| Zone signing should not use RSA SHA1 | terraform |
| When using Queue Services for a storage account, logging should be enabled. | terraform |
| Weak Password Requirements | python |
| Weak Password Requirements | python |
| Weak Authentication | hcl |
| Users should not be granted service account access at the project level | terraform |
| Users should not be granted service account access at the organization level | terraform |
| Users should not be granted service account access at the folder level | terraform |
| User with admin access | terraform |
| User Pods should not be placed in kube-system namespace | terraform |
| User Interface (UI) Misrepresentation of Critical Information | javascript |
| Use of Web Link to Untrusted Target with window.opener Access | generic |
| Use of Weak Hash (4.12) | ocaml |
| Use of Weak Hash | rust |
| Use of Weak Hash | ruby |
| Use of Weak Hash | ruby |
| Use of Weak Hash | kotlin |
| Use of Weak Hash | go |
| Use of Weak Hash | go |
| Use of Unmaintained Third Party Components | javascript |
| Use of Potentially Dangerous Function | c |
| Use of Potentially Dangerous Function | c |
| Use of Potentially Dangerous Function | c |
| Use of Potentially Dangerous Function | c |
| Use of Potentially Dangerous Function | c |
| Use of Password Hash With Insufficient Computational Effort | javascript |
| Use of Insufficiently Random Values | python |
| Use of Inherently Dangerous Function (4.12) | ocaml |
| Use of Inherently Dangerous Function | rust |
| Use of Incorrectly-Resolved Name or Reference | javascript |
| Use of Incorrectly-Resolved Name or Reference | javascript |
| Use of Hard-coded Cryptographic Key | apex |
| Use of Hard-coded Credentials | java |
| Use of Hard-coded Credentials | kotlin |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | generic |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | regex |
| Use of Hard-coded Credentials | generic |
| Use of Hard-coded Credentials | generic |
| Use of Hard-coded Credentials | hcl |
| Use of Hard-coded Credentials | yaml |
| Use of GET Request Method With Sensitive Query Strings | yaml |
| Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') | php |
| Use of Externally-Controlled Format String | c |
| Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | go |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | python |
| Use of a Broken or Risky Cryptographic Algorithm | javascript |
| Use of a Broken or Risky Cryptographic Algorithm | kotlin |
| Use of a Broken or Risky Cryptographic Algorithm | kotlin |
| Use of a Broken or Risky Cryptographic Algorithm | kotlin |
| Use of a Broken or Risky Cryptographic Algorithm | go |
| Use of a Broken or Risky Cryptographic Algorithm | go |
| Use of a Broken or Risky Cryptographic Algorithm | go |
| Use of a Broken or Risky Cryptographic Algorithm | go |
| Use of a Broken or Risky Cryptographic Algorithm | go |
| Use of a Broken or Risky Cryptographic Algorithm | go |
| Use of a Broken or Risky Cryptographic Algorithm | go |
| Use After Free | c |
| Use After Free | c |
| URL Redirection to Untrusted Site ('Open Redirect') | ruby |
| URL Redirection to Untrusted Site ('Open Redirect') | ruby |
| URL Redirection to Untrusted Site ('Open Redirect') | python |
| URL Redirection to Untrusted Site ('Open Redirect') | php |
| URL Redirection to Untrusted Site ('Open Redirect') | java |
| URL Redirection to Untrusted Site ('Open Redirect') | java |
| URL Redirection to Untrusted Site ('Open Redirect') | csharp |
| Unsafe sysctl options set | terraform |
| Unintended Proxy or Intermediary ('Confused Deputy') | generic |
| Uncontrolled Resource Consumption | python |
| Trust Boundary Violation | java |
| Time-of-check Time-of-use (TOCTOU) Race Condition | ocaml |
| The Kubernetes cluster does not enable surge upgrades | terraform |
| Temporary file logging should be enabled for all temporary files. | terraform |
| Synapse Workspace should have managed virtual network enabled, the default is disabled. | terraform |
| SSL should be enforced on database connections where applicable | terraform |
| Specific capabilities added | terraform |
| Spaces buckets should have versioning enabled | terraform |
| Server-Side Request Forgery (SSRF) | ruby |
| Server-Side Request Forgery (SSRF) | python |
| Server-Side Request Forgery (SSRF) | php |
| Server-Side Request Forgery (SSRF) | php |
| Server-Side Request Forgery (SSRF) | php |
| Server-Side Request Forgery (SSRF) | javascript |
| Server-Side Request Forgery (SSRF) | javascript |
| Server-Side Request Forgery (SSRF) | javascript |
| Server-Side Request Forgery (SSRF) | javascript |
| Server-Side Request Forgery (SSRF) | javascript |
| Server-Side Request Forgery (SSRF) | javascript |
| Server-Side Request Forgery (SSRF) | java |
| Server-Side Request Forgery (SSRF) | scala |
| Server-Side Request Forgery (SSRF) | scala |
| Server-Side Request Forgery (SSRF) | scala |
| Server-Side Request Forgery (SSRF) | scala |
| Server-Side Request Forgery (SSRF) | hcl |
| Send notification emails for high severity alerts | terraform |
| SELinux custom options set | terraform |
| Selector usage in network policies | terraform |
| Seccomp policies disabled | terraform |
| SAM HTTP API stages for V1 and V2 should have access logging enabled | terraform |
| SAM API stages for V1 and V2 should have access logging enabled | terraform |
| SAM API must have data cache enabled | terraform |
| S3 DNS Compliant Bucket Names | terraform |
| S3 Data should be versioned | terraform |
| Runs as root user | terraform |
| RUN cd ...' to change directory | terraform |
| Roles should not be assigned to default service accounts | terraform |
| Roles should not be assigned to default service accounts | terraform |
| Roles should not be assigned to default service accounts | terraform |
| Roles limited to the required actions | terraform |
| Reusing a Nonce, Key Pair in Encryption | java |
| Require Vpc Flow Logs For All Vpcs | terraform |
| Reliance on Untrusted Inputs in a Security Decision | rust |
| Reliance on Untrusted Inputs in a Security Decision | rust |
| Reliance on Untrusted Inputs in a Security Decision | rust |
| Reliance on Untrusted Inputs in a Security Decision | rust |
| Reliance on Insufficiently Trustworthy Component | yaml |
| Redis cluster should have backup retention turned on | terraform |
| RDS IAM Database Authentication Disabled | terraform |
| RDS Deletion Protection Disabled | terraform |
| RDS Cluster Deletion Protection Disabled | terraform |
| RDS Cluster and RDS instance should have backup retention longer than default 1 day | terraform |
| RDB instance should have backup retention longer than 1 day | terraform |
| Protection Mechanism Failure | hcl |
| Protecting Pod service account tokens | terraform |
| Predictable from Observable State | solidity |
| Port 22 exposed | terraform |
| Point in time recovery should be enabled to protect DynamoDB table | terraform |
| Permissive Cross-domain Policy with Untrusted Domains | python |
| Permissive Cross-domain Policy with Untrusted Domains | python |
| Permissions, Privileges, and Access Controls | json |
| Permissions, Privileges, and Access Controls | json |
| Path Traversal | ocaml |
| OS Login should be enabled at project level | terraform |
| OS Command Injection | ocaml |
| Origin Validation Error | javascript |
| Origin Validation Error | generic |
| Omission of Security-relevant Information | hcl |
| Not Using Password Aging | hcl |
| Not Using Password Aging | hcl |
| Non-default /proc masks set | terraform |
| No threat detections are set | terraform |
| No plaintext password for compute instance | terraform |
| Network Policy should be enabled on GKE clusters | terraform |
| Neptune logs export should be enabled | terraform |
| Multiple HEALTHCHECK defined | terraform |
| MQ Broker should have audit logging enabled | terraform |
| Missing Encryption of Sensitive Data | swift |
| Missing Encryption of Sensitive Data | ruby |
| Missing Encryption of Sensitive Data | typescript |
| Missing Encryption of Sensitive Data | typescript |
| Missing Encryption of Sensitive Data | hcl |
| Missing Encryption of Sensitive Data | hcl |
| Missing Encryption of Sensitive Data | hcl |
| Missing Encryption of Sensitive Data | hcl |
| Missing Encryption of Sensitive Data | hcl |
| Missing Encryption of Sensitive Data | hcl |
| Missing description for security group. | terraform |
| Missing Authorization | csharp |
| Missing Authentication for Critical Function | typescript |
| Manage namespace secrets | terraform |
| Manage Kubernetes workloads and pods | terraform |
| Manage configmaps | terraform |
| Least Privilege Violation | swift |
| Key vault should have purge protection enabled | terraform |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Key Management Errors | hcl |
| Integer Underflow (Wrap or Wraparound) | solidity |
| Integer Overflow or Wraparound | php |
| Insufficiently Protected Credentials | javascript |
| Insufficiently Protected Credentials | javascript |
| Insufficiently Protected Credentials | javascript |
| Insufficiently Protected Credentials | javascript |
| Insufficiently Protected Credentials | javascript |
| Insufficiently Protected Credentials | javascript |
| Insufficiently Protected Credentials | javascript |
| Insufficiently Protected Credentials | javascript |
| Insufficiently Protected Credentials | hcl |
| Insufficient Verification of Data Authenticity | java |
| Insufficient Verification of Data Authenticity | hcl |
| Insufficient Logging | hcl |
| Instances should not override the project setting for OS Login | terraform |
| Instances should have Shielded VM VTPM enabled | terraform |
| Instances should have Shielded VM secure boot enabled | terraform |
| Instances should have Shielded VM integrity monitoring enabled | terraform |
| Insertion of Sensitive Information into Log File | python |
| Insertion of Sensitive Information into Externally-Accessible File or Directory | dockerfile |
| Inefficient Regular Expression Complexity | javascript |
| Inefficient Regular Expression Complexity | javascript |
| Inefficient Regular Expression Complexity | csharp |
| Inefficient Regular Expression Complexity | csharp |
| Incorrect Type Conversion or Cast | python |
| Incorrect Type Conversion or Cast | python |
| Incorrect Type Conversion or Cast | python |
| Incorrect Regular Expression | ruby |
| Incorrect Permission Assignment for Critical Resource | hcl |
| Incorrect Permission Assignment for Critical Resource | hcl |
| Incorrect Permission Assignment for Critical Resource | hcl |
| Incorrect Permission Assignment for Critical Resource | hcl |
| Incorrect Permission Assignment for Critical Resource | hcl |
| Incorrect Permission Assignment for Critical Resource | hcl |
| Incorrect Permission Assignment for Critical Resource | yaml |
| Incorrect Permission Assignment for Critical Resource | yaml |
| Incorrect Permission Assignment for Critical Resource | yaml |
| Incorrect Permission Assignment for Critical Resource | yaml |
| Incorrect Permission Assignment for Critical Resource | yaml |
| Incorrect Default Permissions | ruby |
| Incorrect Default Permissions | python |
| Incorrect Calculation | solidity |
| Incorrect Authorization | apex |
| Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') | hcl |
| Inclusion of Sensitive Information in Source Code | ruby |
| Inadequate Encryption Strength | python |
| Inadequate Encryption Strength | python |
| Inadequate Encryption Strength | python |
| Inadequate Encryption Strength | python |
| Inadequate Encryption Strength | python |
| Inadequate Encryption Strength | python |
| Inadequate Encryption Strength | python |
| Inadequate Encryption Strength | java |
| Inadequate Encryption Strength | generic |
| Inadequate Encryption Strength | terraform |
| Inadequate Encryption Strength | hcl |
| Inadequate Encryption Strength | hcl |
| Inadequate Encryption Strength | hcl |
| Inadequate Encryption Strength | hcl |
| Inadequate Encryption Strength | hcl |
| Inadequate Encryption Strength | hcl |
| Inadequate Encryption Strength | hcl |
| Inadequate Encryption Strength | hcl |
| Inadequate Encryption Strength | hcl |
| Inadequate Encryption Strength | hcl |
| Inadequate Encryption Strength | hcl |
| Inadequate Encryption Strength | hcl |
| Inadequate Encryption Strength | hcl |
| Inadequate Encryption Strength | hcl |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes | ruby |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes | javascript |
| Improperly Controlled Modification of Dynamically-Determined Object Attributes | csharp |
| Improper Verification of Cryptographic Signature | solidity |
| Improper Verification of Cryptographic Signature | csharp |
| Improper Validation of Specified Index, Position, or Offset in Input | solidity |
| Improper Validation of Certificate with Host Mismatch | java |
| Improper Restriction of XML External Entity Reference | ruby |
| Improper Restriction of XML External Entity Reference | python |
| Improper Restriction of XML External Entity Reference | javascript |
| Improper Restriction of XML External Entity Reference | javascript |
| Improper Restriction of XML External Entity Reference | javascript |
| Improper Restriction of XML External Entity Reference | java |
| Improper Restriction of XML External Entity Reference | java |
| Improper Restriction of XML External Entity Reference | java |
| Improper Restriction of XML External Entity Reference | scala |
| Improper Restriction of XML External Entity Reference | scala |
| Improper Restriction of XML External Entity Reference | go |
| Improper Restriction of XML External Entity Reference | csharp |
| Improper Restriction of XML External Entity Reference | csharp |
| Improper Restriction of XML External Entity Reference | csharp |
| Improper Restriction of Operations within the Bounds of a Memory Buffer | javascript |
| Improper Restriction of Excessive Authentication Attempts | csharp |
| Improper Privilege Management | dockerfile |
| Improper Privilege Management | dockerfile |
| Improper Privilege Management | dockerfile |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | swift |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | ruby |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | python |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | php |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | php |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | php |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | javascript |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | javascript |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | javascript |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | java |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | java |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | java |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | java |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | java |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | java |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | java |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | java |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | java |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | scala |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | scala |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | go |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | go |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | go |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | go |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | go |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | csharp |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | python |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | php |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | php |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | javascript |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | javascript |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | javascript |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | javascript |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | java |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | java |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | java |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | java |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | kotlin |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | scala |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | scala |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | go |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | csharp |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | yaml |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | clojure |
| Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') | java |
| Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') | java |
| Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') | java |
| Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') | csharp |
| Improper Neutralization of Special Elements Used in a Template Engine | javascript |
| Improper Neutralization of Special Elements Used in a Template Engine | go |
| Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | python |
| Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | python |
| Improper Neutralization of Special Elements in Data Query Logic | python |
| Improper Neutralization of Special Elements in Data Query Logic | java |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | python |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | php |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | php |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | typescript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | javascript |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | java |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | go |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | go |
| Improper Neutralization of Formula Elements in a CSV File | python |
| Improper Neutralization of Formula Elements in a CSV File | python |
| Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') | python |
| Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | bash |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | python |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | php |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | javascript |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | javascript |
| Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | javascript |
| Improper Neutralization of Data within XPath Expressions ('XPath Injection') | csharp |
| Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') | java |
| Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') | generic |
| Improper Neutralization of CRLF Sequences ('CRLF Injection') | python |
| Improper Neutralization of CRLF Sequences ('CRLF Injection') | java |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | python |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | python |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | php |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | php |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | javascript |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | javascript |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | go |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | generic |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | csharp |
| Improper Input Validation | python |
| Improper Export of Android Application Components | generic |
| Improper Enforcement of a Single, Unique Action | solidity |
| Improper Enforcement of a Single, Unique Action | solidity |
| Improper Encoding or Escaping of Output | python |
| Improper Encoding or Escaping of Output | python |
| Improper Control of Generation of Code ('Code Injection') | ruby |
| Improper Control of Generation of Code ('Code Injection') | ruby |
| Improper Control of Generation of Code ('Code Injection') | ruby |
| Improper Control of Generation of Code ('Code Injection') | ruby |
| Improper Control of Generation of Code ('Code Injection') | ruby |
| Improper Control of Generation of Code ('Code Injection') | ruby |
| Improper Control of Generation of Code ('Code Injection') | ruby |
| Improper Control of Generation of Code ('Code Injection') | php |
| Improper Control of Generation of Code ('Code Injection') | php |
| Improper Control of Generation of Code ('Code Injection') | php |
| Improper Control of Generation of Code ('Code Injection') | javascript |
| Improper Control of Generation of Code ('Code Injection') | javascript |
| Improper Control of Generation of Code ('Code Injection') | javascript |
| Improper Control of Generation of Code ('Code Injection') | javascript |
| Improper Control of Generation of Code ('Code Injection') | javascript |
| Improper Control of Generation of Code ('Code Injection') | javascript |
| Improper Control of Generation of Code ('Code Injection') | javascript |
| Improper Control of Generation of Code ('Code Injection') | java |
| Improper Control of Generation of Code ('Code Injection') | java |
| Improper Control of Generation of Code ('Code Injection') | scala |
| Improper Control of Generation of Code ('Code Injection') | go |
| Improper Control of Generation of Code ('Code Injection') | go |
| Improper Control of Generation of Code ('Code Injection') | go |
| Improper Control of Generation of Code ('Code Injection') | go |
| Improper Control of Generation of Code ('Code Injection') | bash |
| Improper Control of Generation of Code ('Code Injection') | csharp |
| Improper Control of Dynamically-Managed Code Resources | yaml |
| Improper Certificate Validation | rust |
| Improper Certificate Validation | rust |
| Improper Certificate Validation | rust |
| Improper Certificate Validation | python |
| Improper Certificate Validation | hcl |
| Improper Authorization | solidity |
| Improper Authentication | python |
| Improper Authentication | java |
| Improper Authentication | kotlin |
| Improper Authentication | hcl |
| Improper Access Control | solidity |
| Improper Access Control | solidity |
| Improper Access Control | ruby |
| Improper Access Control | php |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | hcl |
| Improper Access Control | yaml |
| Improper Access Control | yaml |
| Improper Access Control | yaml |
| Image tag \":latest\" used | terraform |
| IAM Users should have MFA enforcement activated. | terraform |
| IAM Password policy should prevent password reuse. | terraform |
| IAM Password policy should have requirement for at least one uppercase character. | terraform |
| IAM Password policy should have requirement for at least one symbol in the password. | terraform |
| IAM Password policy should have requirement for at least one number in the password. | terraform |
| IAM Password policy should have requirement for at least one lowercase character. | terraform |
| IAM Password policy should have minimum password length of 14 or more characters. | terraform |
| IAM Password policy should have expiry less than or equal to 90 days. | terraform |
| IAM Pass Role Filtering | terraform |
| IAM groups should have MFA enforcement activated. | terraform |
| IAM granted directly to user. | terraform |
| hostPath volumes mounted | terraform |
| Generation of Error Message Containing Sensitive Information | csharp |
| Force destroy is enabled on Spaces bucket which is dangerous | terraform |
| External Initialization of Trusted Variables or Data Stores | java |
| External Control of File Name or Path | ruby |
| Exposure of Sensitive Information to an Unauthorized Actor | ruby |
| Exposure of Sensitive Information to an Unauthorized Actor | php |
| Exposure of Sensitive Information to an Unauthorized Actor | go |
| Exposure of Sensitive Information to an Unauthorized Actor | hcl |
| Exposure of Resource to Wrong Sphere | python |
| Exposure of Information Through Directory Listing | go |
| Exposure of Information Through Directory Listing | csharp |
| Exposed Dangerous Method or Function | yaml |
| Execution with Unnecessary Privileges | python |
| Execution with Unnecessary Privileges | dockerfile |
| Execution with Unnecessary Privileges | hcl |
| Execution with Unnecessary Privileges | yaml |
| Execution with Unnecessary Privileges | yaml |
| Execution with Unnecessary Privileges | yaml |
| Ensure the activity retention log is set to at least a year | terraform |
| Ensure that the expiration date is set on all keys | terraform |
| Ensure that the --anonymous-auth argument is set to false | terraform |
| Ensure that no sensitive credentials are exposed in VM custom_data | terraform |
| Ensure that logging of lock waits is enabled. | terraform |
| Ensure that logging of disconnections is enabled. | terraform |
| Ensure that logging of connections is enabled. | terraform |
| Ensure that logging of checkpoints is enabled. | terraform |
| Ensure that Cloud Storage buckets have uniform bucket-level access enabled | terraform |
| Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server | terraform |
| Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | terraform |
| Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server | terraform |
| Ensure MSK Cluster logging is enabled | terraform |
| Ensure log profile captures all activities | terraform |
| Ensure databases are not publicly accessible | terraform |
| Ensure AKS logging to Azure Monitoring is Configured | terraform |
| Ensure activitys are captured for all locations | terraform |
| Enforce Root Hardware Mfa | terraform |
| Enable automated backups to recover from data-loss | terraform |
| Enable All Regions | terraform |
| EKS Clusters should have cluster control plane logging turned on | terraform |
| Double Free | c |
| Domain logging should be enabled for Elastic Search domains | terraform |
| DocumentDB logs export should be enabled | terraform |
| Divide By Zero | ruby |
| Disable serial port connectivity for all instances | terraform |
| Disable project-wide SSH keys for all instances | terraform |
| Deserialization of Untrusted Data | ruby |
| Deserialization of Untrusted Data | ruby |
| Deserialization of Untrusted Data | python |
| Deserialization of Untrusted Data | python |
| Deserialization of Untrusted Data | python |
| Deserialization of Untrusted Data | python |
| Deserialization of Untrusted Data | python |
| Deserialization of Untrusted Data | php |
| Deserialization of Untrusted Data | php |
| Deserialization of Untrusted Data | ocaml |
| Deserialization of Untrusted Data | java |
| Deserialization of Untrusted Data | java |
| Deserialization of Untrusted Data | java |
| Deserialization of Untrusted Data | java |
| Deserialization of Untrusted Data | java |
| Deserialization of Untrusted Data | java |
| Deserialization of Untrusted Data | csharp |
| Deserialization of Untrusted Data | csharp |
| Deserialization of Untrusted Data | csharp |
| Deserialization of Untrusted Data | csharp |
| Deserialization of Untrusted Data | csharp |
| Deserialization of Untrusted Data | csharp |
| Deserialization of Untrusted Data | csharp |
| Deserialization of Untrusted Data | csharp |
| Deserialization of Untrusted Data | clojure |
| Delete pod logs | terraform |
| Databases should have the minimum TLS set for connections | terraform |
| Database auditing rentention period should be longer than 90 days | terraform |
| Cryptographic Issues | javascript |
| Cross-Site Request Forgery (CSRF) | javascript |
| Cross-Site Request Forgery (CSRF) | generic |
| Cross-database ownership chaining should be disabled | terraform |
| Credentials which are no longer used should be disabled. | terraform |
| Container images from public registries used | terraform |
| Contained database authentication should be disabled | terraform |
| ConfigMap with sensitive content | terraform |
| Clusters should be set to private | terraform |
| Cloudfront distribution should have Access Logging configured | terraform |
| Cloud DNS should use DNSSEC | terraform |
| Cleartext Transmission of Sensitive Information | ruby |
| Cleartext Transmission of Sensitive Information | ruby |
| Cleartext Transmission of Sensitive Information | ruby |
| Cleartext Transmission of Sensitive Information | ruby |
| Cleartext Transmission of Sensitive Information | ruby |
| Cleartext Transmission of Sensitive Information | python |
| Cleartext Transmission of Sensitive Information | python |
| Cleartext Transmission of Sensitive Information | javascript |
| Cleartext Transmission of Sensitive Information | javascript |
| Cleartext Transmission of Sensitive Information | javascript |
| Cleartext Transmission of Sensitive Information | javascript |
| Cleartext Transmission of Sensitive Information | javascript |
| Cleartext Transmission of Sensitive Information | javascript |
| Cleartext Transmission of Sensitive Information | javascript |
| Cleartext Transmission of Sensitive Information | javascript |
| Cleartext Transmission of Sensitive Information | typescript |
| Cleartext Transmission of Sensitive Information | java |
| Cleartext Transmission of Sensitive Information | java |
| Cleartext Transmission of Sensitive Information | java |
| Cleartext Transmission of Sensitive Information | java |
| Cleartext Transmission of Sensitive Information | java |
| Cleartext Transmission of Sensitive Information | java |
| Cleartext Transmission of Sensitive Information | java |
| Cleartext Transmission of Sensitive Information | java |
| Cleartext Transmission of Sensitive Information | java |
| Cleartext Transmission of Sensitive Information | java |
| Cleartext Transmission of Sensitive Information | java |
| Cleartext Transmission of Sensitive Information | java |
| Cleartext Transmission of Sensitive Information | java |
| Cleartext Transmission of Sensitive Information | html |
| Cleartext Transmission of Sensitive Information | go |
| Cleartext Transmission of Sensitive Information | go |
| Cleartext Transmission of Sensitive Information | go |
| Cleartext Transmission of Sensitive Information | go |
| Cleartext Transmission of Sensitive Information | go |
| Cleartext Transmission of Sensitive Information | go |
| Cleartext Transmission of Sensitive Information | go |
| Cleartext Transmission of Sensitive Information | hcl |
| Cleartext Transmission of Sensitive Information | hcl |
| Cleartext Transmission of Sensitive Information | hcl |
| Cleartext Transmission of Sensitive Information | yaml |
| Cleartext Transmission of Sensitive Information | yaml |
| Cleartext Transmission of Sensitive Information | apex |
| Checks for service account defined for GKE nodes | terraform |
| Channel Accessible by Non-Endpoint | go |
| Channel Accessible by Non-Endpoint | go |
| Can elevate its own privileges | terraform |
| Authentication Bypass by Alternate Name | go |
| Auditing should be enabled on Azure SQL Databases | terraform |
| At least one email address is set for threat alerts | terraform |
| App Service authentication is activated | terraform |
| API Gateway stages for V1 and V2 should have access logging enabled | terraform |
| API Gateway must have cache enabled | terraform |
| Allocation of File Descriptors or Handles Without Limits or Throttling | c |
| All container images must start with the *.azurecr.io domain | terraform |
| All container images must start with an ECR domain | terraform |
| All container images must start with a GCR domain | terraform |
| Active Debug Code | apex |
| Access to host process | terraform |
| A security group rule allows ingress traffic from multiple public addresses | terraform |
| A security group rule allows egress traffic to multiple public addresses | terraform |
| A KMS key is not configured to auto-rotate. | terraform |
| A firewall rule allows traffic from/to the public internet | terraform |
| :latest' tag used | terraform |