Resource scans (auto generated)

  Id Type Entity Policy IaC
0 CKV_AWS_21 resource aws_s3_bucket Ensure all data stored in the S3 bucket have versioning enabled Terraform
1 CKV_AWS_52 resource aws_s3_bucket Ensure S3 bucket has MFA delete enabled Terraform
2 CKV_AWS_19 resource aws_s3_bucket Ensure all data stored in the S3 bucket is securely encrypted at rest Terraform
3 CKV_AWS_20 resource aws_s3_bucket S3 Bucket has an ACL defined which allows public READ access. Terraform
4 CKV_AWS_18 resource aws_s3_bucket Ensure the S3 bucket has access logging enabled Terraform
5 CKV_AWS_57 resource aws_s3_bucket S3 Bucket has an ACL defined which allows public WRITE access. Terraform
6 CKV_AWS_58 resource aws_eks_cluster Ensure EKS Cluster has Secrets Encryption Enabled Terraform
7 CKV_AWS_38 resource aws_eks_cluster Ensure Amazon EKS public endpoint not accessible to 0.0.0.0/0 Terraform
8 CKV_AWS_37 resource aws_eks_cluster Ensure Amazon EKS control plane logging enabled for all log types Terraform
9 CKV_AWS_39 resource aws_eks_cluster Ensure Amazon EKS public endpoint disabled Terraform
10 CKV_AWS_15 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one uppercase letter Terraform
11 CKV_AWS_12 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one number Terraform
12 CKV_AWS_13 resource aws_iam_account_password_policy Ensure IAM password policy prevents password reuse Terraform
13 CKV_AWS_9 resource aws_iam_account_password_policy Ensure IAM password policy expires passwords within 90 days or less Terraform
14 CKV_AWS_10 resource aws_iam_account_password_policy Ensure IAM password policy requires minimum length of 14 or greater Terraform
15 CKV_AWS_14 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one symbol Terraform
16 CKV_AWS_11 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one lowercase letter Terraform
17 CKV_AWS_25 resource aws_security_group Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Terraform
18 CKV_AWS_23 resource aws_security_group Ensure every security groups rule has a description Terraform
19 CKV_AWS_24 resource aws_security_group Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Terraform
20 CKV_AWS_51 resource aws_ecr_repository Ensure ECR Image Tags are immutable Terraform
21 CKV_AWS_33 resource aws_ecr_repository Ensure ECR image scanning on push is enabled Terraform
22 CKV_AWS_50 resource aws_lambda_function X-ray tracing is enabled for Lambda Terraform
23 CKV_AWS_45 resource aws_lambda_function Ensure no hard coded AWS access key and and secret key exists in lambda environment Terraform
24 CKV_AWS_47 resource aws_dax_cluster Ensure DAX is encrypted at rest (default is unencrypted) Terraform
25 CKV_AWS_46 resource aws_instance Ensure no hard coded AWS access key and and secret key exists in EC2 user data Terraform
26 CKV_AWS_8 resource aws_instance Ensure all data stored in the Launch configuration EBS is securely encrypted Terraform
27 CKV_AWS_22 resource aws_sagemaker_notebook_instance Ensure all data stored in the Sagemaker is securely encrypted at rest Terraform
28 CKV_AWS_36 resource aws_cloudtrail Ensure CloudTrail log file validation is enabled Terraform
29 CKV_AWS_35 resource aws_cloudtrail Ensure CloudTrail logs are encrypted at rest using KMS CMKs Terraform
30 CKV_AWS_16 resource aws_db_instance Ensure all data stored in the RDS is securely encrypted at rest Terraform
31 CKV_AWS_17 resource aws_db_instance Ensure all data stored in the RDS bucket is not public accessible Terraform
32 CKV_AWS_28 resource aws_dynamodb_table Ensure Dynamodb point in time recovery (backup) is enabled Terraform
33 CKV_AWS_55 resource aws_s3_bucket_public_access_block Ensure S3 bucket has ignore public ACLs enabled Terraform
34 CKV_AWS_56 resource aws_s3_bucket_public_access_block Ensure S3 bucket has ‘restrict_public_bucket’ enabled Terraform
35 CKV_AWS_53 resource aws_s3_bucket_public_access_block Ensure S3 bucket has block public ACLS enabled Terraform
36 CKV_AWS_54 resource aws_s3_bucket_public_access_block Ensure S3 bucket has block public policy enabled Terraform
37 CKV_AWS_29 resource aws_elasticache_replication_group Ensure all data stored in the Elasticache Replication Group is securely encrypted at rest Terraform
38 CKV_AWS_31 resource aws_elasticache_replication_group Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit and has auth token Terraform
39 CKV_AWS_30 resource aws_elasticache_replication_group Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit Terraform
40 CKV_AWS_3 resource aws_ebs_volume Ensure all data stored in the EBS is securely encrypted Terraform
41 CKV_AWS_2 resource aws_alb_listener Ensure ALB protocol is HTTPS Terraform
42 CKV_AWS_2 resource aws_lb_listener Ensure ALB protocol is HTTPS Terraform
43 CKV_AWS_64 resource aws_redshift_cluster Ensure all data stored in the Redshift cluster is securely encrypted at rest Terraform
44 CKV_AWS_23 resource aws_security_group_rule Ensure every security groups rule has a description Terraform
45 CKV_AWS_23 resource aws_db_security_group Ensure every security groups rule has a description Terraform
46 CKV_AWS_23 resource aws_elasticache_security_group Ensure every security groups rule has a description Terraform
47 CKV_AWS_23 resource aws_redshift_security_group Ensure every security groups rule has a description Terraform
48 CKV_AWS_42 resource aws_efs_file_system Ensure EFS is securely encrypted Terraform
49 CKV_AWS_48 resource aws_mq_broker Ensure MQ Broker logging is enabled Terraform
50 CKV_AWS_7 resource aws_kms_key Ensure rotation for customer created CMKs is enabled Terraform
51 CKV_AWS_59 resource aws_api_gateway_method Ensure there is no open access to back-end resources through API Terraform
52 CKV_AWS_5 resource aws_elasticsearch_domain Ensure all data stored in the Elasticsearch is securely encrypted at rest Terraform
53 CKV_AWS_6 resource aws_elasticsearch_domain Ensure all Elasticsearch has node-to-node encryption enabled Terraform
54 CKV_AWS_65 resource aws_ecs_cluster Ensure container insights are enabled on ECS cluster Terraform
55 CKV_AWS_34 resource aws_cloudfront_distribution Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS Terraform
56 CKV_AWS_61 resource aws_iam_role Ensure IAM role allows only specific principals in account to assume it Terraform
57 CKV_AWS_60 resource aws_iam_role Ensure IAM role allows only specific services or principals to assume it Terraform
58 CKV_AWS_4 resource aws_ebs_snapshot Ensure all data stored in the EBS Snapshot is securely encrypted Terraform
59 CKV_AWS_63 resource aws_iam_role_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform
60 CKV_AWS_62 resource aws_iam_role_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform
61 CKV_AWS_63 resource aws_iam_user_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform
62 CKV_AWS_62 resource aws_iam_user_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform
63 CKV_AWS_40 resource aws_iam_user_policy Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) Terraform
64 CKV_AWS_63 resource aws_iam_group_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform
65 CKV_AWS_62 resource aws_iam_group_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform
66 CKV_AWS_63 resource aws_iam_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform
67 CKV_AWS_62 resource aws_iam_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform
68 CKV_AWS_32 resource aws_ecr_repository_policy Ensure ECR policy is not set to public Terraform
69 CKV_AWS_17 resource aws_rds_cluster_instance Ensure all data stored in the RDS bucket is not public accessible Terraform
70 CKV_AWS_43 resource aws_kinesis_stream Ensure Kinesis Stream is securely encrypted Terraform
71 CKV_AWS_8 resource aws_launch_configuration Ensure all data stored in the Launch configuration EBS is securely encrypted Terraform
72 CKV_AWS_26 resource aws_sns_topic Ensure all data stored in the SNS topic is encrypted Terraform
73 CKV_AWS_27 resource aws_sqs_queue Ensure all data stored in the SQS queue is encrypted Terraform
74 CKV_AWS_44 resource aws_neptune_cluster Ensure Neptune storage is securely encrypted Terraform
75 CKV_AWS_40 resource aws_iam_user_policy_attachment Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) Terraform
76 CKV_AWS_40 resource aws_iam_policy_attachment Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) Terraform
77 CKV_GCP_24 resource google_container_cluster Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters Terraform
78 CKV_GCP_13 resource google_container_cluster Ensure a client certificate is used by clients to authenticate to Kubernetes Engine Clusters Terraform
79 CKV_GCP_21 resource google_container_cluster Ensure Kubernetes Clusters are configured with Labels Terraform
80 CKV_GCP_22 resource google_container_cluster Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image Terraform
81 CKV_GCP_12 resource google_container_cluster Ensure Network Policy is enabled on Kubernetes Engine Clusters Terraform
82 CKV_GCP_18 resource google_container_cluster Ensure GKE Control Plane is not public Terraform
83 CKV_GCP_19 resource google_container_cluster Ensure GKE basic auth is disabled Terraform
84 CKV_GCP_20 resource google_container_cluster Ensure master authorized networks is set to enabled in GKE clusters Terraform
85 CKV_GCP_25 resource google_container_cluster Ensure Kubernetes Cluster is created with Private cluster enabled Terraform
86 CKV_GCP_23 resource google_container_cluster Ensure Kubernetes Cluster is created with Alias IP ranges enabled Terraform
87 CKV_GCP_8 resource google_container_cluster Ensure Stackdriver Monitoring is set to Enabled on Kubernetes Engine Clusters Terraform
88 CKV_GCP_7 resource google_container_cluster Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters Terraform
89 CKV_GCP_1 resource google_container_cluster Ensure Stackdriver Logging is set to Enabled on Kubernetes Engine Clusters Terraform
90 CKV_GCP_27 resource google_project Ensure that the default network does not exist in a project Terraform
91 CKV_GCP_26 resource google_compute_subnetwork Ensure that VPC Flow Logs is enabled for every subnet in a VPC Network Terraform
92 CKV_GCP_3 resource google_compute_firewall Ensure Google compute firewall ingress does not allow unrestricted rdp access Terraform
93 CKV_GCP_2 resource google_compute_firewall Ensure Google compute firewall ingress does not allow unrestricted ssh access Terraform
94 CKV_GCP_4 resource google_compute_ssl_policy Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites Terraform
95 CKV_GCP_9 resource google_container_node_pool Ensure ‘Automatic node repair’ is enabled for Kubernetes Clusters Terraform
96 CKV_GCP_10 resource google_container_node_pool Ensure ‘Automatic node upgrade’ is enabled for Kubernetes Clusters Terraform
97 CKV_GCP_6 resource google_sql_database_instance Ensure all Cloud SQL database instance requires all incoming connections to use SSL Terraform
98 CKV_GCP_14 resource google_sql_database_instance Ensure all Cloud SQL database instance have backup configuration enabled Terraform
99 CKV_GCP_11 resource google_sql_database_instance Ensure that Cloud SQL database Instances are not open to the world Terraform
100 CKV_GCP_15 resource google_bigquery_dataset Ensure that BigQuery datasets are not anonymously or publicly accessible Terraform
101 CKV_GCP_5 resource google_storage_bucket Ensure Google storage bucket have encryption enabled Terraform
102 CKV_GCP_17 resource google_dns_managed_zone Ensure that RSASHA1 is not used for the zone-signing and key-signing keys in Cloud DNS DNSSEC Terraform
103 CKV_GCP_16 resource google_dns_managed_zone Ensure that DNSSEC is enabled for Cloud DNS Terraform
104 CKV_AZURE_3 resource azurerm_storage_account Ensure that ‘Secure transfer required’ is set to ‘Enabled’ Terraform
105 CKV_AZURE_8 resource azurerm_kubernetes_cluster Ensure Kube Dashboard is disabled Terraform
106 CKV_AZURE_4 resource azurerm_kubernetes_cluster Ensure AKS logging to Azure Monitoring is Configured Terraform
107 CKV_AZURE_7 resource azurerm_kubernetes_cluster Ensure AKS cluster has Network Policy configured Terraform
108 CKV_AZURE_6 resource azurerm_kubernetes_cluster Ensure AKS has an API Server Authorized IP Ranges enabled Terraform
109 CKV_AZURE_5 resource azurerm_kubernetes_cluster Ensure RBAC is enabled on AKS clusters Terraform
110 CKV_AZURE_2 resource azurerm_managed_disk Ensure Azure managed disk have encryption enabled Terraform
111 CKV_AZURE_1 resource azurerm_virtual_machine Ensure Azure Instance does not use basic authentication(Use SSH Key Instead) Terraform
112 CKV_AWS_1 data aws_iam_policy_document Ensure IAM policies that allow full “-” administrative privileges are not created Terraform
113 CKV_AWS_49 data aws_iam_policy_document Ensure no IAM policies documents allow “*” as a statement’s actions Terraform
114 CKV_AWS_41 provider aws Ensure no hard coded AWS access key and and secret key exists in provider Terraform
115 CKV_AWS_21 resource AWS::S3::Bucket Ensure the S3 bucket has versioning enabled Cloudformation
116 CKV_AWS_57 resource AWS::S3::Bucket Ensure the S3 bucket does not allow WRITE permissions to everyone Cloudformation
117 CKV_AWS_19 resource AWS::S3::Bucket Ensure the S3 bucket has server-side-encryption enabled Cloudformation
118 CKV_AWS_20 resource AWS::S3::Bucket Ensure the S3 bucket does not allow READ permissions to everyone Cloudformation
119 CKV_AWS_18 resource AWS::S3::Bucket Ensure the S3 bucket has access logging enabled Cloudformation
120 CKV_AWS_58 resource AWS::EKS::Cluster Ensure EKS Cluster has Secrets Encryption Enabled Cloudformation
121 CKV_AWS_36 resource AWS::CloudTrail::Trail Ensure CloudTrail log file validation is enabled Cloudformation
122 CKV_AWS_35 resource AWS::CloudTrail::Trail Ensure CloudTrail logs are encrypted at rest using KMS CMKs Cloudformation
123 CKV_AWS_16 resource AWS::RDS::DBInstance Ensure all data stored in the RDS is securely encrypted at rest Cloudformation
124 CKV_AWS_17 resource AWS::RDS::DBInstance Ensure all data stored in the RDS bucket is not public accessible Cloudformation
125 CKV_AWS_28 resource AWS::DynamoDB::Table Ensure Dynamodb point in time recovery (backup) is enabled Cloudformation
126 CKV_AWS_29 resource AWS::ElastiCache::ReplicationGroup Ensure all data stored in the Elasticache Replication Group is securely encrypted at rest Cloudformation
127 CKV_AWS_31 resource AWS::ElastiCache::ReplicationGroup Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit and has auth token Cloudformation
128 CKV_AWS_30 resource AWS::ElastiCache::ReplicationGroup Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit Cloudformation
129 CKV_AWS_3 resource AWS::EC2::Volume Ensure all data stored in the EBS is securely encrypted Cloudformation
130 CKV_AWS_2 resource AWS::ElasticLoadBalancingV2::Listener Ensure ALB protocol is HTTPS Cloudformation
131 CKV_AWS_64 resource AWS::Redshift::Cluster Ensure all data stored in the Redshift cluster is securely encrypted at rest Cloudformation
132 CKV_AWS_23 resource AWS::EC2::SecurityGroup Ensure every security groups rule has a description Cloudformation
133 CKV_AWS_24 resource AWS::EC2::SecurityGroup Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Cloudformation
134 CKV_AWS_23 resource AWS::EC2::SecurityGroupIngress Ensure every security groups rule has a description Cloudformation
135 CKV_AWS_24 resource AWS::EC2::SecurityGroupIngress Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Cloudformation
136 CKV_AWS_23 resource AWS::EC2::SecurityGroupEgress Ensure every security groups rule has a description Cloudformation
137 CKV_AWS_5 resource AWS::Elasticsearch::Domain Ensure all data stored in the Elasticsearch is securely encrypted at rest Cloudformation
138 CKV_AWS_6 resource AWS::Elasticsearch::Domain Ensure all Elasticsearch has node-to-node encryption enabled Cloudformation
139 CKV_AWS_65 resource AWS::ECS::Cluster Ensure container insights are enabled on ECS cluster Cloudformation
140 CKV_AWS_34 resource AWS::CloudFront::Distribution Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS Cloudformation
141 CKV_AWS_32 resource AWS::ECR::Repository Ensure ECR policy is not set to public Cloudformation
142 CKV_K8S_38 PodSecurityPolicy Pod Ensure that Service Account Tokens are only mounted where necessary Kubernetes
143 CKV_K8S_29 PodSecurityPolicy Pod Apply security context to your pods and containers Kubernetes
144 CKV_K8S_23 PodSecurityPolicy Pod Minimize the admission of root containers Kubernetes
145 CKV_K8S_18 PodSecurityPolicy Pod Containers should not share the host IPC namespace Kubernetes
146 CKV_K8S_27 PodSecurityPolicy Pod Do not expose the docker daemon socket to containers Kubernetes
147 CKV_K8S_21 PodSecurityPolicy Pod The default namespace should not be used Kubernetes
148 CKV_K8S_31 PodSecurityPolicy Pod Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes
149 CKV_K8S_17 PodSecurityPolicy Pod Containers should not share the host process ID namespace Kubernetes
150 CKV_K8S_19 PodSecurityPolicy Pod Containers should not share the host network namespace Kubernetes
151 CKV_K8S_40 PodSecurityPolicy Pod Containers should run as a high UID to avoid host conflict Kubernetes
152 CKV_K8S_38 PodSecurityPolicy Deployment Ensure that Service Account Tokens are only mounted where necessary Kubernetes
153 CKV_K8S_29 PodSecurityPolicy Deployment Apply security context to your pods and containers Kubernetes
154 CKV_K8S_23 PodSecurityPolicy Deployment Minimize the admission of root containers Kubernetes
155 CKV_K8S_18 PodSecurityPolicy Deployment Containers should not share the host IPC namespace Kubernetes
156 CKV_K8S_27 PodSecurityPolicy Deployment Do not expose the docker daemon socket to containers Kubernetes
157 CKV_K8S_21 PodSecurityPolicy Deployment The default namespace should not be used Kubernetes
158 CKV_K8S_31 PodSecurityPolicy Deployment Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes
159 CKV_K8S_17 PodSecurityPolicy Deployment Containers should not share the host process ID namespace Kubernetes
160 CKV_K8S_19 PodSecurityPolicy Deployment Containers should not share the host network namespace Kubernetes
161 CKV_K8S_40 PodSecurityPolicy Deployment Containers should run as a high UID to avoid host conflict Kubernetes
162 CKV_K8S_38 PodSecurityPolicy DaemonSet Ensure that Service Account Tokens are only mounted where necessary Kubernetes
163 CKV_K8S_29 PodSecurityPolicy DaemonSet Apply security context to your pods and containers Kubernetes
164 CKV_K8S_23 PodSecurityPolicy DaemonSet Minimize the admission of root containers Kubernetes
165 CKV_K8S_18 PodSecurityPolicy DaemonSet Containers should not share the host IPC namespace Kubernetes
166 CKV_K8S_27 PodSecurityPolicy DaemonSet Do not expose the docker daemon socket to containers Kubernetes
167 CKV_K8S_21 PodSecurityPolicy DaemonSet The default namespace should not be used Kubernetes
168 CKV_K8S_31 PodSecurityPolicy DaemonSet Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes
169 CKV_K8S_17 PodSecurityPolicy DaemonSet Containers should not share the host process ID namespace Kubernetes
170 CKV_K8S_19 PodSecurityPolicy DaemonSet Containers should not share the host network namespace Kubernetes
171 CKV_K8S_40 PodSecurityPolicy DaemonSet Containers should run as a high UID to avoid host conflict Kubernetes
172 CKV_K8S_38 PodSecurityPolicy StatefulSet Ensure that Service Account Tokens are only mounted where necessary Kubernetes
173 CKV_K8S_29 PodSecurityPolicy StatefulSet Apply security context to your pods and containers Kubernetes
174 CKV_K8S_23 PodSecurityPolicy StatefulSet Minimize the admission of root containers Kubernetes
175 CKV_K8S_18 PodSecurityPolicy StatefulSet Containers should not share the host IPC namespace Kubernetes
176 CKV_K8S_27 PodSecurityPolicy StatefulSet Do not expose the docker daemon socket to containers Kubernetes
177 CKV_K8S_21 PodSecurityPolicy StatefulSet The default namespace should not be used Kubernetes
178 CKV_K8S_31 PodSecurityPolicy StatefulSet Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes
179 CKV_K8S_17 PodSecurityPolicy StatefulSet Containers should not share the host process ID namespace Kubernetes
180 CKV_K8S_19 PodSecurityPolicy StatefulSet Containers should not share the host network namespace Kubernetes
181 CKV_K8S_40 PodSecurityPolicy StatefulSet Containers should run as a high UID to avoid host conflict Kubernetes
182 CKV_K8S_38 PodSecurityPolicy ReplicaSet Ensure that Service Account Tokens are only mounted where necessary Kubernetes
183 CKV_K8S_29 PodSecurityPolicy ReplicaSet Apply security context to your pods and containers Kubernetes
184 CKV_K8S_23 PodSecurityPolicy ReplicaSet Minimize the admission of root containers Kubernetes
185 CKV_K8S_18 PodSecurityPolicy ReplicaSet Containers should not share the host IPC namespace Kubernetes
186 CKV_K8S_27 PodSecurityPolicy ReplicaSet Do not expose the docker daemon socket to containers Kubernetes
187 CKV_K8S_21 PodSecurityPolicy ReplicaSet The default namespace should not be used Kubernetes
188 CKV_K8S_31 PodSecurityPolicy ReplicaSet Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes
189 CKV_K8S_17 PodSecurityPolicy ReplicaSet Containers should not share the host process ID namespace Kubernetes
190 CKV_K8S_19 PodSecurityPolicy ReplicaSet Containers should not share the host network namespace Kubernetes
191 CKV_K8S_40 PodSecurityPolicy ReplicaSet Containers should run as a high UID to avoid host conflict Kubernetes
192 CKV_K8S_38 PodSecurityPolicy ReplicationController Ensure that Service Account Tokens are only mounted where necessary Kubernetes
193 CKV_K8S_29 PodSecurityPolicy ReplicationController Apply security context to your pods and containers Kubernetes
194 CKV_K8S_23 PodSecurityPolicy ReplicationController Minimize the admission of root containers Kubernetes
195 CKV_K8S_18 PodSecurityPolicy ReplicationController Containers should not share the host IPC namespace Kubernetes
196 CKV_K8S_27 PodSecurityPolicy ReplicationController Do not expose the docker daemon socket to containers Kubernetes
197 CKV_K8S_21 PodSecurityPolicy ReplicationController The default namespace should not be used Kubernetes
198 CKV_K8S_31 PodSecurityPolicy ReplicationController Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes
199 CKV_K8S_17 PodSecurityPolicy ReplicationController Containers should not share the host process ID namespace Kubernetes
200 CKV_K8S_19 PodSecurityPolicy ReplicationController Containers should not share the host network namespace Kubernetes
201 CKV_K8S_40 PodSecurityPolicy ReplicationController Containers should run as a high UID to avoid host conflict Kubernetes
202 CKV_K8S_38 PodSecurityPolicy Job Ensure that Service Account Tokens are only mounted where necessary Kubernetes
203 CKV_K8S_29 PodSecurityPolicy Job Apply security context to your pods and containers Kubernetes
204 CKV_K8S_23 PodSecurityPolicy Job Minimize the admission of root containers Kubernetes
205 CKV_K8S_18 PodSecurityPolicy Job Containers should not share the host IPC namespace Kubernetes
206 CKV_K8S_27 PodSecurityPolicy Job Do not expose the docker daemon socket to containers Kubernetes
207 CKV_K8S_21 PodSecurityPolicy Job The default namespace should not be used Kubernetes
208 CKV_K8S_31 PodSecurityPolicy Job Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes
209 CKV_K8S_17 PodSecurityPolicy Job Containers should not share the host process ID namespace Kubernetes
210 CKV_K8S_19 PodSecurityPolicy Job Containers should not share the host network namespace Kubernetes
211 CKV_K8S_40 PodSecurityPolicy Job Containers should run as a high UID to avoid host conflict Kubernetes
212 CKV_K8S_38 PodSecurityPolicy CronJob Ensure that Service Account Tokens are only mounted where necessary Kubernetes
213 CKV_K8S_29 PodSecurityPolicy CronJob Apply security context to your pods and containers Kubernetes
214 CKV_K8S_23 PodSecurityPolicy CronJob Minimize the admission of root containers Kubernetes
215 CKV_K8S_18 PodSecurityPolicy CronJob Containers should not share the host IPC namespace Kubernetes
216 CKV_K8S_27 PodSecurityPolicy CronJob Do not expose the docker daemon socket to containers Kubernetes
217 CKV_K8S_21 PodSecurityPolicy CronJob The default namespace should not be used Kubernetes
218 CKV_K8S_31 PodSecurityPolicy CronJob Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes
219 CKV_K8S_17 PodSecurityPolicy CronJob Containers should not share the host process ID namespace Kubernetes
220 CKV_K8S_19 PodSecurityPolicy CronJob Containers should not share the host network namespace Kubernetes
221 CKV_K8S_40 PodSecurityPolicy CronJob Containers should run as a high UID to avoid host conflict Kubernetes
222 CKV_K8S_7 PodSecurityPolicy PodSecurityPolicy Do not admit containers with the NET_RAW capability Kubernetes
223 CKV_K8S_3 PodSecurityPolicy PodSecurityPolicy Do not admit containers wishing to share the host IPC namespace Kubernetes
224 CKV_K8S_36 PodSecurityPolicy PodSecurityPolicy Minimize the admission of containers with capabilities assigned Kubernetes
225 CKV_K8S_24 PodSecurityPolicy PodSecurityPolicy Do not allow containers with added capability Kubernetes
226 CKV_K8S_5 PodSecurityPolicy PodSecurityPolicy Containers should not run with allowPrivilegeEscalation Kubernetes
227 CKV_K8S_1 PodSecurityPolicy PodSecurityPolicy Do not admit containers wishing to share the host process ID namespace Kubernetes
228 CKV_K8S_4 PodSecurityPolicy PodSecurityPolicy Do not admit containers wishing to share the host network namespace Kubernetes
229 CKV_K8S_32 PodSecurityPolicy PodSecurityPolicy Ensure default seccomp profile set to docker/default or runtime/default Kubernetes
230 CKV_K8S_2 PodSecurityPolicy PodSecurityPolicy Do not admit privileged containers Kubernetes
231 CKV_K8S_6 PodSecurityPolicy PodSecurityPolicy Do not admit root containers Kubernetes
232 CKV_K8S_41 PodSecurityPolicy ServiceAccount Ensure that default service accounts are not actively used Kubernetes
233 CKV_K8S_21 PodSecurityPolicy ServiceAccount The default namespace should not be used Kubernetes
234 CKV_K8S_22 PodSecurityPolicy containers Use read-only filesystem for containers where possible Kubernetes
235 CKV_K8S_15 PodSecurityPolicy containers Image Pull Policy should be Always Kubernetes
236 CKV_K8S_39 PodSecurityPolicy containers Do not use the CAP_SYS_ADMIN linux capability Kubernetes
237 CKV_K8S_33 PodSecurityPolicy containers Ensure the Kubernetes dashboard is not deployed Kubernetes
238 CKV_K8S_26 PodSecurityPolicy containers Do not specify hostPort unless absolutely necessary Kubernetes
239 CKV_K8S_9 PodSecurityPolicy containers Readiness Probe Should be Configured Kubernetes
240 CKV_K8S_13 PodSecurityPolicy containers Memory limits should be set Kubernetes
241 CKV_K8S_10 PodSecurityPolicy containers CPU requests should be set Kubernetes
242 CKV_K8S_20 PodSecurityPolicy containers Containers should not run with allowPrivilegeEscalation Kubernetes
243 CKV_K8S_37 PodSecurityPolicy containers Minimize the admission of containers with capabilities assigned Kubernetes
244 CKV_K8S_25 PodSecurityPolicy containers Minimize the admission of containers with added capability Kubernetes
245 CKV_K8S_30 PodSecurityPolicy containers Apply security context to your pods and containers Kubernetes
246 CKV_K8S_16 PodSecurityPolicy containers Container should not be privileged Kubernetes
247 CKV_K8S_11 PodSecurityPolicy containers CPU limits should be set Kubernetes
248 CKV_K8S_43 PodSecurityPolicy containers Image should use digest Kubernetes
249 CKV_K8S_12 PodSecurityPolicy containers Memory requests should be set Kubernetes
250 CKV_K8S_8 PodSecurityPolicy containers Liveness Probe Should be Configured Kubernetes
251 CKV_K8S_35 PodSecurityPolicy containers Prefer using secrets as files over secrets as environment variables Kubernetes
252 CKV_K8S_34 PodSecurityPolicy containers Ensure that Tiller (Helm v2) is not deployed Kubernetes
253 CKV_K8S_28 PodSecurityPolicy containers Minimize the admission of containers with the NET_RAW capability Kubernetes
254 CKV_K8S_14 PodSecurityPolicy containers Image Tag should be fixed - not latest or blank Kubernetes
255 CKV_K8S_22 PodSecurityPolicy initContainers Use read-only filesystem for containers where possible Kubernetes
256 CKV_K8S_15 PodSecurityPolicy initContainers Image Pull Policy should be Always Kubernetes
257 CKV_K8S_39 PodSecurityPolicy initContainers Do not use the CAP_SYS_ADMIN linux capability Kubernetes
258 CKV_K8S_33 PodSecurityPolicy initContainers Ensure the Kubernetes dashboard is not deployed Kubernetes
259 CKV_K8S_26 PodSecurityPolicy initContainers Do not specify hostPort unless absolutely necessary Kubernetes
260 CKV_K8S_13 PodSecurityPolicy initContainers Memory limits should be set Kubernetes
261 CKV_K8S_10 PodSecurityPolicy initContainers CPU requests should be set Kubernetes
262 CKV_K8S_20 PodSecurityPolicy initContainers Containers should not run with allowPrivilegeEscalation Kubernetes
263 CKV_K8S_37 PodSecurityPolicy initContainers Minimize the admission of containers with capabilities assigned Kubernetes
264 CKV_K8S_25 PodSecurityPolicy initContainers Minimize the admission of containers with added capability Kubernetes
265 CKV_K8S_30 PodSecurityPolicy initContainers Apply security context to your pods and containers Kubernetes
266 CKV_K8S_16 PodSecurityPolicy initContainers Container should not be privileged Kubernetes
267 CKV_K8S_11 PodSecurityPolicy initContainers CPU limits should be set Kubernetes
268 CKV_K8S_43 PodSecurityPolicy initContainers Image should use digest Kubernetes
269 CKV_K8S_12 PodSecurityPolicy initContainers Memory requests should be set Kubernetes
270 CKV_K8S_35 PodSecurityPolicy initContainers Prefer using secrets as files over secrets as environment variables Kubernetes
271 CKV_K8S_34 PodSecurityPolicy initContainers Ensure that Tiller (Helm v2) is not deployed Kubernetes
272 CKV_K8S_28 PodSecurityPolicy initContainers Minimize the admission of containers with the NET_RAW capability Kubernetes
273 CKV_K8S_14 PodSecurityPolicy initContainers Image Tag should be fixed - not latest or blank Kubernetes
274 CKV_K8S_42 PodSecurityPolicy RoleBinding Ensure that default service accounts are not actively used Kubernetes
275 CKV_K8S_21 PodSecurityPolicy RoleBinding The default namespace should not be used Kubernetes
276 CKV_K8S_42 PodSecurityPolicy ClusterRoleBinding Ensure that default service accounts are not actively used Kubernetes
277 CKV_K8S_21 PodSecurityPolicy Service The default namespace should not be used Kubernetes
278 CKV_K8S_21 PodSecurityPolicy Secret The default namespace should not be used Kubernetes
279 CKV_K8S_21 PodSecurityPolicy Role The default namespace should not be used Kubernetes
280 CKV_K8S_21 PodSecurityPolicy ConfigMap The default namespace should not be used Kubernetes
281 CKV_K8S_21 PodSecurityPolicy Ingress The default namespace should not be used Kubernetes