Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Aws
- Azure
- Gcp
- Lang
- Security
- Security
- Typescript
- Yaml
Security
AWS EC2 Instance allowing use of the IMDSv1
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-918: Server-Side Request Forgery (SSRF)
OWASP:
- A10:2021 - Server-Side Request Forgery (SSRF)
S3 bucket with public read access detected.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
OWASP:
- A01:2021 - Broken Access Control
S3 bucket with public read-write access detected.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
OWASP:
- A01:2021 - Broken Access Control
Encryption at rest is not enabled for the elastic search domain resource
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-311: Missing Encryption of Sensitive Data
OWASP:
- A03:2017 - Sensitive Data Exposure
- A04:2021 - Insecure Design
The ECR Repository isn’t configured to scan images on push
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-1104: Use of Unmaintained Third Party Components
OWASP:
- A06:2021 - Vulnerable and Outdated Components
Missing EKS control plane logging. It is recommended to enable at least Kubernetes API server component logs (“api”) and audit logs (“audit”) of the EKS control plane through the enabled_cluster_log_types attribute.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-778: Insufficient Logging
OWASP:
- A10:2017 - Insufficient Logging & Monitoring
- A09:2021 - Security Logging and Monitoring Failures
RDS instance accessible from the Internet detected.
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-284: Improper Access Control
OWASP:
- A05:2017 - Broken Access Control
- A01:2021 - Broken Access Control
RDS instance or cluster with hardcoded credentials in source code. It is recommended to pass the credentials at runtime, or generate random credentials using the random_password resource.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-522: Insufficiently Protected Credentials
OWASP:
- A02:2017 - Broken Authentication
- A04:2021 - Insecure Design
CORS rule on bucket permits any origin
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-942: Permissive Cross-domain Policy with Untrusted Domains
OWASP:
- A05:2021 - Security Misconfiguration
This rule has been deprecated, as all s3 buckets are encrypted by default with no way to disable it. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration for more info.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-311: Missing Encryption of Sensitive Data
OWASP:
- A03:2017 - Sensitive Data Exposure
- A04:2021 - Insecure Design
The vpc_config resource inside the eks cluster has not explicitly disabled public endpoint access
Likelihood: LOW
Confidence: LOW
CWE:
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
OWASP:
- A01:2021 - Broken Access Control