422c2 |
OpenAPI | Low | Access Control | Query details Documentation |
| Invalid Format (v2) caf1793e-95dd-4b18-8d90-8f3c0ab5bddf |
OpenAPI | Low | Insecure Configurations | Documentation |
| Invalid Format (v3) d929c031-078f-4241-b802-e224656ad890 |
OpenAPI | Low | Insecure Configurations | Query details Documentation |
| JSON '$ref' alongside other properties (v2) f34c1c68-4773-4df0-a103-6e2ca32e585f |
OpenAPI | Info | Best Practices | Documentation |
| JSON '$ref' alongside other properties (v3) 96beb800-566f-49a9-a0ea-dbdf4bc80429 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Path Without Operation (v2) 609cd557-66b4-41fa-8edd-2abc6c7cfd08 |
OpenAPI | Info | Best Practices | Documentation |
| Path Without Operation (v3) 84c826c9-1893-4b34-8cdd-db97645b4bf3 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Invalid Global External Documentation URL (v2) 46d3b74d-9fe9-45bf-9e9e-efb7f701ee28 |
OpenAPI | Info | Best Practices | Documentation |
| Invalid Global External Documentation URL (v3) b2d9dbf6-539c-4374-a1fd-210ddf5563a8 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Invalid Operation External Documentation URL (v2) 25635c31-ee32-4708-88e5-fced87516f51 |
OpenAPI | Info | Best Practices | Documentation |
| Invalid Operation External Documentation URL (v3) 5ea61624-3733-4a3a-8ca4-b96fec9c5aeb |
OpenAPI | Info | Best Practices | Query details Documentation |
| Invalid Tag External Documentation URL (v2) b4a7d925-738b-4219-99d9-87d6ee262a03 |
OpenAPI | Info | Best Practices | Documentation |
| Invalid Tag External Documentation URL (v3) 5aea1d7e-b834-4749-b143-2c7ec3bd5922 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Invalid Schema External Documentation URL (v2) f7fa95b7-d819-484c-9a2b-665dd1bba25e |
OpenAPI | Info | Best Practices | Documentation |
| Invalid Schema External Documentation URL (v3) 6952a7e0-6e48-4285-bbc1-27c64e60f888 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Invalid Contact Email (v2) d83bebc8-4e5e-4241-b783-cba9fb5a1c9a |
OpenAPI | Info | Best Practices | Documentation |
| Invalid Contact Email (v3) b1a7fcb0-2afe-4d5c-a6a1-4e6311fc29e7 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Example Not Compliant With Schema Type (v2) 448db771-06ea-4dee-b48c-1689cbfb4b43 |
OpenAPI | Info | Best Practices | Documentation |
| Example Not Compliant With Schema Type (v3) 881a6e71-c2a7-4fe2-b9c3-dfcf08895331 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Header Parameter Named as 'Authorization' (v2) e2e00c97-7171-4fb4-b461-d631df9a711c |
OpenAPI | Info | Best Practices | Documentation |
| Header Parameter Named as 'Authorization' (v3) 8c84f75e-5048-4926-a4cb-33e7b3431300 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Required Property With Default Value (v2) f7ab6c83-ef89-40e1-8a99-32e2599fb665 |
OpenAPI | Info | Best Practices | Documentation |
| Required Property With Default Value (v3) 013bdb4b-9246-4248-b0c3-7fb0fee42a29 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Invalid Contact URL (v2) c7000383-16d0-4509-8cd3-585e5ea2e2f2 |
OpenAPI | Info | Best Practices | Documentation |
| Invalid Contact URL (v3) 332cf2ad-380d-4b90-b436-46f8e635cf38 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Invalid License URL (v2) de2b4910-8484-46d6-a055-dc1e793ee3ff |
OpenAPI | Info | Best Practices | Documentation |
| Invalid License URL (v3) 9239c289-9e4c-4d92-8be1-9d506057c971 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Header Parameter Named as 'Content-Type' (v2) 51978067-3b22-4c29-aaf3-96bf0bc28897 |
OpenAPI | Info | Best Practices | Documentation |
| Header Parameter Named as 'Content-Type' (v3) 72d259ca-9741-48dd-9f62-eb11f2936b37 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Operation Without Successful HTTP Status Code (v2) a1ee6ebe-3877-42ec-b9a6-e524e7d06aa2 |
OpenAPI | Info | Best Practices | Documentation |
| Operation Without Successful HTTP Status Code (v3) 48e9e1fe-cf79-45b5-93e6-8b55ae5dadfd |
OpenAPI | Info | Best Practices | Query details Documentation |
| Object Using Enum With Keyword (v2) 7f15962a-d862-451c-ac9b-84ec13747aa6 |
OpenAPI | Info | Best Practices | Schema/Parameter/Header Object properties should not contain 'enum' and schema keywords Documentation |
| Object Using Enum With Keyword (v3) 2e9b6612-8f69-42e0-a5b8-ed17739c2f3a |
OpenAPI | Info | Best Practices | Query details Documentation |
| Header Parameter Named as 'Accept' (v2) 3ddd74cc-6582-486c-8b0c-2b48cb38e0a3 |
OpenAPI | Info | Best Practices | Documentation |
| Header Parameter Named as 'Accept' (v3) f2702af5-6016-46cb-bbc8-84c766032095 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Header Response Name Is Invalid (v2) 86733e01-a435-4bd5-a8b0-5108be9dc1e4 |
OpenAPI | Info | Best Practices | Documentation |
| Header Response Name Is Invalid (v3) d4e43db5-54d8-4dda-b3c2-0dc6f31a46bd |
OpenAPI | Info | Best Practices | Query details Documentation |
| Schema Has A Required Property Undefined (v2) 811762c8-2e99-4f70-88f9-a63875a953b1 |
OpenAPI | Info | Structure and Semantics | Documentation |
| Schema Has A Required Property Undefined (v3) 2bd608ae-8a1f-457f-b710-c237883cb313 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema Object Properties With Duplicated Keys (v2) ded017bf-fb13-4f8d-868b-84aebcc572ad |
OpenAPI | Info | Structure and Semantics | Documentation |
| Schema Object Properties With Duplicated Keys (v3) 10c61e4b-eed5-49cf-9c7d-d4bf02e9edfa |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Path Is Ambiguous (v2) b2468463-3ac4-4930-890c-f35b2bf4485d |
OpenAPI | Info | Structure and Semantics | Documentation |
| Path Is Ambiguous (v3) 237402e2-c2f0-46c9-9cf5-286160cf7bfc |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Items Undefined (v2) 3e4d34d2-36cf-4449-976d-6c256db8fc49 |
OpenAPI | Info | Structure and Semantics | Documentation |
| Items Undefined (v3) a8e859da-4a43-4e7f-94b8-25d6e3bf8e90 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| OperationId Not Unique (v2) 21245007-91c4-40e5-964e-40c85d1e5aa6 |
OpenAPI | Info | Structure and Semantics | Documentation |
| OperationId Not Unique (v3) c254adc4-ef25-46e1-8270-b7944adb4198 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Property Defining Minimum Greater Than Maximum (v2) b5102ea9-6527-4bb7-94fc-9b4076150e55 |
OpenAPI | Info | Structure and Semantics | Documentation |
| Property Defining Minimum Greater Than Maximum (v3) ab2af219-cd08-4233-b5a1-a788aac88b51 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Default Invalid (v2) 78dfd8f0-a6ee-48ec-af8c-e4d9b3292a07 |
OpenAPI | Info | Structure and Semantics | The field 'default' of Schema/Parameter/Header Object should be consistent with the schema's/parameter's/header's type Documentation |
| Default Invalid (v3) a96bbc06-8cde-4295-ad3c-ee343a7f658e |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Properties Missing Required Property (v2) 71beb6ab-8b70-4816-a9ac-a0ff1fb22a62 |
OpenAPI | Info | Structure and Semantics | Documentation |
| Properties Missing Required Property (v3) 3fb03214-25d4-4bd4-867c-c2d8d708a483 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Paths Object is Empty (v2) 3e6c7b1c-8a8d-43ab-98b9-65159f44db4a |
OpenAPI | Info | Structure and Semantics | Documentation |
| Paths Object is Empty (v3) 815021c8-a50c-46d9-b192-24f71072c400 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Path Parameter With No Corresponding Template Path (v2) 194ef1f8-360e-4c14-8ed2-e83e2bafa142 |
OpenAPI | Info | Structure and Semantics | Documentation |
| Path Parameter With No Corresponding Template Path (v3) 69d7aefd-149d-47b8-8d89-1c2181a8067b |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema Discriminator Not Required (v2) be6a3722-af60-438c-b1b9-2a03e2958ab7 |
OpenAPI | Info | Structure and Semantics | Documentation |
| Schema Discriminator Not Required (v3) b481d46c-9c61-480f-86d9-af07146dc4a4 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema Object With Circular Ref (v2) cbff2508-85c9-4448-a8b3-770070edf5ca |
OpenAPI | Info | Structure and Semantics | Documentation |
| Schema Object With Circular Ref (v3) 1a1aea94-745b-40a7-b860-0702ea6ee636 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Responses With Wrong HTTP Status Code (v2) 069a5378-2091-43f0-aa3b-ee8f20996e99 |
OpenAPI | Info | Structure and Semantics | Documentation |
| Responses With Wrong HTTP Status Code (v3) d86655c0-92f6-4ffc-b4d5-5b5775804c27 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Non-Array Schema With Items (v2) 9d47956b-29cd-43b1-9e6e-b39a4d484353 |
OpenAPI | Info | Structure and Semantics | Documentation |
| Non-Array Schema With Items (v3) 20cb3159-b219-496b-8dac-54ae3ab2021a |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Type Has Invalid Keyword (v2) 492c6cbb-f3f8-4807-aa4f-42b8b1c46b59 |
OpenAPI | Info | Structure and Semantics | Schema/Parameter/Header Object define type should not use a keyword of another type Documentation |
| Type Has Invalid Keyword (v3) a9228976-10cf-4b5f-b902-9e962aad037a |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Parameter Objects Headers With Duplicated Name (v2) bd2cbef5-62c4-40f1-af07-4b7f9ced6616 |
OpenAPI | Info | Structure and Semantics | Documentation |
| Parameter Objects Headers With Duplicated Name (v3) 05505192-ba2c-4a81-9b25-dcdbcc973746 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Parameters Name In Combination Not Unique (v2) ab871897-ec02-4835-9818-702536ee1dda |
OpenAPI | Info | Structure and Semantics | Documentation |
| Parameters Name In Combination Not Unique (v3) f5b2e6af-76f5-496d-8482-8f898c5fdb4a |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema Enum Invalid (v2) 8fe6d18a-ad4c-4397-8884-e3a9da57f4c9 |
OpenAPI | Info | Structure and Semantics | Documentation |
| Schema Enum Invalid (v3) 03856cb2-e46c-4daf-bfbf-214ec93c882b |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Property 'allowEmptyValue' Improperly Defined (v2) 0bc1477d-0922-478b-ae16-674a7634a1a8 |
OpenAPI | Info | Structure and Semantics | Documentation |
| Property 'allowEmptyValue' Improperly Defined (v3) 4bcbcd52-3028-469f-bc14-02c7dbba2df2 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Path Parameter Not Required (v2) ccd0613f-cb77-4684-a892-183bd2674d12 |
OpenAPI | Info | Structure and Semantics | Documentation |
| Path Parameter Not Required (v3) 0de50145-e845-47f4-9a15-23bcf2125710 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Template Path With No Corresponding Path Parameter (v2) e7656d8d-7288-4bbe-b07b-22b389be75ce |
OpenAPI | Info | Structure and Semantics | Documentation |
| Template Path With No Corresponding Path Parameter (v3) 561710b1-b845-4562-95ce-2397a05ccef4 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Responses Object Is Empty (v2) 6172e7ab-d2b7-45f8-a7db-1603931d8ba3 |
OpenAPI | Info | Structure and Semantics | Documentation |
| Responses Object Is Empty (v3) 990eaf09-d6f1-4c3c-b174-a517b1de8917 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema Discriminator Mismatch Defined Properties (v2) addc0eab-27f6-4c26-8526-d2ccd3732662 |
OpenAPI | Info | Structure and Semantics | Documentation |
| Schema Discriminator Mismatch Defined Properties (v3) 40d3df21-c170-4dbe-9c02-4289b51f994f |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema Discriminator Property Not String (v2) 949376f1-f560-4c6d-a016-63424ca931bb |
OpenAPI | Info | Structure and Semantics | Documentation |
| Schema Discriminator Property Not String (v3) dadc2f36-1f5a-46c0-8289-75e626583123 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Path Template is Empty (v2) c201b7ad-6173-4598-a407-5edb04a1bcd7 |
OpenAPI | Info | Structure and Semantics | Documentation |
| Path Template is Empty (v3) ae13a37d-943b-47a7-a970-83c8598bcca3 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Field 'securityScheme' On Components Is Undefined 8db5544e-4874-4baa-9322-e9f75a2d219e |
OpenAPI | High | Access Control | Query details Documentation |
| Cleartext Credentials With Basic Authentication For Operation 86b1fa30-9790-4980-994d-a27e0f6f27c1 |
OpenAPI | High | Access Control | Query details Documentation |
| Implicit Flow in OAuth2 (v3) 4a1f3d75-ab73-41b2-83e7-06a93dc3a75a |
OpenAPI | Medium | Access Control | Query details Documentation |
| Security Scheme HTTP Unknown Scheme 06764426-3c56-407e-981f-caa25db1c149 |
OpenAPI | Medium | Access Control | Query details Documentation |
| Security Scheme Using HTTP Negotiate f525cc92-9050-4c41-a75c-890dc6f64449 |
OpenAPI | Medium | Access Control | Query details Documentation |
| OAuth2 With Implicit Flow 39cb32f2-3a42-4af0-8037-82a7a9654b6c |
OpenAPI | Medium | Access Control | Query details Documentation |
| Invalid OAuth2 Authorization URL (v3) 52c0d841-60d6-4a81-88dd-c35fef36d315 |
OpenAPI | Medium | Access Control | Query details Documentation |
| Security Scheme Using HTTP Basic 68e5fcac-390c-4939-a373-6074b7be7c71 |
OpenAPI | Medium | Access Control | Query details Documentation |
| Security Scheme Using HTTP Digest a4247b11-890b-45df-bf42-350a7a3af9be |
OpenAPI | Medium | Access Control | Query details Documentation |
| Invalid OAuth2 Token URL (v3) 3ba0cca1-b815-47bf-ac62-1e584eb64a05 |
OpenAPI | Medium | Access Control | Query details Documentation |
| OAuth2 With Password Flow 3979b0a4-532c-4ea7-86e4-34c090eaa4f2 |
OpenAPI | Medium | Access Control | Query details Documentation |
| Path Server Object Uses HTTP (v3) 9670f240-7b4d-4955-bd93-edaa9fa38b58 |
OpenAPI | Medium | Encryption | Query details Documentation |
| Global Server Object Uses HTTP 2d8c175a-6d90-412b-8b0e-e034ea49a1fe |
OpenAPI | Medium | Encryption | Query details Documentation |
| Additional Properties Too Permissive 9f88c88d-824d-4d9a-b985-e22977046042 |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| Parameter Object Without Schema 8fe1846f-52cc-4413-ace9-1933d7d23672 |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| Media Type Object Without Schema f79b9d26-e945-44e7-98a1-b93f0f7a68a0 |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| Additional Properties Too Restrictive a19c3bbd-c056-40d7-9e1c-eeb0634e320d |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| Header Object Without Schema 50de3b5b-6465-4e06-a9b0-b4c2ba34326b |
OpenAPI | Medium | Networking and Firewall | Query details Documentation |
| Success Response Code Undefined for Trace Operation 105e20dd-8449-4d71-95c6-d5dac96639af |
OpenAPI | Medium | Networking and Firewall | Query details Documentation |
| Global Security Scheme Using Basic Authentication 77276d82-4f45-4cf1-8e2b-4d345b936228 |
OpenAPI | Low | Access Control | Query details Documentation |
| Undefined Scope 'securityScheme' On Global 'security' Field 23a9e2d9-8738-4556-a71c-2802b6ffa022 |
OpenAPI | Low | Access Control | Query details Documentation |
| Security Scheme Using Oauth 1.0 1bc3205c-0d60-44e6-84f3-44fbf4dac5b3 |
OpenAPI | Low | Access Control | Query details Documentation |
| Undefined Scope 'securityScheme' On 'security' Field On Operations 462d6a1d-fed9-4d75-bb9e-3de902f35e6e |
OpenAPI | Low | Access Control | Query details Documentation |
| API Key Exposed In Global Security Scheme 40e1d1bf-11a9-4f63-a3a2-a8b84c602839 |
OpenAPI | Low | Access Control | Query details Documentation |
| Components Response Definition Is Unused 9c3ea128-7e9a-4b4c-8a32-75ad17a2d3ae |
OpenAPI | Info | Best Practices | Query details Documentation |
| Encoding Header 'Content-Type' Improperly Defined 4cd8de87-b595-48b6-ab3c-1904567135ab |
OpenAPI | Info | Best Practices | Query details Documentation |
| Components Example Definition Is Unused b05bb927-2df5-43cc-8d7b-6825c0e71625 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Unknown Prefix (v3) a5375be3-521c-43bb-9eab-e2432e368ee4 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Invalid Media Type Value (v3) cf4a5f45-a27b-49df-843a-9911dbfe71d4 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Components Link Definition Is Unused c19779a9-5774-4d2f-a3a1-a99831730375 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Property 'allowReserved' of Encoding Object Ignored 4190dda7-af03-4cf0-a128-70ac1661ca09 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Components Header Definition Is Unused a68da022-e95a-4bc2-97d3-481e0bd6d446 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Property 'allowEmptyValue' Ignored 59c2f769-7cc2-49c8-a3de-4e211135cfab |
OpenAPI | Info | Best Practices | Query details Documentation |
| Property 'explode' of Encoding Object Ignored a4dd69b8-49fa-45d2-a060-c76655405b05 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Components Callback Definition Is Unused d15db953-a553-4b8a-9a14-a3d62ea3d79d |
OpenAPI | Info | Best Practices | Query details Documentation |
| Property 'style' of Encoding Object Ignored d3ea644a-9a5c-4fee-941f-f8a6786c0470 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Components Parameter Definition Is Unused 698a464e-bb3e-4ba8-ab5e-e6599b7644a0 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Components Schema Definition Is Unused 962fa01e-b791-4dcc-b04a-4a3e7389be5e |
OpenAPI | Info | Best Practices | Query details Documentation |
| Components Request Body Definition Is Unused 6b76f589-9713-44ab-97f5-59a3dba1a285 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Request Body JSON Reference Does Not Exists ca02f4e8-d3ae-4832-b7db-bb037516d9e7 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Object Without Required Property (v3) d172a060-8569-4412-8045-3560ebd477e8 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Parameter Object With Undefined Type 46facedc-f243-4108-ab33-583b807d50b0 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Servers Array Undefined c66ebeaa-676c-40dc-a3ff-3e49395dcd5e |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Request Body Object With Incorrect Media Type 58f06434-a88c-4f74-826c-db7e10cc7def |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Components Object Fixed Field Key Improperly Named 151331e2-11f4-4bb6-bd35-9a005e695087 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Callback Object With Incorrect Ref ba066cda-e808-450d-92b6-f29109754d45 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Link Object OperationId Does Not Target Operation Object c5bb7461-aa57-470b-a714-3bc3d74f4669 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Example JSON Reference Outside Components Examples bac56e3c-1f71-4a74-8ae6-2fba07efcddb |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema With Both ReadOnly And WriteOnly d2361d58-361c-49f0-9e50-b957fd608b29 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Security Field Undefined ab1263c2-81df-46f0-9f2c-0b62fdb68419 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Parameter Object With Schema And Content 31dd6fc0-f274-493b-9614-e063086c19fc |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Header Object With Incorrect Ref 2d6646f4-2946-420f-8c14-3232d49ae0cb |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Unknown Property (v3) fb7d81e7-4150-48c4-b914-92fc05da6a2f |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Server Object Variable Not Used 8aee4754-970d-4c5f-8142-a49dfe388b1a |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Response JSON Reference Does Not Exists (v3) 7a01dfbd-da62-4165-aed7-71349ad42ab4 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Invalid Content Type For Multiple Files Upload 26f06397-36d8-4ce7-b993-17711261d777 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Link JSON Reference Does Not Exists 801f0c6a-a834-4467-89c6-ddecffb46b5a |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Encoding Map Key Mismatch Schema Defined Properties cd7a52cf-8d7f-4cfe-bbeb-6306d23f576b |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Callback JSON Reference Does Not Exists f29904c8-6041-4bca-b043-dfa0546b8079 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Request Body With Incorrect Ref 0f6cd0ab-c366-4595-84fc-fbd8b9901e4d |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Parameter Object With Incorrect Ref (v3) d40f27e6-15fb-4b56-90f8-fc0ff0291c51 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Link Object With Both 'operationId' And 'operationRef' 60fb6621-9f02-473b-9424-ba9a825747d3 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Security Requirement Object With Wrong Scopes 37140f7f-724a-4c87-a536-e9cee1d61533 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Security Operation Field Undefined 20a482d5-c5d9-4a7a-b7a4-60d0805047b4 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Parameter Object Content With Multiple Entries 8bfed1c6-2d59-4924-bc7f-9b9d793ed0df |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Link Object Incorrect Ref b9db8a10-020c-49ca-88c6-780e5fdb4328 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Header JSON Reference Does Not Exists 376c9390-7e9e-4cb8-a067-fd31c05451fd |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Empty Array 5915c20f-dffa-4cee-b5d4-f457ddc0151a |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Server URL Uses Undefined Variables 8d0921d6-4131-461f-a253-99e873f8f77e |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Response Object With Incorrect Ref (v3) b3871dd8-9333-4d6c-bd52-67eb898b71ab |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Example JSON Reference Does Not Exists 6a2c219f-da5e-4745-941e-5ea8cde23356 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Property 'allowReserved' Improperly Defined 7f203940-39c4-4ea7-91ee-7aba16bca9e2 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Parameter JSON Reference Does Not Exists (v3) 2e275f16-b627-4d3f-ae73-a6153a23ae8f |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema Object Incorrect Ref (v3) 4cac7ace-b0fb-477d-830d-65395d9109d9 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema JSON Reference Does Not Exists (v3) 015eac96-6313-43c0-84e5-81b1374fa637 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Server URL Not Absolute a0bf7382-5d5a-4224-924c-3db8466026c9 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Run Using apt a1bc27c6-7115-48d8-bf9d-5a7e836845ba |
Buildah | Medium | Supply-Chain | Query details Documentation |
| Ansible Tower Exposed To Internet 1b2bf3ff-31e9-460e-bbfb-45e48f4f20cc |
Ansible | Medium | Best Practices | Query details Documentation |
| Storage Container Is Publicly Accessible 4d3817db-dd35-4de4-a80d-3867157e7f7f |
Ansible | High | Access Control | Query details Documentation |
| Public Storage Account 35e2f133-a395-40de-a79d-b260d973d1bd |
Ansible | High | Access Control | Query details Documentation |
| Admin User Enabled For Container Registry 29f35127-98e6-43af-8ec1-201b79f99604 |
Ansible | High | Access Control | Query details Documentation |
| Azure Instance Using Basic Authentication e2d834b7-8b25-4935-af53-4a60668dcbe0 |
Ansible | High | Best Practices | Query details Documentation |
| MySQL SSL Connection Disabled 2a901825-0f3b-4655-a0fe-e0470e50f8e6 |
Ansible | High | Encryption | Query details Documentation |
| SSL Enforce Disabled 961ce567-a16d-4d7d-9027-f0ec2628a555 |
Ansible | High | Encryption | Query details Documentation |
| Storage Account Not Forcing HTTPS 2c99a474-2a3c-4c17-8294-53ffa5ed0522 |
Ansible | High | Encryption | Query details Documentation |
| VM Not Attached To Network 1e5f5307-3e01-438d-8da6-985307ed25ce |
Ansible | High | Insecure Configurations | Query details Documentation |
| Azure Container Registry With No Locks 581dae78-307d-45d5-aae4-fe2b0db267a5 |
Ansible | High | Insecure Configurations | Query details Documentation |
| AD Admin Not Configured For SQL Server b176e927-bbe2-44a6-a9c3-041417137e5f |
Ansible | High | Insecure Configurations | Query details Documentation |
| Web App Accepting Traffic Other Than HTTPS eb8c2560-8bee-4248-9d0d-e80c8641dd91 |
Ansible | High | Insecure Configurations | Query details Documentation |
| Sensitive Port Is Exposed To Entire Network 0ac9abbc-6d7a-41cf-af23-2e57ddb3dbfc |
Ansible | High | Networking and Firewall | Query details Documentation |
| Trusted Microsoft Services Not Enabled 1bc398a8-d274-47de-a4c8-6ac867b353de |
Ansible | High | Networking and Firewall | Query details Documentation |
| SQLServer Ingress From Any IP f4e9ff70-0f3b-4c50-a713-26cbe7ec4039 |
Ansible | High | Networking and Firewall | Query details Documentation |
| Redis Publicly Accessible 0632d0db-9190-450a-8bb3-c283bffea445 |
Ansible | High | Networking and Firewall | Query details Documentation |
| Redis Entirely Accessible 0d0c12b9-edce-4510-9065-13f6a758750c |
Ansible | High | Networking and Firewall | Query details Documentation |
| CosmosDB Account IP Range Filter Not Set e8c80448-31d8-4755-85fc-6dbab69c2717 |
Ansible | High | Networking and Firewall | Query details Documentation |
| Role Definition Allows Custom Role Creation 5c80db8e-03f5-43a2-b4af-1f3f87018157 |
Ansible | Medium | Access Control | Query details Documentation |
| Default Azure Storage Account Network Access Is Too Permissive ca4df748-613a-4fbf-9c76-f02cbd580307 |
Ansible | Medium | Access Control | Query details Documentation |
| AKS RBAC Disabled 149fa56c-4404-4f90-9e25-d34b676d5b39 |
Ansible | Medium | Access Control | Query details Documentation |
| Key Vault Soft Delete Is Disabled 881696a8-68c5-4073-85bc-7c38a3deb854 |
Ansible | Medium | Backup | Query details Documentation |
| SQL Server Predictable Admin Account Name 663062e9-473d-4e87-99bc-6f3684b3df40 |
Ansible | Medium | Best Practices | Query details Documentation |
| SQL Server Predictable Active Directory Account Name 530e8291-2f22-4bab-b7ea-306f1bc2a308 |
Ansible | Medium | Best Practices | Query details Documentation |
| Cosmos DB Account Without Tags 23a4dc83-4959-4d99-8056-8e051a82bc1e |
Ansible | Medium | Build Process | Query details Documentation |
| Storage Account Not Using Latest TLS Encryption Version c62746cf-92d5-4649-9acf-7d48d086f2ee |
Ansible | Medium | Encryption | Query details Documentation |
| Security Group is Not Configured da4f2739-174f-4cdd-b9ef-dc3f14b5931f |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Redis Cache Allows Non SSL Connections 869e7fb4-30f0-4bdb-b360-ad548f337f2f |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| AKS Network Policy Misconfigured 8c3bedf1-c570-4c3b-b414-d068cd39a00c |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Firewall Rule Allows Too Many Hosts To Access Redis Cache 69f72007-502e-457b-bd2d-5012e31ac049 |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| WAF Is Disabled For Azure Application Gateway 2fc5ab5a-c5eb-4ae4-b687-0f16fe77c255 |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| Unrestricted SQL Server Access 3f23c96c-f9f5-488d-9b17-605b8da5842f |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| PostgreSQL Server Without Connection Throttling a9becca7-892a-4af7-b9e1-44bf20a4cd9a |
Ansible | Medium | Observability | Query details Documentation |
| Small Activity Log Retention Period 37fafbea-dedb-4e0d-852e-d16ee0589326 |
Ansible | Medium | Observability | Query details Documentation |
| AKS Monitoring Logging Disabled d5e83b32-56dd-4247-8c2e-074f43b38a5e |
Ansible | Medium | Observability | Query details Documentation |
| PostgreSQL Log Checkpoints Disabled 7ab33ac0-e4a3-418f-a673-50da4e34df21 |
Ansible | Medium | Observability | Query details Documentation |
| PostgreSQL Log Disconnections Not Set 054d07b5-941b-4c28-8eef-18989dc62323 |
Ansible | Medium | Observability | Query details Documentation |
| Log Retention Is Not Set 0461b4fd-21ef-4687-929e-484ee4796785 |
Ansible | Medium | Observability | Query details Documentation |
| PostgreSQL Log Duration Not Set 729ebb15-8060-40f7-9017-cb72676a5487 |
Ansible | Medium | Observability | Query details Documentation |
| PostgreSQL Log Connections Not Set 7b47138f-ec0e-47dc-8516-e7728fe3cc17 |
Ansible | Medium | Observability | Query details Documentation |
| Monitoring Log Profile Without All Activities 89f84a1e-75f8-47c5-83b5-bee8e2de4168 |
Ansible | Medium | Observability | Query details Documentation |
| S3 Bucket ACL Allows Read to All Users a1ef9d2e-4163-40cb-bd92-04f0d602a15d |
Ansible | High | Access Control | Query details Documentation |
| S3 Bucket Access to Any Principal 3ab1f27d-52cc-4943-af1d-43c1939e739a |
Ansible | High | Access Control | Query details Documentation |
| ECS Service Admin Role Is Present 7db727c1-1720-468e-b80e-06697f71e09e |
Ansible | High | Access Control | Query details Documentation |
| IAM Policies With Full Privileges e401d614-8026-4f4b-9af9-75d1197461ba |
Ansible | High | Access Control | Query details Documentation |
| SQS Queue Exposed 86b0efa7-4901-4edd-a37a-c034bec6645a |
Ansible | High | Access Control | Query details Documentation |
| S3 Bucket Allows Delete Action From All Principals 6fa44721-ef21-41c6-8665-330d59461163 |
Ansible | High | Access Control | Query details Documentation |
| S3 Bucket Allows Get Action From All Principals 53bce6a8-5492-4b1b-81cf-664385f0c4bf |
Ansible | High | Access Control | Query details Documentation |
| SNS Topic is Publicly Accessible 905f4741-f965-45c1-98db-f7a00a0e5c73 |
Ansible | High | Access Control | Query details Documentation |
| Authentication Without MFA eee107f9-b3d8-45d3-b9c6-43b5a7263ce1 |
Ansible | High | Access Control | Query details Documentation |
| S3 Bucket Allows List Action From All Principals d395a950-12ce-4314-a742-ac5a785ab44e |
Ansible | High | Access Control | Query details Documentation |
| IAM Policy Grants Full Permissions b5ed026d-a772-4f07-97f9-664ba0b116f8 |
Ansible | High | Access Control | Query details Documentation |
| S3 Bucket ACL Allows Read to Any Authenticated User 75480b31-f349-4b9a-861f-bce19588e674 |
Ansible | High | Access Control | Query details Documentation |
| S3 Bucket With All Permissions 6a6d7e56-c913-4549-b5c5-5221e624d2ec |
Ansible | High | Access Control | Query details Documentation |
| S3 Bucket Allows Put Action From All Principals a0f1bfe0-741e-473f-b3b2-13e66f856fab |
Ansible | High | Access Control | Query details Documentation |
| ELB Using Weak Ciphers 2034fb37-bc23-4ca0-8d95-2b9f15829ab5 |
Ansible | High | Encryption | Query details Documentation |
| AMI Not Encrypted 97707503-a22c-4cd7-b7c0-f088fa7cf830 |
Ansible | High | Encryption | Query details Documentation |
| ECS Task Definition Container With Plaintext Password 7fdc2bf3-6bc0-4cb3-84c5-cfd041c0f892 |
Ansible | High | Encryption | Query details Documentation |
| Secure Ciphers Disabled 218413a0-c716-4b94-9e08-0bb70d854709 |
Ansible | High | Encryption | Query details Documentation |
| Cloudfront Viewer Protocol Policy Allows HTTP a6d27cf7-61dc-4bde-ae08-3b353b609f76 |
Ansible | High | Encryption | Query details Documentation |
| Redis Not Compliant 9f34885e-c08f-4d13-a7d1-cf190c5bd268 |
Ansible | High | Encryption | Query details Documentation |
| User Data Shell Script Is Encoded 1e2341ba-a5cf-4f0a-a5f6-47e90c68ea89 |
Ansible | High | Encryption | Query details Documentation |
| Redshift Not Encrypted 6a647814-def5-4b85-88f5-897c19f509cd |
Ansible | High | Encryption | Query details Documentation |
| ELB Using Insecure Protocols 730a5951-2760-407a-b032-dd629b55c23a |
Ansible | High | Encryption | Query details Documentation |
| S3 Bucket Without Server-side-encryption 594f54e7-f744-45ab-93e4-c6dbaf6cd571 |
Ansible | High | Encryption | Query details Documentation |
| User Data Contains Encoded Private Key c09f4d3e-27d2-4d46-9453-abbe9687a64e |
Ansible | High | Encryption | Query details Documentation |
| IAM Database Auth Not Enabled 0ed012a4-9199-43d2-b9e4-9bd049a48aa4 |
Ansible | High | Encryption | Query details Documentation |
| EFS Without KMS bd77554e-f138-40c5-91b2-2a09f878608e |
Ansible | High | Encryption | Query details Documentation |
| S3 Bucket SSE Disabled 309edc5b-5a59-42b4-a357-d4d098311fd4 |
Ansible | High | Encryption | Query details Documentation |
| EFS Not Encrypted 727c4fd4-d604-4df6-a179-7713d3c85e20 |
Ansible | High | Encryption | Query details Documentation |
| Launch Configuration Is Not Encrypted 66477506-6abb-49ed-803d-3fa174cd5f6a |
Ansible | High | Encryption | Query details Documentation |
| CA Certificate Identifier Is Outdated 5eccd62d-8b4d-46d3-83ea-1879f3cbd3ce |
Ansible | High | Encryption | Query details Documentation |
| DB Instance Storage Not Encrypted 7dfb316c-a6c2-454d-b8a2-97f147b0c0ff |
Ansible | High | Encryption | Query details Documentation |
| Kinesis Not Encrypted With KMS f2ea6481-1d31-4d40-946a-520dc6321dd7 |
Ansible | High | Encryption | Query details Documentation |
| RDS DB Instance Publicly Accessible c09e3ca5-f08a-4717-9c87-3919c5e6d209 |
Ansible | High | Insecure Configurations | Query details Documentation |
| S3 Bucket with Unsecured CORS Rule 3505094c-f77c-4ba0-95da-f83db712f86c |
Ansible | High | Insecure Configurations | Query details Documentation |
| CloudFront Without Minimum Protocol TLS 1.2 d0c13053-d2c8-44a6-95da-d592996e9e67 |
Ansible | High | Insecure Configurations | Query details Documentation |
| EC2 Group Has Public Interface 5330b503-3319-44ff-9b1c-00ee873f728a |
Ansible | High | Insecure Configurations | Query details Documentation |
| Batch Job Definition With Privileged Container Properties defe5b18-978d-4722-9325-4d1975d3699f |
Ansible | High | Insecure Configurations | Query details Documentation |
| ECS Task Definition Network Mode Not Recommended 01aec7c2-3e4d-4274-ae47-2b8fea22fd1f |
Ansible | High | Insecure Configurations | Query details Documentation |
| Root Account Has Active Access Keys e71d0bc7-d9e8-4e6e-ae90-0a4206db6f40 |
Ansible | High | Insecure Configurations | Query details Documentation |
| Redshift Publicly Accessible 5c6b727b-1382-4629-8ba9-abd1365e5610 |
Ansible | High | Insecure Configurations | Query details Documentation |
| KMS Key With Full Permissions 5b9d237a-57d5-4177-be0e-71434b0fef47 |
Ansible | High | Insecure Configurations | Query details Documentation |
| Vulnerable Default SSL Certificate fb8f8929-afeb-4c46-99f0-a6cf410f7df4 |
Ansible | High | Insecure Defaults | Query details Documentation |
| Security Group Ingress Not Restricted ea6bc7a6-d696-4dcf-a788-17fa03c17c81 |
Ansible | High | Networking and Firewall | Query details Documentation |
| RDS Associated with Public Subnet 16732649-4ff6-4cd2-8746-e72c13fae4b8 |
Ansible | High | Networking and Firewall | Query details Documentation |
| ALB Listening on HTTP f81d63d2-c5d7-43a4-a5b5-66717a41c895 |
Ansible | High | Networking and Firewall | Query details Documentation |
| Public Port Wide 71ea648a-d31a-4b5a-a589-5674243f1c33 |
Ansible | High | Networking and Firewall | Query details Documentation |
| Elasticsearch with HTTPS disabled d6c2d06f-43c1-488a-9ba1-8d75b40fc62d |
Ansible | High | Networking and Firewall | Query details Documentation |
| HTTP Port Open To Internet a14ad534-acbe-4a8e-9404-2f7e1045646e |
Ansible | High | Networking and Firewall | Query details Documentation |
| Security Group With Unrestricted Access To SSH 57ced4b9-6ba4-487b-8843-b65562b90c77 |
Ansible | High | Networking and Firewall | Query details Documentation |
| DB Security Group Open To Large Scope ea0ed1c7-9aef-4464-b7c7-94c762da3640 |
Ansible | High | Networking and Firewall | Query details Documentation |
| Default Security Groups With Unrestricted Traffic 8010e17a-00e9-4635-a692-90d6bcec68bd |
Ansible | High | Networking and Firewall | Query details Documentation |
| Unrestricted Security Group Ingress 83c5fa4c-e098-48fc-84ee-0a537287ddd2 |
Ansible | High | Networking and Firewall | Query details Documentation |
| DB Security Group With Public Scope 0956aedf-6a7a-478b-ab56-63e2b19923ad |
Ansible | High | Networking and Firewall | Query details Documentation |
| Route53 Record Undefined 445dce51-7e53-4e50-80ef-7f94f14169e4 |
Ansible | High | Networking and Firewall | Query details Documentation |
| Remote Desktop Port Open To Internet eda7301d-1f3e-47cf-8d4e-976debc64341 |
Ansible | High | Networking and Firewall | Query details Documentation |
| Unknown Port Exposed To Internet 722b0f24-5a64-4cca-aa96-cfc26b7e3a5b |
Ansible | High | Networking and Firewall | Query details Documentation |
| EC2 Instance Has Public IP a8b0c58b-cd25-4b53-9ad0-55bca0be0bc1 |
Ansible | High | Networking and Firewall | Query details Documentation |
| CloudTrail Logging Disabled d4a73c49-cbaa-4c6f-80ee-d6ef5a3a26f5 |
Ansible | High | Observability | Query details Documentation |
| CMK Rotation Disabled af96d737-0818-4162-8c41-40d969bd65d1 |
Ansible | High | Observability | Query details Documentation |
| AMI Shared With Multiple Accounts a19b2942-142e-4e2b-93b7-6cf6a6c8d90f |
Ansible | Medium | Access Control | Query details Documentation |
| IAM Policies Attached To User eafe4bc3-1042-4f88-b988-1939e64bf060 |
Ansible | Medium | Access Control | Query details Documentation |
| SES Policy With Allowed IAM Actions 8ed0bfce-f780-46d4-b086-21c3628f09ad |
Ansible | Medium | Access Control | Query details Documentation |
| S3 Bucket With Public Access c3e073c1-f65e-4d18-bd67-4a8f20ad1ab9 |
Ansible | Medium | Access Control | Query details Documentation |
| IAM Access Key Is Exposed 7f79f858-fbe8-4186-8a2c-dfd0d958a40f |
Ansible | Medium | Access Control | Query details Documentation |
| ECR Repository Is Publicly Accessible fb5a5df7-6d74-4243-ab82-ff779a958bfd |
Ansible | Medium | Access Control | Query details Documentation |
| Public Lambda via API Gateway 5e92d816-2177-4083-85b4-f61b4f7176d9 |
Ansible | Medium | Access Control | Query details Documentation |
| SQS Policy With Public Access d994585f-defb-4b51-b6d2-c70f020ceb10 |
Ansible | Medium | Access Control | Query details Documentation |
| SQS Policy Allows All Actions ed9b3beb-92cf-44d9-a9d2-171eeba569d4 |
Ansible | Medium | Access Control | Query details Documentation |
| Cross-Account IAM Assume Role Policy Without ExternalId or MFA af167837-9636-4086-b815-c239186b9dda |
Ansible | Medium | Access Control | Query details Documentation |
| Certificate Has Expired 5a443297-19d4-4381-9e5b-24faf947ec22 |
Ansible | Medium | Access Control | Query details Documentation |
| API Gateway Without Configured Authorizer b16cdb37-ce15-4ab2-8401-d42b05d123fc |
Ansible | Medium | Access Control | Query details Documentation |
| Lambda Permission Principal Is Wildcard 1d972c56-8ec2-48c1-a578-887adb09c57a |
Ansible | Medium | Access Control | Query details Documentation |
| Auto Scaling Group With No Associated ELB 050f085f-a8db-4072-9010-2cca235cc02f |
Ansible | Medium | Availability | Query details Documentation |
| CMK Is Unusable 133fee21-37ef-45df-a563-4d07edc169f4 |
Ansible | Medium | Availability | Query details Documentation |
| ECS Service Without Running Tasks f5c45127-1d28-4b49-a692-0b97da1c3a84 |
Ansible | Medium | Availability | Query details Documentation |
| Stack Retention Disabled 17d5ba1d-7667-4729-b1a6-b11fde3db7f7 |
Ansible | Medium | Backup | Query details Documentation |
| RDS With Backup Disabled e69890e6-fce5-461d-98ad-cb98318dfc96 |
Ansible | Medium | Backup | Query details Documentation |
| Misconfigured Password Policy Expiration 3f2cf811-88fa-4eda-be45-7a191a18aba9 |
Ansible | Medium | Best Practices | Query details Documentation |
| IAM Password Without Uppercase Letter 83957b81-39c1-4191-8e12-671d2ce14354 |
Ansible | Medium | Best Practices | Query details Documentation |
| IAM Password Without Minimum Length 8bc2168c-1723-4eeb-a6f3-a1ba614b9a6d |
Ansible | Medium | Best Practices | Query details Documentation |
| IAM Password Without Number 9cf25d62-0b96-42c8-b66d-998cd6ee5bb8 |
Ansible | Medium | Best Practices | Query details Documentation |
| IAM Password Without Lowercase Letter 8e3063f4-b511-45c3-b030-f3b0c9131951 |
Ansible | Medium | Best Practices | Query details Documentation |
| Password Without Reuse Prevention 6f5f5444-1422-495f-81ef-24cefd61ed2c |
Ansible | Medium | Best Practices | Query details Documentation |
| Stack Without Template 32d31f1f-0f83-4721-b7ec-1e6948c60145 |
Ansible | Medium | Build Process | Query details Documentation |
| EBS Volume Encryption Disabled 4b6012e7-7176-46e4-8108-e441785eae57 |
Ansible | Medium | Encryption | Query details Documentation |
| SQS With SSE Disabled e1e7b278-2a8b-49bd-a26e-66a7f70b17eb |
Ansible | Medium | Encryption | Query details Documentation |
| CodeBuild Not Encrypted a1423864-2fbc-4f46-bfe1-fbbf125c71c9 |
Ansible | Medium | Encryption | Query details Documentation |
| Config Rule For Encrypted Volumes Disabled 7674a686-e4b1-4a95-83d4-1fd53c623d84 |
Ansible | Medium | Encryption | Query details Documentation |
| Lambda Function Without Tags 265d9725-2fb8-42a2-bc57-3279c5db82d5 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| AWS Password Policy With Unchangeable Passwords e28ceb92-d588-4166-aac5-766c8f5b7472 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Instance With No VPC 61d1a2d0-4db8-405a-913d-5d2ce49dff6f |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Certificate RSA Key Bytes Lower Than 256 d5ec2080-340a-4259-b885-f833c4ea6a31 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| ECR Image Tag Not Immutable 60bfbb8a-c72f-467f-a6dd-a46b7d612789 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| API Gateway Without SSL Certificate b47b98ab-e481-4a82-8bb1-1ab39fd36e33 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| API Gateway Endpoint Config is Not Private 559439b2-3e9c-4739-ac46-17e3b24ec215 |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| API Gateway without WAF f5f38943-664b-4acc-ab11-f292fa10ed0b |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| SQL Analysis Services Port 2383 (TCP) Is Publicly Accessible 7af1c447-c014-4f05-bd8b-ebe3a15734ac |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| CloudTrail SNS Topic Name Undefined 5ba316a9-c466-4ec1-8d5b-bc6107dc9a92 |
Ansible | Medium | Observability | Query details Documentation |
| Configuration Aggregator to All Regions Disabled a2fdf451-89dd-451e-af92-bf6c0f4bab96 |
Ansible | Medium | Observability | Query details Documentation |
| CloudTrail Not Integrated With CloudWatch ebb2118a-03bc-4d53-ab43-d8750f5cb8d3 |
Ansible | Medium | Observability | Query details Documentation |
| CloudFront Logging Disabled d31cb911-bf5b-4eb6-9fc3-16780c77c7bd |
Ansible | Medium | Observability | Query details Documentation |
| API Gateway X-Ray Disabled 2059155b-27fd-441e-b616-6966c468561f |
Ansible | Medium | Observability | Query details Documentation |
| CloudTrail Multi Region Disabled 6ad087d7-a509-4b20-b853-9ef6f5ebaa98 |
Ansible | Medium | Observability | Query details Documentation |
| S3 Bucket Without Versioning 9232306a-f839-40aa-b3ef-b352001da9a5 |
Ansible | Medium | Observability | Query details Documentation |
| Stack Notifications Disabled d39761d7-94ab-45b0-ab5e-27c44e381d58 |
Ansible | Medium | Observability | Query details Documentation |
| S3 Bucket Logging Disabled c3b9f7b0-f5a0-49ec-9cbc-f1e346b7274d |
Ansible | Medium | Observability | Query details Documentation |
| CloudWatch Without Retention Period Specified e24e18d9-4c2b-4649-b3d0-18c088145e24 |
Ansible | Medium | Observability | Query details Documentation |
| API Gateway With CloudWatch Logging Disabled 72a931c2-12f5-40d1-93cc-47bff2f7aa2a |
Ansible | Medium | Observability | Query details Documentation |
| No Stack Policy ffe0fd52-7a8b-4a5c-8fc7-49844418e6c9 |
Ansible | Medium | Resource Management | Query details Documentation |
| Hardcoded AWS Access Key c2f15af3-66a0-4176-a56e-e4711e502e5c |
Ansible | Medium | Secret Management | Query details Documentation |
| Hardcoded AWS Access Key In Lambda f34508b9-f574-4330-b42d-88c44cced645 |
Ansible | Medium | Secret Management | Query details Documentation |
| IAM Group Without Users f509931b-bbb0-443c-bd9b-10e92ecf2193 |
Ansible | Low | Access Control | Query details Documentation |
| IAM Policy Grants 'AssumeRole' Permission Across All Services 12a7a7ce-39d6-49dd-923d-aeb4564eb66c |
Ansible | Low | Access Control | Query details Documentation |
| EC2 Instance Using Default Security Group 8d03993b-8384-419b-a681-d1f55149397c |
Ansible | Low | Access Control | Query details Documentation |
| IAM Role Allows All Principals To Assume babdedcf-d859-43da-9a7b-6d72e661a8fd |
Ansible | Low | Access Control | Query details Documentation |
| Automatic Minor Upgrades Disabled 857f8808-e96a-4ba8-a9b7-f2d4ec6cad94 |
Ansible | Low | Best Practices | Query details Documentation |
| Lambda Permission Misconfigured 3ddf3417-424d-420d-8275-0724dc426520 |
Ansible | Low | Best Practices | Query details Documentation |
| CDN Configuration Is Missing b25398a2-0625-4e61-8e4d-a1bb23905bf6 |
Ansible | Low | Best Practices | Query details Documentation |
| EFS Without Tags b8a9852c-9943-4973-b8d5-77dae9352851 |
Ansible | Low | Build Process | Query details Documentation |
| CloudTrail Log Files Not Encrypted With KMS f5587077-3f57-4370-9b4e-4eb5b1bac85b |
Ansible | Low | Encryption | Query details Documentation |
| ElastiCache Using Default Port 7cc6c791-5f68-4816-a564-b9b699f9d26e |
Ansible | Low | Networking and Firewall | Query details Documentation |
| EC2 Instance Using Default VPC 8833f180-96f1-46f4-9147-849aafa56029 |
Ansible | Low | Networking and Firewall | Query details Documentation |
| Redshift Using Default Port e01de151-a7bd-4db4-b49b-3c4775a5e881 |
Ansible | Low | Networking and Firewall | Query details Documentation |
| RDS Using Default Port 2cb674f6-32f9-40be-97f2-62c0dc38f0d5 |
Ansible | Low | Networking and Firewall | Query details Documentation |
| ElastiCache Without VPC 5527dcfc-94f9-4bf6-b7d4-1b78850cf41f |
Ansible | Low | Networking and Firewall | Query details Documentation |
| CloudFront Without WAF 22c80725-e390-4055-8d14-a872230f6607 |
Ansible | Low | Networking and Firewall | Query details Documentation |
| CloudTrail Log File Validation Disabled 4d8681a2-3d30-4c89-8070-08acd142748e |
Ansible | Low | Observability | Query details Documentation |
| Lambda Functions Without X-Ray Tracing 71397b34-1d50-4ee1-97cb-c96c34676f74 |
Ansible | Low | Observability | Query details Documentation |
| EC2 Not EBS Optimized 338b6cab-961d-4998-bb49-e5b6a11c9a5c |
Ansible | Info | Best Practices | Query details Documentation |
| Privilege Escalation Using Become Plugin 0e75052f-cc02-41b8-ac39-a78017527e95 |
Ansible | Medium | Access Control | Query details Documentation |
| Communication Over HTTP 2e8d4922-8362-4606-8c14-aa10466a1ce3 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Insecure Relative Path Resolution 8d22ae91-6ac1-459f-95be-d37bd373f244 |
Ansible | Low | Best Practices | Query details Documentation |
| Logging of Sensitive Data 59029ddf-e651-412b-ae7b-ff6d403184bc |
Ansible | Low | Best Practices | Query details Documentation |
| Unpinned Package Version c05e2c20-0a2c-4686-b1f8-5f0a5612d4e8 |
Ansible | Low | Supply-Chain | Query details Documentation |
| Risky File Permissions 88841d5c-d22d-4b7e-a6a0-89ca50e44b9f |
Ansible | Info | Supply-Chain | Query details Documentation |
| BigQuery Dataset Is Public 2263b286-2fe9-4747-a0ae-8b4768a2bbd2 |
Ansible | High | Access Control | Query details Documentation |
| VM With Full Cloud Access bc20bbc6-0697-4568-9a73-85af1dd97bdd |
Ansible | High | Access Control | Query details Documentation |
| Cloud Storage Anonymous or Publicly Accessible 086031e1-9d4a-4249-acb3-5bfe4c363db2 |
Ansible | High | Access Control | Query details Documentation |
| SQL DB Instance Backup Disabled 0c82eae2-aca0-401f-93e4-fb37a0f9e5e8 |
Ansible | High | Backup | Query details Documentation |
| DNSSEC Using RSASHA1 6cf4c3a7-ceb0-4475-8892-3745b84be24a |
Ansible | High | Encryption | Query details Documentation |
| SQL DB Instance With SSL Disabled d0f7da39-a2d5-4c78-bb85-4b7f338b3cbb |
Ansible | High | Encryption | Query details Documentation |
| Cluster Master Authentication Disabled 9df7f78f-ebe3-432e-ac3b-b67189c15518 |
Ansible | High | Insecure Configurations | Query details Documentation |
| GKE Legacy Authorization Enabled 300a9964-b086-41f7-9378-b6de3ba1c32b |
Ansible | High | Insecure Configurations | Query details Documentation |
| GKE Basic Authentication Enabled 344bf8ab-9308-462b-a6b2-697432e40ba1 |
Ansible | High | Insecure Configurations | Query details Documentation |
| IP Aliasing Disabled ed672a9f-fbf0-44d8-a47d-779501b0db05 |
Ansible | High | Insecure Configurations | Query details Documentation |
| Network Policy Disabled 98e04ca0-34f5-4c74-8fec-d2e611ce2790 |
Ansible | High | Insecure Configurations | Query details Documentation |
| PostgreSQL Misconfigured Logging Duration Flag aed98a2a-e680-497a-8886-277cea0f4514 |
Ansible | High | Insecure Configurations | Query details Documentation |
| MySQL Instance With Local Infile On a7b520bb-2509-4fb0-be05-bc38f54c7a4c |
Ansible | High | Insecure Configurations | Query details Documentation |
| Cluster Labels Disabled fbe9b2d0-a2b7-47a1-a534-03775f3013f7 |
Ansible | High | Insecure Configurations | Query details Documentation |
| SQL DB Instance Publicly Accessible 7d7054c0-3a52-4e9b-b9ff-cbfe16a2378b |
Ansible | High | Insecure Configurations | Query details Documentation |
| Cloud SQL Instance With Contained Database Authentication On 6d34aff3-fdd2-460c-8190-756a3b4969e8 |
Ansible | High | Insecure Configurations | Query details Documentation |
| Private Cluster Disabled 3b30e3d6-c99b-4318-b38f-b99db74578b5 |
Ansible | High | Insecure Configurations | Query details Documentation |
| Client Certificate Disabled 20180133-a0d0-4745-bfe0-94049fbb12a9 |
Ansible | High | Insecure Configurations | Query details Documentation |
| Cloud SQL Instance With Cross DB Ownership Chaining On 9e0c33ed-97f3-4ed6-8be9-bcbf3f65439f |
Ansible | High | Insecure Configurations | Query details Documentation |
| GKE Master Authorized Networks Disabled d43366c5-80b0-45de-bbe8-2338f4ab0a83 |
Ansible | High | Networking and Firewall | Query details Documentation |
| Compute Instance Is Publicly Accessible 829f1c60-2bab-44c6-8a21-5cd9d39a2c82 |
Ansible | High | Networking and Firewall | Query details Documentation |
| PostgreSQL Log Connections Disabled d7a5616f-0a3f-4d43-bc2b-29d1a183e317 |
Ansible | High | Observability | Query details Documentation |
| Stackdriver Monitoring Disabled 20dcd953-a8b8-4892-9026-9afa6d05a525 |
Ansible | High | Observability | Query details Documentation |
| Cloud Storage Bucket Logging Not Enabled 507df964-ad97-4035-ab14-94a82eabdfdd |
Ansible | High | Observability | Query details Documentation |
| Cloud Storage Bucket Versioning Disabled 7814ddda-e758-4a56-8be3-289a81ded929 |
Ansible | High | Observability | Query details Documentation |
| PostgreSQL Logging Of Temporary Files Disabled d6fae5b6-ada9-46c0-8b36-3108a2a2f77b |
Ansible | High | Observability | Query details Documentation |
| Stackdriver Logging Disabled 19c9e2a0-fc33-4264-bba1-e3682661e8f7 |
Ansible | High | Observability | Query details Documentation |
| Node Auto Upgrade Disabled d6e10477-2e19-4bcd-b8a8-19c65b89ccdf |
Ansible | High | Resource Management | Query details Documentation |
| Disk Encryption Disabled 092bae86-6105-4802-99d2-99cd7e7431f3 |
Ansible | Medium | Encryption | Query details Documentation |
| Google Compute SSL Policy Weak Cipher In Use b28bcd2f-c309-490e-ab7c-35fc4023eb26 |
Ansible | Medium | Encryption | Query details Documentation |
| OSLogin Is Disabled In VM Instance 66dae697-507b-4aef-be18-eec5bd707f33 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Using Default Service Account 2775e169-e708-42a9-9305-b58aadd2c4dd |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Cloud DNS Without DNSSEC 80b15fb1-6207-40f4-a803-6915ae619a03 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| COS Node Image Not Used be41f891-96b1-4b9d-b74f-b922a918c778 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Google Container Node Pool Auto Repair Disabled d58c6f24-3763-4269-9f5b-86b2569a003b |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Shielded VM Disabled 18d3a83d-4414-49dc-90ea-f0387b2856cc |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| GKE Using Default Service Account dc126833-125a-40fb-905a-ce5f2afde240 |
Ansible | Medium | Insecure Defaults | Query details Documentation |
| Serial Ports Are Enabled For VM Instances c6fc6f29-dc04-46b6-99ba-683c01aff350 |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| Google Compute Network Using Default Firewall Rule 29b8224a-60e9-4011-8ac2-7916a659841f |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| Google Compute Network Using Firewall Rule that Allows All Ports 3602d273-3290-47b2-80fa-720162b1a8af |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| IP Forwarding Enabled 11bd3554-cd56-4257-8e25-7aaf30cf8f5f |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| SSH Access Is Not Restricted b2fbf1df-76dd-4d78-a6c0-e538f4a9b016 |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| RDP Access Is Not Restricted 75418eb9-39ec-465f-913c-6f2b6a80dc77 |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| PostgreSQL Misconfigured Log Messages Flag 28a757fc-3d8f-424a-90c0-4233363b2711 |
Ansible | Medium | Observability | Query details Documentation |
| PostgreSQL log_checkpoints Flag Not Set To ON 89afe3f0-4681-4ce3-89ed-896cebd4277c |
Ansible | Medium | Observability | Query details Documentation |
| Project-wide SSH Keys Are Enabled In VM Instances 099b4411-d11e-4537-a0fc-146b19762a79 |
Ansible | Medium | Secret Management | Query details Documentation |
| High Google KMS Crypto Key Rotation Period f9b7086b-deb8-4034-9330-d7fd38f1b8de |
Ansible | Medium | Secret Management | Query details Documentation |
| Google Compute Subnetwork with Private Google Access Disabled 6a4080ae-79bd-42f6-a924-8f534c1c018b |
Ansible | Low | Networking and Firewall | Query details Documentation |
| Google Compute Network Using Firewall Rule that Allows Port Range 7289eebd-a477-4064-8ad4-3c044bd70b00 |
Ansible | Low | Networking and Firewall | Query details Documentation |
| Allow Unsafe Lookups Enabled 86b97bb4-85c9-462d-8635-cbc057c5c8c5 |
Ansible | High | Insecure Configurations | Query details Documentation |
| Privilege Escalation Using Become Plugin 404908b6-4954-4611-98f0-e8ceacdabcb1 |
Ansible | Medium | Access Control | Query details Documentation |
| Communication over HTTP d7dc9350-74bc-485b-8c85-fed22d276c43 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Logging of Sensitive Data c6473dae-8477-4119-88b7-b909b435ce7b |
Ansible | Low | Best Practices | Query details Documentation |
| Passwords And Secrets a88baa34-e2ad-44ea-ad6f-8cac87bc7c71 |
Common | High | Secret Management | Query details Documentation |