| You should enable bucket access logging on the CloudTrail S3 bucket. | terraform |
| Workloads in the default namespace | terraform |
| Web App uses the latest HTTP version | terraform |
| Web App has registration with AD enabled | terraform |
| Web App accepts incoming client certificate | terraform |
| Weak Password Requirements | python |
| VPC flow logs should be enabled for all subnetworks | terraform |
| VM disks should be encrypted with Customer Supplied Encryption Keys | terraform |
| Use of Weak Hash | php |
| Use of Unmaintained Third Party Components | hcl |
| Use of Potentially Dangerous Function | php |
| Use of Obsolete Function | python |
| Use of Insufficiently Random Values | java |
| Use of Insufficiently Random Values | scala |
| Use of Inherently Dangerous Function | go |
| Use of Incorrectly-Resolved Name or Reference | python |
| Use of Incorrectly-Resolved Name or Reference | csharp |
| Use of Hard-coded Cryptographic Key | regex |
| Use of Hard-coded Credentials | python |
| Use of Hard-coded Credentials | javascript |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | generic |
| Use of Hard-coded Credentials | generic |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | generic |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') | java |
| Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') | go |
| Use of Externally-Controlled Format String | python |
| Use of Externally-Controlled Format String | javascript |
| Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | swift |
| Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | javascript |
| Use of a Broken or Risky Cryptographic Algorithm | ruby |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | java |
| Use of a Broken or Risky Cryptographic Algorithm | java |
| URL Redirection to Untrusted Site ('Open Redirect') | python |
| URL Redirection to Untrusted Site ('Open Redirect') | php |
| URL Redirection to Untrusted Site ('Open Redirect') | php |
| URL Redirection to Untrusted Site ('Open Redirect') | javascript |
| URL Redirection to Untrusted Site ('Open Redirect') | javascript |
| URL Redirection to Untrusted Site ('Open Redirect') | javascript |
| URL Redirection to Untrusted Site ('Open Redirect') | typescript |
| Unprotected Transport of Credentials | python |
| Uncontrolled Search Path Element | json |
| Uncontrolled Resource Consumption | javascript |
| Uncontrolled Resource Consumption | go |
| Unchecked Return Value | php |
| The router has common private network | terraform |
| The required contact details should be set for security center | terraform |
| The nas instance has common private network | terraform |
| The instance has common private network | terraform |
| The elb has common private network | terraform |
| The db instance has common private network | terraform |
| Storage of Sensitive Data in a Mechanism without Access Control | rust |
| Stackdriver Monitoring should be enabled | terraform |
| Stackdriver Logging should be enabled | terraform |
| Server-Side Request Forgery (SSRF) | python |
| Server-Side Request Forgery (SSRF) | javascript |
| Server-Side Request Forgery (SSRF) | javascript |
| Server-Side Request Forgery (SSRF) | javascript |
| Server-Side Request Forgery (SSRF) | javascript |
| Server-Side Request Forgery (SSRF) | javascript |
| Server-Side Request Forgery (SSRF) | javascript |
| Server-Side Request Forgery (SSRF) | javascript |
| Server-Side Request Forgery (SSRF) | javascript |
| Server-Side Request Forgery (SSRF) | javascript |
| Server-Side Request Forgery (SSRF) | javascript |
| Server-Side Request Forgery (SSRF) | javascript |
| Server-Side Request Forgery (SSRF) | javascript |
| Server-Side Request Forgery (SSRF) | csharp |
| Server-Side Request Forgery (SSRF) | csharp |
| Server-Side Request Forgery (SSRF) | csharp |
| Server-Side Request Forgery (SSRF) | csharp |
| Sensitive Cookie Without 'HttpOnly' Flag | ruby |
| Sensitive Cookie Without 'HttpOnly' Flag | python |
| Sensitive Cookie Without 'HttpOnly' Flag | python |
| Sensitive Cookie Without 'HttpOnly' Flag | python |
| Sensitive Cookie Without 'HttpOnly' Flag | python |
| Sensitive Cookie Without 'HttpOnly' Flag | php |
| Sensitive Cookie Without 'HttpOnly' Flag | php |
| Sensitive Cookie Without 'HttpOnly' Flag | java |
| Sensitive Cookie Without 'HttpOnly' Flag | kotlin |
| Sensitive Cookie Without 'HttpOnly' Flag | go |
| Sensitive Cookie Without 'HttpOnly' Flag | go |
| Sensitive Cookie with Improper SameSite Attribute | python |
| Sensitive Cookie with Improper SameSite Attribute | python |
| Sensitive Cookie with Improper SameSite Attribute | python |
| Sensitive Cookie with Improper SameSite Attribute | php |
| Sensitive Cookie with Improper SameSite Attribute | go |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | python |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | python |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | python |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | python |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | python |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | python |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | php |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | java |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | kotlin |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | go |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | go |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | generic |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | generic |
| Security threat alerts go to subcription owners and co-administrators | terraform |
| Secrets Manager should use customer managed keys | terraform |
| SAM State machine must have X-Ray tracing enabled | terraform |
| SAM State machine must have logging enabled | terraform |
| SAM Function must have X-Ray tracing enabled | terraform |
| SAM API must have X-Ray tracing enabled | terraform |
| S3 buckets should each define an aws_s3_bucket_public_access_block | terraform |
| S3 Bucket Logging | terraform |
| Runtime/Default Seccomp profile not set | terraform |
| Runtime/Default AppArmor profile not set | terraform |
| Runs with UID <= 10000 | terraform |
| Runs with GID <= 10000 | terraform |
| Runs with a root primary or supplementary GID | terraform |
| RUN using 'wget' and 'curl | terraform |
| Reusing a Nonce, Key Pair in Encryption | kotlin |
| Retention policy for flow logs should be enabled and set to greater than 90 days | terraform |
| resource quota usage | terraform |
| Resource Management Errors (4.12) | ocaml |
| Require Cmk Disabled Alarm | terraform |
| Protection Mechanism Failure | yaml |
| Permissive List of Allowed Inputs | typescript |
| Permissive List of Allowed Inputs | typescript |
| Permissive List of Allowed Inputs | java |
| Permissive Cross-domain Policy with Untrusted Domains | hcl |
| Permissive Cross-domain Policy with Untrusted Domains | hcl |
| Permissive Cross-domain Policy with Untrusted Domains | hcl |
| Performance Insights encryption should use Customer Managed Keys | terraform |
| Out-of-bounds Read | csharp |
| Origin Validation Error | php |
| Origin Validation Error | php |
| Origin Validation Error | csharp |
| Omission of Security-relevant Information | hcl |
| Non-core volume types used. | terraform |
| No user should have more than one active access key. | terraform |
| No unauthorized access to API Gateway methods | terraform |
| No HEALTHCHECK defined | terraform |
| MQ Broker should have general logging enabled | terraform |
| Missing Support for Integrity Check | generic |
| Missing IAM Role to allow authorized users to manage incidents with AWS Support. | terraform |
| Missing Encryption of Sensitive Data | hcl |
| Missing Encryption of Sensitive Data | hcl |
| Missing Encryption of Sensitive Data | hcl |
| Missing Encryption of Sensitive Data | hcl |
| Missing Encryption of Sensitive Data | hcl |
| Missing Encryption of Sensitive Data | hcl |
| Missing Encryption of Sensitive Data | hcl |
| Missing Encryption of Sensitive Data | hcl |
| Missing Encryption of Sensitive Data | hcl |
| Missing Encryption of Sensitive Data | hcl |
| Missing description for security group/security group rule. | terraform |
| Missing description for security group/security group rule. | terraform |
| Missing description for security group. | terraform |
| Missing description for security group. | terraform |
| Missing description for security group rule. | terraform |
| Missing description for security group rule. | terraform |
| Missing description for nas security group. | terraform |
| Missing description for db security group. | terraform |
| Misinterpretation of Input | go |
| Memory requests not specified | terraform |
| Memory not limited | terraform |
| Manages /etc/hosts | terraform |
| Limit Root Account Usage | terraform |
| limit range usage | terraform |
| Lambda functions should have X-Ray tracing enabled | terraform |
| Kubernetes should have 'Automatic upgrade' enabled | terraform |
| Kubernetes should have 'Automatic repair' enabled | terraform |
| Key Vault Secret should have an expiration date set | terraform |
| Key vault Secret should have a content type set | terraform |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | terraform |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Exchange without Entity Authentication | python |
| Key Exchange without Entity Authentication | go |
| Interpretation Conflict | go |
| Insufficiently Protected Credentials | ruby |
| Insufficiently Protected Credentials | ruby |
| Insufficiently Protected Credentials | ruby |
| Insufficiently Protected Credentials | python |
| Insufficiently Protected Credentials | python |
| Insufficiently Protected Credentials | javascript |
| Insufficiently Protected Credentials | javascript |
| Insufficient Verification of Data Authenticity | ruby |
| Insufficient Verification of Data Authenticity | javascript |
| Insufficient Verification of Data Authenticity | javascript |
| Insufficient Verification of Data Authenticity | go |
| Insufficient Logging | hcl |
| Insufficient Logging | hcl |
| Insufficient Logging | hcl |
| Insufficient Logging | hcl |
| Insufficient Logging | hcl |
| Insufficient Logging | hcl |
| Insufficient Logging | hcl |
| Insufficient Logging | hcl |
| Insufficient Control of Network Message Volume (Network Amplification) | yaml |
| Insertion of Sensitive Information into Log File | generic |
| Insertion of Sensitive Information into Log File | c |
| Insecure Temporary File | go |
| Insecure Storage of Sensitive Information | javascript |
| Insecure Storage of Sensitive Information | javascript |
| Information Loss or Omission | hcl |
| Inefficient Regular Expression Complexity | python |
| Incorrect Type Conversion or Cast | java |
| Incorrect Type Conversion or Cast | kotlin |
| Incorrect Permission Assignment for Critical Resource | hcl |
| Incorrect Permission Assignment for Critical Resource | hcl |
| Incorrect Permission Assignment for Critical Resource | yaml |
| Incorrect Default Permissions | ruby |
| Incorrect Default Permissions | java |
| Incorrect Comparison | php |
| Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') | generic |
| Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') | hcl |
| Inclusion of Sensitive Information in Source Code | yaml |
| Inadequate Encryption Strength | python |
| Inadequate Encryption Strength | java |
| Inadequate Encryption Strength | kotlin |
| Inadequate Encryption Strength | hcl |
| Inadequate Encryption Strength | hcl |
| Inadequate Encryption Strength | hcl |
| Inadequate Encryption Strength | hcl |
| Inadequate Encryption Strength | hcl |
| Inadequate Encryption Strength | terraform |
| Inadequate Encryption Strength | hcl |
| Inadequate Encryption Strength | hcl |
| Inadequate Encryption Strength | hcl |
| Inadequate Encryption Strength | hcl |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes | ruby |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes | ruby |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes | ruby |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes | ruby |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes | ruby |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes | ruby |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes | python |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes | python |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes | php |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes | javascript |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes | javascript |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes | javascript |
| Improper Restriction of XML External Entity Reference | ruby |
| Improper Restriction of XML External Entity Reference | python |
| Improper Restriction of XML External Entity Reference | javascript |
| Improper Restriction of XML External Entity Reference | javascript |
| Improper Restriction of XML External Entity Reference | javascript |
| Improper Restriction of Rendered UI Layers or Frames | ruby |
| Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') | python |
| Improper Privilege Management | java |
| Improper Privilege Management | hcl |
| Improper Privilege Management | hcl |
| Improper Privilege Management | hcl |
| Improper Privilege Management | hcl |
| Improper Privilege Management | yaml |
| Improper Neutralization of Wildcards or Matching Symbols | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | javascript |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | javascript |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | javascript |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | scala |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ruby |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ruby |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ruby |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ruby |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ruby |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ruby |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ruby |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | typescript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | java |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | html |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | html |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | go |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | go |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | go |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | go |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | go |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | go |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | go |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | go |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | go |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | go |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | regex |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | regex |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | regex |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | regex |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | regex |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | regex |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | regex |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | regex |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | regex |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | regex |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | regex |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | regex |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | generic |
| Improper Neutralization of Formula Elements in a CSV File | python |
| Improper Neutralization of Escape, Meta, or Control Sequences | regex |
| Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') | python |
| Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') | python |
| Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') | python |
| Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | bash |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | javascript |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | java |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | generic |
| Improper Management of Sensitive Trace Data | generic |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | ruby |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | python |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | python |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | php |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | java |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | scala |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | go |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | generic |
| Improper Input Validation | bash |
| Improper Input Validation | python |
| Improper Encoding or Escaping of Output | javascript |
| Improper Encoding or Escaping of Output | javascript |
| Improper Encoding or Escaping of Output | javascript |
| Improper Encoding or Escaping of Output | generic |
| Improper Encoding or Escaping of Output | regex |
| Improper Encoding or Escaping of Output | regex |
| Improper Encoding or Escaping of Output | regex |
| Improper Control of Generation of Code ('Code Injection') | ruby |
| Improper Control of Generation of Code ('Code Injection') | php |
| Improper Control of Generation of Code ('Code Injection') | javascript |
| Improper Control of Generation of Code ('Code Injection') | javascript |
| Improper Control of Generation of Code ('Code Injection') | javascript |
| Improper Control of Generation of Code ('Code Injection') | javascript |
| Improper Control of Generation of Code ('Code Injection') | javascript |
| Improper Control of Generation of Code ('Code Injection') | javascript |
| Improper Control of Generation of Code ('Code Injection') | java |
| Improper Control of Generation of Code ('Code Injection') | java |
| Improper Control of Generation of Code ('Code Injection') | java |
| Improper Control of Dynamically-Managed Code Resources | go |
| Improper Control of Dynamically-Managed Code Resources | go |
| Improper Control of Dynamically-Managed Code Resources | yaml |
| Improper Certificate Validation | python |
| Improper Certificate Validation | python |
| Improper Certificate Validation | java |
| Improper Certificate Validation | java |
| Improper Certificate Validation | csharp |
| Improper Authorization in Handler for Custom URL Scheme | python |
| Improper Authorization | php |
| Improper Authorization | php |
| Improper Authentication | php |
| Improper Authentication | hcl |
| Improper Authentication | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| IAM policies should not be granted directly to users. | terraform |
| File Inclusion | php |
| External Control of File Name or Path | python |
| External Control of File Name or Path | php |
| Exposure of Sensitive Information to an Unauthorized Actor | ruby |
| Exposure of Sensitive Information to an Unauthorized Actor | php |
| Exposure of Sensitive Information to an Unauthorized Actor | java |
| Exposure of Sensitive Information to an Unauthorized Actor | hcl |
| Exposure of Sensitive Information to an Unauthorized Actor | hcl |
| Exposure of Sensitive Information to an Unauthorized Actor | hcl |
| Exposure of Sensitive Information to an Unauthorized Actor | hcl |
| Exposure of Sensitive Information to an Unauthorized Actor | hcl |
| Exposure of Sensitive Information to an Unauthorized Actor | hcl |
| Exposure of Sensitive Information to an Unauthorized Actor | yaml |
| Execution with Unnecessary Privileges | hcl |
| Execution with Unnecessary Privileges | yaml |
| Execution with Unnecessary Privileges | yaml |
| Execution with Unnecessary Privileges | yaml |
| Execution with Unnecessary Privileges | yaml |
| Ensure that the RotateKubeletServerCertificate argument is set to true | terraform |
| Ensure that the etcd data directory permissions are set to 700 or more restrictive | terraform |
| Ensure that the etcd data directory ownership is set to etcd:etcd | terraform |
| Ensure that the admission control plugin ServiceAccount is set | terraform |
| Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | terraform |
| Ensure that the admission control plugin NodeRestriction is set | terraform |
| Ensure that the admission control plugin NamespaceLifecycle is set | terraform |
| Ensure that the admission control plugin EventRateLimit is set | terraform |
| Ensure that the admission control plugin AlwaysPullImages is set | terraform |
| Ensure that the admission control plugin AlwaysAdmit is not set | terraform |
| Ensure that the --use-service-account-credentials argument is set to true | terraform |
| Ensure that the --token-auth-file parameter is not set | terraform |
| Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | terraform |
| Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | terraform |
| Ensure that the --service-account-private-key-file argument is set as appropriate | terraform |
| Ensure that the --service-account-lookup argument is set to true | terraform |
| Ensure that the --service-account-key-file argument is set as appropriate | terraform |
| Ensure that the --secure-port argument is not set to 0 | terraform |
| Ensure that the --root-ca-file argument is set as appropriate | terraform |
| Ensure that the --profiling argument is set to false | terraform |
| Ensure that the --profiling argument is set to false | terraform |
| Ensure that the --profiling argument is set to false | terraform |
| Ensure that the --peer-client-cert-auth argument is set to true | terraform |
| Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | terraform |
| Ensure that the --peer-auto-tls argument is not set to true | terraform |
| Ensure that the --kubelet-https argument is set to true | terraform |
| Ensure that the --kubelet-certificate-authority argument is set as appropriate | terraform |
| Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | terraform |
| Ensure that the --etcd-cafile argument is set as appropriate | terraform |
| Ensure that the --encryption-provider-config argument is set as appropriate | terraform |
| Ensure that the --DenyServiceExternalIPs is not set | terraform |
| Ensure that the --client-cert-auth argument is set to true | terraform |
| Ensure that the --client-ca-file argument is set as appropriate | terraform |
| Ensure that the --cert-file and --key-file arguments are set as appropriate | terraform |
| Ensure that the --bind-address argument is set to 127.0.0.1 | terraform |
| Ensure that the --bind-address argument is set to 127.0.0.1 | terraform |
| Ensure that the --auto-tls argument is not set to true | terraform |
| Ensure that the --authorization-mode argument is not set to AlwaysAllow | terraform |
| Ensure that the --authorization-mode argument includes RBAC | terraform |
| Ensure that the --authorization-mode argument includes Node | terraform |
| Ensure that the --audit-log-path argument is set | terraform |
| Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | terraform |
| Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | terraform |
| Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | terraform |
| Ensure that response caching is enabled for your Amazon API Gateway REST APIs. | terraform |
| Ensure that Postgres errors are logged | terraform |
| Ensure that logging of long statements is disabled. | terraform |
| Ensure Kubelet Client Certificate And Kubelet Client Key Are Set | terraform |
| Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image | terraform |
| Ensure a log metric filter and alarm exist for VPC changes | terraform |
| Ensure a log metric filter and alarm exist for usage of root user | terraform |
| Ensure a log metric filter and alarm exist for unauthorized API calls | terraform |
| Ensure a log metric filter and alarm exist for security group changes | terraform |
| Ensure a log metric filter and alarm exist for S3 bucket policy changes | terraform |
| Ensure a log metric filter and alarm exist for route table changes | terraform |
| Ensure a log metric filter and alarm exist for organisation changes | terraform |
| Ensure a log metric filter and alarm exist for IAM policy changes | terraform |
| Ensure a log metric filter and alarm exist for CloudTrail configuration changes | terraform |
| Ensure a log metric filter and alarm exist for changes to network gateways | terraform |
| Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) | terraform |
| Ensure a log metric filter and alarm exist for AWS Management Console sign-in without MFA | terraform |
| Ensure a log metric filter and alarm exist for AWS Management Console authentication failures | terraform |
| Ensure a log metric filter and alarm exist for AWS Config configuration changes | terraform |
| Enable the standard security center subscription tier | terraform |
| Enable Performance Insights to detect potential problems | terraform |
| Enable Object Write Logging | terraform |
| Enable Object Read Logging | terraform |
| Enable IAM Access analyzer for IAM policies about all resources in each region. | terraform |
| ECS clusters should have container insights enabled | terraform |
| ECR Repository should use customer managed keys to allow more control | terraform |
| EBS volume encryption should use Customer Managed Keys | terraform |
| DynamoDB tables should use at rest encryption with a Customer Managed Key | terraform |
| DocumentDB encryption should use Customer Managed Keys | terraform |
| Do not allow users in a rolebinding to add other users to their rolebindings | terraform |
| Disks should be encrypted with customer managed encryption keys | terraform |
| Disable Unused Credentials 45 Days | terraform |
| Deserialization of Untrusted Data | python |
| Deserialization of Untrusted Data | python |
| Deserialization of Untrusted Data | python |
| Deserialization of Untrusted Data | python |
| Deserialization of Untrusted Data | python |
| Deserialization of Untrusted Data | python |
| Deserialization of Untrusted Data | python |
| Deserialization of Untrusted Data | php |
| Deserialization of Untrusted Data | javascript |
| Deserialization of Untrusted Data | java |
| Deserialization of Untrusted Data | java |
| Deserialization of Untrusted Data | csharp |
| Delete expired TLS certificates | terraform |
| Delete expired SSL certificates | terraform |
| Default security group should restrict all traffic | terraform |
| Default capabilities: some containers do not drop any | terraform |
| Default capabilities: some containers do not drop all | terraform |
| Cryptographic Issues | csharp |
| Cross-Site Request Forgery (CSRF) | ruby |
| Cross-Site Request Forgery (CSRF) | ruby |
| Cross-Site Request Forgery (CSRF) | python |
| Cross-Site Request Forgery (CSRF) | python |
| Cross-Site Request Forgery (CSRF) | python |
| Cross-Site Request Forgery (CSRF) | python |
| Cross-Site Request Forgery (CSRF) | python |
| Cross-Site Request Forgery (CSRF) | python |
| Cross-Site Request Forgery (CSRF) | php |
| Cross-Site Request Forgery (CSRF) | php |
| Cross-Site Request Forgery (CSRF) | javascript |
| Cross-Site Request Forgery (CSRF) | java |
| Cross-Site Request Forgery (CSRF) | java |
| Cross-Site Request Forgery (CSRF) | go |
| Cross-Site Request Forgery (CSRF) | generic |
| Cross-Site Request Forgery (CSRF) | generic |
| Cross-Site Request Forgery (CSRF) | csharp |
| Creating Debug Binary | generic |
| CPU requests not specified | terraform |
| CPU not limited | terraform |
| Containers must not set runAsUser to 0 | terraform |
| Container capabilities must only include NET_BIND_SERVICE | terraform |
| Configuration | generic |
| Configuration | generic |
| Configuration | generic |
| Configuration | hcl |
| Compiler Removal of Code to Clear Buffers | c |
| Command Shell in Externally Accessible Directory | python |
| Clusters should have IP aliasing enabled | terraform |
| Clusters should be configured with Labels | terraform |
| CloudWatch log groups should be encrypted using CMK | terraform |
| CloudTrail logs should be stored in S3 and also sent to CloudWatch Logs | terraform |
| Cloud Storage buckets should be encrypted with a customer-managed key. | terraform |
| Cleartext Transmission of Sensitive Information | python |
| Cleartext Transmission of Sensitive Information | python |
| Cleartext Transmission of Sensitive Information | python |
| Cleartext Transmission of Sensitive Information | python |
| Cleartext Transmission of Sensitive Information | python |
| Cleartext Transmission of Sensitive Information | python |
| Cleartext Transmission of Sensitive Information | python |
| Cleartext Transmission of Sensitive Information | python |
| Cleartext Transmission of Sensitive Information | python |
| Cleartext Transmission of Sensitive Information | python |
| Cleartext Transmission of Sensitive Information | python |
| Cleartext Transmission of Sensitive Information | python |
| Cleartext Transmission of Sensitive Information | python |
| Cleartext Transmission of Sensitive Information | python |
| Cleartext Transmission of Sensitive Information | python |
| Cleartext Transmission of Sensitive Information | python |
| Cleartext Transmission of Sensitive Information | python |
| Cleartext Transmission of Sensitive Information | php |
| Cleartext Transmission of Sensitive Information | php |
| Cleartext Transmission of Sensitive Information | javascript |
| Cleartext Transmission of Sensitive Information | javascript |
| Cleartext Transmission of Sensitive Information | javascript |
| Cleartext Transmission of Sensitive Information | java |
| Cleartext Transmission of Sensitive Information | java |
| Cleartext Transmission of Sensitive Information | kotlin |
| Cleartext Transmission of Sensitive Information | generic |
| Cleartext Transmission of Sensitive Information | regex |
| Cleartext Transmission of Sensitive Information | hcl |
| Buckets should have MFA deletion protection enabled. | terraform |
| Authentication Bypass by Spoofing | generic |
| API Gateway must have X-Ray tracing enabled | terraform |
| ADD instead of COPY | terraform |
| Active Debug Code | python |
| Active Debug Code | python |
| Active Debug Code | python |
| Active Debug Code | python |
| Active Debug Code | php |
| Active Debug Code | go |
| Active Debug Code | regex |
| Active Debug Code | generic |
| Active Debug Code | yaml |
| Access keys should be rotated at least every 90 days | terraform |