Skip to content

All

Queries List

This page contains all queries.

Query Platform Severity Category More info
ECR Repository Is Publicly Accessible
fb5a5df7-6d74-4243-ab82-ff779a958bfd
Ansible Critical Access Control Query details
Documentation
S3 Bucket Access to Any Principal
3ab1f27d-52cc-4943-af1d-43c1939e739a
Ansible Critical Access Control Query details
Documentation
S3 Bucket Allows Delete Action From All Principals
6fa44721-ef21-41c6-8665-330d59461163
Ansible Critical Access Control Query details
Documentation
S3 Bucket Allows Put Action From All Principals
a0f1bfe0-741e-473f-b3b2-13e66f856fab
Ansible Critical Access Control Query details
Documentation
S3 Bucket With All Permissions
6a6d7e56-c913-4549-b5c5-5221e624d2ec
Ansible Critical Access Control Query details
Documentation
S3 Bucket With Public Access
c3e073c1-f65e-4d18-bd67-4a8f20ad1ab9
Ansible Critical Access Control Query details
Documentation
RDS DB Instance Publicly Accessible
c09e3ca5-f08a-4717-9c87-3919c5e6d209
Ansible Critical Insecure Configurations Query details
Documentation
DB Security Group With Public Scope
0956aedf-6a7a-478b-ab56-63e2b19923ad
Ansible Critical Networking and Firewall Query details
Documentation
RDS Associated with Public Subnet
16732649-4ff6-4cd2-8746-e72c13fae4b8
Ansible Critical Networking and Firewall Query details
Documentation
Cross-Account IAM Assume Role Policy Without ExternalId or MFA
af167837-9636-4086-b815-c239186b9dda
Ansible High Access Control Query details
Documentation
ECS Service Admin Role Is Present
7db727c1-1720-468e-b80e-06697f71e09e
Ansible High Access Control Query details
Documentation
IAM Policy Grants Full Permissions
b5ed026d-a772-4f07-97f9-664ba0b116f8
Ansible High Access Control Query details
Documentation
S3 Bucket ACL Allows Read to All Users
a1ef9d2e-4163-40cb-bd92-04f0d602a15d
Ansible High Access Control Query details
Documentation
S3 Bucket ACL Allows Read to Any Authenticated User
75480b31-f349-4b9a-861f-bce19588e674
Ansible High Access Control Query details
Documentation
S3 Bucket Allows Get Action From All Principals
53bce6a8-5492-4b1b-81cf-664385f0c4bf
Ansible High Access Control Query details
Documentation
S3 Bucket Allows List Action From All Principals
d395a950-12ce-4314-a742-ac5a785ab44e
Ansible High Access Control Query details
Documentation
SNS Topic is Publicly Accessible
905f4741-f965-45c1-98db-f7a00a0e5c73
Ansible High Access Control Query details
Documentation
SQS Policy Allows All Actions
ed9b3beb-92cf-44d9-a9d2-171eeba569d4
Ansible High Access Control Query details
Documentation
SQS Queue Exposed
86b0efa7-4901-4edd-a37a-c034bec6645a
Ansible High Access Control Query details
Documentation
Config Rule For Encrypted Volumes Disabled
7674a686-e4b1-4a95-83d4-1fd53c623d84
Ansible High Encryption Query details
Documentation
DB Instance Storage Not Encrypted
7dfb316c-a6c2-454d-b8a2-97f147b0c0ff
Ansible High Encryption Query details
Documentation
EBS Volume Encryption Disabled
4b6012e7-7176-46e4-8108-e441785eae57
Ansible High Encryption Query details
Documentation
EFS Not Encrypted
727c4fd4-d604-4df6-a179-7713d3c85e20
Ansible High Encryption Query details
Documentation
ELB Using Weak Ciphers
2034fb37-bc23-4ca0-8d95-2b9f15829ab5
Ansible High Encryption Query details
Documentation
Kinesis Not Encrypted With KMS
f2ea6481-1d31-4d40-946a-520dc6321dd7
Ansible High Encryption Query details
Documentation
Launch Configuration Is Not Encrypted
66477506-6abb-49ed-803d-3fa174cd5f6a
Ansible High Encryption Query details
Documentation
Redis Not Compliant
9f34885e-c08f-4d13-a7d1-cf190c5bd268
Ansible High Encryption Query details
Documentation
Redshift Not Encrypted
6a647814-def5-4b85-88f5-897c19f509cd
Ansible High Encryption Query details
Documentation
S3 Bucket Without Server-side-encryption
594f54e7-f744-45ab-93e4-c6dbaf6cd571
Ansible High Encryption Query details
Documentation
User Data Contains Encoded Private Key
c09f4d3e-27d2-4d46-9453-abbe9687a64e
Ansible High Encryption Query details
Documentation
Batch Job Definition With Privileged Container Properties
defe5b18-978d-4722-9325-4d1975d3699f
Ansible High Insecure Configurations Query details
Documentation
EC2 Group Has Public Interface
5330b503-3319-44ff-9b1c-00ee873f728a
Ansible High Insecure Configurations Query details
Documentation
KMS Key With Vulnerable Policy
5b9d237a-57d5-4177-be0e-71434b0fef47
Ansible High Insecure Configurations Query details
Documentation
Redshift Publicly Accessible
5c6b727b-1382-4629-8ba9-abd1365e5610
Ansible High Insecure Configurations Query details
Documentation
Root Account Has Active Access Keys
e71d0bc7-d9e8-4e6e-ae90-0a4206db6f40
Ansible High Insecure Configurations Query details
Documentation
DB Security Group Open To Large Scope
ea0ed1c7-9aef-4464-b7c7-94c762da3640
Ansible High Networking and Firewall Query details
Documentation
Default Security Groups With Unrestricted Traffic
8010e17a-00e9-4635-a692-90d6bcec68bd
Ansible High Networking and Firewall Query details
Documentation
Public Port Wide
71ea648a-d31a-4b5a-a589-5674243f1c33
Ansible High Networking and Firewall Query details
Documentation
Remote Desktop Port Open To Internet
eda7301d-1f3e-47cf-8d4e-976debc64341
Ansible High Networking and Firewall Query details
Documentation
Route53 Record Undefined
445dce51-7e53-4e50-80ef-7f94f14169e4
Ansible High Networking and Firewall Query details
Documentation
Security Group Ingress Not Restricted
ea6bc7a6-d696-4dcf-a788-17fa03c17c81
Ansible High Networking and Firewall Query details
Documentation
Unknown Port Exposed To Internet
722b0f24-5a64-4cca-aa96-cfc26b7e3a5b
Ansible High Networking and Firewall Query details
Documentation
Unrestricted Security Group Ingress
83c5fa4c-e098-48fc-84ee-0a537287ddd2
Ansible High Networking and Firewall Query details
Documentation
Hardcoded AWS Access Key
c2f15af3-66a0-4176-a56e-e4711e502e5c
Ansible High Secret Management Query details
Documentation
Hardcoded AWS Access Key In Lambda
f34508b9-f574-4330-b42d-88c44cced645
Ansible High Secret Management Query details
Documentation
AMI Shared With Multiple Accounts
a19b2942-142e-4e2b-93b7-6cf6a6c8d90f
Ansible Medium Access Control Query details
Documentation
API Gateway Without Configured Authorizer
b16cdb37-ce15-4ab2-8401-d42b05d123fc
Ansible Medium Access Control Query details
Documentation
Certificate Has Expired
5a443297-19d4-4381-9e5b-24faf947ec22
Ansible Medium Access Control Query details
Documentation
EC2 Instance Using Default Security Group
8d03993b-8384-419b-a681-d1f55149397c
Ansible Medium Access Control Query details
Documentation
IAM Access Key Is Exposed
7f79f858-fbe8-4186-8a2c-dfd0d958a40f
Ansible Medium Access Control Query details
Documentation
IAM Group Without Users
f509931b-bbb0-443c-bd9b-10e92ecf2193
Ansible Medium Access Control Query details
Documentation
IAM Policies Attached To User
eafe4bc3-1042-4f88-b988-1939e64bf060
Ansible Medium Access Control Query details
Documentation
IAM Policies With Full Privileges
e401d614-8026-4f4b-9af9-75d1197461ba
Ansible Medium Access Control Query details
Documentation
IAM Policy Grants 'AssumeRole' Permission Across All Services
12a7a7ce-39d6-49dd-923d-aeb4564eb66c
Ansible Medium Access Control Query details
Documentation
IAM Role Allows All Principals To Assume
babdedcf-d859-43da-9a7b-6d72e661a8fd
Ansible Medium Access Control Query details
Documentation
Lambda Permission Principal Is Wildcard
1d972c56-8ec2-48c1-a578-887adb09c57a
Ansible Medium Access Control Query details
Documentation
Public Lambda via API Gateway
5e92d816-2177-4083-85b4-f61b4f7176d9
Ansible Medium Access Control Query details
Documentation
SES Policy With Allowed IAM Actions
8ed0bfce-f780-46d4-b086-21c3628f09ad
Ansible Medium Access Control Query details
Documentation
SQS Policy With Public Access
d994585f-defb-4b51-b6d2-c70f020ceb10
Ansible Medium Access Control Query details
Documentation
Auto Scaling Group With No Associated ELB
050f085f-a8db-4072-9010-2cca235cc02f
Ansible Medium Availability Query details
Documentation
CMK Is Unusable
133fee21-37ef-45df-a563-4d07edc169f4
Ansible Medium Availability Query details
Documentation
RDS With Backup Disabled
e69890e6-fce5-461d-98ad-cb98318dfc96
Ansible Medium Backup Query details
Documentation
S3 Bucket Without Versioning
9232306a-f839-40aa-b3ef-b352001da9a5
Ansible Medium Backup Query details
Documentation
Stack Retention Disabled
17d5ba1d-7667-4729-b1a6-b11fde3db7f7
Ansible Medium Backup Query details
Documentation
AMI Not Encrypted
97707503-a22c-4cd7-b7c0-f088fa7cf830
Ansible Medium Encryption Query details
Documentation
CA Certificate Identifier Is Outdated
5eccd62d-8b4d-46d3-83ea-1879f3cbd3ce
Ansible Medium Encryption Query details
Documentation
Cloudfront Viewer Protocol Policy Allows HTTP
a6d27cf7-61dc-4bde-ae08-3b353b609f76
Ansible Medium Encryption Query details
Documentation
CodeBuild Not Encrypted
a1423864-2fbc-4f46-bfe1-fbbf125c71c9
Ansible Medium Encryption Query details
Documentation
ELB Using Insecure Protocols
730a5951-2760-407a-b032-dd629b55c23a
Ansible Medium Encryption Query details
Documentation
IAM Database Auth Not Enabled
0ed012a4-9199-43d2-b9e4-9bd049a48aa4
Ansible Medium Encryption Query details
Documentation
Secure Ciphers Disabled
218413a0-c716-4b94-9e08-0bb70d854709
Ansible Medium Encryption Query details
Documentation
SQS With SSE Disabled
e1e7b278-2a8b-49bd-a26e-66a7f70b17eb
Ansible Medium Encryption Query details
Documentation
API Gateway Without SSL Certificate
b47b98ab-e481-4a82-8bb1-1ab39fd36e33
Ansible Medium Insecure Configurations Query details
Documentation
Certificate RSA Key Bytes Lower Than 256
d5ec2080-340a-4259-b885-f833c4ea6a31
Ansible Medium Insecure Configurations Query details
Documentation
CloudFront Without Minimum Protocol TLS 1.2
d0c13053-d2c8-44a6-95da-d592996e9e67
Ansible Medium Insecure Configurations Query details
Documentation
ECR Image Tag Not Immutable
60bfbb8a-c72f-467f-a6dd-a46b7d612789
Ansible Medium Insecure Configurations Query details
Documentation
ECS Task Definition Network Mode Not Recommended
01aec7c2-3e4d-4274-ae47-2b8fea22fd1f
Ansible Medium Insecure Configurations Query details
Documentation
S3 Bucket with Unsecured CORS Rule
3505094c-f77c-4ba0-95da-f83db712f86c
Ansible Medium Insecure Configurations Query details
Documentation
Vulnerable Default SSL Certificate
fb8f8929-afeb-4c46-99f0-a6cf410f7df4
Ansible Medium Insecure Defaults Query details
Documentation
ALB Listening on HTTP
f81d63d2-c5d7-43a4-a5b5-66717a41c895
Ansible Medium Networking and Firewall Query details
Documentation
API Gateway Endpoint Config is Not Private
559439b2-3e9c-4739-ac46-17e3b24ec215
Ansible Medium Networking and Firewall Query details
Documentation
API Gateway without WAF
f5f38943-664b-4acc-ab11-f292fa10ed0b
Ansible Medium Networking and Firewall Query details
Documentation
CloudFront Without WAF
22c80725-e390-4055-8d14-a872230f6607
Ansible Medium Networking and Firewall Query details
Documentation
EC2 Instance Has Public IP
a8b0c58b-cd25-4b53-9ad0-55bca0be0bc1
Ansible Medium Networking and Firewall Query details
Documentation
Elasticsearch with HTTPS disabled
d6c2d06f-43c1-488a-9ba1-8d75b40fc62d
Ansible Medium Networking and Firewall Query details
Documentation
HTTP Port Open To Internet
a14ad534-acbe-4a8e-9404-2f7e1045646e
Ansible Medium Networking and Firewall Query details
Documentation
Security Group With Unrestricted Access To SSH
57ced4b9-6ba4-487b-8843-b65562b90c77
Ansible Medium Networking and Firewall Query details
Documentation
SQL Analysis Services Port 2383 (TCP) Is Publicly Accessible
7af1c447-c014-4f05-bd8b-ebe3a15734ac
Ansible Medium Networking and Firewall Query details
Documentation
API Gateway With CloudWatch Logging Disabled
72a931c2-12f5-40d1-93cc-47bff2f7aa2a
Ansible Medium Observability Query details
Documentation
CloudFront Logging Disabled
d31cb911-bf5b-4eb6-9fc3-16780c77c7bd
Ansible Medium Observability Query details
Documentation
CloudTrail Logging Disabled
d4a73c49-cbaa-4c6f-80ee-d6ef5a3a26f5
Ansible Medium Observability Query details
Documentation
S3 Bucket Logging Disabled
c3b9f7b0-f5a0-49ec-9cbc-f1e346b7274d
Ansible Medium Observability Query details
Documentation
No Stack Policy
ffe0fd52-7a8b-4a5c-8fc7-49844418e6c9
Ansible Medium Resource Management Query details
Documentation
Authentication Without MFA
eee107f9-b3d8-45d3-b9c6-43b5a7263ce1
Ansible Low Access Control Query details
Documentation
ECS Service Without Running Tasks
f5c45127-1d28-4b49-a692-0b97da1c3a84
Ansible Low Availability Query details
Documentation
Automatic Minor Upgrades Disabled
857f8808-e96a-4ba8-a9b7-f2d4ec6cad94
Ansible Low Best Practices Query details
Documentation
CDN Configuration Is Missing
b25398a2-0625-4e61-8e4d-a1bb23905bf6
Ansible Low Best Practices Query details
Documentation
IAM Password Without Minimum Length
8bc2168c-1723-4eeb-a6f3-a1ba614b9a6d
Ansible Low Best Practices Query details
Documentation
Lambda Permission Misconfigured
3ddf3417-424d-420d-8275-0724dc426520
Ansible Low Best Practices Query details
Documentation
Misconfigured Password Policy Expiration
3f2cf811-88fa-4eda-be45-7a191a18aba9
Ansible Low Best Practices Query details
Documentation
Password Without Reuse Prevention
6f5f5444-1422-495f-81ef-24cefd61ed2c
Ansible Low Best Practices Query details
Documentation
EFS Without Tags
b8a9852c-9943-4973-b8d5-77dae9352851
Ansible Low Build Process Query details
Documentation
Stack Without Template
32d31f1f-0f83-4721-b7ec-1e6948c60145
Ansible Low Build Process Query details
Documentation
CloudTrail Log Files Not Encrypted With KMS
f5587077-3f57-4370-9b4e-4eb5b1bac85b
Ansible Low Encryption Query details
Documentation
EFS Without KMS
bd77554e-f138-40c5-91b2-2a09f878608e
Ansible Low Encryption Query details
Documentation
AWS Password Policy With Unchangeable Passwords
e28ceb92-d588-4166-aac5-766c8f5b7472
Ansible Low Insecure Configurations Query details
Documentation
Instance With No VPC
61d1a2d0-4db8-405a-913d-5d2ce49dff6f
Ansible Low Insecure Configurations Query details
Documentation
Lambda Function Without Tags
265d9725-2fb8-42a2-bc57-3279c5db82d5
Ansible Low Insecure Configurations Query details
Documentation
EC2 Instance Using Default VPC
8833f180-96f1-46f4-9147-849aafa56029
Ansible Low Networking and Firewall Query details
Documentation
ElastiCache Using Default Port
7cc6c791-5f68-4816-a564-b9b699f9d26e
Ansible Low Networking and Firewall Query details
Documentation
ElastiCache Without VPC
5527dcfc-94f9-4bf6-b7d4-1b78850cf41f
Ansible Low Networking and Firewall Query details
Documentation
RDS Using Default Port
2cb674f6-32f9-40be-97f2-62c0dc38f0d5
Ansible Low Networking and Firewall Query details
Documentation
Redshift Using Default Port
e01de151-a7bd-4db4-b49b-3c4775a5e881
Ansible Low Networking and Firewall Query details
Documentation
API Gateway X-Ray Disabled
2059155b-27fd-441e-b616-6966c468561f
Ansible Low Observability Query details
Documentation
CloudTrail Log File Validation Disabled
4d8681a2-3d30-4c89-8070-08acd142748e
Ansible Low Observability Query details
Documentation
CloudTrail Multi Region Disabled
6ad087d7-a509-4b20-b853-9ef6f5ebaa98
Ansible Low Observability Query details
Documentation
CloudTrail Not Integrated With CloudWatch
ebb2118a-03bc-4d53-ab43-d8750f5cb8d3
Ansible Low Observability Query details
Documentation
CloudTrail SNS Topic Name Undefined
5ba316a9-c466-4ec1-8d5b-bc6107dc9a92
Ansible Low Observability Query details
Documentation
CMK Rotation Disabled
af96d737-0818-4162-8c41-40d969bd65d1
Ansible Low Observability Query details
Documentation
Configuration Aggregator to All Regions Disabled
a2fdf451-89dd-451e-af92-bf6c0f4bab96
Ansible Low Observability Query details
Documentation
Lambda Functions Without X-Ray Tracing
71397b34-1d50-4ee1-97cb-c96c34676f74
Ansible Low Observability Query details
Documentation
Stack Notifications Disabled
d39761d7-94ab-45b0-ab5e-27c44e381d58
Ansible Low Observability Query details
Documentation
EC2 Not EBS Optimized
338b6cab-961d-4998-bb49-e5b6a11c9a5c
Ansible Info Best Practices Query details
Documentation
CloudWatch Without Retention Period Specified
e24e18d9-4c2b-4649-b3d0-18c088145e24
Ansible Info Observability Query details
Documentation
CosmosDB Account IP Range Filter Not Set
e8c80448-31d8-4755-85fc-6dbab69c2717
Ansible Critical Networking and Firewall Query details
Documentation
Redis Entirely Accessible
0d0c12b9-edce-4510-9065-13f6a758750c
Ansible Critical Networking and Firewall Query details
Documentation
Redis Publicly Accessible
0632d0db-9190-450a-8bb3-c283bffea445
Ansible Critical Networking and Firewall Query details
Documentation
SQLServer Ingress From Any IP
f4e9ff70-0f3b-4c50-a713-26cbe7ec4039
Ansible Critical Networking and Firewall Query details
Documentation
Unrestricted SQL Server Access
3f23c96c-f9f5-488d-9b17-605b8da5842f
Ansible Critical Networking and Firewall Query details
Documentation
Default Azure Storage Account Network Access Is Too Permissive
ca4df748-613a-4fbf-9c76-f02cbd580307
Ansible High Access Control Query details
Documentation
Public Storage Account
35e2f133-a395-40de-a79d-b260d973d1bd
Ansible High Access Control Query details
Documentation
Storage Container Is Publicly Accessible
4d3817db-dd35-4de4-a80d-3867157e7f7f
Ansible High Access Control Query details
Documentation
Azure Container Registry With No Locks
581dae78-307d-45d5-aae4-fe2b0db267a5
Ansible High Insecure Configurations Query details
Documentation
Security Group is Not Configured
da4f2739-174f-4cdd-b9ef-dc3f14b5931f
Ansible High Insecure Configurations Query details
Documentation
Sensitive Port Is Exposed To Entire Network
0ac9abbc-6d7a-41cf-af23-2e57ddb3dbfc
Ansible High Networking and Firewall Query details
Documentation
Admin User Enabled For Container Registry
29f35127-98e6-43af-8ec1-201b79f99604
Ansible Medium Access Control Query details
Documentation
AKS RBAC Disabled
149fa56c-4404-4f90-9e25-d34b676d5b39
Ansible Medium Access Control Query details
Documentation
Role Definition Allows Custom Role Creation
5c80db8e-03f5-43a2-b4af-1f3f87018157
Ansible Medium Access Control Query details
Documentation
Key Vault Soft Delete Is Disabled
881696a8-68c5-4073-85bc-7c38a3deb854
Ansible Medium Backup Query details
Documentation
Azure Instance Using Basic Authentication
e2d834b7-8b25-4935-af53-4a60668dcbe0
Ansible Medium Best Practices Query details
Documentation
MySQL SSL Connection Disabled
2a901825-0f3b-4655-a0fe-e0470e50f8e6
Ansible Medium Encryption Query details
Documentation
SSL Enforce Disabled
961ce567-a16d-4d7d-9027-f0ec2628a555
Ansible Medium Encryption Query details
Documentation
Storage Account Not Forcing HTTPS
2c99a474-2a3c-4c17-8294-53ffa5ed0522
Ansible Medium Encryption Query details
Documentation
Storage Account Not Using Latest TLS Encryption Version
c62746cf-92d5-4649-9acf-7d48d086f2ee
Ansible Medium Encryption Query details
Documentation
AD Admin Not Configured For SQL Server
b176e927-bbe2-44a6-a9c3-041417137e5f
Ansible Medium Insecure Configurations Query details
Documentation
Redis Cache Allows Non SSL Connections
869e7fb4-30f0-4bdb-b360-ad548f337f2f
Ansible Medium Insecure Configurations Query details
Documentation
VM Not Attached To Network
1e5f5307-3e01-438d-8da6-985307ed25ce
Ansible Medium Insecure Configurations Query details
Documentation
Web App Accepting Traffic Other Than HTTPS
eb8c2560-8bee-4248-9d0d-e80c8641dd91
Ansible Medium Insecure Configurations Query details
Documentation
Firewall Rule Allows Too Many Hosts To Access Redis Cache
69f72007-502e-457b-bd2d-5012e31ac049
Ansible Medium Networking and Firewall Query details
Documentation
Trusted Microsoft Services Not Enabled
1bc398a8-d274-47de-a4c8-6ac867b353de
Ansible Medium Networking and Firewall Query details
Documentation
WAF Is Disabled For Azure Application Gateway
2fc5ab5a-c5eb-4ae4-b687-0f16fe77c255
Ansible Medium Networking and Firewall Query details
Documentation
AKS Monitoring Logging Disabled
d5e83b32-56dd-4247-8c2e-074f43b38a5e
Ansible Medium Observability Query details
Documentation
Log Retention Is Not Set
0461b4fd-21ef-4687-929e-484ee4796785
Ansible Medium Observability Query details
Documentation
Monitoring Log Profile Without All Activities
89f84a1e-75f8-47c5-83b5-bee8e2de4168
Ansible Medium Observability Query details
Documentation
PostgreSQL Log Checkpoints Disabled
7ab33ac0-e4a3-418f-a673-50da4e34df21
Ansible Medium Observability Query details
Documentation
PostgreSQL Log Connections Not Set
7b47138f-ec0e-47dc-8516-e7728fe3cc17
Ansible Medium Observability Query details
Documentation
PostgreSQL Log Disconnections Not Set
054d07b5-941b-4c28-8eef-18989dc62323
Ansible Medium Observability Query details
Documentation
PostgreSQL Log Duration Not Set
729ebb15-8060-40f7-9017-cb72676a5487
Ansible Medium Observability Query details
Documentation
PostgreSQL Server Without Connection Throttling
a9becca7-892a-4af7-b9e1-44bf20a4cd9a
Ansible Medium Observability Query details
Documentation
SQL Server Predictable Active Directory Account Name
530e8291-2f22-4bab-b7ea-306f1bc2a308
Ansible Low Best Practices Query details
Documentation
SQL Server Predictable Admin Account Name
663062e9-473d-4e87-99bc-6f3684b3df40
Ansible Low Best Practices Query details
Documentation
Cosmos DB Account Without Tags
23a4dc83-4959-4d99-8056-8e051a82bc1e
Ansible Low Build Process Query details
Documentation
AKS Network Policy Misconfigured
8c3bedf1-c570-4c3b-b414-d068cd39a00c
Ansible Low Insecure Configurations Query details
Documentation
Small Activity Log Retention Period
37fafbea-dedb-4e0d-852e-d16ee0589326
Ansible Low Observability Query details
Documentation
Allow Unsafe Lookups Enabled
86b97bb4-85c9-462d-8635-cbc057c5c8c5
Ansible High Insecure Configurations Query details
Documentation
Privilege Escalation Using Become Plugin
404908b6-4954-4611-98f0-e8ceacdabcb1
Ansible Medium Access Control Query details
Documentation
Communication over HTTP
d7dc9350-74bc-485b-8c85-fed22d276c43
Ansible Medium Insecure Configurations Query details
Documentation
Logging of Sensitive Data
c6473dae-8477-4119-88b7-b909b435ce7b
Ansible Low Best Practices Query details
Documentation
Cloud Storage Anonymous or Publicly Accessible
086031e1-9d4a-4249-acb3-5bfe4c363db2
Ansible Critical Access Control Query details
Documentation
SQL DB Instance Publicly Accessible
7d7054c0-3a52-4e9b-b9ff-cbfe16a2378b
Ansible Critical Insecure Configurations Query details
Documentation
BigQuery Dataset Is Public
2263b286-2fe9-4747-a0ae-8b4768a2bbd2
Ansible High Access Control Query details
Documentation
SQL DB Instance With SSL Disabled
d0f7da39-a2d5-4c78-bb85-4b7f338b3cbb
Ansible High Encryption Query details
Documentation
Client Certificate Disabled
20180133-a0d0-4745-bfe0-94049fbb12a9
Ansible High Insecure Configurations Query details
Documentation
Cloud SQL Instance With Contained Database Authentication On
6d34aff3-fdd2-460c-8190-756a3b4969e8
Ansible High Insecure Configurations Query details
Documentation
Cloud SQL Instance With Cross DB Ownership Chaining On
9e0c33ed-97f3-4ed6-8be9-bcbf3f65439f
Ansible High Insecure Configurations Query details
Documentation
GKE Legacy Authorization Enabled
300a9964-b086-41f7-9378-b6de3ba1c32b
Ansible High Insecure Configurations Query details
Documentation
MySQL Instance With Local Infile On
a7b520bb-2509-4fb0-be05-bc38f54c7a4c
Ansible High Insecure Configurations Query details
Documentation
RDP Access Is Not Restricted
75418eb9-39ec-465f-913c-6f2b6a80dc77
Ansible High Networking and Firewall Query details
Documentation
VM With Full Cloud Access
bc20bbc6-0697-4568-9a73-85af1dd97bdd
Ansible Medium Access Control Query details
Documentation
SQL DB Instance Backup Disabled
0c82eae2-aca0-401f-93e4-fb37a0f9e5e8
Ansible Medium Backup Query details
Documentation
Disk Encryption Disabled
092bae86-6105-4802-99d2-99cd7e7431f3
Ansible Medium Encryption Query details
Documentation
DNSSEC Using RSASHA1
6cf4c3a7-ceb0-4475-8892-3745b84be24a
Ansible Medium Encryption Query details
Documentation
Google Compute SSL Policy Weak Cipher In Use
b28bcd2f-c309-490e-ab7c-35fc4023eb26
Ansible Medium Encryption Query details
Documentation
Cloud DNS Without DNSSEC
80b15fb1-6207-40f4-a803-6915ae619a03
Ansible Medium Insecure Configurations Query details
Documentation
Cluster Master Authentication Disabled
9df7f78f-ebe3-432e-ac3b-b67189c15518
Ansible Medium Insecure Configurations Query details
Documentation
GKE Basic Authentication Enabled
344bf8ab-9308-462b-a6b2-697432e40ba1
Ansible Medium Insecure Configurations Query details
Documentation
Google Container Node Pool Auto Repair Disabled
d58c6f24-3763-4269-9f5b-86b2569a003b
Ansible Medium Insecure Configurations Query details
Documentation
IP Aliasing Disabled
ed672a9f-fbf0-44d8-a47d-779501b0db05
Ansible Medium Insecure Configurations Query details
Documentation
Network Policy Disabled
98e04ca0-34f5-4c74-8fec-d2e611ce2790
Ansible Medium Insecure Configurations Query details
Documentation
OSLogin Is Disabled In VM Instance
66dae697-507b-4aef-be18-eec5bd707f33
Ansible Medium Insecure Configurations Query details
Documentation
Private Cluster Disabled
3b30e3d6-c99b-4318-b38f-b99db74578b5
Ansible Medium Insecure Configurations Query details
Documentation
Shielded VM Disabled
18d3a83d-4414-49dc-90ea-f0387b2856cc
Ansible Medium Insecure Configurations Query details
Documentation
Using Default Service Account
2775e169-e708-42a9-9305-b58aadd2c4dd
Ansible Medium Insecure Configurations Query details
Documentation
GKE Using Default Service Account
dc126833-125a-40fb-905a-ce5f2afde240
Ansible Medium Insecure Defaults Query details
Documentation
Compute Instance Is Publicly Accessible
829f1c60-2bab-44c6-8a21-5cd9d39a2c82
Ansible Medium Networking and Firewall Query details
Documentation
GKE Master Authorized Networks Disabled
d43366c5-80b0-45de-bbe8-2338f4ab0a83
Ansible Medium Networking and Firewall Query details
Documentation
Google Compute Network Using Default Firewall Rule
29b8224a-60e9-4011-8ac2-7916a659841f
Ansible Medium Networking and Firewall Query details
Documentation
Google Compute Network Using Firewall Rule that Allows All Ports
3602d273-3290-47b2-80fa-720162b1a8af
Ansible Medium Networking and Firewall Query details
Documentation
IP Forwarding Enabled
11bd3554-cd56-4257-8e25-7aaf30cf8f5f
Ansible Medium Networking and Firewall Query details
Documentation
Serial Ports Are Enabled For VM Instances
c6fc6f29-dc04-46b6-99ba-683c01aff350
Ansible Medium Networking and Firewall Query details
Documentation
SSH Access Is Not Restricted
b2fbf1df-76dd-4d78-a6c0-e538f4a9b016
Ansible Medium Networking and Firewall Query details
Documentation
Cloud Storage Bucket Logging Not Enabled
507df964-ad97-4035-ab14-94a82eabdfdd
Ansible Medium Observability Query details
Documentation
Cloud Storage Bucket Versioning Disabled
7814ddda-e758-4a56-8be3-289a81ded929
Ansible Medium Observability Query details
Documentation
PostgreSQL Log Connections Disabled
d7a5616f-0a3f-4d43-bc2b-29d1a183e317
Ansible Medium Observability Query details
Documentation
PostgreSQL log_checkpoints Flag Not Set To ON
89afe3f0-4681-4ce3-89ed-896cebd4277c
Ansible Medium Observability Query details
Documentation
Stackdriver Logging Disabled
19c9e2a0-fc33-4264-bba1-e3682661e8f7
Ansible Medium Observability Query details
Documentation
Stackdriver Monitoring Disabled
20dcd953-a8b8-4892-9026-9afa6d05a525
Ansible Medium Observability Query details
Documentation
Node Auto Upgrade Disabled
d6e10477-2e19-4bcd-b8a8-19c65b89ccdf
Ansible Medium Resource Management Query details
Documentation
High Google KMS Crypto Key Rotation Period
f9b7086b-deb8-4034-9330-d7fd38f1b8de
Ansible Medium Secret Management Query details
Documentation
Project-wide SSH Keys Are Enabled In VM Instances
099b4411-d11e-4537-a0fc-146b19762a79
Ansible Medium Secret Management Query details
Documentation
Cluster Labels Disabled
fbe9b2d0-a2b7-47a1-a534-03775f3013f7
Ansible Low Insecure Configurations Query details
Documentation
COS Node Image Not Used
be41f891-96b1-4b9d-b74f-b922a918c778
Ansible Low Insecure Configurations Query details
Documentation
PostgreSQL Misconfigured Logging Duration Flag
aed98a2a-e680-497a-8886-277cea0f4514
Ansible Low Insecure Configurations Query details
Documentation
Google Compute Network Using Firewall Rule that Allows Port Range
7289eebd-a477-4064-8ad4-3c044bd70b00
Ansible Low Networking and Firewall Query details
Documentation
Google Compute Subnetwork with Private Google Access Disabled
6a4080ae-79bd-42f6-a924-8f534c1c018b
Ansible Low Networking and Firewall Query details
Documentation
PostgreSQL Logging Of Temporary Files Disabled
d6fae5b6-ada9-46c0-8b36-3108a2a2f77b
Ansible Low Observability Query details
Documentation
PostgreSQL Misconfigured Log Messages Flag
28a757fc-3d8f-424a-90c0-4233363b2711
Ansible Low Observability Query details
Documentation
Ansible Tower Exposed To Internet
1b2bf3ff-31e9-460e-bbfb-45e48f4f20cc
Ansible Medium Best Practices Query details
Documentation
Privilege Escalation Using Become Plugin
0e75052f-cc02-41b8-ac39-a78017527e95
Ansible Medium Access Control Query details
Documentation
Communication Over HTTP
2e8d4922-8362-4606-8c14-aa10466a1ce3
Ansible Medium Insecure Configurations Query details
Documentation
Insecure Relative Path Resolution
8d22ae91-6ac1-459f-95be-d37bd373f244
Ansible Low Best Practices Query details
Documentation
Logging of Sensitive Data
59029ddf-e651-412b-ae7b-ff6d403184bc
Ansible Low Best Practices Query details
Documentation
Unpinned Package Version
c05e2c20-0a2c-4686-b1f8-5f0a5612d4e8
Ansible Low Supply-Chain Query details
Documentation
Risky File Permissions
88841d5c-d22d-4b7e-a6a0-89ca50e44b9f
Ansible Info Supply-Chain Query details
Documentation
SQL Database Server Firewall Allows All IPS
6a3201a5-1630-494b-b294-3129d06b0eca
AzureResourceManager Critical Networking and Firewall Query details
Documentation
AKS Cluster RBAC Disabled
9307a2ed-35c2-413d-94de-a1a0682c2158
AzureResourceManager High Access Control Query details
Documentation
Default Azure Storage Account Network Access Is Too Permissive
d855ced8-6157-448f-9f1d-f05a41d046f7
AzureResourceManager High Access Control Query details
Documentation
Role Definitions Allow Custom Subscription Role Creation
8fa9ceea-881f-4ef0-b0b8-728f589699a7
AzureResourceManager High Access Control Query details
Documentation
Key Vault Not Recoverable
7c25f361-7c66-44bf-9b69-022acd5eb4bd
AzureResourceManager High Backup Query details
Documentation
Azure Managed Disk Without Encryption
350f3955-b5be-436f-afaa-3d2be2fa6cdd
AzureResourceManager High Encryption Query details
Documentation
Network Security Group With Unrestricted Access To RDP
59cb3da7-f206-4ae6-b827-7abf0a9cab9d
AzureResourceManager High Networking and Firewall Query details
Documentation
Storage Blob Service Container With Public Access
a0ab985d-660b-41f7-ac81-70957ee8e627
AzureResourceManager High Networking and Firewall Query details
Documentation
Hardcoded SecureString Parameter Default Value
4d2cf896-c053-4be5-9c95-8b4771112f29
AzureResourceManager High Secret Management Query details
Documentation
App Service Authentication Is Not Set
83130a07-235b-4a80-918b-a370e53f0bd9
AzureResourceManager Medium Access Control Query details
Documentation
Azure Instance Using Basic Authentication
6797f581-0433-4768-ae3e-7ceb2f8b138e
AzureResourceManager Medium Best Practices Query details
Documentation
Secret Without Expiration Date
cff9c3f7-e8f0-455f-9fb4-5f72326da96e
AzureResourceManager Medium Best Practices Query details
Documentation
SQL Server Database With Alerts Disabled
574e8d82-1db2-4b9c-b526-e320ede9a9ff
AzureResourceManager Medium Best Practices Query details
Documentation
Storage Account Allows Unsecure Transfer
1367dd13-2c90-4020-80b7-e4339a3dc2c4
AzureResourceManager Medium Encryption Query details
Documentation
Web App Not Using TLS Last Version
b5c851d5-00f1-43dc-a8de-3218fd6f71be
AzureResourceManager Medium Encryption Query details
Documentation
AKS Cluster Network Policy Not Configured
25c0228e-4444-459b-a2df-93c7df40b7ed
AzureResourceManager Medium Insecure Configurations Query details
Documentation
Website Not Forcing HTTPS
488847ff-6031-487c-bf42-98fd6ac5c9a0
AzureResourceManager Medium Insecure Configurations Query details
Documentation
MySQL Server SSL Enforcement Disabled
90120147-f2e7-4fda-bb21-6fa9109afd63
AzureResourceManager Medium Networking and Firewall Query details
Documentation
Network Security Group With Unrestricted Access To SSH
2ade1579-4b2c-4590-bebb-f99bf597f612
AzureResourceManager Medium Networking and Firewall Query details
Documentation
PostgreSQL Database Server Connection Throttling Disabled
a6d774b6-d9ea-4bf4-8433-217bf15d2fb8
AzureResourceManager Medium Networking and Firewall Query details
Documentation
PostgreSQL Database Server Log Checkpoints Disabled
f9112910-c7bb-4864-9f5e-2059ba413bb7
AzureResourceManager Medium Networking and Firewall Query details
Documentation
PostgreSQL Database Server Log Connections Disabled
e69bda39-e1e2-47ca-b9ee-b6531b23aedd
AzureResourceManager Medium Networking and Firewall Query details
Documentation
PostgreSQL Database Server SSL Disabled
bf500309-da53-4dd3-bcf7-95f7974545a5
AzureResourceManager Medium Networking and Firewall Query details
Documentation
Trusted Microsoft Services Not Enabled
e25b56cd-a4d6-498f-ab92-e6296a082097
AzureResourceManager Medium Networking and Firewall Query details
Documentation
Website with Client Certificate Auth Disabled
92302b47-b0cc-46cb-a28f-5610ecda140b
AzureResourceManager Medium Networking and Firewall Query details
Documentation
AKS Logging To Azure Monitoring Is Disabled
9b09dee1-f09b-4013-91d2-158fa4695f4b
AzureResourceManager Medium Observability Query details
Documentation
SQL Server Database Without Auditing
e055285c-bc01-48b4-8aa5-8a54acdd29df
AzureResourceManager Medium Observability Query details
Documentation
Storage Logging For Read Write And Delete Requests Disabled
43f6e60c-9cdb-4e77-864d-a66595d26518
AzureResourceManager Medium Observability Query details
Documentation
Website Azure Active Directory Disabled
e9c133e5-c2dd-4b7b-8fff-40f2de367b56
AzureResourceManager Low Access Control Query details
Documentation
Phone Number Not Set For Security Contacts
3e9fcc67-1f64-405f-b2f9-0a6be17598f0
AzureResourceManager Low Best Practices Query details
Documentation
AKS Dashboard Is Enabled
c62d3b92-9a11-4ffd-b7b7-6faaae83faed
AzureResourceManager Low Insecure Configurations Query details
Documentation
AKS With Authorized IP Ranges Disabled
2583fab1-953b-4fae-bd02-4a136a6c21f9
AzureResourceManager Low Networking and Firewall Query details
Documentation
Storage Account Allows Default Network Access
9073f073-5d60-4b46-b569-0d6baa80ed95
AzureResourceManager Low Networking and Firewall Query details
Documentation
Website with 'Http20Enabled' Disabled
70111098-7f85-48f0-b1b4-e4261cf5f61b
AzureResourceManager Low Networking and Firewall Query details
Documentation
Log Profile Incorrect Category
4d522e7b-f938-4d51-a3b1-974ada528bd3
AzureResourceManager Low Observability Query details
Documentation
SQL Server Database With Unrecommended Retention Days
c09cdac2-7670-458a-bf6c-efad6880973a
AzureResourceManager Low Observability Query details
Documentation
Unrecommended Log Profile Retention Policy
25684eac-daaa-4c2c-94b4-8d2dbb627909
AzureResourceManager Low Observability Query details
Documentation
Unrecommended Network Watcher Flow Log Retention Policy
564b70f8-41cd-4690-aff8-bb53add86bc9
AzureResourceManager Low Observability Query details
Documentation
Standard Price Is Not Selected
2081c7d6-2851-4cce-bda5-cb49d462da42
AzureResourceManager Low Resource Management Query details
Documentation
Account Admins Not Notified By Email
a8852cc0-fd4b-4fc7-9372-1e43fad0732e
AzureResourceManager Info Best Practices Query details
Documentation
SQL Alert Policy Without Emails
89b79fe5-49bd-4d39-84ce-55f5fc6f7764
AzureResourceManager Info Best Practices Query details
Documentation
Email Notifications Disabled
79c2c2c0-eb00-47c0-ac16-f8b0e2c81c92
AzureResourceManager Info Networking and Firewall Query details
Documentation
Run Using apt
a1bc27c6-7115-48d8-bf9d-5a7e836845ba
Buildah Low Supply-Chain Query details
Documentation
Script Block Injection
62ff6823-927a-427f-acf9-f1ea2932d616
CICD High Insecure Configurations Query details
Documentation
Run Block Injection
20f14e1a-a899-4e79-9f09-b6a84cd4649b
CICD Medium Insecure Configurations Query details
Documentation
Unsecured Commands
60fd272d-15f4-4d8f-afe4-77d9c6cc0453
CICD Medium Insecure Configurations Query details
Documentation
Unpinned Actions Full Length Commit SHA
555ab8f9-2001-455e-a077-f2d0f41e2fb9
CICD Low Supply-Chain Query details
Documentation
Amazon DMS Replication Instance Is Publicly Accessible
5864fb39-d719-4182-80e2-89dbe627be63
CloudFormation Critical Access Control Query details
Documentation
ECR Repository Is Publicly Accessible
75be209d-1948-41f6-a8c8-e22dd0121134
CloudFormation Critical Access Control Query details
Documentation
S3 Bucket Access to Any Principal
7772bb8c-c0f3-42d4-8e4e-f1b8939ad085
CloudFormation Critical Access Control Query details
Documentation
S3 Bucket ACL Allows Read Or Write to All Users
07dda8de-d90d-469e-9b37-1aca53526ced
CloudFormation Critical Access Control Query details
Documentation
S3 Bucket Allows Delete Action From All Principals
acc78859-765e-4011-a229-a65ea57db252
CloudFormation Critical Access Control Query details
Documentation
S3 Bucket Allows Put Action From All Principals
f6397a20-4cf1-4540-a997-1d363c25ef58
CloudFormation Critical Access Control Query details
Documentation
S3 Bucket With All Permissions
4ae8af91-5108-42cb-9471-3bdbe596eac9
CloudFormation Critical Access Control Query details
Documentation
SNS Topic is Publicly Accessible
ae53ce91-42b5-46bf-a84f-9a13366a4f13
CloudFormation Critical Access Control Query details
Documentation
RDS DB Instance Publicly Accessible
de38e1d5-54cb-4111-a868-6f7722695007
CloudFormation Critical Insecure Configurations Query details
Documentation
DB Security Group With Public Scope
9564406d-e761-4e61-b8d7-5926e3ab8e79
CloudFormation Critical Networking and Firewall Query details
Documentation
RDS Associated with Public Subnet
4e88adee-a8eb-4605-a78d-9fb1096e3091
CloudFormation Critical Networking and Firewall Query details
Documentation
Cross-Account IAM Assume Role Policy Without ExternalId or MFA
85138beb-ce7c-4ca3-a09f-e8fbcc57ddd7
CloudFormation High Access Control Query details
Documentation
ECS Service Admin Role Is Present
01986452-bdd8-4aaa-b5df-d6bf61d616ff
CloudFormation High Access Control Query details
Documentation
IAM Policy Grants Full Permissions
f62aa827-4ade-4dc4-89e4-1433d384a368
CloudFormation High Access Control Query details
Documentation
Lambda Functions With Full Privileges
a0ae0a4e-712b-4115-8112-51b9eeed9d69
CloudFormation High Access Control Query details
Documentation
MSK Broker Is Publicly Accessible
0ce1ba20-8ba8-4364-836f-40c24b8cb0ab
CloudFormation High Access Control Query details
Documentation
Neptune Cluster With IAM Database Authentication Disabled
a3aa0087-8228-4e7e-b202-dc9036972d02
CloudFormation High Access Control Query details
Documentation
S3 Bucket ACL Allows Read to All Users
219f4c95-aa50-44e0-97de-cf71f4641170
CloudFormation High Access Control Query details
Documentation
S3 Bucket ACL Allows Read to Any Authenticated User
835d5497-a526-4aea-a23f-98a9afd1635f
CloudFormation High Access Control Query details
Documentation
S3 Bucket Allows Get Action From All Principals
f97b7d23-568f-4bcc-9ac9-02df0d57fbba
CloudFormation High Access Control Query details
Documentation
S3 Bucket Allows List Action From All Principals
faa8fddf-c0aa-4b2d-84ff-e993e233ebe9
CloudFormation High Access Control Query details
Documentation
S3 Bucket Allows Public Policy
860ba89b-b8de-4e72-af54-d6aee4138a69
CloudFormation High Access Control Query details
Documentation
S3 Bucket Allows Restore Actions From All Principals
456b00a3-1072-4149-9740-6b8bb60251b0
CloudFormation High Access Control Query details
Documentation
AmazonMQ Broker Encryption Disabled
316278b3-87ac-444c-8f8f-a733a28da60f
CloudFormation High Encryption Query details
Documentation
API Gateway Cache Encrypted Disabled
37cca703-b74c-48ba-ac81-595b53398e9b
CloudFormation High Encryption Query details
Documentation
CMK Unencrypted Storage
ffee2785-c347-451e-89f3-11aeb08e5c84
CloudFormation High Encryption Query details
Documentation
Config Rule For Encrypted Volumes Disabled
1b6322d9-c755-4f8c-b804-32c19250f2d9
CloudFormation High Encryption Query details
Documentation
DynamoDB Table Not Encrypted
4bd21e68-38c1-4d58-acdc-6a14b203237f
CloudFormation High Encryption Query details
Documentation
DynamoDB With Aws Owned CMK
c8dee387-a2e6-4a73-a942-183c975549ac
CloudFormation High Encryption Query details
Documentation
EBS Volume Encryption Disabled
80b7ac3f-d2b7-4577-9b10-df7913497162
CloudFormation High Encryption Query details
Documentation
ECS Cluster Not Encrypted At Rest
6c131358-c54d-419b-9dd6-1f7dd41d180c
CloudFormation High Encryption Query details
Documentation
EFS Not Encrypted
2ff8e83c-90e1-4d68-a300-6d652112e622
CloudFormation High Encryption Query details
Documentation
ElastiCache With Disabled at Rest Encryption
e4ee3903-9225-4b6a-bdfb-e62dbadef821
CloudFormation High Encryption Query details
Documentation
ElasticSearch Encryption With KMS Disabled
d926aa95-0a04-4abc-b20c-acf54afe38a1
CloudFormation High Encryption Query details
Documentation
ElasticSearch Not Encrypted At Rest
86a248ab-0e01-4564-a82a-878303e253bb
CloudFormation High Encryption Query details
Documentation
ELB Using Weak Ciphers
809f77f8-d10e-4842-a84f-3be7b6ff1190
CloudFormation High Encryption Query details
Documentation
Kinesis SSE Not Configured
7f65be75-90ab-4036-8c2a-410aef7bb650
CloudFormation High Encryption Query details
Documentation
MSK Cluster Encryption Disabled
a976d63f-af0e-46e8-b714-8c1a9c4bf768
CloudFormation High Encryption Query details
Documentation
Neptune Database Cluster Encryption Disabled
bf4473f1-c8a2-4b1b-8134-bd32efabab93
CloudFormation High Encryption Query details
Documentation
RDS Storage Encryption Disabled
65844ba3-03a1-40a8-b3dd-919f122e8c95
CloudFormation High Encryption Query details
Documentation
RDS Storage Not Encrypted
5beacce3-4020-4a3d-9e1d-a36f953df630
CloudFormation High Encryption Query details
Documentation
Redshift Not Encrypted
3b316b05-564c-44a7-9c3f-405bb95e211e
CloudFormation High Encryption Query details
Documentation
S3 Bucket Without Server-side-encryption
b2e8752c-3497-4255-98d2-e4ae5b46bbf5
CloudFormation High Encryption Query details
Documentation
SageMaker Data Encryption Disabled
709e6da6-fa1f-44cc-8f17-7f25f96dadbe
CloudFormation High Encryption Query details
Documentation
User Data Contains Encoded Private Key
568cc372-ca64-420d-9015-ee347d00d288
CloudFormation High Encryption Query details
Documentation
Workspace Without Encryption
89827c57-5a8a-49eb-9731-976a606d70db
CloudFormation High Encryption Query details
Documentation
Batch Job Definition With Privileged Container Properties
76ddf32c-85b1-4808-8935-7eef8030ab36
CloudFormation High Insecure Configurations Query details
Documentation
KMS Key With Vulnerable Policy
da905474-7454-43c0-b8d2-5756ab951aba
CloudFormation High Insecure Configurations Query details
Documentation
Lambda Functions Without Unique IAM Roles
ae03f542-1423-402f-9cef-c834e7ee9583
CloudFormation High Insecure Configurations Query details
Documentation
MQ Broker Is Publicly Accessible
68b6a789-82f8-4cfd-85de-e95332fe6a61
CloudFormation High Insecure Configurations Query details
Documentation
Root Account Has Active Access Keys
4c137350-7307-4803-8c04-17c09a7a9fcf
CloudFormation High Insecure Configurations Query details
Documentation
S3 Static Website Host Enabled
90501b1b-cded-4cc1-9e8b-206b85cda317
CloudFormation High Insecure Configurations Query details
Documentation
Permissive Web ACL Default Action
6d64f311-3da6-45f3-80f1-14db9771ea40
CloudFormation High Insecure Defaults Query details
Documentation
DB Security Group Open To Large Scope
0104165b-02d5-426f-abc9-91fb48189899
CloudFormation High Networking and Firewall Query details
Documentation
Default Security Groups With Unrestricted Traffic
ea33fcf7-394b-4d11-a228-985c5d08f205
CloudFormation High Networking and Firewall Query details
Documentation
EC2 Sensitive Port Is Publicly Exposed
494b03d3-bf40-4464-8524-7c56ad0700ed
CloudFormation High Networking and Firewall Query details
Documentation
ELB Sensitive Port Is Exposed To Entire Network
78055456-f670-4d2e-94d5-392d1cf4f5e4
CloudFormation High Networking and Firewall Query details
Documentation
Fully Open Ingress
e415f8d3-fc2b-4f52-88ab-1129e8c8d3f5
CloudFormation High Networking and Firewall Query details
Documentation
Remote Desktop Port Open To Internet
c9846969-d066-431f-9b34-8c4abafe422a
CloudFormation High Networking and Firewall Query details
Documentation
Route53 Record Undefined
24d932e1-91f0-46ea-836f-fdbd81694151
CloudFormation High Networking and Firewall Query details
Documentation
Security Group Unrestricted Access To RDP
3ae83918-7ec7-4cb8-80db-b91ef0f94002
CloudFormation High Networking and Firewall Query details
Documentation
Security Groups With Exposed Admin Ports
cdbb0467-2957-4a77-9992-7b55b29df7b7
CloudFormation High Networking and Firewall Query details
Documentation
Security Groups With Meta IP
adcd0082-e90b-4b63-862b-21899f6e6a48
CloudFormation High Networking and Firewall Query details
Documentation
Unknown Port Exposed To Internet
829ce3b8-065c-41a3-ad57-e0accfea82d2
CloudFormation High Networking and Firewall Query details
Documentation
Unrestricted Security Group Ingress
4a1e6b34-1008-4e61-a5f2-1f7c276f8d14
CloudFormation High Networking and Firewall Query details
Documentation
Amplify App Access Token Exposed
73980e43-f399-4fcc-a373-658228f7adf7
CloudFormation High Secret Management Query details
Documentation
Amplify App Basic Auth Config Password Exposed
71493c8b-3014-404c-9802-078b74496fb7
CloudFormation High Secret Management Query details
Documentation
Amplify App OAuth Token Exposed
03b38885-8f4e-480c-a0e4-12c1affd15db
CloudFormation High Secret Management Query details
Documentation
Amplify Branch Basic Auth Config Password Exposed
dfb56e5d-ee68-446e-b32a-657b62befe69
CloudFormation High Secret Management Query details
Documentation
Directory Service Microsoft AD Password Set to Plaintext or Default Ref
06b9f52a-8cd5-459b-bdc6-21a22521e1be
CloudFormation High Secret Management Query details
Documentation
Directory Service Simple AD Password Exposed
6685d912-d81f-4cfa-95ad-e316ea31c989
CloudFormation High Secret Management Query details
Documentation
DMS Endpoint MongoDB Settings Password Exposed
f988a17f-1139-46a3-8928-f27eafd8b024
CloudFormation High Secret Management Query details
Documentation
DMS Endpoint Password Exposed
5f700072-b7ce-4e84-b3f3-497bf1c24a4d
CloudFormation High Secret Management Query details
Documentation
DocDB Cluster Master Password In Plaintext
39423ce4-9011-46cd-b6b1-009edcd9385d
CloudFormation High Secret Management Query details
Documentation
Hardcoded AWS Access Key In Lambda
2564172f-c92b-4261-9acd-464aed511696
CloudFormation High Secret Management Query details
Documentation
IAM User LoginProfile Password Is In Plaintext
06adef8c-c284-4de7-aad2-af43b07a8ca1
CloudFormation High Secret Management Query details
Documentation
RefreshToken Is Exposed
5b48c507-0d1f-41b0-a630-76817c6b4189
CloudFormation High Secret Management Query details
Documentation
API Gateway Method Does Not Contains An API Key
3641d5b4-d339-4bc2-bfb9-208fe8d3477f
CloudFormation Medium Access Control Query details
Documentation
API Gateway Without Configured Authorizer
7fd0d461-5b8c-4815-898c-f2b4b117eb28
CloudFormation Medium Access Control Query details
Documentation
EC2 Instance Has No IAM Role
f914357d-8386-4d56-9ba6-456e5723f9a6
CloudFormation Medium Access Control Query details
Documentation
EC2 Instance Using Default Security Group
08b81bb3-0985-4023-8602-b606ad81d279
CloudFormation Medium Access Control Query details
Documentation
EC2 Network ACL Ineffective Denied Traffic
2623d682-dccb-44cd-99d0-54d9fd62f8f2
CloudFormation Medium Access Control Query details
Documentation
Elasticsearch Without IAM Authentication
5c666ed9-b586-49ab-9873-c495a833b705
CloudFormation Medium Access Control Query details
Documentation
Empty Roles For ECS Cluster Task Definitions
7f384a5f-b5a2-4d84-8ca3-ee0a5247becb
CloudFormation Medium Access Control Query details
Documentation
IAM Group Inline Policies
a58d1a2d-4078-4b80-855b-84cc3f7f4540
CloudFormation Medium Access Control Query details
Documentation
IAM Group Without Users
8f957abd-9703-413d-87d3-c578950a753c
CloudFormation Medium Access Control Query details
Documentation
IAM Policies Attached To User
edc95c10-7366-4f30-9b4b-f995c84eceb5
CloudFormation Medium Access Control Query details
Documentation
IAM Policies With Full Privileges
953b3cdb-ce13-428a-aa12-318726506661
CloudFormation Medium Access Control Query details
Documentation
IAM Policy Grants 'AssumeRole' Permission Across All Services
e835bd0d-65da-49f7-b6d1-b646da8727e6
CloudFormation Medium Access Control Query details
Documentation
IAM Policy On User
e4239438-e639-44aa-adb8-866e400e3ade
CloudFormation Medium Access Control Query details
Documentation
IAM Role Allows All Principals To Assume
f80e3aa7-7b34-4185-954e-440a6894dde6
CloudFormation Medium Access Control Query details
Documentation
IoT Policy Allows Action as Wildcard
4d32780f-43a4-424a-a06d-943c543576a5
CloudFormation Medium Access Control Query details
Documentation
IoT Policy Allows Wildcard Resource
be5b230d-4371-4a28-a441-85dc760e2aa3
CloudFormation Medium Access Control Query details
Documentation
KMS Allows Wildcard Principal
f6049677-ec4a-43af-8779-5190b6d03cba
CloudFormation Medium Access Control Query details
Documentation
Lambda Permission Principal Is Wildcard
1d6e16f1-5d8a-4379-bfb3-2dadd38ed5a7
CloudFormation Medium Access Control Query details
Documentation
Public Lambda via API Gateway
57b12981-3816-4c31-b190-a1e614361dd2
CloudFormation Medium Access Control Query details
Documentation
S3 Bucket Allows Public ACL
48f100d9-f499-4c6d-b2b8-deafe47ffb26
CloudFormation Medium Access Control Query details
Documentation
SNS Topic Publicity Has Allow and NotAction Simultaneously
818f38ed-8446-4132-9c03-474d49e10195
CloudFormation Medium Access Control Query details
Documentation
SQS Policy With Public Access
9b6a3f5b-5fd6-40ee-9bc0-ed604911212d
CloudFormation Medium Access Control Query details
Documentation
Auto Scaling Group With No Associated ELB
ad21e616-5026-4b9d-990d-5b007bfe679c
CloudFormation Medium Availability Query details
Documentation
CMK Is Unusable
2844c749-bd78-4cd1-90e8-b179df827602
CloudFormation Medium Availability Query details
Documentation
ElastiCache Nodes Not Created Across Multi AZ
cfdef2e5-1fe4-4ef4-bea8-c56e08963150
CloudFormation Medium Availability Query details
Documentation
RDS Multi-AZ Deployment Disabled
2b1d4935-9acf-48a7-8466-10d18bf51a69
CloudFormation Medium Availability Query details
Documentation
RDS With Backup Disabled
8c415f6f-7b90-4a27-a44a-51047e1506f9
CloudFormation Medium Backup Query details
Documentation
S3 Bucket Without Versioning
a227ec01-f97a-4084-91a4-47b350c1db54
CloudFormation Medium Backup Query details
Documentation
Stack Retention Disabled
fe974ae9-858e-4991-bbd5-e040a834679f
CloudFormation Medium Backup Query details
Documentation
DynamoDB Table Point In Time Recovery Disabled
0f04217d-488f-4e7a-bec8-f16159686cd6
CloudFormation Medium Best Practices Query details
Documentation
ECS No Load Balancer Attached
fb2b0ecf-1492-491a-a70d-ba1df579175d
CloudFormation Medium Best Practices Query details
Documentation
IAM Managed Policy Applied to a User
0e5872b4-19a0-4165-8b2f-56d9e14b909f
CloudFormation Medium Best Practices Query details
Documentation
IAM User Without Password Reset
a964d6e3-8e1e-4d93-8120-61fa640dd55a
CloudFormation Medium Best Practices Query details
Documentation
Alexa Skill Plaintext Client Secret Exposed
3c3b7a58-b018-4d07-9444-d9ee7156e111
CloudFormation Medium Encryption Query details
Documentation
CloudFormation Specifying Credentials Not Safe
9ecb6b21-18bc-4aa7-bd07-db20f1c746db
CloudFormation Medium Encryption Query details
Documentation
Cloudfront Viewer Protocol Policy Allows HTTP
31733ee2-fef0-4e87-9778-65da22a8ecf1
CloudFormation Medium Encryption Query details
Documentation
CodeBuild Not Encrypted
d7467bb6-3ed1-4c82-8095-5e7a818d0aad
CloudFormation Medium Encryption Query details
Documentation
Connection Between CloudFront Origin Not Encrypted
a5366a50-932f-4085-896b-41402714a388
CloudFormation Medium Encryption Query details
Documentation
Default KMS Key Usage
e52395b4-250b-4c60-81d5-2e58c1d37abc
CloudFormation Medium Encryption Query details
Documentation
EFS Volume With Disabled Transit Encryption
c1282e03-b285-4637-aee7-eefe3a7bb658
CloudFormation Medium Encryption Query details
Documentation
ElastiCache With Disabled Transit Encryption
3b02569b-fc6f-4153-b3a3-ba91022fed68
CloudFormation Medium Encryption Query details
Documentation
ELB Using Insecure Protocols
61a94903-3cd3-4780-88ec-fc918819b9c8
CloudFormation Medium Encryption Query details
Documentation
ELB Without Secure Protocol
80908a75-586b-4c61-ab04-490f4f4525b8
CloudFormation Medium Encryption Query details
Documentation
EMR Security Configuration Encryption Disabled
5b033ec8-f079-4323-b5c8-99d4620433a9
CloudFormation Medium Encryption Query details
Documentation
IAM Database Auth Not Enabled
9fcd0a0a-9b6f-4670-a215-d94e6bf3f184
CloudFormation Medium Encryption Query details
Documentation
KMS Key Rotation Disabled
235ca980-eb71-48f4-9030-df0c371029eb
CloudFormation Medium Encryption Query details
Documentation
Redshift Cluster Without KMS CMK
de76a0d6-66d5-45c9-9022-f05545b85c78
CloudFormation Medium Encryption Query details
Documentation
S3 Bucket Without SSL In Write Actions
38c64e76-c71e-4d92-a337-60174d1de1c9
CloudFormation Medium Encryption Query details
Documentation
SageMaker EndPoint Config Should Specify KmsKeyId Attribute
44034eda-1c3f-486a-831d-e09a7dd94354
CloudFormation Medium Encryption Query details
Documentation
Secure Ciphers Disabled
be96849c-3df6-49c2-bc16-778a7be2519c
CloudFormation Medium Encryption Query details
Documentation
SQS With SSE Disabled
12726829-93ed-4d51-9cbe-13423f4299e1
CloudFormation Medium Encryption Query details
Documentation
API Gateway With Open Access
1056dfbb-5802-4762-bf2b-8b9b9684b1b0
CloudFormation Medium Insecure Configurations Query details
Documentation
API Gateway Without Security Policy
8275fab0-68ec-4705-bbf4-86975edb170e
CloudFormation Medium Insecure Configurations Query details
Documentation
API Gateway Without SSL Certificate
ed4c48b8-eccc-4881-95c1-09fdae23db25
CloudFormation Medium Insecure Configurations Query details
Documentation
CloudFront Without Minimum Protocol TLS 1.2
dc17ee4b-ddf2-4e23-96e8-7a36abad1303
CloudFormation Medium Insecure Configurations Query details
Documentation
ECR Image Tag Not Immutable
33f41d31-86b1-46a4-81f7-9c9a671f59ac
CloudFormation Medium Insecure Configurations Query details
Documentation
ECS Task Definition Network Mode Not Recommended
027a4b7a-8a59-4938-a04f-ed532512cf45
CloudFormation Medium Insecure Configurations Query details
Documentation
EMR Cluster Without Security Configuration
48af92a5-c89b-4936-bc62-1086fe2bab23
CloudFormation Medium Insecure Configurations Query details
Documentation
GitHub Repository Set To Public
5906092d-5f74-490d-9a03-78febe0f65e1
CloudFormation Medium Insecure Configurations Query details
Documentation
IAM User Has Too Many Access Keys
48677914-6fdf-40ec-80c4-2b0e94079f54
CloudFormation Medium Insecure Configurations Query details
Documentation
Redshift Publicly Accessible
bdf8dcb4-75df-4370-92c4-606e4ae6c4d3
CloudFormation Medium Insecure Configurations Query details
Documentation
S3 Bucket With Unsecured CORS Rule
3609d27c-3698-483a-9402-13af6ae80583
CloudFormation Medium Insecure Configurations Query details
Documentation
S3 Bucket Without Ignore Public ACL
6c8d51af-218d-4bfb-94a9-94eabaa0703a
CloudFormation Medium Insecure Configurations Query details
Documentation
S3 Bucket Without Restriction Of Public Bucket
350cd468-0e2c-44ef-9d22-cfb73a62523c
CloudFormation Medium Insecure Configurations Query details
Documentation
SageMaker Enabling Internet Access
88d55d94-315d-4564-beee-d2d725feab11
CloudFormation Medium Insecure Configurations Query details
Documentation
Vulnerable Default SSL Certificate
b4d9c12b-bfba-4aeb-9cb8-2358546d8041
CloudFormation Medium Insecure Defaults Query details
Documentation
ALB Is Not Integrated With WAF
105ba098-1e34-48cd-b0f2-a8a43a51bf9b
CloudFormation Medium Networking and Firewall Query details
Documentation
ALB Listening on HTTP
275a3217-ca37-40c1-a6cf-bb57d245ab32
CloudFormation Medium Networking and Firewall Query details
Documentation
API Gateway Endpoint Config is Not Private
4a8daf95-709d-4a36-9132-d3e19878fa34
CloudFormation Medium Networking and Firewall Query details
Documentation
API Gateway without WAF
fcbf9019-566c-4832-a65c-af00d8137d2b
CloudFormation Medium Networking and Firewall Query details
Documentation
CloudFront Without WAF
0f139403-303f-467c-96bd-e717e6cfd62d
CloudFormation Medium Networking and Firewall Query details
Documentation
EC2 Instance Subnet Has Public IP Mapping On Launch
b3de4e4c-14be-4159-b99d-9ad194365e4c
CloudFormation Medium Networking and Firewall Query details
Documentation
EC2 Network ACL Overlapping Ports
77b6f1e2-bde4-4a6a-ae7e-a40659ff1576
CloudFormation Medium Networking and Firewall Query details
Documentation
EC2 Permissive Network ACL Protocols
03879981-efa2-47a0-a818-c843e1441b88
CloudFormation Medium Networking and Firewall Query details
Documentation
EC2 Public Instance Exposed Through Subnet
c44c95fc-ae92-4bb8-bdf8-bb9bc412004a
CloudFormation Medium Networking and Firewall Query details
Documentation
EKS node group remote access
73d59e76-a12c-4b74-a3d8-d3e1e19c25b3
CloudFormation Medium Networking and Firewall Query details
Documentation
Elasticsearch with HTTPS disabled
4cdc88e6-c0c8-4081-a639-bb3a557cbedf
CloudFormation Medium Networking and Firewall Query details
Documentation
ELB With Security Group Without Inbound Rules
e200a6f3-c589-49ec-9143-7421d4a2c845
CloudFormation Medium Networking and Firewall Query details
Documentation
ELB With Security Group Without Outbound Rules
01d5a458-a6c4-452a-ac50-054d59275b7c
CloudFormation Medium Networking and Firewall Query details
Documentation
GameLift Fleet EC2 InboundPermissions With Port Range
43356255-495d-4148-ad8d-f6af5eac09dd
CloudFormation Medium Networking and Firewall Query details
Documentation
HTTP Port Open To Internet
ddfc4eaa-af23-409f-b96c-bf5c45dc4daa
CloudFormation Medium Networking and Firewall Query details
Documentation
SageMaker Notebook Not Placed In VPC
9c7028d9-04c2-45be-b8b2-1188ccaefb36
CloudFormation Medium Networking and Firewall Query details
Documentation
Security Group Egress CIDR Open To World
1cc2fbd7-816c-4fbf-ad6d-38a4afa4312a
CloudFormation Medium Networking and Firewall Query details
Documentation
Security Group Egress With All Protocols
ee464fc2-54a6-4e22-b10a-c6dcd2474d0c
CloudFormation Medium Networking and Firewall Query details
Documentation
Security Group Egress With Port Range
dae9c373-8287-462f-8746-6f93dad93610
CloudFormation Medium Networking and Firewall Query details
Documentation
Security Group Ingress With All Protocols
1a427b25-2e9e-4298-9530-0499a55e736b
CloudFormation Medium Networking and Firewall Query details
Documentation
Security Group Ingress With Port Range
87482183-a8e7-4e42-a566-7a23ec231c16
CloudFormation Medium Networking and Firewall Query details
Documentation
Security Group With Unrestricted Access To SSH
6e856af2-62d7-4ba2-adc1-73b62cef9cc1
CloudFormation Medium Networking and Firewall Query details
Documentation
Security Groups Allows Unrestricted Outbound Traffic
66f2d8f9-a911-4ced-ae27-34f09690bb2c
CloudFormation Medium Networking and Firewall Query details
Documentation
TCP UDP Protocol Network ACL Entry Allows All Ports
f57f849c-883b-4cb7-85e7-f7b199dff163
CloudFormation Medium Networking and Firewall Query details
Documentation
VPC Without Network Firewall
3e293410-d5b8-411f-85fd-7d26294f20c9
CloudFormation Medium Networking and Firewall Query details
Documentation
API Gateway Deployment Without Access Log Setting
06ec63e3-9f72-4fe2-a218-2eb9200b8db5
CloudFormation Medium Observability Query details
Documentation
API Gateway V2 Stage Access Logging Settings Not Defined
80d45af4-4920-4236-a56e-b7ef419d1941
CloudFormation Medium Observability Query details
Documentation
CloudFront Logging Disabled
de77cd9f-0e8b-46cc-b4a4-b6b436838642
CloudFormation Medium Observability Query details
Documentation
CloudTrail Logging Disabled
5c0b06d5-b7a4-484c-aeb0-75a836269ff0
CloudFormation Medium Observability Query details
Documentation
CloudWatch Logging Disabled
0f0fb06b-0f2f-4374-8588-f2c7c348c7a0
CloudFormation Medium Observability Query details
Documentation
CloudWatch Metrics Disabled
5d3c1807-acb3-4bb0-be4e-0440230feeaf
CloudFormation Medium Observability Query details
Documentation
DocDB Logging Is Disabled
1bf3b3d4-f373-4d7c-afbb-7d85948a67a5
CloudFormation Medium Observability Query details
Documentation
EC2 Instance Monitoring Disabled
0264093f-6791-4475-af34-4b8102dcbcd0
CloudFormation Medium Observability Query details
Documentation
Elasticsearch Logs Disabled
edbd62d4-8700-41de-b000-b3cfebb5e996
CloudFormation Medium Observability Query details
Documentation
ELB Access Log Disabled
ee12ad32-2863-4c0f-b13f-28272d115028
CloudFormation Medium Observability Query details
Documentation
ELBv2 ALB Access Log Disabled
c62e8b7d-1fdf-4050-ac4c-76ba9e1d9621
CloudFormation Medium Observability Query details
Documentation
GuardDuty Detector Disabled
a25cd877-375c-4121-a640-730929936fac
CloudFormation Medium Observability Query details
Documentation
MQ Broker Logging Disabled
e519ed6a-8328-4b69-8eb7-8fa549ac3050
CloudFormation Medium Observability Query details
Documentation
MSK Cluster Logging Disabled
fc7c2c15-f5d0-4b80-adb2-c89019f8f62b
CloudFormation Medium Observability Query details
Documentation
Redshift Cluster Logging Disabled
3de2d4ff-fe53-4fc9-95d3-2f8a69bf90d6
CloudFormation Medium Observability Query details
Documentation
S3 Bucket CloudTrail Logging Disabled
c3ce69fd-e3df-49c6-be78-1db3f802261c
CloudFormation Medium Observability Query details
Documentation
S3 Bucket Logging Disabled
4552b71f-0a2a-4bc4-92dd-ed7ec1b4674c
CloudFormation Medium Observability Query details
Documentation
VPC FlowLogs Disabled
f6d299d2-21eb-41cc-b1e1-fe12d857500b
CloudFormation Medium Observability Query details
Documentation
High Access Key Rotation Period
800fa019-49dd-421b-9042-7331fdd83fa2
CloudFormation Medium Secret Management Query details
Documentation
IAM User With No Group
06933df4-0ea7-461c-b9b5-104d27390e0e
CloudFormation Low Access Control Query details
Documentation
Support Has No Role Associated
d71b5fd7-9020-4b2d-9ec8-b3839faa2744
CloudFormation Low Access Control Query details
Documentation
EBS Volume Not Attached To Instances
1819ac03-542b-4026-976b-f37addd59f3b
CloudFormation Low Availability Query details
Documentation
ECS Service Without Running Tasks
79d745f0-d5f3-46db-9504-bef73e9fd528
CloudFormation Low Availability Query details
Documentation
VPC Attached With Too Many Gateways
97e94d17-e2c7-4109-a53b-6536ac1bb64e
CloudFormation Low Availability Query details
Documentation
Low RDS Backup Retention Period
e649a218-d099-4550-86a4-1231e1fcb60d
CloudFormation Low Backup Query details
Documentation
RDS DB Instance With Deletion Protection Disabled
2c161e58-cb52-454f-abea-6470c37b5e6e
CloudFormation Low Backup Query details
Documentation
Automatic Minor Upgrades Disabled
f0104061-8bfc-4b45-8a7d-630eb502f281
CloudFormation Low Best Practices Query details
Documentation
CDN Configuration Is Missing
e4f54ff4-d352-40e8-a096-5141073c37a2
CloudFormation Low Best Practices Query details
Documentation
Cognito UserPool Without MFA
74a18d1a-cf02-4a31-8791-ed0967ad7fdc
CloudFormation Low Best Practices Query details
Documentation
Geo Restriction Disabled
7f8843f0-9ea5-42b4-a02b-753055113195
CloudFormation Low Best Practices Query details
Documentation
IAM Access Analyzer Not Enabled
8d29754a-2a18-460d-a1ba-9509f8d359da
CloudFormation Low Best Practices Query details
Documentation
IAM Password Without Minimum Length
b1b20ae3-8fa7-4af5-a74d-a2145920fcb1
CloudFormation Low Best Practices Query details
Documentation
IAM Policies Without Groups
5e7acff5-095b-40ac-9073-ac2e4ad8a512
CloudFormation Low Best Practices Query details
Documentation
Lambda Permission Misconfigured
9b83114b-b2a1-4534-990d-06da015e47aa
CloudFormation Low Best Practices Query details
Documentation
Security Group Ingress Has CIDR Not Recommended
a3e4e39a-e5fc-4ee9-8cf5-700febfa86dd
CloudFormation Low Best Practices Query details
Documentation
DynamoDB With Not Recommended Table Billing Mode
c333e906-8d8b-4275-b999-78b6318f8dc6
CloudFormation Low Build Process Query details
Documentation
EFS Without Tags
08e39832-5e42-4304-98a0-aa5b43393162
CloudFormation Low Build Process Query details
Documentation
API Gateway With Invalid Compression
d6653eee-2d4d-4e6a-976f-6794a497999a
CloudFormation Low Encryption Query details
Documentation
CloudTrail Log Files Not Encrypted With KMS
050a9ba8-d1cb-4c61-a5e8-8805a70d3b85
CloudFormation Low Encryption Query details
Documentation
EFS Without KMS
6d087495-2a42-4735-abf7-02ef5660a7e6
CloudFormation Low Encryption Query details
Documentation
API Gateway Cache Cluster Disabled
52790cad-d60d-41d5-8483-146f9f21208d
CloudFormation Low Insecure Configurations Query details
Documentation
Inline Policies Are Attached To ECS Service
9e8c89b3-7997-4d15-93e4-7911b9db99fd
CloudFormation Low Insecure Configurations Query details
Documentation
Instance With No VPC
8a6d36cd-0bc6-42b7-92c4-67acc8576861
CloudFormation Low Insecure Configurations Query details
Documentation
Lambda Function Without Dead Letter Queue
c2eae442-d3ba-4cb1-84ca-1db4f80eae3d
CloudFormation Low Insecure Configurations Query details
Documentation
Lambda Function Without Tags
8df8e857-bd59-44fa-9f4c-d77594b95b46
CloudFormation Low Insecure Configurations Query details
Documentation
Wildcard In ACM Certificate Domain Name
cc8b294f-006f-4f8f-b5bb-0a9140c33131
CloudFormation Low Insecure Configurations Query details
Documentation
RouterTable with Default Routing
4f0908b9-eb66-433f-9145-134274e1e944
CloudFormation Low Insecure Defaults Query details
Documentation
S3 Bucket Should Have Bucket Policy
37fa8188-738b-42c8-bf82-6334ea567738
CloudFormation Low Insecure Defaults Query details
Documentation
EC2 Instance Using Default VPC
e42a3ef0-5325-4667-84bf-075ba1c9d58e
CloudFormation Low Networking and Firewall Query details
Documentation
ElastiCache Using Default Port
323db967-c68e-44e6-916c-a777f95af34b
CloudFormation Low Networking and Firewall Query details
Documentation
ElastiCache Without VPC
ba766c53-fe71-4bbb-be35-b6803f2ef13e
CloudFormation Low Networking and Firewall Query details
Documentation
EMR Without VPC
bf89373a-be40-4c04-99f5-746742dfd7f3
CloudFormation Low Networking and Firewall Query details
Documentation
RDS Using Default Port
1fe9d958-ddce-4228-a124-05265a959a8b
CloudFormation Low Networking and Firewall Query details
Documentation
Redshift Using Default Port
a478af30-8c3a-404d-aa64-0b673cee509a
CloudFormation Low Networking and Firewall Query details
Documentation
Security Groups Without VPC Attached
493d9591-6249-47bf-8dc0-5c10161cc558
CloudFormation Low Networking and Firewall Query details
Documentation
Shield Advanced Not In Use
ad7444cf-817a-4765-a79e-2145f7981faf
CloudFormation Low Networking and Firewall Query details
Documentation
API Gateway Deployment Without API Gateway UsagePlan Associated
783860a3-6dca-4c8b-81d0-7b62769ccbca
CloudFormation Low Observability Query details
Documentation
API Gateway X-Ray Disabled
4ab10c48-bedb-4deb-8f3b-ff12783b61de
CloudFormation Low Observability Query details
Documentation
CloudTrail Log File Validation Disabled
2a3560fe-52ca-4443-b34f-bf0ed5eb74c8
CloudFormation Low Observability Query details
Documentation
CloudTrail Multi Region Disabled
058ac855-989f-4378-ba4d-52d004020da7
CloudFormation Low Observability Query details
Documentation
CloudTrail Not Integrated With CloudWatch
65d07da5-9af5-44df-8983-52d2e6f24c44
CloudFormation Low Observability Query details
Documentation
CloudTrail SNS Topic Name Undefined
3e09413f-471e-40f3-8626-990c79ae63f3
CloudFormation Low Observability Query details
Documentation
CMK Rotation Disabled
1c07bfaf-663c-4f6f-b22b-8e2d481e4df5
CloudFormation Low Observability Query details
Documentation
Configuration Aggregator to All Regions Disabled
9f3cf08e-72a2-4eb1-8007-e3b1b0e10d4d
CloudFormation Low Observability Query details
Documentation
ECS Cluster with Container Insights Disabled
ab759fde-e1e8-4b0e-ad73-ba856e490ed8
CloudFormation Low Observability Query details
Documentation
ECS Task Definition HealthCheck Missing
d24389b4-b209-4ff0-8345-dc7a4569dcdd
CloudFormation Low Observability Query details
Documentation
ElasticSearch Without Slow Logs
086ea2eb-14a6-4fd4-914b-38e0bc8703e8
CloudFormation Low Observability Query details
Documentation
Lambda Functions Without X-Ray Tracing
9488c451-074e-4cd3-aee3-7db6104f542c
CloudFormation Low Observability Query details
Documentation
Stack Notifications Disabled
837e033c-4717-40bd-807e-6abaa30161b7
CloudFormation Low Observability Query details
Documentation
Unscanned ECR Image
9025b2b3-e554-4842-ba87-db7aeec36d35
CloudFormation Low Observability Query details
Documentation
API Gateway Stage Without API Gateway UsagePlan Associated
7f8f1b60-43df-4c28-aa21-fb836dbd8071
CloudFormation Low Resource Management Query details
Documentation
ECS Task Definition Invalid CPU or Memory
f4c9b5f5-68b8-491f-9e48-4f96644a1d51
CloudFormation Low Resource Management Query details
Documentation
SDB Domain Declared As A Resource
6ea57c8b-f9c0-4ec7-bae3-bd75a9dee27d
CloudFormation Low Resource Management Query details
Documentation
VPC Without Attached Subnet
3b3b4411-ad1f-40e7-b257-a78a6bb9673a
CloudFormation Low Resource Management Query details
Documentation
EBS Volume Without KmsKeyId
b7063015-6c31-4658-a8e7-14f98f37fd42
CloudFormation Low Secret Management Query details
Documentation
Secrets Manager Should Specify KmsKeyId
c8ae9ba9-c2f7-4e5c-b32e-a4b7712d4d22
CloudFormation Low Secret Management Query details
Documentation
SNS Topic Without KmsMasterKeyId
9d13b150-a2ab-42a1-b6f4-142e41f81e52
CloudFormation Low Secret Management Query details
Documentation
EC2 Not EBS Optimized
8dd0ff1f-0da4-48df-9bb3-7f338ae36a40
CloudFormation Info Best Practices Query details
Documentation
Security Group Rule Without Description
5e6c9c68-8a82-408e-8749-ddad78cbb9c5
CloudFormation Info Best Practices Query details
Documentation
EC2 Network ACL Duplicate Rule
045ddb54-cfc5-4abb-9e05-e427b2bc96fe
CloudFormation Info Networking and Firewall Query details
Documentation
BOM - AWS Cassandra
124b173b-e06d-48a6-8acd-f889443d97a4
CloudFormation Trace Bill Of Materials Query details
Documentation
BOM - AWS DynamoDB
4e67c0ae-38a0-47f4-a50c-f0c9b75826df
CloudFormation Trace Bill Of Materials Query details
Documentation
BOM - AWS EBS
0b0556ea-9cd9-476f-862e-20679dda752b
CloudFormation Trace Bill Of Materials Query details
Documentation
BOM - AWS EFS
ef05a925-8568-4054-8ff1-f5ba82631c16
CloudFormation Trace Bill Of Materials Query details
Documentation
BOM - AWS Elasticache
c689f51b-9203-43b3-9d8b-caed123f706c
CloudFormation Trace Bill Of Materials Query details
Documentation
BOM - AWS Kinesis
d53323be-dde6-4457-9a43-42df737e71d2
CloudFormation Trace Bill Of Materials Query details
Documentation
BOM - AWS MQ
209189f3-c879-48a7-9703-fbcfa96d0cef
CloudFormation Trace Bill Of Materials Query details
Documentation
BOM - AWS MSK
2730c169-51d7-4ae7-99b5-584379eff1bb
CloudFormation Trace Bill Of Materials Query details
Documentation
BOM - AWS RDS
6ef03ff6-a2bd-483c-851f-631f248bc0ea
CloudFormation Trace Bill Of Materials Query details
Documentation
BOM - AWS S3 Buckets
b5d6a2e0-8f15-4664-bd5b-68ec5c9bab83
CloudFormation Trace Bill Of Materials Query details
Documentation
BOM - AWS SNS
42e7dca3-8cce-4325-8df0-108888259136
CloudFormation Trace Bill Of Materials Query details
Documentation
BOM - AWS SQS
59a849c2-1127-4023-85a5-ef906dcd458c
CloudFormation Trace Bill Of Materials Query details
Documentation
Serverless Function Without Unique IAM Role
4ba74f01-aba5-4be2-83bc-be79ff1a3b92
CloudFormation High Insecure Configurations Query details
Documentation
Serverless Function Environment Variables Not Encrypted
a7f8ac28-eed1-483d-87c8-4c325f022572
CloudFormation Medium Encryption Query details
Documentation
Serverless API Endpoint Config Not Private
6b5b0313-771b-4319-ad7a-122ee78700ef
CloudFormation Medium Networking and Firewall Query details
Documentation
Serverless API Access Logging Setting Undefined
0a994e04-c6dc-471d-817e-d37451d18a3b
CloudFormation Medium Observability Query details
Documentation
Serverless API X-Ray Tracing Disabled
c757c6a3-ac87-4b9d-b28d-e5a5add6a315
CloudFormation Medium Observability Query details
Documentation
Serverless API Without Content Encoding
a2f2800e-614b-4bc8-89e6-fec8afd24800
CloudFormation Low Encryption Query details
Documentation
Serverless API Cache Cluster Disabled
60a05ede-0a68-4d0d-a58f-f538cf55ff79
CloudFormation Low Insecure Configurations Query details
Documentation
Serverless Function Without Dead Letter Queue
cb2f612b-ed42-4ff5-9fb9-255c73d39a18
CloudFormation Low Insecure Configurations Query details
Documentation
Serverless Function Without Tags
a71ecabe-03b6-456a-b3bc-d1a39aa20c98
CloudFormation Low Insecure Configurations Query details
Documentation
Serverless Function Without X-Ray Tracing
dc1ab429-1481-4540-9b1d-280e3f15f1f8
CloudFormation Low Observability Query details
Documentation
Passwords And Secrets
a88baa34-e2ad-44ea-ad6f-8cac87bc7c71
Common High Secret Management Query details
Documentation
DB Instance Storage Not Encrypted
e50eb68a-a4af-4048-8bbe-8ec324421469
Crossplane High Encryption Query details
Documentation
EFS Not Encrypted
72840c35-3876-48be-900d-f21b2f0c2ea1
Crossplane High Encryption Query details
Documentation
ELB Using Weak Ciphers
a507daa5-0795-4380-960b-dd7bb7c56661
Crossplane High Encryption Query details
Documentation
Neptune Database Cluster Encryption Disabled
83bf5aca-138a-498e-b9cd-ad5bc5e117b4
Crossplane High Encryption Query details
Documentation
DB Security Group Has Public Interface
dd667399-8d9d-4a8d-bbb4-e49ab53b2f52
Crossplane High Insecure Configurations Query details
Documentation
SQS With SSE Disabled
9296f1cc-7a40-45de-bd41-f31745488a0e
Crossplane Medium Encryption Query details
Documentation
CloudFront Without Minimum Protocol TLS 1.2
255b0fcc-9f82-41fe-9229-01b163e3376b
Crossplane Medium Insecure Configurations Query details
Documentation
RDS DB Instance Publicly Accessible
d9dc6429-5140-498a-8f55-a10daac5f000
Crossplane Medium Insecure Configurations Query details
Documentation
CloudFront Without WAF
6d19ce0f-b3d8-4128-ac3d-1064e0f00494
Crossplane Medium Networking and Firewall Query details
Documentation
CloudFront Logging Disabled
7b590235-1ff4-421b-b9ff-5227134be9bb
Crossplane Medium Observability Query details
Documentation
DocDB Logging Is Disabled
e6cd49ba-77ed-417f-9bca-4f5303554308
Crossplane Medium Observability Query details
Documentation
EFS Without KMS
bdecd6db-2600-47dd-a10c-72c97cf17ae9
Crossplane Low Encryption Query details
Documentation
ECS Cluster with Container Insights Disabled
0c7a76d9-7dc5-499e-81ac-9245839177cb
Crossplane Low Observability Query details
Documentation
CloudWatch Without Retention Period Specified
934613fe-b12c-4e5a-95f5-c1dcdffac1ff
Crossplane Info Observability Query details
Documentation
AKS RBAC Disabled
b2418936-cd47-4ea2-8346-623c0bdb87bd
Crossplane Medium Access Control Query details
Documentation
Redis Cache Allows Non SSL Connections
6c7cfec3-c686-4ed2-bf58-a1ec054b63fc
Crossplane Medium Insecure Configurations Query details
Documentation
Google Container Node Pool Auto Repair Disabled
b4f65d13-a609-4dc1-af7c-63d2e08bffe9
Crossplane Medium Insecure Configurations Query details
Documentation
Cloud Storage Bucket Logging Not Enabled
6c2d627c-de0f-45fb-b33d-dad9bffbb421
Crossplane Medium Observability Query details
Documentation
Docker Socket Mounted In Container
d6355c88-1e8d-49e9-b2f2-f8a1ca12c75b
DockerCompose High Build Process Query details
Documentation
Volume Has Sensitive Host Directory
1c1325ff-831d-43a1-973e-839ae57dfcc0
DockerCompose High Build Process Query details
Documentation
Volume Mounted In Multiple Containers
baa452f0-1f21-4a25-ace5-844e7a5f410d
DockerCompose High Build Process Query details
Documentation
No New Privileges Not Set
27fcc7d6-c49b-46e0-98f1-6c082a6a2750
DockerCompose High Resource Management Query details
Documentation
Privileged Containers Enabled
ae5b6871-7f45-42e0-bb4c-ab300c4d2026
DockerCompose High Resource Management Query details
Documentation
Healthcheck Not Set
698ed579-b239-4f8f-a388-baa4bcb13ef8
DockerCompose Medium Availability Query details
Documentation
Cgroup Not Default
4d9f44c6-2f4a-4317-9bb5-267adbea0232
DockerCompose Medium Build Process Query details
Documentation
Restart Policy On Failure Not Set To 5
2fc99041-ddad-49d5-853f-e35e70a48391
DockerCompose Medium Build Process Query details
Documentation
Container Traffic Not Bound To Host Interface
451d79dc-0588-476a-ad03-3c7f0320abb3
DockerCompose Medium Networking and Firewall Query details
Documentation
Privileged Ports Mapped In Container
bc2908f3-f73c-40a9-8793-c1b7d5544f79
DockerCompose Medium Networking and Firewall Query details
Documentation
Container Capabilities Unrestricted
ce76b7d0-9e77-464d-b86f-c5c48e03e22d
DockerCompose Medium Resource Management Query details
Documentation
Default Seccomp Profile Disabled
404fde2c-bc4b-4371-9747-7054132ac953
DockerCompose Medium Resource Management Query details
Documentation
Host Namespace is Shared
4f31dd9f-2cc3-4751-9b53-67e4af83dac0
DockerCompose Medium Resource Management Query details
Documentation
Memory Not Limited
bb9ac4f7-e13b-423d-a010-c74a1bfbe492
DockerCompose Medium Resource Management Query details
Documentation
Pids Limit Not Set
221e0658-cb2a-44e3-b08a-db96a341d6fa
DockerCompose Medium Resource Management Query details
Documentation
Security Opt Not Set
610e266e-6c12-4bca-9925-1ed0cd29742b
DockerCompose Medium Resource Management Query details
Documentation
Shared Host IPC Namespace
baa3890f-bed7-46f5-ab8f-1da8fc91c729
DockerCompose Medium Resource Management Query details
Documentation
Shared Host Network Namespace
071a71ff-f868-47a4-ac0b-3c59e4ab5443
DockerCompose Medium Resource Management Query details
Documentation
Shared Host User Namespace
8af7162d-6c98-482f-868e-0d33fb675ca8
DockerCompose Medium Resource Management Query details
Documentation
Cpus Not Limited
6b610c50-99fb-4ef0-a5f3-e312fd945bc3
DockerCompose Low Resource Management Query details
Documentation
Shared Volumes Between Containers
8c978947-0ff6-485c-b0c2-0bfca6026466
DockerCompose Info Insecure Configurations Query details
Documentation
Last User Is 'root'
67fd0c4a-68cf-46d7-8c41-bc9fba7e40ae
Dockerfile High Best Practices Query details
Documentation
Missing User Instruction
fd54f200-402c-4333-a5a4-36ef6709af2f
Dockerfile High Build Process Query details
Documentation
Changing Default Shell Using RUN Command
8a301064-c291-4b20-adcb-403fe7fd95fd
Dockerfile Medium Best Practices Query details
Documentation
Image Version Using 'latest'
f45ea400-6bbe-4501-9fc7-1c3d75c32067
Dockerfile Medium Best Practices Query details
Documentation
Not Using JSON In CMD And ENTRYPOINT Arguments
b86987e1-6397-4619-81d5-8807f2387c79
Dockerfile Medium Build Process Query details
Documentation
Run Using Sudo
8ada6e80-0ade-439e-b176-0b28f6bce35a
Dockerfile Medium Insecure Configurations Query details
Documentation
Add Instead of Copy
9513a694-aa0d-41d8-be61-3271e056f36b
Dockerfile Medium Supply-Chain Query details
Documentation
Apt Get Install Pin Version Not Defined
965a08d7-ef86-4f14-8792-4a3b2098937e
Dockerfile Medium Supply-Chain Query details
Documentation
Gem Install Without Version
22cd11f7-9c6c-4f6e-84c0-02058120b341
Dockerfile Medium Supply-Chain Query details
Documentation
Image Version Not Explicit
9efb0b2d-89c9-41a3-91ca-dcc0aec911fd
Dockerfile Medium Supply-Chain Query details
Documentation
Missing Version Specification In dnf install
93d88cf7-f078-46a8-8ddc-178e03aeacf1
Dockerfile Medium Supply-Chain Query details
Documentation
Missing Zypper Non-interactive Switch
45e1fca5-f90e-465d-825f-c2cb63fa3944
Dockerfile Medium Supply-Chain Query details
Documentation
NPM Install Command Without Pinned Version
e36d8880-3f78-4546-b9a1-12f0745ca0d5
Dockerfile Medium Supply-Chain Query details
Documentation
Unpinned Package Version in Apk Add
d3499f6d-1651-41bb-a9a7-de925fea487b
Dockerfile Medium Supply-Chain Query details
Documentation
Unpinned Package Version in Pip Install
02d9c71f-3ee8-4986-9c27-1a20d0d19bfc
Dockerfile Medium Supply-Chain Query details
Documentation
Yum install Without Version
6452c424-1d92-4deb-bb18-a03e95d579c4
Dockerfile Medium Supply-Chain Query details
Documentation
Chown Flag Exists
aa93e17f-b6db-4162-9334-c70334e7ac28
Dockerfile Low Best Practices Query details
Documentation
Curl or Wget Instead of Add
4b410d24-1cbe-4430-a632-62c9a931cf1c
Dockerfile Low Best Practices Query details
Documentation
Exposing Port 22 (SSH)
5907595b-5b6d-4142-b173-dbb0e73fbff8
Dockerfile Low Best Practices Query details
Documentation
MAINTAINER Instruction Being Used
99614418-f82b-4852-a9ae-5051402b741c
Dockerfile Low Best Practices Query details
Documentation
Missing Dnf Clean All
295acb63-9246-4b21-b441-7c1f1fb62dc0
Dockerfile Low Best Practices Query details
Documentation
Missing Zypper Clean
38300d1a-feb2-4a48-936a-d1ef1cd24313
Dockerfile Low Best Practices Query details
Documentation
Multiple RUN, ADD, COPY, Instructions Listed
0008c003-79aa-42d8-95b8-1c2fe37dbfe6
Dockerfile Low Best Practices Query details
Documentation
Pip install Keeping Cached Packages
f2f903fb-b977-461e-98d7-b3e2185c6118
Dockerfile Low Best Practices Query details
Documentation
Yum Clean All Missing
00481784-25aa-4a55-8633-3136dfcf4f37
Dockerfile Low Best Practices Query details
Documentation
COPY '--from' References Current FROM Alias
cdddb86f-95f6-4fc4-b5a1-483d9afceb2b
Dockerfile Low Build Process Query details
Documentation
Copy With More Than Two Arguments Not Ending With Slash
6db6e0c2-32a3-4a2e-93b5-72c35f4119db
Dockerfile Low Build Process Query details
Documentation
Multiple CMD Instructions Listed
41c195f4-fc31-4a5c-8a1b-90605538d49f
Dockerfile Low Build Process Query details
Documentation
Multiple ENTRYPOINT Instructions Listed
6938958b-3f1a-451c-909b-baeee14bdc97
Dockerfile Low Build Process Query details
Documentation
RUN Instruction Using 'cd' Instead of WORKDIR
f4a6bcd3-e231-4acf-993c-aa027be50d2e
Dockerfile Low Build Process Query details
Documentation
Same Alias In Different Froms
f2daed12-c802-49cd-afed-fe41d0b82fed
Dockerfile Low Build Process Query details
Documentation
Update Instruction Alone
9bae49be-0aa3-4de5-bab2-4c3a069e40cd
Dockerfile Low Build Process Query details
Documentation
Using Unnamed Build Stages
68a51e22-ae5a-4d48-8e87-b01a323605c9
Dockerfile Low Build Process Query details
Documentation
WORKDIR Path Not Absolute
6b376af8-cfe8-49ab-a08d-f32de23661a4
Dockerfile Low Build Process Query details
Documentation
Healthcheck Instruction Missing
b03a748a-542d-44f4-bb86-9199ab4fd2d5
Dockerfile Low Insecure Configurations Query details
Documentation
Shell Running A Pipe Without Pipefail Flag
efbf148a-67e9-42d2-ac47-02fa1c0d0b22
Dockerfile Low Insecure Defaults Query details
Documentation
APT-GET Missing Flags To Avoid Manual Input
77783205-c4ca-4f80-bb80-c777f267c547
Dockerfile Low Supply-Chain Query details
Documentation
Missing Flag From Dnf Install
7ebd323c-31b7-4e5b-b26f-de5e9e477af8
Dockerfile Low Supply-Chain Query details
Documentation
Run Using 'wget' and 'curl'
fc775e75-fcfb-4c98-b2f2-910c5858b359
Dockerfile Low Supply-Chain Query details
Documentation
Run Using apt
b84a0b47-2e99-4c9f-8933-98bcabe2b94d
Dockerfile Low Supply-Chain Query details
Documentation
Yum Install Allows Manual Input
6e19193a-8753-436d-8a09-76dcff91bb03
Dockerfile Low Supply-Chain Query details
Documentation
Zypper Install Without Version
562952e4-0348-4dea-9826-44f3a2c6117b
Dockerfile Low Supply-Chain Query details
Documentation
Using Platform Flag with FROM Command
b16e8501-ef3c-44e1-a543-a093238099c9
Dockerfile Info Best Practices Query details
Documentation
UNIX Ports Out Of Range
71bf8cf8-f0a1-42fa-b9d2-d10525e0a38e
Dockerfile Info Networking and Firewall Query details
Documentation
Apk Add Using Local Cache Path
ae9c56a6-3ed1-4ac0-9b54-31267f51151d
Dockerfile Info Supply-Chain Query details
Documentation
Apt Get Install Lists Were Not Deleted
df746b39-6564-4fed-bf85-e9c44382303c
Dockerfile Info Supply-Chain Query details
Documentation
APT-GET Not Avoiding Additional Packages
7384dfb2-fcd1-4fbf-91cd-6c44c318c33c
Dockerfile Info Supply-Chain Query details
Documentation
Run Utilities And POSIX Commands
9b6b0f38-92a2-41f9-b881-3a1083d99f1b
Dockerfile Info Supply-Chain Query details
Documentation
Cloud Storage Anonymous or Publicly Accessible
63ae3638-a38c-4ff4-b616-6e1f72a31a6a
GoogleDeploymentManager Critical Access Control Query details
Documentation
BigQuery Dataset Is Public
83103dff-d57f-42a8-bd81-40abab64c1a7
GoogleDeploymentManager High Access Control Query details
Documentation
SQL DB Instance With SSL Disabled
660360d3-9ca7-46d1-b147-3acc4002953f
GoogleDeploymentManager High Encryption Query details
Documentation
Client Certificate Disabled
dd690686-2bf9-4012-a821-f61912dd77be
GoogleDeploymentManager High Insecure Configurations Query details
Documentation
GKE Legacy Authorization Enabled
df58d46c-783b-43e0-bdd0-d99164f712ee
GoogleDeploymentManager High Insecure Configurations Query details
Documentation
Google Storage Bucket Level Access Disabled
1239f54b-33de-482a-8132-faebe288e6a6
GoogleDeploymentManager High Insecure Configurations Query details
Documentation
MySQL Instance With Local Infile On
c759d6f2-4dd3-4160-82d3-89202ef10d87
GoogleDeploymentManager High Insecure Configurations Query details
Documentation
RDP Access Is Not Restricted
50cb6c3b-c878-4b88-b50e-d1421bada9e8
GoogleDeploymentManager High Networking and Firewall Query details
Documentation
Cloud Storage Bucket Is Publicly Accessible
77c1fa3f-83dc-4c9d-bfed-e1d0cc8fd9dc
GoogleDeploymentManager Medium Access Control Query details
Documentation
SQL DB Instance Backup Disabled
a5bf1a1c-92c7-401c-b4c6-ebdc8b686c01
GoogleDeploymentManager Medium Backup Query details
Documentation
Disk Encryption Disabled
fc040fb6-4c23-4c0d-b12a-39edac35debb
GoogleDeploymentManager Medium Encryption Query details
Documentation
DNSSEC Using RSASHA1
6d7b121a-a2ed-4e37-bd2f-80d9df1dfd35
GoogleDeploymentManager Medium Encryption Query details
Documentation
Cloud DNS Without DNSSEC
313d6deb-3b67-4948-b41d-35b699c2492e
GoogleDeploymentManager Medium Insecure Configurations Query details
Documentation
Cluster Master Authentication Disabled
7ef7d141-9fbb-4679-a977-fd0883436906
GoogleDeploymentManager Medium Insecure Configurations Query details
Documentation
IP Aliasing Disabled
28727987-e398-49b8-aef1-8a3e7789d111
GoogleDeploymentManager Medium Insecure Configurations Query details
Documentation
Network Policy Disabled
c47f90e8-4a19-43f0-8413-cc434d286c4e
GoogleDeploymentManager Medium Insecure Configurations Query details
Documentation
OSLogin Is Disabled In VM Instance
e66e1b71-c810-4b4e-a737-0ab59e7f5e41
GoogleDeploymentManager Medium Insecure Configurations Query details
Documentation
Private Cluster Disabled
48c61fbd-09c9-46cc-a521-012e0c325412
GoogleDeploymentManager Medium Insecure Configurations Query details
Documentation
Shielded VM Disabled
9038b526-4c19-4928-bca2-c03d503bdb79
GoogleDeploymentManager Medium Insecure Configurations Query details
Documentation
Compute Instance Is Publicly Accessible
8212e2d7-e683-49bc-bf78-d6799075c5a7
GoogleDeploymentManager Medium Networking and Firewall Query details
Documentation
GKE Master Authorized Networks Disabled
62c8cf50-87f0-4295-a974-8184ed78fe02
GoogleDeploymentManager Medium Networking and Firewall Query details
Documentation
IP Forwarding Enabled
7c98538a-81c6-444b-bf04-e60bc3ceeec0
GoogleDeploymentManager Medium Networking and Firewall Query details
Documentation
SSH Access Is Not Restricted
dee21308-2a7a-49de-8ff7-c9b87e188575
GoogleDeploymentManager Medium Networking and Firewall Query details
Documentation
Bucket Without Versioning
227c2f58-70c6-4432-8e9a-a89c1a548cf5
GoogleDeploymentManager Medium Observability Query details
Documentation
Cloud Storage Bucket Versioning Disabled
ad0875c1-0b39-4890-9149-173158ba3bba
GoogleDeploymentManager Medium Observability Query details
Documentation
Stackdriver Logging Disabled
95601b9a-7fe8-4aee-9b58-d36fd9382dfc
GoogleDeploymentManager Medium Observability Query details
Documentation
Stackdriver Monitoring Disabled
bbfc97ab-e92a-4a7b-954c-e88cec815011
GoogleDeploymentManager Medium Observability Query details
Documentation
Node Auto Upgrade Disabled
dc5c5fee-6c53-43b0-ab11-4c660e064aaf
GoogleDeploymentManager Medium Resource Management Query details
Documentation
Project-wide SSH Keys Are Enabled In VM Instances
6e2b1ec1-1eca-4eb7-9d4d-2882680b4811
GoogleDeploymentManager Medium Secret Management Query details
Documentation
Cluster Labels Disabled
8810968b-4b15-421d-918b-d91eb4bb8d1d
GoogleDeploymentManager Low Insecure Configurations Query details
Documentation
COS Node Image Not Used
dbe058d7-b82e-430b-8426-992b2e4677e7
GoogleDeploymentManager Low Insecure Configurations Query details
Documentation
Not Proper Email Account In Use
a21b8df3-c840-4b3d-a41a-10fb2afda171
GoogleDeploymentManager Low Insecure Configurations Query details
Documentation
BOM - GCP PD
268c65a8-58ad-43e4-9019-1a9bbc56749f
GoogleDeploymentManager Trace Bill Of Materials Query details
Documentation
BOM - GCP PST
9ed08714-b2f3-4c6d-8fb0-ac0b74ad71d8
GoogleDeploymentManager Trace Bill Of Materials Query details
Documentation
BOM - GCP SB
c7781feb-a955-4f9f-b9cf-0d7c6f54bb59
GoogleDeploymentManager Trace Bill Of Materials Query details
Documentation
Enum Name Not CamelCase
daaace5f-c0dc-4835-b526-7a116b7f4b4e
GRPC Info Best Practices Query details
Documentation
Serving Revision Spec Without Timeout Seconds
e8bb41e4-2f24-4e84-8bea-8c7c070cf93d
Knative Info Insecure Configurations Query details
Documentation
Authorization Mode Set To Always Allow
f1f4d8da-1ac4-47d0-b1aa-91e69d33f7d5
Kubernetes High Access Control Query details
Documentation
Basic Auth File Is Set
5da47109-f8d6-4585-9e2b-96a8958a12f5
Kubernetes High Access Control Query details
Documentation
Client Certificate Authentication Not Setup Properly
e0e00aba-5f1c-4981-a542-9a9563c0ee20
Kubernetes High Access Control Query details
Documentation
Non Kube System Pod With Host Mount
aa8f7a35-9923-4cad-bd61-a19b7f6aac91
Kubernetes High Access Control Query details
Documentation
RBAC Wildcard In Rule
6b896afb-ca07-467a-b256-1a0077a1c08e
Kubernetes High Access Control Query details
Documentation
Service Account Lookup Set To False
a5530bd7-225a-48f9-91bb-f40b04200165
Kubernetes High Access Control Query details
Documentation
Token Auth File Is Set
32ecd76e-7bbf-402e-bf48-8b9485749558
Kubernetes High Access Control Query details
Documentation
Pod Security Policy Admission Control Plugin Not Set
afa36afb-39fe-4d94-b9b6-afb236f7a03d
Kubernetes High Build Process Query details
Documentation
Cluster Allows Unsafe Sysctls
9127f0d9-2310-42e7-866f-5fd9d20dcbad
Kubernetes High Insecure Configurations Query details
Documentation
Container Is Privileged
dd29336b-fe57-445b-a26e-e6aa867ae609
Kubernetes High Insecure Configurations Query details
Documentation
Container Runs Unmasked
f922827f-aab6-447c-832a-e1ff63312bd3
Kubernetes High Insecure Configurations Query details
Documentation
Containers With Sys Admin Capabilities
235236ee-ad78-4065-bd29-61b061f28ce0
Kubernetes High Insecure Configurations Query details
Documentation
Privilege Escalation Allowed
5572cc5e-1e4c-4113-92a6-7a8a3bd25e6d
Kubernetes High Insecure Configurations Query details
Documentation
PSP Allows Containers To Share The Host Network Namespace
a33e9173-b674-4dfb-9d82-cf3754816e4b
Kubernetes High Insecure Configurations Query details
Documentation
PSP Allows Privilege Escalation
87554eef-154d-411d-bdce-9dbd91e56851
Kubernetes High Insecure Configurations Query details
Documentation
PSP Allows Sharing Host IPC
80f93444-b240-4ebb-a4c6-5c40b76c04ea
Kubernetes High Insecure Configurations Query details
Documentation
PSP Set To Privileged
c48e57d3-d642-4e0b-90db-37f807b41b91
Kubernetes High Insecure Configurations Query details
Documentation
PSP With Added Capabilities
7307579a-3abb-46ad-9ce5-2a915634d5c8
Kubernetes High Insecure Configurations Query details
Documentation
Shared Host PID Namespace
302736f4-b16c-41b8-befe-c0baffa0bd9d
Kubernetes High Insecure Configurations Query details
Documentation
Tiller (Helm v2) Is Deployed
6d173be7-545a-46c6-a81d-2ae52ed1605d
Kubernetes High Insecure Configurations Query details
Documentation
Tiller Service Is Not Deleted
8b862ca9-0fbd-4959-ad72-b6609bdaa22d
Kubernetes High Insecure Configurations Query details
Documentation
Workload Mounting With Sensitive OS Directory
5308a7a8-06f8-45ac-bf10-791fe21de46e
Kubernetes High Insecure Configurations Query details
Documentation
Etcd Peer TLS Certificate Files Not Properly Set
09bb9e96-8da3-4736-b89a-b36814acca60
Kubernetes High Networking and Firewall Query details
Documentation
Insecure Bind Address Set
b9380fd3-5ffe-4d10-9290-13e18e71eee1
Kubernetes High Networking and Firewall Query details
Documentation
Insecure Port Not Properly Set
fa4def8c-1898-4a35-a139-7b76b1acdef0
Kubernetes High Networking and Firewall Query details
Documentation
Secure Port Set To Zero
3d24b204-b73d-42cb-b0bf-1a5438c5f71e
Kubernetes High Networking and Firewall Query details
Documentation
Tiller Deployment Is Accessible From Within The Cluster
e17fa86a-6222-4584-a914-56e8f6c87e06
Kubernetes High Networking and Firewall Query details
Documentation
PSP With Unrestricted Access to Host Path
de4421f1-4e35-43b4-9783-737dd4e4a47e
Kubernetes High Resource Management Query details
Documentation
Volume Mount With OS Directory Write Permissions
b7652612-de4e-4466-a0bf-1cd81f0c6063
Kubernetes High Resource Management Query details
Documentation
Always Admit Admission Control Plugin Set
ce30e584-b33f-4c7d-b418-a3d7027f8f60
Kubernetes Medium Access Control Query details
Documentation
Anonymous Auth Is Not Set To False
1de5cc51-f376-4638-a940-20f2e85ae238
Kubernetes Medium Access Control Query details
Documentation
Authorization Mode RBAC Not Set
1aa4a1ae-5dbb-48a1-9aa2-630ea4be208e
Kubernetes Medium Access Control Query details
Documentation
Docker Daemon Socket is Exposed to Containers
a6f34658-fdfb-4154-9536-56d516f65828
Kubernetes Medium Access Control Query details
Documentation
Node Restriction Admission Control Plugin Not Set
33fc6923-6553-4fe6-9d3a-4efa51eb874b
Kubernetes Medium Access Control Query details
Documentation
Permissive Access to Create Pods
592ad21d-ad9b-46c6-8d2d-fad09d62a942
Kubernetes Medium Access Control Query details
Documentation
RBAC Roles Allow Privilege Escalation
8320826e-7a9c-4b0b-9535-578333193432
Kubernetes Medium Access Control Query details
Documentation
RBAC Roles with Attach Permission
d45330fd-f58d-45fb-a682-6481477a0f84
Kubernetes Medium Access Control Query details
Documentation
RBAC Roles with Exec Permission
c589f42c-7924-4871-aee2-1cede9bc7cbc
Kubernetes Medium Access Control Query details
Documentation
RBAC Roles with Impersonate Permission
9f85c3f6-26fd-4007-938a-2e0cb0100980
Kubernetes Medium Access Control Query details
Documentation
RBAC Roles with Port-Forwarding Permission
38fa11ef-dbcc-4da8-9680-7e1fd855b6fb
Kubernetes Medium Access Control Query details
Documentation
RBAC Roles with Read Secrets Permissions
b7bca5c4-1dab-4c2c-8cbe-3050b9d59b14
Kubernetes Medium Access Control Query details
Documentation
Service Account Admission Control Plugin Disabled
9587c890-0524-40c2-9ce2-663af7c2f063
Kubernetes Medium Access Control Query details
Documentation
Use Service Account Credentials Not Set To True
1acd93f1-5a37-45c0-aaac-82ece818be7d
Kubernetes Medium Access Control Query details
Documentation
Readiness Probe Is Not Configured
a659f3b5-9bf0-438a-bd9a-7d3a6427f1e3
Kubernetes Medium Availability Query details
Documentation
Request Timeout Not Properly Set
d89a15bb-8dba-4c71-9529-bef6729b9c09
Kubernetes Medium Availability Query details
Documentation
Terminated Pod Garbage Collector Threshold Not Properly Set
49113af4-29ca-458e-b8d4-724c01a4a24f
Kubernetes Medium Availability Query details
Documentation
Container Running As Root
cf34805e-3872-4c08-bf92-6ff7bb0cfadb
Kubernetes Medium Best Practices Query details
Documentation
Container Running With Low UID
02323c00-cdc3-4fdc-a310-4f2b3e7a1660
Kubernetes Medium Best Practices Query details
Documentation
Root Containers Admitted
e3aa0612-4351-4a0d-983f-aefea25cf203
Kubernetes Medium Best Practices Query details
Documentation
Always Pull Images Admission Control Plugin Not Set
a77f4d07-c6e0-4a48-8b35-0eeb51576f4f
Kubernetes Medium Build Process Query details
Documentation
Incorrect Volume Claim Access Mode ReadWriteOnce
3878dc92-8e5d-47cf-9cdd-7590f71d21b9
Kubernetes Medium Build Process Query details
Documentation
Encryption Provider Config Is Not Defined
cbd2db69-0b21-4c14-8a40-7710a50571a9
Kubernetes Medium Encryption Query details
Documentation
Encryption Provider Not Properly Configured
10efce34-5af6-4d83-b414-9e096d5a06a9
Kubernetes Medium Encryption Query details
Documentation
Root CA File Not Defined
05fb986f-ac73-4ebb-a5b2-7faafa93d882
Kubernetes Medium Encryption Query details
Documentation
Service Account Private Key File Not Defined
ccc98ff7-68a7-436e-9218-185cb0b0b780
Kubernetes Medium Encryption Query details
Documentation
Weak TLS Cipher Suites
510d5810-9a30-443a-817d-5c1fa527b110
Kubernetes Medium Encryption Query details
Documentation
Authorization Mode Node Not Set
4d7ee40f-fc5d-427d-8cac-dffbe22d42d1
Kubernetes Medium Insecure Configurations Query details
Documentation
Containers With Added Capabilities
19ebaa28-fc86-4a58-bcfa-015c9e22fe40
Kubernetes Medium Insecure Configurations Query details
Documentation
Ingress Controller Exposes Workload
69bbc5e3-0818-4150-89cc-1e989b48f23b
Kubernetes Medium Insecure Configurations Query details
Documentation
Kubelet Protect Kernel Defaults Set To False
6cf42c97-facd-4fda-b8af-ea4529123355
Kubernetes Medium Insecure Configurations Query details
Documentation
NET_RAW Capabilities Disabled for PSP
2270987f-bb51-479f-b8be-3ca73e5ad648
Kubernetes Medium Insecure Configurations Query details
Documentation
NET_RAW Capabilities Not Being Dropped
dbbc6705-d541-43b0-b166-dd4be8208b54
Kubernetes Medium Insecure Configurations Query details
Documentation
PSP Allows Sharing Host PID
91dacd0e-d189-4a9c-8272-5999a3cc32d9
Kubernetes Medium Insecure Configurations Query details
Documentation
Seccomp Profile Is Not Configured
f377b83e-bd07-4f48-a591-60c82b14a78b
Kubernetes Medium Insecure Configurations Query details
Documentation
Security Context Deny Admission Control Plugin Not Set
6a68bebe-c021-492e-8ddb-55b0567fb768
Kubernetes Medium Insecure Configurations Query details
Documentation
Using Unrecommended Namespace
611ab018-c4aa-4ba2-b0f6-a448337509a6
Kubernetes Medium Insecure Configurations Query details
Documentation
Role Binding To Default Service Account
1e749bc9-fde8-471c-af0c-8254efd2dee5
Kubernetes Medium Insecure Defaults Query details
Documentation
Service Account Name Undefined Or Empty
591ade62-d6b0-4580-b1ae-209f80ba1cd9
Kubernetes Medium Insecure Defaults Query details
Documentation
Service Account Token Automount Not Disabled
48471392-d4d0-47c0-b135-cdec95eb3eef
Kubernetes Medium Insecure Defaults Query details
Documentation
Auto TLS Set To True
98ce8b81-7707-4734-aa39-627c6db3d84b
Kubernetes Medium Networking and Firewall Query details
Documentation
CNI Plugin Does Not Support Network Policies
03aabc8c-35d6-481e-9c85-20139cf72d23
Kubernetes Medium Networking and Firewall Query details
Documentation
Etcd TLS Certificate Files Not Properly Set
075ca296-6768-4322-aea2-ba5063b969a9
Kubernetes Medium Networking and Firewall Query details
Documentation
Etcd TLS Certificate Not Properly Configured
895a5a95-3756-4b04-9924-2f3bc93181bd
Kubernetes Medium Networking and Firewall Query details
Documentation
Kubelet HTTPS Set To False
cdc8b54e-6b16-4538-a1b0-35849dbe29cf
Kubernetes Medium Networking and Firewall Query details
Documentation
Kubelet Not Managing Ip Tables
5f89001f-6dd9-49ff-9b15-d8cd71b617f4
Kubernetes Medium Networking and Firewall Query details
Documentation
Kubelet Read Only Port Is Not Set To Zero
2940d48a-dc5e-4178-a3f8-bfbd80720b41
Kubernetes Medium Networking and Firewall Query details
Documentation
Kubelet Streaming Connection Timeout Disabled
ed89b97d-04e9-4fd4-919f-ee5b27e555e9
Kubernetes Medium Networking and Firewall Query details
Documentation
Peer Auto TLS Set To True
ae8827e2-4af9-4baa-9998-87539ae0d6f0
Kubernetes Medium Networking and Firewall Query details
Documentation
Pod Misconfigured Network Policy
0401f71b-9c1e-4821-ab15-a955caa621be
Kubernetes Medium Networking and Firewall Query details
Documentation
Service With External Load Balancer
26763a1c-5dda-4772-b507-5fca7fb5f165
Kubernetes Medium Networking and Firewall Query details
Documentation
TSL Connection Certificate Not Setup
fa750c81-93c2-4fab-9c6d-d3fd3ce3b89f
Kubernetes Medium Networking and Firewall Query details
Documentation
Audit Log Path Not Set
73e251f0-363d-4e53-86e2-0a93592437eb
Kubernetes Medium Observability Query details
Documentation
Audit Policy File Not Defined
13a49a2e-488e-4309-a7c0-d6b05577a5fb
Kubernetes Medium Observability Query details
Documentation
Memory Limits Not Defined
b14d1bc4-a208-45db-92f0-e21f8e2588e9
Kubernetes Medium Resource Management Query details
Documentation
Memory Requests Not Defined
229588ef-8fde-40c8-8756-f4f2b5825ded
Kubernetes Medium Resource Management Query details
Documentation
Shared Host IPC Namespace
cd290efd-6c82-4e9d-a698-be12ae31d536
Kubernetes Medium Resource Management Query details
Documentation
Shared Host Network Namespace
6b6bdfb3-c3ae-44cb-88e4-7405c1ba2c8a
Kubernetes Medium Resource Management Query details
Documentation
Etcd Client Certificate Authentication Set To False
9391103a-d8d7-4671-ac5d-606ba7ccb0ac
Kubernetes Medium Secret Management Query details
Documentation
Etcd Client Certificate File Not Defined
3f5ff8a7-5ad6-4d02-86f5-666307da1b20
Kubernetes Medium Secret Management Query details
Documentation
Etcd Peer Client Certificate Authentication Set To False
b7d0181d-0a9b-4611-9d1c-1ad4f0b620ff
Kubernetes Medium Secret Management Query details
Documentation
Kubelet Certificate Authority Not Set
ec18a0d3-0069-4a58-a7fb-fbfe0b4bbbe0
Kubernetes Medium Secret Management Query details
Documentation
Kubelet Client Certificate Or Key Not Set
36a27826-1bf5-49da-aeb0-a60a30c0e834
Kubernetes Medium Secret Management Query details
Documentation
Kubelet Client Periodic Certificate Switch Disabled
52d70f2e-3257-474c-b3dc-8ad9ba6a061a
Kubernetes Medium Secret Management Query details
Documentation
Not Unique Certificate Authority
cb7e695d-6a85-495c-b15f-23aed2519303
Kubernetes Medium Secret Management Query details
Documentation
Rotate Kubelet Server Certificate Not Active
1c621b8e-2c6a-44f5-bd6a-fb0fb7ba33e2
Kubernetes Medium Secret Management Query details
Documentation
Service Account Key File Not Properly Set
dab4ec72-ce2e-4732-b7c3-1757dcce01a1
Kubernetes Medium Secret Management Query details
Documentation
ServiceAccount Allows Access Secrets
056ac60e-fe07-4acc-9b34-8e1d51716ab9
Kubernetes Medium Secret Management Query details
Documentation
Shared Service Account
c1032cf7-3628-44e2-bd53-38c17cf31b6b
Kubernetes Medium Secret Management Query details
Documentation
Cluster Admin Rolebinding With Superuser Permissions
249328b8-5f0f-409f-b1dd-029f07882e11
Kubernetes Low Access Control Query details
Documentation
Missing AppArmor Profile
8b36775e-183d-4d46-b0f7-96a6f34a723f
Kubernetes Low Access Control Query details
Documentation
Deployment Without PodDisruptionBudget
b23e9b98-0cb6-4fc9-b257-1f3270442678
Kubernetes Low Availability Query details
Documentation
Event Rate Limit Admission Control Plugin Not Set
e0099af2-fe17-411f-9991-0de28fe15f3c
Kubernetes Low Availability Query details
Documentation
HPA Targets Invalid Object
2f652c42-619d-4361-b361-9f599688f8ca
Kubernetes Low Availability Query details
Documentation
StatefulSet Without PodDisruptionBudget
1db3a5a5-bf75-44e5-9e44-c56cfc8b1ac5
Kubernetes Low Availability Query details
Documentation
StatefulSet Without Service Name
bb241e61-77c3-4b97-9575-c0f8a1e008d0
Kubernetes Low Availability Query details
Documentation
Metadata Label Is Invalid
1123031a-f921-4c5b-bd86-ef354ecfd37a
Kubernetes Low Best Practices Query details
Documentation
No Drop Capabilities for Containers
268ca686-7fb7-4ae9-b129-955a2a89064e
Kubernetes Low Best Practices Query details
Documentation
Object Is Using A Deprecated API Version
94b76ea5-e074-4ca2-8a03-c5a606e30645
Kubernetes Low Best Practices Query details
Documentation
Image Policy Webhook Admission Control Plugin Not Set
14abda69-8e91-4acb-9931-76e2bee90284
Kubernetes Low Build Process Query details
Documentation
Namespace Lifecycle Admission Control Plugin Disabled
1ffe7bf7-563b-4b3d-a71d-ba6bd8d49b37
Kubernetes Low Build Process Query details
Documentation
Root Container Not Mounted Read-only
a9c2f49d-0671-4fc9-9ece-f4e261e128d0
Kubernetes Low Build Process Query details
Documentation
StatefulSet Requests Storage
8cf4671a-cf3d-46fc-8389-21e7405063a2
Kubernetes Low Build Process Query details
Documentation
Dashboard Is Enabled
d2ad057f-0928-41ef-a83c-f59203bb855b
Kubernetes Low Insecure Configurations Query details
Documentation
Image Pull Policy Of The Container Is Not Set To Always
caa3479d-885d-4882-9aac-95e5e78ef5c2
Kubernetes Low Insecure Configurations Query details
Documentation
Image Without Digest
7c81d34c-8e5a-402b-9798-9f442630e678
Kubernetes Low Insecure Configurations Query details
Documentation
Kubelet Hostname Override Is Set
bf36b900-b5ef-4828-adb7-70eb543b7cfb
Kubernetes Low Insecure Configurations Query details
Documentation
Pod or Container Without LimitRange
4a20ebac-1060-4c81-95d1-1f7f620e983b
Kubernetes Low Insecure Configurations Query details
Documentation
Pod or Container Without ResourceQuota
48a5beba-e4c0-4584-a2aa-e6894e4cf424
Kubernetes Low Insecure Configurations Query details
Documentation
Pod or Container Without Security Context
a97a340a-0063-418e-b3a1-3028941d0995
Kubernetes Low Insecure Configurations Query details
Documentation
Service Does Not Target Pod
3ca03a61-3249-4c16-8427-6f8e47dda729
Kubernetes Low Insecure Configurations Query details
Documentation
Network Policy Is Not Targeting Any Pod
85ab1c5b-014e-4352-b5f8-d7dea3bb4fd3
Kubernetes Low Networking and Firewall Query details
Documentation
Service Type is NodePort
845acfbe-3e10-4b8e-b656-3b404d36dfb2
Kubernetes Low Networking and Firewall Query details
Documentation
Workload Host Port Not Specified
2b1836f1-dcce-416e-8e16-da8c71920633
Kubernetes Low Networking and Firewall Query details
Documentation
Audit Log Maxage Not Properly Set
da9f3aa8-fbfb-472f-b5a1-576127944218
Kubernetes Low Observability Query details
Documentation
Audit Log Maxbackup Not Properly Set
768aab52-2504-4a2f-a3e3-329d5a679848
Kubernetes Low Observability Query details
Documentation
Audit Log Maxsize Not Properly Set
35c0a471-f7c8-4993-aa2c-503a3c712a66
Kubernetes Low Observability Query details
Documentation
Audit Policy Not Cover Key Security Concerns
1828a670-5957-4bc5-9974-47da228f75e2
Kubernetes Low Observability Query details
Documentation
Kubelet Event QPS Not Properly Set
1a07a446-8e61-4e4d-bc16-b0781fcb8211
Kubernetes Low Observability Query details
Documentation
Profiling Not Set To False
2f491173-6375-4a84-b28e-a4e2b9a58a69
Kubernetes Low Observability Query details
Documentation
CPU Limits Not Set
4ac0e2b7-d2d2-4af7-8799-e8de6721ccda
Kubernetes Low Resource Management Query details
Documentation
CPU Requests Not Set
ca469dd4-c736-448f-8ac1-30a642705e0a
Kubernetes Low Resource Management Query details
Documentation
CronJob Deadline Not Configured
192fe40b-b1c3-448a-aba2-6cc19a300fe3
Kubernetes Low Resource Management Query details
Documentation
Deployment Has No PodAntiAffinity
a31b7b82-d994-48c4-bd21-3bab6c31827a
Kubernetes Low Resource Management Query details
Documentation
StatefulSet Has No PodAntiAffinity
d740d048-8ed3-49d3-b77b-6f072f3b669e
Kubernetes Low Resource Management Query details
Documentation
Secrets As Environment Variables
3d658f8b-d988-41a0-a841-40043121de1e
Kubernetes Low Secret Management Query details
Documentation
Invalid Image Tag
583053b7-e632-46f0-b989-f81ff8045385
Kubernetes Low Supply-Chain Query details
Documentation
Ensure Administrative Boundaries Between Resources
e84eaf4d-2f45-47b2-abe8-e581b06deb66
Kubernetes Info Access Control Query details
Documentation
HPA Targeted Deployments With Configured Replica Count
5744cbb8-5946-4b75-a196-ade44449525b
Kubernetes Info Availability Query details
Documentation
Liveness Probe Is Not Defined
ade74944-a674-4e00-859e-c6eab5bde441
Kubernetes Info Availability Query details
Documentation
Not Limited Capabilities For Pod Security Policy
caa93370-791f-4fc6-814b-ba6ce0cb4032
Kubernetes Info Insecure Configurations Query details
Documentation
Bind Address Not Properly Set
46a2e9ec-6a5f-4faa-9d39-4ea44d5d87a2
Kubernetes Info Networking and Firewall Query details
Documentation
Using Kubernetes Native Secret Management
b9c83569-459b-4110-8f79-6305aa33cb37
Kubernetes Info Secret Management Query details
Documentation
Security Definitions Undefined or Empty
e3f026e8-fdb4-4d5a-bcfd-bd94452073fe
OpenAPI High Access Control Query details
Documentation
Security Requirement Not Defined In Security Definition
a599b0d1-ff89-4cb8-9ece-9951854c06f6
OpenAPI High Structure and Semantics Query details
Documentation
Global Security Using Password Flow
2da46be4-4317-4650-9285-56d7103c4f93
OpenAPI Medium Access Control Query details
Documentation
Implicit Flow in OAuth2 (v2)
e9817ad8-a8c9-4038-8a2f-db0e6e7b284b
OpenAPI Medium Access Control Query details
Documentation
Invalid OAuth2 Authorization URL (v2)
33d96c65-977d-4c33-943f-440baca49185
OpenAPI Medium Access Control Query details
Documentation
Invalid OAuth2 Token URL (v2)
274f910a-0665-4f08-b66d-7058fe927dba
OpenAPI Medium Access Control Query details
Documentation
Operation Using Basic Auth
ceefb058-8065-418f-9c4c-584a78c7e104
OpenAPI Medium Access Control Query details
Documentation
Operation Using Implicit Flow
f42dfe7e-787d-4478-a75e-a5f3d8a2269e
OpenAPI Medium Access Control Query details
Documentation
Operation Using Password Flow
2e44e632-d617-43cb-b294-6bfe72a08938
OpenAPI Medium Access Control Query details
Documentation
Security Definitions Allows Password Flow
773116aa-2e6d-416f-bd85-f0301cc05d76
OpenAPI Medium Access Control Query details
Documentation
Security Definitions Using Basic Auth
221015a8-aa2a-43f5-b00b-ad7d2b1d47a8
OpenAPI Medium Access Control Query details
Documentation
Global Schemes Uses HTTP
f30ee711-0082-4480-85ab-31d922d9a2b2
OpenAPI Medium Encryption Query details
Documentation
Path Scheme Accepts HTTP (v2)
a6847dc6-f4ea-45ac-a81f-93291ae6c573
OpenAPI Medium Encryption Query details
Documentation
Schemes Uses HTTP
a46928f1-43d7-4671-94e0-2dd99746f389
OpenAPI Medium Encryption Query details
Documentation
Operation Object Without 'consumes'
0c79e50e-b3cf-490c-b8f6-587c644d4d0c
OpenAPI Medium Insecure Configurations Query details
Documentation
Operation Object Without 'produces'
be3e170e-1572-461e-a8b6-d963def581ec
OpenAPI Medium Insecure Configurations Query details
Documentation
Non OAuth2 Security Requirement Defining OAuth2 Scopes
ba239cb9-f342-4c20-812d-7b5a2aa6969e
OpenAPI Medium Structure and Semantics Query details
Documentation
Undefined Scope 'securityDefinition' On 'security' Field On Operations
3847280c-9193-40bc-8009-76168e822ce2
OpenAPI Low Access Control Query details
Documentation
Undefined Scope 'securityDefinition' On Global 'security' Field
9aa6e95c-d964-4239-a3a8-9f37a3c5a31f
OpenAPI Low Access Control Query details
Documentation
Constraining Enum Property
be1d8733-3731-40c7-a845-734741c6871d
OpenAPI Info Best Practices Query details
Documentation
Global Parameter Definition Not Being Used
b30981fa-a12e-49c7-a5bb-eeafb61d0f0f
OpenAPI Info Best Practices Query details
Documentation
Global Responses Definition Not Being Used
0b76d993-ee52-43e0-8b39-3787d2ddabf1
OpenAPI Info Best Practices Query details
Documentation
Global Schema Definition Not Being Used
6d2e0790-cc3d-4c74-b973-d4e8b09f4455
OpenAPI Info Best Practices Query details
Documentation
Invalid Media Type Value (v2)
f985a7d2-d404-4a7f-9814-f645f791e46e
OpenAPI Info Best Practices Query details
Documentation
Operation Summary Too Long
d47940ca-5970-45cc-bdd1-4d81398cee1f
OpenAPI Info Best Practices Query details
Documentation
Schema with 'additionalProperties' set as Boolean
3a01790c-ebee-4da6-8fd3-e78657383b75
OpenAPI Info Best Practices Query details
Documentation
Unknown Prefix (v2)
3b615f00-c443-4ba9-acc4-7c308716917d
OpenAPI Info Best Practices Query details
Documentation
BasePath With Wrong Format
b4803607-ed72-4d60-99e2-3fa6edf471c6
OpenAPI Info Structure and Semantics Query details
Documentation
Body Parameter With Wrong Property
c38d630d-a415-4e3e-bac2-65475979ba88
OpenAPI Info Structure and Semantics Query details
Documentation
Body Parameter Without Schema
ed48229d-d43e-4da7-b453-5f98d964a57a
OpenAPI Info Structure and Semantics Query details
Documentation
File Parameter With Wrong Consumes Property
7f91992f-b4c8-43bf-9bf9-fae9ecdb6e3a
OpenAPI Info Structure and Semantics Query details
Documentation
Host With Invalid Pattern
3d7d7b6c-fb0a-475e-8a28-c125e30d15f0
OpenAPI Info Structure and Semantics Query details
Documentation
Multi 'collectionformat' Not Valid For 'in' Parameter
750f6448-27c0-49f8-a153-b81735c1e19c
OpenAPI Info Structure and Semantics Query details
Documentation
Multiple Body Parameters In The Same Operation
b90033cf-ad9f-4fb9-acd1-1b9d6d278c87
OpenAPI Info Structure and Semantics Query details
Documentation
Non Body Parameter Without Schema
73c3bc54-3cc6-4c0a-b30a-e19f2abfc951
OpenAPI Info Structure and Semantics Query details
Documentation
Object Without Required Property (v2)
5e5ecb9d-04b5-4e4f-b5a5-6ee04279b275
OpenAPI Info Structure and Semantics Query details
Documentation
Operation Example Mismatch Produces MimeType
2cf35b40-ded3-43d6-9633-c8dcc8bcc822
OpenAPI Info Structure and Semantics Query details
Documentation
Operation Object Parameters With 'body' And 'formatData' locations
eb3f9744-d24e-4614-b1ff-2a9514eca21c
OpenAPI Info Structure and Semantics Query details
Documentation
Parameter File Type Not In 'formData'
c3cab8c4-6c52-47a9-942b-c27f26fbd7d2
OpenAPI Info Structure and Semantics Query details
Documentation
Parameter JSON Reference Does Not Exist (v2)
fb889ae9-2d16-40b5-b41f-9da716c5abc1
OpenAPI Info Structure and Semantics Query details
Documentation
Parameter Object With Incorrect Ref (v2)
2596545e-1757-4ff7-a15a-8a9a180a42f3
OpenAPI Info Structure and Semantics Query details
Documentation
Property Not Unique
750b40be-4bac-4f59-bdc4-1ca0e6c3450e
OpenAPI Info Structure and Semantics Query details
Documentation
Response Object With Incorrect Ref (v2)
bccfa089-89e4-47e0-a0e5-185fe6902220
OpenAPI Info Structure and Semantics Query details
Documentation
Responses JSON Reference Does Not Exists (v2)
e9db5fb4-6a84-4abb-b4af-3b94fbdace6d
OpenAPI Info Structure and Semantics Query details
Documentation
Schema JSON Reference Does Not Exist (v2)
98295b32-ec09-4b5b-89a9-39853197f914
OpenAPI Info Structure and Semantics Query details
Documentation
Schema Object Incorrect Ref (v2)
0220e1c5-65d1-49dd-b7c2-cef6d6cb5283
OpenAPI Info Structure and Semantics Query details
Documentation
Unknown Property (v2)
429b2106-ba37-43ba-9727-7f699cc611e1
OpenAPI Info Structure and Semantics Query details
Documentation
Cleartext Credentials With Basic Authentication For Operation
86b1fa30-9790-4980-994d-a27e0f6f27c1
OpenAPI Medium Access Control Query details
Documentation
Field 'securityScheme' On Components Is Undefined
8db5544e-4874-4baa-9322-e9f75a2d219e
OpenAPI Medium Access Control Query details
Documentation
Global Security Scheme Using Basic Authentication
77276d82-4f45-4cf1-8e2b-4d345b936228
OpenAPI Medium Access Control Query details
Documentation
Invalid OAuth2 Authorization URL (v3)
52c0d841-60d6-4a81-88dd-c35fef36d315
OpenAPI Medium Access Control Query details
Documentation
Invalid OAuth2 Token URL (v3)
3ba0cca1-b815-47bf-ac62-1e584eb64a05
OpenAPI Medium Access Control Query details
Documentation
OAuth2 With Implicit Flow
39cb32f2-3a42-4af0-8037-82a7a9654b6c
OpenAPI Medium Access Control Query details
Documentation
OAuth2 With Password Flow
3979b0a4-532c-4ea7-86e4-34c090eaa4f2
OpenAPI Medium Access Control Query details
Documentation
Security Scheme HTTP Unknown Scheme
06764426-3c56-407e-981f-caa25db1c149
OpenAPI Medium Access Control Query details
Documentation
Global Server Object Uses HTTP
2d8c175a-6d90-412b-8b0e-e034ea49a1fe
OpenAPI Medium Encryption Query details
Documentation
Path Server Object Uses HTTP (v3)
9670f240-7b4d-4955-bd93-edaa9fa38b58
OpenAPI Medium Encryption Query details
Documentation
Media Type Object Without Schema
f79b9d26-e945-44e7-98a1-b93f0f7a68a0
OpenAPI Medium Insecure Configurations Query details
Documentation
Parameter Object Without Schema
8fe1846f-52cc-4413-ace9-1933d7d23672
OpenAPI Medium Insecure Configurations Query details
Documentation
Header Object Without Schema
50de3b5b-6465-4e06-a9b0-b4c2ba34326b
OpenAPI Medium Networking and Firewall Query details
Documentation
API Key Exposed In Global Security Scheme
40e1d1bf-11a9-4f63-a3a2-a8b84c602839
OpenAPI Low Access Control Query details
Documentation
Security Scheme Using HTTP Basic
68e5fcac-390c-4939-a373-6074b7be7c71
OpenAPI Low Access Control Query details
Documentation
Security Scheme Using HTTP Digest
a4247b11-890b-45df-bf42-350a7a3af9be
OpenAPI Low Access Control Query details
Documentation
Security Scheme Using HTTP Negotiate
f525cc92-9050-4c41-a75c-890dc6f64449
OpenAPI Low Access Control Query details
Documentation
Security Scheme Using Oauth 1.0
1bc3205c-0d60-44e6-84f3-44fbf4dac5b3
OpenAPI Low Access Control Query details
Documentation
Undefined Scope 'securityScheme' On 'security' Field On Operations
462d6a1d-fed9-4d75-bb9e-3de902f35e6e
OpenAPI Low Access Control Query details
Documentation
Undefined Scope 'securityScheme' On Global 'security' Field
23a9e2d9-8738-4556-a71c-2802b6ffa022
OpenAPI Low Access Control Query details
Documentation
Additional Properties Too Permissive
9f88c88d-824d-4d9a-b985-e22977046042
OpenAPI Low Insecure Configurations Query details
Documentation
Additional Properties Too Restrictive
a19c3bbd-c056-40d7-9e1c-eeb0634e320d
OpenAPI Low Insecure Configurations Query details
Documentation
Success Response Code Undefined for Trace Operation
105e20dd-8449-4d71-95c6-d5dac96639af
OpenAPI Low Networking and Firewall Query details
Documentation
Components Callback Definition Is Unused
d15db953-a553-4b8a-9a14-a3d62ea3d79d
OpenAPI Info Best Practices Query details
Documentation
Components Example Definition Is Unused
b05bb927-2df5-43cc-8d7b-6825c0e71625
OpenAPI Info Best Practices Query details
Documentation
Components Header Definition Is Unused
a68da022-e95a-4bc2-97d3-481e0bd6d446
OpenAPI Info Best Practices Query details
Documentation
Components Link Definition Is Unused
c19779a9-5774-4d2f-a3a1-a99831730375
OpenAPI Info Best Practices Query details
Documentation
Components Parameter Definition Is Unused
698a464e-bb3e-4ba8-ab5e-e6599b7644a0
OpenAPI Info Best Practices Query details
Documentation
Components Request Body Definition Is Unused
6b76f589-9713-44ab-97f5-59a3dba1a285
OpenAPI Info Best Practices Query details
Documentation
Components Response Definition Is Unused
9c3ea128-7e9a-4b4c-8a32-75ad17a2d3ae
OpenAPI Info Best Practices Query details
Documentation
Components Schema Definition Is Unused
962fa01e-b791-4dcc-b04a-4a3e7389be5e
OpenAPI Info Best Practices Query details
Documentation
Encoding Header 'Content-Type' Improperly Defined
4cd8de87-b595-48b6-ab3c-1904567135ab
OpenAPI Info Best Practices Query details
Documentation
Invalid Media Type Value (v3)
cf4a5f45-a27b-49df-843a-9911dbfe71d4
OpenAPI Info Best Practices Query details
Documentation
Property 'allowEmptyValue' Ignored
59c2f769-7cc2-49c8-a3de-4e211135cfab
OpenAPI Info Best Practices Query details
Documentation
Property 'allowReserved' of Encoding Object Ignored
4190dda7-af03-4cf0-a128-70ac1661ca09
OpenAPI Info Best Practices Query details
Documentation
Property 'explode' of Encoding Object Ignored
a4dd69b8-49fa-45d2-a060-c76655405b05
OpenAPI Info Best Practices Query details
Documentation
Property 'style' of Encoding Object Ignored
d3ea644a-9a5c-4fee-941f-f8a6786c0470
OpenAPI Info Best Practices Query details
Documentation
Unknown Prefix (v3)
a5375be3-521c-43bb-9eab-e2432e368ee4
OpenAPI Info Best Practices Query details
Documentation
Callback JSON Reference Does Not Exist
f29904c8-6041-4bca-b043-dfa0546b8079
OpenAPI Info Structure and Semantics Query details
Documentation
Callback Object With Incorrect Ref
ba066cda-e808-450d-92b6-f29109754d45
OpenAPI Info Structure and Semantics Query details
Documentation
Components Object Fixed Field Key Improperly Named
151331e2-11f4-4bb6-bd35-9a005e695087
OpenAPI Info Structure and Semantics Query details
Documentation
Empty Array
5915c20f-dffa-4cee-b5d4-f457ddc0151a
OpenAPI Info Structure and Semantics Query details
Documentation
Encoding Map Key Mismatch Schema Defined Properties
cd7a52cf-8d7f-4cfe-bbeb-6306d23f576b
OpenAPI Info Structure and Semantics Query details
Documentation
Example JSON Reference Does Not Exist
6a2c219f-da5e-4745-941e-5ea8cde23356
OpenAPI Info Structure and Semantics Query details
Documentation
Example JSON Reference Outside Components Examples
bac56e3c-1f71-4a74-8ae6-2fba07efcddb
OpenAPI Info Structure and Semantics Query details
Documentation
Header JSON Reference Does Not Exist
376c9390-7e9e-4cb8-a067-fd31c05451fd
OpenAPI Info Structure and Semantics Query details
Documentation
Header Object With Incorrect Ref
2d6646f4-2946-420f-8c14-3232d49ae0cb
OpenAPI Info Structure and Semantics Query details
Documentation
Invalid Content Type For Multiple Files Upload
26f06397-36d8-4ce7-b993-17711261d777
OpenAPI Info Structure and Semantics Query details
Documentation
Link JSON Reference Does Not Exist
801f0c6a-a834-4467-89c6-ddecffb46b5a
OpenAPI Info Structure and Semantics Query details
Documentation
Link Object Incorrect Ref
b9db8a10-020c-49ca-88c6-780e5fdb4328
OpenAPI Info Structure and Semantics Query details
Documentation
Link Object OperationId Does Not Target Operation Object
c5bb7461-aa57-470b-a714-3bc3d74f4669
OpenAPI Info Structure and Semantics Query details
Documentation
Link Object With Both 'operationId' And 'operationRef'
60fb6621-9f02-473b-9424-ba9a825747d3
OpenAPI Info Structure and Semantics Query details
Documentation
Object Without Required Property (v3)
d172a060-8569-4412-8045-3560ebd477e8
OpenAPI Info Structure and Semantics Query details
Documentation
Parameter JSON Reference Does Not Exist (v3)
2e275f16-b627-4d3f-ae73-a6153a23ae8f
OpenAPI Info Structure and Semantics Query details
Documentation
Parameter Object Content With Multiple Entries
8bfed1c6-2d59-4924-bc7f-9b9d793ed0df
OpenAPI Info Structure and Semantics Query details
Documentation
Parameter Object With Incorrect Ref (v3)
d40f27e6-15fb-4b56-90f8-fc0ff0291c51
OpenAPI Info Structure and Semantics Query details
Documentation
Parameter Object With Schema And Content
31dd6fc0-f274-493b-9614-e063086c19fc
OpenAPI Info Structure and Semantics Query details
Documentation
Parameter Object With Undefined Type
46facedc-f243-4108-ab33-583b807d50b0
OpenAPI Info Structure and Semantics Query details
Documentation
Property 'allowReserved' Improperly Defined
7f203940-39c4-4ea7-91ee-7aba16bca9e2
OpenAPI Info Structure and Semantics Query details
Documentation
Request Body JSON Reference Does Not Exist
ca02f4e8-d3ae-4832-b7db-bb037516d9e7
OpenAPI Info Structure and Semantics Query details
Documentation
Request Body Object With Incorrect Media Type
58f06434-a88c-4f74-826c-db7e10cc7def
OpenAPI Info Structure and Semantics Query details
Documentation
Request Body With Incorrect Ref
0f6cd0ab-c366-4595-84fc-fbd8b9901e4d
OpenAPI Info Structure and Semantics Query details
Documentation
Response JSON Reference Does Not Exist (v3)
7a01dfbd-da62-4165-aed7-71349ad42ab4
OpenAPI Info Structure and Semantics Query details
Documentation
Response Object With Incorrect Ref (v3)
b3871dd8-9333-4d6c-bd52-67eb898b71ab
OpenAPI Info Structure and Semantics Query details
Documentation
Schema JSON Reference Does Not Exist (v3)
015eac96-6313-43c0-84e5-81b1374fa637
OpenAPI Info Structure and Semantics Query details
Documentation
Schema Object Incorrect Ref (v3)
4cac7ace-b0fb-477d-830d-65395d9109d9
OpenAPI Info Structure and Semantics Query details
Documentation
Schema With Both ReadOnly And WriteOnly
d2361d58-361c-49f0-9e50-b957fd608b29
OpenAPI Info Structure and Semantics Query details
Documentation
Security Field Undefined
ab1263c2-81df-46f0-9f2c-0b62fdb68419
OpenAPI Info Structure and Semantics Query details
Documentation
Security Operation Field Undefined
20a482d5-c5d9-4a7a-b7a4-60d0805047b4
OpenAPI Info Structure and Semantics Query details
Documentation
Security Requirement Object With Wrong Scopes
37140f7f-724a-4c87-a536-e9cee1d61533
OpenAPI Info Structure and Semantics Query details
Documentation
Server Object Variable Not Used
8aee4754-970d-4c5f-8142-a49dfe388b1a
OpenAPI Info Structure and Semantics Query details
Documentation
Server URL Not Absolute
a0bf7382-5d5a-4224-924c-3db8466026c9
OpenAPI Info Structure and Semantics Query details
Documentation
Server URL Uses Undefined Variables
8d0921d6-4131-461f-a253-99e873f8f77e
OpenAPI Info Structure and Semantics Query details
Documentation
Servers Array Undefined
c66ebeaa-676c-40dc-a3ff-3e49395dcd5e
OpenAPI Info Structure and Semantics Query details
Documentation
Unknown Property (v3)
fb7d81e7-4150-48c4-b914-92fc05da6a2f
OpenAPI Info Structure and Semantics Query details
Documentation
Global Security Field Has An Empty Array (v2)
da31d54b-ad54-41dc-95eb-8b3828629213
OpenAPI High Access Control Security object need to have defined rules in its array and rules should be defined on securityScheme
Documentation
Global Security Field Has An Empty Array (v3)
d674aea4-ba8b-454b-bb97-88a772ea33f0
OpenAPI High Access Control Query details
Documentation
Global security field has an empty object (v2)
292919fb-7b26-4454-bee9-ce29094768dd
OpenAPI High Access Control Global security definition must not have empty objects
Documentation
Global security field has an empty object (v3)
543e38f4-1eee-479e-8eb0-15257013aa0a
OpenAPI High Access Control Query details
Documentation
Global Security Field Is Undefined (v2)
74703c89-0ea2-49ab-a7db-bf04f19f5a57
OpenAPI High Access Control Global security field should be defined to prevent API to have insecure paths and have this rules defined on securityDefinitions
Documentation
Global Security Field Is Undefined (v3)
8af270ce-298b-4405-9922-82a10aee7a4f
OpenAPI High Access Control Query details
Documentation
No Global And Operation Security Defined (v2)
586abcee-9653-462d-ad7b-2638a32bd6e6
OpenAPI High Access Control All paths should have security scheme, if it is omitted, global security field should be defined
Documentation
No Global And Operation Security Defined (v3)
96729c6b-7400-4d9e-9807-17f00cdde4d2
OpenAPI High Access Control Query details
Documentation
Security Field On Operations Has An Empty Array (v2)
5d29effc-5d68-481f-9721-d74e5919226b
OpenAPI High Access Control Security object for operations, if defined, must define a security scheme, otherwise it should be considered an error
Documentation
Security Field On Operations Has An Empty Array (v3)
663c442d-f918-4f62-b096-0bf5dcbeb655
OpenAPI High Access Control Query details
Documentation
Security Field On Operations Has An Empty Object Definition (v2)
74581e3b-1d55-4323-a139-5959a7b3abc5
OpenAPI High Access Control Security object for operations should not be empty object or has any empty object definition
Documentation
Security Field On Operations Has An Empty Object Definition (v3)
baade968-7467-41e4-bf22-83ca222f5800
OpenAPI High Access Control Query details
Documentation
Array Without Maximum Number of Items (v2)
99eb2c95-2040-4104-9e7c-e16f7474d218
OpenAPI Medium Insecure Configurations Array schema/parameter should have the field 'maxItems' set
Documentation
Array Without Maximum Number of Items (v3)
6998389e-66b2-473d-8d05-c8d71ac4d04d
OpenAPI Medium Insecure Configurations Query details
Documentation
JSON Object Schema Without Properties (v2)
3d28f751-bc18-4f83-ace0-216b6086410b
OpenAPI Medium Insecure Configurations Schema of the JSON object should have properties defined and 'additionalProperties' set to false.
Documentation
JSON Object Schema Without Properties (v3)
9d967a2b-9d64-41a6-abea-dfc4960299bd
OpenAPI Medium Insecure Configurations Query details
Documentation
JSON Object Schema Without Type (v2)
62d52544-82ef-4b75-8308-cad49d50212b
OpenAPI Medium Insecure Configurations Schema of the JSON object should have 'type' defined.
Documentation
JSON Object Schema Without Type (v3)
e2ffa504-d22a-4c94-b6c5-f661849d2db7
OpenAPI Medium Insecure Configurations Query details
Documentation
Pattern Undefined (v2)
afde15cf-9444-4126-8c62-41cd79db1d1d
OpenAPI Medium Insecure Configurations String schema/parameter/header should have 'pattern' defined.
Documentation
Pattern Undefined (v3)
00b78adf-b83f-419c-8ed8-c6018441dd3a
OpenAPI Medium Insecure Configurations Query details
Documentation
Schema Object is Empty (v2)
967575e5-eb44-4c24-aadb-7e33608ed30a
OpenAPI Medium Insecure Configurations The Schema Object should not be empty to avoid accepting any JSON values
Documentation
Schema Object is Empty (v3)
500ce696-d501-41dd-86eb-eceb011a386f
OpenAPI Medium Insecure Configurations Query details
Documentation
Response on operations that should have a body has undefined schema (v2)
31afbcb7-70e0-48bb-a31a-3374f95cf859
OpenAPI Medium Networking and Firewall If a response is not head or its code is not 204 or 304, it should have a schema defined
Documentation
Response on operations that should have a body has undefined schema (v3)
a92be1d5-d762-484a-86d6-8cd0907ba100
OpenAPI Medium Networking and Firewall Query details
Documentation
API Key Exposed In Global Security (v2)
533a0d13-6e89-4551-ae33-bce14e5849c1
OpenAPI Low Access Control API Keys should be transported using a secure method such as HTTPS. Define a security scheme that uses a secure method to transport the API key.
Documentation
API Key Exposed In Global Security (v3)
aecee30b-8ea1-4776-a99c-d6d600f0862f
OpenAPI Low Access Control Query details
Documentation
API Key Exposed In Operation Security (v2)
392599e4-a4e2-403d-bc56-3fe05755782d
OpenAPI Low Access Control API Keys should be transported using a secure method such as HTTPS. Define a security scheme that uses a secure method to transport the API key.
Documentation
API Key Exposed In Operation Security (v3)
281b8071-6226-4a43-911d-fec246d422c2
OpenAPI Low Access Control Query details
Documentation
Array Items Has No Type (v2)
8697a1a4-82c6-4603-8ac8-57529756744e
OpenAPI Low Insecure Configurations Schema/Parameter array items type should be defined
Documentation
Array Items Has No Type (v3)
be0e0df7-f3d9-42a1-9b6f-d425f94872c4
OpenAPI Low Insecure Configurations Query details
Documentation
Invalid Format (v2)
caf1793e-95dd-4b18-8d90-8f3c0ab5bddf
OpenAPI Low Insecure Configurations The format should be valid for the type defined. For integer type must be int32 or int64 and number type must be float or double
Documentation
Invalid Format (v3)
d929c031-078f-4241-b802-e224656ad890
OpenAPI Low Insecure Configurations Query details
Documentation
Maximum Length Undefined (v2)
2ec86e48-ab90-4cb6-a131-0502afd1f442
OpenAPI Low Insecure Configurations String schema/parameter/header should have 'maxLength' defined.
Documentation
Maximum Length Undefined (v3)
8c8261c2-19a9-4ef7-ad37-b8bc7bdd4d85
OpenAPI Low Insecure Configurations Query details
Documentation
Numeric Schema Without Format (v2)
3ed8fc82-c2bb-49e0-811f-c53923674c49
OpenAPI Low Insecure Configurations Numeric schema (type set to 'integer' or 'number') should have 'format' defined.
Documentation
Numeric Schema Without Format (v3)
fbf699b5-ef74-4542-9cf1-f6eeac379373
OpenAPI Low Insecure Configurations Query details
Documentation
Numeric Schema Without Maximum (v2)
203eee11-15b6-4d47-b888-4c7f534967ee
OpenAPI Low Insecure Configurations Numeric schema (type set to 'integer' or 'number') should have 'maximum' defined.
Documentation
Numeric Schema Without Maximum (v3)
2ea04bef-c769-409e-9179-ee3a50b5c0ac
OpenAPI Low Insecure Configurations Query details
Documentation
Numeric Schema Without Minimum (v2)
efd1dfc8-da91-4909-a3f3-c23abc5ec799
OpenAPI Low Insecure Configurations Numeric schema (type set to 'integer' or 'number') should have 'minimum' defined.
Documentation
Numeric Schema Without Minimum (v3)
181bd815-767e-4e95-a24d-bb3c87328e19
OpenAPI Low Insecure Configurations Query details
Documentation
String Schema with Broad Pattern (v2)
e4a019f0-9af3-49c8-bf68-1939a6ff240d
OpenAPI Low Insecure Configurations String schema should restrict the pattern
Documentation
String Schema with Broad Pattern (v3)
8c81d6c0-716b-49ec-afa5-2d62da4e3f3c
OpenAPI Low Insecure Configurations Query details
Documentation
Default Response Undefined On Operations (v2)
5f34c7ae-4f3f-4cbb-8fe3-a11d6961062f
OpenAPI Low Networking and Firewall Operations responses should have a default response defined
Documentation
Default Response Undefined On Operations (v3)
86e3702f-c868-44b2-b61d-ea5316c18110
OpenAPI Low Networking and Firewall Query details
Documentation
Response Code Missing (v2)
6e96ed39-bf45-4089-99ba-f1fe7cf6966f
OpenAPI Low Networking and Firewall 500, 429 and 400 responses should be defined for all operations, except head operation. 415 response should be defined for the post, put, and patch operations. 404 response should be defined for the get, put, head, delete operations. 200 response should be defined for options operation. 401 and 403 response should be defined for all operations when the security field is defined.
Documentation
Response Code Missing (v3)
6c35d2c6-09f2-4e5c-a094-e0e91327071d
OpenAPI Low Networking and Firewall Query details
Documentation
Response on operations that should not have a body has declared content (v2)
268defd2-2839-4e15-8cbc-de86eb38c231
OpenAPI Low Networking and Firewall If a response is head or its code is 204 or 304, it shouldn't have a schema defined
Documentation
Response on operations that should not have a body has declared content (v3)
12a7210b-f4b4-47d0-acac-0a819e2a0ca3
OpenAPI Low Networking and Firewall Query details
Documentation
Success Response Code Undefined for Delete Operation (v2)
ad432855-b7fb-4429-92a3-93b5ce34f0b1
OpenAPI Low Networking and Firewall Delete should define at least one success response (200, 201, 202 or 204)
Documentation
Success Response Code Undefined for Delete Operation (v3)
3b497874-ae59-46dd-8d72-1868a3b8f150
OpenAPI Low Networking and Firewall Query details
Documentation
Success Response Code Undefined for Get Operation (v2)
9b633f3b-c94b-4fbb-a65b-1a4e9134fb63
OpenAPI Low Networking and Firewall Get should define at least one success response (200 or 202)
Documentation
Success Response Code Undefined for Get Operation (v3)
b2f275be-7d64-4064-b418-be6b431363a7
OpenAPI Low Networking and Firewall Query details
Documentation
Success Response Code Undefined for Head Operation (v2)
4f0b30e3-a498-4dd7-b3f2-f4b6471a8d5a
OpenAPI Low Networking and Firewall Head should define at least one success response (200 or 202)
Documentation
Success Response Code Undefined for Head Operation (v3)
3b066059-f411-4554-ac8d-96f32bff90da
OpenAPI Low Networking and Firewall Query details
Documentation
Success Response Code Undefined for Patch Operation (v2)
f36e87cc-a209-4f37-8571-66833e4aead7
OpenAPI Low Networking and Firewall Patch should define at least one success response (200, 201, 202 or 204)
Documentation
Success Response Code Undefined for Patch Operation (v3)
1908a8ee-927d-4166-8f18-241152170cc1
OpenAPI Low Networking and Firewall Query details
Documentation
Success Response Code Undefined for Post Operation (v2)
9fedee41-2e6d-4091-b011-4a16b4c18c70
OpenAPI Low Networking and Firewall Post should define at least one success response (200, 201, 202 or 204)
Documentation
Success Response Code Undefined for Post Operation (v3)
f368dd2d-9344-4146-a05b-7c6faa1269ad
OpenAPI Low Networking and Firewall Query details
Documentation
Success Response Code Undefined for Put Operation (v2)
965a043f-5f3c-4d0a-be72-d9ce12fdb4d6
OpenAPI Low Networking and Firewall Put should define at least one success response (200, 201, 202 or 204)
Documentation
Success Response Code Undefined for Put Operation (v3)
60b5f56b-66ff-4e1c-9b62-5753e16825bc
OpenAPI Low Networking and Firewall Query details
Documentation
Example Not Compliant With Schema Type (v2)
448db771-06ea-4dee-b48c-1689cbfb4b43
OpenAPI Info Best Practices Examples values and fields should be compliant with the schema type
Documentation
Example Not Compliant With Schema Type (v3)
881a6e71-c2a7-4fe2-b9c3-dfcf08895331
OpenAPI Info Best Practices Query details
Documentation
Header Parameter Named as 'Accept' (v2)
3ddd74cc-6582-486c-8b0c-2b48cb38e0a3
OpenAPI Info Best Practices The header Parameter should not be named as 'Accept'. If so, it will be ignored.
Documentation
Header Parameter Named as 'Accept' (v3)
f2702af5-6016-46cb-bbc8-84c766032095
OpenAPI Info Best Practices Query details
Documentation
Header Parameter Named as 'Authorization' (v2)
e2e00c97-7171-4fb4-b461-d631df9a711c
OpenAPI Info Best Practices The header Parameter should not be named as 'Authorization'. If so, it will be ignored.
Documentation
Header Parameter Named as 'Authorization' (v3)
8c84f75e-5048-4926-a4cb-33e7b3431300
OpenAPI Info Best Practices Query details
Documentation
Header Parameter Named as 'Content-Type' (v2)
51978067-3b22-4c29-aaf3-96bf0bc28897
OpenAPI Info Best Practices The header Parameter should not be named as 'Content-Type'. If so, it will be ignored.
Documentation
Header Parameter Named as 'Content-Type' (v3)
72d259ca-9741-48dd-9f62-eb11f2936b37
OpenAPI Info Best Practices Query details
Documentation
Header Response Name Is Invalid (v2)
86733e01-a435-4bd5-a8b0-5108be9dc1e4
OpenAPI Info Best Practices The Header Response should not be named as 'Content-Type', 'Authorization' or 'Accept'. If so, it will be ignored.
Documentation
Header Response Name Is Invalid (v3)
d4e43db5-54d8-4dda-b3c2-0dc6f31a46bd
OpenAPI Info Best Practices Query details
Documentation
Invalid Contact Email (v2)
d83bebc8-4e5e-4241-b783-cba9fb5a1c9a
OpenAPI Info Best Practices Contact Object Email should be a valid email
Documentation
Invalid Contact Email (v3)
b1a7fcb0-2afe-4d5c-a6a1-4e6311fc29e7
OpenAPI Info Best Practices Query details
Documentation
Invalid Contact URL (v2)
c7000383-16d0-4509-8cd3-585e5ea2e2f2
OpenAPI Info Best Practices Contact Object URL should be a valid URL
Documentation
Invalid Contact URL (v3)
332cf2ad-380d-4b90-b436-46f8e635cf38
OpenAPI Info Best Practices Query details
Documentation
Invalid Global External Documentation URL (v2)
46d3b74d-9fe9-45bf-9e9e-efb7f701ee28
OpenAPI Info Best Practices Global External Documentation URL should be a valid URL
Documentation
Invalid Global External Documentation URL (v3)
b2d9dbf6-539c-4374-a1fd-210ddf5563a8
OpenAPI Info Best Practices Query details
Documentation
Invalid License URL (v2)
de2b4910-8484-46d6-a055-dc1e793ee3ff
OpenAPI Info Best Practices License Object URL should be a valid URL
Documentation
Invalid License URL (v3)
9239c289-9e4c-4d92-8be1-9d506057c971
OpenAPI Info Best Practices Query details
Documentation
Invalid Operation External Documentation URL (v2)
25635c31-ee32-4708-88e5-fced87516f51
OpenAPI Info Best Practices Operation External Documentation URL should be a valid URL
Documentation
Invalid Operation External Documentation URL (v3)
5ea61624-3733-4a3a-8ca4-b96fec9c5aeb
OpenAPI Info Best Practices Query details
Documentation
Invalid Schema External Documentation URL (v2)
f7fa95b7-d819-484c-9a2b-665dd1bba25e
OpenAPI Info Best Practices Schema External Documentation URL should be a valid URL
Documentation
Invalid Schema External Documentation URL (v3)
6952a7e0-6e48-4285-bbc1-27c64e60f888
OpenAPI Info Best Practices Query details
Documentation
Invalid Tag External Documentation URL (v2)
b4a7d925-738b-4219-99d9-87d6ee262a03
OpenAPI Info Best Practices Tag External Documentation URL should be a valid URL
Documentation
Invalid Tag External Documentation URL (v3)
5aea1d7e-b834-4749-b143-2c7ec3bd5922
OpenAPI Info Best Practices Query details
Documentation
JSON '$ref' alongside other properties (v2)
f34c1c68-4773-4df0-a103-6e2ca32e585f
OpenAPI Info Best Practices Each field on Open API specification which accepts '$ref', infers that field is using a reference object, which has only '$ref' key
Documentation
JSON '$ref' alongside other properties (v3)
96beb800-566f-49a9-a0ea-dbdf4bc80429
OpenAPI Info Best Practices Query details
Documentation
Object Using Enum With Keyword (v2)
7f15962a-d862-451c-ac9b-84ec13747aa6
OpenAPI Info Best Practices Schema/Parameter/Header Object properties should not contain 'enum' and schema keywords
Documentation
Object Using Enum With Keyword (v3)
2e9b6612-8f69-42e0-a5b8-ed17739c2f3a
OpenAPI Info Best Practices Query details
Documentation
Operation Without Successful HTTP Status Code (v2)
a1ee6ebe-3877-42ec-b9a6-e524e7d06aa2
OpenAPI Info Best Practices Operation Object should have at least one successful HTTP status code defined
Documentation
Operation Without Successful HTTP Status Code (v3)
48e9e1fe-cf79-45b5-93e6-8b55ae5dadfd
OpenAPI Info Best Practices Query details
Documentation
Path Without Operation (v2)
609cd557-66b4-41fa-8edd-2abc6c7cfd08
OpenAPI Info Best Practices Path object should have at least one operation object defined
Documentation
Path Without Operation (v3)
84c826c9-1893-4b34-8cdd-db97645b4bf3
OpenAPI Info Best Practices Query details
Documentation
Required Property With Default Value (v2)
f7ab6c83-ef89-40e1-8a99-32e2599fb665
OpenAPI Info Best Practices Required properties receive value from requests, which makes unnecessary declare a default value
Documentation
Required Property With Default Value (v3)
013bdb4b-9246-4248-b0c3-7fb0fee42a29
OpenAPI Info Best Practices Query details
Documentation
Default Invalid (v2)
78dfd8f0-a6ee-48ec-af8c-e4d9b3292a07
OpenAPI Info Structure and Semantics The field 'default' of Schema/Parameter/Header Object should be consistent with the schema's/parameter's/header's type
Documentation
Default Invalid (v3)
a96bbc06-8cde-4295-ad3c-ee343a7f658e
OpenAPI Info Structure and Semantics Query details
Documentation
Items Undefined (v2)
3e4d34d2-36cf-4449-976d-6c256db8fc49
OpenAPI Info Structure and Semantics Schema/Parameter items should be defined when the schema/parameter is set to an array.
Documentation
Items Undefined (v3)
a8e859da-4a43-4e7f-94b8-25d6e3bf8e90
OpenAPI Info Structure and Semantics Query details
Documentation
Non-Array Schema With Items (v2)
9d47956b-29cd-43b1-9e6e-b39a4d484353
OpenAPI Info Structure and Semantics Non-Array Schema should not have 'items' defined
Documentation
Non-Array Schema With Items (v3)
20cb3159-b219-496b-8dac-54ae3ab2021a
OpenAPI Info Structure and Semantics Query details
Documentation
OperationId Not Unique (v2)
21245007-91c4-40e5-964e-40c85d1e5aa6
OpenAPI Info Structure and Semantics OperationId should be unique when defined
Documentation
OperationId Not Unique (v3)
c254adc4-ef25-46e1-8270-b7944adb4198
OpenAPI Info Structure and Semantics Query details
Documentation
Parameter Objects Headers With Duplicated Name (v2)
bd2cbef5-62c4-40f1-af07-4b7f9ced6616
OpenAPI Info Structure and Semantics Parameter Objects should not have duplicate names for 'header' location, since HTTP headers are not case sensitive.
Documentation
Parameter Objects Headers With Duplicated Name (v3)
05505192-ba2c-4a81-9b25-dcdbcc973746
OpenAPI Info Structure and Semantics Query details
Documentation
Parameters Name In Combination Not Unique (v2)
ab871897-ec02-4835-9818-702536ee1dda
OpenAPI Info Structure and Semantics Parameters properties 'name' and 'in' should have unique combinations
Documentation
Parameters Name In Combination Not Unique (v3)
f5b2e6af-76f5-496d-8482-8f898c5fdb4a
OpenAPI Info Structure and Semantics Query details
Documentation
Path Is Ambiguous (v2)
b2468463-3ac4-4930-890c-f35b2bf4485d
OpenAPI Info Structure and Semantics All path should be unique, if has more than one operation, all operations should be part of same Path Object
Documentation
Path Is Ambiguous (v3)
237402e2-c2f0-46c9-9cf5-286160cf7bfc
OpenAPI Info Structure and Semantics Query details
Documentation
Path Parameter Not Required (v2)
ccd0613f-cb77-4684-a892-183bd2674d12
OpenAPI Info Structure and Semantics The property 'required' determines whether the parameter is mandatory. If the parameter location is 'path', this property is required and its value must be true.
Documentation
Path Parameter Not Required (v3)
0de50145-e845-47f4-9a15-23bcf2125710
OpenAPI Info Structure and Semantics Query details
Documentation
Path Parameter With No Corresponding Template Path (v2)
194ef1f8-360e-4c14-8ed2-e83e2bafa142
OpenAPI Info Structure and Semantics The path parameter must have a corresponding template path for a given operation
Documentation
Path Parameter With No Corresponding Template Path (v3)
69d7aefd-149d-47b8-8d89-1c2181a8067b
OpenAPI Info Structure and Semantics Query details
Documentation
Path Template is Empty (v2)
c201b7ad-6173-4598-a407-5edb04a1bcd7
OpenAPI Info Structure and Semantics All path templates should not be empty
Documentation
Path Template is Empty (v3)
ae13a37d-943b-47a7-a970-83c8598bcca3
OpenAPI Info Structure and Semantics Query details
Documentation
Paths Object is Empty (v2)
3e6c7b1c-8a8d-43ab-98b9-65159f44db4a
OpenAPI Info Structure and Semantics Paths object may be empty due to ACL constraints, meaning they are not exposed
Documentation
Paths Object is Empty (v3)
815021c8-a50c-46d9-b192-24f71072c400
OpenAPI Info Structure and Semantics Query details
Documentation
Properties Missing Required Property (v2)
71beb6ab-8b70-4816-a9ac-a0ff1fb22a62
OpenAPI Info Structure and Semantics Schema Object should have all required properties defined
Documentation
Properties Missing Required Property (v3)
3fb03214-25d4-4bd4-867c-c2d8d708a483
OpenAPI Info Structure and Semantics Query details
Documentation
Property 'allowEmptyValue' Improperly Defined (v2)
0bc1477d-0922-478b-ae16-674a7634a1a8
OpenAPI Info Structure and Semantics Property 'allowEmptyValue' should be only defined for query parameters and formData parameters
Documentation
Property 'allowEmptyValue' Improperly Defined (v3)
4bcbcd52-3028-469f-bc14-02c7dbba2df2
OpenAPI Info Structure and Semantics Query details
Documentation
Property Defining Minimum Greater Than Maximum (v2)
b5102ea9-6527-4bb7-94fc-9b4076150e55
OpenAPI Info Structure and Semantics Property defining minimum has greater value than maximum defined
Documentation
Property Defining Minimum Greater Than Maximum (v3)
ab2af219-cd08-4233-b5a1-a788aac88b51
OpenAPI Info Structure and Semantics Query details
Documentation
Responses Object Is Empty (v2)
6172e7ab-d2b7-45f8-a7db-1603931d8ba3
OpenAPI Info Structure and Semantics Responses Object should not be empty
Documentation
Responses Object Is Empty (v3)
990eaf09-d6f1-4c3c-b174-a517b1de8917
OpenAPI Info Structure and Semantics Query details
Documentation
Responses With Wrong HTTP Status Code (v2)
069a5378-2091-43f0-aa3b-ee8f20996e99
OpenAPI Info Structure and Semantics HTTP Responses status code should be in range of [200-599]
Documentation
Responses With Wrong HTTP Status Code (v3)
d86655c0-92f6-4ffc-b4d5-5b5775804c27
OpenAPI Info Structure and Semantics Query details
Documentation
Schema Discriminator Mismatch Defined Properties (v2)
addc0eab-27f6-4c26-8526-d2ccd3732662
OpenAPI Info Structure and Semantics Schema discriminator values should match defined properties.
Documentation
Schema Discriminator Mismatch Defined Properties (v3)
40d3df21-c170-4dbe-9c02-4289b51f994f
OpenAPI Info Structure and Semantics Query details
Documentation
Schema Discriminator Not Required (v2)
be6a3722-af60-438c-b1b9-2a03e2958ab7
OpenAPI Info Structure and Semantics The discriminator property in the Schema Object should be a required property
Documentation
Schema Discriminator Not Required (v3)
b481d46c-9c61-480f-86d9-af07146dc4a4
OpenAPI Info Structure and Semantics Query details
Documentation
Schema Discriminator Property Not String (v2)
949376f1-f560-4c6d-a016-63424ca931bb
OpenAPI Info Structure and Semantics Schema discriminator property should be a string
Documentation
Schema Discriminator Property Not String (v3)
dadc2f36-1f5a-46c0-8289-75e626583123
OpenAPI Info Structure and Semantics Query details
Documentation
Schema Enum Invalid (v2)
8fe6d18a-ad4c-4397-8884-e3a9da57f4c9
OpenAPI Info Structure and Semantics The field 'enum' of Schema Object should be consistent with the schema's type
Documentation
Schema Enum Invalid (v3)
03856cb2-e46c-4daf-bfbf-214ec93c882b
OpenAPI Info Structure and Semantics Query details
Documentation
Schema Has A Required Property Undefined (v2)
811762c8-2e99-4f70-88f9-a63875a953b1
OpenAPI Info Structure and Semantics Schema Object should not be have a required property that is not defined on properties
Documentation
Schema Has A Required Property Undefined (v3)
2bd608ae-8a1f-457f-b710-c237883cb313
OpenAPI Info Structure and Semantics Query details
Documentation
Schema Object Properties With Duplicated Keys (v2)
ded017bf-fb13-4f8d-868b-84aebcc572ad
OpenAPI Info Structure and Semantics Schema Object Property key should be unique through out the fields 'properties', 'allOf', 'additionalProperties'
Documentation
Schema Object Properties With Duplicated Keys (v3)
10c61e4b-eed5-49cf-9c7d-d4bf02e9edfa
OpenAPI Info Structure and Semantics Query details
Documentation
Schema Object With Circular Ref (v2)
cbff2508-85c9-4448-a8b3-770070edf5ca
OpenAPI Info Structure and Semantics Schema Object should not reference it self in 'allOf', 'oneOf', 'anyOf' and 'not' properties
Documentation
Schema Object With Circular Ref (v3)
1a1aea94-745b-40a7-b860-0702ea6ee636
OpenAPI Info Structure and Semantics Query details
Documentation
Template Path With No Corresponding Path Parameter (v2)
e7656d8d-7288-4bbe-b07b-22b389be75ce
OpenAPI Info Structure and Semantics The template path must have a corresponding path parameter for a given operation
Documentation
Template Path With No Corresponding Path Parameter (v3)
561710b1-b845-4562-95ce-2397a05ccef4
OpenAPI Info Structure and Semantics Query details
Documentation
Type Has Invalid Keyword (v2)
492c6cbb-f3f8-4807-aa4f-42b8b1c46b59
OpenAPI Info Structure and Semantics Schema/Parameter/Header Object define type should not use a keyword of another type
Documentation
Type Has Invalid Keyword (v3)
a9228976-10cf-4b5f-b902-9e962aad037a
OpenAPI Info Structure and Semantics Query details
Documentation
Amazon DMS Replication Instance Is Publicly Accessible
bccb296f-362c-4b05-9221-86d1437a1016
Pulumi Critical Access Control Query details
Documentation
DynamoDB Table Not Encrypted
b6a7e0ae-aed8-4a19-a993-a95760bf8836
Pulumi High Encryption Query details
Documentation
ElastiCache Nodes Not Created Across Multi AZ
9b18fc19-7fb8-49b1-8452-9c757c70f926
Pulumi Medium Availability Query details
Documentation
ElastiCache Redis Cluster Without Backup
e93bbe63-a631-4c0f-b6ef-700d48441ff2
Pulumi Medium Backup Query details
Documentation
API Gateway Without SSL Certificate
f27791a5-e2ae-4905-8910-6f995c576d09
Pulumi Medium Insecure Configurations Query details
Documentation
RDS DB Instance Publicly Accessible
647de8aa-5a42-41b5-9faf-22136f117380
Pulumi Medium Insecure Configurations Query details
Documentation
Elasticsearch with HTTPS disabled
00603add-7f72-448f-a6c0-9e456a7a3f94
Pulumi Medium Networking and Firewall Query details
Documentation
API Gateway Access Logging Disabled
bf4b48b9-fc1f-4552-984a-4becdb5bf503
Pulumi Medium Observability Query details
Documentation
DocDB Logging Is Disabled
2ca87964-fe7e-4cdc-899c-427f0f3525f8
Pulumi Medium Observability Query details
Documentation
EC2 Instance Monitoring Disabled
daa581ef-731c-4121-832d-cf078f67759d
Pulumi Medium Observability Query details
Documentation
Elasticsearch Logs Disabled
a1120ee4-a712-42d9-8fb5-22595fed643b
Pulumi Medium Observability Query details
Documentation
IAM Password Without Minimum Length
9850d621-7485-44f7-8bdd-b3cf426315cf
Pulumi Low Best Practices Query details
Documentation
ECS Cluster with Container Insights Disabled
abcefee4-a0c1-4245-9f82-a473f79a9e2f
Pulumi Low Observability Query details
Documentation
DynamoDB Table Point In Time Recovery Disabled
327b0729-4c5c-4c44-8b5c-e476cd9c7290
Pulumi Info Best Practices Query details
Documentation
EC2 Not EBS Optimized
d991e4ae-42ab-429b-ab43-d5e5fa9ca633
Pulumi Info Best Practices Query details
Documentation
Storage Account Not Forcing HTTPS
cb8e4bf0-903d-45c6-a278-9a947d82a27b
Pulumi Medium Encryption Query details
Documentation
Redis Cache Allows Non SSL Connections
49e30ac8-f58e-4222-b488-3dcb90158ec1
Pulumi Medium Insecure Configurations Query details
Documentation
Google Compute SSL Policy Weak Cipher In Use
965e8830-2bec-4b9b-a7f0-24dbc200a68f
Pulumi Medium Encryption Query details
Documentation
Cloud Storage Bucket Logging Not Enabled
48f7e44d-d1d1-44c2-b336-9f11b65c4fb0
Pulumi Medium Observability Query details
Documentation
PSP Set To Privileged
ee305555-6b1d-4055-94cf-e22131143c34
Pulumi High Insecure Configurations Query details
Documentation
Missing App Armor Config
95588189-1abd-4df1-9588-b0a5034f9e87
Pulumi Medium Access Control Query details
Documentation
Serverless Role With Full Privileges
59ebb4f3-2a6c-46dc-b4f0-cc5418dcddcd
ServerlessFW High Access Control Query details
Documentation
Serverless Function Without Unique IAM Role
165aae3b-a56a-48f3-b76d-d2b5083f5b8f
ServerlessFW High Insecure Configurations Query details
Documentation
Serverless Function Environment Variables Not Encrypted
4495bc5d-4d1e-4a26-ae92-152d18195648
ServerlessFW Medium Encryption Query details
Documentation
Serverless API Endpoint Config Not Private
4d424558-c6d1-453c-be98-9a7f877abd9a
ServerlessFW Medium Networking and Firewall Query details
Documentation
Serverless API Access Logging Setting Undefined
a4d32883-aac7-42e1-b403-9415af0f3846
ServerlessFW Medium Observability Query details
Documentation
Serverless API X-Ray Tracing Disabled
434945e5-4dfd-41b1-aba1-47075ccd9265
ServerlessFW Medium Observability Query details
Documentation
Serverless API Without Content Encoding
d5d1fe08-89db-440c-8725-b93223387309
ServerlessFW Low Encryption Query details
Documentation
Serverless Function Without Dead Letter Queue
dec7bc85-d156-4f64-9a33-96ed3d9f3fed
ServerlessFW Low Insecure Configurations Query details
Documentation
Serverless Function Without Tags
f99d3482-fa8c-4f79-bad9-35212dded164
ServerlessFW Low Insecure Configurations Query details
Documentation
Serverless Function Without X-Ray Tracing
0d7ef70f-e176-44e6-bdba-add3e429788d
ServerlessFW Low Observability Query details
Documentation
OSS Bucket Allows All Actions From All Principals
ec62a32c-a297-41ca-a850-cab40b42094a
Terraform Critical Access Control Query details
Documentation
OSS Bucket Allows Delete Action From All Principals
8c0695d8-2378-4cd6-8243-7fd5894fa574
Terraform Critical Access Control Query details
Documentation
OSS Bucket Allows Put Action From All Principals
fe286195-e75c-4359-bd58-00847c4f855a
Terraform Critical Access Control Query details
Documentation
RDS DB Instance Publicly Accessible
faaefc15-51a5-419e-bb5e-51a4b5ab3485
Terraform Critical Insecure Configurations Query details
Documentation
OSS Bucket Allows List Action From All Principals
88541597-6f88-42c8-bac6-7e0b855e8ff6
Terraform High Access Control Query details
Documentation
OSS Bucket Public Access Enabled
62232513-b16f-4010-83d7-51d0e1d45426
Terraform High Access Control Query details
Documentation
Ecs Data Disk Kms Key Id Undefined
f262118c-1ac6-4bb3-8495-cc48f1775b85
Terraform High Encryption Query details
Documentation
Launch Template Is Not Encrypted
1455cb21-1d48-46d6-8ae3-cef911b71fd5
Terraform High Encryption Query details
Documentation
NAS File System Not Encrypted
67bfdff1-31ce-4525-b564-e94368735360
Terraform High Encryption Query details
Documentation
NAS File System Without KMS
5f670f9d-b1b4-4c90-8618-2288f1ab9676
Terraform High Encryption Query details
Documentation
RDS Instance TDE Status Disabled
44d434ca-a9bf-4203-8828-4c81a8d5a598
Terraform High Encryption Query details
Documentation
OSS Bucket Has Static Website
2b13c6ff-b87a-484d-86fd-21ef6e97d426
Terraform High Insecure Configurations Query details
Documentation
OSS Bucket Ip Restriction Disabled
6107c530-7178-464a-88bc-df9cdd364ac8
Terraform High Networking and Firewall Query details
Documentation
Public Security Group Rule All Ports or Protocols
60587dbd-6b67-432e-90f7-a8cf1892d968
Terraform High Networking and Firewall Query details
Documentation
Public Security Group Rule Sensitive Port
2ae9d554-23fb-4065-bfd1-fe43d5f7c419
Terraform High Networking and Firewall Query details
Documentation
Public Security Group Rule Unknown Port
dd706080-b7a8-47dc-81fb-3e8184430ec0
Terraform High Networking and Firewall Query details
Documentation
ActionTrail Trail OSS Bucket is Publicly Accessible
69b5d7da-a5db-4db9-a42e-90b65d0efb0b
Terraform High Observability Query details
Documentation
Ram Policy Admin Access Not Attached to Users Groups Roles
e8e62026-da63-4904-b402-65adfe3ca975
Terraform Medium Access Control Query details
Documentation
Ram Policy Attached to User
66505003-7aba-45a1-8d83-5162d5706ef5
Terraform Medium Access Control Query details
Documentation
CMK Is Unusable
ed6e3ba0-278f-47b6-a1f5-173576b40b7e
Terraform Medium Availability Query details
Documentation
OSS Bucket Versioning Disabled
70919c0b-2548-4e6b-8d7a-3d84ab6dabba
Terraform Medium Backup Query details
Documentation
ROS Stack Retention Disabled
4bb06fa1-2114-4a00-b7b5-6aeab8b896f0
Terraform Medium Backup Query details
Documentation
ROS Stack Without Template
92d65c51-5d82-4507-a2a1-d252e9706855
Terraform Medium Build Process Query details
Documentation
Disk Encryption Disabled
39750e32-3fe9-453b-8c33-dd277acdb2cc
Terraform Medium Encryption Query details
Documentation
OSS Bucket Encryption Using CMK Disabled
f20e97f9-4919-43f1-9be9-f203cd339cdd
Terraform Medium Encryption Query details
Documentation
SLB Policy With Insecure TLS Version In Use
dbfc834a-56e5-4750-b5da-73fda8e73f70
Terraform Medium Encryption Query details
Documentation
CS Kubernetes Node Pool Auto Repair Disabled
81ce9394-013d-4731-8fcc-9d229b474073
Terraform Medium Insecure Configurations Query details
Documentation
RDS DB Instance Publicly Accessible
1b4565c0-4877-49ac-ab03-adebbccd42ae
Terraform Medium Insecure Configurations Query details
Documentation
ALB Listening on HTTP
ee3b1557-9fb5-4685-a95d-93f1edf2a0d7
Terraform Medium Networking and Firewall Query details
Documentation
API Gateway API Protocol Not HTTPS
1bcdf9f0-b1aa-40a4-b8c6-cd7785836843
Terraform Medium Networking and Firewall Query details
Documentation
OSS Buckets Secure Transport Disabled
c01d10de-c468-4790-b3a0-fc887a56f289
Terraform Medium Networking and Firewall Query details
Documentation
RDS Instance SSL Action Disabled
7a1ee8a9-71be-4b11-bb70-efb62d16863b
Terraform Medium Networking and Firewall Query details
Documentation
Action Trail Logging For All Regions Disabled
c065b98e-1515-4991-9dca-b602bd6a2fbb
Terraform Medium Observability Query details
Documentation
OSS Bucket Logging Disabled
05db341e-de7d-4972-a106-3e2bd5ee53e1
Terraform Medium Observability Query details
Documentation
RDS Instance Events Not Logged
b9c524a4-fe76-4021-a6a2-cb978fb4fde1
Terraform Medium Observability Query details
Documentation
RDS Instance Log Connections Disabled
140869ea-25f2-40d4-a595-0c0da135114e
Terraform Medium Observability Query details
Documentation
RDS Instance Log Disconnections Disabled
d53f4123-f8d8-4224-8cb3-f920b151cc98
Terraform Medium Observability Query details
Documentation
RDS Instance Log Duration Disabled
a597e05a-c065-44e7-9cc8-742f572a504a
Terraform Medium Observability Query details
Documentation
VPC Flow Logs Disabled
d2731f3d-a992-44ed-812e-f4f1c2747d71
Terraform Medium Observability Query details
Documentation
No ROS Stack Policy
72ceb736-0aee-43ea-a191-3a69ab135681
Terraform Medium Resource Management Query details
Documentation
High KMS Key Rotation Period
cb319d87-b90f-485e-a7e7-f2408380f309
Terraform Medium Secret Management Query details
Documentation
Ram Account Password Policy Max Login Attempts Unrecommended
e76fd7ab-7333-40c6-a2d8-ea28af4a319e
Terraform Medium Secret Management Query details
Documentation
Ram Account Password Policy Max Password Age Unrecommended
2bb13841-7575-439e-8e0a-cccd9ede2fa8
Terraform Medium Secret Management Query details
Documentation
RAM Account Password Policy without Reuse Prevention
a8128dd2-89b0-464b-98e9-5d629041dfe0
Terraform Medium Secret Management Query details
Documentation
RAM Security Preference Not Enforce MFA Login
dcda2d32-e482-43ee-a926-75eaabeaa4e0
Terraform Low Access Control Query details
Documentation
OSS Bucket Transfer Acceleration Disabled
8f98334a-99aa-4d85-b72a-1399ca010413
Terraform Low Availability Query details
Documentation
OSS Bucket Lifecycle Rule Disabled
7db8bd7e-9772-478c-9ec5-4bc202c5686f
Terraform Low Backup Query details
Documentation
Kubernetes Cluster Without Terway as CNI Network Plugin
b9b7ada8-3868-4a35-854e-6100a2bb863d
Terraform Low Networking and Firewall Query details
Documentation
Log Retention Is Not Greater Than 90 Days
ed6cf6ff-9a1f-491c-9f88-e03c0807f390
Terraform Low Observability Query details
Documentation
RDS Instance Retention Period Not Recommended
dc158941-28ce-481d-a7fa-dc80761edf46
Terraform Low Observability Query details
Documentation
ROS Stack Notifications Disabled
9ef08939-ea40-489c-8851-667870b2ef50
Terraform Low Observability Query details
Documentation
Ram Account Password Policy Not Require At Least one Lowercase Character
89143358-cec6-49f5-9392-920c591c669c
Terraform Low Secret Management Query details
Documentation
RAM Account Password Policy Not Require at Least one Uppercase Character
5e0fb613-ba9b-44c3-88f0-b44188466bfd
Terraform Low Secret Management Query details
Documentation
Ram Account Password Policy Not Required Minimum Length
a9dfec39-a740-4105-bbd6-721ba163c053
Terraform Low Secret Management Query details
Documentation
Ram Account Password Policy Not Required Numbers
063234c0-91c0-4ab5-bbd0-47ddb5f23786
Terraform Low Secret Management Query details
Documentation
RAM Account Password Policy Not Required Symbols
41a38329-d81b-4be4-aef4-55b2615d3282
Terraform Low Secret Management Query details
Documentation
Amazon DMS Replication Instance Is Publicly Accessible
030d3b18-1821-45b4-9e08-50efbe7becbb
Terraform Critical Access Control Query details
Documentation
ECR Repository Is Publicly Accessible
e86e26fc-489e-44f0-9bcd-97305e4ba69a
Terraform Critical Access Control Query details
Documentation
S3 Bucket Access to Any Principal
7af43613-6bb9-4a0e-8c4d-1314b799425e
Terraform Critical Access Control Query details
Documentation
S3 Bucket ACL Allows Read Or Write to All Users
38c5ee0d-7f22-4260-ab72-5073048df100
Terraform Critical Access Control Query details
Documentation
S3 Bucket ACL Grants WRITE_ACP Permission
64a222aa-7793-4e40-915f-4b302c76e4d4
Terraform Critical Access Control Query details
Documentation
S3 Bucket Allows Delete Action From All Principals
ffdf4b37-7703-4dfe-a682-9d2e99bc6c09
Terraform Critical Access Control Query details
Documentation
S3 Bucket Allows Put Action From All Principals
d24c0755-c028-44b1-b503-8e719c898832
Terraform Critical Access Control Query details
Documentation
S3 Bucket With All Permissions
a4966c4f-9141-48b8-a564-ffe9959945bc
Terraform Critical Access Control Query details
Documentation
SNS Topic is Publicly Accessible
b26d2b7e-60f6-413d-a3a1-a57db24aa2b3
Terraform Critical Access Control Query details
Documentation
RDS DB Instance Publicly Accessible
35113e6f-2c6b-414d-beec-7a9482d3b2d1
Terraform Critical Insecure Configurations Query details
Documentation
DB Security Group With Public Scope
1e0ef61b-ad85-4518-a3d3-85eaad164885
Terraform Critical Networking and Firewall Query details
Documentation
RDS Associated with Public Subnet
2f737336-b18a-4602-8ea0-b200312e1ac1
Terraform Critical Networking and Firewall Query details
Documentation
CloudWatch Unauthorized Access Alarm Missing
4c18a45b-4ab1-4790-9f83-399ac695f1e5
Terraform Critical Observability Query details
Documentation
Cross-Account IAM Assume Role Policy Without ExternalId or MFA
09c35abf-5852-4622-ac7a-b987b331232e
Terraform High Access Control Query details
Documentation
ECS Service Admin Role Is Present
3206240f-2e87-4e58-8d24-3e19e7c83d7c
Terraform High Access Control Query details
Documentation
IAM Policy Grants Full Permissions
575a2155-6af1-4026-b1af-d5bc8fe2a904
Terraform High Access Control Query details
Documentation
IAM Role With Full Privileges
b1ffa705-19a3-4b73-b9d0-0c97d0663842
Terraform High Access Control Query details
Documentation
Lambda With Vulnerable Policy
ad9dabc7-7839-4bae-a957-aa9120013f39
Terraform High Access Control Query details
Documentation
MSK Broker Is Publicly Accessible
54378d69-dd7c-4b08-a43e-80d563396857
Terraform High Access Control Query details
Documentation
Neptune Cluster Instance is Publicly Accessible
9ba198e0-fef4-464a-8a4d-75ea55300de7
Terraform High Access Control Query details
Documentation
Neptune Cluster With IAM Database Authentication Disabled
c91d7ea0-d4d1-403b-8fe1-c9961ac082c5
Terraform High Access Control Query details
Documentation
S3 Bucket ACL Allows Read to Any Authenticated User
57b9893d-33b1-4419-bcea-a717ea87e139
Terraform High Access Control Query details
Documentation
S3 Bucket Allows Get Action From All Principals
1df37f4b-7197-45ce-83f8-9994d2fcf885
Terraform High Access Control Query details
Documentation
S3 Bucket Allows List Action From All Principals
66c6f96f-2d9e-417e-a998-9058aeeecd44
Terraform High Access Control Query details
Documentation
S3 Bucket Allows Public Policy
1a4bc881-9f69-4d44-8c9a-d37d08f54c50
Terraform High Access Control Query details
Documentation
S3 Bucket Public ACL Overridden By Public Access Block
bf878b1a-7418-4de3-b13c-3a86cf894920
Terraform High Access Control Query details
Documentation
Secrets Manager With Vulnerable Policy
fa00ce45-386d-4718-8392-fb485e1f3c5b
Terraform High Access Control Query details
Documentation
SES Policy With Allowed IAM Actions
34b921bd-90a0-402e-a0a5-dc73371fd963
Terraform High Access Control Query details
Documentation
SQS Policy Allows All Actions
816ea8cf-d589-442d-a917-2dd0ce0e45e3
Terraform High Access Control Query details
Documentation
SQS Queue Exposed
abb06e5f-ef9a-4a99-98c6-376d396bfcdf
Terraform High Access Control Query details
Documentation
AmazonMQ Broker Encryption Disabled
3db3f534-e3a3-487f-88c7-0a9fbf64b702
Terraform High Encryption Query details
Documentation
API Gateway Method Settings Cache Not Encrypted
b7c9a40c-23e4-4a2d-8d39-a3352f10f288
Terraform High Encryption Query details
Documentation
Athena Database Not Encrypted
b2315cae-b110-4426-81e0-80bb8640cdd3
Terraform High Encryption Query details
Documentation
Athena Workgroup Not Encrypted
d364984a-a222-4b5f-a8b0-e23ab19ebff3
Terraform High Encryption Query details
Documentation
Aurora With Disabled at Rest Encryption
1a690d1d-0ae7-49fa-b2db-b75ae0dd1d3e
Terraform High Encryption Query details
Documentation
Config Rule For Encrypted Volumes Disabled
abdb29d4-5ca1-4e91-800b-b3569bbd788c
Terraform High Encryption Query details
Documentation
DAX Cluster Not Encrypted
f11aec39-858f-4b6f-b946-0a1bf46c0c87
Terraform High Encryption Query details
Documentation
DB Instance Storage Not Encrypted
08bd0760-8752-44e1-9779-7bb369b2b4e4
Terraform High Encryption Query details
Documentation
DOCDB Cluster Not Encrypted
bc1f9009-84a0-490f-ae09-3e0ea6d74ad6
Terraform High Encryption Query details
Documentation
DOCDB Cluster Without KMS
4766d3ea-241c-4ee6-93ff-c380c996bd1a
Terraform High Encryption Query details
Documentation
DynamoDB Table Not Encrypted
ce089fd4-1406-47bd-8aad-c259772bb294
Terraform High Encryption Query details
Documentation
EBS Default Encryption Disabled
3d3f6270-546b-443c-adb4-bb6fb2187ca6
Terraform High Encryption Query details
Documentation
EBS Volume Encryption Disabled
cc997676-481b-4e93-aa81-d19f8c5e9b12
Terraform High Encryption Query details
Documentation
EBS Volume Snapshot Not Encrypted
e6b4b943-6883-47a9-9739-7ada9568f8ca
Terraform High Encryption Query details
Documentation
ECS Task Definition Volume Not Encrypted
4d46ff3b-7160-41d1-a310-71d6d370b08f
Terraform High Encryption Query details
Documentation
EFS Not Encrypted
48207659-729f-4b5c-9402-f884257d794f
Terraform High Encryption Query details
Documentation
EKS Cluster Encryption Disabled
63ebcb19-2739-4d3f-aa5c-e8bbb9b85281
Terraform High Encryption Query details
Documentation
ElastiCache Replication Group Not Encrypted At Rest
76976de7-c7b1-4f64-a94f-90c1345914c2
Terraform High Encryption Query details
Documentation
ElasticSearch Encryption With KMS Disabled
7af2f4a3-00d9-47f3-8d15-ca0888f4e5b2
Terraform High Encryption Query details
Documentation
ElasticSearch Not Encrypted At Rest
24e16922-4330-4e9d-be8a-caa90299466a
Terraform High Encryption Query details
Documentation
ELB Using Weak Ciphers
4a800e14-c94a-442d-9067-5a2e9f6c0a4c
Terraform High Encryption Query details
Documentation
Glue Data Catalog Encryption Disabled
01d50b14-e933-4c99-b314-6d08cd37ad35
Terraform High Encryption Query details
Documentation
Glue Security Configuration Encryption Disabled
ad5b4e97-2850-4adf-be17-1d293e0b85ee
Terraform High Encryption Query details
Documentation
Kinesis Not Encrypted With KMS
862fe4bf-3eec-4767-a517-40f378886b88
Terraform High Encryption Query details
Documentation
Kinesis SSE Not Configured
5c6dd5e7-1fe0-4cae-8f81-4c122717cef3
Terraform High Encryption Query details
Documentation
Launch Configuration Is Not Encrypted
4de9de27-254e-424f-bd70-4c1e95790838
Terraform High Encryption Query details
Documentation
MSK Cluster Encryption Disabled
6db52fa6-d4da-4608-908a-89f0c59e743e
Terraform High Encryption Query details
Documentation
Neptune Database Cluster Encryption Disabled
98d59056-f745-4ef5-8613-32bca8d40b7e
Terraform High Encryption Query details
Documentation
RDS Database Cluster not Encrypted
656880aa-1388-488f-a6d4-8f73c23149b2
Terraform High Encryption Query details
Documentation
RDS Storage Not Encrypted
3199c26c-7871-4cb3-99c2-10a59244ce7f
Terraform High Encryption Query details
Documentation
Redis Not Compliant
254c932d-e3bf-44b2-bc9d-eb5fdb09f8d4
Terraform High Encryption Query details
Documentation
Redshift Not Encrypted
cfdcabb0-fc06-427c-865b-c59f13e898ce
Terraform High Encryption Query details
Documentation
S3 Bucket Object Not Encrypted
5fb49a69-8d46-4495-a2f8-9c8c622b2b6e
Terraform High Encryption Query details
Documentation
Sagemaker Endpoint Configuration Encryption Disabled
58b35504-0287-4154-bf69-02c0573deab8
Terraform High Encryption Query details
Documentation
Sagemaker Notebook Instance Without KMS
f3674e0c-f6be-43fa-b71c-bf346d1aed99
Terraform High Encryption Query details
Documentation
SNS Topic Not Encrypted
28545147-2fc6-42d5-a1f9-cf226658e591
Terraform High Encryption Query details
Documentation
User Data Contains Encoded Private Key
443488f5-c734-460b-a36d-5b3f330174dc
Terraform High Encryption Query details
Documentation
Workspaces Workspace Volume Not Encrypted
b9033580-6886-401a-8631-5f19f5bb24c7
Terraform High Encryption Query details
Documentation
Batch Job Definition With Privileged Container Properties
66cd88ac-9ddf-424a-b77e-e55e17630bee
Terraform High Insecure Configurations Query details
Documentation
DB Security Group Has Public Interface
f0d8781f-99bf-4958-9917-d39283b168a0
Terraform High Insecure Configurations Query details
Documentation
KMS Key With Vulnerable Policy
7ebc9038-0bde-479a-acc4-6ed7b6758899
Terraform High Insecure Configurations Query details
Documentation
Lambda Function With Privileged Role
1b3af2f9-af8c-4dfc-a0f1-a03adb70deb2
Terraform High Insecure Configurations Query details
Documentation
MQ Broker Is Publicly Accessible
4eb5f791-c861-4afd-9f94-f2a6a3fe49cb
Terraform High Insecure Configurations Query details
Documentation
Redshift Publicly Accessible
af173fde-95ea-4584-b904-bb3923ac4bda
Terraform High Insecure Configurations Query details
Documentation
Root Account Has Active Access Keys
970d224d-b42a-416b-81f9-8f4dfe70c4bc
Terraform High Insecure Configurations Query details
Documentation
S3 Static Website Host Enabled
42bb6b7f-6d54-4428-b707-666f669d94fb
Terraform High Insecure Configurations Query details
Documentation
DB Security Group Open To Large Scope
4f615f3e-fb9c-4fad-8b70-2e9f781806ce
Terraform High Networking and Firewall Query details
Documentation
Default Security Groups With Unrestricted Traffic
46883ce1-dc3e-4b17-9195-c6a601624c73
Terraform High Networking and Firewall Query details
Documentation
Network ACL With Unrestricted Access To RDP
a20be318-cac7-457b-911d-04cc6e812c25
Terraform High Networking and Firewall Query details
Documentation
Remote Desktop Port Open To Internet
151187cb-0efc-481c-babd-ad24e3c9bc22
Terraform High Networking and Firewall Query details
Documentation
Route53 Record Undefined
25db74bf-fa3b-44da-934e-8c3e005c0453
Terraform High Networking and Firewall Query details
Documentation
Sensitive Port Is Exposed To Entire Network
381c3f2a-ef6f-4eff-99f7-b169cda3422c
Terraform High Networking and Firewall Query details
Documentation
Unknown Port Exposed To Internet
590d878b-abdc-428f-895a-e2b68a0e1998
Terraform High Networking and Firewall Query details
Documentation
Unrestricted Security Group Ingress
4728cd65-a20c-49da-8b31-9c08b423e4db
Terraform High Networking and Firewall Query details
Documentation
VPC Default Security Group Accepts All Traffic
9a4ef195-74b9-4c58-b8ed-2b2fe4353a75
Terraform High Networking and Firewall Query details
Documentation
VPC Peering Route Table with Unrestricted CIDR
b3a41501-f712-4c4f-81e5-db9a7dc0e34e
Terraform High Networking and Firewall Query details
Documentation
CloudTrail Log Files S3 Bucket is Publicly Accessible
bd0088a5-c133-4b20-b129-ec9968b16ef3
Terraform High Observability Query details
Documentation
Hardcoded AWS Access Key
d7b9d850-3e06-4a75-852f-c46c2e92240b
Terraform High Secret Management Query details
Documentation
Hardcoded AWS Access Key In Lambda
1402afd8-a95c-4e84-8b0b-6fb43758e6ce
Terraform High Secret Management Query details
Documentation
AMI Shared With Multiple Accounts
ba4e0031-3e9d-4d7d-b0d6-bd8f003f8698
Terraform Medium Access Control Query details
Documentation
API Gateway Method Does Not Contains An API Key
671211c5-5d2a-4e97-8867-30fc28b02216
Terraform Medium Access Control Query details
Documentation
API Gateway Without Configured Authorizer
0a96ce49-4163-4ee6-8169-eb3b0797d694
Terraform Medium Access Control Query details
Documentation
Certificate Has Expired
c3831315-5ae6-4fa8-b458-3d4d5ab7a3f6
Terraform Medium Access Control Query details
Documentation
EC2 Instance Using Default Security Group
f1adc521-f79a-4d71-b55b-a68294687432
Terraform Medium Access Control Query details
Documentation
EFS With Vulnerable Policy
fae52418-bb8b-4ac2-b287-0b9082d6a3fd
Terraform Medium Access Control Query details
Documentation
Elasticsearch Domain With Vulnerable Policy
16c4216a-50d3-4785-bfb2-4adb5144a8ba
Terraform Medium Access Control Query details
Documentation
Elasticsearch Without IAM Authentication
e7530c3c-b7cf-4149-8db9-d037a0b5268e
Terraform Medium Access Control Query details
Documentation
Glue With Vulnerable Policy
d25edb51-07fb-4a73-97d4-41cecdc53a22
Terraform Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'cloudformation:CreateStack' And 'iam:PassRole'
9b0ffadc-a61f-4c2a-b1e6-68fab60f6267
Terraform Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'ec2:RunInstances' And 'iam:PassRole'
15e6ad8c-f420-49a6-bafb-074f5eb1ec74
Terraform Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'glue:CreateDevEndpoint' And 'iam:PassRole'
7d544dad-8a6c-431c-84c1-5f07fe9afc0e
Terraform Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'glue:UpdateDevEndpoint'
8f3c16b3-354d-45db-8ad5-5066778a9485
Terraform Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:AddUserToGroup'
970ed7a2-0aca-4425-acf1-0453c9ecbca1
Terraform Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:AttachGroupPolicy'
70b42736-efee-4bce-80d5-50358ed94990
Terraform Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:AttachRolePolicy'
3dd96caa-0b5f-4a85-b929-acfac4646cc2
Terraform Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:AttachUserPolicy'
db78d14b-10e5-4e6e-84b1-dace6327b1ec
Terraform Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:CreateAccessKey'
846646e3-2af1-428c-ac5d-271eccfa6faf
Terraform Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:CreateLoginProfile'
04c686f1-e0cd-4812-88e1-4e038410074c
Terraform Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:CreatePolicyVersion'
ec49cbfd-fae4-45f3-81b1-860526d66e3f
Terraform Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:PutGroupPolicy'
e77c89f6-9c85-49ea-b95b-5f960fe5be92
Terraform Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:PutRolePolicy'
c0c1e744-0f37-445e-924a-1846f0839f69
Terraform Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:PutUserPolicy'
60263b4a-6801-4587-911d-919c37ed733b
Terraform Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:SetDefaultPolicyVersion'
7782d4b3-e23e-432b-9742-d9528432e771
Terraform Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:UpdateAssumeRolePolicy' And 'sts:AssumeRole'
78f1ec6f-5659-41ea-bd48-d0a142dce4f2
Terraform Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'iam:UpdateLoginProfile'
ad296c0d-8131-4d6b-b030-1b0e73a99ad3
Terraform Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'lambda:CreateFunction' And 'iam:PassRole' And 'lambda:InvokeFunction'
034d0aee-620f-4bf7-b7fb-efdf661fdb9e
Terraform Medium Access Control Query details
Documentation
Group With Privilege Escalation By Actions 'lambda:UpdateFunctionCode'
571254d8-aa6a-432e-9725-535d3ef04d69
Terraform Medium Access Control Query details
Documentation
IAM Access Key Is Exposed
7081f85c-b94d-40fd-8b45-a4f1cac75e46
Terraform Medium Access Control Query details
Documentation
IAM Group Without Users
fc101ca7-c9dd-4198-a1eb-0fbe92e80044
Terraform Medium Access Control Query details
Documentation
IAM Policies Attached To User
b4378389-a9aa-44ee-91e7-ef183f11079e
Terraform Medium Access Control Query details
Documentation
IAM Policies With Full Privileges
2f37c4a3-58b9-4afe-8a87-d7f1d2286f84
Terraform Medium Access Control Query details
Documentation
IAM Policy Grants 'AssumeRole' Permission Across All Services
bcdcbdc6-a350-4855-ae7c-d1e6436f7c97
Terraform Medium Access Control Query details
Documentation
IAM Role Allows All Principals To Assume
12b7e704-37f0-4d1e-911a-44bf60c48c21
Terraform Medium Access Control Query details
Documentation
IAM Role Policy passRole Allows All
e39bee8c-fe54-4a3f-824d-e5e2d1cca40a
Terraform Medium Access Control Query details
Documentation
IAM User With Access To Console
9ec311bf-dfd9-421f-8498-0b063c8bc552
Terraform Medium Access Control Query details
Documentation
Lambda Permission Principal Is Wildcard
e08ed7eb-f3ef-494d-9d22-2e3db756a347
Terraform Medium Access Control Query details
Documentation
Policy Without Principal
bbe3dd3d-fea9-4b68-a785-cfabe2bbbc54
Terraform Medium Access Control Query details
Documentation
Public and Private EC2 Share Role
c53c7a89-f9d7-4c7b-8b66-8a555be99593
Terraform Medium Access Control Query details
Documentation
Public Lambda via API Gateway
3ef8696c-e4ae-4872-92c7-520bb44dfe77
Terraform Medium Access Control Query details
Documentation
REST API With Vulnerable Policy
b161c11b-a59b-4431-9a29-4e19f63e6b27
Terraform Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'cloudformation:CreateStack' And 'iam:PassRole'
be2aa235-bd93-4b68-978a-1cc65d49082f
Terraform Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'ec2:RunInstances' And 'iam:PassRole'
30b88745-eebe-4ecb-a3a9-5cf886e96204
Terraform Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'glue:CreateDevEndpoint' And 'iam:PassRole'
0a592060-8166-49f5-8e65-99ac6dce9871
Terraform Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'glue:UpdateDevEndpoint'
eda48c88-2b7d-4e34-b6ca-04c0194aee17
Terraform Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:AddUserToGroup'
b8a31292-509d-4b61-bc40-13b167db7e9c
Terraform Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:AttachGroupPolicy'
f906113d-cdc0-415a-ba60-609cc6daaf4d
Terraform Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:AttachRolePolicy'
f465fff1-0a0f-457d-aa4d-1bddb6f204ff
Terraform Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:AttachUserPolicy'
7c96920c-6fd0-449d-9a52-0aa431b6beaf
Terraform Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:CreateAccessKey'
5b4d4aee-ac94-4810-9611-833636e5916d
Terraform Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:CreateLoginProfile'
9a205ba3-0dd1-42eb-8d54-2ffec836b51a
Terraform Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:CreatePolicyVersion'
ee49557d-750c-4cc1-aa95-94ab36cbefde
Terraform Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:PutGroupPolicy'
d6047119-a0b2-4b59-a4f2-127a36fb685b
Terraform Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:PutRolePolicy'
eb64f1e9-f67d-4e35-8a3c-3d6a2f9efea7
Terraform Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:PutUserPolicy'
8f75840d-9ee7-42f3-b203-b40e3979eb12
Terraform Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:SetDefaultPolicyVersion'
118281d0-6471-422e-a7c5-051bc667926e
Terraform Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:UpdateAssumeRolePolicy' And 'sts:AssumeRole'
f1173d8c-3264-4148-9fdb-61181e031b51
Terraform Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'iam:UpdateLoginProfile'
35ccf766-0e4d-41ed-9ec4-2dab155082b4
Terraform Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'lambda:CreateFunction' And 'iam:PassRole' And 'lambda:InvokeFunction'
fa62ac4f-f5b9-45b9-97c1-625c8b6253ca
Terraform Medium Access Control Query details
Documentation
Role With Privilege Escalation By Actions 'lambda:UpdateFunctionCode'
c583f0f9-7dfd-476b-a056-f47c62b47b46
Terraform Medium Access Control Query details
Documentation
S3 Bucket Allows Public ACL
d0cc8694-fcad-43ff-ac86-32331d7e867f
Terraform Medium Access Control Query details
Documentation
SNS Topic Publicity Has Allow and NotAction Simultaneously
5ea624e4-c8b1-4bb3-87a4-4235a776adcc
Terraform Medium Access Control Query details
Documentation
SQS Policy With Public Access
730675f9-52ed-49b6-8ead-0acb5dd7df7f
Terraform Medium Access Control Query details
Documentation
SSO Identity User Unsafe Creation
4003118b-046b-4640-b200-b8c7a4c8b89f
Terraform Medium Access Control Query details
Documentation
SSO Policy with full privileges
132a8c31-9837-4203-9fd1-15ca210c7b73
Terraform Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'cloudformation:CreateStack' And 'iam:PassRole'
19ffbe31-9d72-4379-9768-431195eae328
Terraform Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'ec2:RunInstances' And 'iam:PassRole'
89561b03-cb35-44a9-a7e9-8356e71606f4
Terraform Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'glue:CreateDevEndpoint' And 'iam:PassRole'
94fbe150-27e3-4eba-9ca6-af32865e4503
Terraform Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'glue:UpdateDevEndpoint'
9b877bd8-94b4-4c10-a060-8e0436cc09fa
Terraform Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:AddUserToGroup'
bf9d42c7-c2f9-4dfe-942c-c8cc8249a081
Terraform Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:AttachGroupPolicy'
6d23d87e-1c5b-4308-b224-92624300f29b
Terraform Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:AttachRolePolicy'
e227091e-2228-4b40-b046-fc13650d8e88
Terraform Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:AttachUserPolicy'
70cb518c-d990-46f6-bc05-44a5041493d6
Terraform Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:CreateAccessKey'
113208f2-a886-4526-9ecc-f3218600e12c
Terraform Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:CreateLoginProfile'
0fd7d920-4711-46bd-aff2-d307d82cd8b7
Terraform Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:CreatePolicyVersion'
1743f5f1-0bb0-4934-acef-c80baa5dadfa
Terraform Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:PutGroupPolicy'
8bfbf7ab-d5e8-4100-8618-798956e101e0
Terraform Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:PutRolePolicy'
eeb4d37a-3c59-4789-a00c-1509bc3af1e5
Terraform Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:PutUserPolicy'
0c10d7da-85c4-4d62-b2a8-d6c104f1bd77
Terraform Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:SetDefaultPolicyVersion'
43a41523-386a-4cb1-becb-42af6b414433
Terraform Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:UpdateAssumeRolePolicy' And 'sts:AssumeRole'
33627268-1445-4385-988a-318fd9d1a512
Terraform Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'iam:UpdateLoginProfile'
6deb34e2-5d9c-499a-801b-ea6d9eda894f
Terraform Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'lambda:CreateFunction' And 'iam:PassRole' And 'lambda:InvokeFunction'
8055dec2-efb8-4fe6-8837-d9bed6ff202a
Terraform Medium Access Control Query details
Documentation
User With Privilege Escalation By Actions 'lambda:UpdateFunctionCode'
b69247e5-7e73-464e-ba74-ec9b715c6e12
Terraform Medium Access Control Query details
Documentation
Auto Scaling Group With No Associated ELB
8e94dced-9bcc-4203-8eb7-7e41202b2505
Terraform Medium Availability Query details
Documentation
CMK Is Unusable
7350fa23-dcf7-4938-916d-6a60b0c73b50
Terraform Medium Availability Query details
Documentation
ElastiCache Nodes Not Created Across Multi AZ
6db03a91-f933-4f13-ab38-a8b87a7de54d
Terraform Medium Availability Query details
Documentation
ElastiCache Redis Cluster Without Backup
8fdb08a0-a868-4fdf-9c27-ccab0237f1ab
Terraform Medium Backup Query details
Documentation
RDS Cluster With Backup Disabled
e542bd46-58c4-4e0f-a52a-1fb4f9548e02
Terraform Medium Backup Query details
Documentation
RDS With Backup Disabled
1dc73fb4-5b51-430c-8c5f-25dcf9090b02
Terraform Medium Backup Query details
Documentation
S3 Bucket Without Versioning
568a4d22-3517-44a6-a7ad-6a7eed88722c
Terraform Medium Backup Query details
Documentation
Stack Retention Disabled
6e0e2f68-3fd9-4cd8-a5e4-e2213ef0df97
Terraform Medium Backup Query details
Documentation
ALB Not Dropping Invalid Headers
6e3fd2ed-5c83-4c68-9679-7700d224d379
Terraform Medium Best Practices Query details
Documentation
AMI Not Encrypted
8bbb242f-6e38-4127-86d4-d8f0b2687ae2
Terraform Medium Encryption Query details
Documentation
CA Certificate Identifier Is Outdated
9f40c07e-699e-4410-8856-3ba0f2e3a2dd
Terraform Medium Encryption Query details
Documentation
Cloudfront Viewer Protocol Policy Allows HTTP
55af1353-2f62-4fa0-a8e1-a210ca2708f5
Terraform Medium Encryption Query details
Documentation
CloudWatch Log Group Without KMS
0afbcfe9-d341-4b92-a64c-7e6de0543879
Terraform Medium Encryption Query details
Documentation
ElastiCache Replication Group Not Encrypted At Transit
1afbb3fa-cf6c-4a3d-b730-95e9f4df343e
Terraform Medium Encryption Query details
Documentation
Elasticsearch Domain Not Encrypted Node To Node
967eb3e6-26fc-497d-8895-6428beb6e8e2
Terraform Medium Encryption Query details
Documentation
ELB Using Insecure Protocols
126c1788-23c2-4a10-906c-ef179f4f96ec
Terraform Medium Encryption Query details
Documentation
IAM Database Auth Not Enabled
88fd05e0-ac0e-43d2-ba6d-fc0ba60ae1a6
Terraform Medium Encryption Query details
Documentation
S3 Bucket Policy Accepts HTTP Requests
4bc4dd4c-7d8d-405e-a0fb-57fa4c31b4d9
Terraform Medium Encryption Query details
Documentation
Secretsmanager Secret Encrypted With AWS Managed Key
b0d3ef3f-845d-4b1b-83d6-63a5a380375f
Terraform Medium Encryption Query details
Documentation
Secretsmanager Secret Without KMS
a2f548f2-188c-4fff-b172-e9a6acb216bd
Terraform Medium Encryption Query details
Documentation
Secure Ciphers Disabled
5c0003fb-9aa0-42c1-9da3-eb0e332bef21
Terraform Medium Encryption Query details
Documentation
SNS Topic Encrypted With AWS Managed Key
b1a72f66-2236-4f3b-87ba-0da1b366956f
Terraform Medium Encryption Query details
Documentation
SQS With SSE Disabled
6e8849c1-3aa7-40e3-9063-b85ee300f29f
Terraform Medium Encryption Query details
Documentation
SSM Session Transit Encryption Disabled
ce60cc6b-6831-4bd7-84a2-cc7f8ee71433
Terraform Medium Encryption Query details
Documentation
ALB Deletion Protection Disabled
afecd1f1-6378-4f7e-bb3b-60c35801fdd4
Terraform Medium Insecure Configurations Query details
Documentation
API Gateway With Open Access
15ccec05-5476-4890-ad19-53991eba1db8
Terraform Medium Insecure Configurations Query details
Documentation
API Gateway Without Security Policy
4e1cc5d3-2811-4fb2-861c-ee9b3cb7f90b
Terraform Medium Insecure Configurations Query details
Documentation
API Gateway Without SSL Certificate
0b4869fc-a842-4597-aa00-1294df425440
Terraform Medium Insecure Configurations Query details
Documentation
Certificate RSA Key Bytes Lower Than 256
874d68a3-bfbe-4a4b-aaa0-9e74d7da634b
Terraform Medium Insecure Configurations Query details
Documentation
CloudFront Without Minimum Protocol TLS 1.2
00e5e55e-c2ff-46b3-a757-a7a1cd802456
Terraform Medium Insecure Configurations Query details
Documentation
ECR Image Tag Not Immutable
d1846b12-20c5-4d45-8798-fc35b79268eb
Terraform Medium Insecure Configurations Query details
Documentation
ECS Task Definition Network Mode Not Recommended
9f4a9409-9c60-4671-be96-9716dbf63db1
Terraform Medium Insecure Configurations Query details
Documentation
EKS Cluster Has Public Access
42f4b905-3736-4213-bfe9-c0660518cda8
Terraform Medium Insecure Configurations Query details
Documentation
IAM User Has Too Many Access Keys
3561130e-9c5f-485b-9e16-2764c82763e5
Terraform Medium Insecure Configurations Query details
Documentation
No Password Policy Enabled
b592ffd4-0577-44b6-bd35-8c5ee81b5918
Terraform Medium Insecure Configurations Query details
Documentation
S3 Bucket with Unsecured CORS Rule
98a8f708-121b-455b-ae2f-da3fb59d17e1
Terraform Medium Insecure Configurations Query details
Documentation
S3 Bucket Without Ignore Public ACL
4fa66806-0dd9-4f8d-9480-3174d39c7c91
Terraform Medium Insecure Configurations Query details
Documentation
S3 Bucket Without Restriction Of Public Bucket
1ec253ab-c220-4d63-b2de-5b40e0af9293
Terraform Medium Insecure Configurations Query details
Documentation
Service Control Policies Disabled
5ba6229c-8057-433e-91d0-21cf13569ca9
Terraform Medium Insecure Configurations Query details
Documentation
Default VPC Exists
96ed3526-0179-4c73-b1b2-372fde2e0d13
Terraform Medium Insecure Defaults Query details
Documentation
Vulnerable Default SSL Certificate
3a1e94df-6847-4c0e-a3b6-6c6af4e128ef
Terraform Medium Insecure Defaults Query details
Documentation
ALB Is Not Integrated With WAF
0afa6ab8-a047-48cf-be07-93a2f8c34cf7
Terraform Medium Networking and Firewall Query details
Documentation
ALB Listening on HTTP
de7f5e83-da88-4046-871f-ea18504b1d43
Terraform Medium Networking and Firewall Query details
Documentation
API Gateway Endpoint Config is Not Private
6b2739db-9c49-4db7-b980-7816e0c248c1
Terraform Medium Networking and Firewall Query details
Documentation
API Gateway without WAF
a186e82c-1078-4a7b-85d8-579561fde884
Terraform Medium Networking and Firewall Query details
Documentation
CloudFront Without WAF
1419b4c6-6d5c-4534-9cf6-6a5266085333
Terraform Medium Networking and Firewall Query details
Documentation
EC2 Instance Has Public IP
5a2486aa-facf-477d-a5c1-b010789459ce
Terraform Medium Networking and Firewall Query details
Documentation
EKS Cluster Has Public Access CIDRs
61cf9883-1752-4768-b18c-0d57f2737709
Terraform Medium Networking and Firewall Query details
Documentation
EKS node group remote access disabled
ba40ace1-a047-483c-8a8d-bc2d3a67a82d
Terraform Medium Networking and Firewall Query details
Documentation
Elasticsearch with HTTPS disabled
2e9e0729-66d5-4148-9d39-5e6fb4bf2a4e
Terraform Medium Networking and Firewall Query details
Documentation
HTTP Port Open To Internet
ffac8a12-322e-42c1-b9b9-81ff85c39ef7
Terraform Medium Networking and Firewall Query details
Documentation
Network ACL With Unrestricted Access To SSH
3af7f2fd-06e6-4dab-b996-2912bea19ba4
Terraform Medium Networking and Firewall Query details
Documentation
Security Group With Unrestricted Access To SSH
65905cec-d691-4320-b320-2000436cb696
Terraform Medium Networking and Firewall Query details
Documentation
Sensitive Port Is Exposed To Small Public Network
e35c16a2-d54e-419d-8546-a804d8e024d0
Terraform Medium Networking and Firewall Query details
Documentation
SQL Analysis Services Port 2383 (TCP) Is Publicly Accessible
54c417bf-c762-48b9-9d31-b3d87047e3f0
Terraform Medium Networking and Firewall Query details
Documentation
VPC Subnet Assigns Public IP
52f04a44-6bfa-4c41-b1d3-4ae99a2de05c
Terraform Medium Networking and Firewall Query details
Documentation
VPC Without Network Firewall
fd632aaf-b8a1-424d-a4d1-0de22fd3247a
Terraform Medium Networking and Firewall Query details
Documentation
API Gateway Access Logging Disabled
1b6799eb-4a7a-4b04-9001-8cceb9999326
Terraform Medium Observability Query details
Documentation
API Gateway Deployment Without Access Log Setting
625abc0e-f980-4ac9-a775-f7519ee34296
Terraform Medium Observability Query details
Documentation
API Gateway With CloudWatch Logging Disabled
982aa526-6970-4c59-8b9b-2ce7e019fe36
Terraform Medium Observability Query details
Documentation
CloudFront Logging Disabled
94690d79-b3b0-43de-b656-84ebef5753e5
Terraform Medium Observability Query details
Documentation
CloudTrail Log Files S3 Bucket with Logging Disabled
ee9e50e8-b2ed-4176-ad42-8fc0cf7593f4
Terraform Medium Observability Query details
Documentation
CloudTrail Logging Disabled
4bb76f17-3d63-4529-bdca-2b454529d774
Terraform Medium Observability Query details
Documentation
CloudWatch AWS Config Configuration Changes Alarm Missing
5b8d7527-de8e-4114-b9dd-9d988f1f418f
Terraform Medium Observability Query details
Documentation
CloudWatch Changes To NACL Alarm Missing
0a8e8dc5-b6fc-44fc-b5a1-969ec950f9b0
Terraform Medium Observability Query details
Documentation
Cloudwatch Cloudtrail Configuration Changes Alarm Missing
0f6cbf69-41bb-47dc-93f3-3844640bf480
Terraform Medium Observability Query details
Documentation
CloudWatch Disabling Or Scheduled Deletion Of Customer Created CMK Alarm Missing
56a585f5-555c-48b2-8395-e64e4740a9cf
Terraform Medium Observability Query details
Documentation
CloudWatch Logging Disabled
7dbba512-e244-42dc-98bb-422339827967
Terraform Medium Observability Query details
Documentation
CloudWatch Management Console Auth Failed Alarm Missing
5864d189-ee9a-4009-ac0c-8a582e6b7919
Terraform Medium Observability Query details
Documentation
CloudWatch Metrics Disabled
081069cb-588b-4ce1-884c-2a1ce3029fe5
Terraform Medium Observability Query details
Documentation
CloudWatch Root Account Use Missing
8b1b1e67-6248-4dca-bbad-93486bb181c0
Terraform Medium Observability Query details
Documentation
CloudWatch S3 policy Change Alarm Missing
27c6a499-895a-4dc7-9617-5c485218db13
Terraform Medium Observability Query details
Documentation
Cloudwatch Security Group Changes Alarm Missing
4beaf898-9f8b-4237-89e2-5ffdc7ee6006
Terraform Medium Observability Query details
Documentation
CloudWatch VPC Changes Alarm Missing
9d0d4512-1959-43a2-a17f-72360ff06d1b
Terraform Medium Observability Query details
Documentation
DocDB Logging Is Disabled
56f6a008-1b14-4af4-b9b2-ab7cf7e27641
Terraform Medium Observability Query details
Documentation
EC2 Instance Monitoring Disabled
23b70e32-032e-4fa6-ba5c-82f56b9980e6
Terraform Medium Observability Query details
Documentation
EKS cluster logging is not enabled
37304d3f-f852-40b8-ae3f-725e87a7cedf
Terraform Medium Observability Query details
Documentation
Elasticsearch Log Disabled
acb6b4e2-a086-4f35-aefd-4db6ea51ada2
Terraform Medium Observability Query details
Documentation
ELB Access Log Disabled
20018359-6fd7-4d05-ab26-d4dffccbdf79
Terraform Medium Observability Query details
Documentation
Global Accelerator Flow Logs Disabled
96e8183b-e985-457b-90cd-61c0503a3369
Terraform Medium Observability Query details
Documentation
GuardDuty Detector Disabled
704dadd3-54fc-48ac-b6a0-02f170011473
Terraform Medium Observability Query details
Documentation
Missing Cluster Log Types
66f130d9-b81d-4e8e-9b08-da74b9c891df
Terraform Medium Observability Query details
Documentation
MQ Broker Logging Disabled
31245f98-a6a9-4182-9fc1-45482b9d030a
Terraform Medium Observability Query details
Documentation
MSK Cluster Logging Disabled
2f56b7ab-7fba-4e93-82f0-247e5ddeb239
Terraform Medium Observability Query details
Documentation
Neptune Logging Is Disabled
45cff7b6-3b80-40c1-ba7b-2cf480678bb8
Terraform Medium Observability Query details
Documentation
RDS Without Logging
8d7f7b8c-6c7c-40f8-baa6-62006c6c7b56
Terraform Medium Observability Query details
Documentation
Redshift Cluster Logging Disabled
15ffbacc-fa42-4f6f-a57d-2feac7365caa
Terraform Medium Observability Query details
Documentation
S3 Bucket Logging Disabled
f861041c-8c9f-4156-acfc-5e6e524f5884
Terraform Medium Observability Query details
Documentation
S3 Bucket Object Level CloudTrail Logging Disabled
a8fc2180-b3ac-4c93-bd0d-a55b974e4b07
Terraform Medium Observability Query details
Documentation
Stack Notifications Disabled
b72d0026-f649-4c91-a9ea-15d8f681ac09
Terraform Medium Observability Query details
Documentation
VPC FlowLogs Disabled
f83121ea-03da-434f-9277-9cd247ab3047
Terraform Medium Observability Query details
Documentation
No Stack Policy
2f01fb2d-828a-499d-b98e-b83747305052
Terraform Medium Resource Management Query details
Documentation
Authentication Without MFA
3ddfa124-6407-4845-a501-179f90c65097
Terraform Low Access Control Query details
Documentation
CloudWatch Logs Destination With Vulnerable Policy
db0ec4c4-852c-46a2-b4f3-7ec13cdb12a8
Terraform Low Access Control Query details
Documentation
EC2 Instance Using API Keys
0b93729a-d882-4803-bdc3-ac429a21f158
Terraform Low Access Control Query details
Documentation
SSO Permission With Inadequate User Session Duration
ce9dfce0-5fc8-433b-944a-3b16153111a8
Terraform Low Access Control Query details
Documentation
Autoscaling Groups Supply Tags
ba48df05-eaa1-4d64-905e-4a4b051e7587
Terraform Low Availability Query details
Documentation
ECS Service Without Running Tasks
91f16d09-689e-4926-aca7-155157f634ed
Terraform Low Availability Query details
Documentation
Automatic Minor Upgrades Disabled
3b6d777b-76e3-4133-80a3-0d6f667ade7f
Terraform Low Best Practices Query details
Documentation
CDN Configuration Is Missing
1bc367f6-901d-4870-ad0c-71d79762ef52
Terraform Low Best Practices Query details
Documentation
Cognito UserPool Without MFA
ec28bf61-a474-4dbe-b414-6dd3a067d6f0
Terraform Low Best Practices Query details
Documentation
ECR Repository Without Policy
69e7c320-b65d-41bb-be02-d63ecc0bcc9d
Terraform Low Best Practices Query details
Documentation
IAM Access Analyzer Not Enabled
e592a0c5-5bdb-414c-9066-5dba7cdea370
Terraform Low Best Practices Query details
Documentation
IAM Password Without Minimum Length
1bc1c685-e593-450e-88fb-19db4c82aa1d
Terraform Low Best Practices Query details
Documentation
Lambda IAM InvokeFunction Misconfigured
0ca1017d-3b80-423e-bb9c-6cd5898d34bd
Terraform Low Best Practices Query details
Documentation
Lambda Permission Misconfigured
75ec6890-83af-4bf1-9f16-e83726df0bd0
Terraform Low Best Practices Query details
Documentation
Misconfigured Password Policy Expiration
ce60d060-efb8-4bfd-9cf7-ff8945d00d90
Terraform Low Best Practices Query details
Documentation
Password Without Reuse Prevention
89806cdc-9c2e-4bd1-a0dc-53f339bcfb2a
Terraform Low Best Practices Query details
Documentation
Stack Without Template
91bea7b8-0c31-4863-adc9-93f6177266c4
Terraform Low Build Process Query details
Documentation
API Gateway With Invalid Compression
ed35928e-195c-4405-a252-98ccb664ab7b
Terraform Low Encryption Query details
Documentation
CloudTrail Log Files Not Encrypted With KMS
5d9e3164-9265-470c-9a10-57ae454ac0c7
Terraform Low Encryption Query details
Documentation
CodeBuild Project Encrypted With AWS Managed Key
3deec14b-03d2-4d27-9670-7d79322e3340
Terraform Low Encryption Query details
Documentation
DOCDB Cluster Encrypted With AWS Managed Key
2134641d-30a4-4b16-8ffc-2cd4c4ffd15d
Terraform Low Encryption Query details
Documentation
ECR Repository Not Encrypted With CMK
0e32d561-4b5a-4664-a6e3-a3fa85649157
Terraform Low Encryption Query details
Documentation
EFS Without KMS
25d251f3-f348-4f95-845c-1090e41a615c
Terraform Low Encryption Query details
Documentation
AWS Password Policy With Unchangeable Passwords
9ef7d25d-9764-4224-9968-fa321c56ef76
Terraform Low Insecure Configurations Query details
Documentation
IAM User Policy Without MFA
b5681959-6c09-4f55-b42b-c40fa12d03ec
Terraform Low Insecure Configurations Query details
Documentation
Instance With No VPC
a31a5a29-718a-4ff4-8001-a69e5e4d029e
Terraform Low Insecure Configurations Query details
Documentation
Redis Disabled
4bd15dd9-8d5e-4008-8532-27eb0c3706d3
Terraform Low Insecure Configurations Query details
Documentation
Redshift Cluster Without VPC
0a494a6a-ebe2-48a0-9d77-cf9d5125e1b3
Terraform Low Insecure Configurations Query details
Documentation
S3 Bucket Without Enabled MFA Delete
c5b31ab9-0f26-4a49-b8aa-4cc064392f4d
Terraform Low Insecure Configurations Query details
Documentation
Dynamodb VPC Endpoint Without Route Table Association
0bc534c5-13d1-4353-a7fe-b8665d5c1d7d
Terraform Low Networking and Firewall Query details
Documentation
EC2 Instance Using Default VPC
7e4a6e76-568d-43ef-8c4e-36dea481bff1
Terraform Low Networking and Firewall Query details
Documentation
ElastiCache Using Default Port
5d89db57-8b51-4b38-bb76-b9bd42bd40f0
Terraform Low Networking and Firewall Query details
Documentation
ElastiCache Without VPC
8c849af7-a399-46f7-a34c-32d3dc96f1fc
Terraform Low Networking and Firewall Query details
Documentation
EMR Without VPC
2b3c8a6d-9856-43e6-ab1d-d651094f03b4
Terraform Low Networking and Firewall Query details
Documentation
RDS Using Default Port
bca7cc4d-b3a4-4345-9461-eb69c68fcd26
Terraform Low Networking and Firewall Query details
Documentation
Redshift Using Default Port
41abc6cc-dde1-4217-83d3-fb5f0cc09d8f
Terraform Low Networking and Firewall Query details
Documentation
Sensitive Port Is Exposed To Wide Private Network
92fe237e-074c-4262-81a4-2077acb928c1
Terraform Low Networking and Firewall Query details
Documentation
Shield Advanced Not In Use
084c6686-2a70-4710-91b1-000393e54c12
Terraform Low Networking and Firewall Query details
Documentation
SQS VPC Endpoint Without DNS Resolution
e9b7acf9-9ba0-4837-a744-31e7df1e434d
Terraform Low Networking and Firewall Query details
Documentation
API Gateway Deployment Without API Gateway UsagePlan Associated
b3a59b8e-94a3-403e-b6e2-527abaf12034
Terraform Low Observability Query details
Documentation
API Gateway X-Ray Disabled
5813ef56-fa94-406a-b35d-977d4a56ff2b
Terraform Low Observability Query details
Documentation
CloudTrail Log File Validation Disabled
52ffcfa6-6c70-4ea6-8376-d828d3961669
Terraform Low Observability Query details
Documentation
CloudTrail Multi Region Disabled
8173d5eb-96b5-4aa6-a71b-ecfa153c123d
Terraform Low Observability Query details
Documentation
CloudTrail Not Integrated With CloudWatch
17b30f8f-8dfb-4597-adf6-57600b6cf25e
Terraform Low Observability Query details
Documentation
CloudTrail SNS Topic Name Undefined
482b7d26-0bdb-4b5f-bf6f-545826c0a3dd
Terraform Low Observability Query details
Documentation
CloudWatch Console Sign-in Without MFA Alarm Missing
44ceb4fa-0897-4fd2-b676-30e7a58f2933
Terraform Low Observability Query details
Documentation
CloudWatch IAM Policy Changes Alarm Missing
eaaba502-2f94-411a-a3c2-83d63cc1776d
Terraform Low Observability Query details
Documentation
CloudWatch Network Gateways Changes Alarm Missing
6b6874fe-4c2f-4eea-8b90-7cceaa4a125e
Terraform Low Observability Query details
Documentation
CloudWatch Route Table Changes Alarm Missing
2285e608-ddbc-47f3-ba54-ce7121e31216
Terraform Low Observability Query details
Documentation
CMK Rotation Disabled
22fbfeac-7b5a-421a-8a27-7a2178bb910b
Terraform Low Observability Query details
Documentation
Configuration Aggregator to All Regions Disabled
ac5a0bc0-a54c-45aa-90c3-15f7703b9132
Terraform Low Observability Query details
Documentation
ECS Cluster with Container Insights Disabled
97cb0688-369a-4d26-b1f7-86c4c91231bc
Terraform Low Observability Query details
Documentation
ElasticSearch Without Slow Logs
e979fcbc-df6c-422d-9458-c33d65e71c45
Terraform Low Observability Query details
Documentation
KMS Key With No Deletion Window
0b530315-0ea4-497f-b34c-4ff86268f59d
Terraform Low Observability Query details
Documentation
Lambda Functions Without X-Ray Tracing
8152e0cf-d2f0-47ad-96d5-d003a76eabd1
Terraform Low Observability Query details
Documentation
Unscanned ECR Image
9630336b-3fed-4096-8173-b9afdfe346a7
Terraform Low Observability Query details
Documentation
API Gateway Stage Without API Gateway UsagePlan Associated
c999cf62-0920-40f8-8dda-0caccd66ed7e
Terraform Low Resource Management Query details
Documentation
Security Group Not Used
4849211b-ac39-479e-ae78-5694d506cb24
Terraform Info Access Control Query details
Documentation
DynamoDB Table Point In Time Recovery Disabled
741f1291-47ac-4a85-a07b-3d32a9d6bd3e
Terraform Info Best Practices Query details
Documentation
EC2 Not EBS Optimized
60224630-175a-472a-9e23-133827040766
Terraform Info Best Practices Query details
Documentation
Resource Not Using Tags
e38a8e0a-b88b-4902-b3fe-b0fcb17d5c10
Terraform Info Best Practices Query details
Documentation
Security Group Rule Without Description
68eb4bf3-f9bf-463d-b5cf-e029bb446d2e
Terraform Info Best Practices Query details
Documentation
Security Group Without Description
cb3f5ed6-0d18-40de-a93d-b3538db31e8c
Terraform Info Best Practices Query details
Documentation
CloudWatch AWS Organizations Changes Missing Alarm
38b85c45-e772-4de8-a247-69619ca137b3
Terraform Info Observability Query details
Documentation
CloudWatch Without Retention Period Specified
ef0b316a-211e-42f1-888e-64efe172b755
Terraform Info Observability Query details
Documentation
BOM - AWS DynamoDB
23edf35f-7c22-4ff9-87e6-0ca74261cfbf
Terraform Trace Bill Of Materials Query details
Documentation
BOM - AWS EBS
86571149-eef3-4280-a645-01e60df854b0
Terraform Trace Bill Of Materials Query details
Documentation
BOM - AWS EFS
f53f16d6-46a9-4277-9fbe-617b1e24cdca
Terraform Trace Bill Of Materials Query details
Documentation
BOM - AWS Elasticache
54229498-850b-4f78-b3a7-218d24ef2c37
Terraform Trace Bill Of Materials Query details
Documentation
BOM - AWS Kinesis
0e59d33e-bba2-4037-8f88-9765647ca7ad
Terraform Trace Bill Of Materials Query details
Documentation
BOM - AWS MQ
fcb1b388-f558-4b7f-9b6e-f4e98abb7380
Terraform Trace Bill Of Materials Query details
Documentation
BOM - AWS MSK
051f2063-2517-4295-ad8e-ba88c1bf5cfc
Terraform Trace Bill Of Materials Query details
Documentation
BOM - AWS RDS
12933609-c5bf-44b4-9a41-a6467c3b685b
Terraform Trace Bill Of Materials Query details
Documentation
BOM - AWS S3 Buckets
2d16c3fb-35ba-4ec0-b4e4-06ee3cbd4045
Terraform Trace Bill Of Materials Query details
Documentation
BOM - AWS SNS
eccc4d59-74b9-4974-86f1-74386e0c7f33
Terraform Trace Bill Of Materials Query details
Documentation
BOM - AWS SQS
baecd2da-492a-4d59-b9dc-29540a1398e0
Terraform Trace Bill Of Materials Query details
Documentation
CosmosDB Account IP Range Filter Not Set
c2a3efb6-8a58-481c-82f2-bfddf34bb4b7
Terraform Critical Networking and Firewall Query details
Documentation
Redis Entirely Accessible
fd8da341-6760-4450-b26c-9f6d8850575e
Terraform Critical Networking and Firewall Query details
Documentation
Redis Publicly Accessible
5089d055-53ff-421b-9482-a5267bdce629
Terraform Critical Networking and Firewall Query details
Documentation
SQLServer Ingress From Any IP
25c0ea09-f1c5-4380-b055-3b83863f2bb8
Terraform Critical Networking and Firewall Query details
Documentation
Unrestricted SQL Server Access
d7ba74da-2da0-4d4b-83c8-2fd72a3f6c28
Terraform Critical Networking and Firewall Query details
Documentation
Public Storage Account
17f75827-0684-48f4-8747-61129c7e4198
Terraform High Access Control Query details
Documentation
Storage Container Is Publicly Accessible
dd5230f8-a577-4bbb-b7ac-f2c2fe7d5299
Terraform High Access Control Query details
Documentation
Azure Container Registry With No Locks
a187ac47-8163-42ce-8a63-c115236be6fb
Terraform High Insecure Configurations Query details
Documentation
Security Group is Not Configured
5c822443-e1ea-46b8-84eb-758ec602e844
Terraform High Insecure Configurations Query details
Documentation
MariaDB Server Public Network Access Enabled
7f0a8696-7159-4337-ad0d-8a3ab4a78195
Terraform High Networking and Firewall Query details
Documentation
MSSQL Server Public Network Access Enabled
ade36cf4-329f-4830-a83d-9db72c800507
Terraform High Networking and Firewall Query details
Documentation
MySQL Server Public Access Enabled
f118890b-2468-42b1-9ce9-af35146b425b
Terraform High Networking and Firewall Query details
Documentation
RDP Is Exposed To The Internet
efbf6449-5ec5-4cfe-8f15-acc51e0d787c
Terraform High Networking and Firewall Query details
Documentation
Sensitive Port Is Exposed To Entire Network
594c198b-4d79-41b8-9b36-fde13348b619
Terraform High Networking and Firewall Query details
Documentation
Admin User Enabled For Container Registry
b897dfbf-322c-45a8-b67c-1e698beeaa51
Terraform Medium Access Control Query details
Documentation
AKS RBAC Disabled
86f92117-eed8-4614-9c6c-b26da20ff37f
Terraform Medium Access Control Query details
Documentation
App Service Authentication Disabled
c7fc1481-2899-4490-bbd8-544a3a61a2f3
Terraform Medium Access Control Query details
Documentation
Function App Authentication Disabled
e65a0733-94a0-4826-82f4-df529f4c593f
Terraform Medium Access Control Query details
Documentation
Role Assignment Not Limit Guest User Permissions
8e75e431-449f-49e9-b56a-c8f1378025cf
Terraform Medium Access Control Query details
Documentation
Role Definition Allows Custom Role Creation
3fa5900f-9aac-4982-96b2-a6143d9c99fb
Terraform Medium Access Control Query details
Documentation
Storage Share File Allows All ACL Permissions
48bbe0fd-57e4-4678-a4a1-119e79c90fc3
Terraform Medium Access Control Query details
Documentation
Storage Table Allows All ACL Permissions
3ac3e75c-6374-4a32-8ba0-6ed69bda404e
Terraform Medium Access Control Query details
Documentation
Azure Instance Using Basic Authentication
dafe30ec-325d-4516-85d1-e8e6776f012c
Terraform Medium Best Practices Query details
Documentation
Key Vault Secrets Content Type Undefined
f8e08a38-fc6e-4915-abbe-a7aadf1d59ef
Terraform Medium Best Practices Query details
Documentation
Security Contact Email
34664094-59e0-4524-b69f-deaa1a68cce3
Terraform Medium Best Practices Query details
Documentation
App Service Not Using Latest TLS Encryption Version
b7b9d1c7-2d3b-49b4-b867-ebbe68d0b643
Terraform Medium Encryption Query details
Documentation
Encryption On Managed Disk Disabled
a99130ab-4c0e-43aa-97f8-78d4fcb30024
Terraform Medium Encryption Query details
Documentation
Function App Not Using Latest TLS Encryption Version
45fc717a-bd86-415c-bdd8-677901be1aa6
Terraform Medium Encryption Query details
Documentation
MySQL SSL Connection Disabled
73e42469-3a86-4f39-ad78-098f325b4e9f
Terraform Medium Encryption Query details
Documentation
SSL Enforce Disabled
0437633b-daa6-4bbc-8526-c0d2443b946e
Terraform Medium Encryption Query details
Documentation
Storage Account Not Forcing HTTPS
12944ec4-1fa0-47be-8b17-42a034f937c2
Terraform Medium Encryption Query details
Documentation
Storage Account Not Using Latest TLS Encryption Version
8263f146-5e03-43e0-9cfe-db960d56d1e7
Terraform Medium Encryption Query details
Documentation
AD Admin Not Configured For SQL Server
a3a055d2-9a2e-4cc9-b9fb-12850a1a3a4b
Terraform Medium Insecure Configurations Query details
Documentation
AKS Private Cluster Disabled
599318f2-6653-4569-9e21-041d06c63a89
Terraform Medium Insecure Configurations Query details
Documentation
App Service FTPS Enforce Disabled
85da374f-b00f-4832-9d44-84a1ca1e89f8
Terraform Medium Insecure Configurations Query details
Documentation
App Service HTTP2 Disabled
525b53be-62ed-4244-b4df-41aecfcb4071
Terraform Medium Insecure Configurations Query details
Documentation
Azure App Service Client Certificate Disabled
a81573f9-3691-4d83-88a0-7d4af63e17a3
Terraform Medium Insecure Configurations Query details
Documentation
Function App Client Certificates Unrequired
9bb3c639-5edf-458c-8ee5-30c17c7d671d
Terraform Medium Insecure Configurations Query details
Documentation
Function App FTPS Enforce Disabled
9dab0179-433d-4dff-af8f-0091025691df
Terraform Medium Insecure Configurations Query details
Documentation
Function App HTTP2 Disabled
ace823d1-4432-4dee-945b-cdf11a5a6bd0
Terraform Medium Insecure Configurations Query details
Documentation
Function App Managed Identity Disabled
c87749b3-ff10-41f5-9df2-c421e8151759
Terraform Medium Insecure Configurations Query details
Documentation
Network Watcher Flow Disabled
b90842e5-6779-44d4-9760-972f4c03ba1c
Terraform Medium Insecure Configurations Query details
Documentation
Redis Cache Allows Non SSL Connections
e29a75e6-aba3-4896-b42d-b87818c16b58
Terraform Medium Insecure Configurations Query details
Documentation
Redis Not Updated Regularly
b947809d-dd2f-4de9-b724-04d101c515aa
Terraform Medium Insecure Configurations Query details
Documentation
Security Center Pricing Tier Is Not Standard
819d50fd-1cdf-45c3-9936-be408aaad93e
Terraform Medium Insecure Configurations Query details
Documentation
Small Flow Logs Retention Period
7750fcca-dd03-4d38-b663-4b70289bcfd4
Terraform Medium Insecure Configurations Query details
Documentation
VM Not Attached To Network
bbf6b3df-4b65-4f87-82cc-da9f30f8c033
Terraform Medium Insecure Configurations Query details
Documentation
Web App Accepting Traffic Other Than HTTPS
11e9a948-c6c3-4a0f-8dcf-b5cf1763cdbe
Terraform Medium Insecure Configurations Query details
Documentation
Default Azure Storage Account Network Access Is Too Permissive
a5613650-32ec-4975-a305-31af783153ea
Terraform Medium Insecure Defaults Query details
Documentation
Azure Cognitive Search Public Network Access Enabled
4a9e0f00-0765-4f72-a0d4-d31110b78279
Terraform Medium Networking and Firewall Query details
Documentation
Firewall Rule Allows Too Many Hosts To Access Redis Cache
a829b715-cf75-4e92-b645-54c9b739edfb
Terraform Medium Networking and Firewall Query details
Documentation
Network Interfaces IP Forwarding Enabled
4216ebac-d74c-4423-b437-35025cb88af5
Terraform Medium Networking and Firewall Query details
Documentation
Network Interfaces With Public IP
c1573577-e494-4417-8854-7e119368dc8b
Terraform Medium Networking and Firewall Query details
Documentation
Sensitive Port Is Exposed To Small Public Network
e9dee01f-2505-4df2-b9bf-7804d1fd9082
Terraform Medium Networking and Firewall Query details
Documentation
SSH Is Exposed To The Internet
3e3c175e-aadf-4e2b-a464-3fdac5748d24
Terraform Medium Networking and Firewall Query details
Documentation
Trusted Microsoft Services Not Enabled
5400f379-a347-4bdd-a032-446465fdcc6f
Terraform Medium Networking and Firewall Query details
Documentation
WAF Is Disabled For Azure Application Gateway
2e48d91c-50e4-45c8-9312-27b625868a72
Terraform Medium Networking and Firewall Query details
Documentation
Email Alerts Disabled
9db38e87-f6aa-4b5e-a1ec-7266df259409
Terraform Medium Observability Query details
Documentation
Log Retention Is Not Set
ffb02aca-0d12-475e-b77c-a726f7aeff4b
Terraform Medium Observability Query details
Documentation
MSSQL Server Auditing Disabled
609839ae-bd81-4375-9910-5bce72ae7b92
Terraform Medium Observability Query details
Documentation
PostgreSQL Log Checkpoints Disabled
3790d386-be81-4dcf-9850-eaa7df6c10d9
Terraform Medium Observability Query details
Documentation
PostgreSQL Log Connections Not Set
c640d783-10c5-4071-b6c1-23507300d333
Terraform Medium Observability Query details
Documentation
PostgreSQL Log Disconnections Not Set
07f7134f-9f37-476e-8664-670c218e4702
Terraform Medium Observability Query details
Documentation
PostgreSQL Log Duration Not Set
16e0879a-c4ae-4ff8-a67d-a2eed5d67b8f
Terraform Medium Observability Query details
Documentation
PostgreSQL Server Without Connection Throttling
2b3c671f-1b76-4741-8789-ed1fe0785dc4
Terraform Medium Observability Query details
Documentation
SQL Server Auditing Disabled
f7e296b0-6660-4bc5-8f87-22ac4a815edf
Terraform Medium Observability Query details
Documentation
Vault Auditing Disabled
38c71c00-c177-4cd7-8d36-cd1007cdb190
Terraform Medium Observability Query details
Documentation
PostgreSQL Server Threat Detection Policy Disabled
c407c3cf-c409-4b29-b590-db5f4138d332
Terraform Medium Resource Management Query details
Documentation
SQL Database Audit Disabled
83a229ba-483e-47c6-8db7-dc96969bce5a
Terraform Medium Resource Management Query details
Documentation
Key Expiration Not Set
4d080822-5ee2-49a4-8984-68f3d4c890fc
Terraform Medium Secret Management Query details
Documentation
Secret Expiration Not Set
dfa20ffa-f476-428f-a490-424b41e91c7f
Terraform Medium Secret Management Query details
Documentation
Azure Active Directory Authentication
a21c8da9-41bf-40cf-941d-330cf0d11fc7
Terraform Low Access Control Query details
Documentation
Virtual Network with DDoS Protection Plan disabled
b4cc2c52-34a6-4b43-b57c-4bdeb4514a5a
Terraform Low Availability Query details
Documentation
Geo Redundancy Is Disabled
8b042c30-e441-453f-b162-7696982ebc58
Terraform Low Backup Query details
Documentation
MariaDB Server Geo-redundant Backup Disabled
0a70d5f3-1ecd-4c8e-9292-928fc9a8c4f1
Terraform Low Backup Query details
Documentation
AKS Uses Azure Policies Add-On Disabled
43789711-161b-4708-b5bb-9d1c626f7492
Terraform Low Best Practices Query details
Documentation
App Service Without Latest PHP Version
96fe318e-d631-4156-99fa-9080d57280ae
Terraform Low Best Practices Query details
Documentation
App Service Without Latest Python Version
cc4aaa9d-1070-461a-b519-04e00f42db8a
Terraform Low Best Practices Query details
Documentation
SQL Server Predictable Active Directory Account Name
bcd3fc01-5902-4f2a-b05a-227f9bbf5450
Terraform Low Best Practices Query details
Documentation
SQL Server Predictable Admin Account Name
2ab6de9a-0136-415c-be92-79d2e4fd750f
Terraform Low Best Practices Query details
Documentation
Cosmos DB Account Without Tags
56dad03e-e94f-4dd6-93a4-c253a03ff7a0
Terraform Low Build Process Query details
Documentation
AKS Disk Encryption Set ID Undefined
b17d8bb8-4c08-4785-867e-cb9e62a622aa
Terraform Low Encryption Query details
Documentation
PostgreSQL Server Infrastructure Encryption Disabled
6425c98b-ca4e-41fe-896a-c78772c131f8
Terraform Low Encryption Query details
Documentation
AKS Network Policy Misconfigured
f5342045-b935-402d-adf1-8dbbd09c0eef
Terraform Low Insecure Configurations Query details
Documentation
Dashboard Is Enabled
61c3cb8b-0715-47e4-b788-86dde40dd2db
Terraform Low Insecure Configurations Query details
Documentation
Azure Front Door WAF Disabled
835a4f2f-df43-437d-9943-545ccfc55961
Terraform Low Networking and Firewall Query details
Documentation
Sensitive Port Is Exposed To Wide Private Network
c6c7b33d-d7f6-4ab8-8c82-ca0431ecdb7e
Terraform Low Networking and Firewall Query details
Documentation
Small Activity Log Retention Period
2b856bf9-8e8c-4005-875f-303a8cba3918
Terraform Low Observability Query details
Documentation
Small MSSQL Audit Retention Period
9c301481-e6ec-44f7-8a49-8ec63e2969ea
Terraform Low Observability Query details
Documentation
Small MSSQL Server Audit Retention
59acb56b-2b10-4c2c-ba38-f2223c3f5cfc
Terraform Low Observability Query details
Documentation
Small PostgreSQL DB Server Log Retention Period
261a83f8-dd72-4e8c-b5e1-ebf06e8fe606
Terraform Low Observability Query details
Documentation
App Service Managed Identity Disabled
b61cce4b-0cc4-472b-8096-15617a6d769b
Terraform Low Resource Management Query details
Documentation
SQL Server Alert Email Disabled
55975007-f6e7-4134-83c3-298f1fe4b519
Terraform Info Best Practices Query details
Documentation
Beta - Databricks Cluster or Job With None Or Insecure Permission(s)
a4edb7e1-c0e0-4f7f-9d7c-d1b603e81ad5
Terraform High Insecure Configurations Query details
Documentation
Beta - Unrestricted Databricks ACL
2c4fe4a9-f44b-4c70-b09b-5b75cd251805
Terraform High Networking and Firewall Query details
Documentation
Beta - Job's Task is Legacy (spark_submit_task)
375cdab9-3f94-4ae0-b1e3-8fbdf9cdf4d7
Terraform Medium Best Practices Query details
Documentation
Beta - Indefinitely Databricks OBO Token Lifetime
23e1f5f0-12b7-4d7e-9087-f60f42ccd514
Terraform Medium Insecure Defaults Query details
Documentation
Beta - Indefinitely Databricks Token Lifetime
7d05ca25-91b4-42ee-b6f6-b06611a87ce8
Terraform Medium Insecure Defaults Query details
Documentation
Beta - Databricks Autoscale Badly Setup
953c0cc6-5f30-44cb-a803-bf4ef2571be8
Terraform Medium Resource Management Query details
Documentation
Beta - Databricks Group Without User Or Instance Profile
23c3067a-8cc9-480c-b645-7c1e0ad4bf60
Terraform Low Access Control Query details
Documentation
Beta - Check Databricks Cluster AWS Attribute Best Practices
b0749c53-e3ff-4d09-bbe4-dca94e2e7a38
Terraform Low Best Practices Query details
Documentation
Beta - Check Databricks Cluster Azure Attribute Best Practices
38028698-e663-4ef7-aa92-773fef0ca86f
Terraform Low Best Practices Query details
Documentation
Beta - Check Databricks Cluster GCP Attribute Best Practices
539e4557-d2b5-4d57-a001-cb01140a4e2d
Terraform Low Best Practices Query details
Documentation
Beta - Check use no LTS Spark Version
5a627dfa-a4dd-4020-a4c6-5f3caf4abcd6
Terraform Low Best Practices Query details
Documentation
Cloud Storage Anonymous or Publicly Accessible
a6cd52a1-3056-4910-96a5-894de9f3f3b3
Terraform Critical Access Control Query details
Documentation
SQL DB Instance Publicly Accessible
b187edca-b81e-4fdc-aff4-aab57db45edb
Terraform Critical Insecure Configurations Query details
Documentation
BigQuery Dataset Is Public
e576ce44-dd03-4022-a8c0-3906acca2ab4
Terraform High Access Control Query details
Documentation
Google Project IAM Binding Service Account has Token Creator or Account User Role
617ef6ff-711e-4bd7-94ae-e965911b1b40
Terraform High Access Control Query details
Documentation
Google Project IAM Member Service Account Has Admin Role
84d36481-fd63-48cb-838e-635c44806ec2
Terraform High Access Control Query details
Documentation
Google Project IAM Member Service Account has Token Creator or Account User Role
c68b4e6d-4e01-4ca1-b256-1e18e875785c
Terraform High Access Control Query details
Documentation
KMS Crypto Key is Publicly Accessible
16cc87d1-dd47-4f46-b3ce-4dfcac8fd2f5
Terraform High Encryption Query details
Documentation
SQL DB Instance With SSL Disabled
02474449-71aa-40a1-87ae-e14497747b00
Terraform High Encryption Query details
Documentation
GKE Legacy Authorization Enabled
5baa92d2-d8ee-4c75-88a4-52d9d8bb8067
Terraform High Insecure Configurations Query details
Documentation
Google Storage Bucket Level Access Disabled
bb0db090-5509-4853-a827-75ced0b3caa0
Terraform High Insecure Configurations Query details
Documentation
RDP Access Is Not Restricted
678fd659-96f2-454a-a2a0-c2571f83a4a3
Terraform High Networking and Firewall Query details
Documentation
Cloud Storage Bucket Is Publicly Accessible
c010082c-76e0-4b91-91d9-6e8439e455dd
Terraform Medium Access Control Query details
Documentation
KMS Admin and CryptoKey Roles In Use
92e4464a-4139-4d57-8742-b5acc0347680
Terraform Medium Access Control Query details
Documentation
OSLogin Disabled
32ecd6eb-0711-421f-9627-1a28d9eff217
Terraform Medium Access Control Query details
Documentation
VM With Full Cloud Access
bc280331-27b9-4acb-a010-018e8098aa5d
Terraform Medium Access Control Query details
Documentation
SQL DB Instance Backup Disabled
cf3c7631-cd1e-42f3-8801-a561214a6e79
Terraform Medium Backup Query details
Documentation
Disk Encryption Disabled
b1d51728-7270-4991-ac2f-fc26e2695b38
Terraform Medium Encryption Query details
Documentation
DNSSEC Using RSASHA1
ccc3100c-0fdd-4a5e-9908-c10107291860
Terraform Medium Encryption Query details
Documentation
Google Compute SSL Policy Weak Cipher In Use
14a457f0-473d-4d1d-9e37-6d99b355b336
Terraform Medium Encryption Query details
Documentation
Cloud DNS Without DNSSEC
5ef61c88-bbb4-4725-b1df-55d23c9676bb
Terraform Medium Insecure Configurations Query details
Documentation
Google Container Node Pool Auto Repair Disabled
acfdbec6-4a17-471f-b412-169d77553332
Terraform Medium Insecure Configurations Query details
Documentation
Google Project Auto Create Network Disabled
59571246-3f62-4965-a96f-c7d97e269351
Terraform Medium Insecure Configurations Query details
Documentation
IP Aliasing Disabled
c606ba1d-d736-43eb-ac24-e16108f3a9e0
Terraform Medium Insecure Configurations Query details
Documentation
Network Policy Disabled
11e7550e-c4b6-472e-adff-c698f157cdd7
Terraform Medium Insecure Configurations Query details
Documentation
OSLogin Is Disabled For VM Instance
d0b4d550-c001-46c3-bbdb-d5d75d33f05f
Terraform Medium Insecure Configurations Query details
Documentation
Pod Security Policy Disabled
9192e0f9-eca5-4056-9282-ae2a736a4088
Terraform Medium Insecure Configurations Query details
Documentation
Private Cluster Disabled
6ccb85d7-0420-4907-9380-50313f80946b
Terraform Medium Insecure Configurations Query details
Documentation
Shielded GKE Nodes Disabled
579a0727-9c29-4d58-8195-fc5802a8bdb4
Terraform Medium Insecure Configurations Query details
Documentation
Shielded VM Disabled
1b44e234-3d73-41a8-9954-0b154135280e
Terraform Medium Insecure Configurations Query details
Documentation
GKE Using Default Service Account
1c8eef02-17b1-4a3e-b01d-dcc3292d2c38
Terraform Medium Insecure Defaults Query details
Documentation
Using Default Service Account
3cb4af0b-056d-4fb1-8b95-fdc4593625ff
Terraform Medium Insecure Defaults Query details
Documentation
Google Compute Network Using Default Firewall Rule
40abce54-95b1-478c-8e5f-ea0bf0bb0e33
Terraform Medium Networking and Firewall Query details
Documentation
Google Compute Network Using Firewall Rule that Allows All Ports
22ef1d26-80f8-4a6c-8c15-f35aab3cac78
Terraform Medium Networking and Firewall Query details
Documentation
IP Forwarding Enabled
f34c0c25-47b4-41eb-9c79-249b4dd47b89
Terraform Medium Networking and Firewall Query details
Documentation
Serial Ports Are Enabled For VM Instances
97fa667a-d05b-4f16-9071-58b939f34751
Terraform Medium Networking and Firewall Query details
Documentation
SSH Access Is Not Restricted
c4dcdcdf-10dd-4bf4-b4a0-8f6239e6aaa0
Terraform Medium Networking and Firewall Query details
Documentation
Cloud Storage Bucket Logging Not Enabled
d6cabc3a-d57e-48c2-b341-bf3dd4f4a120
Terraform Medium Observability Query details
Documentation
Cloud Storage Bucket Versioning Disabled
e7e961ac-d17e-4413-84bc-8a1fbe242944
Terraform Medium Observability Query details
Documentation
Google Compute Subnetwork Logging Disabled
40430747-442d-450a-a34f-dc57149f4609
Terraform Medium Observability Query details
Documentation
Stackdriver Logging Disabled
4c7ebcb2-eae2-461e-bc83-456ee2d4f694
Terraform Medium Observability Query details
Documentation
Stackdriver Monitoring Disabled
30e8dfd2-3591-4d19-8d11-79e93106c93d
Terraform Medium Observability Query details
Documentation
Node Auto Upgrade Disabled
b139213e-7d24-49c2-8025-c18faa21ecaa
Terraform Medium Resource Management Query details
Documentation
Service Account with Improper Privileges
cefdad16-0dd5-4ac5-8ed2-a37502c78672
Terraform Medium Resource Management Query details
Documentation
High Google KMS Crypto Key Rotation Period
d8c57c4e-bf6f-4e32-a2bf-8643532de77b
Terraform Medium Secret Management Query details
Documentation
Project-wide SSH Keys Are Enabled In VM Instances
3e4d5ce6-3280-4027-8010-c26eeea1ec01
Terraform Medium Secret Management Query details
Documentation
User with IAM Role
704fcc44-a58f-4af5-82e2-93f2a58ef918
Terraform Low Access Control Query details
Documentation
Outdated GKE Version
128df7ec-f185-48bc-8913-ce756a3ccb85
Terraform Low Best Practices Query details
Documentation
Cluster Labels Disabled
65c1bc7a-4835-4ac4-a2b6-13d310b0648d
Terraform Low Insecure Configurations Query details
Documentation
COS Node Image Not Used
8a893e46-e267-485a-8690-51f39951de58
Terraform Low Insecure Configurations Query details
Documentation
Legacy Client Certificate Auth Enabled
73fb21a1-b19a-45b1-b648-b47b1678681e
Terraform Low Insecure Configurations Query details
Documentation
Not Proper Email Account In Use
9356962e-4a4f-4d06-ac59-dc8008775eaa
Terraform Low Insecure Configurations Query details
Documentation
Google Compute Network Using Firewall Rule that Allows Port Range
e6f61c37-106b-449f-a5bb-81bfcaceb8b4
Terraform Low Networking and Firewall Query details
Documentation
Google Compute Subnetwork with Private Google Access Disabled
ee7b93c1-b3f8-4a3b-9588-146d481814f5
Terraform Low Networking and Firewall Query details
Documentation
IAM Audit Not Properly Configured
89fe890f-b480-460c-8b6b-7d8b1468adb4
Terraform Low Observability Query details
Documentation
BOM - GCP Dataflow
895ed0d9-6fec-4567-8614-d7a74b599a53
Terraform Trace Bill Of Materials Query details
Documentation
BOM - GCP FI
c9d81239-c818-4869-9917-1570c62b81fd
Terraform Trace Bill Of Materials Query details
Documentation
BOM - GCP PD
dd7d70aa-a6ec-460d-b5d2-38b40253b16f
Terraform Trace Bill Of Materials Query details
Documentation
BOM - GCP PST
4b82202a-b18e-4891-a1eb-a0989850bbb3
Terraform Trace Bill Of Materials Query details
Documentation
BOM - GCP Redis
bc75ce52-a60a-4660-b533-bce837a5019b
Terraform Trace Bill Of Materials Query details
Documentation
BOM - GCP SB
2f06d22c-56bd-4f73-8a51-db001fcf2150
Terraform Trace Bill Of Materials Query details
Documentation
Github Organization Webhook With SSL Disabled
ce7c874e-1b88-450b-a5e4-cb76ada3c8a9
Terraform Medium Encryption Query details
Documentation
GitHub Repository Set To Public
15d8a7fd-465a-4d15-a868-add86552f17b
Terraform Medium Insecure Configurations Query details
Documentation
Non Kube System Pod With Host Mount
86a947ea-f577-4efb-a8b0-5fc00257d521
Terraform High Access Control Query details
Documentation
Cluster Allows Unsafe Sysctls
a9174d31-d526-4ad9-ace4-ce7ddbf52e03
Terraform High Insecure Configurations Query details
Documentation
Container Is Privileged
87065ef8-de9b-40d8-9753-f4a4303e27a4
Terraform High Insecure Configurations Query details
Documentation
Container Runs Unmasked
0ad60203-c050-4115-83b6-b94bde92541d
Terraform High Insecure Configurations Query details
Documentation
Containers With Sys Admin Capabilities
3f55386d-75cd-4e9a-ac47-167b26c04724
Terraform High Insecure Configurations Query details
Documentation
Privilege Escalation Allowed
c878abb4-cca5-4724-92b9-289be68bd47c
Terraform High Insecure Configurations Query details
Documentation
PSP Allows Containers To Share The Host Network Namespace
4950837c-0ce5-4e42-9bee-a25eae73740b
Terraform High Insecure Configurations Query details
Documentation
PSP Allows Privilege Escalation
2bff9906-4e9b-4f71-9346-8ebedfdf43ef
Terraform High Insecure Configurations Query details
Documentation
PSP Allows Sharing Host IPC
51bed0ac-a8ae-407a-895e-90c6cb0610ce
Terraform High Insecure Configurations Query details
Documentation
PSP Set To Privileged
a6a4d4fc-4e8f-47d1-969f-e9d4a084f3b9
Terraform High Insecure Configurations Query details
Documentation
PSP With Added Capabilities
48388bd2-7201-4dcc-b56d-e8a9efa58fad
Terraform High Insecure Configurations Query details
Documentation
Tiller (Helm v2) Is Deployed
ca2fba76-c1a7-4afd-be67-5249f861cb0e
Terraform High Insecure Configurations Query details
Documentation
Workload Mounting With Sensitive OS Directory
a737be28-37d8-4bff-aa6d-1be8aa0a0015
Terraform High Insecure Configurations Query details
Documentation
Volume Mount With OS Directory Write Permissions
a62a99d1-8196-432f-8f80-3c100b05d62a
Terraform High Resource Management Query details
Documentation
Docker Daemon Socket is Exposed to Containers
4e203a65-c8d8-49a2-b749-b124d43c9dc1
Terraform Medium Access Control Query details
Documentation
Missing App Armor Config
bd6bd46c-57db-4887-956d-d372f21291b6
Terraform Medium Access Control Query details
Documentation
Permissive Access to Create Pods
522d4a64-4dc9-44bd-9240-7d8a0d5cb5ba
Terraform Medium Access Control Query details
Documentation
RBAC Roles with Read Secrets Permissions
826abb30-3cd5-4e0b-a93b-67729b4f7e63
Terraform Medium Access Control Query details
Documentation
Readiness Probe Is Not Configured
8657197e-3f87-4694-892b-8144701d83c1
Terraform Medium Availability Query details
Documentation
Root Containers Admitted
4c415497-7410-4559-90e8-f2c8ac64ee38
Terraform Medium Best Practices Query details
Documentation
Incorrect Volume Claim Access Mode ReadWriteOnce
26b047a9-0329-48fd-8fb7-05bbe5ba80ee
Terraform Medium Build Process Query details
Documentation
Container Host Pid Is True
587d5d82-70cf-449b-9817-f60f9bccb88c
Terraform Medium Insecure Configurations Query details
Documentation
Container Resources Limits Undefined
60af03ff-a421-45c8-b214-6741035476fa
Terraform Medium Insecure Configurations Query details
Documentation
Containers With Added Capabilities
fe771ff7-ba15-4f8f-ad7a-8aa232b49a28
Terraform Medium Insecure Configurations Query details
Documentation
Ingress Controller Exposes Workload
e2c83c1f-84d7-4467-966c-ed41fd015bb9
Terraform Medium Insecure Configurations Query details
Documentation
NET_RAW Capabilities Disabled for PSP
9aa32890-ac1a-45ee-81ca-5164e2098556
Terraform Medium Insecure Configurations Query details
Documentation
NET_RAW Capabilities Not Being Dropped
e5587d53-a673-4a6b-b3f2-ba07ec274def
Terraform Medium Insecure Configurations Query details
Documentation
Seccomp Profile Is Not Configured
455f2e0c-686d-4fcb-8b5f-3f953f12c43c
Terraform Medium Insecure Configurations Query details
Documentation
Role Binding To Default Service Account
3360c01e-c8c0-4812-96a2-a6329b9b7f9f
Terraform Medium Insecure Defaults Query details
Documentation
Service Account Name Undefined Or Empty
24b132df-5cc7-4823-8029-f898e1c50b72
Terraform Medium Insecure Defaults Query details
Documentation
Service Account Token Automount Not Disabled
a9a13d4f-f17a-491b-b074-f54bffffcb4a
Terraform Medium Insecure Defaults Query details
Documentation
Service With External Load Balancer
2a52567c-abb8-4651-a038-52fa27c77aed
Terraform Medium Networking and Firewall Query details
Documentation
Memory Limits Not Defined
fd097ed0-7fe6-4f58-8b71-fef9f0820a21
Terraform Medium Resource Management Query details
Documentation
Memory Requests Not Defined
21719347-d02b-497d-bda4-04a03c8e5b61
Terraform Medium Resource Management Query details
Documentation
Shared Host IPC Namespace
e94d3121-c2d1-4e34-a295-139bfeb73ea3
Terraform Medium Resource Management Query details
Documentation
Shared Host Network Namespace
ac1564a3-c324-4747-9fa1-9dfc234dace0
Terraform Medium Resource Management Query details
Documentation
Service Account Allows Access Secrets
07fc3413-e572-42f7-9877-5c8fc6fccfb5
Terraform Medium Secret Management Query details
Documentation
Shared Service Account
f74b9c43-161a-4799-bc95-0b0ec81801b9
Terraform Medium Secret Management Query details
Documentation
Cluster Admin Rolebinding With Superuser Permissions
17172bc2-56fb-4f17-916f-a014147706cd
Terraform Low Access Control Query details
Documentation
Deployment Without PodDisruptionBudget
a05331ee-1653-45cb-91e6-13637a76e4f0
Terraform Low Availability Query details
Documentation
HPA Targets Invalid Object
17e52ca3-ddd0-4610-9d56-ce107442e110
Terraform Low Availability Query details
Documentation
StatefulSet Without PodDisruptionBudget
7249e3b0-9231-4af3-bc5f-5daf4988ecbf
Terraform Low Availability Query details
Documentation
StatefulSet Without Service Name
420e6360-47bb-46f6-9072-b20ed22c842d
Terraform Low Availability Query details
Documentation
Metadata Label Is Invalid
bc3dabb6-fd50-40f8-b9ba-7429c9f1fb0e
Terraform Low Best Practices Query details
Documentation
No Drop Capabilities for Containers
21cef75f-289f-470e-8038-c7cee0664164
Terraform Low Best Practices Query details
Documentation
Root Container Not Mounted As Read-only
d532566b-8d9d-4f3b-80bd-361fe802f9c2
Terraform Low Build Process Query details
Documentation
StatefulSet Requests Storage
fcc2612a-1dfe-46e4-8ce6-0320959f0040
Terraform Low Build Process Query details
Documentation
Default Service Account In Use
737a0dd9-0aaa-4145-8118-f01778262b8a
Terraform Low Insecure Configurations Query details
Documentation
Image Pull Policy Of The Container Is Not Set To Always
aa737abf-6b1d-4aba-95aa-5c160bd7f96e
Terraform Low Insecure Configurations Query details
Documentation
Image Without Digest
228c4c19-feeb-4c18-848c-800ac70fdfb7
Terraform Low Insecure Configurations Query details
Documentation
Pod or Container Without Security Context
ad69e38a-d92e-4357-a8da-f2f29d545883
Terraform Low Insecure Configurations Query details
Documentation
Using Default Namespace
abcb818b-5af7-4d72-aba9-6dd84956b451
Terraform Low Insecure Configurations Query details
Documentation
Network Policy Is Not Targeting Any Pod
b80b14c6-aaa2-4876-b651-8a48b6c32fbf
Terraform Low Networking and Firewall Query details
Documentation
Service Type is NodePort
5c281bf8-d9bb-47f2-b909-3f6bb11874ad
Terraform Low Networking and Firewall Query details
Documentation
Workload Host Port Not Specified
4e74cf4f-ff65-4c1a-885c-67ab608206ce
Terraform Low Networking and Firewall Query details
Documentation
CPU Limits Not Set
5f4735ce-b9ba-4d95-a089-a37a767b716f
Terraform Low Resource Management Query details
Documentation
CPU Requests Not Set
577ac19c-6a77-46d7-9f14-e049cdd15ec2
Terraform Low Resource Management Query details
Documentation
CronJob Deadline Not Configured
58876b44-a690-4e9f-9214-7735fa0dd15d
Terraform Low Resource Management Query details
Documentation
Deployment Has No PodAntiAffinity
461ed7e4-f8d5-4bc1-b3c6-64ddb4fd00a3
Terraform Low Resource Management Query details
Documentation
Secrets As Environment Variables
6d8f1a10-b6cd-48f0-b960-f7c535d5cdb8
Terraform Low Secret Management Query details
Documentation
Invalid Image
e76cca7c-c3f9-4fc9-884c-b2831168ebd8
Terraform Low Supply-Chain Query details
Documentation
Liveness Probe Is Not Defined
5b6d53dd-3ba3-4269-b4d7-f82e880e43c3
Terraform Info Availability Query details
Documentation
Nifcloud RDB Has Public DB Access
fb387023-e4bb-42a8-9a70-6708aa7ff21b
Terraform High Access Control Query details
Documentation
Nifcloud Computing Has Public Ingress Security Group Rule
b2ea2367-8dc9-4231-a035-d0b28bfa3dde
Terraform High Networking and Firewall Query details
Documentation
Nifcloud Computing Undefined Security Group To Instance
89218b48-75c9-4cb3-aaba-5299e852e8bc
Terraform High Networking and Firewall Query details
Documentation
Nifcloud NAS Has Public Ingress NAS Security Group Rule
8d7758a7-d9cd-499a-a83e-c9bdcbff728d
Terraform High Networking and Firewall Query details
Documentation
Nifcloud RDB Has Public DB Ingress Security Group Rule
a0b846e8-815f-4f15-b660-bc4ab9fa1e1a
Terraform High Networking and Firewall Query details
Documentation
Nifcloud Router Undefined Security Group
e7dada38-af20-4899-8955-dabea84ab1f0
Terraform High Networking and Firewall Query details
Documentation
Nifcloud VPN Gateway Undefined Security Group
b3535a48-910c-47f8-8b3b-14222f29ef80
Terraform High Networking and Firewall Query details
Documentation
Nifcloud LB Using Insecure TLS Policy ID
944439c7-b4b8-476a-8f83-14641ea876ba
Terraform Medium Encryption Query details
Documentation
Nifcloud LB Using Insecure TLS Policy Name
675e8eaa-2754-42b7-bf33-bfa295d1601d
Terraform Medium Encryption Query details
Documentation
Nifcloud ELB Listener Using HTTP Protocol
afcb0771-4f94-44ed-ad4a-9f73f11ce6e0
Terraform Medium Networking and Firewall Query details
Documentation
Nifcloud ELB Using HTTP Protocol
e2de2b80-2fc2-4502-a764-40930dfcc70a
Terraform Medium Networking and Firewall Query details
Documentation
Nifcloud LB Listener Using HTTP Port
9f751a80-31f0-43a3-926c-20772791a038
Terraform Medium Networking and Firewall Query details
Documentation
Nifcloud LB Using HTTP Port
94e47f3f-b90b-43a1-a36d-521580bae863
Terraform Medium Networking and Firewall Query details
Documentation
Nifcloud Low RDB Backup Retention Period
e5071f76-cbe7-468d-bb2b-d10f02d2b713
Terraform Low Backup Query details
Documentation
Nifcloud DNS Has Verified Record
a1defcb6-55e8-4511-8c2a-30b615b0e057
Terraform Low Insecure Configurations Query details
Documentation
Nifcloud Computing Has Common Private Network
df58dd45-8009-43c2-90f7-c90eb9d53ed9
Terraform Low Networking and Firewall Query details
Documentation
Nifcloud ELB Has Common Private Network
5061f84c-ab66-4660-90b9-680c9df346c0
Terraform Low Networking and Firewall Query details
Documentation
Nifcloud NAS Has Common Private Network
4b801c38-ebb4-4c81-984b-1ba525d43adf
Terraform Low Networking and Firewall Query details
Documentation
Nifcloud RDB Has Common Private Network
9bf57c23-fbab-4222-85f3-3f207a53c6a8
Terraform Low Networking and Firewall Query details
Documentation
Nifcloud Router Has Common Private Network
30c2760c-740e-4672-9d7f-2c29e0cb385d
Terraform Low Networking and Firewall Query details
Documentation
Nifcloud Computing Undefined Description To Security Group
41c127a9-3a85-4bc3-a333-ed374eb9c3e4
Terraform Info Best Practices Query details
Documentation
Nifcloud Computing Undefined Description To Security Group Rule
e4610872-0b1c-4fb7-ab57-d81c0afdb291
Terraform Info Best Practices Query details
Documentation
Nifcloud NAS Undefined Description To NAS Security Group
e840c54a-7a4c-405f-b8c1-c49a54b87d11
Terraform Info Best Practices Query details
Documentation
Nifcloud RDB Undefined Description To DB Security Group
940ddce2-26bd-4e31-a9b4-382714f73231
Terraform Info Best Practices Query details
Documentation
Generic Git Module Without Revision
3a81fc06-566f-492a-91dd-7448e409e2cd
Terraform Info Best Practices Query details
Documentation
Name Is Not Snake Case
1e434b25-8763-4b00-a5ca-ca03b7abbb66
Terraform Info Best Practices Query details
Documentation
Output Without Description
59312e8a-a64e-41e7-a252-618533dd1ea8
Terraform Info Best Practices Query details
Documentation
Variable Without Description
2a153952-2544-4687-bcc9-cc8fea814a9b
Terraform Info Best Practices Query details
Documentation
Variable Without Type
fc5109bf-01fd-49fb-8bde-4492b543c34a
Terraform Info Best Practices Query details
Documentation
Beta - CLB Listener Using Insecure Protocols
fe08b81c-12e9-4b5e-9006-4218fca750fd
Terraform High Encryption Query details
Documentation
Beta - TKE Cluster Encryption Protection Disabled
3ed47402-e322-465f-a0f0-8681135a17b0
Terraform High Encryption Query details
Documentation
Beta - CDB Instance Internet Service Enabled
5d820574-4a60-4916-b049-0810b8629731
Terraform High Insecure Configurations Query details
Documentation
Beta - CVM Instance Has Public IP
a74b4602-a62c-4a02-956a-e19f86ea24b5
Terraform High Networking and Firewall Query details
Documentation
Beta - Security Group Rule Set Accepts All Traffic
d135a36e-c474-452f-b891-76db1e6d1cd5
Terraform High Networking and Firewall Query details
Documentation
Beta - CDB Instance Without Backup Policy
ca94be07-7de3-4ae7-85ef-67e0462ec694
Terraform Medium Backup Query details
Documentation
Beta - CLB Instance Log Setting Disabled
ada01ed1-b10c-4f2a-b110-b20fa4f9baa6
Terraform Medium Encryption Query details
Documentation
Beta - Disk Encryption Disabled
1ee0f202-31da-49ba-bbce-04a989912e4b
Terraform Medium Encryption Query details
Documentation
Beta - TKE Cluster Has Public Access
df6928ed-02f4-421f-9a67-a529860dd7e7
Terraform Medium Insecure Configurations Query details
Documentation
Beta - CVM Instance Using Default Security Group
93bb2065-63ec-45a2-a466-f106b56f2e32
Terraform Low Access Control Query details
Documentation
Beta - CVM Instance Using User Data
5bb6fa08-5e84-4760-a54a-cdcd66626976
Terraform Low Access Control Query details
Documentation
Beta - CDB Instance Internet Using Default Intranet Port
18d6aa4b-7570-4d95-9c75-90363ef1abd9
Terraform Low Insecure Configurations Query details
Documentation
Beta - CVM Instance Using Default VPC
b4e75c5c-83d5-4568-90e3-57ed5ec4051b
Terraform Low Networking and Firewall Query details
Documentation
Beta - TKE Cluster Log Agent Is Not Enabled
fe405074-7e18-40f9-9aef-024aa1d0a889
Terraform Low Observability Query details
Documentation
Beta - VPC Flow Logs Disabled
a3240001-40db-47b7-abb9-2bcd6a04c430
Terraform Low Observability Query details
Documentation
Beta - CVM Instance Disable Monitor Service
966ed4f7-b8a5-4e8d-b2bf-098657c98960
Terraform Info Observability Query details
Documentation