| zypper clean' missing | terraform |
| yum clean all' missing | terraform |
| XML Injection | python |
| WORKDIR should not be mounted on system dirs | terraform |
| WORKDIR path not absolute | terraform |
| Web App uses latest TLS version | terraform |
| Verify that the RotateKubeletServerCertificate argument is set to true | terraform |
| Verify that the --read-only-port argument is set to 0 | terraform |
| Use of Weak Hash | java |
| Use of Weak Hash | java |
| Use of Weak Hash | java |
| Use of Weak Hash | clojure |
| Use of RSA Algorithm without OAEP | scala |
| Use of RSA Algorithm without OAEP | csharp |
| Use of Hard-coded Credentials | ruby |
| Use of Hard-coded Credentials | ruby |
| Use of Hard-coded Credentials | python |
| Use of Hard-coded Credentials | javascript |
| Use of Hard-coded Credentials | javascript |
| Use of Hard-coded Credentials | javascript |
| Use of Hard-coded Credentials | javascript |
| Use of Hard-coded Credentials | go |
| Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | csharp |
| Use of a Broken or Risky Cryptographic Algorithm | ruby |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | php |
| Use of a Broken or Risky Cryptographic Algorithm | javascript |
| Use of a Broken or Risky Cryptographic Algorithm | javascript |
| Use of a Broken or Risky Cryptographic Algorithm | java |
| Use of a Broken or Risky Cryptographic Algorithm | java |
| Use of a Broken or Risky Cryptographic Algorithm | java |
| Use of a Broken or Risky Cryptographic Algorithm | java |
| Use of a Broken or Risky Cryptographic Algorithm | java |
| Use of a Broken or Risky Cryptographic Algorithm | java |
| Use of a Broken or Risky Cryptographic Algorithm | java |
| Use of a Broken or Risky Cryptographic Algorithm | java |
| Use of a Broken or Risky Cryptographic Algorithm | java |
| Use of a Broken or Risky Cryptographic Algorithm | java |
| Use of a Broken or Risky Cryptographic Algorithm | go |
| Use of a Broken or Risky Cryptographic Algorithm | csharp |
| Use of a Broken or Risky Cryptographic Algorithm | csharp |
| Use of a Broken or Risky Cryptographic Algorithm | clojure |
| URL Redirection to Untrusted Site ('Open Redirect') | javascript |
| URL Redirection to Untrusted Site ('Open Redirect') | javascript |
| URL Redirection to Untrusted Site ('Open Redirect') | go |
| Unencrypted SQS queue. | terraform |
| Unencrypted SNS topic. | terraform |
| Unencrypted S3 bucket. | terraform |
| Unencrypted data lake storage. | terraform |
| Trusting HTTP Permission Methods on the Server Side | ruby |
| Trusted Microsoft Services should have bypass access to Storage accounts | terraform |
| There is no encryption specified or encryption is disabled on the RDS Cluster. | terraform |
| SYS_MODULE capability added | terraform |
| SYS_ADMIN capability added | terraform |
| Storage containers in blob storage mode should not have public access | terraform |
| Storage accounts should be configured to only accept transfers that are over secure connections | terraform |
| SSL connections to a SQL database instance should be enforced. | terraform |
| SSH Keys are the preferred way to connect to your droplet, no keys are supplied | terraform |
| SQS queue should be encrypted with a CMK. | terraform |
| SNS topic not encrypted with CMK. | terraform |
| Shielded GKE nodes not enabled. | terraform |
| Service with External IP | terraform |
| Service accounts should not have roles assigned with excessive privileges | terraform |
| Server-Side Request Forgery (SSRF) | python |
| Server-Side Request Forgery (SSRF) | python |
| Server-Side Request Forgery (SSRF) | python |
| Server-Side Request Forgery (SSRF) | javascript |
| Server-Side Request Forgery (SSRF) | go |
| SAM Simple table must have server side encryption enabled. | terraform |
| SAM API domain name uses outdated SSL/TLS protocols. | terraform |
| S3 encryption should use Customer Managed Keys | terraform |
| S3 Buckets not publicly accessible through ACL. | terraform |
| S3 Access block should restrict public bucket to limit access | terraform |
| S3 Access Block should Ignore Public Acl | terraform |
| S3 Access block should block public policy | terraform |
| S3 Access block should block public ACL | terraform |
| RUN <package-manager> update' instruction alone | terraform |
| Root file system is not read-only | terraform |
| Root and user volumes on Workspaces should be encrypted | terraform |
| Reusing a Nonce, Key Pair in Encryption | java |
| Relative Path Traversal | java |
| Redshift clusters should use at rest encryption | terraform |
| Redshift cluster should be deployed into a specific VPC | terraform |
| RDS Publicly Accessible | terraform |
| RDS encryption has not been enabled at a DB Instance level. | terraform |
| Public ingress should not be allowed via network policies | terraform |
| Public egress should not be allowed via network policies | terraform |
| Privileged | terraform |
| Prevent binding to privileged ports | terraform |
| Password authentication should be disabled on Azure virtual machines | terraform |
| Out-of-bounds Write | solidity |
| Node metadata value disables metadata concealment. | terraform |
| No State Machine Policy Wildcards | terraform |
| No sensitive data stored in user_data | terraform |
| NET_RAW capability added | terraform |
| Neptune storage must be encrypted at rest | terraform |
| Neptune encryption should use Customer Managed Keys | terraform |
| Multiple CMD instructions listed | terraform |
| Missing Encryption of Sensitive Data | hcl |
| Missing Authorization | dockerfile |
| Missing Authentication for Critical Function | typescript |
| microdnf clean all' missing | terraform |
| Master authorized networks should be configured on GKE clusters | terraform |
| Manage Kubernetes networking | terraform |
| Load balancers should drop invalid headers | terraform |
| Load balancer is exposed to the internet. | terraform |
| Legacy metadata endpoints enabled. | terraform |
| Legacy client authentication methods utilized. | terraform |
| Legacy ABAC permissions are enabled. | terraform |
| Launch configuration with unencrypted block device. | terraform |
| Launch configuration should not have a public IP address. | terraform |
| Kubernetes resource with disallowed volumes mounted | terraform |
| KMS keys should be rotated at least every 90 days | terraform |
| Kinesis stream is unencrypted. | terraform |
| Insufficiently Protected Credentials | python |
| Insufficiently Protected Credentials | scala |
| Insufficiently Protected Credentials | scala |
| Insufficient Verification of Data Authenticity | javascript |
| Insufficient Session Expiration | csharp |
| Instances should not have public IP addresses | terraform |
| Instances should not have IP forwarding enabled | terraform |
| Instances in a subnet should not receive a public IP address by default. | terraform |
| Instance with unencrypted block device. | terraform |
| Insertion of Sensitive Information into Externally-Accessible File or Directory | generic |
| Inefficient Regular Expression Complexity | ruby |
| Incorrect Permission Assignment for Critical Resource | hcl |
| Incorrect Calculation | solidity |
| Incorrect Calculation | solidity |
| Inclusion of Sensitive Information in Source Code | apex |
| Inclusion of Sensitive Information in Source Code | apex |
| Inadequate Encryption Strength | ruby |
| Inadequate Encryption Strength | java |
| Inadequate Encryption Strength | java |
| Inadequate Encryption Strength | java |
| Inadequate Encryption Strength | java |
| Inadequate Encryption Strength | java |
| Inadequate Encryption Strength | kotlin |
| Inadequate Encryption Strength | go |
| Inadequate Encryption Strength | generic |
| Inadequate Encryption Strength | terraform |
| Improper Restriction of XML External Entity Reference | javascript |
| Improper Restriction of XML External Entity Reference | java |
| Improper Restriction of XML External Entity Reference | java |
| Improper Restriction of XML External Entity Reference | java |
| Improper Restriction of XML External Entity Reference | java |
| Improper Restriction of XML External Entity Reference | java |
| Improper Restriction of XML External Entity Reference | java |
| Improper Restriction of XML External Entity Reference | scala |
| Improper Restriction of XML External Entity Reference | clojure |
| Improper Privilege Management | yaml |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | ruby |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | ruby |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | ruby |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | ruby |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | ruby |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | ruby |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | ruby |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | php |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | php |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | php |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | php |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | javascript |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | javascript |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | javascript |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | javascript |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | javascript |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | javascript |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | java |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | java |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | java |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | java |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | java |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | scala |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | scala |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | scala |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | go |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | go |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | go |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | go |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | ruby |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | php |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | javascript |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | yaml |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') | terraform |
| Improper Neutralization of Special Elements in Data Query Logic | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ruby |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ruby |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ruby |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | java |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | java |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | scala |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | go |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | php |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | javascript |
| Improper Neutralization of Data within XPath Expressions ('XPath Injection') | java |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | ruby |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | ruby |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | ruby |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | ruby |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | python |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | javascript |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | java |
| Improper Input Validation | solidity |
| Improper Input Validation | solidity |
| Improper Input Validation | solidity |
| Improper Enforcement of Behavioral Workflow | solidity |
| Improper Enforcement of Behavioral Workflow | solidity |
| Improper Enforcement of Behavioral Workflow | solidity |
| Improper Enforcement of Behavioral Workflow | solidity |
| Improper Enforcement of Behavioral Workflow | solidity |
| Improper Enforcement of Behavioral Workflow | solidity |
| Improper Enforcement of Behavioral Workflow | solidity |
| Improper Control of Generation of Code ('Code Injection') | ruby |
| Improper Control of Generation of Code ('Code Injection') | ruby |
| Improper Control of Generation of Code ('Code Injection') | php |
| Improper Control of Generation of Code ('Code Injection') | php |
| Improper Control of Generation of Code ('Code Injection') | generic |
| Improper Certificate Validation | ruby |
| Improper Certificate Validation | python |
| Improper Authentication | javascript |
| Improper Authentication | javascript |
| Improper Authentication | yaml |
| Improper Access Control | solidity |
| Improper Access Control | solidity |
| Improper Access Control | solidity |
| Improper Access Control | solidity |
| Improper Access Control | solidity |
| Improper Access Control | solidity |
| Improper Access Control | solidity |
| Improper Access Control | hcl |
| Improper Access Control | apex |
| Image user should not be 'root | terraform |
| If proxy kubeconfig file exists ensure permissions are set to 600 or more restrictive | terraform |
| if proxy kubeconfig file exists ensure ownership is set to root:root | terraform |
| IAM policy should avoid use of wildcards and instead apply the principle of least privilege | terraform |
| hostPath volume mounted with docker.sock | terraform |
| GKE Control Plane should not be publicly accessible | terraform |
| GitHub repository has vulnerability alerts disabled. | terraform |
| GitHub branch protection does not require signed commits. | terraform |
| Generation of Weak Initialization Vector (IV) | javascript |
| Generation of Predictable IV with CBC Mode | php |
| Generation of Predictable IV with CBC Mode | java |
| Function policies should avoid use of wildcards and instead apply the principle of least privilege | terraform |
| Function Call With Incorrect Variable or Reference as Argument | solidity |
| External Control of File Name or Path | javascript |
| Exposure of Sensitive Information to an Unauthorized Actor | python |
| Exposure of Sensitive Information to an Unauthorized Actor | generic |
| Exposure of Sensitive Information to an Unauthorized Actor | generic |
| Exposure of Sensitive Information to an Unauthorized Actor | yaml |
| Exposure of Sensitive Information to an Unauthorized Actor | yaml |
| Exposure of Resource to Wrong Sphere | python |
| Exposure of Information Through Directory Listing | javascript |
| Execution with Unnecessary Privileges | json |
| Execution with Unnecessary Privileges | yaml |
| Exec into Pods | terraform |
| Ensure that the scheduler pod specification file permissions are set to 600 or more restrictive | terraform |
| Ensure that the scheduler pod specification file ownership is set to root:root | terraform |
| Ensure that the scheduler config file permissions are set to 600 or more restrictive | terraform |
| Ensure that the scheduler config file ownership is set to root:root | terraform |
| Ensure that the Kubernetes PKI certificate file permission is set to 600 | terraform |
| Ensure that the kubelet service file permissions are set to 600 or more restrictive | terraform |
| Ensure that the etcd pod specification file permissions are set to 600 or more restrictive | terraform |
| Ensure that the etcd pod specification file ownership is set to root:root | terraform |
| Ensure that the controller-manager config file permissions are set to 600 or more restrictive | terraform |
| Ensure that the controller-manager config file ownership is set to root:root | terraform |
| Ensure that the controller manager pod specification file ownership is set to root:root | terraform |
| Ensure that the container network interface file permissions are set to 600 or more restrictive | terraform |
| Ensure that the container network interface file ownership is set to root:root | terraform |
| Ensure that the API server pod specification file permissions are set to 600 or more restrictive | terraform |
| Ensure that the API server pod specification file ownership is set to root:root | terraform |
| Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | terraform |
| Ensure that the --rotate-certificates argument is not set to false | terraform |
| Ensure that the --protect-kernel-defaults is set to true | terraform |
| Ensure that the --make-iptables-util-chains argument is set to true | terraform |
| Ensure that the --kubeconfig kubelet.conf file permissions are set to 600 or more restrictive | terraform |
| Ensure that the --kubeconfig kubelet.conf file ownership is set to root:root | terraform |
| Ensure that the --hostname-override argument is not set | terraform |
| Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | terraform |
| Ensure that the --authorization-mode argument is not set to AlwaysAllow | terraform |
| Ensure that Cloud Storage bucket is not anonymously or publicly accessible. | terraform |
| Ensure that Cloud SQL Database Instances are not publicly exposed | terraform |
| Ensure RBAC is enabled on AKS clusters | terraform |
| Ensure plaintext value is not used for GitHub Action Environment Secret. | terraform |
| Ensure MQ Broker is not publicly exposed | terraform |
| Ensure Kubelet Config.Yaml Permissions 600 Or More Restrictive. | terraform |
| Ensure Kubeconfig Kubelet Config.Yaml Ownership Set Root:Root | terraform |
| Ensure database firewalls do not permit public access | terraform |
| Ensure Controller Manager Pod Specification File Permissions Set 600 Or More Restrictive | terraform |
| Ensure all data stored in the launch configuration EBS is securely encrypted | terraform |
| Ensure AKS cluster has Network Policy configured | terraform |
| Enable local-disk encryption for EMR clusters. | terraform |
| Enable in-transit encryption for EMR clusters. | terraform |
| Enable disk encryption on managed disk | terraform |
| Enable at-rest encryption for EMR clusters. | terraform |
| Enable At Rest Encryption | terraform |
| Elasticsearch domain uses plaintext traffic for node to node communication. | terraform |
| Elasticsearch domain isn't encrypted at rest. | terraform |
| Elasticsearch domain endpoint is using outdated TLS policy. | terraform |
| Elasticache Replication Group uses unencrypted traffic. | terraform |
| Elasticache Replication Group stores unencrypted data at-rest. | terraform |
| EKS should have the encryption of secrets enabled | terraform |
| EFS Encryption has not been enabled | terraform |
| ECS Task Definitions with EFS volumes should use in-transit encryption | terraform |
| ECR repository policy must block public access | terraform |
| ECR repository has image scans disabled. | terraform |
| ECR images tags shouldn't be mutable. | terraform |
| EBS volumes must be encrypted | terraform |
| DocumentDB storage must be encrypted | terraform |
| Do not allow role to create ClusterRoleBindings and association with privileged role | terraform |
| Do not allow role binding creation and association with privileged role/clusterrole | terraform |
| Do not allow privilege escalation from node proxy | terraform |
| Do not allow attaching to shell on pods | terraform |
| dnf clean all' missing | terraform |
| Disable local_infile setting in MySQL | terraform |
| Deserialization of Untrusted Data | ruby |
| Deserialization of Untrusted Data | ruby |
| Deserialization of Untrusted Data | csharp |
| Deprecated MAINTAINER used | terraform |
| Default security context configured | terraform |
| Default network should not be created at project level | terraform |
| DAX Cluster should always encrypt data at rest | terraform |
| Cryptographic Issues | javascript |
| Cross-Site Request Forgery (CSRF) | generic |
| Cross-Site Request Forgery (CSRF) | apex |
| ConfigMap with secrets | terraform |
| Config configuration aggregator should be using all regions for source | terraform |
| CodeBuild Project artifacts encryption should not be disabled | terraform |
| CloudTrail should use Customer managed keys to encrypt the logs | terraform |
| Cloudtrail log validation should be enabled to prevent tampering of log data | terraform |
| CloudFront distribution uses outdated SSL/TLS protocols. | terraform |
| CloudFront distribution does not have a WAF in front. | terraform |
| Cleartext Transmission of Sensitive Information | java |
| Cleartext Transmission of Sensitive Information | java |
| Cleartext Transmission of Sensitive Information | java |
| Cleartext Transmission of Sensitive Information | go |
| Cleartext Transmission of Sensitive Information | go |
| Cleartext Transmission of Sensitive Information | go |
| aws_instance should activate session tokens for Instance Metadata Service. | terraform |
| aws_instance should activate session tokens for Instance Metadata Service. | terraform |
| AWS SQS policy document has wildcard action statement. | terraform |
| AWS best practice to not use the default VPC for workflows | terraform |
| Authorization Bypass Through User-Controlled Key | ruby |
| Athena workgroups should enforce configuration to prevent client disabling encryption | terraform |
| apt-get' missing '-y' to avoid manual input | terraform |
| apt-get' missing '--no-install-recommends | terraform |
| apt-get dist-upgrade' used | terraform |
| apk add' is missing '--no-cache | terraform |
| API Gateway domain name uses outdated SSL/TLS protocols. | terraform |
| Active Debug Code | python |
| Access to host ports | terraform |
| Access to host PID | terraform |
| Access to host network | terraform |
| Access to host IPC namespace | terraform |
| A MSK cluster allows unencrypted data in transit. | terraform |
| A MSK cluster allows unencrypted data at rest. | terraform |
| A configuration for an external workload identity pool provider should have conditions set | terraform |