CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
    • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
        • Aws
        • Azure
          • Best practice
          • Security
          • Security
            • Aks
            • Apiservice
            • Appservice
            • Functionapp
            • Keyvault
            • Storage
        • Gcp
        • Lang
      • Typescript
      • Yaml
    Security

    Storage

    storage-use-secure-tls-policy

    Azure Storage currently supports three versions of the TLS protocol: 1.0, 1.1, and 1.2. Azure Storage uses TLS 1.2 on public HTTPS endpoints, but TLS 1.0 and TLS 1.1 are still supported for backward compatibility. This check will warn if the minimum TLS is not set to TLS1_2.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-326: Inadequate Encryption Strength
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures

    storage-allow-microsoft-service-bypass

    Some Microsoft services that interact with storage accounts operate from networks that can’t be granted access through network rules. To help this type of service work as intended, allow the set of trusted Microsoft services to bypass the network rules
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    storage-queue-services-logging

    Storage Analytics logs detailed information about successful and failed requests to a storage service. This information can be used to monitor individual requests and to diagnose issues with a storage service. Requests are logged on a best-effort basis.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-778: Insufficient Logging
    OWASP:
    - A10:2017 - Insufficient Logging & Monitoring
    - A09:2021 - Security Logging and Monitoring Failures

    storage-default-action-deny

    Detected a Storage that was not configured to deny action by default. Add default_action = "Deny" in your resource block.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-16: CWE CATEGORY: Configuration
    OWASP:
    - A06:2017 - Security Misconfiguration
    - A05:2021 - Security Misconfiguration

    storage-enforce-https

    Detected a Storage that was not configured to deny action by default. Add enable_https_traffic_only = true in your resource block.
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-319: Cleartext Transmission of Sensitive Information
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A02:2021 - Cryptographic Failures
    KeyvaultBest practice
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.