CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
Documentation
API Reference
Start Here
  • What is CodeAnt?
  • Join Community
Setup
  • Github
  • GitHub Enterprise
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • Quality gates
  • Automated scans
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
      • Aws
      • Azure
        • Best practice
        • Security
        • Security
          • Aks
          • Apiservice
          • Appservice
          • Functionapp
          • Keyvault
          • Storage
      • Gcp
      • Lang
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Security

Storage

storage-use-secure-tls-policy

Azure Storage currently supports three versions of the TLS protocol: 1.0, 1.1, and 1.2. Azure Storage uses TLS 1.2 on public HTTPS endpoints, but TLS 1.0 and TLS 1.1 are still supported for backward compatibility. This check will warn if the minimum TLS is not set to TLS1_2.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-326: Inadequate Encryption Strength
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures

storage-allow-microsoft-service-bypass

Some Microsoft services that interact with storage accounts operate from networks that can’t be granted access through network rules. To help this type of service work as intended, allow the set of trusted Microsoft services to bypass the network rules
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

storage-queue-services-logging

Storage Analytics logs detailed information about successful and failed requests to a storage service. This information can be used to monitor individual requests and to diagnose issues with a storage service. Requests are logged on a best-effort basis.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-778: Insufficient Logging
OWASP:
- A10:2017 - Insufficient Logging & Monitoring
- A09:2021 - Security Logging and Monitoring Failures

storage-default-action-deny

Detected a Storage that was not configured to deny action by default. Add default_action = "Deny" in your resource block.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-16: CWE CATEGORY: Configuration
OWASP:
- A06:2017 - Security Misconfiguration
- A05:2021 - Security Misconfiguration

storage-enforce-https

Detected a Storage that was not configured to deny action by default. Add enable_https_traffic_only = true in your resource block.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-319: Cleartext Transmission of Sensitive Information
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
KeyvaultBest practice
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.