CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
  • Join Community
Start Here
  • What is CodeAnt?
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
      • Aws
      • Azure
      • Gcp
      • Lang
        • Security
        • Security
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Lang

Security

ec2-imdsv1-optional

AWS EC2 Instance allowing use of the IMDSv1
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-918: Server-Side Request Forgery (SSRF)
OWASP:
- A10:2021 - Server-Side Request Forgery (SSRF)

s3-public-read-bucket

S3 bucket with public read access detected.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
OWASP:
- A01:2021 - Broken Access Control

s3-public-rw-bucket

S3 bucket with public read-write access detected.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
OWASP:
- A01:2021 - Broken Access Control

elastic-search-encryption-at-rest

Encryption at rest is not enabled for the elastic search domain resource
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-311: Missing Encryption of Sensitive Data
OWASP:
- A03:2017 - Sensitive Data Exposure
- A04:2021 - Insecure Design

ecr-image-scan-on-push

The ECR Repository isn’t configured to scan images on push
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-1104: Use of Unmaintained Third Party Components
OWASP:
- A06:2021 - Vulnerable and Outdated Components

eks-insufficient-control-plane-logging

Missing EKS control plane logging. It is recommended to enable at least Kubernetes API server component logs (“api”) and audit logs (“audit”) of the EKS control plane through the enabled_cluster_log_types attribute.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-778: Insufficient Logging
OWASP:
- A10:2017 - Insufficient Logging & Monitoring
- A09:2021 - Security Logging and Monitoring Failures

rds-public-access

RDS instance accessible from the Internet detected.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control

rds-insecure-password-storage-in-source-code

RDS instance or cluster with hardcoded credentials in source code. It is recommended to pass the credentials at runtime, or generate random credentials using the random_password resource.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-522: Insufficiently Protected Credentials
OWASP:
- A02:2017 - Broken Authentication
- A04:2021 - Insecure Design

all-origins-allowed

CORS rule on bucket permits any origin
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-942: Permissive Cross-domain Policy with Untrusted Domains
OWASP:
- A05:2021 - Security Misconfiguration

s3-unencrypted-bucket

This rule has been deprecated, as all s3 buckets are encrypted by default with no way to disable it. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration for more info.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-311: Missing Encryption of Sensitive Data
OWASP:
- A03:2017 - Sensitive Data Exposure
- A04:2021 - Insecure Design

eks-public-endpoint-enabled

The vpc_config resource inside the eks cluster has not explicitly disabled public endpoint access
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
OWASP:
- A01:2021 - Broken Access Control
SecurityIam
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.