Skip to content

Ansible

Ansible Queries List

This page contains all queries from Ansible.

AWS

Below are listed queries related to Ansible AWS:

Query Severity Category More info
ECR Repository Is Publicly Accessible
fb5a5df7-6d74-4243-ab82-ff779a958bfd
Critical Access Control Query details
Documentation
S3 Bucket Access to Any Principal
3ab1f27d-52cc-4943-af1d-43c1939e739a
Critical Access Control Query details
Documentation
S3 Bucket Allows Delete Action From All Principals
6fa44721-ef21-41c6-8665-330d59461163
Critical Access Control Query details
Documentation
S3 Bucket Allows Put Action From All Principals
a0f1bfe0-741e-473f-b3b2-13e66f856fab
Critical Access Control Query details
Documentation
S3 Bucket With All Permissions
6a6d7e56-c913-4549-b5c5-5221e624d2ec
Critical Access Control Query details
Documentation
S3 Bucket With Public Access
c3e073c1-f65e-4d18-bd67-4a8f20ad1ab9
Critical Access Control Query details
Documentation
RDS DB Instance Publicly Accessible
c09e3ca5-f08a-4717-9c87-3919c5e6d209
Critical Insecure Configurations Query details
Documentation
DB Security Group With Public Scope
0956aedf-6a7a-478b-ab56-63e2b19923ad
Critical Networking and Firewall Query details
Documentation
RDS Associated with Public Subnet
16732649-4ff6-4cd2-8746-e72c13fae4b8
Critical Networking and Firewall Query details
Documentation
Cross-Account IAM Assume Role Policy Without ExternalId or MFA
af167837-9636-4086-b815-c239186b9dda
High Access Control Query details
Documentation
ECS Service Admin Role Is Present
7db727c1-1720-468e-b80e-06697f71e09e
High Access Control Query details
Documentation
IAM Policy Grants Full Permissions
b5ed026d-a772-4f07-97f9-664ba0b116f8
High Access Control Query details
Documentation
S3 Bucket ACL Allows Read to All Users
a1ef9d2e-4163-40cb-bd92-04f0d602a15d
High Access Control Query details
Documentation
S3 Bucket ACL Allows Read to Any Authenticated User
75480b31-f349-4b9a-861f-bce19588e674
High Access Control Query details
Documentation
S3 Bucket Allows Get Action From All Principals
53bce6a8-5492-4b1b-81cf-664385f0c4bf
High Access Control Query details
Documentation
S3 Bucket Allows List Action From All Principals
d395a950-12ce-4314-a742-ac5a785ab44e
High Access Control Query details
Documentation
SNS Topic is Publicly Accessible
905f4741-f965-45c1-98db-f7a00a0e5c73
High Access Control Query details
Documentation
SQS Policy Allows All Actions
ed9b3beb-92cf-44d9-a9d2-171eeba569d4
High Access Control Query details
Documentation
SQS Queue Exposed
86b0efa7-4901-4edd-a37a-c034bec6645a
High Access Control Query details
Documentation
Config Rule For Encrypted Volumes Disabled
7674a686-e4b1-4a95-83d4-1fd53c623d84
High Encryption Query details
Documentation
DB Instance Storage Not Encrypted
7dfb316c-a6c2-454d-b8a2-97f147b0c0ff
High Encryption Query details
Documentation
EBS Volume Encryption Disabled
4b6012e7-7176-46e4-8108-e441785eae57
High Encryption Query details
Documentation
EFS Not Encrypted
727c4fd4-d604-4df6-a179-7713d3c85e20
High Encryption Query details
Documentation
ELB Using Weak Ciphers
2034fb37-bc23-4ca0-8d95-2b9f15829ab5
High Encryption Query details
Documentation
Kinesis Not Encrypted With KMS
f2ea6481-1d31-4d40-946a-520dc6321dd7
High Encryption Query details
Documentation
Launch Configuration Is Not Encrypted
66477506-6abb-49ed-803d-3fa174cd5f6a
High Encryption Query details
Documentation
Redis Not Compliant
9f34885e-c08f-4d13-a7d1-cf190c5bd268
High Encryption Query details
Documentation
Redshift Not Encrypted
6a647814-def5-4b85-88f5-897c19f509cd
High Encryption Query details
Documentation
S3 Bucket Without Server-side-encryption
594f54e7-f744-45ab-93e4-c6dbaf6cd571
High Encryption Query details
Documentation
User Data Contains Encoded Private Key
c09f4d3e-27d2-4d46-9453-abbe9687a64e
High Encryption Query details
Documentation
Batch Job Definition With Privileged Container Properties
defe5b18-978d-4722-9325-4d1975d3699f
High Insecure Configurations Query details
Documentation
EC2 Group Has Public Interface
5330b503-3319-44ff-9b1c-00ee873f728a
High Insecure Configurations Query details
Documentation
KMS Key With Vulnerable Policy
5b9d237a-57d5-4177-be0e-71434b0fef47
High Insecure Configurations Query details
Documentation
Redshift Publicly Accessible
5c6b727b-1382-4629-8ba9-abd1365e5610
High Insecure Configurations Query details
Documentation
Root Account Has Active Access Keys
e71d0bc7-d9e8-4e6e-ae90-0a4206db6f40
High Insecure Configurations Query details
Documentation
DB Security Group Open To Large Scope
ea0ed1c7-9aef-4464-b7c7-94c762da3640
High Networking and Firewall Query details
Documentation
Default Security Groups With Unrestricted Traffic
8010e17a-00e9-4635-a692-90d6bcec68bd
High Networking and Firewall Query details
Documentation
Public Port Wide
71ea648a-d31a-4b5a-a589-5674243f1c33
High Networking and Firewall Query details
Documentation
Remote Desktop Port Open To Internet
eda7301d-1f3e-47cf-8d4e-976debc64341
High Networking and Firewall Query details
Documentation
Route53 Record Undefined
445dce51-7e53-4e50-80ef-7f94f14169e4
High Networking and Firewall Query details
Documentation
Security Group Ingress Not Restricted
ea6bc7a6-d696-4dcf-a788-17fa03c17c81
High Networking and Firewall Query details
Documentation
Unknown Port Exposed To Internet
722b0f24-5a64-4cca-aa96-cfc26b7e3a5b
High Networking and Firewall Query details
Documentation
Unrestricted Security Group Ingress
83c5fa4c-e098-48fc-84ee-0a537287ddd2
High Networking and Firewall Query details
Documentation
Hardcoded AWS Access Key
c2f15af3-66a0-4176-a56e-e4711e502e5c
High Secret Management Query details
Documentation
Hardcoded AWS Access Key In Lambda
f34508b9-f574-4330-b42d-88c44cced645
High Secret Management Query details
Documentation
AMI Shared With Multiple Accounts
a19b2942-142e-4e2b-93b7-6cf6a6c8d90f
Medium Access Control Query details
Documentation
API Gateway Without Configured Authorizer
b16cdb37-ce15-4ab2-8401-d42b05d123fc
Medium Access Control Query details
Documentation
Certificate Has Expired
5a443297-19d4-4381-9e5b-24faf947ec22
Medium Access Control Query details
Documentation
EC2 Instance Using Default Security Group
8d03993b-8384-419b-a681-d1f55149397c
Medium Access Control Query details
Documentation
IAM Access Key Is Exposed
7f79f858-fbe8-4186-8a2c-dfd0d958a40f
Medium Access Control Query details
Documentation
IAM Group Without Users
f509931b-bbb0-443c-bd9b-10e92ecf2193
Medium Access Control Query details
Documentation
IAM Policies Attached To User
eafe4bc3-1042-4f88-b988-1939e64bf060
Medium Access Control Query details
Documentation
IAM Policies With Full Privileges
e401d614-8026-4f4b-9af9-75d1197461ba
Medium Access Control Query details
Documentation
IAM Policy Grants 'AssumeRole' Permission Across All Services
12a7a7ce-39d6-49dd-923d-aeb4564eb66c
Medium Access Control Query details
Documentation
IAM Role Allows All Principals To Assume
babdedcf-d859-43da-9a7b-6d72e661a8fd
Medium Access Control Query details
Documentation
Lambda Permission Principal Is Wildcard
1d972c56-8ec2-48c1-a578-887adb09c57a
Medium Access Control Query details
Documentation
Public Lambda via API Gateway
5e92d816-2177-4083-85b4-f61b4f7176d9
Medium Access Control Query details
Documentation
SES Policy With Allowed IAM Actions
8ed0bfce-f780-46d4-b086-21c3628f09ad
Medium Access Control Query details
Documentation
SQS Policy With Public Access
d994585f-defb-4b51-b6d2-c70f020ceb10
Medium Access Control Query details
Documentation
Auto Scaling Group With No Associated ELB
050f085f-a8db-4072-9010-2cca235cc02f
Medium Availability Query details
Documentation
CMK Is Unusable
133fee21-37ef-45df-a563-4d07edc169f4
Medium Availability Query details
Documentation
RDS With Backup Disabled
e69890e6-fce5-461d-98ad-cb98318dfc96
Medium Backup Query details
Documentation
S3 Bucket Without Versioning
9232306a-f839-40aa-b3ef-b352001da9a5
Medium Backup Query details
Documentation
Stack Retention Disabled
17d5ba1d-7667-4729-b1a6-b11fde3db7f7
Medium Backup Query details
Documentation
AMI Not Encrypted
97707503-a22c-4cd7-b7c0-f088fa7cf830
Medium Encryption Query details
Documentation
CA Certificate Identifier Is Outdated
5eccd62d-8b4d-46d3-83ea-1879f3cbd3ce
Medium Encryption Query details
Documentation
Cloudfront Viewer Protocol Policy Allows HTTP
a6d27cf7-61dc-4bde-ae08-3b353b609f76
Medium Encryption Query details
Documentation
CodeBuild Not Encrypted
a1423864-2fbc-4f46-bfe1-fbbf125c71c9
Medium Encryption Query details
Documentation
ELB Using Insecure Protocols
730a5951-2760-407a-b032-dd629b55c23a
Medium Encryption Query details
Documentation
IAM Database Auth Not Enabled
0ed012a4-9199-43d2-b9e4-9bd049a48aa4
Medium Encryption Query details
Documentation
Secure Ciphers Disabled
218413a0-c716-4b94-9e08-0bb70d854709
Medium Encryption Query details
Documentation
SQS With SSE Disabled
e1e7b278-2a8b-49bd-a26e-66a7f70b17eb
Medium Encryption Query details
Documentation
API Gateway Without SSL Certificate
b47b98ab-e481-4a82-8bb1-1ab39fd36e33
Medium Insecure Configurations Query details
Documentation
Certificate RSA Key Bytes Lower Than 256
d5ec2080-340a-4259-b885-f833c4ea6a31
Medium Insecure Configurations Query details
Documentation
CloudFront Without Minimum Protocol TLS 1.2
d0c13053-d2c8-44a6-95da-d592996e9e67
Medium Insecure Configurations Query details
Documentation
ECR Image Tag Not Immutable
60bfbb8a-c72f-467f-a6dd-a46b7d612789
Medium Insecure Configurations Query details
Documentation
ECS Task Definition Network Mode Not Recommended
01aec7c2-3e4d-4274-ae47-2b8fea22fd1f
Medium Insecure Configurations Query details
Documentation
S3 Bucket with Unsecured CORS Rule
3505094c-f77c-4ba0-95da-f83db712f86c
Medium Insecure Configurations Query details
Documentation
Vulnerable Default SSL Certificate
fb8f8929-afeb-4c46-99f0-a6cf410f7df4
Medium Insecure Defaults Query details
Documentation
ALB Listening on HTTP
f81d63d2-c5d7-43a4-a5b5-66717a41c895
Medium Networking and Firewall Query details
Documentation
API Gateway Endpoint Config is Not Private
559439b2-3e9c-4739-ac46-17e3b24ec215
Medium Networking and Firewall Query details
Documentation
API Gateway without WAF
f5f38943-664b-4acc-ab11-f292fa10ed0b
Medium Networking and Firewall Query details
Documentation
CloudFront Without WAF
22c80725-e390-4055-8d14-a872230f6607
Medium Networking and Firewall Query details
Documentation
EC2 Instance Has Public IP
a8b0c58b-cd25-4b53-9ad0-55bca0be0bc1
Medium Networking and Firewall Query details
Documentation
Elasticsearch with HTTPS disabled
d6c2d06f-43c1-488a-9ba1-8d75b40fc62d
Medium Networking and Firewall Query details
Documentation
HTTP Port Open To Internet
a14ad534-acbe-4a8e-9404-2f7e1045646e
Medium Networking and Firewall Query details
Documentation
Security Group With Unrestricted Access To SSH
57ced4b9-6ba4-487b-8843-b65562b90c77
Medium Networking and Firewall Query details
Documentation
SQL Analysis Services Port 2383 (TCP) Is Publicly Accessible
7af1c447-c014-4f05-bd8b-ebe3a15734ac
Medium Networking and Firewall Query details
Documentation
API Gateway With CloudWatch Logging Disabled
72a931c2-12f5-40d1-93cc-47bff2f7aa2a
Medium Observability Query details
Documentation
CloudFront Logging Disabled
d31cb911-bf5b-4eb6-9fc3-16780c77c7bd
Medium Observability Query details
Documentation
CloudTrail Logging Disabled
d4a73c49-cbaa-4c6f-80ee-d6ef5a3a26f5
Medium Observability Query details
Documentation
S3 Bucket Logging Disabled
c3b9f7b0-f5a0-49ec-9cbc-f1e346b7274d
Medium Observability Query details
Documentation
No Stack Policy
ffe0fd52-7a8b-4a5c-8fc7-49844418e6c9
Medium Resource Management Query details
Documentation
Authentication Without MFA
eee107f9-b3d8-45d3-b9c6-43b5a7263ce1
Low Access Control Query details
Documentation
ECS Service Without Running Tasks
f5c45127-1d28-4b49-a692-0b97da1c3a84
Low Availability Query details
Documentation
Automatic Minor Upgrades Disabled
857f8808-e96a-4ba8-a9b7-f2d4ec6cad94
Low Best Practices Query details
Documentation
CDN Configuration Is Missing
b25398a2-0625-4e61-8e4d-a1bb23905bf6
Low Best Practices Query details
Documentation
IAM Password Without Minimum Length
8bc2168c-1723-4eeb-a6f3-a1ba614b9a6d
Low Best Practices Query details
Documentation
Lambda Permission Misconfigured
3ddf3417-424d-420d-8275-0724dc426520
Low Best Practices Query details
Documentation
Misconfigured Password Policy Expiration
3f2cf811-88fa-4eda-be45-7a191a18aba9
Low Best Practices Query details
Documentation
Password Without Reuse Prevention
6f5f5444-1422-495f-81ef-24cefd61ed2c
Low Best Practices Query details
Documentation
EFS Without Tags
b8a9852c-9943-4973-b8d5-77dae9352851
Low Build Process Query details
Documentation
Stack Without Template
32d31f1f-0f83-4721-b7ec-1e6948c60145
Low Build Process Query details
Documentation
CloudTrail Log Files Not Encrypted With KMS
f5587077-3f57-4370-9b4e-4eb5b1bac85b
Low Encryption Query details
Documentation
EFS Without KMS
bd77554e-f138-40c5-91b2-2a09f878608e
Low Encryption Query details
Documentation
AWS Password Policy With Unchangeable Passwords
e28ceb92-d588-4166-aac5-766c8f5b7472
Low Insecure Configurations Query details
Documentation
Instance With No VPC
61d1a2d0-4db8-405a-913d-5d2ce49dff6f
Low Insecure Configurations Query details
Documentation
Lambda Function Without Tags
265d9725-2fb8-42a2-bc57-3279c5db82d5
Low Insecure Configurations Query details
Documentation
EC2 Instance Using Default VPC
8833f180-96f1-46f4-9147-849aafa56029
Low Networking and Firewall Query details
Documentation
ElastiCache Using Default Port
7cc6c791-5f68-4816-a564-b9b699f9d26e
Low Networking and Firewall Query details
Documentation
ElastiCache Without VPC
5527dcfc-94f9-4bf6-b7d4-1b78850cf41f
Low Networking and Firewall Query details
Documentation
RDS Using Default Port
2cb674f6-32f9-40be-97f2-62c0dc38f0d5
Low Networking and Firewall Query details
Documentation
Redshift Using Default Port
e01de151-a7bd-4db4-b49b-3c4775a5e881
Low Networking and Firewall Query details
Documentation
API Gateway X-Ray Disabled
2059155b-27fd-441e-b616-6966c468561f
Low Observability Query details
Documentation
CloudTrail Log File Validation Disabled
4d8681a2-3d30-4c89-8070-08acd142748e
Low Observability Query details
Documentation
CloudTrail Multi Region Disabled
6ad087d7-a509-4b20-b853-9ef6f5ebaa98
Low Observability Query details
Documentation
CloudTrail Not Integrated With CloudWatch
ebb2118a-03bc-4d53-ab43-d8750f5cb8d3
Low Observability Query details
Documentation
CloudTrail SNS Topic Name Undefined
5ba316a9-c466-4ec1-8d5b-bc6107dc9a92
Low Observability Query details
Documentation
CMK Rotation Disabled
af96d737-0818-4162-8c41-40d969bd65d1
Low Observability Query details
Documentation
Configuration Aggregator to All Regions Disabled
a2fdf451-89dd-451e-af92-bf6c0f4bab96
Low Observability Query details
Documentation
Lambda Functions Without X-Ray Tracing
71397b34-1d50-4ee1-97cb-c96c34676f74
Low Observability Query details
Documentation
Stack Notifications Disabled
d39761d7-94ab-45b0-ab5e-27c44e381d58
Low Observability Query details
Documentation
EC2 Not EBS Optimized
338b6cab-961d-4998-bb49-e5b6a11c9a5c
Info Best Practices Query details
Documentation
CloudWatch Without Retention Period Specified
e24e18d9-4c2b-4649-b3d0-18c088145e24
Info Observability Query details
Documentation

AZURE

Below are listed queries related to Ansible AZURE:

Query Severity Category More info
CosmosDB Account IP Range Filter Not Set
e8c80448-31d8-4755-85fc-6dbab69c2717
Critical Networking and Firewall Query details
Documentation
Redis Entirely Accessible
0d0c12b9-edce-4510-9065-13f6a758750c
Critical Networking and Firewall Query details
Documentation
Redis Publicly Accessible
0632d0db-9190-450a-8bb3-c283bffea445
Critical Networking and Firewall Query details
Documentation
SQLServer Ingress From Any IP
f4e9ff70-0f3b-4c50-a713-26cbe7ec4039
Critical Networking and Firewall Query details
Documentation
Unrestricted SQL Server Access
3f23c96c-f9f5-488d-9b17-605b8da5842f
Critical Networking and Firewall Query details
Documentation
Default Azure Storage Account Network Access Is Too Permissive
ca4df748-613a-4fbf-9c76-f02cbd580307
High Access Control Query details
Documentation
Public Storage Account
35e2f133-a395-40de-a79d-b260d973d1bd
High Access Control Query details
Documentation
Storage Container Is Publicly Accessible
4d3817db-dd35-4de4-a80d-3867157e7f7f
High Access Control Query details
Documentation
Azure Container Registry With No Locks
581dae78-307d-45d5-aae4-fe2b0db267a5
High Insecure Configurations Query details
Documentation
Security Group is Not Configured
da4f2739-174f-4cdd-b9ef-dc3f14b5931f
High Insecure Configurations Query details
Documentation
Sensitive Port Is Exposed To Entire Network
0ac9abbc-6d7a-41cf-af23-2e57ddb3dbfc
High Networking and Firewall Query details
Documentation
Admin User Enabled For Container Registry
29f35127-98e6-43af-8ec1-201b79f99604
Medium Access Control Query details
Documentation
AKS RBAC Disabled
149fa56c-4404-4f90-9e25-d34b676d5b39
Medium Access Control Query details
Documentation
Role Definition Allows Custom Role Creation
5c80db8e-03f5-43a2-b4af-1f3f87018157
Medium Access Control Query details
Documentation
Key Vault Soft Delete Is Disabled
881696a8-68c5-4073-85bc-7c38a3deb854
Medium Backup Query details
Documentation
Azure Instance Using Basic Authentication
e2d834b7-8b25-4935-af53-4a60668dcbe0
Medium Best Practices Query details
Documentation
MySQL SSL Connection Disabled
2a901825-0f3b-4655-a0fe-e0470e50f8e6
Medium Encryption Query details
Documentation
SSL Enforce Disabled
961ce567-a16d-4d7d-9027-f0ec2628a555
Medium Encryption Query details
Documentation
Storage Account Not Forcing HTTPS
2c99a474-2a3c-4c17-8294-53ffa5ed0522
Medium Encryption Query details
Documentation
Storage Account Not Using Latest TLS Encryption Version
c62746cf-92d5-4649-9acf-7d48d086f2ee
Medium Encryption Query details
Documentation
AD Admin Not Configured For SQL Server
b176e927-bbe2-44a6-a9c3-041417137e5f
Medium Insecure Configurations Query details
Documentation
Redis Cache Allows Non SSL Connections
869e7fb4-30f0-4bdb-b360-ad548f337f2f
Medium Insecure Configurations Query details
Documentation
VM Not Attached To Network
1e5f5307-3e01-438d-8da6-985307ed25ce
Medium Insecure Configurations Query details
Documentation
Web App Accepting Traffic Other Than HTTPS
eb8c2560-8bee-4248-9d0d-e80c8641dd91
Medium Insecure Configurations Query details
Documentation
Firewall Rule Allows Too Many Hosts To Access Redis Cache
69f72007-502e-457b-bd2d-5012e31ac049
Medium Networking and Firewall Query details
Documentation
Trusted Microsoft Services Not Enabled
1bc398a8-d274-47de-a4c8-6ac867b353de
Medium Networking and Firewall Query details
Documentation
WAF Is Disabled For Azure Application Gateway
2fc5ab5a-c5eb-4ae4-b687-0f16fe77c255
Medium Networking and Firewall Query details
Documentation
AKS Monitoring Logging Disabled
d5e83b32-56dd-4247-8c2e-074f43b38a5e
Medium Observability Query details
Documentation
Log Retention Is Not Set
0461b4fd-21ef-4687-929e-484ee4796785
Medium Observability Query details
Documentation
Monitoring Log Profile Without All Activities
89f84a1e-75f8-47c5-83b5-bee8e2de4168
Medium Observability Query details
Documentation
PostgreSQL Log Checkpoints Disabled
7ab33ac0-e4a3-418f-a673-50da4e34df21
Medium Observability Query details
Documentation
PostgreSQL Log Connections Not Set
7b47138f-ec0e-47dc-8516-e7728fe3cc17
Medium Observability Query details
Documentation
PostgreSQL Log Disconnections Not Set
054d07b5-941b-4c28-8eef-18989dc62323
Medium Observability Query details
Documentation
PostgreSQL Log Duration Not Set
729ebb15-8060-40f7-9017-cb72676a5487
Medium Observability Query details
Documentation
PostgreSQL Server Without Connection Throttling
a9becca7-892a-4af7-b9e1-44bf20a4cd9a
Medium Observability Query details
Documentation
SQL Server Predictable Active Directory Account Name
530e8291-2f22-4bab-b7ea-306f1bc2a308
Low Best Practices Query details
Documentation
SQL Server Predictable Admin Account Name
663062e9-473d-4e87-99bc-6f3684b3df40
Low Best Practices Query details
Documentation
Cosmos DB Account Without Tags
23a4dc83-4959-4d99-8056-8e051a82bc1e
Low Build Process Query details
Documentation
AKS Network Policy Misconfigured
8c3bedf1-c570-4c3b-b414-d068cd39a00c
Low Insecure Configurations Query details
Documentation
Small Activity Log Retention Period
37fafbea-dedb-4e0d-852e-d16ee0589326
Low Observability Query details
Documentation

CONFIG

Below are listed queries related to Ansible CONFIG:

Query Severity Category More info
Allow Unsafe Lookups Enabled
86b97bb4-85c9-462d-8635-cbc057c5c8c5
High Insecure Configurations Query details
Documentation
Privilege Escalation Using Become Plugin
404908b6-4954-4611-98f0-e8ceacdabcb1
Medium Access Control Query details
Documentation
Communication over HTTP
d7dc9350-74bc-485b-8c85-fed22d276c43
Medium Insecure Configurations Query details
Documentation
Logging of Sensitive Data
c6473dae-8477-4119-88b7-b909b435ce7b
Low Best Practices Query details
Documentation

GCP

Below are listed queries related to Ansible GCP:

Query Severity Category More info
Cloud Storage Anonymous or Publicly Accessible
086031e1-9d4a-4249-acb3-5bfe4c363db2
Critical Access Control Query details
Documentation
SQL DB Instance Publicly Accessible
7d7054c0-3a52-4e9b-b9ff-cbfe16a2378b
Critical Insecure Configurations Query details
Documentation
BigQuery Dataset Is Public
2263b286-2fe9-4747-a0ae-8b4768a2bbd2
High Access Control Query details
Documentation
SQL DB Instance With SSL Disabled
d0f7da39-a2d5-4c78-bb85-4b7f338b3cbb
High Encryption Query details
Documentation
Client Certificate Disabled
20180133-a0d0-4745-bfe0-94049fbb12a9
High Insecure Configurations Query details
Documentation
Cloud SQL Instance With Contained Database Authentication On
6d34aff3-fdd2-460c-8190-756a3b4969e8
High Insecure Configurations Query details
Documentation
Cloud SQL Instance With Cross DB Ownership Chaining On
9e0c33ed-97f3-4ed6-8be9-bcbf3f65439f
High Insecure Configurations Query details
Documentation
GKE Legacy Authorization Enabled
300a9964-b086-41f7-9378-b6de3ba1c32b
High Insecure Configurations Query details
Documentation
MySQL Instance With Local Infile On
a7b520bb-2509-4fb0-be05-bc38f54c7a4c
High Insecure Configurations Query details
Documentation
RDP Access Is Not Restricted
75418eb9-39ec-465f-913c-6f2b6a80dc77
High Networking and Firewall Query details
Documentation
VM With Full Cloud Access
bc20bbc6-0697-4568-9a73-85af1dd97bdd
Medium Access Control Query details
Documentation
SQL DB Instance Backup Disabled
0c82eae2-aca0-401f-93e4-fb37a0f9e5e8
Medium Backup Query details
Documentation
Disk Encryption Disabled
092bae86-6105-4802-99d2-99cd7e7431f3
Medium Encryption Query details
Documentation
DNSSEC Using RSASHA1
6cf4c3a7-ceb0-4475-8892-3745b84be24a
Medium Encryption Query details
Documentation
Google Compute SSL Policy Weak Cipher In Use
b28bcd2f-c309-490e-ab7c-35fc4023eb26
Medium Encryption Query details
Documentation
Cloud DNS Without DNSSEC
80b15fb1-6207-40f4-a803-6915ae619a03
Medium Insecure Configurations Query details
Documentation
Cluster Master Authentication Disabled
9df7f78f-ebe3-432e-ac3b-b67189c15518
Medium Insecure Configurations Query details
Documentation
GKE Basic Authentication Enabled
344bf8ab-9308-462b-a6b2-697432e40ba1
Medium Insecure Configurations Query details
Documentation
Google Container Node Pool Auto Repair Disabled
d58c6f24-3763-4269-9f5b-86b2569a003b
Medium Insecure Configurations Query details
Documentation
IP Aliasing Disabled
ed672a9f-fbf0-44d8-a47d-779501b0db05
Medium Insecure Configurations Query details
Documentation
Network Policy Disabled
98e04ca0-34f5-4c74-8fec-d2e611ce2790
Medium Insecure Configurations Query details
Documentation
OSLogin Is Disabled In VM Instance
66dae697-507b-4aef-be18-eec5bd707f33
Medium Insecure Configurations Query details
Documentation
Private Cluster Disabled
3b30e3d6-c99b-4318-b38f-b99db74578b5
Medium Insecure Configurations Query details
Documentation
Shielded VM Disabled
18d3a83d-4414-49dc-90ea-f0387b2856cc
Medium Insecure Configurations Query details
Documentation
Using Default Service Account
2775e169-e708-42a9-9305-b58aadd2c4dd
Medium Insecure Configurations Query details
Documentation
GKE Using Default Service Account
dc126833-125a-40fb-905a-ce5f2afde240
Medium Insecure Defaults Query details
Documentation
Compute Instance Is Publicly Accessible
829f1c60-2bab-44c6-8a21-5cd9d39a2c82
Medium Networking and Firewall Query details
Documentation
GKE Master Authorized Networks Disabled
d43366c5-80b0-45de-bbe8-2338f4ab0a83
Medium Networking and Firewall Query details
Documentation
Google Compute Network Using Default Firewall Rule
29b8224a-60e9-4011-8ac2-7916a659841f
Medium Networking and Firewall Query details
Documentation
Google Compute Network Using Firewall Rule that Allows All Ports
3602d273-3290-47b2-80fa-720162b1a8af
Medium Networking and Firewall Query details
Documentation
IP Forwarding Enabled
11bd3554-cd56-4257-8e25-7aaf30cf8f5f
Medium Networking and Firewall Query details
Documentation
Serial Ports Are Enabled For VM Instances
c6fc6f29-dc04-46b6-99ba-683c01aff350
Medium Networking and Firewall Query details
Documentation
SSH Access Is Not Restricted
b2fbf1df-76dd-4d78-a6c0-e538f4a9b016
Medium Networking and Firewall Query details
Documentation
Cloud Storage Bucket Logging Not Enabled
507df964-ad97-4035-ab14-94a82eabdfdd
Medium Observability Query details
Documentation
Cloud Storage Bucket Versioning Disabled
7814ddda-e758-4a56-8be3-289a81ded929
Medium Observability Query details
Documentation
PostgreSQL Log Connections Disabled
d7a5616f-0a3f-4d43-bc2b-29d1a183e317
Medium Observability Query details
Documentation
PostgreSQL log_checkpoints Flag Not Set To ON
89afe3f0-4681-4ce3-89ed-896cebd4277c
Medium Observability Query details
Documentation
Stackdriver Logging Disabled
19c9e2a0-fc33-4264-bba1-e3682661e8f7
Medium Observability Query details
Documentation
Stackdriver Monitoring Disabled
20dcd953-a8b8-4892-9026-9afa6d05a525
Medium Observability Query details
Documentation
Node Auto Upgrade Disabled
d6e10477-2e19-4bcd-b8a8-19c65b89ccdf
Medium Resource Management Query details
Documentation
High Google KMS Crypto Key Rotation Period
f9b7086b-deb8-4034-9330-d7fd38f1b8de
Medium Secret Management Query details
Documentation
Project-wide SSH Keys Are Enabled In VM Instances
099b4411-d11e-4537-a0fc-146b19762a79
Medium Secret Management Query details
Documentation
Cluster Labels Disabled
fbe9b2d0-a2b7-47a1-a534-03775f3013f7
Low Insecure Configurations Query details
Documentation
COS Node Image Not Used
be41f891-96b1-4b9d-b74f-b922a918c778
Low Insecure Configurations Query details
Documentation
PostgreSQL Misconfigured Logging Duration Flag
aed98a2a-e680-497a-8886-277cea0f4514
Low Insecure Configurations Query details
Documentation
Google Compute Network Using Firewall Rule that Allows Port Range
7289eebd-a477-4064-8ad4-3c044bd70b00
Low Networking and Firewall Query details
Documentation
Google Compute Subnetwork with Private Google Access Disabled
6a4080ae-79bd-42f6-a924-8f534c1c018b
Low Networking and Firewall Query details
Documentation
PostgreSQL Logging Of Temporary Files Disabled
d6fae5b6-ada9-46c0-8b36-3108a2a2f77b
Low Observability Query details
Documentation
PostgreSQL Misconfigured Log Messages Flag
28a757fc-3d8f-424a-90c0-4233363b2711
Low Observability Query details
Documentation

HOSTS

Below are listed queries related to Ansible HOSTS:

Query Severity Category More info
Ansible Tower Exposed To Internet
1b2bf3ff-31e9-460e-bbfb-45e48f4f20cc
Medium Best Practices Query details
Documentation

SHARED (V2/V3)

Below are listed queries related to Ansible SHARED (V2/V3):

Query Severity Category More info
Privilege Escalation Using Become Plugin
0e75052f-cc02-41b8-ac39-a78017527e95
Medium Access Control Query details
Documentation
Communication Over HTTP
2e8d4922-8362-4606-8c14-aa10466a1ce3
Medium Insecure Configurations Query details
Documentation
Insecure Relative Path Resolution
8d22ae91-6ac1-459f-95be-d37bd373f244
Low Best Practices Query details
Documentation
Logging of Sensitive Data
59029ddf-e651-412b-ae7b-ff6d403184bc
Low Best Practices Query details
Documentation
Unpinned Package Version
c05e2c20-0a2c-4686-b1f8-5f0a5612d4e8
Low Supply-Chain Query details
Documentation
Risky File Permissions
88841d5c-d22d-4b7e-a6a0-89ca50e44b9f
Info Supply-Chain Query details
Documentation