CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
Documentation
API Reference
Start Here
  • What is CodeAnt?
  • Join Community
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
    • Typescript
      • Angular
      • Aws-cdk
        • Security
        • Security
          • Audit
      • Lang
      • Nestjs
      • Nextjs
      • React
      • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Security

Audit

awscdk-bucket-encryption

Add “encryption: Y.BucketEncryption.KMSMANAGED"or"encryption:Y.BucketEncryption.KMS_MANAGED" or "encryption: Y.BucketEncryption.KMSM​ANAGED"or"encryption:Y.BucketEncryption.S3_MANAGED” to the bucket props for Bucket construct $X
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-311: Missing Encryption of Sensitive Data
OWASP:
- A03:2017 - Sensitive Data Exposure
- A04:2021 - Insecure Design

aws-cdk-bucket-enforcessl

Bucket $X is not set to enforce encryption-in-transit, if not explictly setting this on the bucket policy - the property “enforceSSL” should be set to true
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-319: Cleartext Transmission of Sensitive Information
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures

awscdk-sqs-unencryptedqueue

Queue Xismissingencryptionatrest.Add"encryption:X is missing encryption at rest. Add "encryption: Xismissingencryptionatrest.Add"encryption:Y.QueueEncryption.KMS” or “encryption: $Y.QueueEncryption.KMS_MANAGED” to the queue props to enable encryption at rest for the queue.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-311: Missing Encryption of Sensitive Data
OWASP:
- A03:2017 - Sensitive Data Exposure
- A04:2021 - Insecure Design
SecurityBest practice
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.