Resource scans (auto generated)

  Id Type Entity Policy IaC
0 CKV_AWS_1 data aws_iam_policy_document Ensure IAM policies that allow full “-” administrative privileges are not created Terraform
1 CKV_AWS_1 resource serverless_aws Ensure IAM policies that allow full “-” administrative privileges are not created serverless
2 CKV_AWS_10 resource aws_iam_account_password_policy Ensure IAM password policy requires minimum length of 14 or greater Terraform
3 CKV_AWS_11 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one lowercase letter Terraform
4 CKV_AWS_12 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one number Terraform
5 CKV_AWS_13 resource aws_iam_account_password_policy Ensure IAM password policy prevents password reuse Terraform
6 CKV_AWS_14 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one symbol Terraform
7 CKV_AWS_15 resource aws_iam_account_password_policy Ensure IAM password policy requires at least one uppercase letter Terraform
8 CKV_AWS_16 resource aws_db_instance Ensure all data stored in the RDS is securely encrypted at rest Terraform
9 CKV_AWS_16 resource AWS::RDS::DBInstance Ensure all data stored in the RDS is securely encrypted at rest Cloudformation
10 CKV_AWS_17 resource aws_db_instance Ensure all data stored in the RDS bucket is not public accessible Terraform
11 CKV_AWS_17 resource aws_rds_cluster_instance Ensure all data stored in the RDS bucket is not public accessible Terraform
12 CKV_AWS_17 resource AWS::RDS::DBInstance Ensure all data stored in the RDS bucket is not public accessible Cloudformation
13 CKV_AWS_18 resource aws_s3_bucket Ensure the S3 bucket has access logging enabled Terraform
14 CKV_AWS_18 resource AWS::S3::Bucket Ensure the S3 bucket has access logging enabled Cloudformation
15 CKV_AWS_19 resource aws_s3_bucket Ensure all data stored in the S3 bucket is securely encrypted at rest Terraform
16 CKV_AWS_19 resource AWS::S3::Bucket Ensure the S3 bucket has server-side-encryption enabled Cloudformation
17 CKV_AWS_2 resource aws_alb_listener Ensure ALB protocol is HTTPS Terraform
18 CKV_AWS_2 resource aws_lb_listener Ensure ALB protocol is HTTPS Terraform
19 CKV_AWS_2 resource AWS::ElasticLoadBalancingV2::Listener Ensure ALB protocol is HTTPS Cloudformation
20 CKV_AWS_20 resource aws_s3_bucket S3 Bucket has an ACL defined which allows public READ access. Terraform
21 CKV_AWS_20 resource AWS::S3::Bucket Ensure the S3 bucket does not allow READ permissions to everyone Cloudformation
22 CKV_AWS_21 resource aws_s3_bucket Ensure all data stored in the S3 bucket have versioning enabled Terraform
23 CKV_AWS_21 resource AWS::S3::Bucket Ensure the S3 bucket has versioning enabled Cloudformation
24 CKV_AWS_22 resource aws_sagemaker_notebook_instance Ensure all data stored in the Sagemaker is securely encrypted at rest Terraform
25 CKV_AWS_23 resource aws_security_group Ensure every security groups rule has a description Terraform
26 CKV_AWS_23 resource aws_security_group_rule Ensure every security groups rule has a description Terraform
27 CKV_AWS_23 resource aws_db_security_group Ensure every security groups rule has a description Terraform
28 CKV_AWS_23 resource aws_elasticache_security_group Ensure every security groups rule has a description Terraform
29 CKV_AWS_23 resource aws_redshift_security_group Ensure every security groups rule has a description Terraform
30 CKV_AWS_23 resource AWS::EC2::SecurityGroup Ensure every security groups rule has a description Cloudformation
31 CKV_AWS_23 resource AWS::EC2::SecurityGroupIngress Ensure every security groups rule has a description Cloudformation
32 CKV_AWS_23 resource AWS::EC2::SecurityGroupEgress Ensure every security groups rule has a description Cloudformation
33 CKV_AWS_24 resource aws_security_group Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Terraform
34 CKV_AWS_24 resource aws_security_group_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Terraform
35 CKV_AWS_24 resource AWS::EC2::SecurityGroup Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Cloudformation
36 CKV_AWS_24 resource AWS::EC2::SecurityGroupIngress Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Cloudformation
37 CKV_AWS_25 resource aws_security_group Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Terraform
38 CKV_AWS_25 resource aws_security_group_rule Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Terraform
39 CKV_AWS_25 resource AWS::EC2::SecurityGroup Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Cloudformation
40 CKV_AWS_25 resource AWS::EC2::SecurityGroupIngress Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 Cloudformation
41 CKV_AWS_26 resource aws_sns_topic Ensure all data stored in the SNS topic is encrypted Terraform
42 CKV_AWS_26 resource AWS::SNS::Topic Ensure all data stored in the SNS topic is encrypted Cloudformation
43 CKV_AWS_27 resource aws_sqs_queue Ensure all data stored in the SQS queue is encrypted Terraform
44 CKV_AWS_27 resource AWS::SQS::Queue Ensure all data stored in the SQS queue is encrypted Cloudformation
45 CKV_AWS_28 resource aws_dynamodb_table Ensure Dynamodb point in time recovery (backup) is enabled Terraform
46 CKV_AWS_28 resource AWS::DynamoDB::Table Ensure Dynamodb point in time recovery (backup) is enabled Cloudformation
47 CKV_AWS_29 resource aws_elasticache_replication_group Ensure all data stored in the Elasticache Replication Group is securely encrypted at rest Terraform
48 CKV_AWS_29 resource AWS::ElastiCache::ReplicationGroup Ensure all data stored in the Elasticache Replication Group is securely encrypted at rest Cloudformation
49 CKV_AWS_3 resource aws_ebs_volume Ensure all data stored in the EBS is securely encrypted Terraform
50 CKV_AWS_3 resource AWS::EC2::Volume Ensure all data stored in the EBS is securely encrypted Cloudformation
51 CKV_AWS_30 resource aws_elasticache_replication_group Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit Terraform
52 CKV_AWS_30 resource AWS::ElastiCache::ReplicationGroup Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit Cloudformation
53 CKV_AWS_31 resource aws_elasticache_replication_group Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit and has auth token Terraform
54 CKV_AWS_31 resource AWS::ElastiCache::ReplicationGroup Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit and has auth token Cloudformation
55 CKV_AWS_32 resource aws_ecr_repository_policy Ensure ECR policy is not set to public Terraform
56 CKV_AWS_32 resource AWS::ECR::Repository Ensure ECR policy is not set to public Cloudformation
57 CKV_AWS_33 resource aws_ecr_repository Ensure ECR image scanning on push is enabled Terraform
58 CKV_AWS_34 resource aws_cloudfront_distribution Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS Terraform
59 CKV_AWS_34 resource AWS::CloudFront::Distribution Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS Cloudformation
60 CKV_AWS_35 resource aws_cloudtrail Ensure CloudTrail logs are encrypted at rest using KMS CMKs Terraform
61 CKV_AWS_35 resource AWS::CloudTrail::Trail Ensure CloudTrail logs are encrypted at rest using KMS CMKs Cloudformation
62 CKV_AWS_36 resource aws_cloudtrail Ensure CloudTrail log file validation is enabled Terraform
63 CKV_AWS_36 resource AWS::CloudTrail::Trail Ensure CloudTrail log file validation is enabled Cloudformation
64 CKV_AWS_37 resource aws_eks_cluster Ensure Amazon EKS control plane logging enabled for all log types Terraform
65 CKV_AWS_38 resource aws_eks_cluster Ensure Amazon EKS public endpoint not accessible to 0.0.0.0/0 Terraform
66 CKV_AWS_39 resource aws_eks_cluster Ensure Amazon EKS public endpoint disabled Terraform
67 CKV_AWS_40 resource aws_iam_user_policy Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) Terraform
68 CKV_AWS_40 resource aws_iam_user_policy_attachment Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) Terraform
69 CKV_AWS_40 resource aws_iam_policy_attachment Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) Terraform
70 CKV_AWS_40 resource AWS::IAM::Policy Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) Cloudformation
71 CKV_AWS_41 provider aws Ensure no hard coded AWS access key and and secret key exists in provider Terraform
72 CKV_AWS_41 resource serverless_aws Ensure no hard coded AWS access key and and secret key exists in provider serverless
73 CKV_AWS_42 resource aws_efs_file_system Ensure EFS is securely encrypted Terraform
74 CKV_AWS_42 resource AWS::EFS::FileSystem Ensure EFS is securely encrypted Cloudformation
75 CKV_AWS_43 resource aws_kinesis_stream Ensure Kinesis Stream is securely encrypted Terraform
76 CKV_AWS_43 resource AWS::Kinesis::Stream Ensure Kinesis Stream is securely encrypted Cloudformation
77 CKV_AWS_44 resource aws_neptune_cluster Ensure Neptune storage is securely encrypted Terraform
78 CKV_AWS_44 resource AWS::Neptune::DBCluster Ensure Neptune storage is securely encrypted Cloudformation
79 CKV_AWS_45 resource aws_lambda_function Ensure no hard coded AWS access key and and secret key exists in lambda environment Terraform
80 CKV_AWS_46 resource aws_instance Ensure no hard coded AWS access key and and secret key exists in EC2 user data Terraform
81 CKV_AWS_47 resource aws_dax_cluster Ensure DAX is encrypted at rest (default is unencrypted) Terraform
82 CKV_AWS_47 resource AWS::DAX::Cluster Ensure DAX is encrypted at rest (default is unencrypted) Cloudformation
83 CKV_AWS_48 resource aws_mq_broker Ensure MQ Broker logging is enabled Terraform
84 CKV_AWS_49 data aws_iam_policy_document Ensure no IAM policies documents allow “*” as a statement’s actions Terraform
85 CKV_AWS_49 resource serverless_aws Ensure no IAM policies documents allow “*” as a statement’s actions serverless
86 CKV_AWS_5 resource aws_elasticsearch_domain Ensure all data stored in the Elasticsearch is securely encrypted at rest Terraform
87 CKV_AWS_5 resource AWS::Elasticsearch::Domain Ensure all data stored in the Elasticsearch is securely encrypted at rest Cloudformation
88 CKV_AWS_50 resource aws_lambda_function X-ray tracing is enabled for Lambda Terraform
89 CKV_AWS_51 resource aws_ecr_repository Ensure ECR Image Tags are immutable Terraform
90 CKV_AWS_52 resource aws_s3_bucket Ensure S3 bucket has MFA delete enabled Terraform
91 CKV_AWS_53 resource aws_s3_bucket_public_access_block Ensure S3 bucket has block public ACLS enabled Terraform
92 CKV_AWS_53 resource AWS::S3::Bucket Ensure S3 bucket has block public ACLS enabled Cloudformation
93 CKV_AWS_54 resource aws_s3_bucket_public_access_block Ensure S3 bucket has block public policy enabled Terraform
94 CKV_AWS_54 resource AWS::S3::Bucket Ensure S3 bucket has block public policy enabled Cloudformation
95 CKV_AWS_55 resource aws_s3_bucket_public_access_block Ensure S3 bucket has ignore public ACLs enabled Terraform
96 CKV_AWS_55 resource AWS::S3::Bucket Ensure S3 bucket has ignore public ACLs enabled Cloudformation
97 CKV_AWS_56 resource aws_s3_bucket_public_access_block Ensure S3 bucket has ‘restrict_public_bucket’ enabled Terraform
98 CKV_AWS_56 resource AWS::S3::Bucket Ensure S3 bucket has ‘restrict_public_bucket’ enabled Cloudformation
99 CKV_AWS_57 resource aws_s3_bucket S3 Bucket has an ACL defined which allows public WRITE access. Terraform
100 CKV_AWS_57 resource AWS::S3::Bucket Ensure the S3 bucket does not allow WRITE permissions to everyone Cloudformation
101 CKV_AWS_58 resource aws_eks_cluster Ensure EKS Cluster has Secrets Encryption Enabled Terraform
102 CKV_AWS_58 resource AWS::EKS::Cluster Ensure EKS Cluster has Secrets Encryption Enabled Cloudformation
103 CKV_AWS_59 resource aws_api_gateway_method Ensure there is no open access to back-end resources through API Terraform
104 CKV_AWS_6 resource aws_elasticsearch_domain Ensure all Elasticsearch has node-to-node encryption enabled Terraform
105 CKV_AWS_6 resource AWS::Elasticsearch::Domain Ensure all Elasticsearch has node-to-node encryption enabled Cloudformation
106 CKV_AWS_60 resource aws_iam_role Ensure IAM role allows only specific services or principals to assume it Terraform
107 CKV_AWS_61 resource aws_iam_role Ensure IAM role allows only specific principals in account to assume it Terraform
108 CKV_AWS_62 resource aws_iam_role_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform
109 CKV_AWS_62 resource aws_iam_user_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform
110 CKV_AWS_62 resource aws_iam_group_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform
111 CKV_AWS_62 resource aws_iam_policy Ensure IAM policies that allow full “-” administrative privileges are not created Terraform
112 CKV_AWS_63 resource aws_iam_role_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform
113 CKV_AWS_63 resource aws_iam_user_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform
114 CKV_AWS_63 resource aws_iam_group_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform
115 CKV_AWS_63 resource aws_iam_policy Ensure no IAM policies documents allow “*” as a statement’s actions Terraform
116 CKV_AWS_64 resource aws_redshift_cluster Ensure all data stored in the Redshift cluster is securely encrypted at rest Terraform
117 CKV_AWS_64 resource AWS::Redshift::Cluster Ensure all data stored in the Redshift cluster is securely encrypted at rest Cloudformation
118 CKV_AWS_65 resource aws_ecs_cluster Ensure container insights are enabled on ECS cluster Terraform
119 CKV_AWS_65 resource AWS::ECS::Cluster Ensure container insights are enabled on ECS cluster Cloudformation
120 CKV_AWS_66 resource aws_cloudwatch_log_group Ensure cloudwatch log groups specify retention days Terraform
121 CKV_AWS_66 resource AWS::Logs::LogGroup Ensure cloudwatch log groups specify retention days Cloudformation
122 CKV_AWS_67 resource aws_cloudtrail Ensure CloudTrail is enabled in all Regions Terraform
123 CKV_AWS_68 resource aws_cloudfront_distribution CloudFront Distribution should have WAF enabled Terraform
124 CKV_AWS_69 resource aws_mq_broker Ensure MQ Broker is not publicly exposed Terraform
125 CKV_AWS_7 resource aws_kms_key Ensure rotation for customer created CMKs is enabled Terraform
126 CKV_AWS_7 resource AWS::KMS::Key Ensure rotation for customer created CMKs is enabled Cloudformation
127 CKV_AWS_8 resource aws_instance Ensure all data stored in the Launch configuration EBS is securely encrypted Terraform
128 CKV_AWS_8 resource aws_launch_configuration Ensure all data stored in the Launch configuration EBS is securely encrypted Terraform
129 CKV_AWS_8 resource AWS::AutoScaling::LaunchConfiguration Ensure all data stored in the Launch configuration EBS is securely encrypted Cloudformation
130 CKV_AWS_9 resource aws_iam_account_password_policy Ensure IAM password policy expires passwords within 90 days or less Terraform
131 CKV_AZURE_1 resource azurerm_virtual_machine Ensure Azure Instance does not use basic authentication(Use SSH Key Instead) Terraform
132 CKV_AZURE_1 resource azurerm_linux_virtual_machine Ensure Azure Instance does not use basic authentication(Use SSH Key Instead) Terraform
133 CKV_AZURE_1 resource Microsoft.Compute/virtualMachines Ensure Azure Instance does not use basic authentication(Use SSH Key Instead) arm
134 CKV_AZURE_10 resource azure_security_group_rule Ensure that SSH access is restricted from the internet Terraform
135 CKV_AZURE_10 resource azurerm_network_security_rule Ensure that SSH access is restricted from the internet Terraform
136 CKV_AZURE_10 resource azurerm_network_security_group Ensure that SSH access is restricted from the internet Terraform
137 CKV_AZURE_10 resource Microsoft.Network/networkSecurityGroups Ensure that SSH access is restricted from the internet arm
138 CKV_AZURE_10 resource Microsoft.Network/networkSecurityGroups/securityRules Ensure that SSH access is restricted from the internet arm
139 CKV_AZURE_11 resource azurerm_mariadb_firewall_rule Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) Terraform
140 CKV_AZURE_11 resource azurerm_sql_firewall_rule Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) Terraform
141 CKV_AZURE_11 resource azurerm_postgresql_firewall_rule Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) Terraform
142 CKV_AZURE_11 resource azurerm_mysql_firewall_rule Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) Terraform
143 CKV_AZURE_11 resource Microsoft.Sql/servers Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) arm
144 CKV_AZURE_12 resource azurerm_network_watcher_flow_log Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’ Terraform
145 CKV_AZURE_12 resource Microsoft.Network/networkWatchers/flowLogs Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’ arm
146 CKV_AZURE_12 resource Microsoft.Network/networkWatchers/FlowLogs Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’ arm
147 CKV_AZURE_12 resource Microsoft.Network/networkWatchers/flowLogs/ Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’ arm
148 CKV_AZURE_12 resource Microsoft.Network/networkWatchers/FlowLogs/ Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’ arm
149 CKV_AZURE_13 resource azurerm_app_service Ensure App Service Authentication is set on Azure App Service Terraform
150 CKV_AZURE_13 resource Microsoft.Web/sites/config Ensure App Service Authentication is set on Azure App Service arm
151 CKV_AZURE_13 resource config Ensure App Service Authentication is set on Azure App Service arm
152 CKV_AZURE_14 resource azurerm_app_service Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Terraform
153 CKV_AZURE_14 resource Microsoft.Web/sites Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service arm
154 CKV_AZURE_15 resource azurerm_app_service Ensure web app is using the latest version of TLS encryption Terraform
155 CKV_AZURE_15 resource Microsoft.Web/sites Ensure web app is using the latest version of TLS encryption arm
156 CKV_AZURE_16 resource azurerm_app_service Ensure that Register with Azure Active Directory is enabled on App Service Terraform
157 CKV_AZURE_16 resource Microsoft.Web/sites Ensure that Register with Azure Active Directory is enabled on App Service arm
158 CKV_AZURE_17 resource azurerm_app_service Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set Terraform
159 CKV_AZURE_17 resource Microsoft.Web/sites Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set arm
160 CKV_AZURE_18 resource azurerm_app_service Ensure that ‘HTTP Version’ is the latest if used to run the web app Terraform
161 CKV_AZURE_18 resource Microsoft.Web/sites Ensure that ‘HTTP Version’ is the latest if used to run the web app arm
162 CKV_AZURE_19 resource azurerm_security_center_subscription_pricing Ensure that standard pricing tier is selected Terraform
163 CKV_AZURE_19 resource Microsoft.Security/pricings Ensure that standard pricing tier is selected arm
164 CKV_AZURE_2 resource azurerm_managed_disk Ensure Azure managed disk have encryption enabled Terraform
165 CKV_AZURE_2 resource Microsoft.Compute/disks Ensure Azure managed disk have encryption enabled arm
166 CKV_AZURE_20 resource azurerm_security_center_contact Ensure that security contact ‘Phone number’ is set Terraform
167 CKV_AZURE_20 resource Microsoft.Security/securityContacts Ensure that security contact ‘Phone number’ is set arm
168 CKV_AZURE_21 resource azurerm_security_center_contact Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’ Terraform
169 CKV_AZURE_21 resource Microsoft.Security/securityContacts Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’ arm
170 CKV_AZURE_22 resource azurerm_security_center_contact Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’ Terraform
171 CKV_AZURE_22 resource Microsoft.Security/securityContacts Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’ arm
172 CKV_AZURE_23 resource azurerm_sql_server Ensure that ‘Auditing’ is set to ‘On’ for SQL servers Terraform
173 CKV_AZURE_23 resource azurerm_mssql_server Ensure that ‘Auditing’ is set to ‘On’ for SQL servers Terraform
174 CKV_AZURE_23 resource Microsoft.Sql/servers Ensure that ‘Auditing’ is set to ‘Enabled’ for SQL servers arm
175 CKV_AZURE_24 resource azurerm_sql_server Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers Terraform
176 CKV_AZURE_24 resource azurerm_mssql_server Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers Terraform
177 CKV_AZURE_24 resource Microsoft.Sql/servers Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers arm
178 CKV_AZURE_25 resource azurerm_mssql_server_security_alert_policy Ensure that ‘Threat Detection types’ is set to ‘All’ Terraform
179 CKV_AZURE_25 resource Microsoft.Sql/servers/databases Ensure that ‘Threat Detection types’ is set to ‘All’ arm
180 CKV_AZURE_26 resource azurerm_mssql_server_security_alert_policy Ensure that ‘Send Alerts To’ is enabled for MSSQL servers Terraform
181 CKV_AZURE_26 resource Microsoft.Sql/servers/databases Ensure that ‘Send Alerts To’ is enabled for MSSQL servers arm
182 CKV_AZURE_27 resource azurerm_mssql_server_security_alert_policy Ensure that ‘Email service and co-administrators’ is ‘Enabled’ for MSSQL servers Terraform
183 CKV_AZURE_27 resource Microsoft.Sql/servers/databases Ensure that ‘Email service and co-administrators’ is ‘Enabled’ for MSSQL servers arm
184 CKV_AZURE_28 resource azurerm_mysql_server Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MySQL Database Server Terraform
185 CKV_AZURE_28 resource Microsoft.DBforMySQL/servers Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MySQL Database Server arm
186 CKV_AZURE_29 resource azurerm_postgresql_server Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for PostgreSQL Database Server Terraform
187 CKV_AZURE_29 resource Microsoft.DBforPostgreSQL/servers Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for PostgreSQL Database Server arm
188 CKV_AZURE_3 resource azurerm_storage_account Ensure that ‘Secure transfer required’ is set to ‘Enabled’ Terraform
189 CKV_AZURE_3 resource Microsoft.Storage/storageAccounts Ensure that ‘supportsHttpsTrafficOnly’ is set to ‘true’ arm
190 CKV_AZURE_30 resource azurerm_postgresql_configuration Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server Terraform
191 CKV_AZURE_30 resource Microsoft.DBforPostgreSQL/servers/configurations Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server arm
192 CKV_AZURE_30 resource configurations Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server arm
193 CKV_AZURE_31 resource azurerm_postgresql_configuration Ensure server parameter ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server Terraform
194 CKV_AZURE_31 resource Microsoft.DBforPostgreSQL/servers/configurations Ensure configuration ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server arm
195 CKV_AZURE_31 resource configurations Ensure configuration ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server arm
196 CKV_AZURE_32 resource azurerm_postgresql_configuration Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server Terraform
197 CKV_AZURE_32 resource Microsoft.DBforPostgreSQL/servers/configurations Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server arm
198 CKV_AZURE_32 resource configurations Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server arm
199 CKV_AZURE_33 resource azurerm_storage_account Ensure Storage logging is enabled for Queue service for read, write and delete requests Terraform
200 CKV_AZURE_33 resource Microsoft.Storage/storageAccounts/queueServices/providers/diagnosticsettings Ensure Storage logging is enabled for Queue service for read, write and delete requests arm
201 CKV_AZURE_34 resource azurerm_storage_container Ensure that ‘Public access level’ is set to Private for blob containers Terraform
202 CKV_AZURE_34 resource Microsoft.Storage/storageAccounts/blobServices/containers Ensure that ‘Public access level’ is set to Private for blob containers arm
203 CKV_AZURE_34 resource containers Ensure that ‘Public access level’ is set to Private for blob containers arm
204 CKV_AZURE_34 resource blobServices/containers Ensure that ‘Public access level’ is set to Private for blob containers arm
205 CKV_AZURE_35 resource azurerm_storage_account Ensure default network access rule for Storage Accounts is set to deny Terraform
206 CKV_AZURE_35 resource azurerm_storage_account_network_rules Ensure default network access rule for Storage Accounts is set to deny Terraform
207 CKV_AZURE_35 resource Microsoft.Storage/storageAccounts Ensure default network access rule for Storage Accounts is set to deny arm
208 CKV_AZURE_36 resource azurerm_storage_account Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access Terraform
209 CKV_AZURE_36 resource azurerm_storage_account_network_rules Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access Terraform
210 CKV_AZURE_36 resource Microsoft.Storage/storageAccounts Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access arm
211 CKV_AZURE_37 resource azurerm_monitor_log_profile Ensure that Activity Log Retention is set 365 days or greater Terraform
212 CKV_AZURE_37 resource microsoft.insights/logprofiles Ensure that Activity Log Retention is set 365 days or greater arm
213 CKV_AZURE_38 resource azurerm_monitor_log_profile Ensure audit profile captures all the activities Terraform
214 CKV_AZURE_38 resource microsoft.insights/logprofiles Ensure audit profile captures all the activities arm
215 CKV_AZURE_39 resource azurerm_role_definition Ensure that no custom subscription owner roles are created Terraform
216 CKV_AZURE_39 resource Microsoft.Authorization/roleDefinitions Ensure that no custom subscription owner roles are created arm
217 CKV_AZURE_4 resource azurerm_kubernetes_cluster Ensure AKS logging to Azure Monitoring is Configured Terraform
218 CKV_AZURE_4 resource Microsoft.ContainerService/managedClusters Ensure AKS logging to Azure Monitoring is Configured arm
219 CKV_AZURE_40 resource azurerm_key_vault_key Ensure that the expiration date is set on all keys Terraform
220 CKV_AZURE_41 resource azurerm_key_vault_secret Ensure that the expiration date is set on all secrets Terraform
221 CKV_AZURE_41 resource Microsoft.KeyVault/vaults/secrets Ensure that the expiration date is set on all secrets arm
222 CKV_AZURE_42 resource azurerm_key_vault Ensure the key vault is recoverable Terraform
223 CKV_AZURE_42 resource Microsoft.KeyVault/vaults Ensure the key vault is recoverable arm
224 CKV_AZURE_5 resource azurerm_kubernetes_cluster Ensure RBAC is enabled on AKS clusters Terraform
225 CKV_AZURE_5 resource Microsoft.ContainerService/managedClusters Ensure RBAC is enabled on AKS clusters arm
226 CKV_AZURE_6 resource azurerm_kubernetes_cluster Ensure AKS has an API Server Authorized IP Ranges enabled Terraform
227 CKV_AZURE_6 resource Microsoft.ContainerService/managedClusters Ensure AKS has an API Server Authorized IP Ranges enabled arm
228 CKV_AZURE_7 resource azurerm_kubernetes_cluster Ensure AKS cluster has Network Policy configured Terraform
229 CKV_AZURE_7 resource Microsoft.ContainerService/managedClusters Ensure AKS cluster has Network Policy configured arm
230 CKV_AZURE_8 resource azurerm_kubernetes_cluster Ensure Kube Dashboard is disabled Terraform
231 CKV_AZURE_8 resource Microsoft.ContainerService/managedClusters Ensure Kubernetes Dashboard is disabled arm
232 CKV_AZURE_9 resource azure_security_group_rule Ensure that RDP access is restricted from the internet Terraform
233 CKV_AZURE_9 resource azurerm_network_security_rule Ensure that RDP access is restricted from the internet Terraform
234 CKV_AZURE_9 resource azurerm_network_security_group Ensure that RDP access is restricted from the internet Terraform
235 CKV_AZURE_9 resource Microsoft.Network/networkSecurityGroups Ensure that RDP access is restricted from the internet arm
236 CKV_AZURE_9 resource Microsoft.Network/networkSecurityGroups/securityRules Ensure that RDP access is restricted from the internet arm
237 CKV_GCP_1 resource google_container_cluster Ensure Stackdriver Logging is set to Enabled on Kubernetes Engine Clusters Terraform
238 CKV_GCP_10 resource google_container_node_pool Ensure ‘Automatic node upgrade’ is enabled for Kubernetes Clusters Terraform
239 CKV_GCP_11 resource google_sql_database_instance Ensure that Cloud SQL database Instances are not open to the world Terraform
240 CKV_GCP_12 resource google_container_cluster Ensure Network Policy is enabled on Kubernetes Engine Clusters Terraform
241 CKV_GCP_13 resource google_container_cluster Ensure a client certificate is used by clients to authenticate to Kubernetes Engine Clusters Terraform
242 CKV_GCP_14 resource google_sql_database_instance Ensure all Cloud SQL database instance have backup configuration enabled Terraform
243 CKV_GCP_15 resource google_bigquery_dataset Ensure that BigQuery datasets are not anonymously or publicly accessible Terraform
244 CKV_GCP_16 resource google_dns_managed_zone Ensure that DNSSEC is enabled for Cloud DNS Terraform
245 CKV_GCP_17 resource google_dns_managed_zone Ensure that RSASHA1 is not used for the zone-signing and key-signing keys in Cloud DNS DNSSEC Terraform
246 CKV_GCP_18 resource google_container_cluster Ensure GKE Control Plane is not public Terraform
247 CKV_GCP_19 resource google_container_cluster Ensure GKE basic auth is disabled Terraform
248 CKV_GCP_2 resource google_compute_firewall Ensure Google compute firewall ingress does not allow unrestricted ssh access Terraform
249 CKV_GCP_20 resource google_container_cluster Ensure master authorized networks is set to enabled in GKE clusters Terraform
250 CKV_GCP_21 resource google_container_cluster Ensure Kubernetes Clusters are configured with Labels Terraform
251 CKV_GCP_22 resource google_container_node_pool Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image Terraform
252 CKV_GCP_23 resource google_container_cluster Ensure Kubernetes Cluster is created with Alias IP ranges enabled Terraform
253 CKV_GCP_24 resource google_container_cluster Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters Terraform
254 CKV_GCP_25 resource google_container_cluster Ensure Kubernetes Cluster is created with Private cluster enabled Terraform
255 CKV_GCP_26 resource google_compute_subnetwork Ensure that VPC Flow Logs is enabled for every subnet in a VPC Network Terraform
256 CKV_GCP_27 resource google_project Ensure that the default network does not exist in a project Terraform
257 CKV_GCP_28 resource google_storage_bucket_iam_member Ensure that Cloud Storage bucket is not anonymously or publicly accessible Terraform
258 CKV_GCP_28 resource google_storage_bucket_iam_binding Ensure that Cloud Storage bucket is not anonymously or publicly accessible Terraform
259 CKV_GCP_29 resource google_storage_bucket Ensure that Cloud Storage buckets have uniform bucket-level access enabled Terraform
260 CKV_GCP_3 resource google_compute_firewall Ensure Google compute firewall ingress does not allow unrestricted rdp access Terraform
261 CKV_GCP_30 resource google_compute_instance Ensure that instances are not configured to use the default service account Terraform
262 CKV_GCP_31 resource google_compute_instance Ensure that instances are not configured to use the default service account with full access to all Cloud APIs Terraform
263 CKV_GCP_32 resource google_compute_instance Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances Terraform
264 CKV_GCP_33 resource google_compute_project_metadata Ensure oslogin is enabled for a Project Terraform
265 CKV_GCP_34 resource google_compute_instance Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in prject metadata for all instances) Terraform
266 CKV_GCP_35 resource google_compute_instance Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance Terraform
267 CKV_GCP_36 resource google_compute_instance Ensure that IP forwarding is not enabled on Instances Terraform
268 CKV_GCP_37 resource google_compute_disk Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform
269 CKV_GCP_38 resource google_compute_instance Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK) Terraform
270 CKV_GCP_39 resource google_compute_instance Ensure Compute instances are launched with Shielded VM enabled Terraform
271 CKV_GCP_4 resource google_compute_ssl_policy Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites Terraform
272 CKV_GCP_40 resource google_compute_instance Ensure that Compute instances do not have public IP addresses Terraform
273 CKV_GCP_41 resource google_project_iam_binding Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level Terraform
274 CKV_GCP_41 resource google_project_iam_member Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level Terraform
275 CKV_GCP_42 resource google_project_iam_member Ensure that Service Account has no Admin privileges Terraform
276 CKV_GCP_43 resource google_kms_crypto_key Ensure KMS encryption keys are rotated within a period of 90 days Terraform
277 CKV_GCP_5 resource google_storage_bucket Ensure Google storage bucket have encryption enabled Terraform
278 CKV_GCP_6 resource google_sql_database_instance Ensure all Cloud SQL database instance requires all incoming connections to use SSL Terraform
279 CKV_GCP_7 resource google_container_cluster Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters Terraform
280 CKV_GCP_8 resource google_container_cluster Ensure Stackdriver Monitoring is set to Enabled on Kubernetes Engine Clusters Terraform
281 CKV_GCP_9 resource google_container_node_pool Ensure ‘Automatic node repair’ is enabled for Kubernetes Clusters Terraform
282 CKV_GIT_1 resource github_repository Ensure Repository is Private Terraform
283 CKV_K8S_1 PodSecurityPolicy PodSecurityPolicy Do not admit containers wishing to share the host process ID namespace Kubernetes
284 CKV_K8S_10 PodSecurityPolicy containers CPU requests should be set Kubernetes
285 CKV_K8S_10 PodSecurityPolicy initContainers CPU requests should be set Kubernetes
286 CKV_K8S_11 PodSecurityPolicy containers CPU limits should be set Kubernetes
287 CKV_K8S_11 PodSecurityPolicy initContainers CPU limits should be set Kubernetes
288 CKV_K8S_12 PodSecurityPolicy containers Memory requests should be set Kubernetes
289 CKV_K8S_12 PodSecurityPolicy initContainers Memory requests should be set Kubernetes
290 CKV_K8S_13 PodSecurityPolicy containers Memory limits should be set Kubernetes
291 CKV_K8S_13 PodSecurityPolicy initContainers Memory limits should be set Kubernetes
292 CKV_K8S_14 PodSecurityPolicy containers Image Tag should be fixed - not latest or blank Kubernetes
293 CKV_K8S_14 PodSecurityPolicy initContainers Image Tag should be fixed - not latest or blank Kubernetes
294 CKV_K8S_15 PodSecurityPolicy containers Image Pull Policy should be Always Kubernetes
295 CKV_K8S_15 PodSecurityPolicy initContainers Image Pull Policy should be Always Kubernetes
296 CKV_K8S_16 PodSecurityPolicy containers Container should not be privileged Kubernetes
297 CKV_K8S_16 PodSecurityPolicy initContainers Container should not be privileged Kubernetes
298 CKV_K8S_17 PodSecurityPolicy Pod Containers should not share the host process ID namespace Kubernetes
299 CKV_K8S_17 PodSecurityPolicy Deployment Containers should not share the host process ID namespace Kubernetes
300 CKV_K8S_17 PodSecurityPolicy DaemonSet Containers should not share the host process ID namespace Kubernetes
301 CKV_K8S_17 PodSecurityPolicy StatefulSet Containers should not share the host process ID namespace Kubernetes
302 CKV_K8S_17 PodSecurityPolicy ReplicaSet Containers should not share the host process ID namespace Kubernetes
303 CKV_K8S_17 PodSecurityPolicy ReplicationController Containers should not share the host process ID namespace Kubernetes
304 CKV_K8S_17 PodSecurityPolicy Job Containers should not share the host process ID namespace Kubernetes
305 CKV_K8S_17 PodSecurityPolicy CronJob Containers should not share the host process ID namespace Kubernetes
306 CKV_K8S_18 PodSecurityPolicy Pod Containers should not share the host IPC namespace Kubernetes
307 CKV_K8S_18 PodSecurityPolicy Deployment Containers should not share the host IPC namespace Kubernetes
308 CKV_K8S_18 PodSecurityPolicy DaemonSet Containers should not share the host IPC namespace Kubernetes
309 CKV_K8S_18 PodSecurityPolicy StatefulSet Containers should not share the host IPC namespace Kubernetes
310 CKV_K8S_18 PodSecurityPolicy ReplicaSet Containers should not share the host IPC namespace Kubernetes
311 CKV_K8S_18 PodSecurityPolicy ReplicationController Containers should not share the host IPC namespace Kubernetes
312 CKV_K8S_18 PodSecurityPolicy Job Containers should not share the host IPC namespace Kubernetes
313 CKV_K8S_18 PodSecurityPolicy CronJob Containers should not share the host IPC namespace Kubernetes
314 CKV_K8S_19 PodSecurityPolicy Pod Containers should not share the host network namespace Kubernetes
315 CKV_K8S_19 PodSecurityPolicy Deployment Containers should not share the host network namespace Kubernetes
316 CKV_K8S_19 PodSecurityPolicy DaemonSet Containers should not share the host network namespace Kubernetes
317 CKV_K8S_19 PodSecurityPolicy StatefulSet Containers should not share the host network namespace Kubernetes
318 CKV_K8S_19 PodSecurityPolicy ReplicaSet Containers should not share the host network namespace Kubernetes
319 CKV_K8S_19 PodSecurityPolicy ReplicationController Containers should not share the host network namespace Kubernetes
320 CKV_K8S_19 PodSecurityPolicy Job Containers should not share the host network namespace Kubernetes
321 CKV_K8S_19 PodSecurityPolicy CronJob Containers should not share the host network namespace Kubernetes
322 CKV_K8S_2 PodSecurityPolicy PodSecurityPolicy Do not admit privileged containers Kubernetes
323 CKV_K8S_20 PodSecurityPolicy containers Containers should not run with allowPrivilegeEscalation Kubernetes
324 CKV_K8S_20 PodSecurityPolicy initContainers Containers should not run with allowPrivilegeEscalation Kubernetes
325 CKV_K8S_21 PodSecurityPolicy Pod The default namespace should not be used Kubernetes
326 CKV_K8S_21 PodSecurityPolicy Deployment The default namespace should not be used Kubernetes
327 CKV_K8S_21 PodSecurityPolicy DaemonSet The default namespace should not be used Kubernetes
328 CKV_K8S_21 PodSecurityPolicy StatefulSet The default namespace should not be used Kubernetes
329 CKV_K8S_21 PodSecurityPolicy ReplicaSet The default namespace should not be used Kubernetes
330 CKV_K8S_21 PodSecurityPolicy ReplicationController The default namespace should not be used Kubernetes
331 CKV_K8S_21 PodSecurityPolicy Job The default namespace should not be used Kubernetes
332 CKV_K8S_21 PodSecurityPolicy CronJob The default namespace should not be used Kubernetes
333 CKV_K8S_21 PodSecurityPolicy Service The default namespace should not be used Kubernetes
334 CKV_K8S_21 PodSecurityPolicy Secret The default namespace should not be used Kubernetes
335 CKV_K8S_21 PodSecurityPolicy ServiceAccount The default namespace should not be used Kubernetes
336 CKV_K8S_21 PodSecurityPolicy Role The default namespace should not be used Kubernetes
337 CKV_K8S_21 PodSecurityPolicy RoleBinding The default namespace should not be used Kubernetes
338 CKV_K8S_21 PodSecurityPolicy ConfigMap The default namespace should not be used Kubernetes
339 CKV_K8S_21 PodSecurityPolicy Ingress The default namespace should not be used Kubernetes
340 CKV_K8S_22 PodSecurityPolicy containers Use read-only filesystem for containers where possible Kubernetes
341 CKV_K8S_22 PodSecurityPolicy initContainers Use read-only filesystem for containers where possible Kubernetes
342 CKV_K8S_23 PodSecurityPolicy Pod Minimize the admission of root containers Kubernetes
343 CKV_K8S_23 PodSecurityPolicy Deployment Minimize the admission of root containers Kubernetes
344 CKV_K8S_23 PodSecurityPolicy DaemonSet Minimize the admission of root containers Kubernetes
345 CKV_K8S_23 PodSecurityPolicy StatefulSet Minimize the admission of root containers Kubernetes
346 CKV_K8S_23 PodSecurityPolicy ReplicaSet Minimize the admission of root containers Kubernetes
347 CKV_K8S_23 PodSecurityPolicy ReplicationController Minimize the admission of root containers Kubernetes
348 CKV_K8S_23 PodSecurityPolicy Job Minimize the admission of root containers Kubernetes
349 CKV_K8S_23 PodSecurityPolicy CronJob Minimize the admission of root containers Kubernetes
350 CKV_K8S_24 PodSecurityPolicy PodSecurityPolicy Do not allow containers with added capability Kubernetes
351 CKV_K8S_25 PodSecurityPolicy containers Minimize the admission of containers with added capability Kubernetes
352 CKV_K8S_25 PodSecurityPolicy initContainers Minimize the admission of containers with added capability Kubernetes
353 CKV_K8S_26 PodSecurityPolicy containers Do not specify hostPort unless absolutely necessary Kubernetes
354 CKV_K8S_26 PodSecurityPolicy initContainers Do not specify hostPort unless absolutely necessary Kubernetes
355 CKV_K8S_27 PodSecurityPolicy Pod Do not expose the docker daemon socket to containers Kubernetes
356 CKV_K8S_27 PodSecurityPolicy Deployment Do not expose the docker daemon socket to containers Kubernetes
357 CKV_K8S_27 PodSecurityPolicy DaemonSet Do not expose the docker daemon socket to containers Kubernetes
358 CKV_K8S_27 PodSecurityPolicy StatefulSet Do not expose the docker daemon socket to containers Kubernetes
359 CKV_K8S_27 PodSecurityPolicy ReplicaSet Do not expose the docker daemon socket to containers Kubernetes
360 CKV_K8S_27 PodSecurityPolicy ReplicationController Do not expose the docker daemon socket to containers Kubernetes
361 CKV_K8S_27 PodSecurityPolicy Job Do not expose the docker daemon socket to containers Kubernetes
362 CKV_K8S_27 PodSecurityPolicy CronJob Do not expose the docker daemon socket to containers Kubernetes
363 CKV_K8S_28 PodSecurityPolicy containers Minimize the admission of containers with the NET_RAW capability Kubernetes
364 CKV_K8S_28 PodSecurityPolicy initContainers Minimize the admission of containers with the NET_RAW capability Kubernetes
365 CKV_K8S_29 PodSecurityPolicy Pod Apply security context to your pods and containers Kubernetes
366 CKV_K8S_29 PodSecurityPolicy Deployment Apply security context to your pods and containers Kubernetes
367 CKV_K8S_29 PodSecurityPolicy DaemonSet Apply security context to your pods and containers Kubernetes
368 CKV_K8S_29 PodSecurityPolicy StatefulSet Apply security context to your pods and containers Kubernetes
369 CKV_K8S_29 PodSecurityPolicy ReplicaSet Apply security context to your pods and containers Kubernetes
370 CKV_K8S_29 PodSecurityPolicy ReplicationController Apply security context to your pods and containers Kubernetes
371 CKV_K8S_29 PodSecurityPolicy Job Apply security context to your pods and containers Kubernetes
372 CKV_K8S_29 PodSecurityPolicy CronJob Apply security context to your pods and containers Kubernetes
373 CKV_K8S_3 PodSecurityPolicy PodSecurityPolicy Do not admit containers wishing to share the host IPC namespace Kubernetes
374 CKV_K8S_30 PodSecurityPolicy containers Apply security context to your pods and containers Kubernetes
375 CKV_K8S_30 PodSecurityPolicy initContainers Apply security context to your pods and containers Kubernetes
376 CKV_K8S_31 PodSecurityPolicy Pod Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes
377 CKV_K8S_31 PodSecurityPolicy Deployment Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes
378 CKV_K8S_31 PodSecurityPolicy DaemonSet Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes
379 CKV_K8S_31 PodSecurityPolicy StatefulSet Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes
380 CKV_K8S_31 PodSecurityPolicy ReplicaSet Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes
381 CKV_K8S_31 PodSecurityPolicy ReplicationController Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes
382 CKV_K8S_31 PodSecurityPolicy Job Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes
383 CKV_K8S_31 PodSecurityPolicy CronJob Ensure that the seccomp profile is set to docker/default or runtime/default Kubernetes
384 CKV_K8S_32 PodSecurityPolicy PodSecurityPolicy Ensure default seccomp profile set to docker/default or runtime/default Kubernetes
385 CKV_K8S_33 PodSecurityPolicy containers Ensure the Kubernetes dashboard is not deployed Kubernetes
386 CKV_K8S_33 PodSecurityPolicy initContainers Ensure the Kubernetes dashboard is not deployed Kubernetes
387 CKV_K8S_34 PodSecurityPolicy containers Ensure that Tiller (Helm v2) is not deployed Kubernetes
388 CKV_K8S_34 PodSecurityPolicy initContainers Ensure that Tiller (Helm v2) is not deployed Kubernetes
389 CKV_K8S_35 PodSecurityPolicy containers Prefer using secrets as files over secrets as environment variables Kubernetes
390 CKV_K8S_35 PodSecurityPolicy initContainers Prefer using secrets as files over secrets as environment variables Kubernetes
391 CKV_K8S_36 PodSecurityPolicy PodSecurityPolicy Minimize the admission of containers with capabilities assigned Kubernetes
392 CKV_K8S_37 PodSecurityPolicy containers Minimize the admission of containers with capabilities assigned Kubernetes
393 CKV_K8S_37 PodSecurityPolicy initContainers Minimize the admission of containers with capabilities assigned Kubernetes
394 CKV_K8S_38 PodSecurityPolicy Pod Ensure that Service Account Tokens are only mounted where necessary Kubernetes
395 CKV_K8S_38 PodSecurityPolicy Deployment Ensure that Service Account Tokens are only mounted where necessary Kubernetes
396 CKV_K8S_38 PodSecurityPolicy DaemonSet Ensure that Service Account Tokens are only mounted where necessary Kubernetes
397 CKV_K8S_38 PodSecurityPolicy StatefulSet Ensure that Service Account Tokens are only mounted where necessary Kubernetes
398 CKV_K8S_38 PodSecurityPolicy ReplicaSet Ensure that Service Account Tokens are only mounted where necessary Kubernetes
399 CKV_K8S_38 PodSecurityPolicy ReplicationController Ensure that Service Account Tokens are only mounted where necessary Kubernetes
400 CKV_K8S_38 PodSecurityPolicy Job Ensure that Service Account Tokens are only mounted where necessary Kubernetes
401 CKV_K8S_38 PodSecurityPolicy CronJob Ensure that Service Account Tokens are only mounted where necessary Kubernetes
402 CKV_K8S_39 PodSecurityPolicy containers Do not use the CAP_SYS_ADMIN linux capability Kubernetes
403 CKV_K8S_39 PodSecurityPolicy initContainers Do not use the CAP_SYS_ADMIN linux capability Kubernetes
404 CKV_K8S_4 PodSecurityPolicy PodSecurityPolicy Do not admit containers wishing to share the host network namespace Kubernetes
405 CKV_K8S_40 PodSecurityPolicy Pod Containers should run as a high UID to avoid host conflict Kubernetes
406 CKV_K8S_40 PodSecurityPolicy Deployment Containers should run as a high UID to avoid host conflict Kubernetes
407 CKV_K8S_40 PodSecurityPolicy DaemonSet Containers should run as a high UID to avoid host conflict Kubernetes
408 CKV_K8S_40 PodSecurityPolicy StatefulSet Containers should run as a high UID to avoid host conflict Kubernetes
409 CKV_K8S_40 PodSecurityPolicy ReplicaSet Containers should run as a high UID to avoid host conflict Kubernetes
410 CKV_K8S_40 PodSecurityPolicy ReplicationController Containers should run as a high UID to avoid host conflict Kubernetes
411 CKV_K8S_40 PodSecurityPolicy Job Containers should run as a high UID to avoid host conflict Kubernetes
412 CKV_K8S_40 PodSecurityPolicy CronJob Containers should run as a high UID to avoid host conflict Kubernetes
413 CKV_K8S_41 PodSecurityPolicy ServiceAccount Ensure that default service accounts are not actively used Kubernetes
414 CKV_K8S_42 PodSecurityPolicy RoleBinding Ensure that default service accounts are not actively used Kubernetes
415 CKV_K8S_42 PodSecurityPolicy ClusterRoleBinding Ensure that default service accounts are not actively used Kubernetes
416 CKV_K8S_43 PodSecurityPolicy containers Image should use digest Kubernetes
417 CKV_K8S_43 PodSecurityPolicy initContainers Image should use digest Kubernetes
418 CKV_K8S_5 PodSecurityPolicy PodSecurityPolicy Containers should not run with allowPrivilegeEscalation Kubernetes
419 CKV_K8S_6 PodSecurityPolicy PodSecurityPolicy Do not admit root containers Kubernetes
420 CKV_K8S_7 PodSecurityPolicy PodSecurityPolicy Do not admit containers with the NET_RAW capability Kubernetes
421 CKV_K8S_8 PodSecurityPolicy containers Liveness Probe Should be Configured Kubernetes
422 CKV_K8S_9 PodSecurityPolicy containers Readiness Probe Should be Configured Kubernetes