All
Queries List¶
This page contains all queries.
| Query | Platform | Severity | Category | More info |
|---|---|---|---|---|
| ECR Repository Is Publicly Accessible fb5a5df7-6d74-4243-ab82-ff779a958bfd |
Ansible | Critical | Access Control | Query details Documentation |
| S3 Bucket Access to Any Principal 3ab1f27d-52cc-4943-af1d-43c1939e739a |
Ansible | Critical | Access Control | Query details Documentation |
| S3 Bucket Allows Delete Action From All Principals 6fa44721-ef21-41c6-8665-330d59461163 |
Ansible | Critical | Access Control | Query details Documentation |
| S3 Bucket Allows Put Action From All Principals a0f1bfe0-741e-473f-b3b2-13e66f856fab |
Ansible | Critical | Access Control | Query details Documentation |
| S3 Bucket With All Permissions 6a6d7e56-c913-4549-b5c5-5221e624d2ec |
Ansible | Critical | Access Control | Query details Documentation |
| S3 Bucket With Public Access c3e073c1-f65e-4d18-bd67-4a8f20ad1ab9 |
Ansible | Critical | Access Control | Query details Documentation |
| RDS DB Instance Publicly Accessible c09e3ca5-f08a-4717-9c87-3919c5e6d209 |
Ansible | Critical | Insecure Configurations | Query details Documentation |
| DB Security Group With Public Scope 0956aedf-6a7a-478b-ab56-63e2b19923ad |
Ansible | Critical | Networking and Firewall | Query details Documentation |
| RDS Associated with Public Subnet 16732649-4ff6-4cd2-8746-e72c13fae4b8 |
Ansible | Critical | Networking and Firewall | Query details Documentation |
| Cross-Account IAM Assume Role Policy Without ExternalId or MFA af167837-9636-4086-b815-c239186b9dda |
Ansible | High | Access Control | Query details Documentation |
| ECS Service Admin Role Is Present 7db727c1-1720-468e-b80e-06697f71e09e |
Ansible | High | Access Control | Query details Documentation |
| IAM Policy Grants Full Permissions b5ed026d-a772-4f07-97f9-664ba0b116f8 |
Ansible | High | Access Control | Query details Documentation |
| S3 Bucket ACL Allows Read to All Users a1ef9d2e-4163-40cb-bd92-04f0d602a15d |
Ansible | High | Access Control | Query details Documentation |
| S3 Bucket ACL Allows Read to Any Authenticated User 75480b31-f349-4b9a-861f-bce19588e674 |
Ansible | High | Access Control | Query details Documentation |
| S3 Bucket Allows Get Action From All Principals 53bce6a8-5492-4b1b-81cf-664385f0c4bf |
Ansible | High | Access Control | Query details Documentation |
| S3 Bucket Allows List Action From All Principals d395a950-12ce-4314-a742-ac5a785ab44e |
Ansible | High | Access Control | Query details Documentation |
| SNS Topic is Publicly Accessible 905f4741-f965-45c1-98db-f7a00a0e5c73 |
Ansible | High | Access Control | Query details Documentation |
| SQS Policy Allows All Actions ed9b3beb-92cf-44d9-a9d2-171eeba569d4 |
Ansible | High | Access Control | Query details Documentation |
| SQS Queue Exposed 86b0efa7-4901-4edd-a37a-c034bec6645a |
Ansible | High | Access Control | Query details Documentation |
| Config Rule For Encrypted Volumes Disabled 7674a686-e4b1-4a95-83d4-1fd53c623d84 |
Ansible | High | Encryption | Query details Documentation |
| DB Instance Storage Not Encrypted 7dfb316c-a6c2-454d-b8a2-97f147b0c0ff |
Ansible | High | Encryption | Query details Documentation |
| EBS Volume Encryption Disabled 4b6012e7-7176-46e4-8108-e441785eae57 |
Ansible | High | Encryption | Query details Documentation |
| EFS Not Encrypted 727c4fd4-d604-4df6-a179-7713d3c85e20 |
Ansible | High | Encryption | Query details Documentation |
| ELB Using Weak Ciphers 2034fb37-bc23-4ca0-8d95-2b9f15829ab5 |
Ansible | High | Encryption | Query details Documentation |
| Kinesis Not Encrypted With KMS f2ea6481-1d31-4d40-946a-520dc6321dd7 |
Ansible | High | Encryption | Query details Documentation |
| Launch Configuration Is Not Encrypted 66477506-6abb-49ed-803d-3fa174cd5f6a |
Ansible | High | Encryption | Query details Documentation |
| Redis Not Compliant 9f34885e-c08f-4d13-a7d1-cf190c5bd268 |
Ansible | High | Encryption | Query details Documentation |
| Redshift Not Encrypted 6a647814-def5-4b85-88f5-897c19f509cd |
Ansible | High | Encryption | Query details Documentation |
| S3 Bucket Without Server-side-encryption 594f54e7-f744-45ab-93e4-c6dbaf6cd571 |
Ansible | High | Encryption | Query details Documentation |
| User Data Contains Encoded Private Key c09f4d3e-27d2-4d46-9453-abbe9687a64e |
Ansible | High | Encryption | Query details Documentation |
| Batch Job Definition With Privileged Container Properties defe5b18-978d-4722-9325-4d1975d3699f |
Ansible | High | Insecure Configurations | Query details Documentation |
| EC2 Group Has Public Interface 5330b503-3319-44ff-9b1c-00ee873f728a |
Ansible | High | Insecure Configurations | Query details Documentation |
| KMS Key With Vulnerable Policy 5b9d237a-57d5-4177-be0e-71434b0fef47 |
Ansible | High | Insecure Configurations | Query details Documentation |
| Redshift Publicly Accessible 5c6b727b-1382-4629-8ba9-abd1365e5610 |
Ansible | High | Insecure Configurations | Query details Documentation |
| Root Account Has Active Access Keys e71d0bc7-d9e8-4e6e-ae90-0a4206db6f40 |
Ansible | High | Insecure Configurations | Query details Documentation |
| DB Security Group Open To Large Scope ea0ed1c7-9aef-4464-b7c7-94c762da3640 |
Ansible | High | Networking and Firewall | Query details Documentation |
| Default Security Groups With Unrestricted Traffic 8010e17a-00e9-4635-a692-90d6bcec68bd |
Ansible | High | Networking and Firewall | Query details Documentation |
| Public Port Wide 71ea648a-d31a-4b5a-a589-5674243f1c33 |
Ansible | High | Networking and Firewall | Query details Documentation |
| Remote Desktop Port Open To Internet eda7301d-1f3e-47cf-8d4e-976debc64341 |
Ansible | High | Networking and Firewall | Query details Documentation |
| Route53 Record Undefined 445dce51-7e53-4e50-80ef-7f94f14169e4 |
Ansible | High | Networking and Firewall | Query details Documentation |
| Security Group Ingress Not Restricted ea6bc7a6-d696-4dcf-a788-17fa03c17c81 |
Ansible | High | Networking and Firewall | Query details Documentation |
| Unknown Port Exposed To Internet 722b0f24-5a64-4cca-aa96-cfc26b7e3a5b |
Ansible | High | Networking and Firewall | Query details Documentation |
| Unrestricted Security Group Ingress 83c5fa4c-e098-48fc-84ee-0a537287ddd2 |
Ansible | High | Networking and Firewall | Query details Documentation |
| Hardcoded AWS Access Key c2f15af3-66a0-4176-a56e-e4711e502e5c |
Ansible | High | Secret Management | Query details Documentation |
| Hardcoded AWS Access Key In Lambda f34508b9-f574-4330-b42d-88c44cced645 |
Ansible | High | Secret Management | Query details Documentation |
| AMI Shared With Multiple Accounts a19b2942-142e-4e2b-93b7-6cf6a6c8d90f |
Ansible | Medium | Access Control | Query details Documentation |
| API Gateway Without Configured Authorizer b16cdb37-ce15-4ab2-8401-d42b05d123fc |
Ansible | Medium | Access Control | Query details Documentation |
| Certificate Has Expired 5a443297-19d4-4381-9e5b-24faf947ec22 |
Ansible | Medium | Access Control | Query details Documentation |
| EC2 Instance Using Default Security Group 8d03993b-8384-419b-a681-d1f55149397c |
Ansible | Medium | Access Control | Query details Documentation |
| IAM Access Key Is Exposed 7f79f858-fbe8-4186-8a2c-dfd0d958a40f |
Ansible | Medium | Access Control | Query details Documentation |
| IAM Group Without Users f509931b-bbb0-443c-bd9b-10e92ecf2193 |
Ansible | Medium | Access Control | Query details Documentation |
| IAM Policies Attached To User eafe4bc3-1042-4f88-b988-1939e64bf060 |
Ansible | Medium | Access Control | Query details Documentation |
| IAM Policies With Full Privileges e401d614-8026-4f4b-9af9-75d1197461ba |
Ansible | Medium | Access Control | Query details Documentation |
| IAM Policy Grants 'AssumeRole' Permission Across All Services 12a7a7ce-39d6-49dd-923d-aeb4564eb66c |
Ansible | Medium | Access Control | Query details Documentation |
| IAM Role Allows All Principals To Assume babdedcf-d859-43da-9a7b-6d72e661a8fd |
Ansible | Medium | Access Control | Query details Documentation |
| Lambda Permission Principal Is Wildcard 1d972c56-8ec2-48c1-a578-887adb09c57a |
Ansible | Medium | Access Control | Query details Documentation |
| Public Lambda via API Gateway 5e92d816-2177-4083-85b4-f61b4f7176d9 |
Ansible | Medium | Access Control | Query details Documentation |
| SES Policy With Allowed IAM Actions 8ed0bfce-f780-46d4-b086-21c3628f09ad |
Ansible | Medium | Access Control | Query details Documentation |
| SQS Policy With Public Access d994585f-defb-4b51-b6d2-c70f020ceb10 |
Ansible | Medium | Access Control | Query details Documentation |
| Auto Scaling Group With No Associated ELB 050f085f-a8db-4072-9010-2cca235cc02f |
Ansible | Medium | Availability | Query details Documentation |
| CMK Is Unusable 133fee21-37ef-45df-a563-4d07edc169f4 |
Ansible | Medium | Availability | Query details Documentation |
| RDS With Backup Disabled e69890e6-fce5-461d-98ad-cb98318dfc96 |
Ansible | Medium | Backup | Query details Documentation |
| S3 Bucket Without Versioning 9232306a-f839-40aa-b3ef-b352001da9a5 |
Ansible | Medium | Backup | Query details Documentation |
| Stack Retention Disabled 17d5ba1d-7667-4729-b1a6-b11fde3db7f7 |
Ansible | Medium | Backup | Query details Documentation |
| AMI Not Encrypted 97707503-a22c-4cd7-b7c0-f088fa7cf830 |
Ansible | Medium | Encryption | Query details Documentation |
| CA Certificate Identifier Is Outdated 5eccd62d-8b4d-46d3-83ea-1879f3cbd3ce |
Ansible | Medium | Encryption | Query details Documentation |
| Cloudfront Viewer Protocol Policy Allows HTTP a6d27cf7-61dc-4bde-ae08-3b353b609f76 |
Ansible | Medium | Encryption | Query details Documentation |
| CodeBuild Not Encrypted a1423864-2fbc-4f46-bfe1-fbbf125c71c9 |
Ansible | Medium | Encryption | Query details Documentation |
| ELB Using Insecure Protocols 730a5951-2760-407a-b032-dd629b55c23a |
Ansible | Medium | Encryption | Query details Documentation |
| IAM Database Auth Not Enabled 0ed012a4-9199-43d2-b9e4-9bd049a48aa4 |
Ansible | Medium | Encryption | Query details Documentation |
| Secure Ciphers Disabled 218413a0-c716-4b94-9e08-0bb70d854709 |
Ansible | Medium | Encryption | Query details Documentation |
| SQS With SSE Disabled e1e7b278-2a8b-49bd-a26e-66a7f70b17eb |
Ansible | Medium | Encryption | Query details Documentation |
| API Gateway Without SSL Certificate b47b98ab-e481-4a82-8bb1-1ab39fd36e33 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Certificate RSA Key Bytes Lower Than 256 d5ec2080-340a-4259-b885-f833c4ea6a31 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| CloudFront Without Minimum Protocol TLS 1.2 d0c13053-d2c8-44a6-95da-d592996e9e67 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| ECR Image Tag Not Immutable 60bfbb8a-c72f-467f-a6dd-a46b7d612789 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| ECS Task Definition Network Mode Not Recommended 01aec7c2-3e4d-4274-ae47-2b8fea22fd1f |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| S3 Bucket with Unsecured CORS Rule 3505094c-f77c-4ba0-95da-f83db712f86c |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Vulnerable Default SSL Certificate fb8f8929-afeb-4c46-99f0-a6cf410f7df4 |
Ansible | Medium | Insecure Defaults | Query details Documentation |
| ALB Listening on HTTP f81d63d2-c5d7-43a4-a5b5-66717a41c895 |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| API Gateway Endpoint Config is Not Private 559439b2-3e9c-4739-ac46-17e3b24ec215 |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| API Gateway without WAF f5f38943-664b-4acc-ab11-f292fa10ed0b |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| CloudFront Without WAF 22c80725-e390-4055-8d14-a872230f6607 |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| EC2 Instance Has Public IP a8b0c58b-cd25-4b53-9ad0-55bca0be0bc1 |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| Elasticsearch with HTTPS disabled d6c2d06f-43c1-488a-9ba1-8d75b40fc62d |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| HTTP Port Open To Internet a14ad534-acbe-4a8e-9404-2f7e1045646e |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| Security Group With Unrestricted Access To SSH 57ced4b9-6ba4-487b-8843-b65562b90c77 |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| SQL Analysis Services Port 2383 (TCP) Is Publicly Accessible 7af1c447-c014-4f05-bd8b-ebe3a15734ac |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| API Gateway With CloudWatch Logging Disabled 72a931c2-12f5-40d1-93cc-47bff2f7aa2a |
Ansible | Medium | Observability | Query details Documentation |
| CloudFront Logging Disabled d31cb911-bf5b-4eb6-9fc3-16780c77c7bd |
Ansible | Medium | Observability | Query details Documentation |
| CloudTrail Logging Disabled d4a73c49-cbaa-4c6f-80ee-d6ef5a3a26f5 |
Ansible | Medium | Observability | Query details Documentation |
| S3 Bucket Logging Disabled c3b9f7b0-f5a0-49ec-9cbc-f1e346b7274d |
Ansible | Medium | Observability | Query details Documentation |
| No Stack Policy ffe0fd52-7a8b-4a5c-8fc7-49844418e6c9 |
Ansible | Medium | Resource Management | Query details Documentation |
| Authentication Without MFA eee107f9-b3d8-45d3-b9c6-43b5a7263ce1 |
Ansible | Low | Access Control | Query details Documentation |
| ECS Service Without Running Tasks f5c45127-1d28-4b49-a692-0b97da1c3a84 |
Ansible | Low | Availability | Query details Documentation |
| Automatic Minor Upgrades Disabled 857f8808-e96a-4ba8-a9b7-f2d4ec6cad94 |
Ansible | Low | Best Practices | Query details Documentation |
| CDN Configuration Is Missing b25398a2-0625-4e61-8e4d-a1bb23905bf6 |
Ansible | Low | Best Practices | Query details Documentation |
| IAM Password Without Minimum Length 8bc2168c-1723-4eeb-a6f3-a1ba614b9a6d |
Ansible | Low | Best Practices | Query details Documentation |
| Lambda Permission Misconfigured 3ddf3417-424d-420d-8275-0724dc426520 |
Ansible | Low | Best Practices | Query details Documentation |
| Misconfigured Password Policy Expiration 3f2cf811-88fa-4eda-be45-7a191a18aba9 |
Ansible | Low | Best Practices | Query details Documentation |
| Password Without Reuse Prevention 6f5f5444-1422-495f-81ef-24cefd61ed2c |
Ansible | Low | Best Practices | Query details Documentation |
| EFS Without Tags b8a9852c-9943-4973-b8d5-77dae9352851 |
Ansible | Low | Build Process | Query details Documentation |
| Stack Without Template 32d31f1f-0f83-4721-b7ec-1e6948c60145 |
Ansible | Low | Build Process | Query details Documentation |
| CloudTrail Log Files Not Encrypted With KMS f5587077-3f57-4370-9b4e-4eb5b1bac85b |
Ansible | Low | Encryption | Query details Documentation |
| EFS Without KMS bd77554e-f138-40c5-91b2-2a09f878608e |
Ansible | Low | Encryption | Query details Documentation |
| AWS Password Policy With Unchangeable Passwords e28ceb92-d588-4166-aac5-766c8f5b7472 |
Ansible | Low | Insecure Configurations | Query details Documentation |
| Instance With No VPC 61d1a2d0-4db8-405a-913d-5d2ce49dff6f |
Ansible | Low | Insecure Configurations | Query details Documentation |
| Lambda Function Without Tags 265d9725-2fb8-42a2-bc57-3279c5db82d5 |
Ansible | Low | Insecure Configurations | Query details Documentation |
| EC2 Instance Using Default VPC 8833f180-96f1-46f4-9147-849aafa56029 |
Ansible | Low | Networking and Firewall | Query details Documentation |
| ElastiCache Using Default Port 7cc6c791-5f68-4816-a564-b9b699f9d26e |
Ansible | Low | Networking and Firewall | Query details Documentation |
| ElastiCache Without VPC 5527dcfc-94f9-4bf6-b7d4-1b78850cf41f |
Ansible | Low | Networking and Firewall | Query details Documentation |
| RDS Using Default Port 2cb674f6-32f9-40be-97f2-62c0dc38f0d5 |
Ansible | Low | Networking and Firewall | Query details Documentation |
| Redshift Using Default Port e01de151-a7bd-4db4-b49b-3c4775a5e881 |
Ansible | Low | Networking and Firewall | Query details Documentation |
| API Gateway X-Ray Disabled 2059155b-27fd-441e-b616-6966c468561f |
Ansible | Low | Observability | Query details Documentation |
| CloudTrail Log File Validation Disabled 4d8681a2-3d30-4c89-8070-08acd142748e |
Ansible | Low | Observability | Query details Documentation |
| CloudTrail Multi Region Disabled 6ad087d7-a509-4b20-b853-9ef6f5ebaa98 |
Ansible | Low | Observability | Query details Documentation |
| CloudTrail Not Integrated With CloudWatch ebb2118a-03bc-4d53-ab43-d8750f5cb8d3 |
Ansible | Low | Observability | Query details Documentation |
| CloudTrail SNS Topic Name Undefined 5ba316a9-c466-4ec1-8d5b-bc6107dc9a92 |
Ansible | Low | Observability | Query details Documentation |
| CMK Rotation Disabled af96d737-0818-4162-8c41-40d969bd65d1 |
Ansible | Low | Observability | Query details Documentation |
| Configuration Aggregator to All Regions Disabled a2fdf451-89dd-451e-af92-bf6c0f4bab96 |
Ansible | Low | Observability | Query details Documentation |
| Lambda Functions Without X-Ray Tracing 71397b34-1d50-4ee1-97cb-c96c34676f74 |
Ansible | Low | Observability | Query details Documentation |
| Stack Notifications Disabled d39761d7-94ab-45b0-ab5e-27c44e381d58 |
Ansible | Low | Observability | Query details Documentation |
| EC2 Not EBS Optimized 338b6cab-961d-4998-bb49-e5b6a11c9a5c |
Ansible | Info | Best Practices | Query details Documentation |
| CloudWatch Without Retention Period Specified e24e18d9-4c2b-4649-b3d0-18c088145e24 |
Ansible | Info | Observability | Query details Documentation |
| CosmosDB Account IP Range Filter Not Set e8c80448-31d8-4755-85fc-6dbab69c2717 |
Ansible | Critical | Networking and Firewall | Query details Documentation |
| Redis Entirely Accessible 0d0c12b9-edce-4510-9065-13f6a758750c |
Ansible | Critical | Networking and Firewall | Query details Documentation |
| Redis Publicly Accessible 0632d0db-9190-450a-8bb3-c283bffea445 |
Ansible | Critical | Networking and Firewall | Query details Documentation |
| SQLServer Ingress From Any IP f4e9ff70-0f3b-4c50-a713-26cbe7ec4039 |
Ansible | Critical | Networking and Firewall | Query details Documentation |
| Unrestricted SQL Server Access 3f23c96c-f9f5-488d-9b17-605b8da5842f |
Ansible | Critical | Networking and Firewall | Query details Documentation |
| Default Azure Storage Account Network Access Is Too Permissive ca4df748-613a-4fbf-9c76-f02cbd580307 |
Ansible | High | Access Control | Query details Documentation |
| Public Storage Account 35e2f133-a395-40de-a79d-b260d973d1bd |
Ansible | High | Access Control | Query details Documentation |
| Storage Container Is Publicly Accessible 4d3817db-dd35-4de4-a80d-3867157e7f7f |
Ansible | High | Access Control | Query details Documentation |
| Azure Container Registry With No Locks 581dae78-307d-45d5-aae4-fe2b0db267a5 |
Ansible | High | Insecure Configurations | Query details Documentation |
| Security Group is Not Configured da4f2739-174f-4cdd-b9ef-dc3f14b5931f |
Ansible | High | Insecure Configurations | Query details Documentation |
| Sensitive Port Is Exposed To Entire Network 0ac9abbc-6d7a-41cf-af23-2e57ddb3dbfc |
Ansible | High | Networking and Firewall | Query details Documentation |
| Admin User Enabled For Container Registry 29f35127-98e6-43af-8ec1-201b79f99604 |
Ansible | Medium | Access Control | Query details Documentation |
| AKS RBAC Disabled 149fa56c-4404-4f90-9e25-d34b676d5b39 |
Ansible | Medium | Access Control | Query details Documentation |
| Role Definition Allows Custom Role Creation 5c80db8e-03f5-43a2-b4af-1f3f87018157 |
Ansible | Medium | Access Control | Query details Documentation |
| Key Vault Soft Delete Is Disabled 881696a8-68c5-4073-85bc-7c38a3deb854 |
Ansible | Medium | Backup | Query details Documentation |
| Azure Instance Using Basic Authentication e2d834b7-8b25-4935-af53-4a60668dcbe0 |
Ansible | Medium | Best Practices | Query details Documentation |
| MySQL SSL Connection Disabled 2a901825-0f3b-4655-a0fe-e0470e50f8e6 |
Ansible | Medium | Encryption | Query details Documentation |
| SSL Enforce Disabled 961ce567-a16d-4d7d-9027-f0ec2628a555 |
Ansible | Medium | Encryption | Query details Documentation |
| Storage Account Not Forcing HTTPS 2c99a474-2a3c-4c17-8294-53ffa5ed0522 |
Ansible | Medium | Encryption | Query details Documentation |
| Storage Account Not Using Latest TLS Encryption Version c62746cf-92d5-4649-9acf-7d48d086f2ee |
Ansible | Medium | Encryption | Query details Documentation |
| AD Admin Not Configured For SQL Server b176e927-bbe2-44a6-a9c3-041417137e5f |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Redis Cache Allows Non SSL Connections 869e7fb4-30f0-4bdb-b360-ad548f337f2f |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| VM Not Attached To Network 1e5f5307-3e01-438d-8da6-985307ed25ce |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Web App Accepting Traffic Other Than HTTPS eb8c2560-8bee-4248-9d0d-e80c8641dd91 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Firewall Rule Allows Too Many Hosts To Access Redis Cache 69f72007-502e-457b-bd2d-5012e31ac049 |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| Trusted Microsoft Services Not Enabled 1bc398a8-d274-47de-a4c8-6ac867b353de |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| WAF Is Disabled For Azure Application Gateway 2fc5ab5a-c5eb-4ae4-b687-0f16fe77c255 |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| AKS Monitoring Logging Disabled d5e83b32-56dd-4247-8c2e-074f43b38a5e |
Ansible | Medium | Observability | Query details Documentation |
| Log Retention Is Not Set 0461b4fd-21ef-4687-929e-484ee4796785 |
Ansible | Medium | Observability | Query details Documentation |
| Monitoring Log Profile Without All Activities 89f84a1e-75f8-47c5-83b5-bee8e2de4168 |
Ansible | Medium | Observability | Query details Documentation |
| PostgreSQL Log Checkpoints Disabled 7ab33ac0-e4a3-418f-a673-50da4e34df21 |
Ansible | Medium | Observability | Query details Documentation |
| PostgreSQL Log Connections Not Set 7b47138f-ec0e-47dc-8516-e7728fe3cc17 |
Ansible | Medium | Observability | Query details Documentation |
| PostgreSQL Log Disconnections Not Set 054d07b5-941b-4c28-8eef-18989dc62323 |
Ansible | Medium | Observability | Query details Documentation |
| PostgreSQL Log Duration Not Set 729ebb15-8060-40f7-9017-cb72676a5487 |
Ansible | Medium | Observability | Query details Documentation |
| PostgreSQL Server Without Connection Throttling a9becca7-892a-4af7-b9e1-44bf20a4cd9a |
Ansible | Medium | Observability | Query details Documentation |
| SQL Server Predictable Active Directory Account Name 530e8291-2f22-4bab-b7ea-306f1bc2a308 |
Ansible | Low | Best Practices | Query details Documentation |
| SQL Server Predictable Admin Account Name 663062e9-473d-4e87-99bc-6f3684b3df40 |
Ansible | Low | Best Practices | Query details Documentation |
| Cosmos DB Account Without Tags 23a4dc83-4959-4d99-8056-8e051a82bc1e |
Ansible | Low | Build Process | Query details Documentation |
| AKS Network Policy Misconfigured 8c3bedf1-c570-4c3b-b414-d068cd39a00c |
Ansible | Low | Insecure Configurations | Query details Documentation |
| Small Activity Log Retention Period 37fafbea-dedb-4e0d-852e-d16ee0589326 |
Ansible | Low | Observability | Query details Documentation |
| Allow Unsafe Lookups Enabled 86b97bb4-85c9-462d-8635-cbc057c5c8c5 |
Ansible | High | Insecure Configurations | Query details Documentation |
| Privilege Escalation Using Become Plugin 404908b6-4954-4611-98f0-e8ceacdabcb1 |
Ansible | Medium | Access Control | Query details Documentation |
| Communication over HTTP d7dc9350-74bc-485b-8c85-fed22d276c43 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Logging of Sensitive Data c6473dae-8477-4119-88b7-b909b435ce7b |
Ansible | Low | Best Practices | Query details Documentation |
| Cloud Storage Anonymous or Publicly Accessible 086031e1-9d4a-4249-acb3-5bfe4c363db2 |
Ansible | Critical | Access Control | Query details Documentation |
| SQL DB Instance Publicly Accessible 7d7054c0-3a52-4e9b-b9ff-cbfe16a2378b |
Ansible | Critical | Insecure Configurations | Query details Documentation |
| BigQuery Dataset Is Public 2263b286-2fe9-4747-a0ae-8b4768a2bbd2 |
Ansible | High | Access Control | Query details Documentation |
| SQL DB Instance With SSL Disabled d0f7da39-a2d5-4c78-bb85-4b7f338b3cbb |
Ansible | High | Encryption | Query details Documentation |
| Client Certificate Disabled 20180133-a0d0-4745-bfe0-94049fbb12a9 |
Ansible | High | Insecure Configurations | Query details Documentation |
| Cloud SQL Instance With Contained Database Authentication On 6d34aff3-fdd2-460c-8190-756a3b4969e8 |
Ansible | High | Insecure Configurations | Query details Documentation |
| Cloud SQL Instance With Cross DB Ownership Chaining On 9e0c33ed-97f3-4ed6-8be9-bcbf3f65439f |
Ansible | High | Insecure Configurations | Query details Documentation |
| GKE Legacy Authorization Enabled 300a9964-b086-41f7-9378-b6de3ba1c32b |
Ansible | High | Insecure Configurations | Query details Documentation |
| MySQL Instance With Local Infile On a7b520bb-2509-4fb0-be05-bc38f54c7a4c |
Ansible | High | Insecure Configurations | Query details Documentation |
| RDP Access Is Not Restricted 75418eb9-39ec-465f-913c-6f2b6a80dc77 |
Ansible | High | Networking and Firewall | Query details Documentation |
| VM With Full Cloud Access bc20bbc6-0697-4568-9a73-85af1dd97bdd |
Ansible | Medium | Access Control | Query details Documentation |
| SQL DB Instance Backup Disabled 0c82eae2-aca0-401f-93e4-fb37a0f9e5e8 |
Ansible | Medium | Backup | Query details Documentation |
| Disk Encryption Disabled 092bae86-6105-4802-99d2-99cd7e7431f3 |
Ansible | Medium | Encryption | Query details Documentation |
| DNSSEC Using RSASHA1 6cf4c3a7-ceb0-4475-8892-3745b84be24a |
Ansible | Medium | Encryption | Query details Documentation |
| Google Compute SSL Policy Weak Cipher In Use b28bcd2f-c309-490e-ab7c-35fc4023eb26 |
Ansible | Medium | Encryption | Query details Documentation |
| Cloud DNS Without DNSSEC 80b15fb1-6207-40f4-a803-6915ae619a03 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Cluster Master Authentication Disabled 9df7f78f-ebe3-432e-ac3b-b67189c15518 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| GKE Basic Authentication Enabled 344bf8ab-9308-462b-a6b2-697432e40ba1 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Google Container Node Pool Auto Repair Disabled d58c6f24-3763-4269-9f5b-86b2569a003b |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| IP Aliasing Disabled ed672a9f-fbf0-44d8-a47d-779501b0db05 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Network Policy Disabled 98e04ca0-34f5-4c74-8fec-d2e611ce2790 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| OSLogin Is Disabled In VM Instance 66dae697-507b-4aef-be18-eec5bd707f33 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Private Cluster Disabled 3b30e3d6-c99b-4318-b38f-b99db74578b5 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Shielded VM Disabled 18d3a83d-4414-49dc-90ea-f0387b2856cc |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Using Default Service Account 2775e169-e708-42a9-9305-b58aadd2c4dd |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| GKE Using Default Service Account dc126833-125a-40fb-905a-ce5f2afde240 |
Ansible | Medium | Insecure Defaults | Query details Documentation |
| Compute Instance Is Publicly Accessible 829f1c60-2bab-44c6-8a21-5cd9d39a2c82 |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| GKE Master Authorized Networks Disabled d43366c5-80b0-45de-bbe8-2338f4ab0a83 |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| Google Compute Network Using Default Firewall Rule 29b8224a-60e9-4011-8ac2-7916a659841f |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| Google Compute Network Using Firewall Rule that Allows All Ports 3602d273-3290-47b2-80fa-720162b1a8af |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| IP Forwarding Enabled 11bd3554-cd56-4257-8e25-7aaf30cf8f5f |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| Serial Ports Are Enabled For VM Instances c6fc6f29-dc04-46b6-99ba-683c01aff350 |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| SSH Access Is Not Restricted b2fbf1df-76dd-4d78-a6c0-e538f4a9b016 |
Ansible | Medium | Networking and Firewall | Query details Documentation |
| Cloud Storage Bucket Logging Not Enabled 507df964-ad97-4035-ab14-94a82eabdfdd |
Ansible | Medium | Observability | Query details Documentation |
| Cloud Storage Bucket Versioning Disabled 7814ddda-e758-4a56-8be3-289a81ded929 |
Ansible | Medium | Observability | Query details Documentation |
| PostgreSQL Log Connections Disabled d7a5616f-0a3f-4d43-bc2b-29d1a183e317 |
Ansible | Medium | Observability | Query details Documentation |
| PostgreSQL log_checkpoints Flag Not Set To ON 89afe3f0-4681-4ce3-89ed-896cebd4277c |
Ansible | Medium | Observability | Query details Documentation |
| Stackdriver Logging Disabled 19c9e2a0-fc33-4264-bba1-e3682661e8f7 |
Ansible | Medium | Observability | Query details Documentation |
| Stackdriver Monitoring Disabled 20dcd953-a8b8-4892-9026-9afa6d05a525 |
Ansible | Medium | Observability | Query details Documentation |
| Node Auto Upgrade Disabled d6e10477-2e19-4bcd-b8a8-19c65b89ccdf |
Ansible | Medium | Resource Management | Query details Documentation |
| High Google KMS Crypto Key Rotation Period f9b7086b-deb8-4034-9330-d7fd38f1b8de |
Ansible | Medium | Secret Management | Query details Documentation |
| Project-wide SSH Keys Are Enabled In VM Instances 099b4411-d11e-4537-a0fc-146b19762a79 |
Ansible | Medium | Secret Management | Query details Documentation |
| Cluster Labels Disabled fbe9b2d0-a2b7-47a1-a534-03775f3013f7 |
Ansible | Low | Insecure Configurations | Query details Documentation |
| COS Node Image Not Used be41f891-96b1-4b9d-b74f-b922a918c778 |
Ansible | Low | Insecure Configurations | Query details Documentation |
| PostgreSQL Misconfigured Logging Duration Flag aed98a2a-e680-497a-8886-277cea0f4514 |
Ansible | Low | Insecure Configurations | Query details Documentation |
| Google Compute Network Using Firewall Rule that Allows Port Range 7289eebd-a477-4064-8ad4-3c044bd70b00 |
Ansible | Low | Networking and Firewall | Query details Documentation |
| Google Compute Subnetwork with Private Google Access Disabled 6a4080ae-79bd-42f6-a924-8f534c1c018b |
Ansible | Low | Networking and Firewall | Query details Documentation |
| PostgreSQL Logging Of Temporary Files Disabled d6fae5b6-ada9-46c0-8b36-3108a2a2f77b |
Ansible | Low | Observability | Query details Documentation |
| PostgreSQL Misconfigured Log Messages Flag 28a757fc-3d8f-424a-90c0-4233363b2711 |
Ansible | Low | Observability | Query details Documentation |
| Ansible Tower Exposed To Internet 1b2bf3ff-31e9-460e-bbfb-45e48f4f20cc |
Ansible | Medium | Best Practices | Query details Documentation |
| Privilege Escalation Using Become Plugin 0e75052f-cc02-41b8-ac39-a78017527e95 |
Ansible | Medium | Access Control | Query details Documentation |
| Communication Over HTTP 2e8d4922-8362-4606-8c14-aa10466a1ce3 |
Ansible | Medium | Insecure Configurations | Query details Documentation |
| Insecure Relative Path Resolution 8d22ae91-6ac1-459f-95be-d37bd373f244 |
Ansible | Low | Best Practices | Query details Documentation |
| Logging of Sensitive Data 59029ddf-e651-412b-ae7b-ff6d403184bc |
Ansible | Low | Best Practices | Query details Documentation |
| Unpinned Package Version c05e2c20-0a2c-4686-b1f8-5f0a5612d4e8 |
Ansible | Low | Supply-Chain | Query details Documentation |
| Risky File Permissions 88841d5c-d22d-4b7e-a6a0-89ca50e44b9f |
Ansible | Info | Supply-Chain | Query details Documentation |
| SQL Database Server Firewall Allows All IPS 6a3201a5-1630-494b-b294-3129d06b0eca |
AzureResourceManager | Critical | Networking and Firewall | Query details Documentation |
| AKS Cluster RBAC Disabled 9307a2ed-35c2-413d-94de-a1a0682c2158 |
AzureResourceManager | High | Access Control | Query details Documentation |
| Default Azure Storage Account Network Access Is Too Permissive d855ced8-6157-448f-9f1d-f05a41d046f7 |
AzureResourceManager | High | Access Control | Query details Documentation |
| Role Definitions Allow Custom Subscription Role Creation 8fa9ceea-881f-4ef0-b0b8-728f589699a7 |
AzureResourceManager | High | Access Control | Query details Documentation |
| Key Vault Not Recoverable 7c25f361-7c66-44bf-9b69-022acd5eb4bd |
AzureResourceManager | High | Backup | Query details Documentation |
| Azure Managed Disk Without Encryption 350f3955-b5be-436f-afaa-3d2be2fa6cdd |
AzureResourceManager | High | Encryption | Query details Documentation |
| Network Security Group With Unrestricted Access To RDP 59cb3da7-f206-4ae6-b827-7abf0a9cab9d |
AzureResourceManager | High | Networking and Firewall | Query details Documentation |
| Storage Blob Service Container With Public Access a0ab985d-660b-41f7-ac81-70957ee8e627 |
AzureResourceManager | High | Networking and Firewall | Query details Documentation |
| Hardcoded SecureString Parameter Default Value 4d2cf896-c053-4be5-9c95-8b4771112f29 |
AzureResourceManager | High | Secret Management | Query details Documentation |
| App Service Authentication Is Not Set 83130a07-235b-4a80-918b-a370e53f0bd9 |
AzureResourceManager | Medium | Access Control | Query details Documentation |
| Azure Instance Using Basic Authentication 6797f581-0433-4768-ae3e-7ceb2f8b138e |
AzureResourceManager | Medium | Best Practices | Query details Documentation |
| Secret Without Expiration Date cff9c3f7-e8f0-455f-9fb4-5f72326da96e |
AzureResourceManager | Medium | Best Practices | Query details Documentation |
| SQL Server Database With Alerts Disabled 574e8d82-1db2-4b9c-b526-e320ede9a9ff |
AzureResourceManager | Medium | Best Practices | Query details Documentation |
| Storage Account Allows Unsecure Transfer 1367dd13-2c90-4020-80b7-e4339a3dc2c4 |
AzureResourceManager | Medium | Encryption | Query details Documentation |
| Web App Not Using TLS Last Version b5c851d5-00f1-43dc-a8de-3218fd6f71be |
AzureResourceManager | Medium | Encryption | Query details Documentation |
| AKS Cluster Network Policy Not Configured 25c0228e-4444-459b-a2df-93c7df40b7ed |
AzureResourceManager | Medium | Insecure Configurations | Query details Documentation |
| Website Not Forcing HTTPS 488847ff-6031-487c-bf42-98fd6ac5c9a0 |
AzureResourceManager | Medium | Insecure Configurations | Query details Documentation |
| MySQL Server SSL Enforcement Disabled 90120147-f2e7-4fda-bb21-6fa9109afd63 |
AzureResourceManager | Medium | Networking and Firewall | Query details Documentation |
| Network Security Group With Unrestricted Access To SSH 2ade1579-4b2c-4590-bebb-f99bf597f612 |
AzureResourceManager | Medium | Networking and Firewall | Query details Documentation |
| PostgreSQL Database Server Connection Throttling Disabled a6d774b6-d9ea-4bf4-8433-217bf15d2fb8 |
AzureResourceManager | Medium | Networking and Firewall | Query details Documentation |
| PostgreSQL Database Server Log Checkpoints Disabled f9112910-c7bb-4864-9f5e-2059ba413bb7 |
AzureResourceManager | Medium | Networking and Firewall | Query details Documentation |
| PostgreSQL Database Server Log Connections Disabled e69bda39-e1e2-47ca-b9ee-b6531b23aedd |
AzureResourceManager | Medium | Networking and Firewall | Query details Documentation |
| PostgreSQL Database Server SSL Disabled bf500309-da53-4dd3-bcf7-95f7974545a5 |
AzureResourceManager | Medium | Networking and Firewall | Query details Documentation |
| Trusted Microsoft Services Not Enabled e25b56cd-a4d6-498f-ab92-e6296a082097 |
AzureResourceManager | Medium | Networking and Firewall | Query details Documentation |
| Website with Client Certificate Auth Disabled 92302b47-b0cc-46cb-a28f-5610ecda140b |
AzureResourceManager | Medium | Networking and Firewall | Query details Documentation |
| AKS Logging To Azure Monitoring Is Disabled 9b09dee1-f09b-4013-91d2-158fa4695f4b |
AzureResourceManager | Medium | Observability | Query details Documentation |
| SQL Server Database Without Auditing e055285c-bc01-48b4-8aa5-8a54acdd29df |
AzureResourceManager | Medium | Observability | Query details Documentation |
| Storage Logging For Read Write And Delete Requests Disabled 43f6e60c-9cdb-4e77-864d-a66595d26518 |
AzureResourceManager | Medium | Observability | Query details Documentation |
| Website Azure Active Directory Disabled e9c133e5-c2dd-4b7b-8fff-40f2de367b56 |
AzureResourceManager | Low | Access Control | Query details Documentation |
| Phone Number Not Set For Security Contacts 3e9fcc67-1f64-405f-b2f9-0a6be17598f0 |
AzureResourceManager | Low | Best Practices | Query details Documentation |
| AKS Dashboard Is Enabled c62d3b92-9a11-4ffd-b7b7-6faaae83faed |
AzureResourceManager | Low | Insecure Configurations | Query details Documentation |
| AKS With Authorized IP Ranges Disabled 2583fab1-953b-4fae-bd02-4a136a6c21f9 |
AzureResourceManager | Low | Networking and Firewall | Query details Documentation |
| Storage Account Allows Default Network Access 9073f073-5d60-4b46-b569-0d6baa80ed95 |
AzureResourceManager | Low | Networking and Firewall | Query details Documentation |
| Website with 'Http20Enabled' Disabled 70111098-7f85-48f0-b1b4-e4261cf5f61b |
AzureResourceManager | Low | Networking and Firewall | Query details Documentation |
| Log Profile Incorrect Category 4d522e7b-f938-4d51-a3b1-974ada528bd3 |
AzureResourceManager | Low | Observability | Query details Documentation |
| SQL Server Database With Unrecommended Retention Days c09cdac2-7670-458a-bf6c-efad6880973a |
AzureResourceManager | Low | Observability | Query details Documentation |
| Unrecommended Log Profile Retention Policy 25684eac-daaa-4c2c-94b4-8d2dbb627909 |
AzureResourceManager | Low | Observability | Query details Documentation |
| Unrecommended Network Watcher Flow Log Retention Policy 564b70f8-41cd-4690-aff8-bb53add86bc9 |
AzureResourceManager | Low | Observability | Query details Documentation |
| Standard Price Is Not Selected 2081c7d6-2851-4cce-bda5-cb49d462da42 |
AzureResourceManager | Low | Resource Management | Query details Documentation |
| Account Admins Not Notified By Email a8852cc0-fd4b-4fc7-9372-1e43fad0732e |
AzureResourceManager | Info | Best Practices | Query details Documentation |
| SQL Alert Policy Without Emails 89b79fe5-49bd-4d39-84ce-55f5fc6f7764 |
AzureResourceManager | Info | Best Practices | Query details Documentation |
| Email Notifications Disabled 79c2c2c0-eb00-47c0-ac16-f8b0e2c81c92 |
AzureResourceManager | Info | Networking and Firewall | Query details Documentation |
| Run Using apt a1bc27c6-7115-48d8-bf9d-5a7e836845ba |
Buildah | Low | Supply-Chain | Query details Documentation |
| Script Block Injection 62ff6823-927a-427f-acf9-f1ea2932d616 |
CICD | High | Insecure Configurations | Query details Documentation |
| Run Block Injection 20f14e1a-a899-4e79-9f09-b6a84cd4649b |
CICD | Medium | Insecure Configurations | Query details Documentation |
| Unsecured Commands 60fd272d-15f4-4d8f-afe4-77d9c6cc0453 |
CICD | Medium | Insecure Configurations | Query details Documentation |
| Unpinned Actions Full Length Commit SHA 555ab8f9-2001-455e-a077-f2d0f41e2fb9 |
CICD | Low | Supply-Chain | Query details Documentation |
| Amazon DMS Replication Instance Is Publicly Accessible 5864fb39-d719-4182-80e2-89dbe627be63 |
CloudFormation | Critical | Access Control | Query details Documentation |
| ECR Repository Is Publicly Accessible 75be209d-1948-41f6-a8c8-e22dd0121134 |
CloudFormation | Critical | Access Control | Query details Documentation |
| S3 Bucket Access to Any Principal 7772bb8c-c0f3-42d4-8e4e-f1b8939ad085 |
CloudFormation | Critical | Access Control | Query details Documentation |
| S3 Bucket ACL Allows Read Or Write to All Users 07dda8de-d90d-469e-9b37-1aca53526ced |
CloudFormation | Critical | Access Control | Query details Documentation |
| S3 Bucket Allows Delete Action From All Principals acc78859-765e-4011-a229-a65ea57db252 |
CloudFormation | Critical | Access Control | Query details Documentation |
| S3 Bucket Allows Put Action From All Principals f6397a20-4cf1-4540-a997-1d363c25ef58 |
CloudFormation | Critical | Access Control | Query details Documentation |
| S3 Bucket With All Permissions 4ae8af91-5108-42cb-9471-3bdbe596eac9 |
CloudFormation | Critical | Access Control | Query details Documentation |
| SNS Topic is Publicly Accessible ae53ce91-42b5-46bf-a84f-9a13366a4f13 |
CloudFormation | Critical | Access Control | Query details Documentation |
| RDS DB Instance Publicly Accessible de38e1d5-54cb-4111-a868-6f7722695007 |
CloudFormation | Critical | Insecure Configurations | Query details Documentation |
| DB Security Group With Public Scope 9564406d-e761-4e61-b8d7-5926e3ab8e79 |
CloudFormation | Critical | Networking and Firewall | Query details Documentation |
| RDS Associated with Public Subnet 4e88adee-a8eb-4605-a78d-9fb1096e3091 |
CloudFormation | Critical | Networking and Firewall | Query details Documentation |
| Cross-Account IAM Assume Role Policy Without ExternalId or MFA 85138beb-ce7c-4ca3-a09f-e8fbcc57ddd7 |
CloudFormation | High | Access Control | Query details Documentation |
| ECS Service Admin Role Is Present 01986452-bdd8-4aaa-b5df-d6bf61d616ff |
CloudFormation | High | Access Control | Query details Documentation |
| IAM Policy Grants Full Permissions f62aa827-4ade-4dc4-89e4-1433d384a368 |
CloudFormation | High | Access Control | Query details Documentation |
| Lambda Functions With Full Privileges a0ae0a4e-712b-4115-8112-51b9eeed9d69 |
CloudFormation | High | Access Control | Query details Documentation |
| MSK Broker Is Publicly Accessible 0ce1ba20-8ba8-4364-836f-40c24b8cb0ab |
CloudFormation | High | Access Control | Query details Documentation |
| Neptune Cluster With IAM Database Authentication Disabled a3aa0087-8228-4e7e-b202-dc9036972d02 |
CloudFormation | High | Access Control | Query details Documentation |
| S3 Bucket ACL Allows Read to All Users 219f4c95-aa50-44e0-97de-cf71f4641170 |
CloudFormation | High | Access Control | Query details Documentation |
| S3 Bucket ACL Allows Read to Any Authenticated User 835d5497-a526-4aea-a23f-98a9afd1635f |
CloudFormation | High | Access Control | Query details Documentation |
| S3 Bucket Allows Get Action From All Principals f97b7d23-568f-4bcc-9ac9-02df0d57fbba |
CloudFormation | High | Access Control | Query details Documentation |
| S3 Bucket Allows List Action From All Principals faa8fddf-c0aa-4b2d-84ff-e993e233ebe9 |
CloudFormation | High | Access Control | Query details Documentation |
| S3 Bucket Allows Public Policy 860ba89b-b8de-4e72-af54-d6aee4138a69 |
CloudFormation | High | Access Control | Query details Documentation |
| S3 Bucket Allows Restore Actions From All Principals 456b00a3-1072-4149-9740-6b8bb60251b0 |
CloudFormation | High | Access Control | Query details Documentation |
| AmazonMQ Broker Encryption Disabled 316278b3-87ac-444c-8f8f-a733a28da60f |
CloudFormation | High | Encryption | Query details Documentation |
| API Gateway Cache Encrypted Disabled 37cca703-b74c-48ba-ac81-595b53398e9b |
CloudFormation | High | Encryption | Query details Documentation |
| CMK Unencrypted Storage ffee2785-c347-451e-89f3-11aeb08e5c84 |
CloudFormation | High | Encryption | Query details Documentation |
| Config Rule For Encrypted Volumes Disabled 1b6322d9-c755-4f8c-b804-32c19250f2d9 |
CloudFormation | High | Encryption | Query details Documentation |
| DynamoDB Table Not Encrypted 4bd21e68-38c1-4d58-acdc-6a14b203237f |
CloudFormation | High | Encryption | Query details Documentation |
| DynamoDB With Aws Owned CMK c8dee387-a2e6-4a73-a942-183c975549ac |
CloudFormation | High | Encryption | Query details Documentation |
| EBS Volume Encryption Disabled 80b7ac3f-d2b7-4577-9b10-df7913497162 |
CloudFormation | High | Encryption | Query details Documentation |
| ECS Cluster Not Encrypted At Rest 6c131358-c54d-419b-9dd6-1f7dd41d180c |
CloudFormation | High | Encryption | Query details Documentation |
| EFS Not Encrypted 2ff8e83c-90e1-4d68-a300-6d652112e622 |
CloudFormation | High | Encryption | Query details Documentation |
| ElastiCache With Disabled at Rest Encryption e4ee3903-9225-4b6a-bdfb-e62dbadef821 |
CloudFormation | High | Encryption | Query details Documentation |
| ElasticSearch Encryption With KMS Disabled d926aa95-0a04-4abc-b20c-acf54afe38a1 |
CloudFormation | High | Encryption | Query details Documentation |
| ElasticSearch Not Encrypted At Rest 86a248ab-0e01-4564-a82a-878303e253bb |
CloudFormation | High | Encryption | Query details Documentation |
| ELB Using Weak Ciphers 809f77f8-d10e-4842-a84f-3be7b6ff1190 |
CloudFormation | High | Encryption | Query details Documentation |
| Kinesis SSE Not Configured 7f65be75-90ab-4036-8c2a-410aef7bb650 |
CloudFormation | High | Encryption | Query details Documentation |
| MSK Cluster Encryption Disabled a976d63f-af0e-46e8-b714-8c1a9c4bf768 |
CloudFormation | High | Encryption | Query details Documentation |
| Neptune Database Cluster Encryption Disabled bf4473f1-c8a2-4b1b-8134-bd32efabab93 |
CloudFormation | High | Encryption | Query details Documentation |
| RDS Storage Encryption Disabled 65844ba3-03a1-40a8-b3dd-919f122e8c95 |
CloudFormation | High | Encryption | Query details Documentation |
| RDS Storage Not Encrypted 5beacce3-4020-4a3d-9e1d-a36f953df630 |
CloudFormation | High | Encryption | Query details Documentation |
| Redshift Not Encrypted 3b316b05-564c-44a7-9c3f-405bb95e211e |
CloudFormation | High | Encryption | Query details Documentation |
| S3 Bucket Without Server-side-encryption b2e8752c-3497-4255-98d2-e4ae5b46bbf5 |
CloudFormation | High | Encryption | Query details Documentation |
| SageMaker Data Encryption Disabled 709e6da6-fa1f-44cc-8f17-7f25f96dadbe |
CloudFormation | High | Encryption | Query details Documentation |
| User Data Contains Encoded Private Key 568cc372-ca64-420d-9015-ee347d00d288 |
CloudFormation | High | Encryption | Query details Documentation |
| Workspace Without Encryption 89827c57-5a8a-49eb-9731-976a606d70db |
CloudFormation | High | Encryption | Query details Documentation |
| Batch Job Definition With Privileged Container Properties 76ddf32c-85b1-4808-8935-7eef8030ab36 |
CloudFormation | High | Insecure Configurations | Query details Documentation |
| KMS Key With Vulnerable Policy da905474-7454-43c0-b8d2-5756ab951aba |
CloudFormation | High | Insecure Configurations | Query details Documentation |
| Lambda Functions Without Unique IAM Roles ae03f542-1423-402f-9cef-c834e7ee9583 |
CloudFormation | High | Insecure Configurations | Query details Documentation |
| MQ Broker Is Publicly Accessible 68b6a789-82f8-4cfd-85de-e95332fe6a61 |
CloudFormation | High | Insecure Configurations | Query details Documentation |
| Root Account Has Active Access Keys 4c137350-7307-4803-8c04-17c09a7a9fcf |
CloudFormation | High | Insecure Configurations | Query details Documentation |
| S3 Static Website Host Enabled 90501b1b-cded-4cc1-9e8b-206b85cda317 |
CloudFormation | High | Insecure Configurations | Query details Documentation |
| Permissive Web ACL Default Action 6d64f311-3da6-45f3-80f1-14db9771ea40 |
CloudFormation | High | Insecure Defaults | Query details Documentation |
| DB Security Group Open To Large Scope 0104165b-02d5-426f-abc9-91fb48189899 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Default Security Groups With Unrestricted Traffic ea33fcf7-394b-4d11-a228-985c5d08f205 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| EC2 Sensitive Port Is Publicly Exposed 494b03d3-bf40-4464-8524-7c56ad0700ed |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| ELB Sensitive Port Is Exposed To Entire Network 78055456-f670-4d2e-94d5-392d1cf4f5e4 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Fully Open Ingress e415f8d3-fc2b-4f52-88ab-1129e8c8d3f5 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Remote Desktop Port Open To Internet c9846969-d066-431f-9b34-8c4abafe422a |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Route53 Record Undefined 24d932e1-91f0-46ea-836f-fdbd81694151 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Security Group Unrestricted Access To RDP 3ae83918-7ec7-4cb8-80db-b91ef0f94002 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Security Groups With Exposed Admin Ports cdbb0467-2957-4a77-9992-7b55b29df7b7 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Security Groups With Meta IP adcd0082-e90b-4b63-862b-21899f6e6a48 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Unknown Port Exposed To Internet 829ce3b8-065c-41a3-ad57-e0accfea82d2 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Unrestricted Security Group Ingress 4a1e6b34-1008-4e61-a5f2-1f7c276f8d14 |
CloudFormation | High | Networking and Firewall | Query details Documentation |
| Amplify App Access Token Exposed 73980e43-f399-4fcc-a373-658228f7adf7 |
CloudFormation | High | Secret Management | Query details Documentation |
| Amplify App Basic Auth Config Password Exposed 71493c8b-3014-404c-9802-078b74496fb7 |
CloudFormation | High | Secret Management | Query details Documentation |
| Amplify App OAuth Token Exposed 03b38885-8f4e-480c-a0e4-12c1affd15db |
CloudFormation | High | Secret Management | Query details Documentation |
| Amplify Branch Basic Auth Config Password Exposed dfb56e5d-ee68-446e-b32a-657b62befe69 |
CloudFormation | High | Secret Management | Query details Documentation |
| Directory Service Microsoft AD Password Set to Plaintext or Default Ref 06b9f52a-8cd5-459b-bdc6-21a22521e1be |
CloudFormation | High | Secret Management | Query details Documentation |
| Directory Service Simple AD Password Exposed 6685d912-d81f-4cfa-95ad-e316ea31c989 |
CloudFormation | High | Secret Management | Query details Documentation |
| DMS Endpoint MongoDB Settings Password Exposed f988a17f-1139-46a3-8928-f27eafd8b024 |
CloudFormation | High | Secret Management | Query details Documentation |
| DMS Endpoint Password Exposed 5f700072-b7ce-4e84-b3f3-497bf1c24a4d |
CloudFormation | High | Secret Management | Query details Documentation |
| DocDB Cluster Master Password In Plaintext 39423ce4-9011-46cd-b6b1-009edcd9385d |
CloudFormation | High | Secret Management | Query details Documentation |
| Hardcoded AWS Access Key In Lambda 2564172f-c92b-4261-9acd-464aed511696 |
CloudFormation | High | Secret Management | Query details Documentation |
| IAM User LoginProfile Password Is In Plaintext 06adef8c-c284-4de7-aad2-af43b07a8ca1 |
CloudFormation | High | Secret Management | Query details Documentation |
| RefreshToken Is Exposed 5b48c507-0d1f-41b0-a630-76817c6b4189 |
CloudFormation | High | Secret Management | Query details Documentation |
| API Gateway Method Does Not Contains An API Key 3641d5b4-d339-4bc2-bfb9-208fe8d3477f |
CloudFormation | Medium | Access Control | Query details Documentation |
| API Gateway Without Configured Authorizer 7fd0d461-5b8c-4815-898c-f2b4b117eb28 |
CloudFormation | Medium | Access Control | Query details Documentation |
| EC2 Instance Has No IAM Role f914357d-8386-4d56-9ba6-456e5723f9a6 |
CloudFormation | Medium | Access Control | Query details Documentation |
| EC2 Instance Using Default Security Group 08b81bb3-0985-4023-8602-b606ad81d279 |
CloudFormation | Medium | Access Control | Query details Documentation |
| EC2 Network ACL Ineffective Denied Traffic 2623d682-dccb-44cd-99d0-54d9fd62f8f2 |
CloudFormation | Medium | Access Control | Query details Documentation |
| Elasticsearch Without IAM Authentication 5c666ed9-b586-49ab-9873-c495a833b705 |
CloudFormation | Medium | Access Control | Query details Documentation |
| Empty Roles For ECS Cluster Task Definitions 7f384a5f-b5a2-4d84-8ca3-ee0a5247becb |
CloudFormation | Medium | Access Control | Query details Documentation |
| IAM Group Inline Policies a58d1a2d-4078-4b80-855b-84cc3f7f4540 |
CloudFormation | Medium | Access Control | Query details Documentation |
| IAM Group Without Users 8f957abd-9703-413d-87d3-c578950a753c |
CloudFormation | Medium | Access Control | Query details Documentation |
| IAM Policies Attached To User edc95c10-7366-4f30-9b4b-f995c84eceb5 |
CloudFormation | Medium | Access Control | Query details Documentation |
| IAM Policies With Full Privileges 953b3cdb-ce13-428a-aa12-318726506661 |
CloudFormation | Medium | Access Control | Query details Documentation |
| IAM Policy Grants 'AssumeRole' Permission Across All Services e835bd0d-65da-49f7-b6d1-b646da8727e6 |
CloudFormation | Medium | Access Control | Query details Documentation |
| IAM Policy On User e4239438-e639-44aa-adb8-866e400e3ade |
CloudFormation | Medium | Access Control | Query details Documentation |
| IAM Role Allows All Principals To Assume f80e3aa7-7b34-4185-954e-440a6894dde6 |
CloudFormation | Medium | Access Control | Query details Documentation |
| IoT Policy Allows Action as Wildcard 4d32780f-43a4-424a-a06d-943c543576a5 |
CloudFormation | Medium | Access Control | Query details Documentation |
| IoT Policy Allows Wildcard Resource be5b230d-4371-4a28-a441-85dc760e2aa3 |
CloudFormation | Medium | Access Control | Query details Documentation |
| KMS Allows Wildcard Principal f6049677-ec4a-43af-8779-5190b6d03cba |
CloudFormation | Medium | Access Control | Query details Documentation |
| Lambda Permission Principal Is Wildcard 1d6e16f1-5d8a-4379-bfb3-2dadd38ed5a7 |
CloudFormation | Medium | Access Control | Query details Documentation |
| Public Lambda via API Gateway 57b12981-3816-4c31-b190-a1e614361dd2 |
CloudFormation | Medium | Access Control | Query details Documentation |
| S3 Bucket Allows Public ACL 48f100d9-f499-4c6d-b2b8-deafe47ffb26 |
CloudFormation | Medium | Access Control | Query details Documentation |
| SNS Topic Publicity Has Allow and NotAction Simultaneously 818f38ed-8446-4132-9c03-474d49e10195 |
CloudFormation | Medium | Access Control | Query details Documentation |
| SQS Policy With Public Access 9b6a3f5b-5fd6-40ee-9bc0-ed604911212d |
CloudFormation | Medium | Access Control | Query details Documentation |
| Auto Scaling Group With No Associated ELB ad21e616-5026-4b9d-990d-5b007bfe679c |
CloudFormation | Medium | Availability | Query details Documentation |
| CMK Is Unusable 2844c749-bd78-4cd1-90e8-b179df827602 |
CloudFormation | Medium | Availability | Query details Documentation |
| ElastiCache Nodes Not Created Across Multi AZ cfdef2e5-1fe4-4ef4-bea8-c56e08963150 |
CloudFormation | Medium | Availability | Query details Documentation |
| RDS Multi-AZ Deployment Disabled 2b1d4935-9acf-48a7-8466-10d18bf51a69 |
CloudFormation | Medium | Availability | Query details Documentation |
| RDS With Backup Disabled 8c415f6f-7b90-4a27-a44a-51047e1506f9 |
CloudFormation | Medium | Backup | Query details Documentation |
| S3 Bucket Without Versioning a227ec01-f97a-4084-91a4-47b350c1db54 |
CloudFormation | Medium | Backup | Query details Documentation |
| Stack Retention Disabled fe974ae9-858e-4991-bbd5-e040a834679f |
CloudFormation | Medium | Backup | Query details Documentation |
| DynamoDB Table Point In Time Recovery Disabled 0f04217d-488f-4e7a-bec8-f16159686cd6 |
CloudFormation | Medium | Best Practices | Query details Documentation |
| ECS No Load Balancer Attached fb2b0ecf-1492-491a-a70d-ba1df579175d |
CloudFormation | Medium | Best Practices | Query details Documentation |
| IAM Managed Policy Applied to a User 0e5872b4-19a0-4165-8b2f-56d9e14b909f |
CloudFormation | Medium | Best Practices | Query details Documentation |
| IAM User Without Password Reset a964d6e3-8e1e-4d93-8120-61fa640dd55a |
CloudFormation | Medium | Best Practices | Query details Documentation |
| Alexa Skill Plaintext Client Secret Exposed 3c3b7a58-b018-4d07-9444-d9ee7156e111 |
CloudFormation | Medium | Encryption | Query details Documentation |
| CloudFormation Specifying Credentials Not Safe 9ecb6b21-18bc-4aa7-bd07-db20f1c746db |
CloudFormation | Medium | Encryption | Query details Documentation |
| Cloudfront Viewer Protocol Policy Allows HTTP 31733ee2-fef0-4e87-9778-65da22a8ecf1 |
CloudFormation | Medium | Encryption | Query details Documentation |
| CodeBuild Not Encrypted d7467bb6-3ed1-4c82-8095-5e7a818d0aad |
CloudFormation | Medium | Encryption | Query details Documentation |
| Connection Between CloudFront Origin Not Encrypted a5366a50-932f-4085-896b-41402714a388 |
CloudFormation | Medium | Encryption | Query details Documentation |
| Default KMS Key Usage e52395b4-250b-4c60-81d5-2e58c1d37abc |
CloudFormation | Medium | Encryption | Query details Documentation |
| EFS Volume With Disabled Transit Encryption c1282e03-b285-4637-aee7-eefe3a7bb658 |
CloudFormation | Medium | Encryption | Query details Documentation |
| ElastiCache With Disabled Transit Encryption 3b02569b-fc6f-4153-b3a3-ba91022fed68 |
CloudFormation | Medium | Encryption | Query details Documentation |
| ELB Using Insecure Protocols 61a94903-3cd3-4780-88ec-fc918819b9c8 |
CloudFormation | Medium | Encryption | Query details Documentation |
| ELB Without Secure Protocol 80908a75-586b-4c61-ab04-490f4f4525b8 |
CloudFormation | Medium | Encryption | Query details Documentation |
| EMR Security Configuration Encryption Disabled 5b033ec8-f079-4323-b5c8-99d4620433a9 |
CloudFormation | Medium | Encryption | Query details Documentation |
| IAM Database Auth Not Enabled 9fcd0a0a-9b6f-4670-a215-d94e6bf3f184 |
CloudFormation | Medium | Encryption | Query details Documentation |
| KMS Key Rotation Disabled 235ca980-eb71-48f4-9030-df0c371029eb |
CloudFormation | Medium | Encryption | Query details Documentation |
| Redshift Cluster Without KMS CMK de76a0d6-66d5-45c9-9022-f05545b85c78 |
CloudFormation | Medium | Encryption | Query details Documentation |
| S3 Bucket Without SSL In Write Actions 38c64e76-c71e-4d92-a337-60174d1de1c9 |
CloudFormation | Medium | Encryption | Query details Documentation |
| SageMaker EndPoint Config Should Specify KmsKeyId Attribute 44034eda-1c3f-486a-831d-e09a7dd94354 |
CloudFormation | Medium | Encryption | Query details Documentation |
| Secure Ciphers Disabled be96849c-3df6-49c2-bc16-778a7be2519c |
CloudFormation | Medium | Encryption | Query details Documentation |
| SQS With SSE Disabled 12726829-93ed-4d51-9cbe-13423f4299e1 |
CloudFormation | Medium | Encryption | Query details Documentation |
| API Gateway With Open Access 1056dfbb-5802-4762-bf2b-8b9b9684b1b0 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| API Gateway Without Security Policy 8275fab0-68ec-4705-bbf4-86975edb170e |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| API Gateway Without SSL Certificate ed4c48b8-eccc-4881-95c1-09fdae23db25 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| CloudFront Without Minimum Protocol TLS 1.2 dc17ee4b-ddf2-4e23-96e8-7a36abad1303 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| ECR Image Tag Not Immutable 33f41d31-86b1-46a4-81f7-9c9a671f59ac |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| ECS Task Definition Network Mode Not Recommended 027a4b7a-8a59-4938-a04f-ed532512cf45 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| EMR Cluster Without Security Configuration 48af92a5-c89b-4936-bc62-1086fe2bab23 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| GitHub Repository Set To Public 5906092d-5f74-490d-9a03-78febe0f65e1 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| IAM User Has Too Many Access Keys 48677914-6fdf-40ec-80c4-2b0e94079f54 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| Redshift Publicly Accessible bdf8dcb4-75df-4370-92c4-606e4ae6c4d3 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| S3 Bucket With Unsecured CORS Rule 3609d27c-3698-483a-9402-13af6ae80583 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| S3 Bucket Without Ignore Public ACL 6c8d51af-218d-4bfb-94a9-94eabaa0703a |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| S3 Bucket Without Restriction Of Public Bucket 350cd468-0e2c-44ef-9d22-cfb73a62523c |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| SageMaker Enabling Internet Access 88d55d94-315d-4564-beee-d2d725feab11 |
CloudFormation | Medium | Insecure Configurations | Query details Documentation |
| Vulnerable Default SSL Certificate b4d9c12b-bfba-4aeb-9cb8-2358546d8041 |
CloudFormation | Medium | Insecure Defaults | Query details Documentation |
| ALB Is Not Integrated With WAF 105ba098-1e34-48cd-b0f2-a8a43a51bf9b |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| ALB Listening on HTTP 275a3217-ca37-40c1-a6cf-bb57d245ab32 |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| API Gateway Endpoint Config is Not Private 4a8daf95-709d-4a36-9132-d3e19878fa34 |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| API Gateway without WAF fcbf9019-566c-4832-a65c-af00d8137d2b |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| CloudFront Without WAF 0f139403-303f-467c-96bd-e717e6cfd62d |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| EC2 Instance Subnet Has Public IP Mapping On Launch b3de4e4c-14be-4159-b99d-9ad194365e4c |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| EC2 Network ACL Overlapping Ports 77b6f1e2-bde4-4a6a-ae7e-a40659ff1576 |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| EC2 Permissive Network ACL Protocols 03879981-efa2-47a0-a818-c843e1441b88 |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| EC2 Public Instance Exposed Through Subnet c44c95fc-ae92-4bb8-bdf8-bb9bc412004a |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| EKS node group remote access 73d59e76-a12c-4b74-a3d8-d3e1e19c25b3 |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| Elasticsearch with HTTPS disabled 4cdc88e6-c0c8-4081-a639-bb3a557cbedf |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| ELB With Security Group Without Inbound Rules e200a6f3-c589-49ec-9143-7421d4a2c845 |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| ELB With Security Group Without Outbound Rules 01d5a458-a6c4-452a-ac50-054d59275b7c |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| GameLift Fleet EC2 InboundPermissions With Port Range 43356255-495d-4148-ad8d-f6af5eac09dd |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| HTTP Port Open To Internet ddfc4eaa-af23-409f-b96c-bf5c45dc4daa |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| SageMaker Notebook Not Placed In VPC 9c7028d9-04c2-45be-b8b2-1188ccaefb36 |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| Security Group Egress CIDR Open To World 1cc2fbd7-816c-4fbf-ad6d-38a4afa4312a |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| Security Group Egress With All Protocols ee464fc2-54a6-4e22-b10a-c6dcd2474d0c |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| Security Group Egress With Port Range dae9c373-8287-462f-8746-6f93dad93610 |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| Security Group Ingress With All Protocols 1a427b25-2e9e-4298-9530-0499a55e736b |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| Security Group Ingress With Port Range 87482183-a8e7-4e42-a566-7a23ec231c16 |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| Security Group With Unrestricted Access To SSH 6e856af2-62d7-4ba2-adc1-73b62cef9cc1 |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| Security Groups Allows Unrestricted Outbound Traffic 66f2d8f9-a911-4ced-ae27-34f09690bb2c |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| TCP UDP Protocol Network ACL Entry Allows All Ports f57f849c-883b-4cb7-85e7-f7b199dff163 |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| VPC Without Network Firewall 3e293410-d5b8-411f-85fd-7d26294f20c9 |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| API Gateway Deployment Without Access Log Setting 06ec63e3-9f72-4fe2-a218-2eb9200b8db5 |
CloudFormation | Medium | Observability | Query details Documentation |
| API Gateway V2 Stage Access Logging Settings Not Defined 80d45af4-4920-4236-a56e-b7ef419d1941 |
CloudFormation | Medium | Observability | Query details Documentation |
| CloudFront Logging Disabled de77cd9f-0e8b-46cc-b4a4-b6b436838642 |
CloudFormation | Medium | Observability | Query details Documentation |
| CloudTrail Logging Disabled 5c0b06d5-b7a4-484c-aeb0-75a836269ff0 |
CloudFormation | Medium | Observability | Query details Documentation |
| CloudWatch Logging Disabled 0f0fb06b-0f2f-4374-8588-f2c7c348c7a0 |
CloudFormation | Medium | Observability | Query details Documentation |
| CloudWatch Metrics Disabled 5d3c1807-acb3-4bb0-be4e-0440230feeaf |
CloudFormation | Medium | Observability | Query details Documentation |
| DocDB Logging Is Disabled 1bf3b3d4-f373-4d7c-afbb-7d85948a67a5 |
CloudFormation | Medium | Observability | Query details Documentation |
| EC2 Instance Monitoring Disabled 0264093f-6791-4475-af34-4b8102dcbcd0 |
CloudFormation | Medium | Observability | Query details Documentation |
| Elasticsearch Logs Disabled edbd62d4-8700-41de-b000-b3cfebb5e996 |
CloudFormation | Medium | Observability | Query details Documentation |
| ELB Access Log Disabled ee12ad32-2863-4c0f-b13f-28272d115028 |
CloudFormation | Medium | Observability | Query details Documentation |
| ELBv2 ALB Access Log Disabled c62e8b7d-1fdf-4050-ac4c-76ba9e1d9621 |
CloudFormation | Medium | Observability | Query details Documentation |
| GuardDuty Detector Disabled a25cd877-375c-4121-a640-730929936fac |
CloudFormation | Medium | Observability | Query details Documentation |
| MQ Broker Logging Disabled e519ed6a-8328-4b69-8eb7-8fa549ac3050 |
CloudFormation | Medium | Observability | Query details Documentation |
| MSK Cluster Logging Disabled fc7c2c15-f5d0-4b80-adb2-c89019f8f62b |
CloudFormation | Medium | Observability | Query details Documentation |
| Redshift Cluster Logging Disabled 3de2d4ff-fe53-4fc9-95d3-2f8a69bf90d6 |
CloudFormation | Medium | Observability | Query details Documentation |
| S3 Bucket CloudTrail Logging Disabled c3ce69fd-e3df-49c6-be78-1db3f802261c |
CloudFormation | Medium | Observability | Query details Documentation |
| S3 Bucket Logging Disabled 4552b71f-0a2a-4bc4-92dd-ed7ec1b4674c |
CloudFormation | Medium | Observability | Query details Documentation |
| VPC FlowLogs Disabled f6d299d2-21eb-41cc-b1e1-fe12d857500b |
CloudFormation | Medium | Observability | Query details Documentation |
| High Access Key Rotation Period 800fa019-49dd-421b-9042-7331fdd83fa2 |
CloudFormation | Medium | Secret Management | Query details Documentation |
| IAM User With No Group 06933df4-0ea7-461c-b9b5-104d27390e0e |
CloudFormation | Low | Access Control | Query details Documentation |
| Support Has No Role Associated d71b5fd7-9020-4b2d-9ec8-b3839faa2744 |
CloudFormation | Low | Access Control | Query details Documentation |
| EBS Volume Not Attached To Instances 1819ac03-542b-4026-976b-f37addd59f3b |
CloudFormation | Low | Availability | Query details Documentation |
| ECS Service Without Running Tasks 79d745f0-d5f3-46db-9504-bef73e9fd528 |
CloudFormation | Low | Availability | Query details Documentation |
| VPC Attached With Too Many Gateways 97e94d17-e2c7-4109-a53b-6536ac1bb64e |
CloudFormation | Low | Availability | Query details Documentation |
| Low RDS Backup Retention Period e649a218-d099-4550-86a4-1231e1fcb60d |
CloudFormation | Low | Backup | Query details Documentation |
| RDS DB Instance With Deletion Protection Disabled 2c161e58-cb52-454f-abea-6470c37b5e6e |
CloudFormation | Low | Backup | Query details Documentation |
| Automatic Minor Upgrades Disabled f0104061-8bfc-4b45-8a7d-630eb502f281 |
CloudFormation | Low | Best Practices | Query details Documentation |
| CDN Configuration Is Missing e4f54ff4-d352-40e8-a096-5141073c37a2 |
CloudFormation | Low | Best Practices | Query details Documentation |
| Cognito UserPool Without MFA 74a18d1a-cf02-4a31-8791-ed0967ad7fdc |
CloudFormation | Low | Best Practices | Query details Documentation |
| Geo Restriction Disabled 7f8843f0-9ea5-42b4-a02b-753055113195 |
CloudFormation | Low | Best Practices | Query details Documentation |
| IAM Access Analyzer Not Enabled 8d29754a-2a18-460d-a1ba-9509f8d359da |
CloudFormation | Low | Best Practices | Query details Documentation |
| IAM Password Without Minimum Length b1b20ae3-8fa7-4af5-a74d-a2145920fcb1 |
CloudFormation | Low | Best Practices | Query details Documentation |
| IAM Policies Without Groups 5e7acff5-095b-40ac-9073-ac2e4ad8a512 |
CloudFormation | Low | Best Practices | Query details Documentation |
| Lambda Permission Misconfigured 9b83114b-b2a1-4534-990d-06da015e47aa |
CloudFormation | Low | Best Practices | Query details Documentation |
| Security Group Ingress Has CIDR Not Recommended a3e4e39a-e5fc-4ee9-8cf5-700febfa86dd |
CloudFormation | Low | Best Practices | Query details Documentation |
| DynamoDB With Not Recommended Table Billing Mode c333e906-8d8b-4275-b999-78b6318f8dc6 |
CloudFormation | Low | Build Process | Query details Documentation |
| EFS Without Tags 08e39832-5e42-4304-98a0-aa5b43393162 |
CloudFormation | Low | Build Process | Query details Documentation |
| API Gateway With Invalid Compression d6653eee-2d4d-4e6a-976f-6794a497999a |
CloudFormation | Low | Encryption | Query details Documentation |
| CloudTrail Log Files Not Encrypted With KMS 050a9ba8-d1cb-4c61-a5e8-8805a70d3b85 |
CloudFormation | Low | Encryption | Query details Documentation |
| EFS Without KMS 6d087495-2a42-4735-abf7-02ef5660a7e6 |
CloudFormation | Low | Encryption | Query details Documentation |
| API Gateway Cache Cluster Disabled 52790cad-d60d-41d5-8483-146f9f21208d |
CloudFormation | Low | Insecure Configurations | Query details Documentation |
| Inline Policies Are Attached To ECS Service 9e8c89b3-7997-4d15-93e4-7911b9db99fd |
CloudFormation | Low | Insecure Configurations | Query details Documentation |
| Instance With No VPC 8a6d36cd-0bc6-42b7-92c4-67acc8576861 |
CloudFormation | Low | Insecure Configurations | Query details Documentation |
| Lambda Function Without Dead Letter Queue c2eae442-d3ba-4cb1-84ca-1db4f80eae3d |
CloudFormation | Low | Insecure Configurations | Query details Documentation |
| Lambda Function Without Tags 8df8e857-bd59-44fa-9f4c-d77594b95b46 |
CloudFormation | Low | Insecure Configurations | Query details Documentation |
| Wildcard In ACM Certificate Domain Name cc8b294f-006f-4f8f-b5bb-0a9140c33131 |
CloudFormation | Low | Insecure Configurations | Query details Documentation |
| RouterTable with Default Routing 4f0908b9-eb66-433f-9145-134274e1e944 |
CloudFormation | Low | Insecure Defaults | Query details Documentation |
| S3 Bucket Should Have Bucket Policy 37fa8188-738b-42c8-bf82-6334ea567738 |
CloudFormation | Low | Insecure Defaults | Query details Documentation |
| EC2 Instance Using Default VPC e42a3ef0-5325-4667-84bf-075ba1c9d58e |
CloudFormation | Low | Networking and Firewall | Query details Documentation |
| ElastiCache Using Default Port 323db967-c68e-44e6-916c-a777f95af34b |
CloudFormation | Low | Networking and Firewall | Query details Documentation |
| ElastiCache Without VPC ba766c53-fe71-4bbb-be35-b6803f2ef13e |
CloudFormation | Low | Networking and Firewall | Query details Documentation |
| EMR Without VPC bf89373a-be40-4c04-99f5-746742dfd7f3 |
CloudFormation | Low | Networking and Firewall | Query details Documentation |
| RDS Using Default Port 1fe9d958-ddce-4228-a124-05265a959a8b |
CloudFormation | Low | Networking and Firewall | Query details Documentation |
| Redshift Using Default Port a478af30-8c3a-404d-aa64-0b673cee509a |
CloudFormation | Low | Networking and Firewall | Query details Documentation |
| Security Groups Without VPC Attached 493d9591-6249-47bf-8dc0-5c10161cc558 |
CloudFormation | Low | Networking and Firewall | Query details Documentation |
| Shield Advanced Not In Use ad7444cf-817a-4765-a79e-2145f7981faf |
CloudFormation | Low | Networking and Firewall | Query details Documentation |
| API Gateway Deployment Without API Gateway UsagePlan Associated 783860a3-6dca-4c8b-81d0-7b62769ccbca |
CloudFormation | Low | Observability | Query details Documentation |
| API Gateway X-Ray Disabled 4ab10c48-bedb-4deb-8f3b-ff12783b61de |
CloudFormation | Low | Observability | Query details Documentation |
| CloudTrail Log File Validation Disabled 2a3560fe-52ca-4443-b34f-bf0ed5eb74c8 |
CloudFormation | Low | Observability | Query details Documentation |
| CloudTrail Multi Region Disabled 058ac855-989f-4378-ba4d-52d004020da7 |
CloudFormation | Low | Observability | Query details Documentation |
| CloudTrail Not Integrated With CloudWatch 65d07da5-9af5-44df-8983-52d2e6f24c44 |
CloudFormation | Low | Observability | Query details Documentation |
| CloudTrail SNS Topic Name Undefined 3e09413f-471e-40f3-8626-990c79ae63f3 |
CloudFormation | Low | Observability | Query details Documentation |
| CMK Rotation Disabled 1c07bfaf-663c-4f6f-b22b-8e2d481e4df5 |
CloudFormation | Low | Observability | Query details Documentation |
| Configuration Aggregator to All Regions Disabled 9f3cf08e-72a2-4eb1-8007-e3b1b0e10d4d |
CloudFormation | Low | Observability | Query details Documentation |
| ECS Cluster with Container Insights Disabled ab759fde-e1e8-4b0e-ad73-ba856e490ed8 |
CloudFormation | Low | Observability | Query details Documentation |
| ECS Task Definition HealthCheck Missing d24389b4-b209-4ff0-8345-dc7a4569dcdd |
CloudFormation | Low | Observability | Query details Documentation |
| ElasticSearch Without Slow Logs 086ea2eb-14a6-4fd4-914b-38e0bc8703e8 |
CloudFormation | Low | Observability | Query details Documentation |
| Lambda Functions Without X-Ray Tracing 9488c451-074e-4cd3-aee3-7db6104f542c |
CloudFormation | Low | Observability | Query details Documentation |
| Stack Notifications Disabled 837e033c-4717-40bd-807e-6abaa30161b7 |
CloudFormation | Low | Observability | Query details Documentation |
| Unscanned ECR Image 9025b2b3-e554-4842-ba87-db7aeec36d35 |
CloudFormation | Low | Observability | Query details Documentation |
| API Gateway Stage Without API Gateway UsagePlan Associated 7f8f1b60-43df-4c28-aa21-fb836dbd8071 |
CloudFormation | Low | Resource Management | Query details Documentation |
| ECS Task Definition Invalid CPU or Memory f4c9b5f5-68b8-491f-9e48-4f96644a1d51 |
CloudFormation | Low | Resource Management | Query details Documentation |
| SDB Domain Declared As A Resource 6ea57c8b-f9c0-4ec7-bae3-bd75a9dee27d |
CloudFormation | Low | Resource Management | Query details Documentation |
| VPC Without Attached Subnet 3b3b4411-ad1f-40e7-b257-a78a6bb9673a |
CloudFormation | Low | Resource Management | Query details Documentation |
| EBS Volume Without KmsKeyId b7063015-6c31-4658-a8e7-14f98f37fd42 |
CloudFormation | Low | Secret Management | Query details Documentation |
| Secrets Manager Should Specify KmsKeyId c8ae9ba9-c2f7-4e5c-b32e-a4b7712d4d22 |
CloudFormation | Low | Secret Management | Query details Documentation |
| SNS Topic Without KmsMasterKeyId 9d13b150-a2ab-42a1-b6f4-142e41f81e52 |
CloudFormation | Low | Secret Management | Query details Documentation |
| EC2 Not EBS Optimized 8dd0ff1f-0da4-48df-9bb3-7f338ae36a40 |
CloudFormation | Info | Best Practices | Query details Documentation |
| Security Group Rule Without Description 5e6c9c68-8a82-408e-8749-ddad78cbb9c5 |
CloudFormation | Info | Best Practices | Query details Documentation |
| EC2 Network ACL Duplicate Rule 045ddb54-cfc5-4abb-9e05-e427b2bc96fe |
CloudFormation | Info | Networking and Firewall | Query details Documentation |
| BOM - AWS Cassandra 124b173b-e06d-48a6-8acd-f889443d97a4 |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS DynamoDB 4e67c0ae-38a0-47f4-a50c-f0c9b75826df |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS EBS 0b0556ea-9cd9-476f-862e-20679dda752b |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS EFS ef05a925-8568-4054-8ff1-f5ba82631c16 |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS Elasticache c689f51b-9203-43b3-9d8b-caed123f706c |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS Kinesis d53323be-dde6-4457-9a43-42df737e71d2 |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS MQ 209189f3-c879-48a7-9703-fbcfa96d0cef |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS MSK 2730c169-51d7-4ae7-99b5-584379eff1bb |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS RDS 6ef03ff6-a2bd-483c-851f-631f248bc0ea |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS S3 Buckets b5d6a2e0-8f15-4664-bd5b-68ec5c9bab83 |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS SNS 42e7dca3-8cce-4325-8df0-108888259136 |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS SQS 59a849c2-1127-4023-85a5-ef906dcd458c |
CloudFormation | Trace | Bill Of Materials | Query details Documentation |
| Serverless Function Without Unique IAM Role 4ba74f01-aba5-4be2-83bc-be79ff1a3b92 |
CloudFormation | High | Insecure Configurations | Query details Documentation |
| Serverless Function Environment Variables Not Encrypted a7f8ac28-eed1-483d-87c8-4c325f022572 |
CloudFormation | Medium | Encryption | Query details Documentation |
| Serverless API Endpoint Config Not Private 6b5b0313-771b-4319-ad7a-122ee78700ef |
CloudFormation | Medium | Networking and Firewall | Query details Documentation |
| Serverless API Access Logging Setting Undefined 0a994e04-c6dc-471d-817e-d37451d18a3b |
CloudFormation | Medium | Observability | Query details Documentation |
| Serverless API X-Ray Tracing Disabled c757c6a3-ac87-4b9d-b28d-e5a5add6a315 |
CloudFormation | Medium | Observability | Query details Documentation |
| Serverless API Without Content Encoding a2f2800e-614b-4bc8-89e6-fec8afd24800 |
CloudFormation | Low | Encryption | Query details Documentation |
| Serverless API Cache Cluster Disabled 60a05ede-0a68-4d0d-a58f-f538cf55ff79 |
CloudFormation | Low | Insecure Configurations | Query details Documentation |
| Serverless Function Without Dead Letter Queue cb2f612b-ed42-4ff5-9fb9-255c73d39a18 |
CloudFormation | Low | Insecure Configurations | Query details Documentation |
| Serverless Function Without Tags a71ecabe-03b6-456a-b3bc-d1a39aa20c98 |
CloudFormation | Low | Insecure Configurations | Query details Documentation |
| Serverless Function Without X-Ray Tracing dc1ab429-1481-4540-9b1d-280e3f15f1f8 |
CloudFormation | Low | Observability | Query details Documentation |
| Passwords And Secrets a88baa34-e2ad-44ea-ad6f-8cac87bc7c71 |
Common | High | Secret Management | Query details Documentation |
| DB Instance Storage Not Encrypted e50eb68a-a4af-4048-8bbe-8ec324421469 |
Crossplane | High | Encryption | Query details Documentation |
| EFS Not Encrypted 72840c35-3876-48be-900d-f21b2f0c2ea1 |
Crossplane | High | Encryption | Query details Documentation |
| ELB Using Weak Ciphers a507daa5-0795-4380-960b-dd7bb7c56661 |
Crossplane | High | Encryption | Query details Documentation |
| Neptune Database Cluster Encryption Disabled 83bf5aca-138a-498e-b9cd-ad5bc5e117b4 |
Crossplane | High | Encryption | Query details Documentation |
| DB Security Group Has Public Interface dd667399-8d9d-4a8d-bbb4-e49ab53b2f52 |
Crossplane | High | Insecure Configurations | Query details Documentation |
| SQS With SSE Disabled 9296f1cc-7a40-45de-bd41-f31745488a0e |
Crossplane | Medium | Encryption | Query details Documentation |
| CloudFront Without Minimum Protocol TLS 1.2 255b0fcc-9f82-41fe-9229-01b163e3376b |
Crossplane | Medium | Insecure Configurations | Query details Documentation |
| RDS DB Instance Publicly Accessible d9dc6429-5140-498a-8f55-a10daac5f000 |
Crossplane | Medium | Insecure Configurations | Query details Documentation |
| CloudFront Without WAF 6d19ce0f-b3d8-4128-ac3d-1064e0f00494 |
Crossplane | Medium | Networking and Firewall | Query details Documentation |
| CloudFront Logging Disabled 7b590235-1ff4-421b-b9ff-5227134be9bb |
Crossplane | Medium | Observability | Query details Documentation |
| DocDB Logging Is Disabled e6cd49ba-77ed-417f-9bca-4f5303554308 |
Crossplane | Medium | Observability | Query details Documentation |
| EFS Without KMS bdecd6db-2600-47dd-a10c-72c97cf17ae9 |
Crossplane | Low | Encryption | Query details Documentation |
| ECS Cluster with Container Insights Disabled 0c7a76d9-7dc5-499e-81ac-9245839177cb |
Crossplane | Low | Observability | Query details Documentation |
| CloudWatch Without Retention Period Specified 934613fe-b12c-4e5a-95f5-c1dcdffac1ff |
Crossplane | Info | Observability | Query details Documentation |
| AKS RBAC Disabled b2418936-cd47-4ea2-8346-623c0bdb87bd |
Crossplane | Medium | Access Control | Query details Documentation |
| Redis Cache Allows Non SSL Connections 6c7cfec3-c686-4ed2-bf58-a1ec054b63fc |
Crossplane | Medium | Insecure Configurations | Query details Documentation |
| Google Container Node Pool Auto Repair Disabled b4f65d13-a609-4dc1-af7c-63d2e08bffe9 |
Crossplane | Medium | Insecure Configurations | Query details Documentation |
| Cloud Storage Bucket Logging Not Enabled 6c2d627c-de0f-45fb-b33d-dad9bffbb421 |
Crossplane | Medium | Observability | Query details Documentation |
| Docker Socket Mounted In Container d6355c88-1e8d-49e9-b2f2-f8a1ca12c75b |
DockerCompose | High | Build Process | Query details Documentation |
| Volume Has Sensitive Host Directory 1c1325ff-831d-43a1-973e-839ae57dfcc0 |
DockerCompose | High | Build Process | Query details Documentation |
| Volume Mounted In Multiple Containers baa452f0-1f21-4a25-ace5-844e7a5f410d |
DockerCompose | High | Build Process | Query details Documentation |
| No New Privileges Not Set 27fcc7d6-c49b-46e0-98f1-6c082a6a2750 |
DockerCompose | High | Resource Management | Query details Documentation |
| Privileged Containers Enabled ae5b6871-7f45-42e0-bb4c-ab300c4d2026 |
DockerCompose | High | Resource Management | Query details Documentation |
| Healthcheck Not Set 698ed579-b239-4f8f-a388-baa4bcb13ef8 |
DockerCompose | Medium | Availability | Query details Documentation |
| Cgroup Not Default 4d9f44c6-2f4a-4317-9bb5-267adbea0232 |
DockerCompose | Medium | Build Process | Query details Documentation |
| Restart Policy On Failure Not Set To 5 2fc99041-ddad-49d5-853f-e35e70a48391 |
DockerCompose | Medium | Build Process | Query details Documentation |
| Container Traffic Not Bound To Host Interface 451d79dc-0588-476a-ad03-3c7f0320abb3 |
DockerCompose | Medium | Networking and Firewall | Query details Documentation |
| Privileged Ports Mapped In Container bc2908f3-f73c-40a9-8793-c1b7d5544f79 |
DockerCompose | Medium | Networking and Firewall | Query details Documentation |
| Container Capabilities Unrestricted ce76b7d0-9e77-464d-b86f-c5c48e03e22d |
DockerCompose | Medium | Resource Management | Query details Documentation |
| Default Seccomp Profile Disabled 404fde2c-bc4b-4371-9747-7054132ac953 |
DockerCompose | Medium | Resource Management | Query details Documentation |
| Host Namespace is Shared 4f31dd9f-2cc3-4751-9b53-67e4af83dac0 |
DockerCompose | Medium | Resource Management | Query details Documentation |
| Memory Not Limited bb9ac4f7-e13b-423d-a010-c74a1bfbe492 |
DockerCompose | Medium | Resource Management | Query details Documentation |
| Pids Limit Not Set 221e0658-cb2a-44e3-b08a-db96a341d6fa |
DockerCompose | Medium | Resource Management | Query details Documentation |
| Security Opt Not Set 610e266e-6c12-4bca-9925-1ed0cd29742b |
DockerCompose | Medium | Resource Management | Query details Documentation |
| Shared Host IPC Namespace baa3890f-bed7-46f5-ab8f-1da8fc91c729 |
DockerCompose | Medium | Resource Management | Query details Documentation |
| Shared Host Network Namespace 071a71ff-f868-47a4-ac0b-3c59e4ab5443 |
DockerCompose | Medium | Resource Management | Query details Documentation |
| Shared Host User Namespace 8af7162d-6c98-482f-868e-0d33fb675ca8 |
DockerCompose | Medium | Resource Management | Query details Documentation |
| Cpus Not Limited 6b610c50-99fb-4ef0-a5f3-e312fd945bc3 |
DockerCompose | Low | Resource Management | Query details Documentation |
| Shared Volumes Between Containers 8c978947-0ff6-485c-b0c2-0bfca6026466 |
DockerCompose | Info | Insecure Configurations | Query details Documentation |
| Last User Is 'root' 67fd0c4a-68cf-46d7-8c41-bc9fba7e40ae |
Dockerfile | High | Best Practices | Query details Documentation |
| Missing User Instruction fd54f200-402c-4333-a5a4-36ef6709af2f |
Dockerfile | High | Build Process | Query details Documentation |
| Changing Default Shell Using RUN Command 8a301064-c291-4b20-adcb-403fe7fd95fd |
Dockerfile | Medium | Best Practices | Query details Documentation |
| Image Version Using 'latest' f45ea400-6bbe-4501-9fc7-1c3d75c32067 |
Dockerfile | Medium | Best Practices | Query details Documentation |
| Not Using JSON In CMD And ENTRYPOINT Arguments b86987e1-6397-4619-81d5-8807f2387c79 |
Dockerfile | Medium | Build Process | Query details Documentation |
| Run Using Sudo 8ada6e80-0ade-439e-b176-0b28f6bce35a |
Dockerfile | Medium | Insecure Configurations | Query details Documentation |
| Add Instead of Copy 9513a694-aa0d-41d8-be61-3271e056f36b |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Apt Get Install Pin Version Not Defined 965a08d7-ef86-4f14-8792-4a3b2098937e |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Gem Install Without Version 22cd11f7-9c6c-4f6e-84c0-02058120b341 |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Image Version Not Explicit 9efb0b2d-89c9-41a3-91ca-dcc0aec911fd |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Missing Version Specification In dnf install 93d88cf7-f078-46a8-8ddc-178e03aeacf1 |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Missing Zypper Non-interactive Switch 45e1fca5-f90e-465d-825f-c2cb63fa3944 |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| NPM Install Command Without Pinned Version e36d8880-3f78-4546-b9a1-12f0745ca0d5 |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Unpinned Package Version in Apk Add d3499f6d-1651-41bb-a9a7-de925fea487b |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Unpinned Package Version in Pip Install 02d9c71f-3ee8-4986-9c27-1a20d0d19bfc |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Yum install Without Version 6452c424-1d92-4deb-bb18-a03e95d579c4 |
Dockerfile | Medium | Supply-Chain | Query details Documentation |
| Chown Flag Exists aa93e17f-b6db-4162-9334-c70334e7ac28 |
Dockerfile | Low | Best Practices | Query details Documentation |
| Curl or Wget Instead of Add 4b410d24-1cbe-4430-a632-62c9a931cf1c |
Dockerfile | Low | Best Practices | Query details Documentation |
| Exposing Port 22 (SSH) 5907595b-5b6d-4142-b173-dbb0e73fbff8 |
Dockerfile | Low | Best Practices | Query details Documentation |
| MAINTAINER Instruction Being Used 99614418-f82b-4852-a9ae-5051402b741c |
Dockerfile | Low | Best Practices | Query details Documentation |
| Missing Dnf Clean All 295acb63-9246-4b21-b441-7c1f1fb62dc0 |
Dockerfile | Low | Best Practices | Query details Documentation |
| Missing Zypper Clean 38300d1a-feb2-4a48-936a-d1ef1cd24313 |
Dockerfile | Low | Best Practices | Query details Documentation |
| Multiple RUN, ADD, COPY, Instructions Listed 0008c003-79aa-42d8-95b8-1c2fe37dbfe6 |
Dockerfile | Low | Best Practices | Query details Documentation |
| Pip install Keeping Cached Packages f2f903fb-b977-461e-98d7-b3e2185c6118 |
Dockerfile | Low | Best Practices | Query details Documentation |
| Yum Clean All Missing 00481784-25aa-4a55-8633-3136dfcf4f37 |
Dockerfile | Low | Best Practices | Query details Documentation |
| COPY '--from' References Current FROM Alias cdddb86f-95f6-4fc4-b5a1-483d9afceb2b |
Dockerfile | Low | Build Process | Query details Documentation |
| Copy With More Than Two Arguments Not Ending With Slash 6db6e0c2-32a3-4a2e-93b5-72c35f4119db |
Dockerfile | Low | Build Process | Query details Documentation |
| Multiple CMD Instructions Listed 41c195f4-fc31-4a5c-8a1b-90605538d49f |
Dockerfile | Low | Build Process | Query details Documentation |
| Multiple ENTRYPOINT Instructions Listed 6938958b-3f1a-451c-909b-baeee14bdc97 |
Dockerfile | Low | Build Process | Query details Documentation |
| RUN Instruction Using 'cd' Instead of WORKDIR f4a6bcd3-e231-4acf-993c-aa027be50d2e |
Dockerfile | Low | Build Process | Query details Documentation |
| Same Alias In Different Froms f2daed12-c802-49cd-afed-fe41d0b82fed |
Dockerfile | Low | Build Process | Query details Documentation |
| Update Instruction Alone 9bae49be-0aa3-4de5-bab2-4c3a069e40cd |
Dockerfile | Low | Build Process | Query details Documentation |
| Using Unnamed Build Stages 68a51e22-ae5a-4d48-8e87-b01a323605c9 |
Dockerfile | Low | Build Process | Query details Documentation |
| WORKDIR Path Not Absolute 6b376af8-cfe8-49ab-a08d-f32de23661a4 |
Dockerfile | Low | Build Process | Query details Documentation |
| Healthcheck Instruction Missing b03a748a-542d-44f4-bb86-9199ab4fd2d5 |
Dockerfile | Low | Insecure Configurations | Query details Documentation |
| Shell Running A Pipe Without Pipefail Flag efbf148a-67e9-42d2-ac47-02fa1c0d0b22 |
Dockerfile | Low | Insecure Defaults | Query details Documentation |
| APT-GET Missing Flags To Avoid Manual Input 77783205-c4ca-4f80-bb80-c777f267c547 |
Dockerfile | Low | Supply-Chain | Query details Documentation |
| Missing Flag From Dnf Install 7ebd323c-31b7-4e5b-b26f-de5e9e477af8 |
Dockerfile | Low | Supply-Chain | Query details Documentation |
| Run Using 'wget' and 'curl' fc775e75-fcfb-4c98-b2f2-910c5858b359 |
Dockerfile | Low | Supply-Chain | Query details Documentation |
| Run Using apt b84a0b47-2e99-4c9f-8933-98bcabe2b94d |
Dockerfile | Low | Supply-Chain | Query details Documentation |
| Yum Install Allows Manual Input 6e19193a-8753-436d-8a09-76dcff91bb03 |
Dockerfile | Low | Supply-Chain | Query details Documentation |
| Zypper Install Without Version 562952e4-0348-4dea-9826-44f3a2c6117b |
Dockerfile | Low | Supply-Chain | Query details Documentation |
| Using Platform Flag with FROM Command b16e8501-ef3c-44e1-a543-a093238099c9 |
Dockerfile | Info | Best Practices | Query details Documentation |
| UNIX Ports Out Of Range 71bf8cf8-f0a1-42fa-b9d2-d10525e0a38e |
Dockerfile | Info | Networking and Firewall | Query details Documentation |
| Apk Add Using Local Cache Path ae9c56a6-3ed1-4ac0-9b54-31267f51151d |
Dockerfile | Info | Supply-Chain | Query details Documentation |
| Apt Get Install Lists Were Not Deleted df746b39-6564-4fed-bf85-e9c44382303c |
Dockerfile | Info | Supply-Chain | Query details Documentation |
| APT-GET Not Avoiding Additional Packages 7384dfb2-fcd1-4fbf-91cd-6c44c318c33c |
Dockerfile | Info | Supply-Chain | Query details Documentation |
| Run Utilities And POSIX Commands 9b6b0f38-92a2-41f9-b881-3a1083d99f1b |
Dockerfile | Info | Supply-Chain | Query details Documentation |
| Cloud Storage Anonymous or Publicly Accessible 63ae3638-a38c-4ff4-b616-6e1f72a31a6a |
GoogleDeploymentManager | Critical | Access Control | Query details Documentation |
| BigQuery Dataset Is Public 83103dff-d57f-42a8-bd81-40abab64c1a7 |
GoogleDeploymentManager | High | Access Control | Query details Documentation |
| SQL DB Instance With SSL Disabled 660360d3-9ca7-46d1-b147-3acc4002953f |
GoogleDeploymentManager | High | Encryption | Query details Documentation |
| Client Certificate Disabled dd690686-2bf9-4012-a821-f61912dd77be |
GoogleDeploymentManager | High | Insecure Configurations | Query details Documentation |
| GKE Legacy Authorization Enabled df58d46c-783b-43e0-bdd0-d99164f712ee |
GoogleDeploymentManager | High | Insecure Configurations | Query details Documentation |
| Google Storage Bucket Level Access Disabled 1239f54b-33de-482a-8132-faebe288e6a6 |
GoogleDeploymentManager | High | Insecure Configurations | Query details Documentation |
| MySQL Instance With Local Infile On c759d6f2-4dd3-4160-82d3-89202ef10d87 |
GoogleDeploymentManager | High | Insecure Configurations | Query details Documentation |
| RDP Access Is Not Restricted 50cb6c3b-c878-4b88-b50e-d1421bada9e8 |
GoogleDeploymentManager | High | Networking and Firewall | Query details Documentation |
| Cloud Storage Bucket Is Publicly Accessible 77c1fa3f-83dc-4c9d-bfed-e1d0cc8fd9dc |
GoogleDeploymentManager | Medium | Access Control | Query details Documentation |
| SQL DB Instance Backup Disabled a5bf1a1c-92c7-401c-b4c6-ebdc8b686c01 |
GoogleDeploymentManager | Medium | Backup | Query details Documentation |
| Disk Encryption Disabled fc040fb6-4c23-4c0d-b12a-39edac35debb |
GoogleDeploymentManager | Medium | Encryption | Query details Documentation |
| DNSSEC Using RSASHA1 6d7b121a-a2ed-4e37-bd2f-80d9df1dfd35 |
GoogleDeploymentManager | Medium | Encryption | Query details Documentation |
| Cloud DNS Without DNSSEC 313d6deb-3b67-4948-b41d-35b699c2492e |
GoogleDeploymentManager | Medium | Insecure Configurations | Query details Documentation |
| Cluster Master Authentication Disabled 7ef7d141-9fbb-4679-a977-fd0883436906 |
GoogleDeploymentManager | Medium | Insecure Configurations | Query details Documentation |
| IP Aliasing Disabled 28727987-e398-49b8-aef1-8a3e7789d111 |
GoogleDeploymentManager | Medium | Insecure Configurations | Query details Documentation |
| Network Policy Disabled c47f90e8-4a19-43f0-8413-cc434d286c4e |
GoogleDeploymentManager | Medium | Insecure Configurations | Query details Documentation |
| OSLogin Is Disabled In VM Instance e66e1b71-c810-4b4e-a737-0ab59e7f5e41 |
GoogleDeploymentManager | Medium | Insecure Configurations | Query details Documentation |
| Private Cluster Disabled 48c61fbd-09c9-46cc-a521-012e0c325412 |
GoogleDeploymentManager | Medium | Insecure Configurations | Query details Documentation |
| Shielded VM Disabled 9038b526-4c19-4928-bca2-c03d503bdb79 |
GoogleDeploymentManager | Medium | Insecure Configurations | Query details Documentation |
| Compute Instance Is Publicly Accessible 8212e2d7-e683-49bc-bf78-d6799075c5a7 |
GoogleDeploymentManager | Medium | Networking and Firewall | Query details Documentation |
| GKE Master Authorized Networks Disabled 62c8cf50-87f0-4295-a974-8184ed78fe02 |
GoogleDeploymentManager | Medium | Networking and Firewall | Query details Documentation |
| IP Forwarding Enabled 7c98538a-81c6-444b-bf04-e60bc3ceeec0 |
GoogleDeploymentManager | Medium | Networking and Firewall | Query details Documentation |
| SSH Access Is Not Restricted dee21308-2a7a-49de-8ff7-c9b87e188575 |
GoogleDeploymentManager | Medium | Networking and Firewall | Query details Documentation |
| Bucket Without Versioning 227c2f58-70c6-4432-8e9a-a89c1a548cf5 |
GoogleDeploymentManager | Medium | Observability | Query details Documentation |
| Cloud Storage Bucket Versioning Disabled ad0875c1-0b39-4890-9149-173158ba3bba |
GoogleDeploymentManager | Medium | Observability | Query details Documentation |
| Stackdriver Logging Disabled 95601b9a-7fe8-4aee-9b58-d36fd9382dfc |
GoogleDeploymentManager | Medium | Observability | Query details Documentation |
| Stackdriver Monitoring Disabled bbfc97ab-e92a-4a7b-954c-e88cec815011 |
GoogleDeploymentManager | Medium | Observability | Query details Documentation |
| Node Auto Upgrade Disabled dc5c5fee-6c53-43b0-ab11-4c660e064aaf |
GoogleDeploymentManager | Medium | Resource Management | Query details Documentation |
| Project-wide SSH Keys Are Enabled In VM Instances 6e2b1ec1-1eca-4eb7-9d4d-2882680b4811 |
GoogleDeploymentManager | Medium | Secret Management | Query details Documentation |
| Cluster Labels Disabled 8810968b-4b15-421d-918b-d91eb4bb8d1d |
GoogleDeploymentManager | Low | Insecure Configurations | Query details Documentation |
| COS Node Image Not Used dbe058d7-b82e-430b-8426-992b2e4677e7 |
GoogleDeploymentManager | Low | Insecure Configurations | Query details Documentation |
| Not Proper Email Account In Use a21b8df3-c840-4b3d-a41a-10fb2afda171 |
GoogleDeploymentManager | Low | Insecure Configurations | Query details Documentation |
| BOM - GCP PD 268c65a8-58ad-43e4-9019-1a9bbc56749f |
GoogleDeploymentManager | Trace | Bill Of Materials | Query details Documentation |
| BOM - GCP PST 9ed08714-b2f3-4c6d-8fb0-ac0b74ad71d8 |
GoogleDeploymentManager | Trace | Bill Of Materials | Query details Documentation |
| BOM - GCP SB c7781feb-a955-4f9f-b9cf-0d7c6f54bb59 |
GoogleDeploymentManager | Trace | Bill Of Materials | Query details Documentation |
| Enum Name Not CamelCase daaace5f-c0dc-4835-b526-7a116b7f4b4e |
GRPC | Info | Best Practices | Query details Documentation |
| Serving Revision Spec Without Timeout Seconds e8bb41e4-2f24-4e84-8bea-8c7c070cf93d |
Knative | Info | Insecure Configurations | Query details Documentation |
| Authorization Mode Set To Always Allow f1f4d8da-1ac4-47d0-b1aa-91e69d33f7d5 |
Kubernetes | High | Access Control | Query details Documentation |
| Basic Auth File Is Set 5da47109-f8d6-4585-9e2b-96a8958a12f5 |
Kubernetes | High | Access Control | Query details Documentation |
| Client Certificate Authentication Not Setup Properly e0e00aba-5f1c-4981-a542-9a9563c0ee20 |
Kubernetes | High | Access Control | Query details Documentation |
| Non Kube System Pod With Host Mount aa8f7a35-9923-4cad-bd61-a19b7f6aac91 |
Kubernetes | High | Access Control | Query details Documentation |
| RBAC Wildcard In Rule 6b896afb-ca07-467a-b256-1a0077a1c08e |
Kubernetes | High | Access Control | Query details Documentation |
| Service Account Lookup Set To False a5530bd7-225a-48f9-91bb-f40b04200165 |
Kubernetes | High | Access Control | Query details Documentation |
| Token Auth File Is Set 32ecd76e-7bbf-402e-bf48-8b9485749558 |
Kubernetes | High | Access Control | Query details Documentation |
| Pod Security Policy Admission Control Plugin Not Set afa36afb-39fe-4d94-b9b6-afb236f7a03d |
Kubernetes | High | Build Process | Query details Documentation |
| Cluster Allows Unsafe Sysctls 9127f0d9-2310-42e7-866f-5fd9d20dcbad |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| Container Is Privileged dd29336b-fe57-445b-a26e-e6aa867ae609 |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| Container Runs Unmasked f922827f-aab6-447c-832a-e1ff63312bd3 |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| Containers With Sys Admin Capabilities 235236ee-ad78-4065-bd29-61b061f28ce0 |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| Privilege Escalation Allowed 5572cc5e-1e4c-4113-92a6-7a8a3bd25e6d |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| PSP Allows Containers To Share The Host Network Namespace a33e9173-b674-4dfb-9d82-cf3754816e4b |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| PSP Allows Privilege Escalation 87554eef-154d-411d-bdce-9dbd91e56851 |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| PSP Allows Sharing Host IPC 80f93444-b240-4ebb-a4c6-5c40b76c04ea |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| PSP Set To Privileged c48e57d3-d642-4e0b-90db-37f807b41b91 |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| PSP With Added Capabilities 7307579a-3abb-46ad-9ce5-2a915634d5c8 |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| Shared Host PID Namespace 302736f4-b16c-41b8-befe-c0baffa0bd9d |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| Tiller (Helm v2) Is Deployed 6d173be7-545a-46c6-a81d-2ae52ed1605d |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| Tiller Service Is Not Deleted 8b862ca9-0fbd-4959-ad72-b6609bdaa22d |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| Workload Mounting With Sensitive OS Directory 5308a7a8-06f8-45ac-bf10-791fe21de46e |
Kubernetes | High | Insecure Configurations | Query details Documentation |
| Etcd Peer TLS Certificate Files Not Properly Set 09bb9e96-8da3-4736-b89a-b36814acca60 |
Kubernetes | High | Networking and Firewall | Query details Documentation |
| Insecure Bind Address Set b9380fd3-5ffe-4d10-9290-13e18e71eee1 |
Kubernetes | High | Networking and Firewall | Query details Documentation |
| Insecure Port Not Properly Set fa4def8c-1898-4a35-a139-7b76b1acdef0 |
Kubernetes | High | Networking and Firewall | Query details Documentation |
| Secure Port Set To Zero 3d24b204-b73d-42cb-b0bf-1a5438c5f71e |
Kubernetes | High | Networking and Firewall | Query details Documentation |
| Tiller Deployment Is Accessible From Within The Cluster e17fa86a-6222-4584-a914-56e8f6c87e06 |
Kubernetes | High | Networking and Firewall | Query details Documentation |
| PSP With Unrestricted Access to Host Path de4421f1-4e35-43b4-9783-737dd4e4a47e |
Kubernetes | High | Resource Management | Query details Documentation |
| Volume Mount With OS Directory Write Permissions b7652612-de4e-4466-a0bf-1cd81f0c6063 |
Kubernetes | High | Resource Management | Query details Documentation |
| Always Admit Admission Control Plugin Set ce30e584-b33f-4c7d-b418-a3d7027f8f60 |
Kubernetes | Medium | Access Control | Query details Documentation |
| Anonymous Auth Is Not Set To False 1de5cc51-f376-4638-a940-20f2e85ae238 |
Kubernetes | Medium | Access Control | Query details Documentation |
| Authorization Mode RBAC Not Set 1aa4a1ae-5dbb-48a1-9aa2-630ea4be208e |
Kubernetes | Medium | Access Control | Query details Documentation |
| Docker Daemon Socket is Exposed to Containers a6f34658-fdfb-4154-9536-56d516f65828 |
Kubernetes | Medium | Access Control | Query details Documentation |
| Node Restriction Admission Control Plugin Not Set 33fc6923-6553-4fe6-9d3a-4efa51eb874b |
Kubernetes | Medium | Access Control | Query details Documentation |
| Permissive Access to Create Pods 592ad21d-ad9b-46c6-8d2d-fad09d62a942 |
Kubernetes | Medium | Access Control | Query details Documentation |
| RBAC Roles Allow Privilege Escalation 8320826e-7a9c-4b0b-9535-578333193432 |
Kubernetes | Medium | Access Control | Query details Documentation |
| RBAC Roles with Attach Permission d45330fd-f58d-45fb-a682-6481477a0f84 |
Kubernetes | Medium | Access Control | Query details Documentation |
| RBAC Roles with Exec Permission c589f42c-7924-4871-aee2-1cede9bc7cbc |
Kubernetes | Medium | Access Control | Query details Documentation |
| RBAC Roles with Impersonate Permission 9f85c3f6-26fd-4007-938a-2e0cb0100980 |
Kubernetes | Medium | Access Control | Query details Documentation |
| RBAC Roles with Port-Forwarding Permission 38fa11ef-dbcc-4da8-9680-7e1fd855b6fb |
Kubernetes | Medium | Access Control | Query details Documentation |
| RBAC Roles with Read Secrets Permissions b7bca5c4-1dab-4c2c-8cbe-3050b9d59b14 |
Kubernetes | Medium | Access Control | Query details Documentation |
| Service Account Admission Control Plugin Disabled 9587c890-0524-40c2-9ce2-663af7c2f063 |
Kubernetes | Medium | Access Control | Query details Documentation |
| Use Service Account Credentials Not Set To True 1acd93f1-5a37-45c0-aaac-82ece818be7d |
Kubernetes | Medium | Access Control | Query details Documentation |
| Readiness Probe Is Not Configured a659f3b5-9bf0-438a-bd9a-7d3a6427f1e3 |
Kubernetes | Medium | Availability | Query details Documentation |
| Request Timeout Not Properly Set d89a15bb-8dba-4c71-9529-bef6729b9c09 |
Kubernetes | Medium | Availability | Query details Documentation |
| Terminated Pod Garbage Collector Threshold Not Properly Set 49113af4-29ca-458e-b8d4-724c01a4a24f |
Kubernetes | Medium | Availability | Query details Documentation |
| Container Running As Root cf34805e-3872-4c08-bf92-6ff7bb0cfadb |
Kubernetes | Medium | Best Practices | Query details Documentation |
| Container Running With Low UID 02323c00-cdc3-4fdc-a310-4f2b3e7a1660 |
Kubernetes | Medium | Best Practices | Query details Documentation |
| Root Containers Admitted e3aa0612-4351-4a0d-983f-aefea25cf203 |
Kubernetes | Medium | Best Practices | Query details Documentation |
| Always Pull Images Admission Control Plugin Not Set a77f4d07-c6e0-4a48-8b35-0eeb51576f4f |
Kubernetes | Medium | Build Process | Query details Documentation |
| Incorrect Volume Claim Access Mode ReadWriteOnce 3878dc92-8e5d-47cf-9cdd-7590f71d21b9 |
Kubernetes | Medium | Build Process | Query details Documentation |
| Encryption Provider Config Is Not Defined cbd2db69-0b21-4c14-8a40-7710a50571a9 |
Kubernetes | Medium | Encryption | Query details Documentation |
| Encryption Provider Not Properly Configured 10efce34-5af6-4d83-b414-9e096d5a06a9 |
Kubernetes | Medium | Encryption | Query details Documentation |
| Root CA File Not Defined 05fb986f-ac73-4ebb-a5b2-7faafa93d882 |
Kubernetes | Medium | Encryption | Query details Documentation |
| Service Account Private Key File Not Defined ccc98ff7-68a7-436e-9218-185cb0b0b780 |
Kubernetes | Medium | Encryption | Query details Documentation |
| Weak TLS Cipher Suites 510d5810-9a30-443a-817d-5c1fa527b110 |
Kubernetes | Medium | Encryption | Query details Documentation |
| Authorization Mode Node Not Set 4d7ee40f-fc5d-427d-8cac-dffbe22d42d1 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| Containers With Added Capabilities 19ebaa28-fc86-4a58-bcfa-015c9e22fe40 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| Ingress Controller Exposes Workload 69bbc5e3-0818-4150-89cc-1e989b48f23b |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| Kubelet Protect Kernel Defaults Set To False 6cf42c97-facd-4fda-b8af-ea4529123355 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| NET_RAW Capabilities Disabled for PSP 2270987f-bb51-479f-b8be-3ca73e5ad648 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| NET_RAW Capabilities Not Being Dropped dbbc6705-d541-43b0-b166-dd4be8208b54 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| PSP Allows Sharing Host PID 91dacd0e-d189-4a9c-8272-5999a3cc32d9 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| Seccomp Profile Is Not Configured f377b83e-bd07-4f48-a591-60c82b14a78b |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| Security Context Deny Admission Control Plugin Not Set 6a68bebe-c021-492e-8ddb-55b0567fb768 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| Using Unrecommended Namespace 611ab018-c4aa-4ba2-b0f6-a448337509a6 |
Kubernetes | Medium | Insecure Configurations | Query details Documentation |
| Role Binding To Default Service Account 1e749bc9-fde8-471c-af0c-8254efd2dee5 |
Kubernetes | Medium | Insecure Defaults | Query details Documentation |
| Service Account Name Undefined Or Empty 591ade62-d6b0-4580-b1ae-209f80ba1cd9 |
Kubernetes | Medium | Insecure Defaults | Query details Documentation |
| Service Account Token Automount Not Disabled 48471392-d4d0-47c0-b135-cdec95eb3eef |
Kubernetes | Medium | Insecure Defaults | Query details Documentation |
| Auto TLS Set To True 98ce8b81-7707-4734-aa39-627c6db3d84b |
Kubernetes | Medium | Networking and Firewall | Query details Documentation |
| CNI Plugin Does Not Support Network Policies 03aabc8c-35d6-481e-9c85-20139cf72d23 |
Kubernetes | Medium | Networking and Firewall | Query details Documentation |
| Etcd TLS Certificate Files Not Properly Set 075ca296-6768-4322-aea2-ba5063b969a9 |
Kubernetes | Medium | Networking and Firewall | Query details Documentation |
| Etcd TLS Certificate Not Properly Configured 895a5a95-3756-4b04-9924-2f3bc93181bd |
Kubernetes | Medium | Networking and Firewall | Query details Documentation |
| Kubelet HTTPS Set To False cdc8b54e-6b16-4538-a1b0-35849dbe29cf |
Kubernetes | Medium | Networking and Firewall | Query details Documentation |
| Kubelet Not Managing Ip Tables 5f89001f-6dd9-49ff-9b15-d8cd71b617f4 |
Kubernetes | Medium | Networking and Firewall | Query details Documentation |
| Kubelet Read Only Port Is Not Set To Zero 2940d48a-dc5e-4178-a3f8-bfbd80720b41 |
Kubernetes | Medium | Networking and Firewall | Query details Documentation |
| Kubelet Streaming Connection Timeout Disabled ed89b97d-04e9-4fd4-919f-ee5b27e555e9 |
Kubernetes | Medium | Networking and Firewall | Query details Documentation |
| Peer Auto TLS Set To True ae8827e2-4af9-4baa-9998-87539ae0d6f0 |
Kubernetes | Medium | Networking and Firewall | Query details Documentation |
| Pod Misconfigured Network Policy 0401f71b-9c1e-4821-ab15-a955caa621be |
Kubernetes | Medium | Networking and Firewall | Query details Documentation |
| Service With External Load Balancer 26763a1c-5dda-4772-b507-5fca7fb5f165 |
Kubernetes | Medium | Networking and Firewall | Query details Documentation |
| TSL Connection Certificate Not Setup fa750c81-93c2-4fab-9c6d-d3fd3ce3b89f |
Kubernetes | Medium | Networking and Firewall | Query details Documentation |
| Audit Log Path Not Set 73e251f0-363d-4e53-86e2-0a93592437eb |
Kubernetes | Medium | Observability | Query details Documentation |
| Audit Policy File Not Defined 13a49a2e-488e-4309-a7c0-d6b05577a5fb |
Kubernetes | Medium | Observability | Query details Documentation |
| Memory Limits Not Defined b14d1bc4-a208-45db-92f0-e21f8e2588e9 |
Kubernetes | Medium | Resource Management | Query details Documentation |
| Memory Requests Not Defined 229588ef-8fde-40c8-8756-f4f2b5825ded |
Kubernetes | Medium | Resource Management | Query details Documentation |
| Shared Host IPC Namespace cd290efd-6c82-4e9d-a698-be12ae31d536 |
Kubernetes | Medium | Resource Management | Query details Documentation |
| Shared Host Network Namespace 6b6bdfb3-c3ae-44cb-88e4-7405c1ba2c8a |
Kubernetes | Medium | Resource Management | Query details Documentation |
| Etcd Client Certificate Authentication Set To False 9391103a-d8d7-4671-ac5d-606ba7ccb0ac |
Kubernetes | Medium | Secret Management | Query details Documentation |
| Etcd Client Certificate File Not Defined 3f5ff8a7-5ad6-4d02-86f5-666307da1b20 |
Kubernetes | Medium | Secret Management | Query details Documentation |
| Etcd Peer Client Certificate Authentication Set To False b7d0181d-0a9b-4611-9d1c-1ad4f0b620ff |
Kubernetes | Medium | Secret Management | Query details Documentation |
| Kubelet Certificate Authority Not Set ec18a0d3-0069-4a58-a7fb-fbfe0b4bbbe0 |
Kubernetes | Medium | Secret Management | Query details Documentation |
| Kubelet Client Certificate Or Key Not Set 36a27826-1bf5-49da-aeb0-a60a30c0e834 |
Kubernetes | Medium | Secret Management | Query details Documentation |
| Kubelet Client Periodic Certificate Switch Disabled 52d70f2e-3257-474c-b3dc-8ad9ba6a061a |
Kubernetes | Medium | Secret Management | Query details Documentation |
| Not Unique Certificate Authority cb7e695d-6a85-495c-b15f-23aed2519303 |
Kubernetes | Medium | Secret Management | Query details Documentation |
| Rotate Kubelet Server Certificate Not Active 1c621b8e-2c6a-44f5-bd6a-fb0fb7ba33e2 |
Kubernetes | Medium | Secret Management | Query details Documentation |
| Service Account Key File Not Properly Set dab4ec72-ce2e-4732-b7c3-1757dcce01a1 |
Kubernetes | Medium | Secret Management | Query details Documentation |
| ServiceAccount Allows Access Secrets 056ac60e-fe07-4acc-9b34-8e1d51716ab9 |
Kubernetes | Medium | Secret Management | Query details Documentation |
| Shared Service Account c1032cf7-3628-44e2-bd53-38c17cf31b6b |
Kubernetes | Medium | Secret Management | Query details Documentation |
| Cluster Admin Rolebinding With Superuser Permissions 249328b8-5f0f-409f-b1dd-029f07882e11 |
Kubernetes | Low | Access Control | Query details Documentation |
| Missing AppArmor Profile 8b36775e-183d-4d46-b0f7-96a6f34a723f |
Kubernetes | Low | Access Control | Query details Documentation |
| Deployment Without PodDisruptionBudget b23e9b98-0cb6-4fc9-b257-1f3270442678 |
Kubernetes | Low | Availability | Query details Documentation |
| Event Rate Limit Admission Control Plugin Not Set e0099af2-fe17-411f-9991-0de28fe15f3c |
Kubernetes | Low | Availability | Query details Documentation |
| HPA Targets Invalid Object 2f652c42-619d-4361-b361-9f599688f8ca |
Kubernetes | Low | Availability | Query details Documentation |
| StatefulSet Without PodDisruptionBudget 1db3a5a5-bf75-44e5-9e44-c56cfc8b1ac5 |
Kubernetes | Low | Availability | Query details Documentation |
| StatefulSet Without Service Name bb241e61-77c3-4b97-9575-c0f8a1e008d0 |
Kubernetes | Low | Availability | Query details Documentation |
| Metadata Label Is Invalid 1123031a-f921-4c5b-bd86-ef354ecfd37a |
Kubernetes | Low | Best Practices | Query details Documentation |
| No Drop Capabilities for Containers 268ca686-7fb7-4ae9-b129-955a2a89064e |
Kubernetes | Low | Best Practices | Query details Documentation |
| Object Is Using A Deprecated API Version 94b76ea5-e074-4ca2-8a03-c5a606e30645 |
Kubernetes | Low | Best Practices | Query details Documentation |
| Image Policy Webhook Admission Control Plugin Not Set 14abda69-8e91-4acb-9931-76e2bee90284 |
Kubernetes | Low | Build Process | Query details Documentation |
| Namespace Lifecycle Admission Control Plugin Disabled 1ffe7bf7-563b-4b3d-a71d-ba6bd8d49b37 |
Kubernetes | Low | Build Process | Query details Documentation |
| Root Container Not Mounted Read-only a9c2f49d-0671-4fc9-9ece-f4e261e128d0 |
Kubernetes | Low | Build Process | Query details Documentation |
| StatefulSet Requests Storage 8cf4671a-cf3d-46fc-8389-21e7405063a2 |
Kubernetes | Low | Build Process | Query details Documentation |
| Dashboard Is Enabled d2ad057f-0928-41ef-a83c-f59203bb855b |
Kubernetes | Low | Insecure Configurations | Query details Documentation |
| Image Pull Policy Of The Container Is Not Set To Always caa3479d-885d-4882-9aac-95e5e78ef5c2 |
Kubernetes | Low | Insecure Configurations | Query details Documentation |
| Image Without Digest 7c81d34c-8e5a-402b-9798-9f442630e678 |
Kubernetes | Low | Insecure Configurations | Query details Documentation |
| Kubelet Hostname Override Is Set bf36b900-b5ef-4828-adb7-70eb543b7cfb |
Kubernetes | Low | Insecure Configurations | Query details Documentation |
| Pod or Container Without LimitRange 4a20ebac-1060-4c81-95d1-1f7f620e983b |
Kubernetes | Low | Insecure Configurations | Query details Documentation |
| Pod or Container Without ResourceQuota 48a5beba-e4c0-4584-a2aa-e6894e4cf424 |
Kubernetes | Low | Insecure Configurations | Query details Documentation |
| Pod or Container Without Security Context a97a340a-0063-418e-b3a1-3028941d0995 |
Kubernetes | Low | Insecure Configurations | Query details Documentation |
| Service Does Not Target Pod 3ca03a61-3249-4c16-8427-6f8e47dda729 |
Kubernetes | Low | Insecure Configurations | Query details Documentation |
| Network Policy Is Not Targeting Any Pod 85ab1c5b-014e-4352-b5f8-d7dea3bb4fd3 |
Kubernetes | Low | Networking and Firewall | Query details Documentation |
| Service Type is NodePort 845acfbe-3e10-4b8e-b656-3b404d36dfb2 |
Kubernetes | Low | Networking and Firewall | Query details Documentation |
| Workload Host Port Not Specified 2b1836f1-dcce-416e-8e16-da8c71920633 |
Kubernetes | Low | Networking and Firewall | Query details Documentation |
| Audit Log Maxage Not Properly Set da9f3aa8-fbfb-472f-b5a1-576127944218 |
Kubernetes | Low | Observability | Query details Documentation |
| Audit Log Maxbackup Not Properly Set 768aab52-2504-4a2f-a3e3-329d5a679848 |
Kubernetes | Low | Observability | Query details Documentation |
| Audit Log Maxsize Not Properly Set 35c0a471-f7c8-4993-aa2c-503a3c712a66 |
Kubernetes | Low | Observability | Query details Documentation |
| Audit Policy Not Cover Key Security Concerns 1828a670-5957-4bc5-9974-47da228f75e2 |
Kubernetes | Low | Observability | Query details Documentation |
| Kubelet Event QPS Not Properly Set 1a07a446-8e61-4e4d-bc16-b0781fcb8211 |
Kubernetes | Low | Observability | Query details Documentation |
| Profiling Not Set To False 2f491173-6375-4a84-b28e-a4e2b9a58a69 |
Kubernetes | Low | Observability | Query details Documentation |
| CPU Limits Not Set 4ac0e2b7-d2d2-4af7-8799-e8de6721ccda |
Kubernetes | Low | Resource Management | Query details Documentation |
| CPU Requests Not Set ca469dd4-c736-448f-8ac1-30a642705e0a |
Kubernetes | Low | Resource Management | Query details Documentation |
| CronJob Deadline Not Configured 192fe40b-b1c3-448a-aba2-6cc19a300fe3 |
Kubernetes | Low | Resource Management | Query details Documentation |
| Deployment Has No PodAntiAffinity a31b7b82-d994-48c4-bd21-3bab6c31827a |
Kubernetes | Low | Resource Management | Query details Documentation |
| StatefulSet Has No PodAntiAffinity d740d048-8ed3-49d3-b77b-6f072f3b669e |
Kubernetes | Low | Resource Management | Query details Documentation |
| Secrets As Environment Variables 3d658f8b-d988-41a0-a841-40043121de1e |
Kubernetes | Low | Secret Management | Query details Documentation |
| Invalid Image Tag 583053b7-e632-46f0-b989-f81ff8045385 |
Kubernetes | Low | Supply-Chain | Query details Documentation |
| Ensure Administrative Boundaries Between Resources e84eaf4d-2f45-47b2-abe8-e581b06deb66 |
Kubernetes | Info | Access Control | Query details Documentation |
| HPA Targeted Deployments With Configured Replica Count 5744cbb8-5946-4b75-a196-ade44449525b |
Kubernetes | Info | Availability | Query details Documentation |
| Liveness Probe Is Not Defined ade74944-a674-4e00-859e-c6eab5bde441 |
Kubernetes | Info | Availability | Query details Documentation |
| Not Limited Capabilities For Pod Security Policy caa93370-791f-4fc6-814b-ba6ce0cb4032 |
Kubernetes | Info | Insecure Configurations | Query details Documentation |
| Bind Address Not Properly Set 46a2e9ec-6a5f-4faa-9d39-4ea44d5d87a2 |
Kubernetes | Info | Networking and Firewall | Query details Documentation |
| Using Kubernetes Native Secret Management b9c83569-459b-4110-8f79-6305aa33cb37 |
Kubernetes | Info | Secret Management | Query details Documentation |
| Security Definitions Undefined or Empty e3f026e8-fdb4-4d5a-bcfd-bd94452073fe |
OpenAPI | High | Access Control | Query details Documentation |
| Security Requirement Not Defined In Security Definition a599b0d1-ff89-4cb8-9ece-9951854c06f6 |
OpenAPI | High | Structure and Semantics | Query details Documentation |
| Global Security Using Password Flow 2da46be4-4317-4650-9285-56d7103c4f93 |
OpenAPI | Medium | Access Control | Query details Documentation |
| Implicit Flow in OAuth2 (v2) e9817ad8-a8c9-4038-8a2f-db0e6e7b284b |
OpenAPI | Medium | Access Control | Query details Documentation |
| Invalid OAuth2 Authorization URL (v2) 33d96c65-977d-4c33-943f-440baca49185 |
OpenAPI | Medium | Access Control | Query details Documentation |
| Invalid OAuth2 Token URL (v2) 274f910a-0665-4f08-b66d-7058fe927dba |
OpenAPI | Medium | Access Control | Query details Documentation |
| Operation Using Basic Auth ceefb058-8065-418f-9c4c-584a78c7e104 |
OpenAPI | Medium | Access Control | Query details Documentation |
| Operation Using Implicit Flow f42dfe7e-787d-4478-a75e-a5f3d8a2269e |
OpenAPI | Medium | Access Control | Query details Documentation |
| Operation Using Password Flow 2e44e632-d617-43cb-b294-6bfe72a08938 |
OpenAPI | Medium | Access Control | Query details Documentation |
| Security Definitions Allows Password Flow 773116aa-2e6d-416f-bd85-f0301cc05d76 |
OpenAPI | Medium | Access Control | Query details Documentation |
| Security Definitions Using Basic Auth 221015a8-aa2a-43f5-b00b-ad7d2b1d47a8 |
OpenAPI | Medium | Access Control | Query details Documentation |
| Global Schemes Uses HTTP f30ee711-0082-4480-85ab-31d922d9a2b2 |
OpenAPI | Medium | Encryption | Query details Documentation |
| Path Scheme Accepts HTTP (v2) a6847dc6-f4ea-45ac-a81f-93291ae6c573 |
OpenAPI | Medium | Encryption | Query details Documentation |
| Schemes Uses HTTP a46928f1-43d7-4671-94e0-2dd99746f389 |
OpenAPI | Medium | Encryption | Query details Documentation |
| Operation Object Without 'consumes' 0c79e50e-b3cf-490c-b8f6-587c644d4d0c |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| Operation Object Without 'produces' be3e170e-1572-461e-a8b6-d963def581ec |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| Non OAuth2 Security Requirement Defining OAuth2 Scopes ba239cb9-f342-4c20-812d-7b5a2aa6969e |
OpenAPI | Medium | Structure and Semantics | Query details Documentation |
| Undefined Scope 'securityDefinition' On 'security' Field On Operations 3847280c-9193-40bc-8009-76168e822ce2 |
OpenAPI | Low | Access Control | Query details Documentation |
| Undefined Scope 'securityDefinition' On Global 'security' Field 9aa6e95c-d964-4239-a3a8-9f37a3c5a31f |
OpenAPI | Low | Access Control | Query details Documentation |
| Constraining Enum Property be1d8733-3731-40c7-a845-734741c6871d |
OpenAPI | Info | Best Practices | Query details Documentation |
| Global Parameter Definition Not Being Used b30981fa-a12e-49c7-a5bb-eeafb61d0f0f |
OpenAPI | Info | Best Practices | Query details Documentation |
| Global Responses Definition Not Being Used 0b76d993-ee52-43e0-8b39-3787d2ddabf1 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Global Schema Definition Not Being Used 6d2e0790-cc3d-4c74-b973-d4e8b09f4455 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Invalid Media Type Value (v2) f985a7d2-d404-4a7f-9814-f645f791e46e |
OpenAPI | Info | Best Practices | Query details Documentation |
| Operation Summary Too Long d47940ca-5970-45cc-bdd1-4d81398cee1f |
OpenAPI | Info | Best Practices | Query details Documentation |
| Schema with 'additionalProperties' set as Boolean 3a01790c-ebee-4da6-8fd3-e78657383b75 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Unknown Prefix (v2) 3b615f00-c443-4ba9-acc4-7c308716917d |
OpenAPI | Info | Best Practices | Query details Documentation |
| BasePath With Wrong Format b4803607-ed72-4d60-99e2-3fa6edf471c6 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Body Parameter With Wrong Property c38d630d-a415-4e3e-bac2-65475979ba88 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Body Parameter Without Schema ed48229d-d43e-4da7-b453-5f98d964a57a |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| File Parameter With Wrong Consumes Property 7f91992f-b4c8-43bf-9bf9-fae9ecdb6e3a |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Host With Invalid Pattern 3d7d7b6c-fb0a-475e-8a28-c125e30d15f0 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Multi 'collectionformat' Not Valid For 'in' Parameter 750f6448-27c0-49f8-a153-b81735c1e19c |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Multiple Body Parameters In The Same Operation b90033cf-ad9f-4fb9-acd1-1b9d6d278c87 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Non Body Parameter Without Schema 73c3bc54-3cc6-4c0a-b30a-e19f2abfc951 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Object Without Required Property (v2) 5e5ecb9d-04b5-4e4f-b5a5-6ee04279b275 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Operation Example Mismatch Produces MimeType 2cf35b40-ded3-43d6-9633-c8dcc8bcc822 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Operation Object Parameters With 'body' And 'formatData' locations eb3f9744-d24e-4614-b1ff-2a9514eca21c |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Parameter File Type Not In 'formData' c3cab8c4-6c52-47a9-942b-c27f26fbd7d2 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Parameter JSON Reference Does Not Exist (v2) fb889ae9-2d16-40b5-b41f-9da716c5abc1 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Parameter Object With Incorrect Ref (v2) 2596545e-1757-4ff7-a15a-8a9a180a42f3 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Property Not Unique 750b40be-4bac-4f59-bdc4-1ca0e6c3450e |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Response Object With Incorrect Ref (v2) bccfa089-89e4-47e0-a0e5-185fe6902220 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Responses JSON Reference Does Not Exists (v2) e9db5fb4-6a84-4abb-b4af-3b94fbdace6d |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema JSON Reference Does Not Exist (v2) 98295b32-ec09-4b5b-89a9-39853197f914 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema Object Incorrect Ref (v2) 0220e1c5-65d1-49dd-b7c2-cef6d6cb5283 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Unknown Property (v2) 429b2106-ba37-43ba-9727-7f699cc611e1 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Cleartext Credentials With Basic Authentication For Operation 86b1fa30-9790-4980-994d-a27e0f6f27c1 |
OpenAPI | Medium | Access Control | Query details Documentation |
| Field 'securityScheme' On Components Is Undefined 8db5544e-4874-4baa-9322-e9f75a2d219e |
OpenAPI | Medium | Access Control | Query details Documentation |
| Global Security Scheme Using Basic Authentication 77276d82-4f45-4cf1-8e2b-4d345b936228 |
OpenAPI | Medium | Access Control | Query details Documentation |
| Invalid OAuth2 Authorization URL (v3) 52c0d841-60d6-4a81-88dd-c35fef36d315 |
OpenAPI | Medium | Access Control | Query details Documentation |
| Invalid OAuth2 Token URL (v3) 3ba0cca1-b815-47bf-ac62-1e584eb64a05 |
OpenAPI | Medium | Access Control | Query details Documentation |
| OAuth2 With Implicit Flow 39cb32f2-3a42-4af0-8037-82a7a9654b6c |
OpenAPI | Medium | Access Control | Query details Documentation |
| OAuth2 With Password Flow 3979b0a4-532c-4ea7-86e4-34c090eaa4f2 |
OpenAPI | Medium | Access Control | Query details Documentation |
| Security Scheme HTTP Unknown Scheme 06764426-3c56-407e-981f-caa25db1c149 |
OpenAPI | Medium | Access Control | Query details Documentation |
| Global Server Object Uses HTTP 2d8c175a-6d90-412b-8b0e-e034ea49a1fe |
OpenAPI | Medium | Encryption | Query details Documentation |
| Path Server Object Uses HTTP (v3) 9670f240-7b4d-4955-bd93-edaa9fa38b58 |
OpenAPI | Medium | Encryption | Query details Documentation |
| Media Type Object Without Schema f79b9d26-e945-44e7-98a1-b93f0f7a68a0 |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| Parameter Object Without Schema 8fe1846f-52cc-4413-ace9-1933d7d23672 |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| Header Object Without Schema 50de3b5b-6465-4e06-a9b0-b4c2ba34326b |
OpenAPI | Medium | Networking and Firewall | Query details Documentation |
| API Key Exposed In Global Security Scheme 40e1d1bf-11a9-4f63-a3a2-a8b84c602839 |
OpenAPI | Low | Access Control | Query details Documentation |
| Security Scheme Using HTTP Basic 68e5fcac-390c-4939-a373-6074b7be7c71 |
OpenAPI | Low | Access Control | Query details Documentation |
| Security Scheme Using HTTP Digest a4247b11-890b-45df-bf42-350a7a3af9be |
OpenAPI | Low | Access Control | Query details Documentation |
| Security Scheme Using HTTP Negotiate f525cc92-9050-4c41-a75c-890dc6f64449 |
OpenAPI | Low | Access Control | Query details Documentation |
| Security Scheme Using Oauth 1.0 1bc3205c-0d60-44e6-84f3-44fbf4dac5b3 |
OpenAPI | Low | Access Control | Query details Documentation |
| Undefined Scope 'securityScheme' On 'security' Field On Operations 462d6a1d-fed9-4d75-bb9e-3de902f35e6e |
OpenAPI | Low | Access Control | Query details Documentation |
| Undefined Scope 'securityScheme' On Global 'security' Field 23a9e2d9-8738-4556-a71c-2802b6ffa022 |
OpenAPI | Low | Access Control | Query details Documentation |
| Additional Properties Too Permissive 9f88c88d-824d-4d9a-b985-e22977046042 |
OpenAPI | Low | Insecure Configurations | Query details Documentation |
| Additional Properties Too Restrictive a19c3bbd-c056-40d7-9e1c-eeb0634e320d |
OpenAPI | Low | Insecure Configurations | Query details Documentation |
| Success Response Code Undefined for Trace Operation 105e20dd-8449-4d71-95c6-d5dac96639af |
OpenAPI | Low | Networking and Firewall | Query details Documentation |
| Components Callback Definition Is Unused d15db953-a553-4b8a-9a14-a3d62ea3d79d |
OpenAPI | Info | Best Practices | Query details Documentation |
| Components Example Definition Is Unused b05bb927-2df5-43cc-8d7b-6825c0e71625 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Components Header Definition Is Unused a68da022-e95a-4bc2-97d3-481e0bd6d446 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Components Link Definition Is Unused c19779a9-5774-4d2f-a3a1-a99831730375 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Components Parameter Definition Is Unused 698a464e-bb3e-4ba8-ab5e-e6599b7644a0 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Components Request Body Definition Is Unused 6b76f589-9713-44ab-97f5-59a3dba1a285 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Components Response Definition Is Unused 9c3ea128-7e9a-4b4c-8a32-75ad17a2d3ae |
OpenAPI | Info | Best Practices | Query details Documentation |
| Components Schema Definition Is Unused 962fa01e-b791-4dcc-b04a-4a3e7389be5e |
OpenAPI | Info | Best Practices | Query details Documentation |
| Encoding Header 'Content-Type' Improperly Defined 4cd8de87-b595-48b6-ab3c-1904567135ab |
OpenAPI | Info | Best Practices | Query details Documentation |
| Invalid Media Type Value (v3) cf4a5f45-a27b-49df-843a-9911dbfe71d4 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Property 'allowEmptyValue' Ignored 59c2f769-7cc2-49c8-a3de-4e211135cfab |
OpenAPI | Info | Best Practices | Query details Documentation |
| Property 'allowReserved' of Encoding Object Ignored 4190dda7-af03-4cf0-a128-70ac1661ca09 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Property 'explode' of Encoding Object Ignored a4dd69b8-49fa-45d2-a060-c76655405b05 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Property 'style' of Encoding Object Ignored d3ea644a-9a5c-4fee-941f-f8a6786c0470 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Unknown Prefix (v3) a5375be3-521c-43bb-9eab-e2432e368ee4 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Callback JSON Reference Does Not Exist f29904c8-6041-4bca-b043-dfa0546b8079 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Callback Object With Incorrect Ref ba066cda-e808-450d-92b6-f29109754d45 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Components Object Fixed Field Key Improperly Named 151331e2-11f4-4bb6-bd35-9a005e695087 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Empty Array 5915c20f-dffa-4cee-b5d4-f457ddc0151a |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Encoding Map Key Mismatch Schema Defined Properties cd7a52cf-8d7f-4cfe-bbeb-6306d23f576b |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Example JSON Reference Does Not Exist 6a2c219f-da5e-4745-941e-5ea8cde23356 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Example JSON Reference Outside Components Examples bac56e3c-1f71-4a74-8ae6-2fba07efcddb |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Header JSON Reference Does Not Exist 376c9390-7e9e-4cb8-a067-fd31c05451fd |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Header Object With Incorrect Ref 2d6646f4-2946-420f-8c14-3232d49ae0cb |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Invalid Content Type For Multiple Files Upload 26f06397-36d8-4ce7-b993-17711261d777 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Link JSON Reference Does Not Exist 801f0c6a-a834-4467-89c6-ddecffb46b5a |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Link Object Incorrect Ref b9db8a10-020c-49ca-88c6-780e5fdb4328 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Link Object OperationId Does Not Target Operation Object c5bb7461-aa57-470b-a714-3bc3d74f4669 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Link Object With Both 'operationId' And 'operationRef' 60fb6621-9f02-473b-9424-ba9a825747d3 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Object Without Required Property (v3) d172a060-8569-4412-8045-3560ebd477e8 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Parameter JSON Reference Does Not Exist (v3) 2e275f16-b627-4d3f-ae73-a6153a23ae8f |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Parameter Object Content With Multiple Entries 8bfed1c6-2d59-4924-bc7f-9b9d793ed0df |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Parameter Object With Incorrect Ref (v3) d40f27e6-15fb-4b56-90f8-fc0ff0291c51 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Parameter Object With Schema And Content 31dd6fc0-f274-493b-9614-e063086c19fc |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Parameter Object With Undefined Type 46facedc-f243-4108-ab33-583b807d50b0 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Property 'allowReserved' Improperly Defined 7f203940-39c4-4ea7-91ee-7aba16bca9e2 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Request Body JSON Reference Does Not Exist ca02f4e8-d3ae-4832-b7db-bb037516d9e7 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Request Body Object With Incorrect Media Type 58f06434-a88c-4f74-826c-db7e10cc7def |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Request Body With Incorrect Ref 0f6cd0ab-c366-4595-84fc-fbd8b9901e4d |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Response JSON Reference Does Not Exist (v3) 7a01dfbd-da62-4165-aed7-71349ad42ab4 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Response Object With Incorrect Ref (v3) b3871dd8-9333-4d6c-bd52-67eb898b71ab |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema JSON Reference Does Not Exist (v3) 015eac96-6313-43c0-84e5-81b1374fa637 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema Object Incorrect Ref (v3) 4cac7ace-b0fb-477d-830d-65395d9109d9 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema With Both ReadOnly And WriteOnly d2361d58-361c-49f0-9e50-b957fd608b29 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Security Field Undefined ab1263c2-81df-46f0-9f2c-0b62fdb68419 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Security Operation Field Undefined 20a482d5-c5d9-4a7a-b7a4-60d0805047b4 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Security Requirement Object With Wrong Scopes 37140f7f-724a-4c87-a536-e9cee1d61533 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Server Object Variable Not Used 8aee4754-970d-4c5f-8142-a49dfe388b1a |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Server URL Not Absolute a0bf7382-5d5a-4224-924c-3db8466026c9 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Server URL Uses Undefined Variables 8d0921d6-4131-461f-a253-99e873f8f77e |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Servers Array Undefined c66ebeaa-676c-40dc-a3ff-3e49395dcd5e |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Unknown Property (v3) fb7d81e7-4150-48c4-b914-92fc05da6a2f |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Global Security Field Has An Empty Array (v2) da31d54b-ad54-41dc-95eb-8b3828629213 |
OpenAPI | High | Access Control | Security object need to have defined rules in its array and rules should be defined on securityScheme Documentation |
| Global Security Field Has An Empty Array (v3) d674aea4-ba8b-454b-bb97-88a772ea33f0 |
OpenAPI | High | Access Control | Query details Documentation |
| Global security field has an empty object (v2) 292919fb-7b26-4454-bee9-ce29094768dd |
OpenAPI | High | Access Control | Global security definition must not have empty objects Documentation |
| Global security field has an empty object (v3) 543e38f4-1eee-479e-8eb0-15257013aa0a |
OpenAPI | High | Access Control | Query details Documentation |
| Global Security Field Is Undefined (v2) 74703c89-0ea2-49ab-a7db-bf04f19f5a57 |
OpenAPI | High | Access Control | Global security field should be defined to prevent API to have insecure paths and have this rules defined on securityDefinitions Documentation |
| Global Security Field Is Undefined (v3) 8af270ce-298b-4405-9922-82a10aee7a4f |
OpenAPI | High | Access Control | Query details Documentation |
| No Global And Operation Security Defined (v2) 586abcee-9653-462d-ad7b-2638a32bd6e6 |
OpenAPI | High | Access Control | All paths should have security scheme, if it is omitted, global security field should be defined Documentation |
| No Global And Operation Security Defined (v3) 96729c6b-7400-4d9e-9807-17f00cdde4d2 |
OpenAPI | High | Access Control | Query details Documentation |
| Security Field On Operations Has An Empty Array (v2) 5d29effc-5d68-481f-9721-d74e5919226b |
OpenAPI | High | Access Control | Security object for operations, if defined, must define a security scheme, otherwise it should be considered an error Documentation |
| Security Field On Operations Has An Empty Array (v3) 663c442d-f918-4f62-b096-0bf5dcbeb655 |
OpenAPI | High | Access Control | Query details Documentation |
| Security Field On Operations Has An Empty Object Definition (v2) 74581e3b-1d55-4323-a139-5959a7b3abc5 |
OpenAPI | High | Access Control | Security object for operations should not be empty object or has any empty object definition Documentation |
| Security Field On Operations Has An Empty Object Definition (v3) baade968-7467-41e4-bf22-83ca222f5800 |
OpenAPI | High | Access Control | Query details Documentation |
| Array Without Maximum Number of Items (v2) 99eb2c95-2040-4104-9e7c-e16f7474d218 |
OpenAPI | Medium | Insecure Configurations | Array schema/parameter should have the field 'maxItems' set Documentation |
| Array Without Maximum Number of Items (v3) 6998389e-66b2-473d-8d05-c8d71ac4d04d |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| JSON Object Schema Without Properties (v2) 3d28f751-bc18-4f83-ace0-216b6086410b |
OpenAPI | Medium | Insecure Configurations | Schema of the JSON object should have properties defined and 'additionalProperties' set to false. Documentation |
| JSON Object Schema Without Properties (v3) 9d967a2b-9d64-41a6-abea-dfc4960299bd |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| JSON Object Schema Without Type (v2) 62d52544-82ef-4b75-8308-cad49d50212b |
OpenAPI | Medium | Insecure Configurations | Schema of the JSON object should have 'type' defined. Documentation |
| JSON Object Schema Without Type (v3) e2ffa504-d22a-4c94-b6c5-f661849d2db7 |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| Pattern Undefined (v2) afde15cf-9444-4126-8c62-41cd79db1d1d |
OpenAPI | Medium | Insecure Configurations | String schema/parameter/header should have 'pattern' defined. Documentation |
| Pattern Undefined (v3) 00b78adf-b83f-419c-8ed8-c6018441dd3a |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| Schema Object is Empty (v2) 967575e5-eb44-4c24-aadb-7e33608ed30a |
OpenAPI | Medium | Insecure Configurations | The Schema Object should not be empty to avoid accepting any JSON values Documentation |
| Schema Object is Empty (v3) 500ce696-d501-41dd-86eb-eceb011a386f |
OpenAPI | Medium | Insecure Configurations | Query details Documentation |
| Response on operations that should have a body has undefined schema (v2) 31afbcb7-70e0-48bb-a31a-3374f95cf859 |
OpenAPI | Medium | Networking and Firewall | If a response is not head or its code is not 204 or 304, it should have a schema defined Documentation |
| Response on operations that should have a body has undefined schema (v3) a92be1d5-d762-484a-86d6-8cd0907ba100 |
OpenAPI | Medium | Networking and Firewall | Query details Documentation |
| API Key Exposed In Global Security (v2) 533a0d13-6e89-4551-ae33-bce14e5849c1 |
OpenAPI | Low | Access Control | API Keys should be transported using a secure method such as HTTPS. Define a security scheme that uses a secure method to transport the API key. Documentation |
| API Key Exposed In Global Security (v3) aecee30b-8ea1-4776-a99c-d6d600f0862f |
OpenAPI | Low | Access Control | Query details Documentation |
| API Key Exposed In Operation Security (v2) 392599e4-a4e2-403d-bc56-3fe05755782d |
OpenAPI | Low | Access Control | API Keys should be transported using a secure method such as HTTPS. Define a security scheme that uses a secure method to transport the API key. Documentation |
| API Key Exposed In Operation Security (v3) 281b8071-6226-4a43-911d-fec246d422c2 |
OpenAPI | Low | Access Control | Query details Documentation |
| Array Items Has No Type (v2) 8697a1a4-82c6-4603-8ac8-57529756744e |
OpenAPI | Low | Insecure Configurations | Schema/Parameter array items type should be defined Documentation |
| Array Items Has No Type (v3) be0e0df7-f3d9-42a1-9b6f-d425f94872c4 |
OpenAPI | Low | Insecure Configurations | Query details Documentation |
| Invalid Format (v2) caf1793e-95dd-4b18-8d90-8f3c0ab5bddf |
OpenAPI | Low | Insecure Configurations | The format should be valid for the type defined. For integer type must be int32 or int64 and number type must be float or double Documentation |
| Invalid Format (v3) d929c031-078f-4241-b802-e224656ad890 |
OpenAPI | Low | Insecure Configurations | Query details Documentation |
| Maximum Length Undefined (v2) 2ec86e48-ab90-4cb6-a131-0502afd1f442 |
OpenAPI | Low | Insecure Configurations | String schema/parameter/header should have 'maxLength' defined. Documentation |
| Maximum Length Undefined (v3) 8c8261c2-19a9-4ef7-ad37-b8bc7bdd4d85 |
OpenAPI | Low | Insecure Configurations | Query details Documentation |
| Numeric Schema Without Format (v2) 3ed8fc82-c2bb-49e0-811f-c53923674c49 |
OpenAPI | Low | Insecure Configurations | Numeric schema (type set to 'integer' or 'number') should have 'format' defined. Documentation |
| Numeric Schema Without Format (v3) fbf699b5-ef74-4542-9cf1-f6eeac379373 |
OpenAPI | Low | Insecure Configurations | Query details Documentation |
| Numeric Schema Without Maximum (v2) 203eee11-15b6-4d47-b888-4c7f534967ee |
OpenAPI | Low | Insecure Configurations | Numeric schema (type set to 'integer' or 'number') should have 'maximum' defined. Documentation |
| Numeric Schema Without Maximum (v3) 2ea04bef-c769-409e-9179-ee3a50b5c0ac |
OpenAPI | Low | Insecure Configurations | Query details Documentation |
| Numeric Schema Without Minimum (v2) efd1dfc8-da91-4909-a3f3-c23abc5ec799 |
OpenAPI | Low | Insecure Configurations | Numeric schema (type set to 'integer' or 'number') should have 'minimum' defined. Documentation |
| Numeric Schema Without Minimum (v3) 181bd815-767e-4e95-a24d-bb3c87328e19 |
OpenAPI | Low | Insecure Configurations | Query details Documentation |
| String Schema with Broad Pattern (v2) e4a019f0-9af3-49c8-bf68-1939a6ff240d |
OpenAPI | Low | Insecure Configurations | String schema should restrict the pattern Documentation |
| String Schema with Broad Pattern (v3) 8c81d6c0-716b-49ec-afa5-2d62da4e3f3c |
OpenAPI | Low | Insecure Configurations | Query details Documentation |
| Default Response Undefined On Operations (v2) 5f34c7ae-4f3f-4cbb-8fe3-a11d6961062f |
OpenAPI | Low | Networking and Firewall | Operations responses should have a default response defined Documentation |
| Default Response Undefined On Operations (v3) 86e3702f-c868-44b2-b61d-ea5316c18110 |
OpenAPI | Low | Networking and Firewall | Query details Documentation |
| Response Code Missing (v2) 6e96ed39-bf45-4089-99ba-f1fe7cf6966f |
OpenAPI | Low | Networking and Firewall | 500, 429 and 400 responses should be defined for all operations, except head operation. 415 response should be defined for the post, put, and patch operations. 404 response should be defined for the get, put, head, delete operations. 200 response should be defined for options operation. 401 and 403 response should be defined for all operations when the security field is defined. Documentation |
| Response Code Missing (v3) 6c35d2c6-09f2-4e5c-a094-e0e91327071d |
OpenAPI | Low | Networking and Firewall | Query details Documentation |
| Response on operations that should not have a body has declared content (v2) 268defd2-2839-4e15-8cbc-de86eb38c231 |
OpenAPI | Low | Networking and Firewall | If a response is head or its code is 204 or 304, it shouldn't have a schema defined Documentation |
| Response on operations that should not have a body has declared content (v3) 12a7210b-f4b4-47d0-acac-0a819e2a0ca3 |
OpenAPI | Low | Networking and Firewall | Query details Documentation |
| Success Response Code Undefined for Delete Operation (v2) ad432855-b7fb-4429-92a3-93b5ce34f0b1 |
OpenAPI | Low | Networking and Firewall | Delete should define at least one success response (200, 201, 202 or 204) Documentation |
| Success Response Code Undefined for Delete Operation (v3) 3b497874-ae59-46dd-8d72-1868a3b8f150 |
OpenAPI | Low | Networking and Firewall | Query details Documentation |
| Success Response Code Undefined for Get Operation (v2) 9b633f3b-c94b-4fbb-a65b-1a4e9134fb63 |
OpenAPI | Low | Networking and Firewall | Get should define at least one success response (200 or 202) Documentation |
| Success Response Code Undefined for Get Operation (v3) b2f275be-7d64-4064-b418-be6b431363a7 |
OpenAPI | Low | Networking and Firewall | Query details Documentation |
| Success Response Code Undefined for Head Operation (v2) 4f0b30e3-a498-4dd7-b3f2-f4b6471a8d5a |
OpenAPI | Low | Networking and Firewall | Head should define at least one success response (200 or 202) Documentation |
| Success Response Code Undefined for Head Operation (v3) 3b066059-f411-4554-ac8d-96f32bff90da |
OpenAPI | Low | Networking and Firewall | Query details Documentation |
| Success Response Code Undefined for Patch Operation (v2) f36e87cc-a209-4f37-8571-66833e4aead7 |
OpenAPI | Low | Networking and Firewall | Patch should define at least one success response (200, 201, 202 or 204) Documentation |
| Success Response Code Undefined for Patch Operation (v3) 1908a8ee-927d-4166-8f18-241152170cc1 |
OpenAPI | Low | Networking and Firewall | Query details Documentation |
| Success Response Code Undefined for Post Operation (v2) 9fedee41-2e6d-4091-b011-4a16b4c18c70 |
OpenAPI | Low | Networking and Firewall | Post should define at least one success response (200, 201, 202 or 204) Documentation |
| Success Response Code Undefined for Post Operation (v3) f368dd2d-9344-4146-a05b-7c6faa1269ad |
OpenAPI | Low | Networking and Firewall | Query details Documentation |
| Success Response Code Undefined for Put Operation (v2) 965a043f-5f3c-4d0a-be72-d9ce12fdb4d6 |
OpenAPI | Low | Networking and Firewall | Put should define at least one success response (200, 201, 202 or 204) Documentation |
| Success Response Code Undefined for Put Operation (v3) 60b5f56b-66ff-4e1c-9b62-5753e16825bc |
OpenAPI | Low | Networking and Firewall | Query details Documentation |
| Example Not Compliant With Schema Type (v2) 448db771-06ea-4dee-b48c-1689cbfb4b43 |
OpenAPI | Info | Best Practices | Examples values and fields should be compliant with the schema type Documentation |
| Example Not Compliant With Schema Type (v3) 881a6e71-c2a7-4fe2-b9c3-dfcf08895331 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Header Parameter Named as 'Accept' (v2) 3ddd74cc-6582-486c-8b0c-2b48cb38e0a3 |
OpenAPI | Info | Best Practices | The header Parameter should not be named as 'Accept'. If so, it will be ignored. Documentation |
| Header Parameter Named as 'Accept' (v3) f2702af5-6016-46cb-bbc8-84c766032095 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Header Parameter Named as 'Authorization' (v2) e2e00c97-7171-4fb4-b461-d631df9a711c |
OpenAPI | Info | Best Practices | The header Parameter should not be named as 'Authorization'. If so, it will be ignored. Documentation |
| Header Parameter Named as 'Authorization' (v3) 8c84f75e-5048-4926-a4cb-33e7b3431300 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Header Parameter Named as 'Content-Type' (v2) 51978067-3b22-4c29-aaf3-96bf0bc28897 |
OpenAPI | Info | Best Practices | The header Parameter should not be named as 'Content-Type'. If so, it will be ignored. Documentation |
| Header Parameter Named as 'Content-Type' (v3) 72d259ca-9741-48dd-9f62-eb11f2936b37 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Header Response Name Is Invalid (v2) 86733e01-a435-4bd5-a8b0-5108be9dc1e4 |
OpenAPI | Info | Best Practices | The Header Response should not be named as 'Content-Type', 'Authorization' or 'Accept'. If so, it will be ignored. Documentation |
| Header Response Name Is Invalid (v3) d4e43db5-54d8-4dda-b3c2-0dc6f31a46bd |
OpenAPI | Info | Best Practices | Query details Documentation |
| Invalid Contact Email (v2) d83bebc8-4e5e-4241-b783-cba9fb5a1c9a |
OpenAPI | Info | Best Practices | Contact Object Email should be a valid email Documentation |
| Invalid Contact Email (v3) b1a7fcb0-2afe-4d5c-a6a1-4e6311fc29e7 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Invalid Contact URL (v2) c7000383-16d0-4509-8cd3-585e5ea2e2f2 |
OpenAPI | Info | Best Practices | Contact Object URL should be a valid URL Documentation |
| Invalid Contact URL (v3) 332cf2ad-380d-4b90-b436-46f8e635cf38 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Invalid Global External Documentation URL (v2) 46d3b74d-9fe9-45bf-9e9e-efb7f701ee28 |
OpenAPI | Info | Best Practices | Global External Documentation URL should be a valid URL Documentation |
| Invalid Global External Documentation URL (v3) b2d9dbf6-539c-4374-a1fd-210ddf5563a8 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Invalid License URL (v2) de2b4910-8484-46d6-a055-dc1e793ee3ff |
OpenAPI | Info | Best Practices | License Object URL should be a valid URL Documentation |
| Invalid License URL (v3) 9239c289-9e4c-4d92-8be1-9d506057c971 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Invalid Operation External Documentation URL (v2) 25635c31-ee32-4708-88e5-fced87516f51 |
OpenAPI | Info | Best Practices | Operation External Documentation URL should be a valid URL Documentation |
| Invalid Operation External Documentation URL (v3) 5ea61624-3733-4a3a-8ca4-b96fec9c5aeb |
OpenAPI | Info | Best Practices | Query details Documentation |
| Invalid Schema External Documentation URL (v2) f7fa95b7-d819-484c-9a2b-665dd1bba25e |
OpenAPI | Info | Best Practices | Schema External Documentation URL should be a valid URL Documentation |
| Invalid Schema External Documentation URL (v3) 6952a7e0-6e48-4285-bbc1-27c64e60f888 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Invalid Tag External Documentation URL (v2) b4a7d925-738b-4219-99d9-87d6ee262a03 |
OpenAPI | Info | Best Practices | Tag External Documentation URL should be a valid URL Documentation |
| Invalid Tag External Documentation URL (v3) 5aea1d7e-b834-4749-b143-2c7ec3bd5922 |
OpenAPI | Info | Best Practices | Query details Documentation |
| JSON '$ref' alongside other properties (v2) f34c1c68-4773-4df0-a103-6e2ca32e585f |
OpenAPI | Info | Best Practices | Each field on Open API specification which accepts '$ref', infers that field is using a reference object, which has only '$ref' key Documentation |
| JSON '$ref' alongside other properties (v3) 96beb800-566f-49a9-a0ea-dbdf4bc80429 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Object Using Enum With Keyword (v2) 7f15962a-d862-451c-ac9b-84ec13747aa6 |
OpenAPI | Info | Best Practices | Schema/Parameter/Header Object properties should not contain 'enum' and schema keywords Documentation |
| Object Using Enum With Keyword (v3) 2e9b6612-8f69-42e0-a5b8-ed17739c2f3a |
OpenAPI | Info | Best Practices | Query details Documentation |
| Operation Without Successful HTTP Status Code (v2) a1ee6ebe-3877-42ec-b9a6-e524e7d06aa2 |
OpenAPI | Info | Best Practices | Operation Object should have at least one successful HTTP status code defined Documentation |
| Operation Without Successful HTTP Status Code (v3) 48e9e1fe-cf79-45b5-93e6-8b55ae5dadfd |
OpenAPI | Info | Best Practices | Query details Documentation |
| Path Without Operation (v2) 609cd557-66b4-41fa-8edd-2abc6c7cfd08 |
OpenAPI | Info | Best Practices | Path object should have at least one operation object defined Documentation |
| Path Without Operation (v3) 84c826c9-1893-4b34-8cdd-db97645b4bf3 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Required Property With Default Value (v2) f7ab6c83-ef89-40e1-8a99-32e2599fb665 |
OpenAPI | Info | Best Practices | Required properties receive value from requests, which makes unnecessary declare a default value Documentation |
| Required Property With Default Value (v3) 013bdb4b-9246-4248-b0c3-7fb0fee42a29 |
OpenAPI | Info | Best Practices | Query details Documentation |
| Default Invalid (v2) 78dfd8f0-a6ee-48ec-af8c-e4d9b3292a07 |
OpenAPI | Info | Structure and Semantics | The field 'default' of Schema/Parameter/Header Object should be consistent with the schema's/parameter's/header's type Documentation |
| Default Invalid (v3) a96bbc06-8cde-4295-ad3c-ee343a7f658e |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Items Undefined (v2) 3e4d34d2-36cf-4449-976d-6c256db8fc49 |
OpenAPI | Info | Structure and Semantics | Schema/Parameter items should be defined when the schema/parameter is set to an array. Documentation |
| Items Undefined (v3) a8e859da-4a43-4e7f-94b8-25d6e3bf8e90 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Non-Array Schema With Items (v2) 9d47956b-29cd-43b1-9e6e-b39a4d484353 |
OpenAPI | Info | Structure and Semantics | Non-Array Schema should not have 'items' defined Documentation |
| Non-Array Schema With Items (v3) 20cb3159-b219-496b-8dac-54ae3ab2021a |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| OperationId Not Unique (v2) 21245007-91c4-40e5-964e-40c85d1e5aa6 |
OpenAPI | Info | Structure and Semantics | OperationId should be unique when defined Documentation |
| OperationId Not Unique (v3) c254adc4-ef25-46e1-8270-b7944adb4198 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Parameter Objects Headers With Duplicated Name (v2) bd2cbef5-62c4-40f1-af07-4b7f9ced6616 |
OpenAPI | Info | Structure and Semantics | Parameter Objects should not have duplicate names for 'header' location, since HTTP headers are not case sensitive. Documentation |
| Parameter Objects Headers With Duplicated Name (v3) 05505192-ba2c-4a81-9b25-dcdbcc973746 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Parameters Name In Combination Not Unique (v2) ab871897-ec02-4835-9818-702536ee1dda |
OpenAPI | Info | Structure and Semantics | Parameters properties 'name' and 'in' should have unique combinations Documentation |
| Parameters Name In Combination Not Unique (v3) f5b2e6af-76f5-496d-8482-8f898c5fdb4a |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Path Is Ambiguous (v2) b2468463-3ac4-4930-890c-f35b2bf4485d |
OpenAPI | Info | Structure and Semantics | All path should be unique, if has more than one operation, all operations should be part of same Path Object Documentation |
| Path Is Ambiguous (v3) 237402e2-c2f0-46c9-9cf5-286160cf7bfc |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Path Parameter Not Required (v2) ccd0613f-cb77-4684-a892-183bd2674d12 |
OpenAPI | Info | Structure and Semantics | The property 'required' determines whether the parameter is mandatory. If the parameter location is 'path', this property is required and its value must be true. Documentation |
| Path Parameter Not Required (v3) 0de50145-e845-47f4-9a15-23bcf2125710 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Path Parameter With No Corresponding Template Path (v2) 194ef1f8-360e-4c14-8ed2-e83e2bafa142 |
OpenAPI | Info | Structure and Semantics | The path parameter must have a corresponding template path for a given operation Documentation |
| Path Parameter With No Corresponding Template Path (v3) 69d7aefd-149d-47b8-8d89-1c2181a8067b |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Path Template is Empty (v2) c201b7ad-6173-4598-a407-5edb04a1bcd7 |
OpenAPI | Info | Structure and Semantics | All path templates should not be empty Documentation |
| Path Template is Empty (v3) ae13a37d-943b-47a7-a970-83c8598bcca3 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Paths Object is Empty (v2) 3e6c7b1c-8a8d-43ab-98b9-65159f44db4a |
OpenAPI | Info | Structure and Semantics | Paths object may be empty due to ACL constraints, meaning they are not exposed Documentation |
| Paths Object is Empty (v3) 815021c8-a50c-46d9-b192-24f71072c400 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Properties Missing Required Property (v2) 71beb6ab-8b70-4816-a9ac-a0ff1fb22a62 |
OpenAPI | Info | Structure and Semantics | Schema Object should have all required properties defined Documentation |
| Properties Missing Required Property (v3) 3fb03214-25d4-4bd4-867c-c2d8d708a483 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Property 'allowEmptyValue' Improperly Defined (v2) 0bc1477d-0922-478b-ae16-674a7634a1a8 |
OpenAPI | Info | Structure and Semantics | Property 'allowEmptyValue' should be only defined for query parameters and formData parameters Documentation |
| Property 'allowEmptyValue' Improperly Defined (v3) 4bcbcd52-3028-469f-bc14-02c7dbba2df2 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Property Defining Minimum Greater Than Maximum (v2) b5102ea9-6527-4bb7-94fc-9b4076150e55 |
OpenAPI | Info | Structure and Semantics | Property defining minimum has greater value than maximum defined Documentation |
| Property Defining Minimum Greater Than Maximum (v3) ab2af219-cd08-4233-b5a1-a788aac88b51 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Responses Object Is Empty (v2) 6172e7ab-d2b7-45f8-a7db-1603931d8ba3 |
OpenAPI | Info | Structure and Semantics | Responses Object should not be empty Documentation |
| Responses Object Is Empty (v3) 990eaf09-d6f1-4c3c-b174-a517b1de8917 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Responses With Wrong HTTP Status Code (v2) 069a5378-2091-43f0-aa3b-ee8f20996e99 |
OpenAPI | Info | Structure and Semantics | HTTP Responses status code should be in range of [200-599] Documentation |
| Responses With Wrong HTTP Status Code (v3) d86655c0-92f6-4ffc-b4d5-5b5775804c27 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema Discriminator Mismatch Defined Properties (v2) addc0eab-27f6-4c26-8526-d2ccd3732662 |
OpenAPI | Info | Structure and Semantics | Schema discriminator values should match defined properties. Documentation |
| Schema Discriminator Mismatch Defined Properties (v3) 40d3df21-c170-4dbe-9c02-4289b51f994f |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema Discriminator Not Required (v2) be6a3722-af60-438c-b1b9-2a03e2958ab7 |
OpenAPI | Info | Structure and Semantics | The discriminator property in the Schema Object should be a required property Documentation |
| Schema Discriminator Not Required (v3) b481d46c-9c61-480f-86d9-af07146dc4a4 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema Discriminator Property Not String (v2) 949376f1-f560-4c6d-a016-63424ca931bb |
OpenAPI | Info | Structure and Semantics | Schema discriminator property should be a string Documentation |
| Schema Discriminator Property Not String (v3) dadc2f36-1f5a-46c0-8289-75e626583123 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema Enum Invalid (v2) 8fe6d18a-ad4c-4397-8884-e3a9da57f4c9 |
OpenAPI | Info | Structure and Semantics | The field 'enum' of Schema Object should be consistent with the schema's type Documentation |
| Schema Enum Invalid (v3) 03856cb2-e46c-4daf-bfbf-214ec93c882b |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema Has A Required Property Undefined (v2) 811762c8-2e99-4f70-88f9-a63875a953b1 |
OpenAPI | Info | Structure and Semantics | Schema Object should not be have a required property that is not defined on properties Documentation |
| Schema Has A Required Property Undefined (v3) 2bd608ae-8a1f-457f-b710-c237883cb313 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema Object Properties With Duplicated Keys (v2) ded017bf-fb13-4f8d-868b-84aebcc572ad |
OpenAPI | Info | Structure and Semantics | Schema Object Property key should be unique through out the fields 'properties', 'allOf', 'additionalProperties' Documentation |
| Schema Object Properties With Duplicated Keys (v3) 10c61e4b-eed5-49cf-9c7d-d4bf02e9edfa |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Schema Object With Circular Ref (v2) cbff2508-85c9-4448-a8b3-770070edf5ca |
OpenAPI | Info | Structure and Semantics | Schema Object should not reference it self in 'allOf', 'oneOf', 'anyOf' and 'not' properties Documentation |
| Schema Object With Circular Ref (v3) 1a1aea94-745b-40a7-b860-0702ea6ee636 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Template Path With No Corresponding Path Parameter (v2) e7656d8d-7288-4bbe-b07b-22b389be75ce |
OpenAPI | Info | Structure and Semantics | The template path must have a corresponding path parameter for a given operation Documentation |
| Template Path With No Corresponding Path Parameter (v3) 561710b1-b845-4562-95ce-2397a05ccef4 |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Type Has Invalid Keyword (v2) 492c6cbb-f3f8-4807-aa4f-42b8b1c46b59 |
OpenAPI | Info | Structure and Semantics | Schema/Parameter/Header Object define type should not use a keyword of another type Documentation |
| Type Has Invalid Keyword (v3) a9228976-10cf-4b5f-b902-9e962aad037a |
OpenAPI | Info | Structure and Semantics | Query details Documentation |
| Amazon DMS Replication Instance Is Publicly Accessible bccb296f-362c-4b05-9221-86d1437a1016 |
Pulumi | Critical | Access Control | Query details Documentation |
| DynamoDB Table Not Encrypted b6a7e0ae-aed8-4a19-a993-a95760bf8836 |
Pulumi | High | Encryption | Query details Documentation |
| ElastiCache Nodes Not Created Across Multi AZ 9b18fc19-7fb8-49b1-8452-9c757c70f926 |
Pulumi | Medium | Availability | Query details Documentation |
| ElastiCache Redis Cluster Without Backup e93bbe63-a631-4c0f-b6ef-700d48441ff2 |
Pulumi | Medium | Backup | Query details Documentation |
| API Gateway Without SSL Certificate f27791a5-e2ae-4905-8910-6f995c576d09 |
Pulumi | Medium | Insecure Configurations | Query details Documentation |
| RDS DB Instance Publicly Accessible 647de8aa-5a42-41b5-9faf-22136f117380 |
Pulumi | Medium | Insecure Configurations | Query details Documentation |
| Elasticsearch with HTTPS disabled 00603add-7f72-448f-a6c0-9e456a7a3f94 |
Pulumi | Medium | Networking and Firewall | Query details Documentation |
| API Gateway Access Logging Disabled bf4b48b9-fc1f-4552-984a-4becdb5bf503 |
Pulumi | Medium | Observability | Query details Documentation |
| DocDB Logging Is Disabled 2ca87964-fe7e-4cdc-899c-427f0f3525f8 |
Pulumi | Medium | Observability | Query details Documentation |
| EC2 Instance Monitoring Disabled daa581ef-731c-4121-832d-cf078f67759d |
Pulumi | Medium | Observability | Query details Documentation |
| Elasticsearch Logs Disabled a1120ee4-a712-42d9-8fb5-22595fed643b |
Pulumi | Medium | Observability | Query details Documentation |
| IAM Password Without Minimum Length 9850d621-7485-44f7-8bdd-b3cf426315cf |
Pulumi | Low | Best Practices | Query details Documentation |
| ECS Cluster with Container Insights Disabled abcefee4-a0c1-4245-9f82-a473f79a9e2f |
Pulumi | Low | Observability | Query details Documentation |
| DynamoDB Table Point In Time Recovery Disabled 327b0729-4c5c-4c44-8b5c-e476cd9c7290 |
Pulumi | Info | Best Practices | Query details Documentation |
| EC2 Not EBS Optimized d991e4ae-42ab-429b-ab43-d5e5fa9ca633 |
Pulumi | Info | Best Practices | Query details Documentation |
| Storage Account Not Forcing HTTPS cb8e4bf0-903d-45c6-a278-9a947d82a27b |
Pulumi | Medium | Encryption | Query details Documentation |
| Redis Cache Allows Non SSL Connections 49e30ac8-f58e-4222-b488-3dcb90158ec1 |
Pulumi | Medium | Insecure Configurations | Query details Documentation |
| Google Compute SSL Policy Weak Cipher In Use 965e8830-2bec-4b9b-a7f0-24dbc200a68f |
Pulumi | Medium | Encryption | Query details Documentation |
| Cloud Storage Bucket Logging Not Enabled 48f7e44d-d1d1-44c2-b336-9f11b65c4fb0 |
Pulumi | Medium | Observability | Query details Documentation |
| PSP Set To Privileged ee305555-6b1d-4055-94cf-e22131143c34 |
Pulumi | High | Insecure Configurations | Query details Documentation |
| Missing App Armor Config 95588189-1abd-4df1-9588-b0a5034f9e87 |
Pulumi | Medium | Access Control | Query details Documentation |
| Serverless Role With Full Privileges 59ebb4f3-2a6c-46dc-b4f0-cc5418dcddcd |
ServerlessFW | High | Access Control | Query details Documentation |
| Serverless Function Without Unique IAM Role 165aae3b-a56a-48f3-b76d-d2b5083f5b8f |
ServerlessFW | High | Insecure Configurations | Query details Documentation |
| Serverless Function Environment Variables Not Encrypted 4495bc5d-4d1e-4a26-ae92-152d18195648 |
ServerlessFW | Medium | Encryption | Query details Documentation |
| Serverless API Endpoint Config Not Private 4d424558-c6d1-453c-be98-9a7f877abd9a |
ServerlessFW | Medium | Networking and Firewall | Query details Documentation |
| Serverless API Access Logging Setting Undefined a4d32883-aac7-42e1-b403-9415af0f3846 |
ServerlessFW | Medium | Observability | Query details Documentation |
| Serverless API X-Ray Tracing Disabled 434945e5-4dfd-41b1-aba1-47075ccd9265 |
ServerlessFW | Medium | Observability | Query details Documentation |
| Serverless API Without Content Encoding d5d1fe08-89db-440c-8725-b93223387309 |
ServerlessFW | Low | Encryption | Query details Documentation |
| Serverless Function Without Dead Letter Queue dec7bc85-d156-4f64-9a33-96ed3d9f3fed |
ServerlessFW | Low | Insecure Configurations | Query details Documentation |
| Serverless Function Without Tags f99d3482-fa8c-4f79-bad9-35212dded164 |
ServerlessFW | Low | Insecure Configurations | Query details Documentation |
| Serverless Function Without X-Ray Tracing 0d7ef70f-e176-44e6-bdba-add3e429788d |
ServerlessFW | Low | Observability | Query details Documentation |
| OSS Bucket Allows All Actions From All Principals ec62a32c-a297-41ca-a850-cab40b42094a |
Terraform | Critical | Access Control | Query details Documentation |
| OSS Bucket Allows Delete Action From All Principals 8c0695d8-2378-4cd6-8243-7fd5894fa574 |
Terraform | Critical | Access Control | Query details Documentation |
| OSS Bucket Allows Put Action From All Principals fe286195-e75c-4359-bd58-00847c4f855a |
Terraform | Critical | Access Control | Query details Documentation |
| RDS DB Instance Publicly Accessible faaefc15-51a5-419e-bb5e-51a4b5ab3485 |
Terraform | Critical | Insecure Configurations | Query details Documentation |
| OSS Bucket Allows List Action From All Principals 88541597-6f88-42c8-bac6-7e0b855e8ff6 |
Terraform | High | Access Control | Query details Documentation |
| OSS Bucket Public Access Enabled 62232513-b16f-4010-83d7-51d0e1d45426 |
Terraform | High | Access Control | Query details Documentation |
| Ecs Data Disk Kms Key Id Undefined f262118c-1ac6-4bb3-8495-cc48f1775b85 |
Terraform | High | Encryption | Query details Documentation |
| Launch Template Is Not Encrypted 1455cb21-1d48-46d6-8ae3-cef911b71fd5 |
Terraform | High | Encryption | Query details Documentation |
| NAS File System Not Encrypted 67bfdff1-31ce-4525-b564-e94368735360 |
Terraform | High | Encryption | Query details Documentation |
| NAS File System Without KMS 5f670f9d-b1b4-4c90-8618-2288f1ab9676 |
Terraform | High | Encryption | Query details Documentation |
| RDS Instance TDE Status Disabled 44d434ca-a9bf-4203-8828-4c81a8d5a598 |
Terraform | High | Encryption | Query details Documentation |
| OSS Bucket Has Static Website 2b13c6ff-b87a-484d-86fd-21ef6e97d426 |
Terraform | High | Insecure Configurations | Query details Documentation |
| OSS Bucket Ip Restriction Disabled 6107c530-7178-464a-88bc-df9cdd364ac8 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Public Security Group Rule All Ports or Protocols 60587dbd-6b67-432e-90f7-a8cf1892d968 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Public Security Group Rule Sensitive Port 2ae9d554-23fb-4065-bfd1-fe43d5f7c419 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Public Security Group Rule Unknown Port dd706080-b7a8-47dc-81fb-3e8184430ec0 |
Terraform | High | Networking and Firewall | Query details Documentation |
| ActionTrail Trail OSS Bucket is Publicly Accessible 69b5d7da-a5db-4db9-a42e-90b65d0efb0b |
Terraform | High | Observability | Query details Documentation |
| Ram Policy Admin Access Not Attached to Users Groups Roles e8e62026-da63-4904-b402-65adfe3ca975 |
Terraform | Medium | Access Control | Query details Documentation |
| Ram Policy Attached to User 66505003-7aba-45a1-8d83-5162d5706ef5 |
Terraform | Medium | Access Control | Query details Documentation |
| CMK Is Unusable ed6e3ba0-278f-47b6-a1f5-173576b40b7e |
Terraform | Medium | Availability | Query details Documentation |
| OSS Bucket Versioning Disabled 70919c0b-2548-4e6b-8d7a-3d84ab6dabba |
Terraform | Medium | Backup | Query details Documentation |
| ROS Stack Retention Disabled 4bb06fa1-2114-4a00-b7b5-6aeab8b896f0 |
Terraform | Medium | Backup | Query details Documentation |
| ROS Stack Without Template 92d65c51-5d82-4507-a2a1-d252e9706855 |
Terraform | Medium | Build Process | Query details Documentation |
| Disk Encryption Disabled 39750e32-3fe9-453b-8c33-dd277acdb2cc |
Terraform | Medium | Encryption | Query details Documentation |
| OSS Bucket Encryption Using CMK Disabled f20e97f9-4919-43f1-9be9-f203cd339cdd |
Terraform | Medium | Encryption | Query details Documentation |
| SLB Policy With Insecure TLS Version In Use dbfc834a-56e5-4750-b5da-73fda8e73f70 |
Terraform | Medium | Encryption | Query details Documentation |
| CS Kubernetes Node Pool Auto Repair Disabled 81ce9394-013d-4731-8fcc-9d229b474073 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| RDS DB Instance Publicly Accessible 1b4565c0-4877-49ac-ab03-adebbccd42ae |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| ALB Listening on HTTP ee3b1557-9fb5-4685-a95d-93f1edf2a0d7 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| API Gateway API Protocol Not HTTPS 1bcdf9f0-b1aa-40a4-b8c6-cd7785836843 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| OSS Buckets Secure Transport Disabled c01d10de-c468-4790-b3a0-fc887a56f289 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| RDS Instance SSL Action Disabled 7a1ee8a9-71be-4b11-bb70-efb62d16863b |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Action Trail Logging For All Regions Disabled c065b98e-1515-4991-9dca-b602bd6a2fbb |
Terraform | Medium | Observability | Query details Documentation |
| OSS Bucket Logging Disabled 05db341e-de7d-4972-a106-3e2bd5ee53e1 |
Terraform | Medium | Observability | Query details Documentation |
| RDS Instance Events Not Logged b9c524a4-fe76-4021-a6a2-cb978fb4fde1 |
Terraform | Medium | Observability | Query details Documentation |
| RDS Instance Log Connections Disabled 140869ea-25f2-40d4-a595-0c0da135114e |
Terraform | Medium | Observability | Query details Documentation |
| RDS Instance Log Disconnections Disabled d53f4123-f8d8-4224-8cb3-f920b151cc98 |
Terraform | Medium | Observability | Query details Documentation |
| RDS Instance Log Duration Disabled a597e05a-c065-44e7-9cc8-742f572a504a |
Terraform | Medium | Observability | Query details Documentation |
| VPC Flow Logs Disabled d2731f3d-a992-44ed-812e-f4f1c2747d71 |
Terraform | Medium | Observability | Query details Documentation |
| No ROS Stack Policy 72ceb736-0aee-43ea-a191-3a69ab135681 |
Terraform | Medium | Resource Management | Query details Documentation |
| High KMS Key Rotation Period cb319d87-b90f-485e-a7e7-f2408380f309 |
Terraform | Medium | Secret Management | Query details Documentation |
| Ram Account Password Policy Max Login Attempts Unrecommended e76fd7ab-7333-40c6-a2d8-ea28af4a319e |
Terraform | Medium | Secret Management | Query details Documentation |
| Ram Account Password Policy Max Password Age Unrecommended 2bb13841-7575-439e-8e0a-cccd9ede2fa8 |
Terraform | Medium | Secret Management | Query details Documentation |
| RAM Account Password Policy without Reuse Prevention a8128dd2-89b0-464b-98e9-5d629041dfe0 |
Terraform | Medium | Secret Management | Query details Documentation |
| RAM Security Preference Not Enforce MFA Login dcda2d32-e482-43ee-a926-75eaabeaa4e0 |
Terraform | Low | Access Control | Query details Documentation |
| OSS Bucket Transfer Acceleration Disabled 8f98334a-99aa-4d85-b72a-1399ca010413 |
Terraform | Low | Availability | Query details Documentation |
| OSS Bucket Lifecycle Rule Disabled 7db8bd7e-9772-478c-9ec5-4bc202c5686f |
Terraform | Low | Backup | Query details Documentation |
| Kubernetes Cluster Without Terway as CNI Network Plugin b9b7ada8-3868-4a35-854e-6100a2bb863d |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Log Retention Is Not Greater Than 90 Days ed6cf6ff-9a1f-491c-9f88-e03c0807f390 |
Terraform | Low | Observability | Query details Documentation |
| RDS Instance Retention Period Not Recommended dc158941-28ce-481d-a7fa-dc80761edf46 |
Terraform | Low | Observability | Query details Documentation |
| ROS Stack Notifications Disabled 9ef08939-ea40-489c-8851-667870b2ef50 |
Terraform | Low | Observability | Query details Documentation |
| Ram Account Password Policy Not Require At Least one Lowercase Character 89143358-cec6-49f5-9392-920c591c669c |
Terraform | Low | Secret Management | Query details Documentation |
| RAM Account Password Policy Not Require at Least one Uppercase Character 5e0fb613-ba9b-44c3-88f0-b44188466bfd |
Terraform | Low | Secret Management | Query details Documentation |
| Ram Account Password Policy Not Required Minimum Length a9dfec39-a740-4105-bbd6-721ba163c053 |
Terraform | Low | Secret Management | Query details Documentation |
| Ram Account Password Policy Not Required Numbers 063234c0-91c0-4ab5-bbd0-47ddb5f23786 |
Terraform | Low | Secret Management | Query details Documentation |
| RAM Account Password Policy Not Required Symbols 41a38329-d81b-4be4-aef4-55b2615d3282 |
Terraform | Low | Secret Management | Query details Documentation |
| Amazon DMS Replication Instance Is Publicly Accessible 030d3b18-1821-45b4-9e08-50efbe7becbb |
Terraform | Critical | Access Control | Query details Documentation |
| ECR Repository Is Publicly Accessible e86e26fc-489e-44f0-9bcd-97305e4ba69a |
Terraform | Critical | Access Control | Query details Documentation |
| S3 Bucket Access to Any Principal 7af43613-6bb9-4a0e-8c4d-1314b799425e |
Terraform | Critical | Access Control | Query details Documentation |
| S3 Bucket ACL Allows Read Or Write to All Users 38c5ee0d-7f22-4260-ab72-5073048df100 |
Terraform | Critical | Access Control | Query details Documentation |
| S3 Bucket ACL Grants WRITE_ACP Permission 64a222aa-7793-4e40-915f-4b302c76e4d4 |
Terraform | Critical | Access Control | Query details Documentation |
| S3 Bucket Allows Delete Action From All Principals ffdf4b37-7703-4dfe-a682-9d2e99bc6c09 |
Terraform | Critical | Access Control | Query details Documentation |
| S3 Bucket Allows Put Action From All Principals d24c0755-c028-44b1-b503-8e719c898832 |
Terraform | Critical | Access Control | Query details Documentation |
| S3 Bucket With All Permissions a4966c4f-9141-48b8-a564-ffe9959945bc |
Terraform | Critical | Access Control | Query details Documentation |
| SNS Topic is Publicly Accessible b26d2b7e-60f6-413d-a3a1-a57db24aa2b3 |
Terraform | Critical | Access Control | Query details Documentation |
| RDS DB Instance Publicly Accessible 35113e6f-2c6b-414d-beec-7a9482d3b2d1 |
Terraform | Critical | Insecure Configurations | Query details Documentation |
| DB Security Group With Public Scope 1e0ef61b-ad85-4518-a3d3-85eaad164885 |
Terraform | Critical | Networking and Firewall | Query details Documentation |
| RDS Associated with Public Subnet 2f737336-b18a-4602-8ea0-b200312e1ac1 |
Terraform | Critical | Networking and Firewall | Query details Documentation |
| CloudWatch Unauthorized Access Alarm Missing 4c18a45b-4ab1-4790-9f83-399ac695f1e5 |
Terraform | Critical | Observability | Query details Documentation |
| Cross-Account IAM Assume Role Policy Without ExternalId or MFA 09c35abf-5852-4622-ac7a-b987b331232e |
Terraform | High | Access Control | Query details Documentation |
| ECS Service Admin Role Is Present 3206240f-2e87-4e58-8d24-3e19e7c83d7c |
Terraform | High | Access Control | Query details Documentation |
| IAM Policy Grants Full Permissions 575a2155-6af1-4026-b1af-d5bc8fe2a904 |
Terraform | High | Access Control | Query details Documentation |
| IAM Role With Full Privileges b1ffa705-19a3-4b73-b9d0-0c97d0663842 |
Terraform | High | Access Control | Query details Documentation |
| Lambda With Vulnerable Policy ad9dabc7-7839-4bae-a957-aa9120013f39 |
Terraform | High | Access Control | Query details Documentation |
| MSK Broker Is Publicly Accessible 54378d69-dd7c-4b08-a43e-80d563396857 |
Terraform | High | Access Control | Query details Documentation |
| Neptune Cluster Instance is Publicly Accessible 9ba198e0-fef4-464a-8a4d-75ea55300de7 |
Terraform | High | Access Control | Query details Documentation |
| Neptune Cluster With IAM Database Authentication Disabled c91d7ea0-d4d1-403b-8fe1-c9961ac082c5 |
Terraform | High | Access Control | Query details Documentation |
| S3 Bucket ACL Allows Read to Any Authenticated User 57b9893d-33b1-4419-bcea-a717ea87e139 |
Terraform | High | Access Control | Query details Documentation |
| S3 Bucket Allows Get Action From All Principals 1df37f4b-7197-45ce-83f8-9994d2fcf885 |
Terraform | High | Access Control | Query details Documentation |
| S3 Bucket Allows List Action From All Principals 66c6f96f-2d9e-417e-a998-9058aeeecd44 |
Terraform | High | Access Control | Query details Documentation |
| S3 Bucket Allows Public Policy 1a4bc881-9f69-4d44-8c9a-d37d08f54c50 |
Terraform | High | Access Control | Query details Documentation |
| S3 Bucket Public ACL Overridden By Public Access Block bf878b1a-7418-4de3-b13c-3a86cf894920 |
Terraform | High | Access Control | Query details Documentation |
| Secrets Manager With Vulnerable Policy fa00ce45-386d-4718-8392-fb485e1f3c5b |
Terraform | High | Access Control | Query details Documentation |
| SES Policy With Allowed IAM Actions 34b921bd-90a0-402e-a0a5-dc73371fd963 |
Terraform | High | Access Control | Query details Documentation |
| SQS Policy Allows All Actions 816ea8cf-d589-442d-a917-2dd0ce0e45e3 |
Terraform | High | Access Control | Query details Documentation |
| SQS Queue Exposed abb06e5f-ef9a-4a99-98c6-376d396bfcdf |
Terraform | High | Access Control | Query details Documentation |
| AmazonMQ Broker Encryption Disabled 3db3f534-e3a3-487f-88c7-0a9fbf64b702 |
Terraform | High | Encryption | Query details Documentation |
| API Gateway Method Settings Cache Not Encrypted b7c9a40c-23e4-4a2d-8d39-a3352f10f288 |
Terraform | High | Encryption | Query details Documentation |
| Athena Database Not Encrypted b2315cae-b110-4426-81e0-80bb8640cdd3 |
Terraform | High | Encryption | Query details Documentation |
| Athena Workgroup Not Encrypted d364984a-a222-4b5f-a8b0-e23ab19ebff3 |
Terraform | High | Encryption | Query details Documentation |
| Aurora With Disabled at Rest Encryption 1a690d1d-0ae7-49fa-b2db-b75ae0dd1d3e |
Terraform | High | Encryption | Query details Documentation |
| Config Rule For Encrypted Volumes Disabled abdb29d4-5ca1-4e91-800b-b3569bbd788c |
Terraform | High | Encryption | Query details Documentation |
| DAX Cluster Not Encrypted f11aec39-858f-4b6f-b946-0a1bf46c0c87 |
Terraform | High | Encryption | Query details Documentation |
| DB Instance Storage Not Encrypted 08bd0760-8752-44e1-9779-7bb369b2b4e4 |
Terraform | High | Encryption | Query details Documentation |
| DOCDB Cluster Not Encrypted bc1f9009-84a0-490f-ae09-3e0ea6d74ad6 |
Terraform | High | Encryption | Query details Documentation |
| DOCDB Cluster Without KMS 4766d3ea-241c-4ee6-93ff-c380c996bd1a |
Terraform | High | Encryption | Query details Documentation |
| DynamoDB Table Not Encrypted ce089fd4-1406-47bd-8aad-c259772bb294 |
Terraform | High | Encryption | Query details Documentation |
| EBS Default Encryption Disabled 3d3f6270-546b-443c-adb4-bb6fb2187ca6 |
Terraform | High | Encryption | Query details Documentation |
| EBS Volume Encryption Disabled cc997676-481b-4e93-aa81-d19f8c5e9b12 |
Terraform | High | Encryption | Query details Documentation |
| EBS Volume Snapshot Not Encrypted e6b4b943-6883-47a9-9739-7ada9568f8ca |
Terraform | High | Encryption | Query details Documentation |
| ECS Task Definition Volume Not Encrypted 4d46ff3b-7160-41d1-a310-71d6d370b08f |
Terraform | High | Encryption | Query details Documentation |
| EFS Not Encrypted 48207659-729f-4b5c-9402-f884257d794f |
Terraform | High | Encryption | Query details Documentation |
| EKS Cluster Encryption Disabled 63ebcb19-2739-4d3f-aa5c-e8bbb9b85281 |
Terraform | High | Encryption | Query details Documentation |
| ElastiCache Replication Group Not Encrypted At Rest 76976de7-c7b1-4f64-a94f-90c1345914c2 |
Terraform | High | Encryption | Query details Documentation |
| ElasticSearch Encryption With KMS Disabled 7af2f4a3-00d9-47f3-8d15-ca0888f4e5b2 |
Terraform | High | Encryption | Query details Documentation |
| ElasticSearch Not Encrypted At Rest 24e16922-4330-4e9d-be8a-caa90299466a |
Terraform | High | Encryption | Query details Documentation |
| ELB Using Weak Ciphers 4a800e14-c94a-442d-9067-5a2e9f6c0a4c |
Terraform | High | Encryption | Query details Documentation |
| Glue Data Catalog Encryption Disabled 01d50b14-e933-4c99-b314-6d08cd37ad35 |
Terraform | High | Encryption | Query details Documentation |
| Glue Security Configuration Encryption Disabled ad5b4e97-2850-4adf-be17-1d293e0b85ee |
Terraform | High | Encryption | Query details Documentation |
| Kinesis Not Encrypted With KMS 862fe4bf-3eec-4767-a517-40f378886b88 |
Terraform | High | Encryption | Query details Documentation |
| Kinesis SSE Not Configured 5c6dd5e7-1fe0-4cae-8f81-4c122717cef3 |
Terraform | High | Encryption | Query details Documentation |
| Launch Configuration Is Not Encrypted 4de9de27-254e-424f-bd70-4c1e95790838 |
Terraform | High | Encryption | Query details Documentation |
| MSK Cluster Encryption Disabled 6db52fa6-d4da-4608-908a-89f0c59e743e |
Terraform | High | Encryption | Query details Documentation |
| Neptune Database Cluster Encryption Disabled 98d59056-f745-4ef5-8613-32bca8d40b7e |
Terraform | High | Encryption | Query details Documentation |
| RDS Database Cluster not Encrypted 656880aa-1388-488f-a6d4-8f73c23149b2 |
Terraform | High | Encryption | Query details Documentation |
| RDS Storage Not Encrypted 3199c26c-7871-4cb3-99c2-10a59244ce7f |
Terraform | High | Encryption | Query details Documentation |
| Redis Not Compliant 254c932d-e3bf-44b2-bc9d-eb5fdb09f8d4 |
Terraform | High | Encryption | Query details Documentation |
| Redshift Not Encrypted cfdcabb0-fc06-427c-865b-c59f13e898ce |
Terraform | High | Encryption | Query details Documentation |
| S3 Bucket Object Not Encrypted 5fb49a69-8d46-4495-a2f8-9c8c622b2b6e |
Terraform | High | Encryption | Query details Documentation |
| Sagemaker Endpoint Configuration Encryption Disabled 58b35504-0287-4154-bf69-02c0573deab8 |
Terraform | High | Encryption | Query details Documentation |
| Sagemaker Notebook Instance Without KMS f3674e0c-f6be-43fa-b71c-bf346d1aed99 |
Terraform | High | Encryption | Query details Documentation |
| SNS Topic Not Encrypted 28545147-2fc6-42d5-a1f9-cf226658e591 |
Terraform | High | Encryption | Query details Documentation |
| User Data Contains Encoded Private Key 443488f5-c734-460b-a36d-5b3f330174dc |
Terraform | High | Encryption | Query details Documentation |
| Workspaces Workspace Volume Not Encrypted b9033580-6886-401a-8631-5f19f5bb24c7 |
Terraform | High | Encryption | Query details Documentation |
| Batch Job Definition With Privileged Container Properties 66cd88ac-9ddf-424a-b77e-e55e17630bee |
Terraform | High | Insecure Configurations | Query details Documentation |
| DB Security Group Has Public Interface f0d8781f-99bf-4958-9917-d39283b168a0 |
Terraform | High | Insecure Configurations | Query details Documentation |
| KMS Key With Vulnerable Policy 7ebc9038-0bde-479a-acc4-6ed7b6758899 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Lambda Function With Privileged Role 1b3af2f9-af8c-4dfc-a0f1-a03adb70deb2 |
Terraform | High | Insecure Configurations | Query details Documentation |
| MQ Broker Is Publicly Accessible 4eb5f791-c861-4afd-9f94-f2a6a3fe49cb |
Terraform | High | Insecure Configurations | Query details Documentation |
| Redshift Publicly Accessible af173fde-95ea-4584-b904-bb3923ac4bda |
Terraform | High | Insecure Configurations | Query details Documentation |
| Root Account Has Active Access Keys 970d224d-b42a-416b-81f9-8f4dfe70c4bc |
Terraform | High | Insecure Configurations | Query details Documentation |
| S3 Static Website Host Enabled 42bb6b7f-6d54-4428-b707-666f669d94fb |
Terraform | High | Insecure Configurations | Query details Documentation |
| DB Security Group Open To Large Scope 4f615f3e-fb9c-4fad-8b70-2e9f781806ce |
Terraform | High | Networking and Firewall | Query details Documentation |
| Default Security Groups With Unrestricted Traffic 46883ce1-dc3e-4b17-9195-c6a601624c73 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Network ACL With Unrestricted Access To RDP a20be318-cac7-457b-911d-04cc6e812c25 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Remote Desktop Port Open To Internet 151187cb-0efc-481c-babd-ad24e3c9bc22 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Route53 Record Undefined 25db74bf-fa3b-44da-934e-8c3e005c0453 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Sensitive Port Is Exposed To Entire Network 381c3f2a-ef6f-4eff-99f7-b169cda3422c |
Terraform | High | Networking and Firewall | Query details Documentation |
| Unknown Port Exposed To Internet 590d878b-abdc-428f-895a-e2b68a0e1998 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Unrestricted Security Group Ingress 4728cd65-a20c-49da-8b31-9c08b423e4db |
Terraform | High | Networking and Firewall | Query details Documentation |
| VPC Default Security Group Accepts All Traffic 9a4ef195-74b9-4c58-b8ed-2b2fe4353a75 |
Terraform | High | Networking and Firewall | Query details Documentation |
| VPC Peering Route Table with Unrestricted CIDR b3a41501-f712-4c4f-81e5-db9a7dc0e34e |
Terraform | High | Networking and Firewall | Query details Documentation |
| CloudTrail Log Files S3 Bucket is Publicly Accessible bd0088a5-c133-4b20-b129-ec9968b16ef3 |
Terraform | High | Observability | Query details Documentation |
| Hardcoded AWS Access Key d7b9d850-3e06-4a75-852f-c46c2e92240b |
Terraform | High | Secret Management | Query details Documentation |
| Hardcoded AWS Access Key In Lambda 1402afd8-a95c-4e84-8b0b-6fb43758e6ce |
Terraform | High | Secret Management | Query details Documentation |
| AMI Shared With Multiple Accounts ba4e0031-3e9d-4d7d-b0d6-bd8f003f8698 |
Terraform | Medium | Access Control | Query details Documentation |
| API Gateway Method Does Not Contains An API Key 671211c5-5d2a-4e97-8867-30fc28b02216 |
Terraform | Medium | Access Control | Query details Documentation |
| API Gateway Without Configured Authorizer 0a96ce49-4163-4ee6-8169-eb3b0797d694 |
Terraform | Medium | Access Control | Query details Documentation |
| Certificate Has Expired c3831315-5ae6-4fa8-b458-3d4d5ab7a3f6 |
Terraform | Medium | Access Control | Query details Documentation |
| EC2 Instance Using Default Security Group f1adc521-f79a-4d71-b55b-a68294687432 |
Terraform | Medium | Access Control | Query details Documentation |
| EFS With Vulnerable Policy fae52418-bb8b-4ac2-b287-0b9082d6a3fd |
Terraform | Medium | Access Control | Query details Documentation |
| Elasticsearch Domain With Vulnerable Policy 16c4216a-50d3-4785-bfb2-4adb5144a8ba |
Terraform | Medium | Access Control | Query details Documentation |
| Elasticsearch Without IAM Authentication e7530c3c-b7cf-4149-8db9-d037a0b5268e |
Terraform | Medium | Access Control | Query details Documentation |
| Glue With Vulnerable Policy d25edb51-07fb-4a73-97d4-41cecdc53a22 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'cloudformation:CreateStack' And 'iam:PassRole' 9b0ffadc-a61f-4c2a-b1e6-68fab60f6267 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'ec2:RunInstances' And 'iam:PassRole' 15e6ad8c-f420-49a6-bafb-074f5eb1ec74 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'glue:CreateDevEndpoint' And 'iam:PassRole' 7d544dad-8a6c-431c-84c1-5f07fe9afc0e |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'glue:UpdateDevEndpoint' 8f3c16b3-354d-45db-8ad5-5066778a9485 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:AddUserToGroup' 970ed7a2-0aca-4425-acf1-0453c9ecbca1 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:AttachGroupPolicy' 70b42736-efee-4bce-80d5-50358ed94990 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:AttachRolePolicy' 3dd96caa-0b5f-4a85-b929-acfac4646cc2 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:AttachUserPolicy' db78d14b-10e5-4e6e-84b1-dace6327b1ec |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:CreateAccessKey' 846646e3-2af1-428c-ac5d-271eccfa6faf |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:CreateLoginProfile' 04c686f1-e0cd-4812-88e1-4e038410074c |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:CreatePolicyVersion' ec49cbfd-fae4-45f3-81b1-860526d66e3f |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:PutGroupPolicy' e77c89f6-9c85-49ea-b95b-5f960fe5be92 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:PutRolePolicy' c0c1e744-0f37-445e-924a-1846f0839f69 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:PutUserPolicy' 60263b4a-6801-4587-911d-919c37ed733b |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:SetDefaultPolicyVersion' 7782d4b3-e23e-432b-9742-d9528432e771 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:UpdateAssumeRolePolicy' And 'sts:AssumeRole' 78f1ec6f-5659-41ea-bd48-d0a142dce4f2 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'iam:UpdateLoginProfile' ad296c0d-8131-4d6b-b030-1b0e73a99ad3 |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'lambda:CreateFunction' And 'iam:PassRole' And 'lambda:InvokeFunction' 034d0aee-620f-4bf7-b7fb-efdf661fdb9e |
Terraform | Medium | Access Control | Query details Documentation |
| Group With Privilege Escalation By Actions 'lambda:UpdateFunctionCode' 571254d8-aa6a-432e-9725-535d3ef04d69 |
Terraform | Medium | Access Control | Query details Documentation |
| IAM Access Key Is Exposed 7081f85c-b94d-40fd-8b45-a4f1cac75e46 |
Terraform | Medium | Access Control | Query details Documentation |
| IAM Group Without Users fc101ca7-c9dd-4198-a1eb-0fbe92e80044 |
Terraform | Medium | Access Control | Query details Documentation |
| IAM Policies Attached To User b4378389-a9aa-44ee-91e7-ef183f11079e |
Terraform | Medium | Access Control | Query details Documentation |
| IAM Policies With Full Privileges 2f37c4a3-58b9-4afe-8a87-d7f1d2286f84 |
Terraform | Medium | Access Control | Query details Documentation |
| IAM Policy Grants 'AssumeRole' Permission Across All Services bcdcbdc6-a350-4855-ae7c-d1e6436f7c97 |
Terraform | Medium | Access Control | Query details Documentation |
| IAM Role Allows All Principals To Assume 12b7e704-37f0-4d1e-911a-44bf60c48c21 |
Terraform | Medium | Access Control | Query details Documentation |
| IAM Role Policy passRole Allows All e39bee8c-fe54-4a3f-824d-e5e2d1cca40a |
Terraform | Medium | Access Control | Query details Documentation |
| IAM User With Access To Console 9ec311bf-dfd9-421f-8498-0b063c8bc552 |
Terraform | Medium | Access Control | Query details Documentation |
| Lambda Permission Principal Is Wildcard e08ed7eb-f3ef-494d-9d22-2e3db756a347 |
Terraform | Medium | Access Control | Query details Documentation |
| Policy Without Principal bbe3dd3d-fea9-4b68-a785-cfabe2bbbc54 |
Terraform | Medium | Access Control | Query details Documentation |
| Public and Private EC2 Share Role c53c7a89-f9d7-4c7b-8b66-8a555be99593 |
Terraform | Medium | Access Control | Query details Documentation |
| Public Lambda via API Gateway 3ef8696c-e4ae-4872-92c7-520bb44dfe77 |
Terraform | Medium | Access Control | Query details Documentation |
| REST API With Vulnerable Policy b161c11b-a59b-4431-9a29-4e19f63e6b27 |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'cloudformation:CreateStack' And 'iam:PassRole' be2aa235-bd93-4b68-978a-1cc65d49082f |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'ec2:RunInstances' And 'iam:PassRole' 30b88745-eebe-4ecb-a3a9-5cf886e96204 |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'glue:CreateDevEndpoint' And 'iam:PassRole' 0a592060-8166-49f5-8e65-99ac6dce9871 |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'glue:UpdateDevEndpoint' eda48c88-2b7d-4e34-b6ca-04c0194aee17 |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:AddUserToGroup' b8a31292-509d-4b61-bc40-13b167db7e9c |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:AttachGroupPolicy' f906113d-cdc0-415a-ba60-609cc6daaf4d |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:AttachRolePolicy' f465fff1-0a0f-457d-aa4d-1bddb6f204ff |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:AttachUserPolicy' 7c96920c-6fd0-449d-9a52-0aa431b6beaf |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:CreateAccessKey' 5b4d4aee-ac94-4810-9611-833636e5916d |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:CreateLoginProfile' 9a205ba3-0dd1-42eb-8d54-2ffec836b51a |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:CreatePolicyVersion' ee49557d-750c-4cc1-aa95-94ab36cbefde |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:PutGroupPolicy' d6047119-a0b2-4b59-a4f2-127a36fb685b |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:PutRolePolicy' eb64f1e9-f67d-4e35-8a3c-3d6a2f9efea7 |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:PutUserPolicy' 8f75840d-9ee7-42f3-b203-b40e3979eb12 |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:SetDefaultPolicyVersion' 118281d0-6471-422e-a7c5-051bc667926e |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:UpdateAssumeRolePolicy' And 'sts:AssumeRole' f1173d8c-3264-4148-9fdb-61181e031b51 |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'iam:UpdateLoginProfile' 35ccf766-0e4d-41ed-9ec4-2dab155082b4 |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'lambda:CreateFunction' And 'iam:PassRole' And 'lambda:InvokeFunction' fa62ac4f-f5b9-45b9-97c1-625c8b6253ca |
Terraform | Medium | Access Control | Query details Documentation |
| Role With Privilege Escalation By Actions 'lambda:UpdateFunctionCode' c583f0f9-7dfd-476b-a056-f47c62b47b46 |
Terraform | Medium | Access Control | Query details Documentation |
| S3 Bucket Allows Public ACL d0cc8694-fcad-43ff-ac86-32331d7e867f |
Terraform | Medium | Access Control | Query details Documentation |
| SNS Topic Publicity Has Allow and NotAction Simultaneously 5ea624e4-c8b1-4bb3-87a4-4235a776adcc |
Terraform | Medium | Access Control | Query details Documentation |
| SQS Policy With Public Access 730675f9-52ed-49b6-8ead-0acb5dd7df7f |
Terraform | Medium | Access Control | Query details Documentation |
| SSO Identity User Unsafe Creation 4003118b-046b-4640-b200-b8c7a4c8b89f |
Terraform | Medium | Access Control | Query details Documentation |
| SSO Policy with full privileges 132a8c31-9837-4203-9fd1-15ca210c7b73 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'cloudformation:CreateStack' And 'iam:PassRole' 19ffbe31-9d72-4379-9768-431195eae328 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'ec2:RunInstances' And 'iam:PassRole' 89561b03-cb35-44a9-a7e9-8356e71606f4 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'glue:CreateDevEndpoint' And 'iam:PassRole' 94fbe150-27e3-4eba-9ca6-af32865e4503 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'glue:UpdateDevEndpoint' 9b877bd8-94b4-4c10-a060-8e0436cc09fa |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:AddUserToGroup' bf9d42c7-c2f9-4dfe-942c-c8cc8249a081 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:AttachGroupPolicy' 6d23d87e-1c5b-4308-b224-92624300f29b |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:AttachRolePolicy' e227091e-2228-4b40-b046-fc13650d8e88 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:AttachUserPolicy' 70cb518c-d990-46f6-bc05-44a5041493d6 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:CreateAccessKey' 113208f2-a886-4526-9ecc-f3218600e12c |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:CreateLoginProfile' 0fd7d920-4711-46bd-aff2-d307d82cd8b7 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:CreatePolicyVersion' 1743f5f1-0bb0-4934-acef-c80baa5dadfa |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:PutGroupPolicy' 8bfbf7ab-d5e8-4100-8618-798956e101e0 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:PutRolePolicy' eeb4d37a-3c59-4789-a00c-1509bc3af1e5 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:PutUserPolicy' 0c10d7da-85c4-4d62-b2a8-d6c104f1bd77 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:SetDefaultPolicyVersion' 43a41523-386a-4cb1-becb-42af6b414433 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:UpdateAssumeRolePolicy' And 'sts:AssumeRole' 33627268-1445-4385-988a-318fd9d1a512 |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'iam:UpdateLoginProfile' 6deb34e2-5d9c-499a-801b-ea6d9eda894f |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'lambda:CreateFunction' And 'iam:PassRole' And 'lambda:InvokeFunction' 8055dec2-efb8-4fe6-8837-d9bed6ff202a |
Terraform | Medium | Access Control | Query details Documentation |
| User With Privilege Escalation By Actions 'lambda:UpdateFunctionCode' b69247e5-7e73-464e-ba74-ec9b715c6e12 |
Terraform | Medium | Access Control | Query details Documentation |
| Auto Scaling Group With No Associated ELB 8e94dced-9bcc-4203-8eb7-7e41202b2505 |
Terraform | Medium | Availability | Query details Documentation |
| CMK Is Unusable 7350fa23-dcf7-4938-916d-6a60b0c73b50 |
Terraform | Medium | Availability | Query details Documentation |
| ElastiCache Nodes Not Created Across Multi AZ 6db03a91-f933-4f13-ab38-a8b87a7de54d |
Terraform | Medium | Availability | Query details Documentation |
| ElastiCache Redis Cluster Without Backup 8fdb08a0-a868-4fdf-9c27-ccab0237f1ab |
Terraform | Medium | Backup | Query details Documentation |
| RDS Cluster With Backup Disabled e542bd46-58c4-4e0f-a52a-1fb4f9548e02 |
Terraform | Medium | Backup | Query details Documentation |
| RDS With Backup Disabled 1dc73fb4-5b51-430c-8c5f-25dcf9090b02 |
Terraform | Medium | Backup | Query details Documentation |
| S3 Bucket Without Versioning 568a4d22-3517-44a6-a7ad-6a7eed88722c |
Terraform | Medium | Backup | Query details Documentation |
| Stack Retention Disabled 6e0e2f68-3fd9-4cd8-a5e4-e2213ef0df97 |
Terraform | Medium | Backup | Query details Documentation |
| ALB Not Dropping Invalid Headers 6e3fd2ed-5c83-4c68-9679-7700d224d379 |
Terraform | Medium | Best Practices | Query details Documentation |
| AMI Not Encrypted 8bbb242f-6e38-4127-86d4-d8f0b2687ae2 |
Terraform | Medium | Encryption | Query details Documentation |
| CA Certificate Identifier Is Outdated 9f40c07e-699e-4410-8856-3ba0f2e3a2dd |
Terraform | Medium | Encryption | Query details Documentation |
| Cloudfront Viewer Protocol Policy Allows HTTP 55af1353-2f62-4fa0-a8e1-a210ca2708f5 |
Terraform | Medium | Encryption | Query details Documentation |
| CloudWatch Log Group Without KMS 0afbcfe9-d341-4b92-a64c-7e6de0543879 |
Terraform | Medium | Encryption | Query details Documentation |
| ElastiCache Replication Group Not Encrypted At Transit 1afbb3fa-cf6c-4a3d-b730-95e9f4df343e |
Terraform | Medium | Encryption | Query details Documentation |
| Elasticsearch Domain Not Encrypted Node To Node 967eb3e6-26fc-497d-8895-6428beb6e8e2 |
Terraform | Medium | Encryption | Query details Documentation |
| ELB Using Insecure Protocols 126c1788-23c2-4a10-906c-ef179f4f96ec |
Terraform | Medium | Encryption | Query details Documentation |
| IAM Database Auth Not Enabled 88fd05e0-ac0e-43d2-ba6d-fc0ba60ae1a6 |
Terraform | Medium | Encryption | Query details Documentation |
| S3 Bucket Policy Accepts HTTP Requests 4bc4dd4c-7d8d-405e-a0fb-57fa4c31b4d9 |
Terraform | Medium | Encryption | Query details Documentation |
| Secretsmanager Secret Encrypted With AWS Managed Key b0d3ef3f-845d-4b1b-83d6-63a5a380375f |
Terraform | Medium | Encryption | Query details Documentation |
| Secretsmanager Secret Without KMS a2f548f2-188c-4fff-b172-e9a6acb216bd |
Terraform | Medium | Encryption | Query details Documentation |
| Secure Ciphers Disabled 5c0003fb-9aa0-42c1-9da3-eb0e332bef21 |
Terraform | Medium | Encryption | Query details Documentation |
| SNS Topic Encrypted With AWS Managed Key b1a72f66-2236-4f3b-87ba-0da1b366956f |
Terraform | Medium | Encryption | Query details Documentation |
| SQS With SSE Disabled 6e8849c1-3aa7-40e3-9063-b85ee300f29f |
Terraform | Medium | Encryption | Query details Documentation |
| SSM Session Transit Encryption Disabled ce60cc6b-6831-4bd7-84a2-cc7f8ee71433 |
Terraform | Medium | Encryption | Query details Documentation |
| ALB Deletion Protection Disabled afecd1f1-6378-4f7e-bb3b-60c35801fdd4 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| API Gateway With Open Access 15ccec05-5476-4890-ad19-53991eba1db8 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| API Gateway Without Security Policy 4e1cc5d3-2811-4fb2-861c-ee9b3cb7f90b |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| API Gateway Without SSL Certificate 0b4869fc-a842-4597-aa00-1294df425440 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Certificate RSA Key Bytes Lower Than 256 874d68a3-bfbe-4a4b-aaa0-9e74d7da634b |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| CloudFront Without Minimum Protocol TLS 1.2 00e5e55e-c2ff-46b3-a757-a7a1cd802456 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| ECR Image Tag Not Immutable d1846b12-20c5-4d45-8798-fc35b79268eb |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| ECS Task Definition Network Mode Not Recommended 9f4a9409-9c60-4671-be96-9716dbf63db1 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| EKS Cluster Has Public Access 42f4b905-3736-4213-bfe9-c0660518cda8 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| IAM User Has Too Many Access Keys 3561130e-9c5f-485b-9e16-2764c82763e5 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| No Password Policy Enabled b592ffd4-0577-44b6-bd35-8c5ee81b5918 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| S3 Bucket with Unsecured CORS Rule 98a8f708-121b-455b-ae2f-da3fb59d17e1 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| S3 Bucket Without Ignore Public ACL 4fa66806-0dd9-4f8d-9480-3174d39c7c91 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| S3 Bucket Without Restriction Of Public Bucket 1ec253ab-c220-4d63-b2de-5b40e0af9293 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Service Control Policies Disabled 5ba6229c-8057-433e-91d0-21cf13569ca9 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Default VPC Exists 96ed3526-0179-4c73-b1b2-372fde2e0d13 |
Terraform | Medium | Insecure Defaults | Query details Documentation |
| Vulnerable Default SSL Certificate 3a1e94df-6847-4c0e-a3b6-6c6af4e128ef |
Terraform | Medium | Insecure Defaults | Query details Documentation |
| ALB Is Not Integrated With WAF 0afa6ab8-a047-48cf-be07-93a2f8c34cf7 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| ALB Listening on HTTP de7f5e83-da88-4046-871f-ea18504b1d43 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| API Gateway Endpoint Config is Not Private 6b2739db-9c49-4db7-b980-7816e0c248c1 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| API Gateway without WAF a186e82c-1078-4a7b-85d8-579561fde884 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| CloudFront Without WAF 1419b4c6-6d5c-4534-9cf6-6a5266085333 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| EC2 Instance Has Public IP 5a2486aa-facf-477d-a5c1-b010789459ce |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| EKS Cluster Has Public Access CIDRs 61cf9883-1752-4768-b18c-0d57f2737709 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| EKS node group remote access disabled ba40ace1-a047-483c-8a8d-bc2d3a67a82d |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Elasticsearch with HTTPS disabled 2e9e0729-66d5-4148-9d39-5e6fb4bf2a4e |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| HTTP Port Open To Internet ffac8a12-322e-42c1-b9b9-81ff85c39ef7 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Network ACL With Unrestricted Access To SSH 3af7f2fd-06e6-4dab-b996-2912bea19ba4 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Security Group With Unrestricted Access To SSH 65905cec-d691-4320-b320-2000436cb696 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Sensitive Port Is Exposed To Small Public Network e35c16a2-d54e-419d-8546-a804d8e024d0 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| SQL Analysis Services Port 2383 (TCP) Is Publicly Accessible 54c417bf-c762-48b9-9d31-b3d87047e3f0 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| VPC Subnet Assigns Public IP 52f04a44-6bfa-4c41-b1d3-4ae99a2de05c |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| VPC Without Network Firewall fd632aaf-b8a1-424d-a4d1-0de22fd3247a |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| API Gateway Access Logging Disabled 1b6799eb-4a7a-4b04-9001-8cceb9999326 |
Terraform | Medium | Observability | Query details Documentation |
| API Gateway Deployment Without Access Log Setting 625abc0e-f980-4ac9-a775-f7519ee34296 |
Terraform | Medium | Observability | Query details Documentation |
| API Gateway With CloudWatch Logging Disabled 982aa526-6970-4c59-8b9b-2ce7e019fe36 |
Terraform | Medium | Observability | Query details Documentation |
| CloudFront Logging Disabled 94690d79-b3b0-43de-b656-84ebef5753e5 |
Terraform | Medium | Observability | Query details Documentation |
| CloudTrail Log Files S3 Bucket with Logging Disabled ee9e50e8-b2ed-4176-ad42-8fc0cf7593f4 |
Terraform | Medium | Observability | Query details Documentation |
| CloudTrail Logging Disabled 4bb76f17-3d63-4529-bdca-2b454529d774 |
Terraform | Medium | Observability | Query details Documentation |
| CloudWatch AWS Config Configuration Changes Alarm Missing 5b8d7527-de8e-4114-b9dd-9d988f1f418f |
Terraform | Medium | Observability | Query details Documentation |
| CloudWatch Changes To NACL Alarm Missing 0a8e8dc5-b6fc-44fc-b5a1-969ec950f9b0 |
Terraform | Medium | Observability | Query details Documentation |
| Cloudwatch Cloudtrail Configuration Changes Alarm Missing 0f6cbf69-41bb-47dc-93f3-3844640bf480 |
Terraform | Medium | Observability | Query details Documentation |
| CloudWatch Disabling Or Scheduled Deletion Of Customer Created CMK Alarm Missing 56a585f5-555c-48b2-8395-e64e4740a9cf |
Terraform | Medium | Observability | Query details Documentation |
| CloudWatch Logging Disabled 7dbba512-e244-42dc-98bb-422339827967 |
Terraform | Medium | Observability | Query details Documentation |
| CloudWatch Management Console Auth Failed Alarm Missing 5864d189-ee9a-4009-ac0c-8a582e6b7919 |
Terraform | Medium | Observability | Query details Documentation |
| CloudWatch Metrics Disabled 081069cb-588b-4ce1-884c-2a1ce3029fe5 |
Terraform | Medium | Observability | Query details Documentation |
| CloudWatch Root Account Use Missing 8b1b1e67-6248-4dca-bbad-93486bb181c0 |
Terraform | Medium | Observability | Query details Documentation |
| CloudWatch S3 policy Change Alarm Missing 27c6a499-895a-4dc7-9617-5c485218db13 |
Terraform | Medium | Observability | Query details Documentation |
| Cloudwatch Security Group Changes Alarm Missing 4beaf898-9f8b-4237-89e2-5ffdc7ee6006 |
Terraform | Medium | Observability | Query details Documentation |
| CloudWatch VPC Changes Alarm Missing 9d0d4512-1959-43a2-a17f-72360ff06d1b |
Terraform | Medium | Observability | Query details Documentation |
| DocDB Logging Is Disabled 56f6a008-1b14-4af4-b9b2-ab7cf7e27641 |
Terraform | Medium | Observability | Query details Documentation |
| EC2 Instance Monitoring Disabled 23b70e32-032e-4fa6-ba5c-82f56b9980e6 |
Terraform | Medium | Observability | Query details Documentation |
| EKS cluster logging is not enabled 37304d3f-f852-40b8-ae3f-725e87a7cedf |
Terraform | Medium | Observability | Query details Documentation |
| Elasticsearch Log Disabled acb6b4e2-a086-4f35-aefd-4db6ea51ada2 |
Terraform | Medium | Observability | Query details Documentation |
| ELB Access Log Disabled 20018359-6fd7-4d05-ab26-d4dffccbdf79 |
Terraform | Medium | Observability | Query details Documentation |
| Global Accelerator Flow Logs Disabled 96e8183b-e985-457b-90cd-61c0503a3369 |
Terraform | Medium | Observability | Query details Documentation |
| GuardDuty Detector Disabled 704dadd3-54fc-48ac-b6a0-02f170011473 |
Terraform | Medium | Observability | Query details Documentation |
| Missing Cluster Log Types 66f130d9-b81d-4e8e-9b08-da74b9c891df |
Terraform | Medium | Observability | Query details Documentation |
| MQ Broker Logging Disabled 31245f98-a6a9-4182-9fc1-45482b9d030a |
Terraform | Medium | Observability | Query details Documentation |
| MSK Cluster Logging Disabled 2f56b7ab-7fba-4e93-82f0-247e5ddeb239 |
Terraform | Medium | Observability | Query details Documentation |
| Neptune Logging Is Disabled 45cff7b6-3b80-40c1-ba7b-2cf480678bb8 |
Terraform | Medium | Observability | Query details Documentation |
| RDS Without Logging 8d7f7b8c-6c7c-40f8-baa6-62006c6c7b56 |
Terraform | Medium | Observability | Query details Documentation |
| Redshift Cluster Logging Disabled 15ffbacc-fa42-4f6f-a57d-2feac7365caa |
Terraform | Medium | Observability | Query details Documentation |
| S3 Bucket Logging Disabled f861041c-8c9f-4156-acfc-5e6e524f5884 |
Terraform | Medium | Observability | Query details Documentation |
| S3 Bucket Object Level CloudTrail Logging Disabled a8fc2180-b3ac-4c93-bd0d-a55b974e4b07 |
Terraform | Medium | Observability | Query details Documentation |
| Stack Notifications Disabled b72d0026-f649-4c91-a9ea-15d8f681ac09 |
Terraform | Medium | Observability | Query details Documentation |
| VPC FlowLogs Disabled f83121ea-03da-434f-9277-9cd247ab3047 |
Terraform | Medium | Observability | Query details Documentation |
| No Stack Policy 2f01fb2d-828a-499d-b98e-b83747305052 |
Terraform | Medium | Resource Management | Query details Documentation |
| Authentication Without MFA 3ddfa124-6407-4845-a501-179f90c65097 |
Terraform | Low | Access Control | Query details Documentation |
| CloudWatch Logs Destination With Vulnerable Policy db0ec4c4-852c-46a2-b4f3-7ec13cdb12a8 |
Terraform | Low | Access Control | Query details Documentation |
| EC2 Instance Using API Keys 0b93729a-d882-4803-bdc3-ac429a21f158 |
Terraform | Low | Access Control | Query details Documentation |
| SSO Permission With Inadequate User Session Duration ce9dfce0-5fc8-433b-944a-3b16153111a8 |
Terraform | Low | Access Control | Query details Documentation |
| Autoscaling Groups Supply Tags ba48df05-eaa1-4d64-905e-4a4b051e7587 |
Terraform | Low | Availability | Query details Documentation |
| ECS Service Without Running Tasks 91f16d09-689e-4926-aca7-155157f634ed |
Terraform | Low | Availability | Query details Documentation |
| Automatic Minor Upgrades Disabled 3b6d777b-76e3-4133-80a3-0d6f667ade7f |
Terraform | Low | Best Practices | Query details Documentation |
| CDN Configuration Is Missing 1bc367f6-901d-4870-ad0c-71d79762ef52 |
Terraform | Low | Best Practices | Query details Documentation |
| Cognito UserPool Without MFA ec28bf61-a474-4dbe-b414-6dd3a067d6f0 |
Terraform | Low | Best Practices | Query details Documentation |
| ECR Repository Without Policy 69e7c320-b65d-41bb-be02-d63ecc0bcc9d |
Terraform | Low | Best Practices | Query details Documentation |
| IAM Access Analyzer Not Enabled e592a0c5-5bdb-414c-9066-5dba7cdea370 |
Terraform | Low | Best Practices | Query details Documentation |
| IAM Password Without Minimum Length 1bc1c685-e593-450e-88fb-19db4c82aa1d |
Terraform | Low | Best Practices | Query details Documentation |
| Lambda IAM InvokeFunction Misconfigured 0ca1017d-3b80-423e-bb9c-6cd5898d34bd |
Terraform | Low | Best Practices | Query details Documentation |
| Lambda Permission Misconfigured 75ec6890-83af-4bf1-9f16-e83726df0bd0 |
Terraform | Low | Best Practices | Query details Documentation |
| Misconfigured Password Policy Expiration ce60d060-efb8-4bfd-9cf7-ff8945d00d90 |
Terraform | Low | Best Practices | Query details Documentation |
| Password Without Reuse Prevention 89806cdc-9c2e-4bd1-a0dc-53f339bcfb2a |
Terraform | Low | Best Practices | Query details Documentation |
| Stack Without Template 91bea7b8-0c31-4863-adc9-93f6177266c4 |
Terraform | Low | Build Process | Query details Documentation |
| API Gateway With Invalid Compression ed35928e-195c-4405-a252-98ccb664ab7b |
Terraform | Low | Encryption | Query details Documentation |
| CloudTrail Log Files Not Encrypted With KMS 5d9e3164-9265-470c-9a10-57ae454ac0c7 |
Terraform | Low | Encryption | Query details Documentation |
| CodeBuild Project Encrypted With AWS Managed Key 3deec14b-03d2-4d27-9670-7d79322e3340 |
Terraform | Low | Encryption | Query details Documentation |
| DOCDB Cluster Encrypted With AWS Managed Key 2134641d-30a4-4b16-8ffc-2cd4c4ffd15d |
Terraform | Low | Encryption | Query details Documentation |
| ECR Repository Not Encrypted With CMK 0e32d561-4b5a-4664-a6e3-a3fa85649157 |
Terraform | Low | Encryption | Query details Documentation |
| EFS Without KMS 25d251f3-f348-4f95-845c-1090e41a615c |
Terraform | Low | Encryption | Query details Documentation |
| AWS Password Policy With Unchangeable Passwords 9ef7d25d-9764-4224-9968-fa321c56ef76 |
Terraform | Low | Insecure Configurations | Query details Documentation |
| IAM User Policy Without MFA b5681959-6c09-4f55-b42b-c40fa12d03ec |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Instance With No VPC a31a5a29-718a-4ff4-8001-a69e5e4d029e |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Redis Disabled 4bd15dd9-8d5e-4008-8532-27eb0c3706d3 |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Redshift Cluster Without VPC 0a494a6a-ebe2-48a0-9d77-cf9d5125e1b3 |
Terraform | Low | Insecure Configurations | Query details Documentation |
| S3 Bucket Without Enabled MFA Delete c5b31ab9-0f26-4a49-b8aa-4cc064392f4d |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Dynamodb VPC Endpoint Without Route Table Association 0bc534c5-13d1-4353-a7fe-b8665d5c1d7d |
Terraform | Low | Networking and Firewall | Query details Documentation |
| EC2 Instance Using Default VPC 7e4a6e76-568d-43ef-8c4e-36dea481bff1 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| ElastiCache Using Default Port 5d89db57-8b51-4b38-bb76-b9bd42bd40f0 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| ElastiCache Without VPC 8c849af7-a399-46f7-a34c-32d3dc96f1fc |
Terraform | Low | Networking and Firewall | Query details Documentation |
| EMR Without VPC 2b3c8a6d-9856-43e6-ab1d-d651094f03b4 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| RDS Using Default Port bca7cc4d-b3a4-4345-9461-eb69c68fcd26 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Redshift Using Default Port 41abc6cc-dde1-4217-83d3-fb5f0cc09d8f |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Sensitive Port Is Exposed To Wide Private Network 92fe237e-074c-4262-81a4-2077acb928c1 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Shield Advanced Not In Use 084c6686-2a70-4710-91b1-000393e54c12 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| SQS VPC Endpoint Without DNS Resolution e9b7acf9-9ba0-4837-a744-31e7df1e434d |
Terraform | Low | Networking and Firewall | Query details Documentation |
| API Gateway Deployment Without API Gateway UsagePlan Associated b3a59b8e-94a3-403e-b6e2-527abaf12034 |
Terraform | Low | Observability | Query details Documentation |
| API Gateway X-Ray Disabled 5813ef56-fa94-406a-b35d-977d4a56ff2b |
Terraform | Low | Observability | Query details Documentation |
| CloudTrail Log File Validation Disabled 52ffcfa6-6c70-4ea6-8376-d828d3961669 |
Terraform | Low | Observability | Query details Documentation |
| CloudTrail Multi Region Disabled 8173d5eb-96b5-4aa6-a71b-ecfa153c123d |
Terraform | Low | Observability | Query details Documentation |
| CloudTrail Not Integrated With CloudWatch 17b30f8f-8dfb-4597-adf6-57600b6cf25e |
Terraform | Low | Observability | Query details Documentation |
| CloudTrail SNS Topic Name Undefined 482b7d26-0bdb-4b5f-bf6f-545826c0a3dd |
Terraform | Low | Observability | Query details Documentation |
| CloudWatch Console Sign-in Without MFA Alarm Missing 44ceb4fa-0897-4fd2-b676-30e7a58f2933 |
Terraform | Low | Observability | Query details Documentation |
| CloudWatch IAM Policy Changes Alarm Missing eaaba502-2f94-411a-a3c2-83d63cc1776d |
Terraform | Low | Observability | Query details Documentation |
| CloudWatch Network Gateways Changes Alarm Missing 6b6874fe-4c2f-4eea-8b90-7cceaa4a125e |
Terraform | Low | Observability | Query details Documentation |
| CloudWatch Route Table Changes Alarm Missing 2285e608-ddbc-47f3-ba54-ce7121e31216 |
Terraform | Low | Observability | Query details Documentation |
| CMK Rotation Disabled 22fbfeac-7b5a-421a-8a27-7a2178bb910b |
Terraform | Low | Observability | Query details Documentation |
| Configuration Aggregator to All Regions Disabled ac5a0bc0-a54c-45aa-90c3-15f7703b9132 |
Terraform | Low | Observability | Query details Documentation |
| ECS Cluster with Container Insights Disabled 97cb0688-369a-4d26-b1f7-86c4c91231bc |
Terraform | Low | Observability | Query details Documentation |
| ElasticSearch Without Slow Logs e979fcbc-df6c-422d-9458-c33d65e71c45 |
Terraform | Low | Observability | Query details Documentation |
| KMS Key With No Deletion Window 0b530315-0ea4-497f-b34c-4ff86268f59d |
Terraform | Low | Observability | Query details Documentation |
| Lambda Functions Without X-Ray Tracing 8152e0cf-d2f0-47ad-96d5-d003a76eabd1 |
Terraform | Low | Observability | Query details Documentation |
| Unscanned ECR Image 9630336b-3fed-4096-8173-b9afdfe346a7 |
Terraform | Low | Observability | Query details Documentation |
| API Gateway Stage Without API Gateway UsagePlan Associated c999cf62-0920-40f8-8dda-0caccd66ed7e |
Terraform | Low | Resource Management | Query details Documentation |
| Security Group Not Used 4849211b-ac39-479e-ae78-5694d506cb24 |
Terraform | Info | Access Control | Query details Documentation |
| DynamoDB Table Point In Time Recovery Disabled 741f1291-47ac-4a85-a07b-3d32a9d6bd3e |
Terraform | Info | Best Practices | Query details Documentation |
| EC2 Not EBS Optimized 60224630-175a-472a-9e23-133827040766 |
Terraform | Info | Best Practices | Query details Documentation |
| Resource Not Using Tags e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10 |
Terraform | Info | Best Practices | Query details Documentation |
| Security Group Rule Without Description 68eb4bf3-f9bf-463d-b5cf-e029bb446d2e |
Terraform | Info | Best Practices | Query details Documentation |
| Security Group Without Description cb3f5ed6-0d18-40de-a93d-b3538db31e8c |
Terraform | Info | Best Practices | Query details Documentation |
| CloudWatch AWS Organizations Changes Missing Alarm 38b85c45-e772-4de8-a247-69619ca137b3 |
Terraform | Info | Observability | Query details Documentation |
| CloudWatch Without Retention Period Specified ef0b316a-211e-42f1-888e-64efe172b755 |
Terraform | Info | Observability | Query details Documentation |
| BOM - AWS DynamoDB 23edf35f-7c22-4ff9-87e6-0ca74261cfbf |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS EBS 86571149-eef3-4280-a645-01e60df854b0 |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS EFS f53f16d6-46a9-4277-9fbe-617b1e24cdca |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS Elasticache 54229498-850b-4f78-b3a7-218d24ef2c37 |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS Kinesis 0e59d33e-bba2-4037-8f88-9765647ca7ad |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS MQ fcb1b388-f558-4b7f-9b6e-f4e98abb7380 |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS MSK 051f2063-2517-4295-ad8e-ba88c1bf5cfc |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS RDS 12933609-c5bf-44b4-9a41-a6467c3b685b |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS S3 Buckets 2d16c3fb-35ba-4ec0-b4e4-06ee3cbd4045 |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS SNS eccc4d59-74b9-4974-86f1-74386e0c7f33 |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - AWS SQS baecd2da-492a-4d59-b9dc-29540a1398e0 |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| CosmosDB Account IP Range Filter Not Set c2a3efb6-8a58-481c-82f2-bfddf34bb4b7 |
Terraform | Critical | Networking and Firewall | Query details Documentation |
| Redis Entirely Accessible fd8da341-6760-4450-b26c-9f6d8850575e |
Terraform | Critical | Networking and Firewall | Query details Documentation |
| Redis Publicly Accessible 5089d055-53ff-421b-9482-a5267bdce629 |
Terraform | Critical | Networking and Firewall | Query details Documentation |
| SQLServer Ingress From Any IP 25c0ea09-f1c5-4380-b055-3b83863f2bb8 |
Terraform | Critical | Networking and Firewall | Query details Documentation |
| Unrestricted SQL Server Access d7ba74da-2da0-4d4b-83c8-2fd72a3f6c28 |
Terraform | Critical | Networking and Firewall | Query details Documentation |
| Public Storage Account 17f75827-0684-48f4-8747-61129c7e4198 |
Terraform | High | Access Control | Query details Documentation |
| Storage Container Is Publicly Accessible dd5230f8-a577-4bbb-b7ac-f2c2fe7d5299 |
Terraform | High | Access Control | Query details Documentation |
| Azure Container Registry With No Locks a187ac47-8163-42ce-8a63-c115236be6fb |
Terraform | High | Insecure Configurations | Query details Documentation |
| Security Group is Not Configured 5c822443-e1ea-46b8-84eb-758ec602e844 |
Terraform | High | Insecure Configurations | Query details Documentation |
| MariaDB Server Public Network Access Enabled 7f0a8696-7159-4337-ad0d-8a3ab4a78195 |
Terraform | High | Networking and Firewall | Query details Documentation |
| MSSQL Server Public Network Access Enabled ade36cf4-329f-4830-a83d-9db72c800507 |
Terraform | High | Networking and Firewall | Query details Documentation |
| MySQL Server Public Access Enabled f118890b-2468-42b1-9ce9-af35146b425b |
Terraform | High | Networking and Firewall | Query details Documentation |
| RDP Is Exposed To The Internet efbf6449-5ec5-4cfe-8f15-acc51e0d787c |
Terraform | High | Networking and Firewall | Query details Documentation |
| Sensitive Port Is Exposed To Entire Network 594c198b-4d79-41b8-9b36-fde13348b619 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Admin User Enabled For Container Registry b897dfbf-322c-45a8-b67c-1e698beeaa51 |
Terraform | Medium | Access Control | Query details Documentation |
| AKS RBAC Disabled 86f92117-eed8-4614-9c6c-b26da20ff37f |
Terraform | Medium | Access Control | Query details Documentation |
| App Service Authentication Disabled c7fc1481-2899-4490-bbd8-544a3a61a2f3 |
Terraform | Medium | Access Control | Query details Documentation |
| Function App Authentication Disabled e65a0733-94a0-4826-82f4-df529f4c593f |
Terraform | Medium | Access Control | Query details Documentation |
| Role Assignment Not Limit Guest User Permissions 8e75e431-449f-49e9-b56a-c8f1378025cf |
Terraform | Medium | Access Control | Query details Documentation |
| Role Definition Allows Custom Role Creation 3fa5900f-9aac-4982-96b2-a6143d9c99fb |
Terraform | Medium | Access Control | Query details Documentation |
| Storage Share File Allows All ACL Permissions 48bbe0fd-57e4-4678-a4a1-119e79c90fc3 |
Terraform | Medium | Access Control | Query details Documentation |
| Storage Table Allows All ACL Permissions 3ac3e75c-6374-4a32-8ba0-6ed69bda404e |
Terraform | Medium | Access Control | Query details Documentation |
| Azure Instance Using Basic Authentication dafe30ec-325d-4516-85d1-e8e6776f012c |
Terraform | Medium | Best Practices | Query details Documentation |
| Key Vault Secrets Content Type Undefined f8e08a38-fc6e-4915-abbe-a7aadf1d59ef |
Terraform | Medium | Best Practices | Query details Documentation |
| Security Contact Email 34664094-59e0-4524-b69f-deaa1a68cce3 |
Terraform | Medium | Best Practices | Query details Documentation |
| App Service Not Using Latest TLS Encryption Version b7b9d1c7-2d3b-49b4-b867-ebbe68d0b643 |
Terraform | Medium | Encryption | Query details Documentation |
| Encryption On Managed Disk Disabled a99130ab-4c0e-43aa-97f8-78d4fcb30024 |
Terraform | Medium | Encryption | Query details Documentation |
| Function App Not Using Latest TLS Encryption Version 45fc717a-bd86-415c-bdd8-677901be1aa6 |
Terraform | Medium | Encryption | Query details Documentation |
| MySQL SSL Connection Disabled 73e42469-3a86-4f39-ad78-098f325b4e9f |
Terraform | Medium | Encryption | Query details Documentation |
| SSL Enforce Disabled 0437633b-daa6-4bbc-8526-c0d2443b946e |
Terraform | Medium | Encryption | Query details Documentation |
| Storage Account Not Forcing HTTPS 12944ec4-1fa0-47be-8b17-42a034f937c2 |
Terraform | Medium | Encryption | Query details Documentation |
| Storage Account Not Using Latest TLS Encryption Version 8263f146-5e03-43e0-9cfe-db960d56d1e7 |
Terraform | Medium | Encryption | Query details Documentation |
| AD Admin Not Configured For SQL Server a3a055d2-9a2e-4cc9-b9fb-12850a1a3a4b |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| AKS Private Cluster Disabled 599318f2-6653-4569-9e21-041d06c63a89 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| App Service FTPS Enforce Disabled 85da374f-b00f-4832-9d44-84a1ca1e89f8 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| App Service HTTP2 Disabled 525b53be-62ed-4244-b4df-41aecfcb4071 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Azure App Service Client Certificate Disabled a81573f9-3691-4d83-88a0-7d4af63e17a3 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Function App Client Certificates Unrequired 9bb3c639-5edf-458c-8ee5-30c17c7d671d |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Function App FTPS Enforce Disabled 9dab0179-433d-4dff-af8f-0091025691df |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Function App HTTP2 Disabled ace823d1-4432-4dee-945b-cdf11a5a6bd0 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Function App Managed Identity Disabled c87749b3-ff10-41f5-9df2-c421e8151759 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Network Watcher Flow Disabled b90842e5-6779-44d4-9760-972f4c03ba1c |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Redis Cache Allows Non SSL Connections e29a75e6-aba3-4896-b42d-b87818c16b58 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Redis Not Updated Regularly b947809d-dd2f-4de9-b724-04d101c515aa |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Security Center Pricing Tier Is Not Standard 819d50fd-1cdf-45c3-9936-be408aaad93e |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Small Flow Logs Retention Period 7750fcca-dd03-4d38-b663-4b70289bcfd4 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| VM Not Attached To Network bbf6b3df-4b65-4f87-82cc-da9f30f8c033 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Web App Accepting Traffic Other Than HTTPS 11e9a948-c6c3-4a0f-8dcf-b5cf1763cdbe |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Default Azure Storage Account Network Access Is Too Permissive a5613650-32ec-4975-a305-31af783153ea |
Terraform | Medium | Insecure Defaults | Query details Documentation |
| Azure Cognitive Search Public Network Access Enabled 4a9e0f00-0765-4f72-a0d4-d31110b78279 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Firewall Rule Allows Too Many Hosts To Access Redis Cache a829b715-cf75-4e92-b645-54c9b739edfb |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Network Interfaces IP Forwarding Enabled 4216ebac-d74c-4423-b437-35025cb88af5 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Network Interfaces With Public IP c1573577-e494-4417-8854-7e119368dc8b |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Sensitive Port Is Exposed To Small Public Network e9dee01f-2505-4df2-b9bf-7804d1fd9082 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| SSH Is Exposed To The Internet 3e3c175e-aadf-4e2b-a464-3fdac5748d24 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Trusted Microsoft Services Not Enabled 5400f379-a347-4bdd-a032-446465fdcc6f |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| WAF Is Disabled For Azure Application Gateway 2e48d91c-50e4-45c8-9312-27b625868a72 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Email Alerts Disabled 9db38e87-f6aa-4b5e-a1ec-7266df259409 |
Terraform | Medium | Observability | Query details Documentation |
| Log Retention Is Not Set ffb02aca-0d12-475e-b77c-a726f7aeff4b |
Terraform | Medium | Observability | Query details Documentation |
| MSSQL Server Auditing Disabled 609839ae-bd81-4375-9910-5bce72ae7b92 |
Terraform | Medium | Observability | Query details Documentation |
| PostgreSQL Log Checkpoints Disabled 3790d386-be81-4dcf-9850-eaa7df6c10d9 |
Terraform | Medium | Observability | Query details Documentation |
| PostgreSQL Log Connections Not Set c640d783-10c5-4071-b6c1-23507300d333 |
Terraform | Medium | Observability | Query details Documentation |
| PostgreSQL Log Disconnections Not Set 07f7134f-9f37-476e-8664-670c218e4702 |
Terraform | Medium | Observability | Query details Documentation |
| PostgreSQL Log Duration Not Set 16e0879a-c4ae-4ff8-a67d-a2eed5d67b8f |
Terraform | Medium | Observability | Query details Documentation |
| PostgreSQL Server Without Connection Throttling 2b3c671f-1b76-4741-8789-ed1fe0785dc4 |
Terraform | Medium | Observability | Query details Documentation |
| SQL Server Auditing Disabled f7e296b0-6660-4bc5-8f87-22ac4a815edf |
Terraform | Medium | Observability | Query details Documentation |
| Vault Auditing Disabled 38c71c00-c177-4cd7-8d36-cd1007cdb190 |
Terraform | Medium | Observability | Query details Documentation |
| PostgreSQL Server Threat Detection Policy Disabled c407c3cf-c409-4b29-b590-db5f4138d332 |
Terraform | Medium | Resource Management | Query details Documentation |
| SQL Database Audit Disabled 83a229ba-483e-47c6-8db7-dc96969bce5a |
Terraform | Medium | Resource Management | Query details Documentation |
| Key Expiration Not Set 4d080822-5ee2-49a4-8984-68f3d4c890fc |
Terraform | Medium | Secret Management | Query details Documentation |
| Secret Expiration Not Set dfa20ffa-f476-428f-a490-424b41e91c7f |
Terraform | Medium | Secret Management | Query details Documentation |
| Azure Active Directory Authentication a21c8da9-41bf-40cf-941d-330cf0d11fc7 |
Terraform | Low | Access Control | Query details Documentation |
| Virtual Network with DDoS Protection Plan disabled b4cc2c52-34a6-4b43-b57c-4bdeb4514a5a |
Terraform | Low | Availability | Query details Documentation |
| Geo Redundancy Is Disabled 8b042c30-e441-453f-b162-7696982ebc58 |
Terraform | Low | Backup | Query details Documentation |
| MariaDB Server Geo-redundant Backup Disabled 0a70d5f3-1ecd-4c8e-9292-928fc9a8c4f1 |
Terraform | Low | Backup | Query details Documentation |
| AKS Uses Azure Policies Add-On Disabled 43789711-161b-4708-b5bb-9d1c626f7492 |
Terraform | Low | Best Practices | Query details Documentation |
| App Service Without Latest PHP Version 96fe318e-d631-4156-99fa-9080d57280ae |
Terraform | Low | Best Practices | Query details Documentation |
| App Service Without Latest Python Version cc4aaa9d-1070-461a-b519-04e00f42db8a |
Terraform | Low | Best Practices | Query details Documentation |
| SQL Server Predictable Active Directory Account Name bcd3fc01-5902-4f2a-b05a-227f9bbf5450 |
Terraform | Low | Best Practices | Query details Documentation |
| SQL Server Predictable Admin Account Name 2ab6de9a-0136-415c-be92-79d2e4fd750f |
Terraform | Low | Best Practices | Query details Documentation |
| Cosmos DB Account Without Tags 56dad03e-e94f-4dd6-93a4-c253a03ff7a0 |
Terraform | Low | Build Process | Query details Documentation |
| AKS Disk Encryption Set ID Undefined b17d8bb8-4c08-4785-867e-cb9e62a622aa |
Terraform | Low | Encryption | Query details Documentation |
| PostgreSQL Server Infrastructure Encryption Disabled 6425c98b-ca4e-41fe-896a-c78772c131f8 |
Terraform | Low | Encryption | Query details Documentation |
| AKS Network Policy Misconfigured f5342045-b935-402d-adf1-8dbbd09c0eef |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Dashboard Is Enabled 61c3cb8b-0715-47e4-b788-86dde40dd2db |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Azure Front Door WAF Disabled 835a4f2f-df43-437d-9943-545ccfc55961 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Sensitive Port Is Exposed To Wide Private Network c6c7b33d-d7f6-4ab8-8c82-ca0431ecdb7e |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Small Activity Log Retention Period 2b856bf9-8e8c-4005-875f-303a8cba3918 |
Terraform | Low | Observability | Query details Documentation |
| Small MSSQL Audit Retention Period 9c301481-e6ec-44f7-8a49-8ec63e2969ea |
Terraform | Low | Observability | Query details Documentation |
| Small MSSQL Server Audit Retention 59acb56b-2b10-4c2c-ba38-f2223c3f5cfc |
Terraform | Low | Observability | Query details Documentation |
| Small PostgreSQL DB Server Log Retention Period 261a83f8-dd72-4e8c-b5e1-ebf06e8fe606 |
Terraform | Low | Observability | Query details Documentation |
| App Service Managed Identity Disabled b61cce4b-0cc4-472b-8096-15617a6d769b |
Terraform | Low | Resource Management | Query details Documentation |
| SQL Server Alert Email Disabled 55975007-f6e7-4134-83c3-298f1fe4b519 |
Terraform | Info | Best Practices | Query details Documentation |
| Beta - Databricks Cluster or Job With None Or Insecure Permission(s) a4edb7e1-c0e0-4f7f-9d7c-d1b603e81ad5 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Beta - Unrestricted Databricks ACL 2c4fe4a9-f44b-4c70-b09b-5b75cd251805 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Beta - Job's Task is Legacy (spark_submit_task) 375cdab9-3f94-4ae0-b1e3-8fbdf9cdf4d7 |
Terraform | Medium | Best Practices | Query details Documentation |
| Beta - Indefinitely Databricks OBO Token Lifetime 23e1f5f0-12b7-4d7e-9087-f60f42ccd514 |
Terraform | Medium | Insecure Defaults | Query details Documentation |
| Beta - Indefinitely Databricks Token Lifetime 7d05ca25-91b4-42ee-b6f6-b06611a87ce8 |
Terraform | Medium | Insecure Defaults | Query details Documentation |
| Beta - Databricks Autoscale Badly Setup 953c0cc6-5f30-44cb-a803-bf4ef2571be8 |
Terraform | Medium | Resource Management | Query details Documentation |
| Beta - Databricks Group Without User Or Instance Profile 23c3067a-8cc9-480c-b645-7c1e0ad4bf60 |
Terraform | Low | Access Control | Query details Documentation |
| Beta - Check Databricks Cluster AWS Attribute Best Practices b0749c53-e3ff-4d09-bbe4-dca94e2e7a38 |
Terraform | Low | Best Practices | Query details Documentation |
| Beta - Check Databricks Cluster Azure Attribute Best Practices 38028698-e663-4ef7-aa92-773fef0ca86f |
Terraform | Low | Best Practices | Query details Documentation |
| Beta - Check Databricks Cluster GCP Attribute Best Practices 539e4557-d2b5-4d57-a001-cb01140a4e2d |
Terraform | Low | Best Practices | Query details Documentation |
| Beta - Check use no LTS Spark Version 5a627dfa-a4dd-4020-a4c6-5f3caf4abcd6 |
Terraform | Low | Best Practices | Query details Documentation |
| Cloud Storage Anonymous or Publicly Accessible a6cd52a1-3056-4910-96a5-894de9f3f3b3 |
Terraform | Critical | Access Control | Query details Documentation |
| SQL DB Instance Publicly Accessible b187edca-b81e-4fdc-aff4-aab57db45edb |
Terraform | Critical | Insecure Configurations | Query details Documentation |
| BigQuery Dataset Is Public e576ce44-dd03-4022-a8c0-3906acca2ab4 |
Terraform | High | Access Control | Query details Documentation |
| Google Project IAM Binding Service Account has Token Creator or Account User Role 617ef6ff-711e-4bd7-94ae-e965911b1b40 |
Terraform | High | Access Control | Query details Documentation |
| Google Project IAM Member Service Account Has Admin Role 84d36481-fd63-48cb-838e-635c44806ec2 |
Terraform | High | Access Control | Query details Documentation |
| Google Project IAM Member Service Account has Token Creator or Account User Role c68b4e6d-4e01-4ca1-b256-1e18e875785c |
Terraform | High | Access Control | Query details Documentation |
| KMS Crypto Key is Publicly Accessible 16cc87d1-dd47-4f46-b3ce-4dfcac8fd2f5 |
Terraform | High | Encryption | Query details Documentation |
| SQL DB Instance With SSL Disabled 02474449-71aa-40a1-87ae-e14497747b00 |
Terraform | High | Encryption | Query details Documentation |
| GKE Legacy Authorization Enabled 5baa92d2-d8ee-4c75-88a4-52d9d8bb8067 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Google Storage Bucket Level Access Disabled bb0db090-5509-4853-a827-75ced0b3caa0 |
Terraform | High | Insecure Configurations | Query details Documentation |
| RDP Access Is Not Restricted 678fd659-96f2-454a-a2a0-c2571f83a4a3 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Cloud Storage Bucket Is Publicly Accessible c010082c-76e0-4b91-91d9-6e8439e455dd |
Terraform | Medium | Access Control | Query details Documentation |
| KMS Admin and CryptoKey Roles In Use 92e4464a-4139-4d57-8742-b5acc0347680 |
Terraform | Medium | Access Control | Query details Documentation |
| OSLogin Disabled 32ecd6eb-0711-421f-9627-1a28d9eff217 |
Terraform | Medium | Access Control | Query details Documentation |
| VM With Full Cloud Access bc280331-27b9-4acb-a010-018e8098aa5d |
Terraform | Medium | Access Control | Query details Documentation |
| SQL DB Instance Backup Disabled cf3c7631-cd1e-42f3-8801-a561214a6e79 |
Terraform | Medium | Backup | Query details Documentation |
| Disk Encryption Disabled b1d51728-7270-4991-ac2f-fc26e2695b38 |
Terraform | Medium | Encryption | Query details Documentation |
| DNSSEC Using RSASHA1 ccc3100c-0fdd-4a5e-9908-c10107291860 |
Terraform | Medium | Encryption | Query details Documentation |
| Google Compute SSL Policy Weak Cipher In Use 14a457f0-473d-4d1d-9e37-6d99b355b336 |
Terraform | Medium | Encryption | Query details Documentation |
| Cloud DNS Without DNSSEC 5ef61c88-bbb4-4725-b1df-55d23c9676bb |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Google Container Node Pool Auto Repair Disabled acfdbec6-4a17-471f-b412-169d77553332 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Google Project Auto Create Network Disabled 59571246-3f62-4965-a96f-c7d97e269351 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| IP Aliasing Disabled c606ba1d-d736-43eb-ac24-e16108f3a9e0 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Network Policy Disabled 11e7550e-c4b6-472e-adff-c698f157cdd7 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| OSLogin Is Disabled For VM Instance d0b4d550-c001-46c3-bbdb-d5d75d33f05f |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Pod Security Policy Disabled 9192e0f9-eca5-4056-9282-ae2a736a4088 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Private Cluster Disabled 6ccb85d7-0420-4907-9380-50313f80946b |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Shielded GKE Nodes Disabled 579a0727-9c29-4d58-8195-fc5802a8bdb4 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Shielded VM Disabled 1b44e234-3d73-41a8-9954-0b154135280e |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| GKE Using Default Service Account 1c8eef02-17b1-4a3e-b01d-dcc3292d2c38 |
Terraform | Medium | Insecure Defaults | Query details Documentation |
| Using Default Service Account 3cb4af0b-056d-4fb1-8b95-fdc4593625ff |
Terraform | Medium | Insecure Defaults | Query details Documentation |
| Google Compute Network Using Default Firewall Rule 40abce54-95b1-478c-8e5f-ea0bf0bb0e33 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Google Compute Network Using Firewall Rule that Allows All Ports 22ef1d26-80f8-4a6c-8c15-f35aab3cac78 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| IP Forwarding Enabled f34c0c25-47b4-41eb-9c79-249b4dd47b89 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Serial Ports Are Enabled For VM Instances 97fa667a-d05b-4f16-9071-58b939f34751 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| SSH Access Is Not Restricted c4dcdcdf-10dd-4bf4-b4a0-8f6239e6aaa0 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Cloud Storage Bucket Logging Not Enabled d6cabc3a-d57e-48c2-b341-bf3dd4f4a120 |
Terraform | Medium | Observability | Query details Documentation |
| Cloud Storage Bucket Versioning Disabled e7e961ac-d17e-4413-84bc-8a1fbe242944 |
Terraform | Medium | Observability | Query details Documentation |
| Google Compute Subnetwork Logging Disabled 40430747-442d-450a-a34f-dc57149f4609 |
Terraform | Medium | Observability | Query details Documentation |
| Stackdriver Logging Disabled 4c7ebcb2-eae2-461e-bc83-456ee2d4f694 |
Terraform | Medium | Observability | Query details Documentation |
| Stackdriver Monitoring Disabled 30e8dfd2-3591-4d19-8d11-79e93106c93d |
Terraform | Medium | Observability | Query details Documentation |
| Node Auto Upgrade Disabled b139213e-7d24-49c2-8025-c18faa21ecaa |
Terraform | Medium | Resource Management | Query details Documentation |
| Service Account with Improper Privileges cefdad16-0dd5-4ac5-8ed2-a37502c78672 |
Terraform | Medium | Resource Management | Query details Documentation |
| High Google KMS Crypto Key Rotation Period d8c57c4e-bf6f-4e32-a2bf-8643532de77b |
Terraform | Medium | Secret Management | Query details Documentation |
| Project-wide SSH Keys Are Enabled In VM Instances 3e4d5ce6-3280-4027-8010-c26eeea1ec01 |
Terraform | Medium | Secret Management | Query details Documentation |
| User with IAM Role 704fcc44-a58f-4af5-82e2-93f2a58ef918 |
Terraform | Low | Access Control | Query details Documentation |
| Outdated GKE Version 128df7ec-f185-48bc-8913-ce756a3ccb85 |
Terraform | Low | Best Practices | Query details Documentation |
| Cluster Labels Disabled 65c1bc7a-4835-4ac4-a2b6-13d310b0648d |
Terraform | Low | Insecure Configurations | Query details Documentation |
| COS Node Image Not Used 8a893e46-e267-485a-8690-51f39951de58 |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Legacy Client Certificate Auth Enabled 73fb21a1-b19a-45b1-b648-b47b1678681e |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Not Proper Email Account In Use 9356962e-4a4f-4d06-ac59-dc8008775eaa |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Google Compute Network Using Firewall Rule that Allows Port Range e6f61c37-106b-449f-a5bb-81bfcaceb8b4 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Google Compute Subnetwork with Private Google Access Disabled ee7b93c1-b3f8-4a3b-9588-146d481814f5 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| IAM Audit Not Properly Configured 89fe890f-b480-460c-8b6b-7d8b1468adb4 |
Terraform | Low | Observability | Query details Documentation |
| BOM - GCP Dataflow 895ed0d9-6fec-4567-8614-d7a74b599a53 |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - GCP FI c9d81239-c818-4869-9917-1570c62b81fd |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - GCP PD dd7d70aa-a6ec-460d-b5d2-38b40253b16f |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - GCP PST 4b82202a-b18e-4891-a1eb-a0989850bbb3 |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - GCP Redis bc75ce52-a60a-4660-b533-bce837a5019b |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| BOM - GCP SB 2f06d22c-56bd-4f73-8a51-db001fcf2150 |
Terraform | Trace | Bill Of Materials | Query details Documentation |
| Github Organization Webhook With SSL Disabled ce7c874e-1b88-450b-a5e4-cb76ada3c8a9 |
Terraform | Medium | Encryption | Query details Documentation |
| GitHub Repository Set To Public 15d8a7fd-465a-4d15-a868-add86552f17b |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Non Kube System Pod With Host Mount 86a947ea-f577-4efb-a8b0-5fc00257d521 |
Terraform | High | Access Control | Query details Documentation |
| Cluster Allows Unsafe Sysctls a9174d31-d526-4ad9-ace4-ce7ddbf52e03 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Container Is Privileged 87065ef8-de9b-40d8-9753-f4a4303e27a4 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Container Runs Unmasked 0ad60203-c050-4115-83b6-b94bde92541d |
Terraform | High | Insecure Configurations | Query details Documentation |
| Containers With Sys Admin Capabilities 3f55386d-75cd-4e9a-ac47-167b26c04724 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Privilege Escalation Allowed c878abb4-cca5-4724-92b9-289be68bd47c |
Terraform | High | Insecure Configurations | Query details Documentation |
| PSP Allows Containers To Share The Host Network Namespace 4950837c-0ce5-4e42-9bee-a25eae73740b |
Terraform | High | Insecure Configurations | Query details Documentation |
| PSP Allows Privilege Escalation 2bff9906-4e9b-4f71-9346-8ebedfdf43ef |
Terraform | High | Insecure Configurations | Query details Documentation |
| PSP Allows Sharing Host IPC 51bed0ac-a8ae-407a-895e-90c6cb0610ce |
Terraform | High | Insecure Configurations | Query details Documentation |
| PSP Set To Privileged a6a4d4fc-4e8f-47d1-969f-e9d4a084f3b9 |
Terraform | High | Insecure Configurations | Query details Documentation |
| PSP With Added Capabilities 48388bd2-7201-4dcc-b56d-e8a9efa58fad |
Terraform | High | Insecure Configurations | Query details Documentation |
| Tiller (Helm v2) Is Deployed ca2fba76-c1a7-4afd-be67-5249f861cb0e |
Terraform | High | Insecure Configurations | Query details Documentation |
| Workload Mounting With Sensitive OS Directory a737be28-37d8-4bff-aa6d-1be8aa0a0015 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Volume Mount With OS Directory Write Permissions a62a99d1-8196-432f-8f80-3c100b05d62a |
Terraform | High | Resource Management | Query details Documentation |
| Docker Daemon Socket is Exposed to Containers 4e203a65-c8d8-49a2-b749-b124d43c9dc1 |
Terraform | Medium | Access Control | Query details Documentation |
| Missing App Armor Config bd6bd46c-57db-4887-956d-d372f21291b6 |
Terraform | Medium | Access Control | Query details Documentation |
| Permissive Access to Create Pods 522d4a64-4dc9-44bd-9240-7d8a0d5cb5ba |
Terraform | Medium | Access Control | Query details Documentation |
| RBAC Roles with Read Secrets Permissions 826abb30-3cd5-4e0b-a93b-67729b4f7e63 |
Terraform | Medium | Access Control | Query details Documentation |
| Readiness Probe Is Not Configured 8657197e-3f87-4694-892b-8144701d83c1 |
Terraform | Medium | Availability | Query details Documentation |
| Root Containers Admitted 4c415497-7410-4559-90e8-f2c8ac64ee38 |
Terraform | Medium | Best Practices | Query details Documentation |
| Incorrect Volume Claim Access Mode ReadWriteOnce 26b047a9-0329-48fd-8fb7-05bbe5ba80ee |
Terraform | Medium | Build Process | Query details Documentation |
| Container Host Pid Is True 587d5d82-70cf-449b-9817-f60f9bccb88c |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Container Resources Limits Undefined 60af03ff-a421-45c8-b214-6741035476fa |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Containers With Added Capabilities fe771ff7-ba15-4f8f-ad7a-8aa232b49a28 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Ingress Controller Exposes Workload e2c83c1f-84d7-4467-966c-ed41fd015bb9 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| NET_RAW Capabilities Disabled for PSP 9aa32890-ac1a-45ee-81ca-5164e2098556 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| NET_RAW Capabilities Not Being Dropped e5587d53-a673-4a6b-b3f2-ba07ec274def |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Seccomp Profile Is Not Configured 455f2e0c-686d-4fcb-8b5f-3f953f12c43c |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Role Binding To Default Service Account 3360c01e-c8c0-4812-96a2-a6329b9b7f9f |
Terraform | Medium | Insecure Defaults | Query details Documentation |
| Service Account Name Undefined Or Empty 24b132df-5cc7-4823-8029-f898e1c50b72 |
Terraform | Medium | Insecure Defaults | Query details Documentation |
| Service Account Token Automount Not Disabled a9a13d4f-f17a-491b-b074-f54bffffcb4a |
Terraform | Medium | Insecure Defaults | Query details Documentation |
| Service With External Load Balancer 2a52567c-abb8-4651-a038-52fa27c77aed |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Memory Limits Not Defined fd097ed0-7fe6-4f58-8b71-fef9f0820a21 |
Terraform | Medium | Resource Management | Query details Documentation |
| Memory Requests Not Defined 21719347-d02b-497d-bda4-04a03c8e5b61 |
Terraform | Medium | Resource Management | Query details Documentation |
| Shared Host IPC Namespace e94d3121-c2d1-4e34-a295-139bfeb73ea3 |
Terraform | Medium | Resource Management | Query details Documentation |
| Shared Host Network Namespace ac1564a3-c324-4747-9fa1-9dfc234dace0 |
Terraform | Medium | Resource Management | Query details Documentation |
| Service Account Allows Access Secrets 07fc3413-e572-42f7-9877-5c8fc6fccfb5 |
Terraform | Medium | Secret Management | Query details Documentation |
| Shared Service Account f74b9c43-161a-4799-bc95-0b0ec81801b9 |
Terraform | Medium | Secret Management | Query details Documentation |
| Cluster Admin Rolebinding With Superuser Permissions 17172bc2-56fb-4f17-916f-a014147706cd |
Terraform | Low | Access Control | Query details Documentation |
| Deployment Without PodDisruptionBudget a05331ee-1653-45cb-91e6-13637a76e4f0 |
Terraform | Low | Availability | Query details Documentation |
| HPA Targets Invalid Object 17e52ca3-ddd0-4610-9d56-ce107442e110 |
Terraform | Low | Availability | Query details Documentation |
| StatefulSet Without PodDisruptionBudget 7249e3b0-9231-4af3-bc5f-5daf4988ecbf |
Terraform | Low | Availability | Query details Documentation |
| StatefulSet Without Service Name 420e6360-47bb-46f6-9072-b20ed22c842d |
Terraform | Low | Availability | Query details Documentation |
| Metadata Label Is Invalid bc3dabb6-fd50-40f8-b9ba-7429c9f1fb0e |
Terraform | Low | Best Practices | Query details Documentation |
| No Drop Capabilities for Containers 21cef75f-289f-470e-8038-c7cee0664164 |
Terraform | Low | Best Practices | Query details Documentation |
| Root Container Not Mounted As Read-only d532566b-8d9d-4f3b-80bd-361fe802f9c2 |
Terraform | Low | Build Process | Query details Documentation |
| StatefulSet Requests Storage fcc2612a-1dfe-46e4-8ce6-0320959f0040 |
Terraform | Low | Build Process | Query details Documentation |
| Default Service Account In Use 737a0dd9-0aaa-4145-8118-f01778262b8a |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Image Pull Policy Of The Container Is Not Set To Always aa737abf-6b1d-4aba-95aa-5c160bd7f96e |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Image Without Digest 228c4c19-feeb-4c18-848c-800ac70fdfb7 |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Pod or Container Without Security Context ad69e38a-d92e-4357-a8da-f2f29d545883 |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Using Default Namespace abcb818b-5af7-4d72-aba9-6dd84956b451 |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Network Policy Is Not Targeting Any Pod b80b14c6-aaa2-4876-b651-8a48b6c32fbf |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Service Type is NodePort 5c281bf8-d9bb-47f2-b909-3f6bb11874ad |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Workload Host Port Not Specified 4e74cf4f-ff65-4c1a-885c-67ab608206ce |
Terraform | Low | Networking and Firewall | Query details Documentation |
| CPU Limits Not Set 5f4735ce-b9ba-4d95-a089-a37a767b716f |
Terraform | Low | Resource Management | Query details Documentation |
| CPU Requests Not Set 577ac19c-6a77-46d7-9f14-e049cdd15ec2 |
Terraform | Low | Resource Management | Query details Documentation |
| CronJob Deadline Not Configured 58876b44-a690-4e9f-9214-7735fa0dd15d |
Terraform | Low | Resource Management | Query details Documentation |
| Deployment Has No PodAntiAffinity 461ed7e4-f8d5-4bc1-b3c6-64ddb4fd00a3 |
Terraform | Low | Resource Management | Query details Documentation |
| Secrets As Environment Variables 6d8f1a10-b6cd-48f0-b960-f7c535d5cdb8 |
Terraform | Low | Secret Management | Query details Documentation |
| Invalid Image e76cca7c-c3f9-4fc9-884c-b2831168ebd8 |
Terraform | Low | Supply-Chain | Query details Documentation |
| Liveness Probe Is Not Defined 5b6d53dd-3ba3-4269-b4d7-f82e880e43c3 |
Terraform | Info | Availability | Query details Documentation |
| Nifcloud RDB Has Public DB Access fb387023-e4bb-42a8-9a70-6708aa7ff21b |
Terraform | High | Access Control | Query details Documentation |
| Nifcloud Computing Has Public Ingress Security Group Rule b2ea2367-8dc9-4231-a035-d0b28bfa3dde |
Terraform | High | Networking and Firewall | Query details Documentation |
| Nifcloud Computing Undefined Security Group To Instance 89218b48-75c9-4cb3-aaba-5299e852e8bc |
Terraform | High | Networking and Firewall | Query details Documentation |
| Nifcloud NAS Has Public Ingress NAS Security Group Rule 8d7758a7-d9cd-499a-a83e-c9bdcbff728d |
Terraform | High | Networking and Firewall | Query details Documentation |
| Nifcloud RDB Has Public DB Ingress Security Group Rule a0b846e8-815f-4f15-b660-bc4ab9fa1e1a |
Terraform | High | Networking and Firewall | Query details Documentation |
| Nifcloud Router Undefined Security Group e7dada38-af20-4899-8955-dabea84ab1f0 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Nifcloud VPN Gateway Undefined Security Group b3535a48-910c-47f8-8b3b-14222f29ef80 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Nifcloud LB Using Insecure TLS Policy ID 944439c7-b4b8-476a-8f83-14641ea876ba |
Terraform | Medium | Encryption | Query details Documentation |
| Nifcloud LB Using Insecure TLS Policy Name 675e8eaa-2754-42b7-bf33-bfa295d1601d |
Terraform | Medium | Encryption | Query details Documentation |
| Nifcloud ELB Listener Using HTTP Protocol afcb0771-4f94-44ed-ad4a-9f73f11ce6e0 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Nifcloud ELB Using HTTP Protocol e2de2b80-2fc2-4502-a764-40930dfcc70a |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Nifcloud LB Listener Using HTTP Port 9f751a80-31f0-43a3-926c-20772791a038 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Nifcloud LB Using HTTP Port 94e47f3f-b90b-43a1-a36d-521580bae863 |
Terraform | Medium | Networking and Firewall | Query details Documentation |
| Nifcloud Low RDB Backup Retention Period e5071f76-cbe7-468d-bb2b-d10f02d2b713 |
Terraform | Low | Backup | Query details Documentation |
| Nifcloud DNS Has Verified Record a1defcb6-55e8-4511-8c2a-30b615b0e057 |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Nifcloud Computing Has Common Private Network df58dd45-8009-43c2-90f7-c90eb9d53ed9 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Nifcloud ELB Has Common Private Network 5061f84c-ab66-4660-90b9-680c9df346c0 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Nifcloud NAS Has Common Private Network 4b801c38-ebb4-4c81-984b-1ba525d43adf |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Nifcloud RDB Has Common Private Network 9bf57c23-fbab-4222-85f3-3f207a53c6a8 |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Nifcloud Router Has Common Private Network 30c2760c-740e-4672-9d7f-2c29e0cb385d |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Nifcloud Computing Undefined Description To Security Group 41c127a9-3a85-4bc3-a333-ed374eb9c3e4 |
Terraform | Info | Best Practices | Query details Documentation |
| Nifcloud Computing Undefined Description To Security Group Rule e4610872-0b1c-4fb7-ab57-d81c0afdb291 |
Terraform | Info | Best Practices | Query details Documentation |
| Nifcloud NAS Undefined Description To NAS Security Group e840c54a-7a4c-405f-b8c1-c49a54b87d11 |
Terraform | Info | Best Practices | Query details Documentation |
| Nifcloud RDB Undefined Description To DB Security Group 940ddce2-26bd-4e31-a9b4-382714f73231 |
Terraform | Info | Best Practices | Query details Documentation |
| Generic Git Module Without Revision 3a81fc06-566f-492a-91dd-7448e409e2cd |
Terraform | Info | Best Practices | Query details Documentation |
| Name Is Not Snake Case 1e434b25-8763-4b00-a5ca-ca03b7abbb66 |
Terraform | Info | Best Practices | Query details Documentation |
| Output Without Description 59312e8a-a64e-41e7-a252-618533dd1ea8 |
Terraform | Info | Best Practices | Query details Documentation |
| Variable Without Description 2a153952-2544-4687-bcc9-cc8fea814a9b |
Terraform | Info | Best Practices | Query details Documentation |
| Variable Without Type fc5109bf-01fd-49fb-8bde-4492b543c34a |
Terraform | Info | Best Practices | Query details Documentation |
| Beta - CLB Listener Using Insecure Protocols fe08b81c-12e9-4b5e-9006-4218fca750fd |
Terraform | High | Encryption | Query details Documentation |
| Beta - TKE Cluster Encryption Protection Disabled 3ed47402-e322-465f-a0f0-8681135a17b0 |
Terraform | High | Encryption | Query details Documentation |
| Beta - CDB Instance Internet Service Enabled 5d820574-4a60-4916-b049-0810b8629731 |
Terraform | High | Insecure Configurations | Query details Documentation |
| Beta - CVM Instance Has Public IP a74b4602-a62c-4a02-956a-e19f86ea24b5 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Beta - Security Group Rule Set Accepts All Traffic d135a36e-c474-452f-b891-76db1e6d1cd5 |
Terraform | High | Networking and Firewall | Query details Documentation |
| Beta - CDB Instance Without Backup Policy ca94be07-7de3-4ae7-85ef-67e0462ec694 |
Terraform | Medium | Backup | Query details Documentation |
| Beta - CLB Instance Log Setting Disabled ada01ed1-b10c-4f2a-b110-b20fa4f9baa6 |
Terraform | Medium | Encryption | Query details Documentation |
| Beta - Disk Encryption Disabled 1ee0f202-31da-49ba-bbce-04a989912e4b |
Terraform | Medium | Encryption | Query details Documentation |
| Beta - TKE Cluster Has Public Access df6928ed-02f4-421f-9a67-a529860dd7e7 |
Terraform | Medium | Insecure Configurations | Query details Documentation |
| Beta - CVM Instance Using Default Security Group 93bb2065-63ec-45a2-a466-f106b56f2e32 |
Terraform | Low | Access Control | Query details Documentation |
| Beta - CVM Instance Using User Data 5bb6fa08-5e84-4760-a54a-cdcd66626976 |
Terraform | Low | Access Control | Query details Documentation |
| Beta - CDB Instance Internet Using Default Intranet Port 18d6aa4b-7570-4d95-9c75-90363ef1abd9 |
Terraform | Low | Insecure Configurations | Query details Documentation |
| Beta - CVM Instance Using Default VPC b4e75c5c-83d5-4568-90e3-57ed5ec4051b |
Terraform | Low | Networking and Firewall | Query details Documentation |
| Beta - TKE Cluster Log Agent Is Not Enabled fe405074-7e18-40f9-9aef-024aa1d0a889 |
Terraform | Low | Observability | Query details Documentation |
| Beta - VPC Flow Logs Disabled a3240001-40db-47b7-abb9-2bcd6a04c430 |
Terraform | Low | Observability | Query details Documentation |
| Beta - CVM Instance Disable Monitor Service 966ed4f7-b8a5-4e8d-b2bf-098657c98960 |
Terraform | Info | Observability | Query details Documentation |