| User data for EC2 instances must not contain sensitive AWS keys | terraform |
| User data for EC2 instances must not contain sensitive AWS keys | terraform |
| Use of plain HTTP. | terraform |
| Use of plain HTTP. | terraform |
| Use of Hard-coded Credentials | javascript |
| Use of Hard-coded Credentials | regex |
| Unintended Proxy or Intermediary ('Confused Deputy') | yaml |
| Tiller Is Deployed | terraform |
| The S3 Bucket backing Cloudtrail should be private | terraform |
| The minimum TLS version for Storage Accounts should be TLS1_2 | terraform |
| The load balancer forwarding rule is using an insecure protocol as an entrypoint | terraform |
| The firewall has an outbound rule with open access | terraform |
| The firewall has an inbound rule with open access | terraform |
| The encryption key used to encrypt a compute disk has been specified in plaintext. | terraform |
| The default action on Storage account network rules should be set to deny | terraform |
| Task definition defines sensitive environment variable(s). | terraform |
| system:authenticate group access binding | terraform |
| system:authenticate group access binding | terraform |
| SSL policies should enforce secure versions of TLS | terraform |
| SSH access should not be accessible from the Internet, should be blocked on port 22 | terraform |
| Spaces bucket or bucket object has public read acl set | terraform |
| Secrets should not be exfiltrated using Terraform HTTP data blocks | terraform |
| RUN using 'sudo | terraform |
| RDP access should not be accessible from the Internet, should be blocked on port 3389 | terraform |
| No wildcard verb roles | terraform |
| No wildcard verb and resource roles | terraform |
| No Root Access Keys | terraform |
| Multiple ENTRYPOINT instructions listed | terraform |
| Missing security group for vpnGateway. | terraform |
| Missing security group for router. | terraform |
| Missing security group for instance. | terraform |
| Manage webhookconfigurations | terraform |
| Manage secrets | terraform |
| Manage Kubernetes RBAC resources | terraform |
| Manage EKS IAM Auth ConfigMap | terraform |
| Manage all resources at the namespace | terraform |
| Manage all resources | terraform |
| Kubernetes Auto Upgrades Not Enabled | terraform |
| Key vault should have the network acl block specified | terraform |
| Instances should not use the default service account | terraform |
| Incorrect Calculation | solidity |
| Improper Restriction of XML External Entity Reference | javascript |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | javascript |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | java |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | yaml |
| Improper Neutralization of Special Elements in Data Query Logic | apex |
| Improper Neutralization of Special Elements in Data Query Logic | apex |
| Improper Input Validation | solidity |
| Improper Control of Generation of Code ('Code Injection') | yaml |
| Improper Access Control | solidity |
| GitHub repository shouldn't be public. | terraform |
| Function Call With Incorrect Variable or Reference as Argument | solidity |
| Exposed port out of range | terraform |
| Execution with Unnecessary Privileges | yaml |
| Ensure the Function App can only be accessed via HTTPS. The default is false. | terraform |
| Ensure that the Kubernetes PKI key file permission is set to 600 | terraform |
| Ensure that the Kubernetes PKI directory and file file ownership is set to root:root | terraform |
| Ensure that the kubelet service file ownership is set to root:root | terraform |
| Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | terraform |
| Ensure that the client certificate authorities file ownership is set to root:root | terraform |
| Ensure that the certificate authorities file permissions are set to 600 or more restrictive | terraform |
| Ensure that the admin config file permissions are set to 600 or more restrictive | terraform |
| Ensure that the admin config file ownership is set to root:root | terraform |
| Ensure that the --tls-key-file argument are set as appropriate | terraform |
| Ensure that the --tls-cert-file argument are set as appropriate | terraform |
| Ensure that the --client-ca-file argument is set as appropriate | terraform |
| Ensure that the --anonymous-auth argument is set to false | terraform |
| Ensure that lambda function permission has a source arn specified | terraform |
| Ensure AKS has an API Server Authorized IP Ranges enabled | terraform |
| Enforce Root Mfa | terraform |
| Elasticsearch doesn't enforce HTTPS traffic. | terraform |
| EKS Clusters should have the public access disabled | terraform |
| EKS cluster should not have open CIDR range for public access | terraform |
| Duplicate aliases defined in different FROMs | terraform |
| Do not allow impersonation of privileged groups | terraform |
| Deserialization of Untrusted Data | javascript |
| Delete verified record | terraform |
| Data Factory should have public access disabled, the default is enabled. | terraform |
| COPY with more than two arguments not ending with slash | terraform |
| COPY '--from' referring to the current image | terraform |
| Compute instance requests an IP reservation from a public pool | terraform |
| CloudFront distribution allows unencrypted (HTTP) communications. | terraform |
| BigQuery datasets should only be accessible within the organisation | terraform |
| AWS Classic resource usage. | terraform |
| AWS Classic resource usage. | terraform |
| Anonymous user access binding | terraform |
| An outdated SSL policy is in use by a load balancer. | terraform |
| An outdated SSL policy is in use by a load balancer. | terraform |
| An outbound network security rule allows traffic to /0. | terraform |
| An outbound firewall rule allows traffic to /0. | terraform |
| An Network ACL rule allows ALL ports. | terraform |
| An ingress security group rule allows traffic from /0. | terraform |
| An ingress security group rule allows traffic from /0. | terraform |
| An ingress Network ACL rule allows specific ports from /0. | terraform |
| An ingress nas security group rule allows traffic from /0. | terraform |
| An ingress db security group rule allows traffic from /0. | terraform |
| An inbound network security rule allows traffic from /0. | terraform |
| An inbound firewall rule allows traffic from /0. | terraform |
| An egress security group rule allows traffic to /0. | terraform |
| A database resource is marked as publicly accessible. | terraform |