CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
  • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
        • Aws
        • Azure
        • Gcp
        • Lang
          • Security
          • Security
      • Typescript
      • Yaml
    Lang

    Security

    AWS EC2 Instance allowing use of the IMDSv1
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-918: Server-Side Request Forgery (SSRF)
    OWASP:
    - A10:2021 - Server-Side Request Forgery (SSRF)

    S3 bucket with public read access detected.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
    OWASP:
    - A01:2021 - Broken Access Control

    S3 bucket with public read-write access detected.
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
    OWASP:
    - A01:2021 - Broken Access Control

    Encryption at rest is not enabled for the elastic search domain resource
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-311: Missing Encryption of Sensitive Data
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A04:2021 - Insecure Design

    The ECR Repository isn’t configured to scan images on push
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-1104: Use of Unmaintained Third Party Components
    OWASP:
    - A06:2021 - Vulnerable and Outdated Components

    Missing EKS control plane logging. It is recommended to enable at least Kubernetes API server component logs (“api”) and audit logs (“audit”) of the EKS control plane through the enabled_cluster_log_types attribute.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-778: Insufficient Logging
    OWASP:
    - A10:2017 - Insufficient Logging & Monitoring
    - A09:2021 - Security Logging and Monitoring Failures

    RDS instance accessible from the Internet detected.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    RDS instance or cluster with hardcoded credentials in source code. It is recommended to pass the credentials at runtime, or generate random credentials using the random_password resource.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-522: Insufficiently Protected Credentials
    OWASP:
    - A02:2017 - Broken Authentication
    - A04:2021 - Insecure Design

    CORS rule on bucket permits any origin
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-942: Permissive Cross-domain Policy with Untrusted Domains
    OWASP:
    - A05:2021 - Security Misconfiguration

    This rule has been deprecated, as all s3 buckets are encrypted by default with no way to disable it. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration for more info.
    Likelihood: MEDIUM
    Confidence: MEDIUM
    CWE:
    - CWE-311: Missing Encryption of Sensitive Data
    OWASP:
    - A03:2017 - Sensitive Data Exposure
    - A04:2021 - Insecure Design

    The vpc_config resource inside the eks cluster has not explicitly disabled public endpoint access
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
    OWASP:
    - A01:2021 - Broken Access Control

    SecurityIam
    twitterlinkedin
    Powered by Mintlify