| layout | title | nav_order |
|---|---|---|
default |
all resource scans |
1 |
| Id | Type | Entity | Policy | IaC | |
|---|---|---|---|---|---|
| 0 | CKV_ALI_1 | resource | alicloud_oss_bucket | Alibaba Cloud OSS bucket accessible to public | Terraform |
| 1 | CKV_ALI_2 | resource | alicloud_security_group_rule | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 | Terraform |
| 2 | CKV_ALI_3 | resource | alicloud_security_group_rule | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 | Terraform |
| 3 | CKV_ALI_4 | resource | alicloud_actiontrail_trail | Ensure Action Trail Logging for all regions | Terraform |
| 4 | CKV_ALI_5 | resource | alicloud_actiontrail_trail | Ensure Action Trail Logging for all events | Terraform |
| 5 | CKV_ALI_6 | resource | alicloud_oss_bucket | Ensure OSS bucket is encrypted with Customer Master Key | Terraform |
| 6 | CKV_ALI_7 | resource | alicloud_disk | Ensure disk is encrypted | Terraform |
| 7 | CKV_ALI_8 | resource | alicloud_disk | Ensure Disk is encrypted with Customer Master Key | Terraform |
| 8 | CKV_ALI_9 | resource | alicloud_db_instance | Ensure database instance is not public | Terraform |
| 9 | CKV_ALI_10 | resource | alicloud_oss_bucket | Ensure OSS bucket has versioning enabled | Terraform |
| 10 | CKV_ALI_11 | resource | alicloud_oss_bucket | Ensure OSS bucket has transfer Acceleration enabled | Terraform |
| 11 | CKV_ALI_12 | resource | alicloud_oss_bucket | Ensure the OSS bucket has access logging enabled | Terraform |
| 12 | CKV_ALI_13 | resource | alicloud_ram_account_password_policy | Ensure RAM password policy requires minimum length of 14 or greater | Terraform |
| 13 | CKV_ALI_14 | resource | alicloud_ram_account_password_policy | Ensure RAM password policy requires at least one number | Terraform |
| 14 | CKV_ALI_15 | resource | alicloud_ram_account_password_policy | Ensure RAM password policy requires at least one symbol | Terraform |
| 15 | CKV_ALI_16 | resource | alicloud_ram_account_password_policy | Ensure RAM password policy expires passwords within 90 days or less | Terraform |
| 16 | CKV_ALI_17 | resource | alicloud_ram_account_password_policy | Ensure RAM password policy requires at least one lowercase letter | Terraform |
| 17 | CKV_ALI_18 | resource | alicloud_ram_account_password_policy | Ensure RAM password policy prevents password reuse | Terraform |
| 18 | CKV_ALI_19 | resource | alicloud_ram_account_password_policy | Ensure RAM password policy requires at least one uppercase letter | Terraform |
| 19 | CKV_ALI_20 | resource | alicloud_db_instance | Ensure RDS instance uses SSL | Terraform |
| 20 | CKV_ALI_21 | resource | alicloud_api_gateway_api | Ensure API Gateway API Protocol HTTPS | Terraform |
| 21 | CKV_ALI_22 | resource | alicloud_db_instance | Ensure Transparent Data Encryption is Enabled on instance | Terraform |
| 22 | CKV_ALI_23 | resource | alicloud_ram_account_password_policy | Ensure Ram Account Password Policy Max Login Attempts not > 5 | Terraform |
| 23 | CKV_ALI_24 | resource | alicloud_ram_account_password_policy | Ensure Ram Account Password Policy Max Age less than/equal to 90 days | Terraform |
| 24 | CKV_ALI_25 | resource | alicloud_db_instance | Ensure RDS Instance SQL Collector Retention Period should be greater than 180 | Terraform |
| 25 | CKV_ALI_26 | resource | alicloud_cs_kubernetes | Ensure Kubernetes installs plugin Terway or Flannel to support standard policies | Terraform |
| 26 | CKV_AWS_1 | data | aws_iam_policy_document | Ensure IAM policies that allow full "-" administrative privileges are not created | Terraform |
| 27 | CKV_AWS_1 | resource | serverless_aws | Ensure IAM policies that allow full "-" administrative privileges are not created | serverless |
| 28 | CKV_AWS_2 | resource | AWS::ElasticLoadBalancingV2::Listener | Ensure ALB protocol is HTTPS | Cloudformation |
| 29 | CKV_AWS_2 | resource | aws_alb_listener | Ensure ALB protocol is HTTPS | Terraform |
| 30 | CKV_AWS_2 | resource | aws_lb_listener | Ensure ALB protocol is HTTPS | Terraform |
| 31 | CKV_AWS_3 | resource | AWS::EC2::Volume | Ensure all data stored in the EBS is securely encrypted | Cloudformation |
| 32 | CKV_AWS_3 | resource | aws_ebs_volume | Ensure all data stored in the EBS is securely encrypted | Terraform |
| 33 | CKV_AWS_5 | resource | AWS::Elasticsearch::Domain | Ensure all data stored in the Elasticsearch is securely encrypted at rest | Cloudformation |
| 34 | CKV_AWS_5 | resource | aws_elasticsearch_domain | Ensure all data stored in the Elasticsearch is securely encrypted at rest | Terraform |
| 35 | CKV_AWS_5 | resource | aws_opensearch_domain | Ensure all data stored in the Elasticsearch is securely encrypted at rest | Terraform |
| 36 | CKV_AWS_6 | resource | AWS::Elasticsearch::Domain | Ensure all Elasticsearch has node-to-node encryption enabled | Cloudformation |
| 37 | CKV_AWS_6 | resource | aws_elasticsearch_domain | Ensure all Elasticsearch has node-to-node encryption enabled | Terraform |
| 38 | CKV_AWS_6 | resource | aws_opensearch_domain | Ensure all Elasticsearch has node-to-node encryption enabled | Terraform |
| 39 | CKV_AWS_7 | resource | AWS::KMS::Key | Ensure rotation for customer created CMKs is enabled | Cloudformation |
| 40 | CKV_AWS_7 | resource | aws_kms_key | Ensure rotation for customer created CMKs is enabled | Terraform |
| 41 | CKV_AWS_8 | resource | AWS::AutoScaling::LaunchConfiguration | Ensure all data stored in the Launch configuration EBS is securely encrypted | Cloudformation |
| 42 | CKV_AWS_8 | resource | aws_instance | Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted | Terraform |
| 43 | CKV_AWS_8 | resource | aws_launch_configuration | Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted | Terraform |
| 44 | CKV_AWS_9 | resource | aws_iam_account_password_policy | Ensure IAM password policy expires passwords within 90 days or less | Terraform |
| 45 | CKV_AWS_10 | resource | aws_iam_account_password_policy | Ensure IAM password policy requires minimum length of 14 or greater | Terraform |
| 46 | CKV_AWS_11 | resource | aws_iam_account_password_policy | Ensure IAM password policy requires at least one lowercase letter | Terraform |
| 47 | CKV_AWS_12 | resource | aws_iam_account_password_policy | Ensure IAM password policy requires at least one number | Terraform |
| 48 | CKV_AWS_13 | resource | aws_iam_account_password_policy | Ensure IAM password policy prevents password reuse | Terraform |
| 49 | CKV_AWS_14 | resource | aws_iam_account_password_policy | Ensure IAM password policy requires at least one symbol | Terraform |
| 50 | CKV_AWS_15 | resource | aws_iam_account_password_policy | Ensure IAM password policy requires at least one uppercase letter | Terraform |
| 51 | CKV_AWS_16 | resource | AWS::RDS::DBInstance | Ensure all data stored in the RDS is securely encrypted at rest | Cloudformation |
| 52 | CKV_AWS_16 | resource | aws_db_instance | Ensure all data stored in the RDS is securely encrypted at rest | Terraform |
| 53 | CKV_AWS_17 | resource | AWS::RDS::DBInstance | Ensure all data stored in RDS is not publicly accessible | Cloudformation |
| 54 | CKV_AWS_17 | resource | aws_db_instance | Ensure all data stored in RDS is not publicly accessible | Terraform |
| 55 | CKV_AWS_17 | resource | aws_rds_cluster_instance | Ensure all data stored in RDS is not publicly accessible | Terraform |
| 56 | CKV_AWS_18 | resource | AWS::S3::Bucket | Ensure the S3 bucket has access logging enabled | Cloudformation |
| 57 | CKV_AWS_18 | resource | aws_s3_bucket | Ensure the S3 bucket has access logging enabled | Terraform |
| 58 | CKV_AWS_19 | resource | AWS::S3::Bucket | Ensure the S3 bucket has server-side-encryption enabled | Cloudformation |
| 59 | CKV_AWS_19 | resource | aws_s3_bucket | Ensure all data stored in the S3 bucket is securely encrypted at rest | Terraform |
| 60 | CKV_AWS_19 | resource | aws_s3_bucket_server_side_encryption_configuration | Ensure all data stored in the S3 bucket is securely encrypted at rest | Terraform |
| 61 | CKV_AWS_20 | resource | AWS::S3::Bucket | Ensure the S3 bucket does not allow READ permissions to everyone | Cloudformation |
| 62 | CKV_AWS_20 | resource | aws_s3_bucket | S3 Bucket has an ACL defined which allows public READ access. | Terraform |
| 63 | CKV_AWS_20 | resource | aws_s3_bucket_acl | S3 Bucket has an ACL defined which allows public READ access. | Terraform |
| 64 | CKV_AWS_21 | resource | AWS::S3::Bucket | Ensure the S3 bucket has versioning enabled | Cloudformation |
| 65 | CKV_AWS_21 | resource | aws_s3_bucket | Ensure all data stored in the S3 bucket have versioning enabled | Terraform |
| 66 | CKV_AWS_21 | resource | aws_s3_bucket_versioning | Ensure all data stored in the S3 bucket have versioning enabled | Terraform |
| 67 | CKV_AWS_22 | resource | aws_sagemaker_notebook_instance | Ensure SageMaker Notebook is encrypted at rest using KMS CMK | Terraform |
| 68 | CKV_AWS_23 | resource | AWS::EC2::SecurityGroup | Ensure every security groups rule has a description | Cloudformation |
| 69 | CKV_AWS_23 | resource | AWS::EC2::SecurityGroupEgress | Ensure every security groups rule has a description | Cloudformation |
| 70 | CKV_AWS_23 | resource | AWS::EC2::SecurityGroupIngress | Ensure every security groups rule has a description | Cloudformation |
| 71 | CKV_AWS_23 | resource | aws_db_security_group | Ensure every security groups rule has a description | Terraform |
| 72 | CKV_AWS_23 | resource | aws_elasticache_security_group | Ensure every security groups rule has a description | Terraform |
| 73 | CKV_AWS_23 | resource | aws_redshift_security_group | Ensure every security groups rule has a description | Terraform |
| 74 | CKV_AWS_23 | resource | aws_security_group | Ensure every security groups rule has a description | Terraform |
| 75 | CKV_AWS_23 | resource | aws_security_group_rule | Ensure every security groups rule has a description | Terraform |
| 76 | CKV_AWS_24 | resource | AWS::EC2::SecurityGroup | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 | Cloudformation |
| 77 | CKV_AWS_24 | resource | AWS::EC2::SecurityGroupIngress | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 | Cloudformation |
| 78 | CKV_AWS_24 | resource | aws_security_group | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 | Terraform |
| 79 | CKV_AWS_24 | resource | aws_security_group_rule | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 | Terraform |
| 80 | CKV_AWS_25 | resource | AWS::EC2::SecurityGroup | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 | Cloudformation |
| 81 | CKV_AWS_25 | resource | AWS::EC2::SecurityGroupIngress | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 | Cloudformation |
| 82 | CKV_AWS_25 | resource | aws_security_group | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 | Terraform |
| 83 | CKV_AWS_25 | resource | aws_security_group_rule | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 | Terraform |
| 84 | CKV_AWS_26 | resource | AWS::SNS::Topic | Ensure all data stored in the SNS topic is encrypted | Cloudformation |
| 85 | CKV_AWS_26 | resource | aws_sns_topic | Ensure all data stored in the SNS topic is encrypted | Terraform |
| 86 | CKV_AWS_27 | resource | AWS::SQS::Queue | Ensure all data stored in the SQS queue is encrypted | Cloudformation |
| 87 | CKV_AWS_27 | resource | aws_sqs_queue | Ensure all data stored in the SQS queue is encrypted | Terraform |
| 88 | CKV_AWS_28 | resource | AWS::DynamoDB::Table | Ensure Dynamodb point in time recovery (backup) is enabled | Cloudformation |
| 89 | CKV_AWS_28 | resource | aws_dynamodb_table | Ensure Dynamodb point in time recovery (backup) is enabled | Terraform |
| 90 | CKV_AWS_29 | resource | AWS::ElastiCache::ReplicationGroup | Ensure all data stored in the Elasticache Replication Group is securely encrypted at rest | Cloudformation |
| 91 | CKV_AWS_29 | resource | aws_elasticache_replication_group | Ensure all data stored in the Elasticache Replication Group is securely encrypted at rest | Terraform |
| 92 | CKV_AWS_30 | resource | AWS::ElastiCache::ReplicationGroup | Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit | Cloudformation |
| 93 | CKV_AWS_30 | resource | aws_elasticache_replication_group | Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit | Terraform |
| 94 | CKV_AWS_31 | resource | AWS::ElastiCache::ReplicationGroup | Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit and has auth token | Cloudformation |
| 95 | CKV_AWS_31 | resource | aws_elasticache_replication_group | Ensure all data stored in the Elasticache Replication Group is securely encrypted at transit and has auth token | Terraform |
| 96 | CKV_AWS_32 | resource | AWS::ECR::Repository | Ensure ECR policy is not set to public | Cloudformation |
| 97 | CKV_AWS_32 | resource | aws_ecr_repository_policy | Ensure ECR policy is not set to public | Terraform |
| 98 | CKV_AWS_33 | resource | AWS::KMS::Key | Ensure KMS key policy does not contain wildcard (*) principal | Cloudformation |
| 99 | CKV_AWS_33 | resource | aws_kms_key | Ensure KMS key policy does not contain wildcard (*) principal | Terraform |
| 100 | CKV_AWS_34 | resource | AWS::CloudFront::Distribution | Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS | Cloudformation |
| 101 | CKV_AWS_34 | resource | aws_cloudfront_distribution | Ensure cloudfront distribution ViewerProtocolPolicy is set to HTTPS | Terraform |
| 102 | CKV_AWS_35 | resource | AWS::CloudTrail::Trail | Ensure CloudTrail logs are encrypted at rest using KMS CMKs | Cloudformation |
| 103 | CKV_AWS_35 | resource | aws_cloudtrail | Ensure CloudTrail logs are encrypted at rest using KMS CMKs | Terraform |
| 104 | CKV_AWS_36 | resource | AWS::CloudTrail::Trail | Ensure CloudTrail log file validation is enabled | Cloudformation |
| 105 | CKV_AWS_36 | resource | aws_cloudtrail | Ensure CloudTrail log file validation is enabled | Terraform |
| 106 | CKV_AWS_37 | resource | aws_eks_cluster | Ensure Amazon EKS control plane logging enabled for all log types | Terraform |
| 107 | CKV_AWS_38 | resource | aws_eks_cluster | Ensure Amazon EKS public endpoint not accessible to 0.0.0.0/0 | Terraform |
| 108 | CKV_AWS_39 | resource | aws_eks_cluster | Ensure Amazon EKS public endpoint disabled | Terraform |
| 109 | CKV_AWS_40 | resource | AWS::IAM::Policy | Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) | Cloudformation |
| 110 | CKV_AWS_40 | resource | aws_iam_policy_attachment | Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) | Terraform |
| 111 | CKV_AWS_40 | resource | aws_iam_user_policy | Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) | Terraform |
| 112 | CKV_AWS_40 | resource | aws_iam_user_policy_attachment | Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.) | Terraform |
| 113 | CKV_AWS_41 | provider | aws | Ensure no hard coded AWS access key and secret key exists in provider | Terraform |
| 114 | CKV_AWS_41 | resource | serverless_aws | Ensure no hard coded AWS access key and secret key exists in provider | serverless |
| 115 | CKV_AWS_42 | resource | AWS::EFS::FileSystem | Ensure EFS is securely encrypted | Cloudformation |
| 116 | CKV_AWS_42 | resource | aws_efs_file_system | Ensure EFS is securely encrypted | Terraform |
| 117 | CKV_AWS_43 | resource | AWS::Kinesis::Stream | Ensure Kinesis Stream is securely encrypted | Cloudformation |
| 118 | CKV_AWS_43 | resource | aws_kinesis_stream | Ensure Kinesis Stream is securely encrypted | Terraform |
| 119 | CKV_AWS_44 | resource | AWS::Neptune::DBCluster | Ensure Neptune storage is securely encrypted | Cloudformation |
| 120 | CKV_AWS_44 | resource | aws_neptune_cluster | Ensure Neptune storage is securely encrypted | Terraform |
| 121 | CKV_AWS_45 | resource | AWS::Lambda::Function | Ensure no hard-coded secrets exist in lambda environment | Cloudformation |
| 122 | CKV_AWS_45 | resource | AWS::Serverless::Function | Ensure no hard-coded secrets exist in lambda environment | Cloudformation |
| 123 | CKV_AWS_45 | resource | aws_lambda_function | Ensure no hard-coded secrets exist in lambda environment | Terraform |
| 124 | CKV_AWS_46 | resource | AWS::EC2::Instance | Ensure no hard-coded secrets exist in EC2 user data | Cloudformation |
| 125 | CKV_AWS_46 | resource | aws_instance | Ensure no hard-coded secrets exist in EC2 user data | Terraform |
| 126 | CKV_AWS_47 | resource | AWS::DAX::Cluster | Ensure DAX is encrypted at rest (default is unencrypted) | Cloudformation |
| 127 | CKV_AWS_47 | resource | aws_dax_cluster | Ensure DAX is encrypted at rest (default is unencrypted) | Terraform |
| 128 | CKV_AWS_48 | resource | aws_mq_broker | Ensure MQ Broker logging is enabled | Terraform |
| 129 | CKV_AWS_49 | data | aws_iam_policy_document | Ensure no IAM policies documents allow "*" as a statement's actions | Terraform |
| 130 | CKV_AWS_49 | resource | serverless_aws | Ensure no IAM policies documents allow "*" as a statement's actions | serverless |
| 131 | CKV_AWS_50 | resource | aws_lambda_function | X-ray tracing is enabled for Lambda | Terraform |
| 132 | CKV_AWS_51 | resource | AWS::ECR::Repository | Ensure ECR Image Tags are immutable | Cloudformation |
| 133 | CKV_AWS_51 | resource | aws_ecr_repository | Ensure ECR Image Tags are immutable | Terraform |
| 134 | CKV_AWS_53 | resource | AWS::S3::Bucket | Ensure S3 bucket has block public ACLS enabled | Cloudformation |
| 135 | CKV_AWS_53 | resource | aws_s3_bucket_public_access_block | Ensure S3 bucket has block public ACLS enabled | Terraform |
| 136 | CKV_AWS_54 | resource | AWS::S3::Bucket | Ensure S3 bucket has block public policy enabled | Cloudformation |
| 137 | CKV_AWS_54 | resource | aws_s3_bucket_public_access_block | Ensure S3 bucket has block public policy enabled | Terraform |
| 138 | CKV_AWS_55 | resource | AWS::S3::Bucket | Ensure S3 bucket has ignore public ACLs enabled | Cloudformation |
| 139 | CKV_AWS_55 | resource | aws_s3_bucket_public_access_block | Ensure S3 bucket has ignore public ACLs enabled | Terraform |
| 140 | CKV_AWS_56 | resource | AWS::S3::Bucket | Ensure S3 bucket has 'restrict_public_bucket' enabled | Cloudformation |
| 141 | CKV_AWS_56 | resource | aws_s3_bucket_public_access_block | Ensure S3 bucket has 'restrict_public_bucket' enabled | Terraform |
| 142 | CKV_AWS_57 | resource | AWS::S3::Bucket | Ensure the S3 bucket does not allow WRITE permissions to everyone | Cloudformation |
| 143 | CKV_AWS_57 | resource | aws_s3_bucket | S3 Bucket has an ACL defined which allows public WRITE access. | Terraform |
| 144 | CKV_AWS_57 | resource | aws_s3_bucket_acl | S3 Bucket has an ACL defined which allows public WRITE access. | Terraform |
| 145 | CKV_AWS_58 | resource | AWS::EKS::Cluster | Ensure EKS Cluster has Secrets Encryption Enabled | Cloudformation |
| 146 | CKV_AWS_58 | resource | aws_eks_cluster | Ensure EKS Cluster has Secrets Encryption Enabled | Terraform |
| 147 | CKV_AWS_59 | resource | AWS::ApiGateway::Method | Ensure there is no open access to back-end resources through API | Cloudformation |
| 148 | CKV_AWS_59 | resource | aws_api_gateway_method | Ensure there is no open access to back-end resources through API | Terraform |
| 149 | CKV_AWS_60 | resource | AWS::IAM::Role | Ensure IAM role allows only specific services or principals to assume it | Cloudformation |
| 150 | CKV_AWS_60 | resource | aws_iam_role | Ensure IAM role allows only specific services or principals to assume it | Terraform |
| 151 | CKV_AWS_61 | resource | AWS::IAM::Role | Ensure IAM role allows only specific principals in account to assume it | Cloudformation |
| 152 | CKV_AWS_61 | resource | aws_iam_role | Ensure IAM role allows only specific principals in account to assume it | Terraform |
| 153 | CKV_AWS_62 | resource | AWS::IAM::Group | Ensure no IAM policies that allow full "-" administrative privileges are not created | Cloudformation |
| 154 | CKV_AWS_62 | resource | AWS::IAM::Policy | Ensure no IAM policies that allow full "-" administrative privileges are not created | Cloudformation |
| 155 | CKV_AWS_62 | resource | AWS::IAM::Role | Ensure no IAM policies that allow full "-" administrative privileges are not created | Cloudformation |
| 156 | CKV_AWS_62 | resource | AWS::IAM::User | Ensure no IAM policies that allow full "-" administrative privileges are not created | Cloudformation |
| 157 | CKV_AWS_62 | resource | aws_iam_group_policy | Ensure IAM policies that allow full "-" administrative privileges are not created | Terraform |
| 158 | CKV_AWS_62 | resource | aws_iam_policy | Ensure IAM policies that allow full "-" administrative privileges are not created | Terraform |
| 159 | CKV_AWS_62 | resource | aws_iam_role_policy | Ensure IAM policies that allow full "-" administrative privileges are not created | Terraform |
| 160 | CKV_AWS_62 | resource | aws_iam_user_policy | Ensure IAM policies that allow full "-" administrative privileges are not created | Terraform |
| 161 | CKV_AWS_62 | resource | aws_ssoadmin_permission_set_inline_policy | Ensure IAM policies that allow full "-" administrative privileges are not created | Terraform |
| 162 | CKV_AWS_63 | resource | AWS::IAM::Group | Ensure no IAM policies documents allow "*" as a statement's actions | Cloudformation |
| 163 | CKV_AWS_63 | resource | AWS::IAM::Policy | Ensure no IAM policies documents allow "*" as a statement's actions | Cloudformation |
| 164 | CKV_AWS_63 | resource | AWS::IAM::Role | Ensure no IAM policies documents allow "*" as a statement's actions | Cloudformation |
| 165 | CKV_AWS_63 | resource | AWS::IAM::User | Ensure no IAM policies documents allow "*" as a statement's actions | Cloudformation |
| 166 | CKV_AWS_63 | resource | aws_iam_group_policy | Ensure no IAM policies documents allow "*" as a statement's actions | Terraform |
| 167 | CKV_AWS_63 | resource | aws_iam_policy | Ensure no IAM policies documents allow "*" as a statement's actions | Terraform |
| 168 | CKV_AWS_63 | resource | aws_iam_role_policy | Ensure no IAM policies documents allow "*" as a statement's actions | Terraform |
| 169 | CKV_AWS_63 | resource | aws_iam_user_policy | Ensure no IAM policies documents allow "*" as a statement's actions | Terraform |
| 170 | CKV_AWS_63 | resource | aws_ssoadmin_permission_set_inline_policy | Ensure no IAM policies documents allow "*" as a statement's actions | Terraform |
| 171 | CKV_AWS_64 | resource | AWS::Redshift::Cluster | Ensure all data stored in the Redshift cluster is securely encrypted at rest | Cloudformation |
| 172 | CKV_AWS_64 | resource | aws_redshift_cluster | Ensure all data stored in the Redshift cluster is securely encrypted at rest | Terraform |
| 173 | CKV_AWS_65 | resource | AWS::ECS::Cluster | Ensure container insights are enabled on ECS cluster | Cloudformation |
| 174 | CKV_AWS_65 | resource | aws_ecs_cluster | Ensure container insights are enabled on ECS cluster | Terraform |
| 175 | CKV_AWS_66 | resource | AWS::Logs::LogGroup | Ensure that CloudWatch Log Group specifies retention days | Cloudformation |
| 176 | CKV_AWS_66 | resource | aws_cloudwatch_log_group | Ensure that CloudWatch Log Group specifies retention days | Terraform |
| 177 | CKV_AWS_67 | resource | AWS::CloudTrail::Trail | Ensure CloudTrail is enabled in all Regions | Cloudformation |
| 178 | CKV_AWS_67 | resource | aws_cloudtrail | Ensure CloudTrail is enabled in all Regions | Terraform |
| 179 | CKV_AWS_68 | resource | AWS::CloudFront::Distribution | CloudFront Distribution should have WAF enabled | Cloudformation |
| 180 | CKV_AWS_68 | resource | aws_cloudfront_distribution | CloudFront Distribution should have WAF enabled | Terraform |
| 181 | CKV_AWS_69 | resource | AWS::AmazonMQ::Broker | Ensure Amazon MQ Broker should not have public access | Cloudformation |
| 182 | CKV_AWS_69 | resource | aws_mq_broker | Ensure MQ Broker is not publicly exposed | Terraform |
| 183 | CKV_AWS_70 | resource | aws_s3_bucket | Ensure S3 bucket does not allow an action with any Principal | Terraform |
| 184 | CKV_AWS_70 | resource | aws_s3_bucket_policy | Ensure S3 bucket does not allow an action with any Principal | Terraform |
| 185 | CKV_AWS_71 | resource | AWS::Redshift::Cluster | Ensure Redshift Cluster logging is enabled | Cloudformation |
| 186 | CKV_AWS_71 | resource | aws_redshift_cluster | Ensure Redshift Cluster logging is enabled | Terraform |
| 187 | CKV_AWS_72 | resource | aws_sqs_queue_policy | Ensure SQS policy does not allow ALL (*) actions. | Terraform |
| 188 | CKV_AWS_73 | resource | AWS::ApiGateway::Stage | Ensure API Gateway has X-Ray Tracing enabled | Cloudformation |
| 189 | CKV_AWS_73 | resource | AWS::Serverless::Api | Ensure API Gateway has X-Ray Tracing enabled | Cloudformation |
| 190 | CKV_AWS_73 | resource | aws_api_gateway_stage | Ensure API Gateway has X-Ray Tracing enabled | Terraform |
| 191 | CKV_AWS_74 | resource | AWS::DocDB::DBCluster | Ensure DocDB is encrypted at rest (default is unencrypted) | Cloudformation |
| 192 | CKV_AWS_74 | resource | aws_docdb_cluster | Ensure DocDB is encrypted at rest (default is unencrypted) | Terraform |
| 193 | CKV_AWS_75 | resource | aws_globalaccelerator_accelerator | Ensure Global Accelerator accelerator has flow logs enabled | Terraform |
| 194 | CKV_AWS_76 | resource | AWS::ApiGateway::Stage | Ensure API Gateway has Access Logging enabled | Cloudformation |
| 195 | CKV_AWS_76 | resource | AWS::Serverless::Api | Ensure API Gateway has Access Logging enabled | Cloudformation |
| 196 | CKV_AWS_76 | resource | aws_api_gateway_stage | Ensure API Gateway has Access Logging enabled | Terraform |
| 197 | CKV_AWS_76 | resource | aws_apigatewayv2_stage | Ensure API Gateway has Access Logging enabled | Terraform |
| 198 | CKV_AWS_77 | resource | aws_athena_database | Ensure Athena Database is encrypted at rest (default is unencrypted) | Terraform |
| 199 | CKV_AWS_78 | resource | AWS::CodeBuild::Project | Ensure that CodeBuild Project encryption is not disabled | Cloudformation |
| 200 | CKV_AWS_78 | resource | aws_codebuild_project | Ensure that CodeBuild Project encryption is not disabled | Terraform |
| 201 | CKV_AWS_79 | resource | AWS::EC2::LaunchTemplate | Ensure Instance Metadata Service Version 1 is not enabled | Cloudformation |
| 202 | CKV_AWS_79 | resource | aws_instance | Ensure Instance Metadata Service Version 1 is not enabled | Terraform |
| 203 | CKV_AWS_79 | resource | aws_launch_configuration | Ensure Instance Metadata Service Version 1 is not enabled | Terraform |
| 204 | CKV_AWS_79 | resource | aws_launch_template | Ensure Instance Metadata Service Version 1 is not enabled | Terraform |
| 205 | CKV_AWS_80 | resource | aws_msk_cluster | Ensure MSK Cluster logging is enabled | Terraform |
| 206 | CKV_AWS_81 | resource | aws_msk_cluster | Ensure MSK Cluster encryption in rest and transit is enabled | Terraform |
| 207 | CKV_AWS_82 | resource | AWS::Athena::WorkGroup | Ensure Athena Workgroup should enforce configuration to prevent client disabling encryption | Cloudformation |
| 208 | CKV_AWS_82 | resource | aws_athena_workgroup | Ensure Athena Workgroup should enforce configuration to prevent client disabling encryption | Terraform |
| 209 | CKV_AWS_83 | resource | AWS::Elasticsearch::Domain | Ensure Elasticsearch Domain enforces HTTPS | Cloudformation |
| 210 | CKV_AWS_83 | resource | aws_elasticsearch_domain | Ensure Elasticsearch Domain enforces HTTPS | Terraform |
| 211 | CKV_AWS_83 | resource | aws_opensearch_domain | Ensure Elasticsearch Domain enforces HTTPS | Terraform |
| 212 | CKV_AWS_84 | resource | AWS::Elasticsearch::Domain | Ensure Elasticsearch Domain Logging is enabled | Cloudformation |
| 213 | CKV_AWS_84 | resource | aws_elasticsearch_domain | Ensure Elasticsearch Domain Logging is enabled | Terraform |
| 214 | CKV_AWS_84 | resource | aws_opensearch_domain | Ensure Elasticsearch Domain Logging is enabled | Terraform |
| 215 | CKV_AWS_85 | resource | AWS::DocDB::DBCluster | Ensure DocDB Logging is enabled | Cloudformation |
| 216 | CKV_AWS_85 | resource | aws_docdb_cluster | Ensure DocDB Logging is enabled | Terraform |
| 217 | CKV_AWS_86 | resource | AWS::CloudFront::Distribution | Ensure Cloudfront distribution has Access Logging enabled | Cloudformation |
| 218 | CKV_AWS_86 | resource | aws_cloudfront_distribution | Ensure Cloudfront distribution has Access Logging enabled | Terraform |
| 219 | CKV_AWS_87 | resource | AWS::Redshift::Cluster | Redshift cluster should not be publicly accessible | Cloudformation |
| 220 | CKV_AWS_87 | resource | aws_redshift_cluster | Redshift cluster should not be publicly accessible | Terraform |
| 221 | CKV_AWS_88 | resource | AWS::EC2::Instance | EC2 instance should not have public IP. | Cloudformation |
| 222 | CKV_AWS_88 | resource | AWS::EC2::LaunchTemplate | EC2 instance should not have public IP. | Cloudformation |
| 223 | CKV_AWS_88 | resource | aws_instance | EC2 instance should not have public IP. | Terraform |
| 224 | CKV_AWS_88 | resource | aws_launch_template | EC2 instance should not have public IP. | Terraform |
| 225 | CKV_AWS_89 | resource | AWS::DMS::ReplicationInstance | DMS replication instance should not be publicly accessible | Cloudformation |
| 226 | CKV_AWS_89 | resource | aws_dms_replication_instance | DMS replication instance should not be publicly accessible | Terraform |
| 227 | CKV_AWS_90 | resource | AWS::DocDB::DBClusterParameterGroup | Ensure DocDB TLS is not disabled | Cloudformation |
| 228 | CKV_AWS_90 | resource | aws_docdb_cluster_parameter_group | Ensure DocDB TLS is not disabled | Terraform |
| 229 | CKV_AWS_91 | resource | AWS::ElasticLoadBalancingV2::LoadBalancer | Ensure the ELBv2 (Application/Network) has access logging enabled | Cloudformation |
| 230 | CKV_AWS_91 | resource | aws_alb | Ensure the ELBv2 (Application/Network) has access logging enabled | Terraform |
| 231 | CKV_AWS_91 | resource | aws_lb | Ensure the ELBv2 (Application/Network) has access logging enabled | Terraform |
| 232 | CKV_AWS_92 | resource | AWS::ElasticLoadBalancing::LoadBalancer | Ensure the ELB has access logging enabled | Cloudformation |
| 233 | CKV_AWS_92 | resource | aws_elb | Ensure the ELB has access logging enabled | Terraform |
| 234 | CKV_AWS_93 | resource | aws_s3_bucket | Ensure S3 bucket policy does not lockout all but root user. (Prevent lockouts needing root account fixes) | Terraform |
| 235 | CKV_AWS_93 | resource | aws_s3_bucket_policy | Ensure S3 bucket policy does not lockout all but root user. (Prevent lockouts needing root account fixes) | Terraform |
| 236 | CKV_AWS_94 | resource | AWS::Glue::DataCatalogEncryptionSettings | Ensure Glue Data Catalog Encryption is enabled | Cloudformation |
| 237 | CKV_AWS_94 | resource | aws_glue_data_catalog_encryption_settings | Ensure Glue Data Catalog Encryption is enabled | Terraform |
| 238 | CKV_AWS_95 | resource | AWS::ApiGatewayV2::Stage | Ensure API Gateway V2 has Access Logging enabled | Cloudformation |
| 239 | CKV_AWS_95 | resource | AWS::Serverless::HttpApi | Ensure API Gateway V2 has Access Logging enabled | Cloudformation |
| 240 | CKV_AWS_96 | resource | AWS::RDS::DBCluster | Ensure all data stored in Aurora is securely encrypted at rest | Cloudformation |
| 241 | CKV_AWS_96 | resource | aws_rds_cluster | Ensure all data stored in Aurora is securely encrypted at rest | Terraform |
| 242 | CKV_AWS_97 | resource | AWS::ECS::TaskDefinition | Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions | Cloudformation |
| 243 | CKV_AWS_97 | resource | aws_ecs_task_definition | Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions | Terraform |
| 244 | CKV_AWS_98 | resource | aws_sagemaker_endpoint_configuration | Ensure all data stored in the Sagemaker Endpoint is securely encrypted at rest | Terraform |
| 245 | CKV_AWS_99 | resource | AWS::Glue::SecurityConfiguration | Ensure Glue Security Configuration Encryption is enabled | Cloudformation |
| 246 | CKV_AWS_99 | resource | aws_glue_security_configuration | Ensure Glue Security Configuration Encryption is enabled | Terraform |
| 247 | CKV_AWS_100 | resource | AWS::EKS::Nodegroup | Ensure Amazon EKS Node group has implicit SSH access from 0.0.0.0/0 | Cloudformation |
| 248 | CKV_AWS_100 | resource | aws_eks_node_group | Ensure Amazon EKS Node group has implicit SSH access from 0.0.0.0/0 | Terraform |
| 249 | CKV_AWS_101 | resource | AWS::Neptune::DBCluster | Ensure Neptune logging is enabled | Cloudformation |
| 250 | CKV_AWS_101 | resource | aws_neptune_cluster | Ensure Neptune logging is enabled | Terraform |
| 251 | CKV_AWS_102 | resource | aws_neptune_cluster_instance | Ensure Neptune Cluster instance is not publicly available | Terraform |
| 252 | CKV_AWS_103 | resource | AWS::ElasticLoadBalancingV2::Listener | Ensure that Application Load Balancer Listener is using TLS v1.2 | Cloudformation |
| 253 | CKV_AWS_103 | resource | aws_alb_listener | Ensure that load balancer is using TLS 1.2 | Terraform |
| 254 | CKV_AWS_103 | resource | aws_lb_listener | Ensure that load balancer is using TLS 1.2 | Terraform |
| 255 | CKV_AWS_104 | resource | AWS::DocDB::DBClusterParameterGroup | Ensure DocDB has audit logs enabled | Cloudformation |
| 256 | CKV_AWS_104 | resource | aws_docdb_cluster_parameter_group | Ensure DocDB has audit logs enabled | Terraform |
| 257 | CKV_AWS_105 | resource | AWS::Redshift::ClusterParameterGroup | Ensure Redshift uses SSL | Cloudformation |
| 258 | CKV_AWS_105 | resource | aws_redshift_parameter_group | Ensure Redshift uses SSL | Terraform |
| 259 | CKV_AWS_106 | resource | aws_ebs_encryption_by_default | Ensure EBS default encryption is enabled | Terraform |
| 260 | CKV_AWS_107 | resource | AWS::IAM::Group | Ensure IAM policies does not allow credentials exposure | Cloudformation |
| 261 | CKV_AWS_107 | resource | AWS::IAM::ManagedPolicy | Ensure IAM policies does not allow credentials exposure | Cloudformation |
| 262 | CKV_AWS_107 | resource | AWS::IAM::Policy | Ensure IAM policies does not allow credentials exposure | Cloudformation |
| 263 | CKV_AWS_107 | resource | AWS::IAM::Role | Ensure IAM policies does not allow credentials exposure | Cloudformation |
| 264 | CKV_AWS_107 | resource | AWS::IAM::User | Ensure IAM policies does not allow credentials exposure | Cloudformation |
| 265 | CKV_AWS_107 | data | aws_iam_policy_document | Ensure IAM policies does not allow credentials exposure | Terraform |
| 266 | CKV_AWS_108 | resource | AWS::IAM::Group | Ensure IAM policies does not allow data exfiltration | Cloudformation |
| 267 | CKV_AWS_108 | resource | AWS::IAM::ManagedPolicy | Ensure IAM policies does not allow data exfiltration | Cloudformation |
| 268 | CKV_AWS_108 | resource | AWS::IAM::Policy | Ensure IAM policies does not allow data exfiltration | Cloudformation |
| 269 | CKV_AWS_108 | resource | AWS::IAM::Role | Ensure IAM policies does not allow data exfiltration | Cloudformation |
| 270 | CKV_AWS_108 | resource | AWS::IAM::User | Ensure IAM policies does not allow data exfiltration | Cloudformation |
| 271 | CKV_AWS_108 | data | aws_iam_policy_document | Ensure IAM policies does not allow data exfiltration | Terraform |
| 272 | CKV_AWS_109 | resource | AWS::IAM::Group | Ensure IAM policies does not allow permissions management without constraints | Cloudformation |
| 273 | CKV_AWS_109 | resource | AWS::IAM::ManagedPolicy | Ensure IAM policies does not allow permissions management without constraints | Cloudformation |
| 274 | CKV_AWS_109 | resource | AWS::IAM::Policy | Ensure IAM policies does not allow permissions management without constraints | Cloudformation |
| 275 | CKV_AWS_109 | resource | AWS::IAM::Role | Ensure IAM policies does not allow permissions management without constraints | Cloudformation |
| 276 | CKV_AWS_109 | resource | AWS::IAM::User | Ensure IAM policies does not allow permissions management without constraints | Cloudformation |
| 277 | CKV_AWS_109 | data | aws_iam_policy_document | Ensure IAM policies does not allow permissions management / resource exposure without constraints | Terraform |
| 278 | CKV_AWS_110 | resource | AWS::IAM::Group | Ensure IAM policies does not allow privilege escalation | Cloudformation |
| 279 | CKV_AWS_110 | resource | AWS::IAM::ManagedPolicy | Ensure IAM policies does not allow privilege escalation | Cloudformation |
| 280 | CKV_AWS_110 | resource | AWS::IAM::Policy | Ensure IAM policies does not allow privilege escalation | Cloudformation |
| 281 | CKV_AWS_110 | resource | AWS::IAM::Role | Ensure IAM policies does not allow privilege escalation | Cloudformation |
| 282 | CKV_AWS_110 | resource | AWS::IAM::User | Ensure IAM policies does not allow privilege escalation | Cloudformation |
| 283 | CKV_AWS_110 | data | aws_iam_policy_document | Ensure IAM policies does not allow privilege escalation | Terraform |
| 284 | CKV_AWS_111 | resource | AWS::IAM::Group | Ensure IAM policies does not allow write access without constraints | Cloudformation |
| 285 | CKV_AWS_111 | resource | AWS::IAM::ManagedPolicy | Ensure IAM policies does not allow write access without constraints | Cloudformation |
| 286 | CKV_AWS_111 | resource | AWS::IAM::Policy | Ensure IAM policies does not allow write access without constraints | Cloudformation |
| 287 | CKV_AWS_111 | resource | AWS::IAM::Role | Ensure IAM policies does not allow write access without constraints | Cloudformation |
| 288 | CKV_AWS_111 | resource | AWS::IAM::User | Ensure IAM policies does not allow write access without constraints | Cloudformation |
| 289 | CKV_AWS_111 | data | aws_iam_policy_document | Ensure IAM policies does not allow write access without constraints | Terraform |
| 290 | CKV_AWS_112 | resource | aws_ssm_document | Ensure Session Manager data is encrypted in transit | Terraform |
| 291 | CKV_AWS_113 | resource | aws_ssm_document | Ensure Session Manager logs are enabled and encrypted | Terraform |
| 292 | CKV_AWS_114 | resource | aws_emr_cluster | Ensure that EMR clusters with Kerberos have Kerberos Realm set | Terraform |
| 293 | CKV_AWS_115 | resource | aws_lambda_function | Ensure that AWS Lambda function is configured for function-level concurrent execution limit | Terraform |
| 294 | CKV_AWS_116 | resource | AWS::Lambda::Function | Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ) | Cloudformation |
| 295 | CKV_AWS_116 | resource | AWS::Serverless::Function | Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ) | Cloudformation |
| 296 | CKV_AWS_116 | resource | aws_lambda_function | Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ) | Terraform |
| 297 | CKV_AWS_117 | resource | aws_lambda_function | Ensure that AWS Lambda function is configured inside a VPC | Terraform |
| 298 | CKV_AWS_118 | resource | aws_db_instance | Ensure that enhanced monitoring is enabled for Amazon RDS instances | Terraform |
| 299 | CKV_AWS_118 | resource | aws_rds_cluster_instance | Ensure that enhanced monitoring is enabled for Amazon RDS instances | Terraform |
| 300 | CKV_AWS_119 | resource | AWS::DynamoDB::Table | Ensure DynamoDB Tables are encrypted using a KMS Customer Managed CMK | Cloudformation |
| 301 | CKV_AWS_119 | resource | aws_dynamodb_table | Ensure DynamoDB Tables are encrypted using a KMS Customer Managed CMK | Terraform |
| 302 | CKV_AWS_120 | resource | AWS::ApiGateway::Stage | Ensure API Gateway caching is enabled | Cloudformation |
| 303 | CKV_AWS_120 | resource | AWS::Serverless::Api | Ensure API Gateway caching is enabled | Cloudformation |
| 304 | CKV_AWS_120 | resource | aws_api_gateway_stage | Ensure API Gateway caching is enabled | Terraform |
| 305 | CKV_AWS_121 | resource | aws_config_configuration_aggregator | Ensure AWS Config is enabled in all regions | Terraform |
| 306 | CKV_AWS_122 | resource | aws_sagemaker_notebook_instance | Ensure that direct internet access is disabled for an Amazon SageMaker Notebook Instance | Terraform |
| 307 | CKV_AWS_123 | resource | AWS::EC2::VPCEndpointService | Ensure that VPC Endpoint Service is configured for Manual Acceptance | Cloudformation |
| 308 | CKV_AWS_123 | resource | aws_vpc_endpoint_service | Ensure that VPC Endpoint Service is configured for Manual Acceptance | Terraform |
| 309 | CKV_AWS_124 | resource | aws_cloudformation_stack | Ensure that CloudFormation stacks are sending event notifications to an SNS topic | Terraform |
| 310 | CKV_AWS_126 | resource | aws_instance | Ensure that detailed monitoring is enabled for EC2 instances | Terraform |
| 311 | CKV_AWS_127 | resource | aws_elb | Ensure that Elastic Load Balancer(s) uses SSL certificates provided by AWS Certificate Manager | Terraform |
| 312 | CKV_AWS_128 | resource | aws_rds_cluster | Ensure that an Amazon RDS Clusters have AWS Identity and Access Management (IAM) authentication enabled | Terraform |
| 313 | CKV_AWS_129 | resource | aws_db_instance | Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled | Terraform |
| 314 | CKV_AWS_130 | resource | aws_subnet | Ensure VPC subnets do not assign public IP by default | Terraform |
| 315 | CKV_AWS_131 | resource | AWS::ElasticLoadBalancingV2::LoadBalancer | Ensure that ALB drops HTTP headers | Cloudformation |
| 316 | CKV_AWS_131 | resource | aws_alb | Ensure that ALB drops HTTP headers | Terraform |
| 317 | CKV_AWS_131 | resource | aws_lb | Ensure that ALB drops HTTP headers | Terraform |
| 318 | CKV_AWS_133 | resource | aws_db_instance | Ensure that RDS instances has backup policy | Terraform |
| 319 | CKV_AWS_133 | resource | aws_rds_cluster | Ensure that RDS instances has backup policy | Terraform |
| 320 | CKV_AWS_134 | resource | aws_elasticache_cluster | Ensure that Amazon ElastiCache Redis clusters have automatic backup turned on | Terraform |
| 321 | CKV_AWS_135 | resource | aws_instance | Ensure that EC2 is EBS optimized | Terraform |
| 322 | CKV_AWS_136 | resource | AWS::ECR::Repository | Ensure that ECR repositories are encrypted using KMS | Cloudformation |
| 323 | CKV_AWS_136 | resource | aws_ecr_repository | Ensure that ECR repositories are encrypted using KMS | Terraform |
| 324 | CKV_AWS_137 | resource | aws_elasticsearch_domain | Ensure that Elasticsearch is configured inside a VPC | Terraform |
| 325 | CKV_AWS_137 | resource | aws_opensearch_domain | Ensure that Elasticsearch is configured inside a VPC | Terraform |
| 326 | CKV_AWS_138 | resource | aws_elb | Ensure that ELB is cross-zone-load-balancing enabled | Terraform |
| 327 | CKV_AWS_139 | resource | aws_rds_cluster | Ensure that RDS clusters have deletion protection enabled | Terraform |
| 328 | CKV_AWS_140 | resource | aws_rds_global_cluster | Ensure that RDS global clusters are encrypted | Terraform |
| 329 | CKV_AWS_141 | resource | aws_redshift_cluster | Ensured that redshift cluster allowing version upgrade by default | Terraform |
| 330 | CKV_AWS_142 | resource | aws_redshift_cluster | Ensure that Redshift cluster is encrypted by KMS | Terraform |
| 331 | CKV_AWS_143 | resource | aws_s3_bucket | Ensure that S3 bucket has lock configuration enabled by default | Terraform |
| 332 | CKV_AWS_144 | resource | aws_s3_bucket | Ensure that S3 bucket has cross-region replication enabled | Terraform |
| 333 | CKV_AWS_145 | resource | aws_s3_bucket | Ensure that S3 buckets are encrypted with KMS by default | Terraform |
| 334 | CKV_AWS_145 | resource | aws_s3_bucket_server_side_encryption_configuration | Ensure that S3 buckets are encrypted with KMS by default | Terraform |
| 335 | CKV_AWS_146 | resource | aws_db_cluster_snapshot | Ensure that RDS database cluster snapshot is encrypted | Terraform |
| 336 | CKV_AWS_147 | resource | aws_codebuild_project | Ensure that CodeBuild projects are encrypted | Terraform |
| 337 | CKV_AWS_148 | resource | aws_default_vpc | Ensure no default VPC is planned to be provisioned | Terraform |
| 338 | CKV_AWS_149 | resource | AWS::SecretsManager::Secret | Ensure that Secrets Manager secret is encrypted using KMS CMK | Cloudformation |
| 339 | CKV_AWS_149 | resource | aws_secretsmanager_secret | Ensure that Secrets Manager secret is encrypted using KMS CMK | Terraform |
| 340 | CKV_AWS_150 | resource | aws_alb | Ensure that Load Balancer has deletion protection enabled | Terraform |
| 341 | CKV_AWS_150 | resource | aws_lb | Ensure that Load Balancer has deletion protection enabled | Terraform |
| 342 | CKV_AWS_152 | resource | aws_alb | Ensure that Load Balancer (Network/Gateway) has cross-zone load balancing enabled | Terraform |
| 343 | CKV_AWS_152 | resource | aws_lb | Ensure that Load Balancer (Network/Gateway) has cross-zone load balancing enabled | Terraform |
| 344 | CKV_AWS_153 | resource | aws_autoscaling_group | Autoscaling groups should supply tags to launch configurations | Terraform |
| 345 | CKV_AWS_154 | resource | AWS::Redshift::Cluster | Ensure Redshift is not deployed outside of a VPC | Cloudformation |
| 346 | CKV_AWS_154 | resource | aws_redshift_cluster | Ensure Redshift is not deployed outside of a VPC | Terraform |
| 347 | CKV_AWS_155 | resource | AWS::WorkSpaces::Workspace | Ensure that Workspace user volumes are encrypted | Cloudformation |
| 348 | CKV_AWS_155 | resource | aws_workspaces_workspace | Ensure that Workspace user volumes are encrypted | Terraform |
| 349 | CKV_AWS_156 | resource | AWS::WorkSpaces::Workspace | Ensure that Workspace root volumes are encrypted | Cloudformation |
| 350 | CKV_AWS_156 | resource | aws_workspaces_workspace | Ensure that Workspace root volumes are encrypted | Terraform |
| 351 | CKV_AWS_157 | resource | AWS::RDS::DBInstance | Ensure that RDS instances have Multi-AZ enabled | Cloudformation |
| 352 | CKV_AWS_157 | resource | aws_db_instance | Ensure that RDS instances have Multi-AZ enabled | Terraform |
| 353 | CKV_AWS_158 | resource | AWS::Logs::LogGroup | Ensure that CloudWatch Log Group is encrypted by KMS | Cloudformation |
| 354 | CKV_AWS_158 | resource | aws_cloudwatch_log_group | Ensure that CloudWatch Log Group is encrypted by KMS | Terraform |
| 355 | CKV_AWS_159 | resource | aws_athena_workgroup | Ensure that Athena Workgroup is encrypted | Terraform |
| 356 | CKV_AWS_160 | resource | AWS::Timestream::Database | Ensure that Timestream database is encrypted with KMS CMK | Cloudformation |
| 357 | CKV_AWS_160 | resource | aws_timestreamwrite_database | Ensure that Timestream database is encrypted with KMS CMK | Terraform |
| 358 | CKV_AWS_161 | resource | AWS::RDS::DBInstance | Ensure RDS database has IAM authentication enabled | Cloudformation |
| 359 | CKV_AWS_161 | resource | aws_db_instance | Ensure RDS database has IAM authentication enabled | Terraform |
| 360 | CKV_AWS_162 | resource | AWS::RDS::DBCluster | Ensure RDS cluster has IAM authentication enabled | Cloudformation |
| 361 | CKV_AWS_162 | resource | aws_rds_cluster | Ensure RDS cluster has IAM authentication enabled | Terraform |
| 362 | CKV_AWS_163 | resource | AWS::ECR::Repository | Ensure ECR image scanning on push is enabled | Cloudformation |
| 363 | CKV_AWS_163 | resource | aws_ecr_repository | Ensure ECR image scanning on push is enabled | Terraform |
| 364 | CKV_AWS_164 | resource | AWS::Transfer::Server | Ensure Transfer Server is not exposed publicly. | Cloudformation |
| 365 | CKV_AWS_164 | resource | aws_transfer_server | Ensure Transfer Server is not exposed publicly. | Terraform |
| 366 | CKV_AWS_165 | resource | AWS::DynamoDB::GlobalTable | Ensure Dynamodb global table point in time recovery (backup) is enabled | Cloudformation |
| 367 | CKV_AWS_165 | resource | aws_dynamodb_global_table | Ensure Dynamodb point in time recovery (backup) is enabled for global tables | Terraform |
| 368 | CKV_AWS_166 | resource | AWS::Backup::BackupVault | Ensure Backup Vault is encrypted at rest using KMS CMK | Cloudformation |
| 369 | CKV_AWS_166 | resource | aws_backup_vault | Ensure Backup Vault is encrypted at rest using KMS CMK | Terraform |
| 370 | CKV_AWS_167 | resource | aws_glacier_vault | Ensure Glacier Vault access policy is not public by only allowing specific services or principals to access it | Terraform |
| 371 | CKV_AWS_168 | resource | aws_sqs_queue | Ensure SQS queue policy is not public by only allowing specific services or principals to access it | Terraform |
| 372 | CKV_AWS_168 | resource | aws_sqs_queue_policy | Ensure SQS queue policy is not public by only allowing specific services or principals to access it | Terraform |
| 373 | CKV_AWS_169 | resource | aws_sns_topic_policy | Ensure SNS topic policy is not public by only allowing specific services or principals to access it | Terraform |
| 374 | CKV_AWS_170 | resource | AWS::QLDB::Ledger | Ensure QLDB ledger permissions mode is set to STANDARD | Cloudformation |
| 375 | CKV_AWS_170 | resource | aws_qldb_ledger | Ensure QLDB ledger permissions mode is set to STANDARD | Terraform |
| 376 | CKV_AWS_171 | resource | aws_emr_security_configuration | Ensure Cluster security configuration encryption is using SSE-KMS | Terraform |
| 377 | CKV_AWS_172 | resource | AWS::QLDB::Ledger | Ensure QLDB ledger has deletion protection enabled | Cloudformation |
| 378 | CKV_AWS_172 | resource | aws_qldb_ledger | Ensure QLDB ledger has deletion protection enabled | Terraform |
| 379 | CKV_AWS_173 | resource | AWS::Lambda::Function | Check encryption settings for Lambda environmental variable | Cloudformation |
| 380 | CKV_AWS_173 | resource | AWS::Serverless::Function | Check encryption settings for Lambda environmental variable | Cloudformation |
| 381 | CKV_AWS_173 | resource | aws_lambda_function | Check encryption settings for Lambda environmental variable | Terraform |
| 382 | CKV_AWS_174 | resource | AWS::CloudFront::Distribution | Verify CloudFront Distribution Viewer Certificate is using TLS v1.2 | Cloudformation |
| 383 | CKV_AWS_174 | resource | aws_cloudfront_distribution | Verify CloudFront Distribution Viewer Certificate is using TLS v1.2 | Terraform |
| 384 | CKV_AWS_175 | resource | aws_waf_web_acl | Ensure WAF has associated rules | Terraform |
| 385 | CKV_AWS_175 | resource | aws_wafregional_web_acl | Ensure WAF has associated rules | Terraform |
| 386 | CKV_AWS_175 | resource | aws_wafv2_web_acl | Ensure WAF has associated rules | Terraform |
| 387 | CKV_AWS_176 | resource | aws_waf_web_acl | Ensure Logging is enabled for WAF Web Access Control Lists | Terraform |
| 388 | CKV_AWS_176 | resource | aws_wafregional_web_acl | Ensure Logging is enabled for WAF Web Access Control Lists | Terraform |
| 389 | CKV_AWS_177 | resource | aws_kinesis_video_stream | Ensure Kinesis Video Stream is encrypted by KMS using a customer managed Key (CMK) | Terraform |
| 390 | CKV_AWS_178 | resource | aws_fsx_ontap_file_system | Ensure fx ontap file system is encrypted by KMS using a customer managed Key (CMK) | Terraform |
| 391 | CKV_AWS_179 | resource | aws_fsx_windows_file_system | Ensure FSX Windows filesystem is encrypted by KMS using a customer managed Key (CMK) | Terraform |
| 392 | CKV_AWS_180 | resource | aws_imagebuilder_component | Ensure Image Builder component is encrypted by KMS using a customer managed Key (CMK) | Terraform |
| 393 | CKV_AWS_181 | resource | aws_s3_object_copy | Ensure S3 Object Copy is encrypted by KMS using a customer managed Key (CMK) | Terraform |
| 394 | CKV_AWS_182 | resource | aws_docdb_cluster | Ensure Doc DB is encrypted by KMS using a customer managed Key (CMK) | Terraform |
| 395 | CKV_AWS_183 | resource | aws_ebs_snapshot_copy | Ensure EBS Snapshot Copy is encrypted by KMS using a customer managed Key (CMK) | Terraform |
| 396 | CKV_AWS_184 | resource | aws_efs_file_system | Ensure resource is encrypted by KMS using a customer managed Key (CMK) | Terraform |
| 397 | CKV_AWS_185 | resource | aws_kinesis_stream | Ensure Kinesis Stream is encrypted by KMS using a customer managed Key (CMK) | Terraform |
| 398 | CKV_AWS_186 | resource | aws_s3_bucket_object | Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK) | Terraform |
| 399 | CKV_AWS_187 | resource | aws_sagemaker_domain | Ensure Sagemaker domain is encrypted by KMS using a customer managed Key (CMK) | Terraform |
| 400 | CKV_AWS_188 | resource | aws_redshift_cluster | Ensure RedShift Cluster is encrypted by KMS using a customer managed Key (CMK) | Terraform |
| 401 | CKV_AWS_189 | resource | aws_ebs_volume | Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK) | Terraform |
| 402 | CKV_AWS_190 | resource | aws_fsx_lustre_file_system | Ensure lustre file systems is encrypted by KMS using a customer managed Key (CMK) | Terraform |
| 403 | CKV_AWS_191 | resource | aws_elasticache_replication_group | Ensure Elasticache replication group is encrypted by KMS using a customer managed Key (CMK) | Terraform |
| 404 | CKV_AWS_192 | resource | AWS::WAFv2::WebACL | Ensure WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell | Cloudformation |
| 405 | CKV_AWS_192 | resource | aws_wafv2_web_acl | Ensure WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell | Terraform |
| 406 | CKV_AWS_193 | resource | AWS::AppSync::GraphQLApi | Ensure AppSync has Logging enabled | Cloudformation |
| 407 | CKV_AWS_193 | resource | aws_appsync_graphql_api | Ensure AppSync has Logging enabled | Terraform |
| 408 | CKV_AWS_194 | resource | AWS::AppSync::GraphQLApi | Ensure AppSync has Field-Level logs enabled | Cloudformation |
| 409 | CKV_AWS_194 | resource | aws_appsync_graphql_api | Ensure AppSync has Field-Level logs enabled | Terraform |
| 410 | CKV_AWS_195 | resource | AWS::Glue::Crawler | Ensure Glue component has a security configuration associated | Cloudformation |
| 411 | CKV_AWS_195 | resource | AWS::Glue::DevEndpoint | Ensure Glue component has a security configuration associated | Cloudformation |
| 412 | CKV_AWS_195 | resource | AWS::Glue::Job | Ensure Glue component has a security configuration associated | Cloudformation |
| 413 | CKV_AWS_195 | resource | aws_glue_crawler | Ensure Glue component has a security configuration associated | Terraform |
| 414 | CKV_AWS_195 | resource | aws_glue_dev_endpoint | Ensure Glue component has a security configuration associated | Terraform |
| 415 | CKV_AWS_195 | resource | aws_glue_job | Ensure Glue component has a security configuration associated | Terraform |
| 416 | CKV_AWS_196 | resource | aws_elasticache_security_group | Ensure no aws_elasticache_security_group resources exist | Terraform |
| 417 | CKV_AWS_197 | resource | aws_mq_broker | Ensure MQ Broker Audit logging is enabled | Terraform |
| 418 | CKV_AWS_198 | resource | aws_db_security_group | Ensure no aws_db_security_group resources exist | Terraform |
| 419 | CKV_AWS_199 | resource | aws_imagebuilder_distribution_configuration | Ensure Image Builder Distribution Configuration encrypts AMI's using KMS - a customer managed Key (CMK) | Terraform |
| 420 | CKV_AWS_200 | resource | aws_imagebuilder_image_recipe | Ensure that Image Recipe EBS Disk are encrypted with CMK | Terraform |
| 421 | CKV_AWS_201 | resource | aws_memorydb_cluster | Ensure MemoryDB is encrypted at rest using KMS CMKs | Terraform |
| 422 | CKV_AWS_202 | resource | aws_memorydb_cluster | Ensure MemoryDB data is encrypted in transit | Terraform |
| 423 | CKV_AWS_203 | resource | aws_fsx_openzfs_file_system | Ensure resource is encrypted by KMS using a customer managed Key (CMK) | Terraform |
| 424 | CKV_AWS_204 | resource | aws_ami | Ensure AMIs are encrypted using KMS CMKs | Terraform |
| 425 | CKV_AWS_205 | resource | aws_ami_launch_permission | Ensure to Limit AMI launch Permissions | Terraform |
| 426 | CKV_AWS_206 | resource | aws_api_gateway_domain_name | Ensure API Gateway Domain uses a modern security Policy | Terraform |
| 427 | CKV_AWS_207 | resource | aws_mq_broker | Ensure MQ Broker minor version updates are enabled | Terraform |
| 428 | CKV_AWS_208 | resource | aws_mq_broker | Ensure MQBroker version is current | Terraform |
| 429 | CKV_AWS_208 | resource | aws_mq_configuration | Ensure MQBroker version is current | Terraform |
| 430 | CKV_AWS_209 | resource | aws_mq_broker | Ensure MQ broker encrypted by KMS using a customer managed Key (CMK) | Terraform |
| 431 | CKV_AWS_210 | resource | aws_batch_job_definition | Batch job does not define a privileged container | Terraform |
| 432 | CKV_AWS_211 | resource | aws_db_instance | Ensure RDS uses a modern CaCert | Terraform |
| 433 | CKV_AWS_212 | resource | aws_dms_replication_instance | Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK) | Terraform |
| 434 | CKV_AWS_213 | resource | aws_load_balancer_policy | Ensure ELB Policy uses only secure protocols | Terraform |
| 435 | CKV_AWS_214 | resource | aws_appsync_api_cache | Ensure Appsync API Cache is encrypted at rest | Terraform |
| 436 | CKV_AWS_215 | resource | aws_appsync_api_cache | Ensure Appsync API Cache is encrypted in transit | Terraform |
| 437 | CKV_AWS_216 | resource | aws_cloudfront_distribution | Ensure Cloudfront distribution is enabled | Terraform |
| 438 | CKV_AWS_217 | resource | aws_api_gateway_deployment | Ensure Create before destroy for API deployments | Terraform |
| 439 | CKV_AWS_218 | resource | aws_cloudsearch_domain | Ensure that Cloudsearch is using latest TLS | Terraform |
| 440 | CKV_AWS_219 | resource | aws_codepipeline | Ensure Code Pipeline Artifact store is using a KMS CMK | Terraform |
| 441 | CKV_AWS_220 | resource | aws_cloudsearch_domain | Ensure that Cloudsearch is using https | Terraform |
| 442 | CKV_AWS_221 | resource | aws_codeartifact_domain | Ensure Code artifact Domain is encrypted by KMS using a customer managed Key (CMK) | Terraform |
| 443 | CKV_AWS_222 | resource | aws_dms_replication_instance | Ensure DMS instance gets all minor upgrade automatically | Terraform |
| 444 | CKV_AWS_223 | resource | aws_ecs_cluster | Ensure ECS Cluster enables logging of ECS Exec | Terraform |
| 445 | CKV_AWS_224 | resource | aws_ecs_cluster | Ensure Cluster logging with CMK | Terraform |
| 446 | CKV_AWS_225 | resource | aws_api_gateway_method_settings | Ensure API Gateway method setting caching is enabled | Terraform |
| 447 | CKV_AWS_226 | resource | aws_db_instance | Ensure DB instance gets all minor upgrades automatically | Terraform |
| 448 | CKV_AWS_226 | resource | aws_rds_cluster_instance | Ensure DB instance gets all minor upgrades automatically | Terraform |
| 449 | CKV_AWS_227 | resource | aws_kms_key | Ensure KMS key is enabled | Terraform |
| 450 | CKV_AWS_228 | resource | aws_elasticsearch_domain | Verify Elasticsearch domain is using an up to date TLS policy | Terraform |
| 451 | CKV_AWS_228 | resource | aws_opensearch_domain | Verify Elasticsearch domain is using an up to date TLS policy | Terraform |
| 452 | CKV_AWS_229 | resource | aws_network_acl | Ensure no NACL allow ingress from 0.0.0.0:0 to port 21 | Terraform |
| 453 | CKV_AWS_229 | resource | aws_network_acl_rule | Ensure no NACL allow ingress from 0.0.0.0:0 to port 21 | Terraform |
| 454 | CKV_AWS_230 | resource | aws_network_acl | Ensure no NACL allow ingress from 0.0.0.0:0 to port 20 | Terraform |
| 455 | CKV_AWS_230 | resource | aws_network_acl_rule | Ensure no NACL allow ingress from 0.0.0.0:0 to port 20 | Terraform |
| 456 | CKV_AWS_231 | resource | aws_network_acl | Ensure no NACL allow ingress from 0.0.0.0:0 to port 3389 | Terraform |
| 457 | CKV_AWS_231 | resource | aws_network_acl_rule | Ensure no NACL allow ingress from 0.0.0.0:0 to port 3389 | Terraform |
| 458 | CKV_AWS_232 | resource | aws_network_acl | Ensure no NACL allow ingress from 0.0.0.0:0 to port 22 | Terraform |
| 459 | CKV_AWS_232 | resource | aws_network_acl_rule | Ensure no NACL allow ingress from 0.0.0.0:0 to port 22 | Terraform |
| 460 | CKV_AWS_233 | resource | aws_acm_certificate | Ensure Create before destroy for ACM certificates | Terraform |
| 461 | CKV_AWS_234 | resource | aws_acm_certificate | Verify logging preference for ACM certificates | Terraform |
| 462 | CKV_AWS_235 | resource | aws_ami_copy | Ensure that copied AMIs are encrypted | Terraform |
| 463 | CKV_AWS_236 | resource | aws_ami_copy | Ensure AMI copying uses a CMK | Terraform |
| 464 | CKV_AWS_237 | resource | aws_api_gateway_rest_api | Ensure Create before destroy for API GATEWAY | Terraform |
| 465 | CKV_AWS_238 | resource | aws_guardduty_detector | Ensure that Guard Duty detector is enabled | Terraform |
| 466 | CKV_AWS_239 | resource | aws_dax_cluster | Ensure DAX cluster endpoint is using TLS | Terraform |
| 467 | CKV_AWS_240 | resource | aws_kinesis_firehose_delivery_stream | Ensure Kinesis Firehose delivery stream is encrypted | Terraform |
| 468 | CKV_AWS_241 | resource | aws_kinesis_firehose_delivery_stream | Ensure that Kinesis Firehose Delivery Streams are encrypted with CMK | Terraform |
| 469 | CKV_AWS_242 | resource | aws_mwaa_environment | Ensure MWAA environment has scheduler logs enabled | Terraform |
| 470 | CKV_AWS_243 | resource | aws_mwaa_environment | Ensure MWAA environment has worker logs enabled | Terraform |
| 471 | CKV_AWS_244 | resource | aws_mwaa_environment | Ensure MWAA environment has webserver logs enabled | Terraform |
| 472 | CKV_AWS_245 | resource | aws_db_instance_automated_backups_replication | Ensure replicated backups are encrypted at rest using KMS CMKs | Terraform |
| 473 | CKV_AWS_246 | resource | aws_rds_cluster_activity_stream | Ensure RDS Cluster activity streams are encrypted using KMS CMKs | Terraform |
| 474 | CKV_AWS_247 | resource | aws_elasticsearch_domain | Ensure all data stored in the Elasticsearch is encrypted with a CMK | Terraform |
| 475 | CKV_AWS_247 | resource | aws_opensearch_domain | Ensure all data stored in the Elasticsearch is encrypted with a CMK | Terraform |
| 476 | CKV_AWS_248 | resource | aws_elasticsearch_domain | Ensure that Elasticsearch is not using the default Security Group | Terraform |
| 477 | CKV_AWS_248 | resource | aws_opensearch_domain | Ensure that Elasticsearch is not using the default Security Group | Terraform |
| 478 | CKV_AWS_249 | resource | aws_ecs_task_definition | Ensure that the Execution Role ARN and the Task Role ARN are different in ECS Task definitions | Terraform |
| 479 | CKV_AWS_250 | resource | aws_db_instance | Ensure that RDS PostgreSQL instances use a non vulnerable version with the log_fdw extension (https://aws.amazon.com/security/security-bulletins/AWS-2022-004/) | Terraform |
| 480 | CKV_AWS_250 | resource | aws_rds_cluster | Ensure that RDS PostgreSQL instances use a non vulnerable version with the log_fdw extension (https://aws.amazon.com/security/security-bulletins/AWS-2022-004/) | Terraform |
| 481 | CKV2_AWS_1 | resource | aws_network_acl | Ensure that all NACL are attached to subnets | Terraform |
| 482 | CKV2_AWS_1 | resource | aws_subnet | Ensure that all NACL are attached to subnets | Terraform |
| 483 | CKV2_AWS_2 | resource | aws_ebs_volume | Ensure that only encrypted EBS volumes are attached to EC2 instances | Terraform |
| 484 | CKV2_AWS_2 | resource | aws_volume_attachment | Ensure that only encrypted EBS volumes are attached to EC2 instances | Terraform |
| 485 | CKV2_AWS_3 | resource | aws_guardduty_detector | Ensure GuardDuty is enabled to specific org/region | Terraform |
| 486 | CKV2_AWS_3 | resource | aws_guardduty_organization_configuration | Ensure GuardDuty is enabled to specific org/region | Terraform |
| 487 | CKV2_AWS_4 | resource | aws_api_gateway_method_settings | Ensure API Gateway stage have logging level defined as appropriate | Terraform |
| 488 | CKV2_AWS_4 | resource | aws_api_gateway_stage | Ensure API Gateway stage have logging level defined as appropriate | Terraform |
| 489 | CKV2_AWS_5 | resource | aws_security_group | Ensure that Security Groups are attached to another resource | Terraform |
| 490 | CKV2_AWS_6 | resource | aws_s3_bucket | Ensure that S3 bucket has a Public Access block | Terraform |
| 491 | CKV2_AWS_6 | resource | aws_s3_bucket_public_access_block | Ensure that S3 bucket has a Public Access block | Terraform |
| 492 | CKV2_AWS_7 | resource | aws_emr_cluster | Ensure that Amazon EMR clusters' security groups are not open to the world | Terraform |
| 493 | CKV2_AWS_7 | resource | aws_security_group | Ensure that Amazon EMR clusters' security groups are not open to the world | Terraform |
| 494 | CKV2_AWS_8 | resource | aws_rds_cluster | Ensure that RDS clusters has backup plan of AWS Backup | Terraform |
| 495 | CKV2_AWS_9 | resource | aws_backup_selection | Ensure that EBS are added in the backup plans of AWS Backup | Terraform |
| 496 | CKV2_AWS_10 | resource | aws_cloudtrail | Ensure CloudTrail trails are integrated with CloudWatch Logs | Terraform |
| 497 | CKV2_AWS_11 | resource | aws_vpc | Ensure VPC flow logging is enabled in all VPCs | Terraform |
| 498 | CKV2_AWS_12 | resource | aws_default_security_group | Ensure the default security group of every VPC restricts all traffic | Terraform |
| 499 | CKV2_AWS_12 | resource | aws_vpc | Ensure the default security group of every VPC restricts all traffic | Terraform |
| 500 | CKV2_AWS_14 | resource | aws_iam_group | Ensure that IAM groups includes at least one IAM user | Terraform |
| 501 | CKV2_AWS_14 | resource | aws_iam_group_membership | Ensure that IAM groups includes at least one IAM user | Terraform |
| 502 | CKV2_AWS_15 | resource | aws_autoscaling_group | Ensure that auto Scaling groups that are associated with a load balancer, are using Elastic Load Balancing health checks. | Terraform |
| 503 | CKV2_AWS_15 | resource | aws_elb | Ensure that auto Scaling groups that are associated with a load balancer, are using Elastic Load Balancing health checks. | Terraform |
| 504 | CKV2_AWS_16 | resource | aws_appautoscaling_target | Ensure that Auto Scaling is enabled on your DynamoDB tables | Terraform |
| 505 | CKV2_AWS_16 | resource | aws_dynamodb_table | Ensure that Auto Scaling is enabled on your DynamoDB tables | Terraform |
| 506 | CKV2_AWS_18 | resource | aws_backup_selection | Ensure that Elastic File System (Amazon EFS) file systems are added in the backup plans of AWS Backup | Terraform |
| 507 | CKV2_AWS_19 | resource | aws_eip | Ensure that all EIP addresses allocated to a VPC are attached to EC2 instances | Terraform |
| 508 | CKV2_AWS_19 | resource | aws_eip_association | Ensure that all EIP addresses allocated to a VPC are attached to EC2 instances | Terraform |
| 509 | CKV2_AWS_20 | resource | aws_alb | Ensure that ALB redirects HTTP requests into HTTPS ones | Terraform |
| 510 | CKV2_AWS_20 | resource | aws_alb_listener | Ensure that ALB redirects HTTP requests into HTTPS ones | Terraform |
| 511 | CKV2_AWS_20 | resource | aws_lb | Ensure that ALB redirects HTTP requests into HTTPS ones | Terraform |
| 512 | CKV2_AWS_20 | resource | aws_lb_listener | Ensure that ALB redirects HTTP requests into HTTPS ones | Terraform |
| 513 | CKV2_AWS_21 | resource | aws_iam_group_membership | Ensure that all IAM users are members of at least one IAM group. | Terraform |
| 514 | CKV2_AWS_22 | resource | aws_iam_user | Ensure an IAM User does not have access to the console | Terraform |
| 515 | CKV2_AWS_23 | resource | aws_route53_record | Route53 A Record has Attached Resource | Terraform |
| 516 | CKV2_AWS_27 | resource | aws_rds_cluster | Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled | Terraform |
| 517 | CKV2_AWS_27 | resource | aws_rds_cluster_parameter_group | Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled | Terraform |
| 518 | CKV2_AWS_28 | resource | aws_alb | Ensure public facing ALB are protected by WAF | Terraform |
| 519 | CKV2_AWS_28 | resource | aws_lb | Ensure public facing ALB are protected by WAF | Terraform |
| 520 | CKV2_AWS_29 | resource | aws_api_gateway_rest_api | Ensure public API gateway are protected by WAF | Terraform |
| 521 | CKV2_AWS_29 | resource | aws_api_gateway_stage | Ensure public API gateway are protected by WAF | Terraform |
| 522 | CKV2_AWS_30 | resource | aws_db_instance | Ensure Postgres RDS as aws_db_instance has Query Logging enabled | Terraform |
| 523 | CKV2_AWS_30 | resource | aws_db_parameter_group | Ensure Postgres RDS as aws_db_instance has Query Logging enabled | Terraform |
| 524 | CKV2_AWS_31 | resource | aws_wafv2_web_acl | Ensure WAF2 has a Logging Configuration | Terraform |
| 525 | CKV2_AWS_32 | resource | aws_cloudfront_distribution | Ensure CloudFront distribution has a strict security headers policy attached | Terraform |
| 526 | CKV2_AWS_32 | resource | aws_cloudfront_response_headers_policy | Ensure CloudFront distribution has a strict security headers policy attached | Terraform |
| 527 | CKV2_AWS_33 | resource | aws_appsync_graphql_api | Ensure AppSync is protected by WAF | Terraform |
| 528 | CKV2_AWS_34 | resource | aws_ssm_parameter | AWS SSM Parameter should be Encrypted | Terraform |
| 529 | CKV2_AWS_35 | resource | aws_route | AWS NAT Gateways should be utilized for the default route | Terraform |
| 530 | CKV2_AWS_35 | resource | aws_route_table | AWS NAT Gateways should be utilized for the default route | Terraform |
| 531 | CKV2_AWS_36 | resource | aws_ssm_parameter | Ensure terraform is not sending SSM secrets to untrusted domains over HTTP | Terraform |
| 532 | CKV2_AWS_36 | resource | data.http | Ensure terraform is not sending SSM secrets to untrusted domains over HTTP | Terraform |
| 533 | CKV_AZURE_1 | resource | Microsoft.Compute/virtualMachines | Ensure Azure Instance does not use basic authentication(Use SSH Key Instead) | arm |
| 534 | CKV_AZURE_1 | resource | Microsoft.Compute/virtualMachines | Ensure Azure Instance does not use basic authentication(Use SSH Key Instead) | Bicep |
| 535 | CKV_AZURE_1 | resource | azurerm_linux_virtual_machine | Ensure Azure Instance does not use basic authentication(Use SSH Key Instead) | Terraform |
| 536 | CKV_AZURE_1 | resource | azurerm_virtual_machine | Ensure Azure Instance does not use basic authentication(Use SSH Key Instead) | Terraform |
| 537 | CKV_AZURE_2 | resource | Microsoft.Compute/disks | Ensure Azure managed disk have encryption enabled | arm |
| 538 | CKV_AZURE_2 | resource | Microsoft.Compute/disks | Ensure Azure managed disk have encryption enabled | Bicep |
| 539 | CKV_AZURE_2 | resource | azurerm_managed_disk | Ensure Azure managed disk has encryption enabled | Terraform |
| 540 | CKV_AZURE_3 | resource | Microsoft.Storage/storageAccounts | Ensure that 'supportsHttpsTrafficOnly' is set to 'true' | arm |
| 541 | CKV_AZURE_3 | resource | Microsoft.Storage/storageAccounts | Ensure that 'supportsHttpsTrafficOnly' is set to 'true' | Bicep |
| 542 | CKV_AZURE_3 | resource | azurerm_storage_account | Ensure that 'Secure transfer required' is set to 'Enabled' | Terraform |
| 543 | CKV_AZURE_4 | resource | Microsoft.ContainerService/managedClusters | Ensure AKS logging to Azure Monitoring is Configured | arm |
| 544 | CKV_AZURE_4 | resource | Microsoft.ContainerService/managedClusters | Ensure AKS logging to Azure Monitoring is Configured | Bicep |
| 545 | CKV_AZURE_4 | resource | azurerm_kubernetes_cluster | Ensure AKS logging to Azure Monitoring is Configured | Terraform |
| 546 | CKV_AZURE_5 | resource | Microsoft.ContainerService/managedClusters | Ensure RBAC is enabled on AKS clusters | arm |
| 547 | CKV_AZURE_5 | resource | Microsoft.ContainerService/managedClusters | Ensure RBAC is enabled on AKS clusters | Bicep |
| 548 | CKV_AZURE_5 | resource | azurerm_kubernetes_cluster | Ensure RBAC is enabled on AKS clusters | Terraform |
| 549 | CKV_AZURE_6 | resource | Microsoft.ContainerService/managedClusters | Ensure AKS has an API Server Authorized IP Ranges enabled | arm |
| 550 | CKV_AZURE_6 | resource | Microsoft.ContainerService/managedClusters | Ensure AKS has an API Server Authorized IP Ranges enabled | Bicep |
| 551 | CKV_AZURE_6 | resource | azurerm_kubernetes_cluster | Ensure AKS has an API Server Authorized IP Ranges enabled | Terraform |
| 552 | CKV_AZURE_7 | resource | Microsoft.ContainerService/managedClusters | Ensure AKS cluster has Network Policy configured | arm |
| 553 | CKV_AZURE_7 | resource | Microsoft.ContainerService/managedClusters | Ensure AKS cluster has Network Policy configured | Bicep |
| 554 | CKV_AZURE_7 | resource | azurerm_kubernetes_cluster | Ensure AKS cluster has Network Policy configured | Terraform |
| 555 | CKV_AZURE_8 | resource | Microsoft.ContainerService/managedClusters | Ensure Kubernetes Dashboard is disabled | arm |
| 556 | CKV_AZURE_8 | resource | Microsoft.ContainerService/managedClusters | Ensure Kubernetes Dashboard is disabled | Bicep |
| 557 | CKV_AZURE_8 | resource | azurerm_kubernetes_cluster | Ensure Kubernetes Dashboard is disabled | Terraform |
| 558 | CKV_AZURE_9 | resource | Microsoft.Network/networkSecurityGroups | Ensure that RDP access is restricted from the internet | arm |
| 559 | CKV_AZURE_9 | resource | Microsoft.Network/networkSecurityGroups | Ensure that RDP access is restricted from the internet | Bicep |
| 560 | CKV_AZURE_9 | resource | Microsoft.Network/networkSecurityGroups/securityRules | Ensure that RDP access is restricted from the internet | arm |
| 561 | CKV_AZURE_9 | resource | Microsoft.Network/networkSecurityGroups/securityRules | Ensure that RDP access is restricted from the internet | Bicep |
| 562 | CKV_AZURE_9 | resource | azurerm_network_security_group | Ensure that RDP access is restricted from the internet | Terraform |
| 563 | CKV_AZURE_9 | resource | azurerm_network_security_rule | Ensure that RDP access is restricted from the internet | Terraform |
| 564 | CKV_AZURE_10 | resource | Microsoft.Network/networkSecurityGroups | Ensure that SSH access is restricted from the internet | arm |
| 565 | CKV_AZURE_10 | resource | Microsoft.Network/networkSecurityGroups | Ensure that SSH access is restricted from the internet | Bicep |
| 566 | CKV_AZURE_10 | resource | Microsoft.Network/networkSecurityGroups/securityRules | Ensure that SSH access is restricted from the internet | arm |
| 567 | CKV_AZURE_10 | resource | Microsoft.Network/networkSecurityGroups/securityRules | Ensure that SSH access is restricted from the internet | Bicep |
| 568 | CKV_AZURE_10 | resource | azurerm_network_security_group | Ensure that SSH access is restricted from the internet | Terraform |
| 569 | CKV_AZURE_10 | resource | azurerm_network_security_rule | Ensure that SSH access is restricted from the internet | Terraform |
| 570 | CKV_AZURE_11 | resource | Microsoft.Sql/servers | Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) | arm |
| 571 | CKV_AZURE_11 | resource | Microsoft.Sql/servers | Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) | Bicep |
| 572 | CKV_AZURE_11 | resource | azurerm_mariadb_firewall_rule | Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) | Terraform |
| 573 | CKV_AZURE_11 | resource | azurerm_mysql_firewall_rule | Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) | Terraform |
| 574 | CKV_AZURE_11 | resource | azurerm_postgresql_firewall_rule | Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) | Terraform |
| 575 | CKV_AZURE_11 | resource | azurerm_sql_firewall_rule | Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) | Terraform |
| 576 | CKV_AZURE_12 | resource | Microsoft.Network/networkWatchers/FlowLogs | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | arm |
| 577 | CKV_AZURE_12 | resource | Microsoft.Network/networkWatchers/FlowLogs | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | Bicep |
| 578 | CKV_AZURE_12 | resource | Microsoft.Network/networkWatchers/FlowLogs/ | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | arm |
| 579 | CKV_AZURE_12 | resource | Microsoft.Network/networkWatchers/FlowLogs/ | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | Bicep |
| 580 | CKV_AZURE_12 | resource | Microsoft.Network/networkWatchers/flowLogs | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | arm |
| 581 | CKV_AZURE_12 | resource | Microsoft.Network/networkWatchers/flowLogs | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | Bicep |
| 582 | CKV_AZURE_12 | resource | Microsoft.Network/networkWatchers/flowLogs/ | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | arm |
| 583 | CKV_AZURE_12 | resource | Microsoft.Network/networkWatchers/flowLogs/ | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | Bicep |
| 584 | CKV_AZURE_12 | resource | azurerm_network_watcher_flow_log | Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' | Terraform |
| 585 | CKV_AZURE_13 | resource | Microsoft.Web/sites/config | Ensure App Service Authentication is set on Azure App Service | arm |
| 586 | CKV_AZURE_13 | resource | Microsoft.Web/sites/config | Ensure App Service Authentication is set on Azure App Service | Bicep |
| 587 | CKV_AZURE_13 | resource | azurerm_app_service | Ensure App Service Authentication is set on Azure App Service | Terraform |
| 588 | CKV_AZURE_13 | resource | config | Ensure App Service Authentication is set on Azure App Service | arm |
| 589 | CKV_AZURE_13 | resource | config | Ensure App Service Authentication is set on Azure App Service | Bicep |
| 590 | CKV_AZURE_14 | resource | Microsoft.Web/sites | Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service | arm |
| 591 | CKV_AZURE_14 | resource | Microsoft.Web/sites | Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service | Bicep |
| 592 | CKV_AZURE_14 | resource | azurerm_app_service | Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service | Terraform |
| 593 | CKV_AZURE_15 | resource | Microsoft.Web/sites | Ensure web app is using the latest version of TLS encryption | arm |
| 594 | CKV_AZURE_15 | resource | Microsoft.Web/sites | Ensure web app is using the latest version of TLS encryption | Bicep |
| 595 | CKV_AZURE_15 | resource | azurerm_app_service | Ensure web app is using the latest version of TLS encryption | Terraform |
| 596 | CKV_AZURE_16 | resource | Microsoft.Web/sites | Ensure that Register with Azure Active Directory is enabled on App Service | arm |
| 597 | CKV_AZURE_16 | resource | Microsoft.Web/sites | Ensure that Register with Azure Active Directory is enabled on App Service | Bicep |
| 598 | CKV_AZURE_16 | resource | azurerm_app_service | Ensure that Register with Azure Active Directory is enabled on App Service | Terraform |
| 599 | CKV_AZURE_17 | resource | Microsoft.Web/sites | Ensure the web app has 'Client Certificates (Incoming client certificates)' set | arm |
| 600 | CKV_AZURE_17 | resource | Microsoft.Web/sites | Ensure the web app has 'Client Certificates (Incoming client certificates)' set | Bicep |
| 601 | CKV_AZURE_17 | resource | azurerm_app_service | Ensure the web app has 'Client Certificates (Incoming client certificates)' set | Terraform |
| 602 | CKV_AZURE_18 | resource | Microsoft.Web/sites | Ensure that 'HTTP Version' is the latest if used to run the web app | arm |
| 603 | CKV_AZURE_18 | resource | Microsoft.Web/sites | Ensure that 'HTTP Version' is the latest if used to run the web app | Bicep |
| 604 | CKV_AZURE_18 | resource | azurerm_app_service | Ensure that 'HTTP Version' is the latest if used to run the web app | Terraform |
| 605 | CKV_AZURE_19 | resource | Microsoft.Security/pricings | Ensure that standard pricing tier is selected | arm |
| 606 | CKV_AZURE_19 | resource | Microsoft.Security/pricings | Ensure that standard pricing tier is selected | Bicep |
| 607 | CKV_AZURE_19 | resource | azurerm_security_center_subscription_pricing | Ensure that standard pricing tier is selected | Terraform |
| 608 | CKV_AZURE_20 | resource | Microsoft.Security/securityContacts | Ensure that security contact 'Phone number' is set | arm |
| 609 | CKV_AZURE_20 | resource | Microsoft.Security/securityContacts | Ensure that security contact 'Phone number' is set | Bicep |
| 610 | CKV_AZURE_20 | resource | azurerm_security_center_contact | Ensure that security contact 'Phone number' is set | Terraform |
| 611 | CKV_AZURE_21 | resource | Microsoft.Security/securityContacts | Ensure that 'Send email notification for high severity alerts' is set to 'On' | arm |
| 612 | CKV_AZURE_21 | resource | Microsoft.Security/securityContacts | Ensure that 'Send email notification for high severity alerts' is set to 'On' | Bicep |
| 613 | CKV_AZURE_21 | resource | azurerm_security_center_contact | Ensure that 'Send email notification for high severity alerts' is set to 'On' | Terraform |
| 614 | CKV_AZURE_22 | resource | Microsoft.Security/securityContacts | Ensure that 'Send email notification for high severity alerts' is set to 'On' | arm |
| 615 | CKV_AZURE_22 | resource | Microsoft.Security/securityContacts | Ensure that 'Send email notification for high severity alerts' is set to 'On' | Bicep |
| 616 | CKV_AZURE_22 | resource | azurerm_security_center_contact | Ensure that 'Send email notification for high severity alerts' is set to 'On' | Terraform |
| 617 | CKV_AZURE_23 | resource | Microsoft.Sql/servers | Ensure that 'Auditing' is set to 'Enabled' for SQL servers | arm |
| 618 | CKV_AZURE_23 | resource | Microsoft.Sql/servers/databases | Ensure that 'Auditing' is set to 'Enabled' for SQL servers | arm |
| 619 | CKV_AZURE_23 | resource | azurerm_mssql_server | Ensure that 'Auditing' is set to 'On' for SQL servers | Terraform |
| 620 | CKV_AZURE_23 | resource | azurerm_mssql_server_extended_auditing_policy | Ensure that 'Auditing' is set to 'On' for SQL servers | Terraform |
| 621 | CKV_AZURE_23 | resource | azurerm_sql_server | Ensure that 'Auditing' is set to 'On' for SQL servers | Terraform |
| 622 | CKV_AZURE_24 | resource | Microsoft.Sql/servers | Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers | arm |
| 623 | CKV_AZURE_24 | resource | Microsoft.Sql/servers | Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers | Bicep |
| 624 | CKV_AZURE_24 | resource | azurerm_mssql_server | Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers | Terraform |
| 625 | CKV_AZURE_24 | resource | azurerm_mssql_server_extended_auditing_policy | Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers | Terraform |
| 626 | CKV_AZURE_24 | resource | azurerm_sql_server | Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers | Terraform |
| 627 | CKV_AZURE_25 | resource | Microsoft.Sql/servers/databases | Ensure that 'Threat Detection types' is set to 'All' | arm |
| 628 | CKV_AZURE_25 | resource | Microsoft.Sql/servers/databases | Ensure that 'Threat Detection types' is set to 'All' | Bicep |
| 629 | CKV_AZURE_25 | resource | azurerm_mssql_server_security_alert_policy | Ensure that 'Threat Detection types' is set to 'All' | Terraform |
| 630 | CKV_AZURE_26 | resource | Microsoft.Sql/servers/databases | Ensure that 'Send Alerts To' is enabled for MSSQL servers | arm |
| 631 | CKV_AZURE_26 | resource | Microsoft.Sql/servers/databases | Ensure that 'Send Alerts To' is enabled for MSSQL servers | Bicep |
| 632 | CKV_AZURE_26 | resource | azurerm_mssql_server_security_alert_policy | Ensure that 'Send Alerts To' is enabled for MSSQL servers | Terraform |
| 633 | CKV_AZURE_27 | resource | Microsoft.Sql/servers/databases | Ensure that 'Email service and co-administrators' is 'Enabled' for MSSQL servers | arm |
| 634 | CKV_AZURE_27 | resource | Microsoft.Sql/servers/databases | Ensure that 'Email service and co-administrators' is 'Enabled' for MSSQL servers | Bicep |
| 635 | CKV_AZURE_27 | resource | azurerm_mssql_server_security_alert_policy | Ensure that 'Email service and co-administrators' is 'Enabled' for MSSQL servers | Terraform |
| 636 | CKV_AZURE_28 | resource | Microsoft.DBforMySQL/servers | Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server | arm |
| 637 | CKV_AZURE_28 | resource | Microsoft.DBforMySQL/servers | Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server | Bicep |
| 638 | CKV_AZURE_28 | resource | azurerm_mysql_server | Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server | Terraform |
| 639 | CKV_AZURE_29 | resource | Microsoft.DBforPostgreSQL/servers | Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server | arm |
| 640 | CKV_AZURE_29 | resource | Microsoft.DBforPostgreSQL/servers | Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server | Bicep |
| 641 | CKV_AZURE_29 | resource | azurerm_postgresql_server | Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server | Terraform |
| 642 | CKV_AZURE_30 | resource | Microsoft.DBforPostgreSQL/servers/configurations | Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | arm |
| 643 | CKV_AZURE_30 | resource | Microsoft.DBforPostgreSQL/servers/configurations | Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Bicep |
| 644 | CKV_AZURE_30 | resource | azurerm_postgresql_configuration | Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Terraform |
| 645 | CKV_AZURE_30 | resource | configurations | Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | arm |
| 646 | CKV_AZURE_30 | resource | configurations | Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server | Bicep |
| 647 | CKV_AZURE_31 | resource | Microsoft.DBforPostgreSQL/servers/configurations | Ensure configuration 'log_connections' is set to 'ON' for PostgreSQL Database Server | arm |
| 648 | CKV_AZURE_31 | resource | Microsoft.DBforPostgreSQL/servers/configurations | Ensure configuration 'log_connections' is set to 'ON' for PostgreSQL Database Server | Bicep |
| 649 | CKV_AZURE_31 | resource | azurerm_postgresql_configuration | Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server | Terraform |
| 650 | CKV_AZURE_31 | resource | configurations | Ensure configuration 'log_connections' is set to 'ON' for PostgreSQL Database Server | arm |
| 651 | CKV_AZURE_31 | resource | configurations | Ensure configuration 'log_connections' is set to 'ON' for PostgreSQL Database Server | Bicep |
| 652 | CKV_AZURE_32 | resource | Microsoft.DBforPostgreSQL/servers/configurations | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server | arm |
| 653 | CKV_AZURE_32 | resource | Microsoft.DBforPostgreSQL/servers/configurations | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server | Bicep |
| 654 | CKV_AZURE_32 | resource | azurerm_postgresql_configuration | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server | Terraform |
| 655 | CKV_AZURE_32 | resource | configurations | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server | arm |
| 656 | CKV_AZURE_32 | resource | configurations | Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server | Bicep |
| 657 | CKV_AZURE_33 | resource | Microsoft.Storage/storageAccounts/queueServices/providers/diagnosticsettings | Ensure Storage logging is enabled for Queue service for read, write and delete requests | arm |
| 658 | CKV_AZURE_33 | resource | Microsoft.Storage/storageAccounts/queueServices/providers/diagnosticsettings | Ensure Storage logging is enabled for Queue service for read, write and delete requests | Bicep |
| 659 | CKV_AZURE_33 | resource | azurerm_storage_account | Ensure Storage logging is enabled for Queue service for read, write and delete requests | Terraform |
| 660 | CKV_AZURE_34 | resource | Microsoft.Storage/storageAccounts/blobServices/containers | Ensure that 'Public access level' is set to Private for blob containers | arm |
| 661 | CKV_AZURE_34 | resource | Microsoft.Storage/storageAccounts/blobServices/containers | Ensure that 'Public access level' is set to Private for blob containers | Bicep |
| 662 | CKV_AZURE_34 | resource | azurerm_storage_container | Ensure that 'Public access level' is set to Private for blob containers | Terraform |
| 663 | CKV_AZURE_34 | resource | blobServices/containers | Ensure that 'Public access level' is set to Private for blob containers | arm |
| 664 | CKV_AZURE_34 | resource | blobServices/containers | Ensure that 'Public access level' is set to Private for blob containers | Bicep |
| 665 | CKV_AZURE_34 | resource | containers | Ensure that 'Public access level' is set to Private for blob containers | arm |
| 666 | CKV_AZURE_34 | resource | containers | Ensure that 'Public access level' is set to Private for blob containers | Bicep |
| 667 | CKV_AZURE_35 | resource | Microsoft.Storage/storageAccounts | Ensure default network access rule for Storage Accounts is set to deny | arm |
| 668 | CKV_AZURE_35 | resource | Microsoft.Storage/storageAccounts | Ensure default network access rule for Storage Accounts is set to deny | Bicep |
| 669 | CKV_AZURE_35 | resource | azurerm_storage_account | Ensure default network access rule for Storage Accounts is set to deny | Terraform |
| 670 | CKV_AZURE_35 | resource | azurerm_storage_account_network_rules | Ensure default network access rule for Storage Accounts is set to deny | Terraform |
| 671 | CKV_AZURE_36 | resource | Microsoft.Storage/storageAccounts | Ensure 'Trusted Microsoft Services' is enabled for Storage Account access | arm |
| 672 | CKV_AZURE_36 | resource | Microsoft.Storage/storageAccounts | Ensure 'Trusted Microsoft Services' is enabled for Storage Account access | Bicep |
| 673 | CKV_AZURE_36 | resource | azurerm_storage_account | Ensure 'Trusted Microsoft Services' is enabled for Storage Account access | Terraform |
| 674 | CKV_AZURE_36 | resource | azurerm_storage_account_network_rules | Ensure 'Trusted Microsoft Services' is enabled for Storage Account access | Terraform |
| 675 | CKV_AZURE_37 | resource | azurerm_monitor_log_profile | Ensure that Activity Log Retention is set 365 days or greater | Terraform |
| 676 | CKV_AZURE_37 | resource | microsoft.insights/logprofiles | Ensure that Activity Log Retention is set 365 days or greater | arm |
| 677 | CKV_AZURE_37 | resource | microsoft.insights/logprofiles | Ensure that Activity Log Retention is set 365 days or greater | Bicep |
| 678 | CKV_AZURE_38 | resource | azurerm_monitor_log_profile | Ensure audit profile captures all the activities | Terraform |
| 679 | CKV_AZURE_38 | resource | microsoft.insights/logprofiles | Ensure audit profile captures all the activities | arm |
| 680 | CKV_AZURE_38 | resource | microsoft.insights/logprofiles | Ensure audit profile captures all the activities | Bicep |
| 681 | CKV_AZURE_39 | resource | Microsoft.Authorization/roleDefinitions | Ensure that no custom subscription owner roles are created | arm |
| 682 | CKV_AZURE_39 | resource | Microsoft.Authorization/roleDefinitions | Ensure that no custom subscription owner roles are created | Bicep |
| 683 | CKV_AZURE_39 | resource | azurerm_role_definition | Ensure that no custom subscription owner roles are created | Terraform |
| 684 | CKV_AZURE_40 | resource | azurerm_key_vault_key | Ensure that the expiration date is set on all keys | Terraform |
| 685 | CKV_AZURE_41 | resource | Microsoft.KeyVault/vaults/secrets | Ensure that the expiration date is set on all secrets | arm |
| 686 | CKV_AZURE_41 | resource | Microsoft.KeyVault/vaults/secrets | Ensure that the expiration date is set on all secrets | Bicep |
| 687 | CKV_AZURE_41 | resource | azurerm_key_vault_secret | Ensure that the expiration date is set on all secrets | Terraform |
| 688 | CKV_AZURE_42 | resource | Microsoft.KeyVault/vaults | Ensure the key vault is recoverable | arm |
| 689 | CKV_AZURE_42 | resource | Microsoft.KeyVault/vaults | Ensure the key vault is recoverable | Bicep |
| 690 | CKV_AZURE_42 | resource | azurerm_key_vault | Ensure the key vault is recoverable | Terraform |
| 691 | CKV_AZURE_43 | resource | azurerm_storage_account | Ensure Storage Accounts adhere to the naming rules | Terraform |
| 692 | CKV_AZURE_44 | resource | azurerm_storage_account | Ensure Storage Account is using the latest version of TLS encryption | Terraform |
| 693 | CKV_AZURE_45 | resource | azurerm_virtual_machine | Ensure that no sensitive credentials are exposed in VM custom_data | Terraform |
| 694 | CKV_AZURE_47 | resource | Microsoft.DBforMariaDB/servers | Ensure 'Enforce SSL connection' is set to 'ENABLED' for MariaDB servers | arm |
| 695 | CKV_AZURE_47 | resource | Microsoft.DBforMariaDB/servers | Ensure 'Enforce SSL connection' is set to 'ENABLED' for MariaDB servers | Bicep |
| 696 | CKV_AZURE_47 | resource | azurerm_mariadb_server | Ensure 'Enforce SSL connection' is set to 'ENABLED' for MariaDB servers | Terraform |
| 697 | CKV_AZURE_48 | resource | azurerm_mariadb_server | Ensure 'public network access enabled' is set to 'False' for MariaDB servers | Terraform |
| 698 | CKV_AZURE_49 | resource | Microsoft.Compute/virtualMachineScaleSets | Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead) | arm |
| 699 | CKV_AZURE_49 | resource | Microsoft.Compute/virtualMachineScaleSets | Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead) | Bicep |
| 700 | CKV_AZURE_49 | resource | azurerm_linux_virtual_machine_scale_set | Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead) | Terraform |
| 701 | CKV_AZURE_50 | resource | azurerm_linux_virtual_machine | Ensure Virtual Machine Extensions are not Installed | Terraform |
| 702 | CKV_AZURE_50 | resource | azurerm_windows_virtual_machine | Ensure Virtual Machine Extensions are not Installed | Terraform |
| 703 | CKV_AZURE_52 | resource | azurerm_mssql_server | Ensure MSSQL is using the latest version of TLS encryption | Terraform |
| 704 | CKV_AZURE_53 | resource | azurerm_mysql_server | Ensure 'public network access enabled' is set to 'False' for mySQL servers | Terraform |
| 705 | CKV_AZURE_54 | resource | azurerm_mysql_server | Ensure MySQL is using the latest version of TLS encryption | Terraform |
| 706 | CKV_AZURE_55 | resource | azurerm_security_center_subscription_pricing | Ensure that Azure Defender is set to On for Servers | Terraform |
| 707 | CKV_AZURE_56 | resource | azurerm_function_app | Ensure that function apps enables Authentication | Terraform |
| 708 | CKV_AZURE_57 | resource | azurerm_app_service | Ensure that CORS disallows every resource to access app services | Terraform |
| 709 | CKV_AZURE_58 | resource | azurerm_synapse_workspace | Ensure that Azure Synapse workspaces enables managed virtual networks | Terraform |
| 710 | CKV_AZURE_59 | resource | azurerm_storage_account | Ensure that Storage accounts disallow public access | Terraform |
| 711 | CKV_AZURE_60 | resource | azurerm_storage_account | Ensure that storage account enables secure transfer | Terraform |
| 712 | CKV_AZURE_61 | resource | azurerm_security_center_subscription_pricing | Ensure that Azure Defender is set to On for App Service | Terraform |
| 713 | CKV_AZURE_62 | resource | azurerm_function_app | Ensure function apps are not accessible from all regions | Terraform |
| 714 | CKV_AZURE_63 | resource | azurerm_app_service | Ensure that App service enables HTTP logging | Terraform |
| 715 | CKV_AZURE_64 | resource | azurerm_storage_sync | Ensure that Azure File Sync disables public network access | Terraform |
| 716 | CKV_AZURE_65 | resource | azurerm_app_service | Ensure that App service enables detailed error messages | Terraform |
| 717 | CKV_AZURE_66 | resource | azurerm_app_service | Ensure that App service enables failed request tracing | Terraform |
| 718 | CKV_AZURE_67 | resource | azurerm_function_app | Ensure that 'HTTP Version' is the latest, if used to run the Function app | Terraform |
| 719 | CKV_AZURE_67 | resource | azurerm_function_app_slot | Ensure that 'HTTP Version' is the latest, if used to run the Function app | Terraform |
| 720 | CKV_AZURE_68 | resource | azurerm_postgresql_server | Ensure that PostgreSQL server disables public network access | Terraform |
| 721 | CKV_AZURE_69 | resource | azurerm_security_center_subscription_pricing | Ensure that Azure Defender is set to On for Azure SQL database servers | Terraform |
| 722 | CKV_AZURE_70 | resource | azurerm_function_app | Ensure that Function apps is only accessible over HTTPS | Terraform |
| 723 | CKV_AZURE_71 | resource | azurerm_app_service | Ensure that Managed identity provider is enabled for app services | Terraform |
| 724 | CKV_AZURE_72 | resource | azurerm_app_service | Ensure that remote debugging is not enabled for app services | Terraform |
| 725 | CKV_AZURE_73 | resource | azurerm_automation_variable_bool | Ensure that Automation account variables are encrypted | Terraform |
| 726 | CKV_AZURE_73 | resource | azurerm_automation_variable_datetime | Ensure that Automation account variables are encrypted | Terraform |
| 727 | CKV_AZURE_73 | resource | azurerm_automation_variable_int | Ensure that Automation account variables are encrypted | Terraform |
| 728 | CKV_AZURE_73 | resource | azurerm_automation_variable_string | Ensure that Automation account variables are encrypted | Terraform |
| 729 | CKV_AZURE_74 | resource | azurerm_kusto_cluster | Ensure that Azure Data Explorer uses disk encryption | Terraform |
| 730 | CKV_AZURE_75 | resource | azurerm_kusto_cluster | Ensure that Azure Data Explorer uses double encryption | Terraform |
| 731 | CKV_AZURE_76 | resource | azurerm_batch_account | Ensure that Azure Batch account uses key vault to encrypt data | Terraform |
| 732 | CKV_AZURE_77 | resource | azurerm_network_security_group | Ensure that UDP Services are restricted from the Internet | Terraform |
| 733 | CKV_AZURE_77 | resource | azurerm_network_security_rule | Ensure that UDP Services are restricted from the Internet | Terraform |
| 734 | CKV_AZURE_78 | resource | azurerm_app_service | Ensure FTP deployments are disabled | Terraform |
| 735 | CKV_AZURE_79 | resource | azurerm_security_center_subscription_pricing | Ensure that Azure Defender is set to On for SQL servers on machines | Terraform |
| 736 | CKV_AZURE_80 | resource | azurerm_app_service | Ensure that 'Net Framework' version is the latest, if used as a part of the web app | Terraform |
| 737 | CKV_AZURE_81 | resource | azurerm_app_service | Ensure that 'PHP version' is the latest, if used to run the web app | Terraform |
| 738 | CKV_AZURE_82 | resource | azurerm_app_service | Ensure that 'Python version' is the latest, if used to run the web app | Terraform |
| 739 | CKV_AZURE_83 | resource | azurerm_app_service | Ensure that 'Java version' is the latest, if used to run the web app | Terraform |
| 740 | CKV_AZURE_84 | resource | azurerm_security_center_subscription_pricing | Ensure that Azure Defender is set to On for Storage | Terraform |
| 741 | CKV_AZURE_85 | resource | azurerm_security_center_subscription_pricing | Ensure that Azure Defender is set to On for Kubernetes | Terraform |
| 742 | CKV_AZURE_86 | resource | azurerm_security_center_subscription_pricing | Ensure that Azure Defender is set to On for Container Registries | Terraform |
| 743 | CKV_AZURE_87 | resource | azurerm_security_center_subscription_pricing | Ensure that Azure Defender is set to On for Key Vault | Terraform |
| 744 | CKV_AZURE_88 | resource | azurerm_app_service | Ensure that app services use Azure Files | Terraform |
| 745 | CKV_AZURE_89 | resource | azurerm_redis_cache | Ensure that Azure Cache for Redis disables public network access | Terraform |
| 746 | CKV_AZURE_91 | resource | azurerm_redis_cache | Ensure that only SSL are enabled for Cache for Redis | Terraform |
| 747 | CKV_AZURE_92 | resource | azurerm_linux_virtual_machine | Ensure that Virtual Machines use managed disks | Terraform |
| 748 | CKV_AZURE_92 | resource | azurerm_windows_virtual_machine | Ensure that Virtual Machines use managed disks | Terraform |
| 749 | CKV_AZURE_93 | resource | azurerm_managed_disk | Ensure that managed disks use a specific set of disk encryption sets for the customer-managed key encryption | Terraform |
| 750 | CKV_AZURE_94 | resource | azurerm_mysql_server | Ensure that My SQL server enables geo-redundant backups | Terraform |
| 751 | CKV_AZURE_95 | resource | azurerm_virtual_machine_scale_set | Ensure that automatic OS image patching is enabled for Virtual Machine Scale Sets | Terraform |
| 752 | CKV_AZURE_96 | resource | azurerm_mysql_server | Ensure that MySQL server enables infrastructure encryption | Terraform |
| 753 | CKV_AZURE_97 | resource | azurerm_linux_virtual_machine_scale_set | Ensure that Virtual machine scale sets have encryption at host enabled | Terraform |
| 754 | CKV_AZURE_97 | resource | azurerm_windows_virtual_machine_scale_set | Ensure that Virtual machine scale sets have encryption at host enabled | Terraform |
| 755 | CKV_AZURE_98 | resource | azurerm_container_group | Ensure that Azure Container group is deployed into virtual network | Terraform |
| 756 | CKV_AZURE_99 | resource | azurerm_cosmosdb_account | Ensure Cosmos DB accounts have restricted access | Terraform |
| 757 | CKV_AZURE_100 | resource | azurerm_cosmosdb_account | Ensure that Cosmos DB accounts have customer-managed keys to encrypt data at rest | Terraform |
| 758 | CKV_AZURE_101 | resource | azurerm_cosmosdb_account | Ensure that Azure Cosmos DB disables public network access | Terraform |
| 759 | CKV_AZURE_102 | resource | azurerm_postgresql_server | Ensure that PostgreSQL server enables geo-redundant backups | Terraform |
| 760 | CKV_AZURE_103 | resource | azurerm_data_factory | Ensure that Azure Data Factory uses Git repository for source control | Terraform |
| 761 | CKV_AZURE_104 | resource | azurerm_data_factory | Ensure that Azure Data factory public network access is disabled | Terraform |
| 762 | CKV_AZURE_105 | resource | azurerm_data_lake_store | Ensure that Data Lake Store accounts enables encryption | Terraform |
| 763 | CKV_AZURE_106 | resource | azurerm_eventgrid_domain | Ensure that Azure Event Grid Domain public network access is disabled | Terraform |
| 764 | CKV_AZURE_107 | resource | azurerm_api_management | Ensure that API management services use virtual networks | Terraform |
| 765 | CKV_AZURE_108 | resource | azurerm_iothub | Ensure that Azure IoT Hub disables public network access | Terraform |
| 766 | CKV_AZURE_109 | resource | azurerm_key_vault | Ensure that key vault allows firewall rules settings | Terraform |
| 767 | CKV_AZURE_110 | resource | azurerm_key_vault | Ensure that key vault enables purge protection | Terraform |
| 768 | CKV_AZURE_111 | resource | azurerm_key_vault | Ensure that key vault enables soft delete | Terraform |
| 769 | CKV_AZURE_112 | resource | azurerm_key_vault_key | Ensure that key vault key is backed by HSM | Terraform |
| 770 | CKV_AZURE_113 | resource | azurerm_mssql_server | Ensure that SQL server disables public network access | Terraform |
| 771 | CKV_AZURE_114 | resource | azurerm_key_vault_secret | Ensure that key vault secrets have "content_type" set | Terraform |
| 772 | CKV_AZURE_115 | resource | azurerm_kubernetes_cluster | Ensure that AKS enables private clusters | Terraform |
| 773 | CKV_AZURE_116 | resource | azurerm_kubernetes_cluster | Ensure that AKS uses Azure Policies Add-on | Terraform |
| 774 | CKV_AZURE_117 | resource | azurerm_kubernetes_cluster | Ensure that AKS uses disk encryption set | Terraform |
| 775 | CKV_AZURE_118 | resource | azurerm_network_interface | Ensure that Network Interfaces disable IP forwarding | Terraform |
| 776 | CKV_AZURE_119 | resource | azurerm_network_interface | Ensure that Network Interfaces don't use public IPs | Terraform |
| 777 | CKV_AZURE_120 | resource | azurerm_application_gateway | Ensure that Application Gateway enables WAF | Terraform |
| 778 | CKV_AZURE_121 | resource | azurerm_frontdoor | Ensure that Azure Front Door enables WAF | Terraform |
| 779 | CKV_AZURE_122 | resource | azurerm_web_application_firewall_policy | Ensure that Application Gateway uses WAF in "Detection" or "Prevention" modes | Terraform |
| 780 | CKV_AZURE_123 | resource | azurerm_frontdoor_firewall_policy | Ensure that Azure Front Door uses WAF in "Detection" or "Prevention" modes | Terraform |
| 781 | CKV_AZURE_124 | resource | azurerm_search_service | Ensure that Azure Cognitive Search disables public network access | Terraform |
| 782 | CKV_AZURE_125 | resource | azurerm_service_fabric_cluster | Ensures that Service Fabric use three levels of protection available | Terraform |
| 783 | CKV_AZURE_126 | resource | azurerm_service_fabric_cluster | Ensures that Active Directory is used for authentication for Service Fabric | Terraform |
| 784 | CKV_AZURE_127 | resource | azurerm_mysql_server | Ensure that My SQL server enables Threat detection policy | Terraform |
| 785 | CKV_AZURE_128 | resource | azurerm_postgresql_server | Ensure that PostgreSQL server enables Threat detection policy | Terraform |
| 786 | CKV_AZURE_129 | resource | azurerm_mariadb_server | Ensure that MariaDB server enables geo-redundant backups | Terraform |
| 787 | CKV_AZURE_130 | resource | azurerm_postgresql_server | Ensure that PostgreSQL server enables infrastructure encryption | Terraform |
| 788 | CKV_AZURE_131 | resource | azurerm_security_center_contact | Ensure that 'Security contact emails' is set | Terraform |
| 789 | CKV_AZURE_131 | parameter | secureString | SecureString parameter should not have hardcoded default values | arm |
| 790 | CKV_AZURE_131 | parameter | string | SecureString parameter should not have hardcoded default values | Bicep |
| 791 | CKV_AZURE_132 | resource | Microsoft.DocumentDB/databaseAccounts | Ensure cosmosdb does not allow privileged escalation by restricting management plane changes | arm |
| 792 | CKV_AZURE_132 | resource | Microsoft.DocumentDB/databaseAccounts | Ensure cosmosdb does not allow privileged escalation by restricting management plane changes | Bicep |
| 793 | CKV_AZURE_132 | resource | azurerm_cosmosdb_account | Ensure cosmosdb does not allow privileged escalation by restricting management plane changes | Terraform |
| 794 | CKV_AZURE_133 | resource | azurerm_frontdoor_firewall_policy | Ensure Front Door WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell | Terraform |
| 795 | CKV_AZURE_134 | resource | azurerm_cognitive_account | Ensure that Cognitive Services accounts disable public network access | Terraform |
| 796 | CKV_AZURE_135 | resource | azurerm_web_application_firewall_policy | Ensure Application Gateway WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell | Terraform |
| 797 | CKV_AZURE_136 | resource | azurerm_postgresql_flexible_server | Ensure that PostgreSQL Flexible server enables geo-redundant backups | Terraform |
| 798 | CKV_AZURE_137 | resource | azurerm_container_registry | Ensure ACR admin account is disabled | Terraform |
| 799 | CKV_AZURE_138 | resource | azurerm_container_registry | Ensures that ACR disables anonymous pulling of images | Terraform |
| 800 | CKV_AZURE_139 | resource | azurerm_container_registry | Ensure ACR set to disable public networking | Terraform |
| 801 | CKV_AZURE_140 | resource | azurerm_cosmosdb_account | Ensure that Local Authentication is disabled on CosmosDB | Terraform |
| 802 | CKV_AZURE_141 | resource | azurerm_kubernetes_cluster | Ensure AKS local admin account is disabled | Terraform |
| 803 | CKV_AZURE_142 | resource | azurerm_machine_learning_compute_cluster | Ensure Machine Learning Compute Cluster Local Authentication is disabled | Terraform |
| 804 | CKV_AZURE_143 | resource | azurerm_kubernetes_cluster | Ensure AKS cluster nodes do not have public IP addresses | Terraform |
| 805 | CKV_AZURE_144 | resource | azurerm_machine_learning_workspace | Ensure that Public Access is disabled for Machine Learning Workspace | Terraform |
| 806 | CKV_AZURE_145 | resource | azurerm_function_app | Ensure Function app is using the latest version of TLS encryption | Terraform |
| 807 | CKV_AZURE_146 | resource | azurerm_postgresql_configuration | Ensure server parameter 'log_retention' is set to 'ON' for PostgreSQL Database Server | Terraform |
| 808 | CKV_AZURE_147 | resource | azurerm_postgresql_server | Ensure PostgreSQL is using the latest version of TLS encryption | Terraform |
| 809 | CKV_AZURE_148 | resource | azurerm_redis_cache | Ensure Redis Cache is using the latest version of TLS encryption | Terraform |
| 810 | CKV_AZURE_149 | resource | azurerm_linux_virtual_machine | Ensure that Virtual machine does not enable password authentication | Terraform |
| 811 | CKV_AZURE_149 | resource | azurerm_linux_virtual_machine_scale_set | Ensure that Virtual machine does not enable password authentication | Terraform |
| 812 | CKV_AZURE_150 | resource | azurerm_machine_learning_compute_cluster | Ensure Machine Learning Compute Cluster Minimum Nodes Set To 0 | Terraform |
| 813 | CKV_AZURE_151 | resource | azurerm_windows_virtual_machine | Ensure Windows VM enables encryption | Terraform |
| 814 | CKV_AZURE_152 | resource | azurerm_api_management | Ensure Client Certificates are enforced for API management | Terraform |
| 815 | CKV_AZURE_153 | resource | azurerm_app_service_slot | Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot | Terraform |
| 816 | CKV_AZURE_154 | resource | azurerm_app_service_slot | Ensure the App service slot is using the latest version of TLS encryption | Terraform |
| 817 | CKV_AZURE_155 | resource | azurerm_app_service_slot | Ensure debugging is disabled for the App service slot | Terraform |
| 818 | CKV_AZURE_156 | resource | azurerm_mssql_database_extended_auditing_policy | Ensure default Auditing policy for a SQL Server is configured to capture and retain the activity logs | Terraform |
| 819 | CKV_AZURE_157 | resource | azurerm_synapse_workspace | Ensure that Synapse workspace has data_exfiltration_protection_enabled | Terraform |
| 820 | CKV_AZURE_158 | resource | azurerm_databricks_workspace | Ensure that databricks workspace has not public | Terraform |
| 821 | CKV_AZURE_159 | resource | azurerm_function_app | Ensure function app builtin logging is enabled | Terraform |
| 822 | CKV_AZURE_159 | resource | azurerm_function_app_slot | Ensure function app builtin logging is enabled | Terraform |
| 823 | CKV2_AZURE_1 | resource | azurerm_storage_account | Ensure storage for critical data are encrypted with Customer Managed Key | Terraform |
| 824 | CKV2_AZURE_2 | resource | azurerm_mssql_server_security_alert_policy | Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account | Terraform |
| 825 | CKV2_AZURE_2 | resource | azurerm_sql_server | Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account | Terraform |
| 826 | CKV2_AZURE_3 | resource | azurerm_mssql_server | Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server | Terraform |
| 827 | CKV2_AZURE_3 | resource | azurerm_mssql_server_security_alert_policy | Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server | Terraform |
| 828 | CKV2_AZURE_3 | resource | azurerm_mssql_server_vulnerability_assessment | Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server | Terraform |
| 829 | CKV2_AZURE_3 | resource | azurerm_sql_server | Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server | Terraform |
| 830 | CKV2_AZURE_4 | resource | azurerm_mssql_server | Ensure Azure SQL server ADS VA Send scan reports to is configured | Terraform |
| 831 | CKV2_AZURE_4 | resource | azurerm_mssql_server_security_alert_policy | Ensure Azure SQL server ADS VA Send scan reports to is configured | Terraform |
| 832 | CKV2_AZURE_4 | resource | azurerm_mssql_server_vulnerability_assessment | Ensure Azure SQL server ADS VA Send scan reports to is configured | Terraform |
| 833 | CKV2_AZURE_4 | resource | azurerm_sql_server | Ensure Azure SQL server ADS VA Send scan reports to is configured | Terraform |
| 834 | CKV2_AZURE_5 | resource | azurerm_mssql_server | Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server | Terraform |
| 835 | CKV2_AZURE_5 | resource | azurerm_mssql_server_security_alert_policy | Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server | Terraform |
| 836 | CKV2_AZURE_5 | resource | azurerm_mssql_server_vulnerability_assessment | Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server | Terraform |
| 837 | CKV2_AZURE_5 | resource | azurerm_sql_server | Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server | Terraform |
| 838 | CKV2_AZURE_6 | resource | azurerm_sql_firewall_rule | Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled | Terraform |
| 839 | CKV2_AZURE_6 | resource | azurerm_sql_server | Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled | Terraform |
| 840 | CKV2_AZURE_7 | resource | azurerm_sql_server | Ensure that Azure Active Directory Admin is configured | Terraform |
| 841 | CKV2_AZURE_8 | resource | azurerm_monitor_activity_log_alert | Ensure the storage container storing the activity logs is not publicly accessible | Terraform |
| 842 | CKV2_AZURE_8 | resource | azurerm_storage_container | Ensure the storage container storing the activity logs is not publicly accessible | Terraform |
| 843 | CKV2_AZURE_9 | resource | azurerm_virtual_machine | Ensure Virtual Machines are utilizing Managed Disks | Terraform |
| 844 | CKV2_AZURE_10 | resource | azurerm_virtual_machine | Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines | Terraform |
| 845 | CKV2_AZURE_10 | resource | azurerm_virtual_machine_extension | Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines | Terraform |
| 846 | CKV2_AZURE_11 | resource | azurerm_kusto_cluster | Ensure that Azure Data Explorer encryption at rest uses a customer-managed key | Terraform |
| 847 | CKV2_AZURE_12 | resource | azurerm_virtual_machine | Ensure that virtual machines are backed up using Azure Backup | Terraform |
| 848 | CKV2_AZURE_13 | resource | azurerm_mssql_server_security_alert_policy | Ensure that sql servers enables data security policy | Terraform |
| 849 | CKV2_AZURE_13 | resource | azurerm_sql_server | Ensure that sql servers enables data security policy | Terraform |
| 850 | CKV2_AZURE_14 | resource | azurerm_managed_disk | Ensure that Unattached disks are encrypted | Terraform |
| 851 | CKV2_AZURE_14 | resource | azurerm_virtual_machine | Ensure that Unattached disks are encrypted | Terraform |
| 852 | CKV2_AZURE_15 | resource | azurerm_data_factory | Ensure that Azure data factories are encrypted with a customer-managed key | Terraform |
| 853 | CKV2_AZURE_16 | resource | azurerm_mysql_server | Ensure that MySQL server enables customer-managed key for encryption | Terraform |
| 854 | CKV2_AZURE_16 | resource | azurerm_mysql_server_key | Ensure that MySQL server enables customer-managed key for encryption | Terraform |
| 855 | CKV2_AZURE_17 | resource | azurerm_postgresql_server | Ensure that PostgreSQL server enables customer-managed key for encryption | Terraform |
| 856 | CKV2_AZURE_17 | resource | azurerm_postgresql_server_key | Ensure that PostgreSQL server enables customer-managed key for encryption | Terraform |
| 857 | CKV2_AZURE_18 | resource | azurerm_storage_account | Ensure that Storage Accounts use customer-managed key for encryption | Terraform |
| 858 | CKV2_AZURE_18 | resource | azurerm_storage_account_customer_managed_key | Ensure that Storage Accounts use customer-managed key for encryption | Terraform |
| 859 | CKV2_AZURE_19 | resource | azurerm_synapse_workspace | Ensure that Azure Synapse workspaces have no IP firewall rules attached | Terraform |
| 860 | CKV2_AZURE_20 | resource | azurerm_log_analytics_storage_insights | Ensure Storage logging is enabled for Table service for read requests | Terraform |
| 861 | CKV2_AZURE_20 | resource | azurerm_storage_account | Ensure Storage logging is enabled for Table service for read requests | Terraform |
| 862 | CKV2_AZURE_20 | resource | azurerm_storage_table | Ensure Storage logging is enabled for Table service for read requests | Terraform |
| 863 | CKV2_AZURE_21 | resource | azurerm_log_analytics_storage_insights | Ensure Storage logging is enabled for Blob service for read requests | Terraform |
| 864 | CKV2_AZURE_21 | resource | azurerm_storage_account | Ensure Storage logging is enabled for Blob service for read requests | Terraform |
| 865 | CKV2_AZURE_21 | resource | azurerm_storage_container | Ensure Storage logging is enabled for Blob service for read requests | Terraform |
| 866 | CKV2_AZURE_22 | resource | azurerm_cognitive_account | Ensure that Cognitive Services enables customer-managed key for encryption | Terraform |
| 867 | CKV2_AZURE_22 | resource | azurerm_cognitive_account_customer_managed_key | Ensure that Cognitive Services enables customer-managed key for encryption | Terraform |
| 868 | CKV_BCW_1 | provider | bridgecrew | Ensure no hard coded API token exist in the provider | Terraform |
| 869 | CKV_BITBUCKET_1 | bitbucket_configuration | * | Merge requests should require at least 2 approvals | bitbucket_configuration |
| 870 | CKV_DIO_1 | resource | digitalocean_spaces_bucket | Ensure the Spaces bucket has versioning enabled | Terraform |
| 871 | CKV_DIO_2 | resource | digitalocean_droplet | Ensure the droplet specifies an SSH key | Terraform |
| 872 | CKV_DIO_3 | resource | digitalocean_spaces_bucket | Ensure the Spaces bucket is private | Terraform |
| 873 | CKV_DIO_4 | resource | digitalocean_firewall | Ensure the firewall ingress is not wide open | Terraform |
| 874 | CKV_DOCKER_1 | dockerfile | EXPOSE | Ensure port 22 is not exposed | dockerfile |
| 875 | CKV_DOCKER_2 | dockerfile | * | Ensure that HEALTHCHECK instructions have been added to container images | dockerfile |
| 876 | CKV_DOCKER_3 | dockerfile | * | Ensure that a user for the container has been created | dockerfile |
| 877 | CKV_DOCKER_4 | dockerfile | ADD | Ensure that COPY is used instead of ADD in Dockerfiles | dockerfile |
| 878 | CKV_DOCKER_5 | dockerfile | RUN | Ensure update instructions are not use alone in the Dockerfile | dockerfile |
| 879 | CKV_DOCKER_6 | dockerfile | MAINTAINER | Ensure that LABEL maintainer is used instead of MAINTAINER (deprecated) | dockerfile |
| 880 | CKV_DOCKER_7 | dockerfile | FROM | Ensure the base image uses a non latest version tag | dockerfile |
| 881 | CKV_DOCKER_8 | dockerfile | USER | Ensure the last USER is not root | dockerfile |
| 882 | CKV_DOCKER_9 | dockerfile | RUN | Ensure that APT isn't used | dockerfile |
| 883 | CKV_DOCKER_10 | dockerfile | WORKDIR | Ensure that WORKDIR values are absolute paths | dockerfile |
| 884 | CKV_DOCKER_11 | dockerfile | FROM | Ensure From Alias are unique for multistage builds. | dockerfile |
| 885 | CKV_GCP_1 | resource | google_container_cluster | Ensure Stackdriver Logging is set to Enabled on Kubernetes Engine Clusters | Terraform |
| 886 | CKV_GCP_2 | resource | google_compute_firewall | Ensure Google compute firewall ingress does not allow unrestricted ssh access | Terraform |
| 887 | CKV_GCP_3 | resource | google_compute_firewall | Ensure Google compute firewall ingress does not allow unrestricted rdp access | Terraform |
| 888 | CKV_GCP_4 | resource | google_compute_ssl_policy | Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites | Terraform |
| 889 | CKV_GCP_6 | resource | google_sql_database_instance | Ensure all Cloud SQL database instance requires all incoming connections to use SSL | Terraform |
| 890 | CKV_GCP_7 | resource | google_container_cluster | Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters | Terraform |
| 891 | CKV_GCP_8 | resource | google_container_cluster | Ensure Stackdriver Monitoring is set to Enabled on Kubernetes Engine Clusters | Terraform |
| 892 | CKV_GCP_9 | resource | google_container_node_pool | Ensure 'Automatic node repair' is enabled for Kubernetes Clusters | Terraform |
| 893 | CKV_GCP_10 | resource | google_container_node_pool | Ensure 'Automatic node upgrade' is enabled for Kubernetes Clusters | Terraform |
| 894 | CKV_GCP_11 | resource | google_sql_database_instance | Ensure that Cloud SQL database Instances are not open to the world | Terraform |
| 895 | CKV_GCP_12 | resource | google_container_cluster | Ensure Network Policy is enabled on Kubernetes Engine Clusters | Terraform |
| 896 | CKV_GCP_13 | resource | google_container_cluster | Ensure client certificate authentication to Kubernetes Engine Clusters is disabled | Terraform |
| 897 | CKV_GCP_14 | resource | google_sql_database_instance | Ensure all Cloud SQL database instance have backup configuration enabled | Terraform |
| 898 | CKV_GCP_15 | resource | google_bigquery_dataset | Ensure that BigQuery datasets are not anonymously or publicly accessible | Terraform |
| 899 | CKV_GCP_16 | resource | google_dns_managed_zone | Ensure that DNSSEC is enabled for Cloud DNS | Terraform |
| 900 | CKV_GCP_17 | resource | google_dns_managed_zone | Ensure that RSASHA1 is not used for the zone-signing and key-signing keys in Cloud DNS DNSSEC | Terraform |
| 901 | CKV_GCP_18 | resource | google_container_cluster | Ensure GKE Control Plane is not public | Terraform |
| 902 | CKV_GCP_19 | resource | google_container_cluster | Ensure GKE basic auth is disabled | Terraform |
| 903 | CKV_GCP_20 | resource | google_container_cluster | Ensure master authorized networks is set to enabled in GKE clusters | Terraform |
| 904 | CKV_GCP_21 | resource | google_container_cluster | Ensure Kubernetes Clusters are configured with Labels | Terraform |
| 905 | CKV_GCP_22 | resource | google_container_node_pool | Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image | Terraform |
| 906 | CKV_GCP_23 | resource | google_container_cluster | Ensure Kubernetes Cluster is created with Alias IP ranges enabled | Terraform |
| 907 | CKV_GCP_24 | resource | google_container_cluster | Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters | Terraform |
| 908 | CKV_GCP_25 | resource | google_container_cluster | Ensure Kubernetes Cluster is created with Private cluster enabled | Terraform |
| 909 | CKV_GCP_26 | resource | google_compute_subnetwork | Ensure that VPC Flow Logs is enabled for every subnet in a VPC Network | Terraform |
| 910 | CKV_GCP_27 | resource | google_project | Ensure that the default network does not exist in a project | Terraform |
| 911 | CKV_GCP_28 | resource | google_storage_bucket_iam_binding | Ensure that Cloud Storage bucket is not anonymously or publicly accessible | Terraform |
| 912 | CKV_GCP_28 | resource | google_storage_bucket_iam_member | Ensure that Cloud Storage bucket is not anonymously or publicly accessible | Terraform |
| 913 | CKV_GCP_29 | resource | google_storage_bucket | Ensure that Cloud Storage buckets have uniform bucket-level access enabled | Terraform |
| 914 | CKV_GCP_30 | resource | google_compute_instance | Ensure that instances are not configured to use the default service account | Terraform |
| 915 | CKV_GCP_30 | resource | google_compute_instance_from_template | Ensure that instances are not configured to use the default service account | Terraform |
| 916 | CKV_GCP_30 | resource | google_compute_instance_template | Ensure that instances are not configured to use the default service account | Terraform |
| 917 | CKV_GCP_31 | resource | google_compute_instance | Ensure that instances are not configured to use the default service account with full access to all Cloud APIs | Terraform |
| 918 | CKV_GCP_31 | resource | google_compute_instance_from_template | Ensure that instances are not configured to use the default service account with full access to all Cloud APIs | Terraform |
| 919 | CKV_GCP_31 | resource | google_compute_instance_template | Ensure that instances are not configured to use the default service account with full access to all Cloud APIs | Terraform |
| 920 | CKV_GCP_32 | resource | google_compute_instance | Ensure 'Block Project-wide SSH keys' is enabled for VM instances | Terraform |
| 921 | CKV_GCP_32 | resource | google_compute_instance_from_template | Ensure 'Block Project-wide SSH keys' is enabled for VM instances | Terraform |
| 922 | CKV_GCP_32 | resource | google_compute_instance_template | Ensure 'Block Project-wide SSH keys' is enabled for VM instances | Terraform |
| 923 | CKV_GCP_33 | resource | google_compute_project_metadata | Ensure oslogin is enabled for a Project | Terraform |
| 924 | CKV_GCP_34 | resource | google_compute_instance | Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances) | Terraform |
| 925 | CKV_GCP_34 | resource | google_compute_instance_from_template | Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances) | Terraform |
| 926 | CKV_GCP_34 | resource | google_compute_instance_template | Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances) | Terraform |
| 927 | CKV_GCP_35 | resource | google_compute_instance | Ensure 'Enable connecting to serial ports' is not enabled for VM Instance | Terraform |
| 928 | CKV_GCP_35 | resource | google_compute_instance_from_template | Ensure 'Enable connecting to serial ports' is not enabled for VM Instance | Terraform |
| 929 | CKV_GCP_35 | resource | google_compute_instance_template | Ensure 'Enable connecting to serial ports' is not enabled for VM Instance | Terraform |
| 930 | CKV_GCP_36 | resource | google_compute_instance | Ensure that IP forwarding is not enabled on Instances | Terraform |
| 931 | CKV_GCP_36 | resource | google_compute_instance_from_template | Ensure that IP forwarding is not enabled on Instances | Terraform |
| 932 | CKV_GCP_36 | resource | google_compute_instance_template | Ensure that IP forwarding is not enabled on Instances | Terraform |
| 933 | CKV_GCP_37 | resource | google_compute_disk | Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK) | Terraform |
| 934 | CKV_GCP_38 | resource | google_compute_instance | Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK) | Terraform |
| 935 | CKV_GCP_39 | resource | google_compute_instance | Ensure Compute instances are launched with Shielded VM enabled | Terraform |
| 936 | CKV_GCP_39 | resource | google_compute_instance_from_template | Ensure Compute instances are launched with Shielded VM enabled | Terraform |
| 937 | CKV_GCP_39 | resource | google_compute_instance_template | Ensure Compute instances are launched with Shielded VM enabled | Terraform |
| 938 | CKV_GCP_40 | resource | google_compute_instance | Ensure that Compute instances do not have public IP addresses | Terraform |
| 939 | CKV_GCP_40 | resource | google_compute_instance_from_template | Ensure that Compute instances do not have public IP addresses | Terraform |
| 940 | CKV_GCP_40 | resource | google_compute_instance_template | Ensure that Compute instances do not have public IP addresses | Terraform |
| 941 | CKV_GCP_41 | resource | google_project_iam_binding | Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level | Terraform |
| 942 | CKV_GCP_41 | resource | google_project_iam_member | Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level | Terraform |
| 943 | CKV_GCP_42 | resource | google_project_iam_member | Ensure that Service Account has no Admin privileges | Terraform |
| 944 | CKV_GCP_43 | resource | google_kms_crypto_key | Ensure KMS encryption keys are rotated within a period of 90 days | Terraform |
| 945 | CKV_GCP_44 | resource | google_folder_iam_binding | Ensure no roles that enable to impersonate and manage all service accounts are used at a folder level | Terraform |
| 946 | CKV_GCP_44 | resource | google_folder_iam_member | Ensure no roles that enable to impersonate and manage all service accounts are used at a folder level | Terraform |
| 947 | CKV_GCP_45 | resource | google_organization_iam_binding | Ensure no roles that enable to impersonate and manage all service accounts are used at an organization level | Terraform |
| 948 | CKV_GCP_45 | resource | google_organization_iam_member | Ensure no roles that enable to impersonate and manage all service accounts are used at an organization level | Terraform |
| 949 | CKV_GCP_46 | resource | google_project_iam_binding | Ensure Default Service account is not used at a project level | Terraform |
| 950 | CKV_GCP_46 | resource | google_project_iam_member | Ensure Default Service account is not used at a project level | Terraform |
| 951 | CKV_GCP_47 | resource | google_organization_iam_binding | Ensure default service account is not used at an organization level | Terraform |
| 952 | CKV_GCP_47 | resource | google_organization_iam_member | Ensure default service account is not used at an organization level | Terraform |
| 953 | CKV_GCP_48 | resource | google_folder_iam_binding | Ensure Default Service account is not used at a folder level | Terraform |
| 954 | CKV_GCP_48 | resource | google_folder_iam_member | Ensure Default Service account is not used at a folder level | Terraform |
| 955 | CKV_GCP_49 | resource | google_project_iam_binding | Ensure roles do not impersonate or manage Service Accounts used at project level | Terraform |
| 956 | CKV_GCP_49 | resource | google_project_iam_member | Ensure roles do not impersonate or manage Service Accounts used at project level | Terraform |
| 957 | CKV_GCP_50 | resource | google_sql_database_instance | Ensure MySQL database 'local_infile' flag is set to 'off' | Terraform |
| 958 | CKV_GCP_51 | resource | google_sql_database_instance | Ensure PostgreSQL database 'log_checkpoints' flag is set to 'on' | Terraform |
| 959 | CKV_GCP_52 | resource | google_sql_database_instance | Ensure PostgreSQL database 'log_connections' flag is set to 'on' | Terraform |
| 960 | CKV_GCP_53 | resource | google_sql_database_instance | Ensure PostgreSQL database 'log_disconnections' flag is set to 'on' | Terraform |
| 961 | CKV_GCP_54 | resource | google_sql_database_instance | Ensure PostgreSQL database 'log_lock_waits' flag is set to 'on' | Terraform |
| 962 | CKV_GCP_55 | resource | google_sql_database_instance | Ensure PostgreSQL database 'log_min_messages' flag is set to a valid value | Terraform |
| 963 | CKV_GCP_56 | resource | google_sql_database_instance | Ensure PostgreSQL database 'log_temp_files flag is set to '0' | Terraform |
| 964 | CKV_GCP_57 | resource | google_sql_database_instance | Ensure PostgreSQL database 'log_min_duration_statement' flag is set to '-1' | Terraform |
| 965 | CKV_GCP_58 | resource | google_sql_database_instance | Ensure SQL database 'cross db ownership chaining' flag is set to 'off' | Terraform |
| 966 | CKV_GCP_59 | resource | google_sql_database_instance | Ensure SQL database 'contained database authentication' flag is set to 'off' | Terraform |
| 967 | CKV_GCP_60 | resource | google_sql_database_instance | Ensure Cloud SQL database does not have public IP | Terraform |
| 968 | CKV_GCP_61 | resource | google_container_cluster | Enable VPC Flow Logs and Intranode Visibility | Terraform |
| 969 | CKV_GCP_62 | resource | google_storage_bucket | Bucket should log access | Terraform |
| 970 | CKV_GCP_63 | resource | google_storage_bucket | Bucket should not log to itself | Terraform |
| 971 | CKV_GCP_64 | resource | google_container_cluster | Ensure clusters are created with Private Nodes | Terraform |
| 972 | CKV_GCP_65 | resource | google_container_cluster | Manage Kubernetes RBAC users with Google Groups for GKE | Terraform |
| 973 | CKV_GCP_66 | resource | google_container_cluster | Ensure use of Binary Authorization | Terraform |
| 974 | CKV_GCP_67 | resource | google_container_cluster | Ensure legacy Compute Engine instance metadata APIs are Disabled | Terraform |
| 975 | CKV_GCP_68 | resource | google_container_cluster | Ensure Secure Boot for Shielded GKE Nodes is Enabled | Terraform |
| 976 | CKV_GCP_68 | resource | google_container_node_pool | Ensure Secure Boot for Shielded GKE Nodes is Enabled | Terraform |
| 977 | CKV_GCP_69 | resource | google_container_cluster | Ensure the GKE Metadata Server is Enabled | Terraform |
| 978 | CKV_GCP_69 | resource | google_container_node_pool | Ensure the GKE Metadata Server is Enabled | Terraform |
| 979 | CKV_GCP_70 | resource | google_container_cluster | Ensure the GKE Release Channel is set | Terraform |
| 980 | CKV_GCP_71 | resource | google_container_cluster | Ensure Shielded GKE Nodes are Enabled | Terraform |
| 981 | CKV_GCP_72 | resource | google_container_cluster | Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled | Terraform |
| 982 | CKV_GCP_72 | resource | google_container_node_pool | Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled | Terraform |
| 983 | CKV_GCP_73 | resource | google_compute_security_policy | Ensure Cloud Armor prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell | Terraform |
| 984 | CKV_GCP_74 | resource | google_compute_subnetwork | Ensure that private_ip_google_access is enabled for Subnet | Terraform |
| 985 | CKV_GCP_75 | resource | google_compute_firewall | Ensure Google compute firewall ingress does not allow unrestricted FTP access | Terraform |
| 986 | CKV_GCP_76 | resource | google_compute_subnetwork | Ensure that Private google access is enabled for IPV6 | Terraform |
| 987 | CKV_GCP_77 | resource | google_compute_firewall | Ensure Google compute firewall ingress does not allow on ftp port | Terraform |
| 988 | CKV_GCP_78 | resource | google_storage_bucket | Ensure Cloud storage has versioning enabled | Terraform |
| 989 | CKV_GCP_79 | resource | google_sql_database_instance | Ensure SQL database is using latest Major version | Terraform |
| 990 | CKV_GCP_80 | resource | google_bigquery_table | Ensure Big Query Tables are encrypted with Customer Supplied Encryption Keys (CSEK) | Terraform |
| 991 | CKV_GCP_81 | resource | google_bigquery_dataset | Ensure Big Query Tables are encrypted with Customer Supplied Encryption Keys (CSEK) | Terraform |
| 992 | CKV_GCP_82 | resource | google_kms_crypto_key | Ensure KMS keys are protected from deletion | Terraform |
| 993 | CKV_GCP_83 | resource | google_pubsub_topic | Ensure PubSub Topics are encrypted with Customer Supplied Encryption Keys (CSEK) | Terraform |
| 994 | CKV_GCP_84 | resource | google_artifact_registry_repository | Ensure Artifact Registry Repositories are encrypted with Customer Supplied Encryption Keys (CSEK) | Terraform |
| 995 | CKV_GCP_85 | resource | google_bigtable_instance | Ensure Big Table Instances are encrypted with Customer Supplied Encryption Keys (CSEK) | Terraform |
| 996 | CKV_GCP_86 | resource | google_cloudbuild_worker_pool | Ensure Cloud build workers are private | Terraform |
| 997 | CKV_GCP_87 | resource | google_data_fusion_instance | Ensure Data fusion instances are private | Terraform |
| 998 | CKV_GCP_88 | resource | google_compute_firewall | Ensure Google compute firewall ingress does not allow unrestricted mysql access | Terraform |
| 999 | CKV_GCP_89 | resource | google_notebooks_instance | Ensure Vertex AI instances are private | Terraform |
| 1000 | CKV_GCP_90 | resource | google_dataflow_job | Ensure data flow jobs are encrypted with Customer Supplied Encryption Keys (CSEK) | Terraform |
| 1001 | CKV_GCP_91 | resource | google_dataproc_cluster | Ensure Dataproc cluster is encrypted with Customer Supplied Encryption Keys (CSEK) | Terraform |
| 1002 | CKV_GCP_92 | resource | google_vertex_ai_dataset | Ensure Vertex AI datasets uses a CMK (Customer Manager Key) | Terraform |
| 1003 | CKV_GCP_93 | resource | google_spanner_database | Ensure Spanner Database is encrypted with Customer Supplied Encryption Keys (CSEK) | Terraform |
| 1004 | CKV_GCP_94 | resource | google_dataflow_job | Ensure Dataflow jobs are private | Terraform |
| 1005 | CKV_GCP_95 | resource | google_redis_instance | Ensure Memorystore for Redis has AUTH enabled | Terraform |
| 1006 | CKV_GCP_96 | resource | google_vertex_ai_metadata_store | Ensure Vertex AI Metadata Store uses a CMK (Customer Manager Key) | Terraform |
| 1007 | CKV_GCP_97 | resource | google_redis_instance | Ensure Memorystore for Redis uses intransit encryption | Terraform |
| 1008 | CKV_GCP_98 | resource | google_dataproc_cluster_iam_binding | Ensure that Dataproc clusters are not anonymously or publicly accessible | Terraform |
| 1009 | CKV_GCP_98 | resource | google_dataproc_cluster_iam_member | Ensure that Dataproc clusters are not anonymously or publicly accessible | Terraform |
| 1010 | CKV_GCP_99 | resource | google_pubsub_topic_iam_binding | Ensure that Pub/Sub Topics are not anonymously or publicly accessible | Terraform |
| 1011 | CKV_GCP_99 | resource | google_pubsub_topic_iam_member | Ensure that Pub/Sub Topics are not anonymously or publicly accessible | Terraform |
| 1012 | CKV_GCP_100 | resource | google_bigquery_table_iam_binding | Ensure that BigQuery Tables are not anonymously or publicly accessible | Terraform |
| 1013 | CKV_GCP_100 | resource | google_bigquery_table_iam_member | Ensure that BigQuery Tables are not anonymously or publicly accessible | Terraform |
| 1014 | CKV_GCP_101 | resource | google_artifact_registry_repository_iam_binding | Ensure that Artifact Registry repositories are not anonymously or publicly accessible | Terraform |
| 1015 | CKV_GCP_101 | resource | google_artifact_registry_repository_iam_member | Ensure that Artifact Registry repositories are not anonymously or publicly accessible | Terraform |
| 1016 | CKV_GCP_102 | resource | google_cloud_run_service_iam_binding | Ensure that GCP Cloud Run services are not anonymously or publicly accessible | Terraform |
| 1017 | CKV_GCP_102 | resource | google_cloud_run_service_iam_member | Ensure that GCP Cloud Run services are not anonymously or publicly accessible | Terraform |
| 1018 | CKV_GCP_103 | resource | google_dataproc_cluster | Ensure Dataproc Clusters do not have public IPs | Terraform |
| 1019 | CKV_GCP_104 | resource | google_data_fusion_instance | Ensure Datafusion has stack driver logging enabled | Terraform |
| 1020 | CKV2_GCP_1 | resource | google_project_default_service_accounts | Ensure GKE clusters are not running using the Compute Engine default service account | Terraform |
| 1021 | CKV2_GCP_2 | resource | google_compute_network | Ensure legacy networks do not exist for a project | Terraform |
| 1022 | CKV2_GCP_3 | resource | google_service_account_key | Ensure that there are only GCP-managed service account keys for each service account | Terraform |
| 1023 | CKV2_GCP_4 | resource | google_logging_folder_sink | Ensure that retention policies on log buckets are configured using Bucket Lock | Terraform |
| 1024 | CKV2_GCP_4 | resource | google_logging_organization_sink | Ensure that retention policies on log buckets are configured using Bucket Lock | Terraform |
| 1025 | CKV2_GCP_4 | resource | google_logging_project_sink | Ensure that retention policies on log buckets are configured using Bucket Lock | Terraform |
| 1026 | CKV2_GCP_4 | resource | google_storage_bucket | Ensure that retention policies on log buckets are configured using Bucket Lock | Terraform |
| 1027 | CKV2_GCP_5 | resource | google_project | Ensure that Cloud Audit Logging is configured properly across all services and all users from a project | Terraform |
| 1028 | CKV2_GCP_5 | resource | google_project_iam_audit_config | Ensure that Cloud Audit Logging is configured properly across all services and all users from a project | Terraform |
| 1029 | CKV2_GCP_6 | resource | google_kms_crypto_key | Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible | Terraform |
| 1030 | CKV2_GCP_6 | resource | google_kms_crypto_key_iam_binding | Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible | Terraform |
| 1031 | CKV2_GCP_6 | resource | google_kms_crypto_key_iam_member | Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible | Terraform |
| 1032 | CKV2_GCP_7 | resource | google_sql_database_instance | Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges | Terraform |
| 1033 | CKV2_GCP_7 | resource | google_sql_user | Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges | Terraform |
| 1034 | CKV2_GCP_8 | resource | google_kms_key_ring | Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible | Terraform |
| 1035 | CKV2_GCP_8 | resource | google_kms_key_ring_iam_binding | Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible | Terraform |
| 1036 | CKV2_GCP_8 | resource | google_kms_key_ring_iam_member | Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible | Terraform |
| 1037 | CKV2_GCP_9 | resource | google_container_registry | Ensure that Container Registry repositories are not anonymously or publicly accessible | Terraform |
| 1038 | CKV2_GCP_9 | resource | google_storage_bucket_iam_binding | Ensure that Container Registry repositories are not anonymously or publicly accessible | Terraform |
| 1039 | CKV2_GCP_9 | resource | google_storage_bucket_iam_member | Ensure that Container Registry repositories are not anonymously or publicly accessible | Terraform |
| 1040 | CKV_GHA_1 | jobs | jobs | Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables | github_actions |
| 1041 | CKV_GHA_1 | jobs | jobs.*.steps[] | Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn't true on environment variables | github_actions |
| 1042 | CKV_GHA_2 | jobs | jobs | Ensure run commands are not vulnerable to shell injection | github_actions |
| 1043 | CKV_GHA_2 | jobs | jobs.*.steps[] | Ensure run commands are not vulnerable to shell injection | github_actions |
| 1044 | CKV_GIT_1 | resource | github_repository | Ensure Repository is Private | Terraform |
| 1045 | CKV_GIT_2 | resource | github_repository_webhook | Ensure Repository Webhook uses secure Ssl | Terraform |
| 1046 | CKV_GIT_3 | resource | github_repository | Ensure GitHub repository has vulnerability alerts enabled | Terraform |
| 1047 | CKV_GIT_4 | resource | github_actions_environment_secret | Ensure Secrets are encrypted | Terraform |
| 1048 | CKV_GIT_4 | resource | github_actions_organization_secret | Ensure Secrets are encrypted | Terraform |
| 1049 | CKV_GIT_4 | resource | github_actions_secret | Ensure Secrets are encrypted | Terraform |
| 1050 | CKV_GITHUB_1 | github_configuration | * | Ensure GitHub organization security settings require 2FA | github_configuration |
| 1051 | CKV_GITHUB_2 | github_configuration | * | Ensure GitHub organization security settings require SSO | github_configuration |
| 1052 | CKV_GITHUB_3 | github_configuration | * | Ensure GitHub organization security settings has IP allow list enabled | github_configuration |
| 1053 | CKV_GITHUB_4 | github_configuration | * | Ensure GitHub branch protection rules requires signed commits | github_configuration |
| 1054 | CKV_GITHUB_5 | github_configuration | * | Ensure GitHub branch protection rules does not allow force pushes | github_configuration |
| 1055 | CKV_GITLAB_1 | gitlab_configuration | * | Merge requests should require at least 2 approvals | gitlab_configuration |
| 1056 | CKV_GITLAB_2 | gitlab_configuration | * | Ensure all Gitlab groups require two factor authentication | gitlab_configuration |
| 1057 | CKV_K8S_1 | resource | PodSecurityPolicy | Do not admit containers wishing to share the host process ID namespace | Kubernetes |
| 1058 | CKV_K8S_1 | resource | kubernetes_pod_security_policy | Do not admit containers wishing to share the host process ID namespace | Terraform |
| 1059 | CKV_K8S_2 | resource | PodSecurityPolicy | Do not admit privileged containers | Kubernetes |
| 1060 | CKV_K8S_2 | resource | kubernetes_pod_security_policy | Do not admit privileged containers | Terraform |
| 1061 | CKV_K8S_3 | resource | PodSecurityPolicy | Do not admit containers wishing to share the host IPC namespace | Kubernetes |
| 1062 | CKV_K8S_3 | resource | kubernetes_pod_security_policy | Do not admit containers wishing to share the host IPC namespace | Terraform |
| 1063 | CKV_K8S_4 | resource | PodSecurityPolicy | Do not admit containers wishing to share the host network namespace | Kubernetes |
| 1064 | CKV_K8S_4 | resource | kubernetes_pod_security_policy | Do not admit containers wishing to share the host network namespace | Terraform |
| 1065 | CKV_K8S_5 | resource | PodSecurityPolicy | Containers should not run with allowPrivilegeEscalation | Kubernetes |
| 1066 | CKV_K8S_5 | resource | kubernetes_pod_security_policy | Containers should not run with allowPrivilegeEscalation | Terraform |
| 1067 | CKV_K8S_6 | resource | PodSecurityPolicy | Do not admit root containers | Kubernetes |
| 1068 | CKV_K8S_6 | resource | kubernetes_pod_security_policy | Do not admit root containers | Terraform |
| 1069 | CKV_K8S_7 | resource | PodSecurityPolicy | Do not admit containers with the NET_RAW capability | Kubernetes |
| 1070 | CKV_K8S_7 | resource | kubernetes_pod_security_policy | Do not admit containers with the NET_RAW capability | Terraform |
| 1071 | CKV_K8S_8 | resource | DaemonSet | Liveness Probe Should be Configured | Kubernetes |
| 1072 | CKV_K8S_8 | resource | Deployment | Liveness Probe Should be Configured | Kubernetes |
| 1073 | CKV_K8S_8 | resource | Pod | Liveness Probe Should be Configured | Kubernetes |
| 1074 | CKV_K8S_8 | resource | PodTemplate | Liveness Probe Should be Configured | Kubernetes |
| 1075 | CKV_K8S_8 | resource | ReplicaSet | Liveness Probe Should be Configured | Kubernetes |
| 1076 | CKV_K8S_8 | resource | ReplicationController | Liveness Probe Should be Configured | Kubernetes |
| 1077 | CKV_K8S_8 | resource | StatefulSet | Liveness Probe Should be Configured | Kubernetes |
| 1078 | CKV_K8S_8 | resource | kubernetes_pod | Liveness Probe Should be Configured | Terraform |
| 1079 | CKV_K8S_9 | resource | DaemonSet | Readiness Probe Should be Configured | Kubernetes |
| 1080 | CKV_K8S_9 | resource | Deployment | Readiness Probe Should be Configured | Kubernetes |
| 1081 | CKV_K8S_9 | resource | Pod | Readiness Probe Should be Configured | Kubernetes |
| 1082 | CKV_K8S_9 | resource | PodTemplate | Readiness Probe Should be Configured | Kubernetes |
| 1083 | CKV_K8S_9 | resource | ReplicaSet | Readiness Probe Should be Configured | Kubernetes |
| 1084 | CKV_K8S_9 | resource | ReplicationController | Readiness Probe Should be Configured | Kubernetes |
| 1085 | CKV_K8S_9 | resource | StatefulSet | Readiness Probe Should be Configured | Kubernetes |
| 1086 | CKV_K8S_9 | resource | kubernetes_pod | Readiness Probe Should be Configured | Terraform |
| 1087 | CKV_K8S_10 | resource | CronJob | CPU requests should be set | Kubernetes |
| 1088 | CKV_K8S_10 | resource | DaemonSet | CPU requests should be set | Kubernetes |
| 1089 | CKV_K8S_10 | resource | Deployment | CPU requests should be set | Kubernetes |
| 1090 | CKV_K8S_10 | resource | Job | CPU requests should be set | Kubernetes |
| 1091 | CKV_K8S_10 | resource | Pod | CPU requests should be set | Kubernetes |
| 1092 | CKV_K8S_10 | resource | PodTemplate | CPU requests should be set | Kubernetes |
| 1093 | CKV_K8S_10 | resource | ReplicaSet | CPU requests should be set | Kubernetes |
| 1094 | CKV_K8S_10 | resource | ReplicationController | CPU requests should be set | Kubernetes |
| 1095 | CKV_K8S_10 | resource | StatefulSet | CPU requests should be set | Kubernetes |
| 1096 | CKV_K8S_10 | resource | kubernetes_pod | CPU requests should be set | Terraform |
| 1097 | CKV_K8S_11 | resource | CronJob | CPU limits should be set | Kubernetes |
| 1098 | CKV_K8S_11 | resource | DaemonSet | CPU limits should be set | Kubernetes |
| 1099 | CKV_K8S_11 | resource | Deployment | CPU limits should be set | Kubernetes |
| 1100 | CKV_K8S_11 | resource | Job | CPU limits should be set | Kubernetes |
| 1101 | CKV_K8S_11 | resource | Pod | CPU limits should be set | Kubernetes |
| 1102 | CKV_K8S_11 | resource | PodTemplate | CPU limits should be set | Kubernetes |
| 1103 | CKV_K8S_11 | resource | ReplicaSet | CPU limits should be set | Kubernetes |
| 1104 | CKV_K8S_11 | resource | ReplicationController | CPU limits should be set | Kubernetes |
| 1105 | CKV_K8S_11 | resource | StatefulSet | CPU limits should be set | Kubernetes |
| 1106 | CKV_K8S_11 | resource | kubernetes_pod | CPU Limits should be set | Terraform |
| 1107 | CKV_K8S_12 | resource | CronJob | Memory requests should be set | Kubernetes |
| 1108 | CKV_K8S_12 | resource | DaemonSet | Memory requests should be set | Kubernetes |
| 1109 | CKV_K8S_12 | resource | Deployment | Memory requests should be set | Kubernetes |
| 1110 | CKV_K8S_12 | resource | Job | Memory requests should be set | Kubernetes |
| 1111 | CKV_K8S_12 | resource | Pod | Memory requests should be set | Kubernetes |
| 1112 | CKV_K8S_12 | resource | PodTemplate | Memory requests should be set | Kubernetes |
| 1113 | CKV_K8S_12 | resource | ReplicaSet | Memory requests should be set | Kubernetes |
| 1114 | CKV_K8S_12 | resource | ReplicationController | Memory requests should be set | Kubernetes |
| 1115 | CKV_K8S_12 | resource | StatefulSet | Memory requests should be set | Kubernetes |
| 1116 | CKV_K8S_12 | resource | kubernetes_pod | Memory Limits should be set | Terraform |
| 1117 | CKV_K8S_13 | resource | CronJob | Memory limits should be set | Kubernetes |
| 1118 | CKV_K8S_13 | resource | DaemonSet | Memory limits should be set | Kubernetes |
| 1119 | CKV_K8S_13 | resource | Deployment | Memory limits should be set | Kubernetes |
| 1120 | CKV_K8S_13 | resource | Job | Memory limits should be set | Kubernetes |
| 1121 | CKV_K8S_13 | resource | Pod | Memory limits should be set | Kubernetes |
| 1122 | CKV_K8S_13 | resource | PodTemplate | Memory limits should be set | Kubernetes |
| 1123 | CKV_K8S_13 | resource | ReplicaSet | Memory limits should be set | Kubernetes |
| 1124 | CKV_K8S_13 | resource | ReplicationController | Memory limits should be set | Kubernetes |
| 1125 | CKV_K8S_13 | resource | StatefulSet | Memory limits should be set | Kubernetes |
| 1126 | CKV_K8S_13 | resource | kubernetes_pod | Memory requests should be set | Terraform |
| 1127 | CKV_K8S_14 | resource | CronJob | Image Tag should be fixed - not latest or blank | Kubernetes |
| 1128 | CKV_K8S_14 | resource | DaemonSet | Image Tag should be fixed - not latest or blank | Kubernetes |
| 1129 | CKV_K8S_14 | resource | Deployment | Image Tag should be fixed - not latest or blank | Kubernetes |
| 1130 | CKV_K8S_14 | resource | Job | Image Tag should be fixed - not latest or blank | Kubernetes |
| 1131 | CKV_K8S_14 | resource | Pod | Image Tag should be fixed - not latest or blank | Kubernetes |
| 1132 | CKV_K8S_14 | resource | PodTemplate | Image Tag should be fixed - not latest or blank | Kubernetes |
| 1133 | CKV_K8S_14 | resource | ReplicaSet | Image Tag should be fixed - not latest or blank | Kubernetes |
| 1134 | CKV_K8S_14 | resource | ReplicationController | Image Tag should be fixed - not latest or blank | Kubernetes |
| 1135 | CKV_K8S_14 | resource | StatefulSet | Image Tag should be fixed - not latest or blank | Kubernetes |
| 1136 | CKV_K8S_14 | resource | kubernetes_pod | Image Tag should be fixed - not latest or blank | Terraform |
| 1137 | CKV_K8S_15 | resource | CronJob | Image Pull Policy should be Always | Kubernetes |
| 1138 | CKV_K8S_15 | resource | DaemonSet | Image Pull Policy should be Always | Kubernetes |
| 1139 | CKV_K8S_15 | resource | Deployment | Image Pull Policy should be Always | Kubernetes |
| 1140 | CKV_K8S_15 | resource | Job | Image Pull Policy should be Always | Kubernetes |
| 1141 | CKV_K8S_15 | resource | Pod | Image Pull Policy should be Always | Kubernetes |
| 1142 | CKV_K8S_15 | resource | PodTemplate | Image Pull Policy should be Always | Kubernetes |
| 1143 | CKV_K8S_15 | resource | ReplicaSet | Image Pull Policy should be Always | Kubernetes |
| 1144 | CKV_K8S_15 | resource | ReplicationController | Image Pull Policy should be Always | Kubernetes |
| 1145 | CKV_K8S_15 | resource | StatefulSet | Image Pull Policy should be Always | Kubernetes |
| 1146 | CKV_K8S_15 | resource | kubernetes_pod | Image Pull Policy should be Always | Terraform |
| 1147 | CKV_K8S_16 | resource | CronJob | Container should not be privileged | Kubernetes |
| 1148 | CKV_K8S_16 | resource | DaemonSet | Container should not be privileged | Kubernetes |
| 1149 | CKV_K8S_16 | resource | Deployment | Container should not be privileged | Kubernetes |
| 1150 | CKV_K8S_16 | resource | Job | Container should not be privileged | Kubernetes |
| 1151 | CKV_K8S_16 | resource | Pod | Container should not be privileged | Kubernetes |
| 1152 | CKV_K8S_16 | resource | PodTemplate | Container should not be privileged | Kubernetes |
| 1153 | CKV_K8S_16 | resource | ReplicaSet | Container should not be privileged | Kubernetes |
| 1154 | CKV_K8S_16 | resource | ReplicationController | Container should not be privileged | Kubernetes |
| 1155 | CKV_K8S_16 | resource | StatefulSet | Container should not be privileged | Kubernetes |
| 1156 | CKV_K8S_16 | resource | kubernetes_pod | Do not admit privileged containers | Terraform |
| 1157 | CKV_K8S_17 | resource | CronJob | Containers should not share the host process ID namespace | Kubernetes |
| 1158 | CKV_K8S_17 | resource | DaemonSet | Containers should not share the host process ID namespace | Kubernetes |
| 1159 | CKV_K8S_17 | resource | Deployment | Containers should not share the host process ID namespace | Kubernetes |
| 1160 | CKV_K8S_17 | resource | Job | Containers should not share the host process ID namespace | Kubernetes |
| 1161 | CKV_K8S_17 | resource | Pod | Containers should not share the host process ID namespace | Kubernetes |
| 1162 | CKV_K8S_17 | resource | ReplicaSet | Containers should not share the host process ID namespace | Kubernetes |
| 1163 | CKV_K8S_17 | resource | ReplicationController | Containers should not share the host process ID namespace | Kubernetes |
| 1164 | CKV_K8S_17 | resource | StatefulSet | Containers should not share the host process ID namespace | Kubernetes |
| 1165 | CKV_K8S_17 | resource | kubernetes_pod | Do not admit containers wishing to share the host process ID namespace | Terraform |
| 1166 | CKV_K8S_18 | resource | CronJob | Containers should not share the host IPC namespace | Kubernetes |
| 1167 | CKV_K8S_18 | resource | DaemonSet | Containers should not share the host IPC namespace | Kubernetes |
| 1168 | CKV_K8S_18 | resource | Deployment | Containers should not share the host IPC namespace | Kubernetes |
| 1169 | CKV_K8S_18 | resource | Job | Containers should not share the host IPC namespace | Kubernetes |
| 1170 | CKV_K8S_18 | resource | Pod | Containers should not share the host IPC namespace | Kubernetes |
| 1171 | CKV_K8S_18 | resource | ReplicaSet | Containers should not share the host IPC namespace | Kubernetes |
| 1172 | CKV_K8S_18 | resource | ReplicationController | Containers should not share the host IPC namespace | Kubernetes |
| 1173 | CKV_K8S_18 | resource | StatefulSet | Containers should not share the host IPC namespace | Kubernetes |
| 1174 | CKV_K8S_18 | resource | kubernetes_pod | Do not admit containers wishing to share the host IPC namespace | Terraform |
| 1175 | CKV_K8S_19 | resource | CronJob | Containers should not share the host network namespace | Kubernetes |
| 1176 | CKV_K8S_19 | resource | DaemonSet | Containers should not share the host network namespace | Kubernetes |
| 1177 | CKV_K8S_19 | resource | Deployment | Containers should not share the host network namespace | Kubernetes |
| 1178 | CKV_K8S_19 | resource | Job | Containers should not share the host network namespace | Kubernetes |
| 1179 | CKV_K8S_19 | resource | Pod | Containers should not share the host network namespace | Kubernetes |
| 1180 | CKV_K8S_19 | resource | ReplicaSet | Containers should not share the host network namespace | Kubernetes |
| 1181 | CKV_K8S_19 | resource | ReplicationController | Containers should not share the host network namespace | Kubernetes |
| 1182 | CKV_K8S_19 | resource | StatefulSet | Containers should not share the host network namespace | Kubernetes |
| 1183 | CKV_K8S_19 | resource | kubernetes_pod | Do not admit containers wishing to share the host network namespace | Terraform |
| 1184 | CKV_K8S_20 | resource | CronJob | Containers should not run with allowPrivilegeEscalation | Kubernetes |
| 1185 | CKV_K8S_20 | resource | DaemonSet | Containers should not run with allowPrivilegeEscalation | Kubernetes |
| 1186 | CKV_K8S_20 | resource | Deployment | Containers should not run with allowPrivilegeEscalation | Kubernetes |
| 1187 | CKV_K8S_20 | resource | Job | Containers should not run with allowPrivilegeEscalation | Kubernetes |
| 1188 | CKV_K8S_20 | resource | Pod | Containers should not run with allowPrivilegeEscalation | Kubernetes |
| 1189 | CKV_K8S_20 | resource | PodTemplate | Containers should not run with allowPrivilegeEscalation | Kubernetes |
| 1190 | CKV_K8S_20 | resource | ReplicaSet | Containers should not run with allowPrivilegeEscalation | Kubernetes |
| 1191 | CKV_K8S_20 | resource | ReplicationController | Containers should not run with allowPrivilegeEscalation | Kubernetes |
| 1192 | CKV_K8S_20 | resource | StatefulSet | Containers should not run with allowPrivilegeEscalation | Kubernetes |
| 1193 | CKV_K8S_20 | resource | kubernetes_pod | Containers should not run with allowPrivilegeEscalation | Terraform |
| 1194 | CKV_K8S_21 | resource | ConfigMap | The default namespace should not be used | Kubernetes |
| 1195 | CKV_K8S_21 | resource | CronJob | The default namespace should not be used | Kubernetes |
| 1196 | CKV_K8S_21 | resource | DaemonSet | The default namespace should not be used | Kubernetes |
| 1197 | CKV_K8S_21 | resource | Deployment | The default namespace should not be used | Kubernetes |
| 1198 | CKV_K8S_21 | resource | Ingress | The default namespace should not be used | Kubernetes |
| 1199 | CKV_K8S_21 | resource | Job | The default namespace should not be used | Kubernetes |
| 1200 | CKV_K8S_21 | resource | Pod | The default namespace should not be used | Kubernetes |
| 1201 | CKV_K8S_21 | resource | ReplicaSet | The default namespace should not be used | Kubernetes |
| 1202 | CKV_K8S_21 | resource | ReplicationController | The default namespace should not be used | Kubernetes |
| 1203 | CKV_K8S_21 | resource | Role | The default namespace should not be used | Kubernetes |
| 1204 | CKV_K8S_21 | resource | RoleBinding | The default namespace should not be used | Kubernetes |
| 1205 | CKV_K8S_21 | resource | Secret | The default namespace should not be used | Kubernetes |
| 1206 | CKV_K8S_21 | resource | Service | The default namespace should not be used | Kubernetes |
| 1207 | CKV_K8S_21 | resource | ServiceAccount | The default namespace should not be used | Kubernetes |
| 1208 | CKV_K8S_21 | resource | StatefulSet | The default namespace should not be used | Kubernetes |
| 1209 | CKV_K8S_21 | resource | kubernetes_config_map | The default namespace should not be used | Terraform |
| 1210 | CKV_K8S_21 | resource | kubernetes_cron_job | The default namespace should not be used | Terraform |
| 1211 | CKV_K8S_21 | resource | kubernetes_daemonset | The default namespace should not be used | Terraform |
| 1212 | CKV_K8S_21 | resource | kubernetes_deployment | The default namespace should not be used | Terraform |
| 1213 | CKV_K8S_21 | resource | kubernetes_ingress | The default namespace should not be used | Terraform |
| 1214 | CKV_K8S_21 | resource | kubernetes_job | The default namespace should not be used | Terraform |
| 1215 | CKV_K8S_21 | resource | kubernetes_pod | The default namespace should not be used | Terraform |
| 1216 | CKV_K8S_21 | resource | kubernetes_replication_controller | The default namespace should not be used | Terraform |
| 1217 | CKV_K8S_21 | resource | kubernetes_role_binding | The default namespace should not be used | Terraform |
| 1218 | CKV_K8S_21 | resource | kubernetes_secret | The default namespace should not be used | Terraform |
| 1219 | CKV_K8S_21 | resource | kubernetes_service | The default namespace should not be used | Terraform |
| 1220 | CKV_K8S_21 | resource | kubernetes_service_account | The default namespace should not be used | Terraform |
| 1221 | CKV_K8S_21 | resource | kubernetes_stateful_set | The default namespace should not be used | Terraform |
| 1222 | CKV_K8S_22 | resource | CronJob | Use read-only filesystem for containers where possible | Kubernetes |
| 1223 | CKV_K8S_22 | resource | DaemonSet | Use read-only filesystem for containers where possible | Kubernetes |
| 1224 | CKV_K8S_22 | resource | Deployment | Use read-only filesystem for containers where possible | Kubernetes |
| 1225 | CKV_K8S_22 | resource | Job | Use read-only filesystem for containers where possible | Kubernetes |
| 1226 | CKV_K8S_22 | resource | Pod | Use read-only filesystem for containers where possible | Kubernetes |
| 1227 | CKV_K8S_22 | resource | PodTemplate | Use read-only filesystem for containers where possible | Kubernetes |
| 1228 | CKV_K8S_22 | resource | ReplicaSet | Use read-only filesystem for containers where possible | Kubernetes |
| 1229 | CKV_K8S_22 | resource | ReplicationController | Use read-only filesystem for containers where possible | Kubernetes |
| 1230 | CKV_K8S_22 | resource | StatefulSet | Use read-only filesystem for containers where possible | Kubernetes |
| 1231 | CKV_K8S_22 | resource | kubernetes_pod | Use read-only filesystem for containers where possible | Terraform |
| 1232 | CKV_K8S_23 | resource | CronJob | Minimize the admission of root containers | Kubernetes |
| 1233 | CKV_K8S_23 | resource | DaemonSet | Minimize the admission of root containers | Kubernetes |
| 1234 | CKV_K8S_23 | resource | Deployment | Minimize the admission of root containers | Kubernetes |
| 1235 | CKV_K8S_23 | resource | Job | Minimize the admission of root containers | Kubernetes |
| 1236 | CKV_K8S_23 | resource | Pod | Minimize the admission of root containers | Kubernetes |
| 1237 | CKV_K8S_23 | resource | ReplicaSet | Minimize the admission of root containers | Kubernetes |
| 1238 | CKV_K8S_23 | resource | ReplicationController | Minimize the admission of root containers | Kubernetes |
| 1239 | CKV_K8S_23 | resource | StatefulSet | Minimize the admission of root containers | Kubernetes |
| 1240 | CKV_K8S_24 | resource | PodSecurityPolicy | Do not allow containers with added capability | Kubernetes |
| 1241 | CKV_K8S_24 | resource | kubernetes_pod_security_policy | Do not allow containers with added capability | Terraform |
| 1242 | CKV_K8S_25 | resource | CronJob | Minimize the admission of containers with added capability | Kubernetes |
| 1243 | CKV_K8S_25 | resource | DaemonSet | Minimize the admission of containers with added capability | Kubernetes |
| 1244 | CKV_K8S_25 | resource | Deployment | Minimize the admission of containers with added capability | Kubernetes |
| 1245 | CKV_K8S_25 | resource | Job | Minimize the admission of containers with added capability | Kubernetes |
| 1246 | CKV_K8S_25 | resource | Pod | Minimize the admission of containers with added capability | Kubernetes |
| 1247 | CKV_K8S_25 | resource | PodTemplate | Minimize the admission of containers with added capability | Kubernetes |
| 1248 | CKV_K8S_25 | resource | ReplicaSet | Minimize the admission of containers with added capability | Kubernetes |
| 1249 | CKV_K8S_25 | resource | ReplicationController | Minimize the admission of containers with added capability | Kubernetes |
| 1250 | CKV_K8S_25 | resource | StatefulSet | Minimize the admission of containers with added capability | Kubernetes |
| 1251 | CKV_K8S_25 | resource | kubernetes_pod | Minimize the admission of containers with added capability | Terraform |
| 1252 | CKV_K8S_26 | resource | CronJob | Do not specify hostPort unless absolutely necessary | Kubernetes |
| 1253 | CKV_K8S_26 | resource | DaemonSet | Do not specify hostPort unless absolutely necessary | Kubernetes |
| 1254 | CKV_K8S_26 | resource | Deployment | Do not specify hostPort unless absolutely necessary | Kubernetes |
| 1255 | CKV_K8S_26 | resource | Job | Do not specify hostPort unless absolutely necessary | Kubernetes |
| 1256 | CKV_K8S_26 | resource | Pod | Do not specify hostPort unless absolutely necessary | Kubernetes |
| 1257 | CKV_K8S_26 | resource | PodTemplate | Do not specify hostPort unless absolutely necessary | Kubernetes |
| 1258 | CKV_K8S_26 | resource | ReplicaSet | Do not specify hostPort unless absolutely necessary | Kubernetes |
| 1259 | CKV_K8S_26 | resource | ReplicationController | Do not specify hostPort unless absolutely necessary | Kubernetes |
| 1260 | CKV_K8S_26 | resource | StatefulSet | Do not specify hostPort unless absolutely necessary | Kubernetes |
| 1261 | CKV_K8S_26 | resource | kubernetes_pod | Do not specify hostPort unless absolutely necessary | Terraform |
| 1262 | CKV_K8S_27 | resource | CronJob | Do not expose the docker daemon socket to containers | Kubernetes |
| 1263 | CKV_K8S_27 | resource | DaemonSet | Do not expose the docker daemon socket to containers | Kubernetes |
| 1264 | CKV_K8S_27 | resource | Deployment | Do not expose the docker daemon socket to containers | Kubernetes |
| 1265 | CKV_K8S_27 | resource | Job | Do not expose the docker daemon socket to containers | Kubernetes |
| 1266 | CKV_K8S_27 | resource | Pod | Do not expose the docker daemon socket to containers | Kubernetes |
| 1267 | CKV_K8S_27 | resource | ReplicaSet | Do not expose the docker daemon socket to containers | Kubernetes |
| 1268 | CKV_K8S_27 | resource | ReplicationController | Do not expose the docker daemon socket to containers | Kubernetes |
| 1269 | CKV_K8S_27 | resource | StatefulSet | Do not expose the docker daemon socket to containers | Kubernetes |
| 1270 | CKV_K8S_27 | resource | kubernetes_daemonset | Do not expose the docker daemon socket to containers | Terraform |
| 1271 | CKV_K8S_27 | resource | kubernetes_deployment | Do not expose the docker daemon socket to containers | Terraform |
| 1272 | CKV_K8S_27 | resource | kubernetes_pod | Do not expose the docker daemon socket to containers | Terraform |
| 1273 | CKV_K8S_28 | resource | CronJob | Minimize the admission of containers with the NET_RAW capability | Kubernetes |
| 1274 | CKV_K8S_28 | resource | DaemonSet | Minimize the admission of containers with the NET_RAW capability | Kubernetes |
| 1275 | CKV_K8S_28 | resource | Deployment | Minimize the admission of containers with the NET_RAW capability | Kubernetes |
| 1276 | CKV_K8S_28 | resource | Job | Minimize the admission of containers with the NET_RAW capability | Kubernetes |
| 1277 | CKV_K8S_28 | resource | Pod | Minimize the admission of containers with the NET_RAW capability | Kubernetes |
| 1278 | CKV_K8S_28 | resource | PodTemplate | Minimize the admission of containers with the NET_RAW capability | Kubernetes |
| 1279 | CKV_K8S_28 | resource | ReplicaSet | Minimize the admission of containers with the NET_RAW capability | Kubernetes |
| 1280 | CKV_K8S_28 | resource | ReplicationController | Minimize the admission of containers with the NET_RAW capability | Kubernetes |
| 1281 | CKV_K8S_28 | resource | StatefulSet | Minimize the admission of containers with the NET_RAW capability | Kubernetes |
| 1282 | CKV_K8S_28 | resource | kubernetes_pod | Minimize the admission of containers with the NET_RAW capability | Terraform |
| 1283 | CKV_K8S_29 | resource | CronJob | Apply security context to your pods and containers | Kubernetes |
| 1284 | CKV_K8S_29 | resource | DaemonSet | Apply security context to your pods and containers | Kubernetes |
| 1285 | CKV_K8S_29 | resource | Deployment | Apply security context to your pods and containers | Kubernetes |
| 1286 | CKV_K8S_29 | resource | Job | Apply security context to your pods and containers | Kubernetes |
| 1287 | CKV_K8S_29 | resource | Pod | Apply security context to your pods and containers | Kubernetes |
| 1288 | CKV_K8S_29 | resource | ReplicaSet | Apply security context to your pods and containers | Kubernetes |
| 1289 | CKV_K8S_29 | resource | ReplicationController | Apply security context to your pods and containers | Kubernetes |
| 1290 | CKV_K8S_29 | resource | StatefulSet | Apply security context to your pods and containers | Kubernetes |
| 1291 | CKV_K8S_29 | resource | kubernetes_daemonset | Apply security context to your pods and containers | Terraform |
| 1292 | CKV_K8S_29 | resource | kubernetes_deployment | Apply security context to your pods and containers | Terraform |
| 1293 | CKV_K8S_29 | resource | kubernetes_pod | Apply security context to your pods and containers | Terraform |
| 1294 | CKV_K8S_30 | resource | CronJob | Apply security context to your pods and containers | Kubernetes |
| 1295 | CKV_K8S_30 | resource | DaemonSet | Apply security context to your pods and containers | Kubernetes |
| 1296 | CKV_K8S_30 | resource | Deployment | Apply security context to your pods and containers | Kubernetes |
| 1297 | CKV_K8S_30 | resource | Job | Apply security context to your pods and containers | Kubernetes |
| 1298 | CKV_K8S_30 | resource | Pod | Apply security context to your pods and containers | Kubernetes |
| 1299 | CKV_K8S_30 | resource | PodTemplate | Apply security context to your pods and containers | Kubernetes |
| 1300 | CKV_K8S_30 | resource | ReplicaSet | Apply security context to your pods and containers | Kubernetes |
| 1301 | CKV_K8S_30 | resource | ReplicationController | Apply security context to your pods and containers | Kubernetes |
| 1302 | CKV_K8S_30 | resource | StatefulSet | Apply security context to your pods and containers | Kubernetes |
| 1303 | CKV_K8S_30 | resource | kubernetes_pod | Apply security context to your pods and containers | Terraform |
| 1304 | CKV_K8S_31 | resource | CronJob | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes |
| 1305 | CKV_K8S_31 | resource | DaemonSet | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes |
| 1306 | CKV_K8S_31 | resource | Deployment | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes |
| 1307 | CKV_K8S_31 | resource | Job | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes |
| 1308 | CKV_K8S_31 | resource | Pod | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes |
| 1309 | CKV_K8S_31 | resource | ReplicaSet | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes |
| 1310 | CKV_K8S_31 | resource | ReplicationController | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes |
| 1311 | CKV_K8S_31 | resource | StatefulSet | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes |
| 1312 | CKV_K8S_32 | resource | PodSecurityPolicy | Ensure default seccomp profile set to docker/default or runtime/default | Kubernetes |
| 1313 | CKV_K8S_32 | resource | kubernetes_pod_security_policy | Ensure default seccomp profile set to docker/default or runtime/default | Terraform |
| 1314 | CKV_K8S_33 | resource | CronJob | Ensure the Kubernetes dashboard is not deployed | Kubernetes |
| 1315 | CKV_K8S_33 | resource | DaemonSet | Ensure the Kubernetes dashboard is not deployed | Kubernetes |
| 1316 | CKV_K8S_33 | resource | Deployment | Ensure the Kubernetes dashboard is not deployed | Kubernetes |
| 1317 | CKV_K8S_33 | resource | Job | Ensure the Kubernetes dashboard is not deployed | Kubernetes |
| 1318 | CKV_K8S_33 | resource | Pod | Ensure the Kubernetes dashboard is not deployed | Kubernetes |
| 1319 | CKV_K8S_33 | resource | PodTemplate | Ensure the Kubernetes dashboard is not deployed | Kubernetes |
| 1320 | CKV_K8S_33 | resource | ReplicaSet | Ensure the Kubernetes dashboard is not deployed | Kubernetes |
| 1321 | CKV_K8S_33 | resource | ReplicationController | Ensure the Kubernetes dashboard is not deployed | Kubernetes |
| 1322 | CKV_K8S_33 | resource | StatefulSet | Ensure the Kubernetes dashboard is not deployed | Kubernetes |
| 1323 | CKV_K8S_34 | resource | CronJob | Ensure that Tiller (Helm v2) is not deployed | Kubernetes |
| 1324 | CKV_K8S_34 | resource | DaemonSet | Ensure that Tiller (Helm v2) is not deployed | Kubernetes |
| 1325 | CKV_K8S_34 | resource | Deployment | Ensure that Tiller (Helm v2) is not deployed | Kubernetes |
| 1326 | CKV_K8S_34 | resource | Job | Ensure that Tiller (Helm v2) is not deployed | Kubernetes |
| 1327 | CKV_K8S_34 | resource | Pod | Ensure that Tiller (Helm v2) is not deployed | Kubernetes |
| 1328 | CKV_K8S_34 | resource | PodTemplate | Ensure that Tiller (Helm v2) is not deployed | Kubernetes |
| 1329 | CKV_K8S_34 | resource | ReplicaSet | Ensure that Tiller (Helm v2) is not deployed | Kubernetes |
| 1330 | CKV_K8S_34 | resource | ReplicationController | Ensure that Tiller (Helm v2) is not deployed | Kubernetes |
| 1331 | CKV_K8S_34 | resource | StatefulSet | Ensure that Tiller (Helm v2) is not deployed | Kubernetes |
| 1332 | CKV_K8S_34 | resource | kubernetes_pod | Ensure that Tiller (Helm v2) is not deployed | Terraform |
| 1333 | CKV_K8S_35 | resource | CronJob | Prefer using secrets as files over secrets as environment variables | Kubernetes |
| 1334 | CKV_K8S_35 | resource | DaemonSet | Prefer using secrets as files over secrets as environment variables | Kubernetes |
| 1335 | CKV_K8S_35 | resource | Deployment | Prefer using secrets as files over secrets as environment variables | Kubernetes |
| 1336 | CKV_K8S_35 | resource | Job | Prefer using secrets as files over secrets as environment variables | Kubernetes |
| 1337 | CKV_K8S_35 | resource | Pod | Prefer using secrets as files over secrets as environment variables | Kubernetes |
| 1338 | CKV_K8S_35 | resource | PodTemplate | Prefer using secrets as files over secrets as environment variables | Kubernetes |
| 1339 | CKV_K8S_35 | resource | ReplicaSet | Prefer using secrets as files over secrets as environment variables | Kubernetes |
| 1340 | CKV_K8S_35 | resource | ReplicationController | Prefer using secrets as files over secrets as environment variables | Kubernetes |
| 1341 | CKV_K8S_35 | resource | StatefulSet | Prefer using secrets as files over secrets as environment variables | Kubernetes |
| 1342 | CKV_K8S_35 | resource | kubernetes_pod | Prefer using secrets as files over secrets as environment variables | Terraform |
| 1343 | CKV_K8S_36 | resource | PodSecurityPolicy | Minimize the admission of containers with capabilities assigned | Kubernetes |
| 1344 | CKV_K8S_36 | resource | kubernetes_pod_security_policy | Minimise the admission of containers with capabilities assigned | Terraform |
| 1345 | CKV_K8S_37 | resource | CronJob | Minimize the admission of containers with capabilities assigned | Kubernetes |
| 1346 | CKV_K8S_37 | resource | DaemonSet | Minimize the admission of containers with capabilities assigned | Kubernetes |
| 1347 | CKV_K8S_37 | resource | Deployment | Minimize the admission of containers with capabilities assigned | Kubernetes |
| 1348 | CKV_K8S_37 | resource | Job | Minimize the admission of containers with capabilities assigned | Kubernetes |
| 1349 | CKV_K8S_37 | resource | Pod | Minimize the admission of containers with capabilities assigned | Kubernetes |
| 1350 | CKV_K8S_37 | resource | PodTemplate | Minimize the admission of containers with capabilities assigned | Kubernetes |
| 1351 | CKV_K8S_37 | resource | ReplicaSet | Minimize the admission of containers with capabilities assigned | Kubernetes |
| 1352 | CKV_K8S_37 | resource | ReplicationController | Minimize the admission of containers with capabilities assigned | Kubernetes |
| 1353 | CKV_K8S_37 | resource | StatefulSet | Minimize the admission of containers with capabilities assigned | Kubernetes |
| 1354 | CKV_K8S_37 | resource | kubernetes_pod | Minimise the admission of containers with capabilities assigned | Terraform |
| 1355 | CKV_K8S_38 | resource | CronJob | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes |
| 1356 | CKV_K8S_38 | resource | DaemonSet | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes |
| 1357 | CKV_K8S_38 | resource | Deployment | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes |
| 1358 | CKV_K8S_38 | resource | Job | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes |
| 1359 | CKV_K8S_38 | resource | Pod | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes |
| 1360 | CKV_K8S_38 | resource | ReplicaSet | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes |
| 1361 | CKV_K8S_38 | resource | ReplicationController | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes |
| 1362 | CKV_K8S_38 | resource | StatefulSet | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes |
| 1363 | CKV_K8S_39 | resource | CronJob | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes |
| 1364 | CKV_K8S_39 | resource | DaemonSet | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes |
| 1365 | CKV_K8S_39 | resource | Deployment | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes |
| 1366 | CKV_K8S_39 | resource | Job | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes |
| 1367 | CKV_K8S_39 | resource | Pod | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes |
| 1368 | CKV_K8S_39 | resource | PodTemplate | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes |
| 1369 | CKV_K8S_39 | resource | ReplicaSet | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes |
| 1370 | CKV_K8S_39 | resource | ReplicationController | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes |
| 1371 | CKV_K8S_39 | resource | StatefulSet | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes |
| 1372 | CKV_K8S_39 | resource | kubernetes_pod | Do not use the CAP_SYS_ADMIN linux capability | Terraform |
| 1373 | CKV_K8S_40 | resource | CronJob | Containers should run as a high UID to avoid host conflict | Kubernetes |
| 1374 | CKV_K8S_40 | resource | DaemonSet | Containers should run as a high UID to avoid host conflict | Kubernetes |
| 1375 | CKV_K8S_40 | resource | Deployment | Containers should run as a high UID to avoid host conflict | Kubernetes |
| 1376 | CKV_K8S_40 | resource | Job | Containers should run as a high UID to avoid host conflict | Kubernetes |
| 1377 | CKV_K8S_40 | resource | Pod | Containers should run as a high UID to avoid host conflict | Kubernetes |
| 1378 | CKV_K8S_40 | resource | ReplicaSet | Containers should run as a high UID to avoid host conflict | Kubernetes |
| 1379 | CKV_K8S_40 | resource | ReplicationController | Containers should run as a high UID to avoid host conflict | Kubernetes |
| 1380 | CKV_K8S_40 | resource | StatefulSet | Containers should run as a high UID to avoid host conflict | Kubernetes |
| 1381 | CKV_K8S_41 | resource | ServiceAccount | Ensure that default service accounts are not actively used | Kubernetes |
| 1382 | CKV_K8S_41 | resource | kubernetes_service_account | Ensure that default service accounts are not actively used | Terraform |
| 1383 | CKV_K8S_42 | resource | ClusterRoleBinding | Ensure that default service accounts are not actively used | Kubernetes |
| 1384 | CKV_K8S_42 | resource | RoleBinding | Ensure that default service accounts are not actively used | Kubernetes |
| 1385 | CKV_K8S_42 | resource | kubernetes_cluster_role_binding | Ensure that default service accounts are not actively used | Terraform |
| 1386 | CKV_K8S_42 | resource | kubernetes_role_binding | Ensure that default service accounts are not actively used | Terraform |
| 1387 | CKV_K8S_43 | resource | CronJob | Image should use digest | Kubernetes |
| 1388 | CKV_K8S_43 | resource | DaemonSet | Image should use digest | Kubernetes |
| 1389 | CKV_K8S_43 | resource | Deployment | Image should use digest | Kubernetes |
| 1390 | CKV_K8S_43 | resource | Job | Image should use digest | Kubernetes |
| 1391 | CKV_K8S_43 | resource | Pod | Image should use digest | Kubernetes |
| 1392 | CKV_K8S_43 | resource | PodTemplate | Image should use digest | Kubernetes |
| 1393 | CKV_K8S_43 | resource | ReplicaSet | Image should use digest | Kubernetes |
| 1394 | CKV_K8S_43 | resource | ReplicationController | Image should use digest | Kubernetes |
| 1395 | CKV_K8S_43 | resource | StatefulSet | Image should use digest | Kubernetes |
| 1396 | CKV_K8S_43 | resource | kubernetes_pod | Image should use digest | Terraform |
| 1397 | CKV_K8S_44 | resource | Service | Ensure that the Tiller Service (Helm v2) is deleted | Kubernetes |
| 1398 | CKV_K8S_44 | resource | kubernetes_service | Ensure that the Tiller Service (Helm v2) is deleted | Terraform |
| 1399 | CKV_K8S_45 | resource | CronJob | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes |
| 1400 | CKV_K8S_45 | resource | DaemonSet | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes |
| 1401 | CKV_K8S_45 | resource | Deployment | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes |
| 1402 | CKV_K8S_45 | resource | Job | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes |
| 1403 | CKV_K8S_45 | resource | Pod | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes |
| 1404 | CKV_K8S_45 | resource | PodTemplate | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes |
| 1405 | CKV_K8S_45 | resource | ReplicaSet | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes |
| 1406 | CKV_K8S_45 | resource | ReplicationController | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes |
| 1407 | CKV_K8S_45 | resource | StatefulSet | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes |
| 1408 | CKV_K8S_49 | resource | ClusterRole | Minimize wildcard use in Roles and ClusterRoles | Kubernetes |
| 1409 | CKV_K8S_49 | resource | Role | Minimize wildcard use in Roles and ClusterRoles | Kubernetes |
| 1410 | CKV_K8S_49 | resource | kubernetes_cluster_role | Minimize wildcard use in Roles and ClusterRoles | Terraform |
| 1411 | CKV_K8S_49 | resource | kubernetes_role | Minimize wildcard use in Roles and ClusterRoles | Terraform |
| 1412 | CKV_K8S_68 | resource | CronJob | Ensure that the --anonymous-auth argument is set to false | Kubernetes |
| 1413 | CKV_K8S_68 | resource | DaemonSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes |
| 1414 | CKV_K8S_68 | resource | Deployment | Ensure that the --anonymous-auth argument is set to false | Kubernetes |
| 1415 | CKV_K8S_68 | resource | Job | Ensure that the --anonymous-auth argument is set to false | Kubernetes |
| 1416 | CKV_K8S_68 | resource | Pod | Ensure that the --anonymous-auth argument is set to false | Kubernetes |
| 1417 | CKV_K8S_68 | resource | PodTemplate | Ensure that the --anonymous-auth argument is set to false | Kubernetes |
| 1418 | CKV_K8S_68 | resource | ReplicaSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes |
| 1419 | CKV_K8S_68 | resource | ReplicationController | Ensure that the --anonymous-auth argument is set to false | Kubernetes |
| 1420 | CKV_K8S_68 | resource | StatefulSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes |
| 1421 | CKV_K8S_69 | resource | CronJob | Ensure that the --basic-auth-file argument is not set | Kubernetes |
| 1422 | CKV_K8S_69 | resource | DaemonSet | Ensure that the --basic-auth-file argument is not set | Kubernetes |
| 1423 | CKV_K8S_69 | resource | Deployment | Ensure that the --basic-auth-file argument is not set | Kubernetes |
| 1424 | CKV_K8S_69 | resource | Job | Ensure that the --basic-auth-file argument is not set | Kubernetes |
| 1425 | CKV_K8S_69 | resource | Pod | Ensure that the --basic-auth-file argument is not set | Kubernetes |
| 1426 | CKV_K8S_69 | resource | PodTemplate | Ensure that the --basic-auth-file argument is not set | Kubernetes |
| 1427 | CKV_K8S_69 | resource | ReplicaSet | Ensure that the --basic-auth-file argument is not set | Kubernetes |
| 1428 | CKV_K8S_69 | resource | ReplicationController | Ensure that the --basic-auth-file argument is not set | Kubernetes |
| 1429 | CKV_K8S_69 | resource | StatefulSet | Ensure that the --basic-auth-file argument is not set | Kubernetes |
| 1430 | CKV_K8S_70 | resource | CronJob | Ensure that the --token-auth-file argument is not set | Kubernetes |
| 1431 | CKV_K8S_70 | resource | DaemonSet | Ensure that the --token-auth-file argument is not set | Kubernetes |
| 1432 | CKV_K8S_70 | resource | Deployment | Ensure that the --token-auth-file argument is not set | Kubernetes |
| 1433 | CKV_K8S_70 | resource | Job | Ensure that the --token-auth-file argument is not set | Kubernetes |
| 1434 | CKV_K8S_70 | resource | Pod | Ensure that the --token-auth-file argument is not set | Kubernetes |
| 1435 | CKV_K8S_70 | resource | PodTemplate | Ensure that the --token-auth-file argument is not set | Kubernetes |
| 1436 | CKV_K8S_70 | resource | ReplicaSet | Ensure that the --token-auth-file argument is not set | Kubernetes |
| 1437 | CKV_K8S_70 | resource | ReplicationController | Ensure that the --token-auth-file argument is not set | Kubernetes |
| 1438 | CKV_K8S_70 | resource | StatefulSet | Ensure that the --token-auth-file argument is not set | Kubernetes |
| 1439 | CKV_K8S_71 | resource | CronJob | Ensure that the --kubelet-https argument is set to true | Kubernetes |
| 1440 | CKV_K8S_71 | resource | DaemonSet | Ensure that the --kubelet-https argument is set to true | Kubernetes |
| 1441 | CKV_K8S_71 | resource | Deployment | Ensure that the --kubelet-https argument is set to true | Kubernetes |
| 1442 | CKV_K8S_71 | resource | Job | Ensure that the --kubelet-https argument is set to true | Kubernetes |
| 1443 | CKV_K8S_71 | resource | Pod | Ensure that the --kubelet-https argument is set to true | Kubernetes |
| 1444 | CKV_K8S_71 | resource | PodTemplate | Ensure that the --kubelet-https argument is set to true | Kubernetes |
| 1445 | CKV_K8S_71 | resource | ReplicaSet | Ensure that the --kubelet-https argument is set to true | Kubernetes |
| 1446 | CKV_K8S_71 | resource | ReplicationController | Ensure that the --kubelet-https argument is set to true | Kubernetes |
| 1447 | CKV_K8S_71 | resource | StatefulSet | Ensure that the --kubelet-https argument is set to true | Kubernetes |
| 1448 | CKV_K8S_72 | resource | CronJob | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes |
| 1449 | CKV_K8S_72 | resource | DaemonSet | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes |
| 1450 | CKV_K8S_72 | resource | Deployment | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes |
| 1451 | CKV_K8S_72 | resource | Job | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes |
| 1452 | CKV_K8S_72 | resource | Pod | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes |
| 1453 | CKV_K8S_72 | resource | PodTemplate | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes |
| 1454 | CKV_K8S_72 | resource | ReplicaSet | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes |
| 1455 | CKV_K8S_72 | resource | ReplicationController | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes |
| 1456 | CKV_K8S_72 | resource | StatefulSet | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes |
| 1457 | CKV_K8S_73 | resource | CronJob | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes |
| 1458 | CKV_K8S_73 | resource | DaemonSet | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes |
| 1459 | CKV_K8S_73 | resource | Deployment | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes |
| 1460 | CKV_K8S_73 | resource | Job | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes |
| 1461 | CKV_K8S_73 | resource | Pod | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes |
| 1462 | CKV_K8S_73 | resource | PodTemplate | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes |
| 1463 | CKV_K8S_73 | resource | ReplicaSet | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes |
| 1464 | CKV_K8S_73 | resource | ReplicationController | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes |
| 1465 | CKV_K8S_73 | resource | StatefulSet | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes |
| 1466 | CKV_K8S_74 | resource | CronJob | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes |
| 1467 | CKV_K8S_74 | resource | DaemonSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes |
| 1468 | CKV_K8S_74 | resource | Deployment | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes |
| 1469 | CKV_K8S_74 | resource | Job | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes |
| 1470 | CKV_K8S_74 | resource | Pod | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes |
| 1471 | CKV_K8S_74 | resource | PodTemplate | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes |
| 1472 | CKV_K8S_74 | resource | ReplicaSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes |
| 1473 | CKV_K8S_74 | resource | ReplicationController | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes |
| 1474 | CKV_K8S_74 | resource | StatefulSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes |
| 1475 | CKV_K8S_75 | resource | CronJob | Ensure that the --authorization-mode argument includes Node | Kubernetes |
| 1476 | CKV_K8S_75 | resource | DaemonSet | Ensure that the --authorization-mode argument includes Node | Kubernetes |
| 1477 | CKV_K8S_75 | resource | Deployment | Ensure that the --authorization-mode argument includes Node | Kubernetes |
| 1478 | CKV_K8S_75 | resource | Job | Ensure that the --authorization-mode argument includes Node | Kubernetes |
| 1479 | CKV_K8S_75 | resource | Pod | Ensure that the --authorization-mode argument includes Node | Kubernetes |
| 1480 | CKV_K8S_75 | resource | PodTemplate | Ensure that the --authorization-mode argument includes Node | Kubernetes |
| 1481 | CKV_K8S_75 | resource | ReplicaSet | Ensure that the --authorization-mode argument includes Node | Kubernetes |
| 1482 | CKV_K8S_75 | resource | ReplicationController | Ensure that the --authorization-mode argument includes Node | Kubernetes |
| 1483 | CKV_K8S_75 | resource | StatefulSet | Ensure that the --authorization-mode argument includes Node | Kubernetes |
| 1484 | CKV_K8S_77 | resource | CronJob | Ensure that the --authorization-mode argument includes RBAC | Kubernetes |
| 1485 | CKV_K8S_77 | resource | DaemonSet | Ensure that the --authorization-mode argument includes RBAC | Kubernetes |
| 1486 | CKV_K8S_77 | resource | Deployment | Ensure that the --authorization-mode argument includes RBAC | Kubernetes |
| 1487 | CKV_K8S_77 | resource | Job | Ensure that the --authorization-mode argument includes RBAC | Kubernetes |
| 1488 | CKV_K8S_77 | resource | Pod | Ensure that the --authorization-mode argument includes RBAC | Kubernetes |
| 1489 | CKV_K8S_77 | resource | PodTemplate | Ensure that the --authorization-mode argument includes RBAC | Kubernetes |
| 1490 | CKV_K8S_77 | resource | ReplicaSet | Ensure that the --authorization-mode argument includes RBAC | Kubernetes |
| 1491 | CKV_K8S_77 | resource | ReplicationController | Ensure that the --authorization-mode argument includes RBAC | Kubernetes |
| 1492 | CKV_K8S_77 | resource | StatefulSet | Ensure that the --authorization-mode argument includes RBAC | Kubernetes |
| 1493 | CKV_K8S_78 | resource | AdmissionConfiguration | Ensure that the admission control plugin EventRateLimit is set | Kubernetes |
| 1494 | CKV_K8S_79 | resource | CronJob | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes |
| 1495 | CKV_K8S_79 | resource | DaemonSet | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes |
| 1496 | CKV_K8S_79 | resource | Deployment | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes |
| 1497 | CKV_K8S_79 | resource | Job | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes |
| 1498 | CKV_K8S_79 | resource | Pod | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes |
| 1499 | CKV_K8S_79 | resource | PodTemplate | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes |
| 1500 | CKV_K8S_79 | resource | ReplicaSet | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes |
| 1501 | CKV_K8S_79 | resource | ReplicationController | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes |
| 1502 | CKV_K8S_79 | resource | StatefulSet | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes |
| 1503 | CKV_K8S_80 | resource | CronJob | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes |
| 1504 | CKV_K8S_80 | resource | DaemonSet | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes |
| 1505 | CKV_K8S_80 | resource | Deployment | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes |
| 1506 | CKV_K8S_80 | resource | Job | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes |
| 1507 | CKV_K8S_80 | resource | Pod | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes |
| 1508 | CKV_K8S_80 | resource | PodTemplate | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes |
| 1509 | CKV_K8S_80 | resource | ReplicaSet | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes |
| 1510 | CKV_K8S_80 | resource | ReplicationController | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes |
| 1511 | CKV_K8S_80 | resource | StatefulSet | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes |
| 1512 | CKV_K8S_81 | resource | CronJob | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes |
| 1513 | CKV_K8S_81 | resource | DaemonSet | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes |
| 1514 | CKV_K8S_81 | resource | Deployment | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes |
| 1515 | CKV_K8S_81 | resource | Job | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes |
| 1516 | CKV_K8S_81 | resource | Pod | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes |
| 1517 | CKV_K8S_81 | resource | PodTemplate | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes |
| 1518 | CKV_K8S_81 | resource | ReplicaSet | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes |
| 1519 | CKV_K8S_81 | resource | ReplicationController | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes |
| 1520 | CKV_K8S_81 | resource | StatefulSet | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes |
| 1521 | CKV_K8S_82 | resource | CronJob | Ensure that the admission control plugin ServiceAccount is set | Kubernetes |
| 1522 | CKV_K8S_82 | resource | DaemonSet | Ensure that the admission control plugin ServiceAccount is set | Kubernetes |
| 1523 | CKV_K8S_82 | resource | Deployment | Ensure that the admission control plugin ServiceAccount is set | Kubernetes |
| 1524 | CKV_K8S_82 | resource | Job | Ensure that the admission control plugin ServiceAccount is set | Kubernetes |
| 1525 | CKV_K8S_82 | resource | Pod | Ensure that the admission control plugin ServiceAccount is set | Kubernetes |
| 1526 | CKV_K8S_82 | resource | PodTemplate | Ensure that the admission control plugin ServiceAccount is set | Kubernetes |
| 1527 | CKV_K8S_82 | resource | ReplicaSet | Ensure that the admission control plugin ServiceAccount is set | Kubernetes |
| 1528 | CKV_K8S_82 | resource | ReplicationController | Ensure that the admission control plugin ServiceAccount is set | Kubernetes |
| 1529 | CKV_K8S_82 | resource | StatefulSet | Ensure that the admission control plugin ServiceAccount is set | Kubernetes |
| 1530 | CKV_K8S_83 | resource | CronJob | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes |
| 1531 | CKV_K8S_83 | resource | DaemonSet | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes |
| 1532 | CKV_K8S_83 | resource | Deployment | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes |
| 1533 | CKV_K8S_83 | resource | Job | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes |
| 1534 | CKV_K8S_83 | resource | Pod | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes |
| 1535 | CKV_K8S_83 | resource | PodTemplate | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes |
| 1536 | CKV_K8S_83 | resource | ReplicaSet | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes |
| 1537 | CKV_K8S_83 | resource | ReplicationController | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes |
| 1538 | CKV_K8S_83 | resource | StatefulSet | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes |
| 1539 | CKV_K8S_84 | resource | CronJob | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes |
| 1540 | CKV_K8S_84 | resource | DaemonSet | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes |
| 1541 | CKV_K8S_84 | resource | Deployment | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes |
| 1542 | CKV_K8S_84 | resource | Job | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes |
| 1543 | CKV_K8S_84 | resource | Pod | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes |
| 1544 | CKV_K8S_84 | resource | PodTemplate | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes |
| 1545 | CKV_K8S_84 | resource | ReplicaSet | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes |
| 1546 | CKV_K8S_84 | resource | ReplicationController | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes |
| 1547 | CKV_K8S_84 | resource | StatefulSet | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes |
| 1548 | CKV_K8S_85 | resource | CronJob | Ensure that the admission control plugin NodeRestriction is set | Kubernetes |
| 1549 | CKV_K8S_85 | resource | DaemonSet | Ensure that the admission control plugin NodeRestriction is set | Kubernetes |
| 1550 | CKV_K8S_85 | resource | Deployment | Ensure that the admission control plugin NodeRestriction is set | Kubernetes |
| 1551 | CKV_K8S_85 | resource | Job | Ensure that the admission control plugin NodeRestriction is set | Kubernetes |
| 1552 | CKV_K8S_85 | resource | Pod | Ensure that the admission control plugin NodeRestriction is set | Kubernetes |
| 1553 | CKV_K8S_85 | resource | PodTemplate | Ensure that the admission control plugin NodeRestriction is set | Kubernetes |
| 1554 | CKV_K8S_85 | resource | ReplicaSet | Ensure that the admission control plugin NodeRestriction is set | Kubernetes |
| 1555 | CKV_K8S_85 | resource | ReplicationController | Ensure that the admission control plugin NodeRestriction is set | Kubernetes |
| 1556 | CKV_K8S_85 | resource | StatefulSet | Ensure that the admission control plugin NodeRestriction is set | Kubernetes |
| 1557 | CKV_K8S_86 | resource | CronJob | Ensure that the --insecure-bind-address argument is not set | Kubernetes |
| 1558 | CKV_K8S_86 | resource | DaemonSet | Ensure that the --insecure-bind-address argument is not set | Kubernetes |
| 1559 | CKV_K8S_86 | resource | Deployment | Ensure that the --insecure-bind-address argument is not set | Kubernetes |
| 1560 | CKV_K8S_86 | resource | Job | Ensure that the --insecure-bind-address argument is not set | Kubernetes |
| 1561 | CKV_K8S_86 | resource | Pod | Ensure that the --insecure-bind-address argument is not set | Kubernetes |
| 1562 | CKV_K8S_86 | resource | PodTemplate | Ensure that the --insecure-bind-address argument is not set | Kubernetes |
| 1563 | CKV_K8S_86 | resource | ReplicaSet | Ensure that the --insecure-bind-address argument is not set | Kubernetes |
| 1564 | CKV_K8S_86 | resource | ReplicationController | Ensure that the --insecure-bind-address argument is not set | Kubernetes |
| 1565 | CKV_K8S_86 | resource | StatefulSet | Ensure that the --insecure-bind-address argument is not set | Kubernetes |
| 1566 | CKV_K8S_88 | resource | CronJob | Ensure that the --insecure-port argument is set to 0 | Kubernetes |
| 1567 | CKV_K8S_88 | resource | DaemonSet | Ensure that the --insecure-port argument is set to 0 | Kubernetes |
| 1568 | CKV_K8S_88 | resource | Deployment | Ensure that the --insecure-port argument is set to 0 | Kubernetes |
| 1569 | CKV_K8S_88 | resource | Job | Ensure that the --insecure-port argument is set to 0 | Kubernetes |
| 1570 | CKV_K8S_88 | resource | Pod | Ensure that the --insecure-port argument is set to 0 | Kubernetes |
| 1571 | CKV_K8S_88 | resource | PodTemplate | Ensure that the --insecure-port argument is set to 0 | Kubernetes |
| 1572 | CKV_K8S_88 | resource | ReplicaSet | Ensure that the --insecure-port argument is set to 0 | Kubernetes |
| 1573 | CKV_K8S_88 | resource | ReplicationController | Ensure that the --insecure-port argument is set to 0 | Kubernetes |
| 1574 | CKV_K8S_88 | resource | StatefulSet | Ensure that the --insecure-port argument is set to 0 | Kubernetes |
| 1575 | CKV_K8S_89 | resource | CronJob | Ensure that the --secure-port argument is not set to 0 | Kubernetes |
| 1576 | CKV_K8S_89 | resource | DaemonSet | Ensure that the --secure-port argument is not set to 0 | Kubernetes |
| 1577 | CKV_K8S_89 | resource | Deployment | Ensure that the --secure-port argument is not set to 0 | Kubernetes |
| 1578 | CKV_K8S_89 | resource | Job | Ensure that the --secure-port argument is not set to 0 | Kubernetes |
| 1579 | CKV_K8S_89 | resource | Pod | Ensure that the --secure-port argument is not set to 0 | Kubernetes |
| 1580 | CKV_K8S_89 | resource | PodTemplate | Ensure that the --secure-port argument is not set to 0 | Kubernetes |
| 1581 | CKV_K8S_89 | resource | ReplicaSet | Ensure that the --secure-port argument is not set to 0 | Kubernetes |
| 1582 | CKV_K8S_89 | resource | ReplicationController | Ensure that the --secure-port argument is not set to 0 | Kubernetes |
| 1583 | CKV_K8S_89 | resource | StatefulSet | Ensure that the --secure-port argument is not set to 0 | Kubernetes |
| 1584 | CKV_K8S_90 | resource | CronJob | Ensure that the --profiling argument is set to false | Kubernetes |
| 1585 | CKV_K8S_90 | resource | DaemonSet | Ensure that the --profiling argument is set to false | Kubernetes |
| 1586 | CKV_K8S_90 | resource | Deployment | Ensure that the --profiling argument is set to false | Kubernetes |
| 1587 | CKV_K8S_90 | resource | Job | Ensure that the --profiling argument is set to false | Kubernetes |
| 1588 | CKV_K8S_90 | resource | Pod | Ensure that the --profiling argument is set to false | Kubernetes |
| 1589 | CKV_K8S_90 | resource | PodTemplate | Ensure that the --profiling argument is set to false | Kubernetes |
| 1590 | CKV_K8S_90 | resource | ReplicaSet | Ensure that the --profiling argument is set to false | Kubernetes |
| 1591 | CKV_K8S_90 | resource | ReplicationController | Ensure that the --profiling argument is set to false | Kubernetes |
| 1592 | CKV_K8S_90 | resource | StatefulSet | Ensure that the --profiling argument is set to false | Kubernetes |
| 1593 | CKV_K8S_91 | resource | CronJob | Ensure that the --audit-log-path argument is set | Kubernetes |
| 1594 | CKV_K8S_91 | resource | DaemonSet | Ensure that the --audit-log-path argument is set | Kubernetes |
| 1595 | CKV_K8S_91 | resource | Deployment | Ensure that the --audit-log-path argument is set | Kubernetes |
| 1596 | CKV_K8S_91 | resource | Job | Ensure that the --audit-log-path argument is set | Kubernetes |
| 1597 | CKV_K8S_91 | resource | Pod | Ensure that the --audit-log-path argument is set | Kubernetes |
| 1598 | CKV_K8S_91 | resource | PodTemplate | Ensure that the --audit-log-path argument is set | Kubernetes |
| 1599 | CKV_K8S_91 | resource | ReplicaSet | Ensure that the --audit-log-path argument is set | Kubernetes |
| 1600 | CKV_K8S_91 | resource | ReplicationController | Ensure that the --audit-log-path argument is set | Kubernetes |
| 1601 | CKV_K8S_91 | resource | StatefulSet | Ensure that the --audit-log-path argument is set | Kubernetes |
| 1602 | CKV_K8S_92 | resource | CronJob | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes |
| 1603 | CKV_K8S_92 | resource | DaemonSet | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes |
| 1604 | CKV_K8S_92 | resource | Deployment | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes |
| 1605 | CKV_K8S_92 | resource | Job | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes |
| 1606 | CKV_K8S_92 | resource | Pod | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes |
| 1607 | CKV_K8S_92 | resource | PodTemplate | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes |
| 1608 | CKV_K8S_92 | resource | ReplicaSet | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes |
| 1609 | CKV_K8S_92 | resource | ReplicationController | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes |
| 1610 | CKV_K8S_92 | resource | StatefulSet | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes |
| 1611 | CKV_K8S_93 | resource | CronJob | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes |
| 1612 | CKV_K8S_93 | resource | DaemonSet | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes |
| 1613 | CKV_K8S_93 | resource | Deployment | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes |
| 1614 | CKV_K8S_93 | resource | Job | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes |
| 1615 | CKV_K8S_93 | resource | Pod | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes |
| 1616 | CKV_K8S_93 | resource | PodTemplate | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes |
| 1617 | CKV_K8S_93 | resource | ReplicaSet | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes |
| 1618 | CKV_K8S_93 | resource | ReplicationController | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes |
| 1619 | CKV_K8S_93 | resource | StatefulSet | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes |
| 1620 | CKV_K8S_94 | resource | CronJob | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes |
| 1621 | CKV_K8S_94 | resource | DaemonSet | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes |
| 1622 | CKV_K8S_94 | resource | Deployment | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes |
| 1623 | CKV_K8S_94 | resource | Job | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes |
| 1624 | CKV_K8S_94 | resource | Pod | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes |
| 1625 | CKV_K8S_94 | resource | PodTemplate | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes |
| 1626 | CKV_K8S_94 | resource | ReplicaSet | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes |
| 1627 | CKV_K8S_94 | resource | ReplicationController | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes |
| 1628 | CKV_K8S_94 | resource | StatefulSet | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes |
| 1629 | CKV_K8S_95 | resource | CronJob | Ensure that the --request-timeout argument is set as appropriate | Kubernetes |
| 1630 | CKV_K8S_95 | resource | DaemonSet | Ensure that the --request-timeout argument is set as appropriate | Kubernetes |
| 1631 | CKV_K8S_95 | resource | Deployment | Ensure that the --request-timeout argument is set as appropriate | Kubernetes |
| 1632 | CKV_K8S_95 | resource | Job | Ensure that the --request-timeout argument is set as appropriate | Kubernetes |
| 1633 | CKV_K8S_95 | resource | Pod | Ensure that the --request-timeout argument is set as appropriate | Kubernetes |
| 1634 | CKV_K8S_95 | resource | PodTemplate | Ensure that the --request-timeout argument is set as appropriate | Kubernetes |
| 1635 | CKV_K8S_95 | resource | ReplicaSet | Ensure that the --request-timeout argument is set as appropriate | Kubernetes |
| 1636 | CKV_K8S_95 | resource | ReplicationController | Ensure that the --request-timeout argument is set as appropriate | Kubernetes |
| 1637 | CKV_K8S_95 | resource | StatefulSet | Ensure that the --request-timeout argument is set as appropriate | Kubernetes |
| 1638 | CKV_K8S_96 | resource | CronJob | Ensure that the --service-account-lookup argument is set to true | Kubernetes |
| 1639 | CKV_K8S_96 | resource | DaemonSet | Ensure that the --service-account-lookup argument is set to true | Kubernetes |
| 1640 | CKV_K8S_96 | resource | Deployment | Ensure that the --service-account-lookup argument is set to true | Kubernetes |
| 1641 | CKV_K8S_96 | resource | Job | Ensure that the --service-account-lookup argument is set to true | Kubernetes |
| 1642 | CKV_K8S_96 | resource | Pod | Ensure that the --service-account-lookup argument is set to true | Kubernetes |
| 1643 | CKV_K8S_96 | resource | PodTemplate | Ensure that the --service-account-lookup argument is set to true | Kubernetes |
| 1644 | CKV_K8S_96 | resource | ReplicaSet | Ensure that the --service-account-lookup argument is set to true | Kubernetes |
| 1645 | CKV_K8S_96 | resource | ReplicationController | Ensure that the --service-account-lookup argument is set to true | Kubernetes |
| 1646 | CKV_K8S_96 | resource | StatefulSet | Ensure that the --service-account-lookup argument is set to true | Kubernetes |
| 1647 | CKV_K8S_97 | resource | CronJob | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes |
| 1648 | CKV_K8S_97 | resource | DaemonSet | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes |
| 1649 | CKV_K8S_97 | resource | Deployment | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes |
| 1650 | CKV_K8S_97 | resource | Job | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes |
| 1651 | CKV_K8S_97 | resource | Pod | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes |
| 1652 | CKV_K8S_97 | resource | PodTemplate | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes |
| 1653 | CKV_K8S_97 | resource | ReplicaSet | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes |
| 1654 | CKV_K8S_97 | resource | ReplicationController | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes |
| 1655 | CKV_K8S_97 | resource | StatefulSet | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes |
| 1656 | CKV_K8S_99 | resource | CronJob | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes |
| 1657 | CKV_K8S_99 | resource | DaemonSet | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes |
| 1658 | CKV_K8S_99 | resource | Deployment | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes |
| 1659 | CKV_K8S_99 | resource | Job | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes |
| 1660 | CKV_K8S_99 | resource | Pod | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes |
| 1661 | CKV_K8S_99 | resource | PodTemplate | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes |
| 1662 | CKV_K8S_99 | resource | ReplicaSet | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes |
| 1663 | CKV_K8S_99 | resource | ReplicationController | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes |
| 1664 | CKV_K8S_99 | resource | StatefulSet | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes |
| 1665 | CKV_K8S_100 | resource | CronJob | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes |
| 1666 | CKV_K8S_100 | resource | DaemonSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes |
| 1667 | CKV_K8S_100 | resource | Deployment | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes |
| 1668 | CKV_K8S_100 | resource | Job | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes |
| 1669 | CKV_K8S_100 | resource | Pod | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes |
| 1670 | CKV_K8S_100 | resource | PodTemplate | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes |
| 1671 | CKV_K8S_100 | resource | ReplicaSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes |
| 1672 | CKV_K8S_100 | resource | ReplicationController | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes |
| 1673 | CKV_K8S_100 | resource | StatefulSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes |
| 1674 | CKV_K8S_102 | resource | CronJob | Ensure that the --etcd-ca-file argument is set as appropriate | Kubernetes |
| 1675 | CKV_K8S_102 | resource | DaemonSet | Ensure that the --etcd-ca-file argument is set as appropriate | Kubernetes |
| 1676 | CKV_K8S_102 | resource | Deployment | Ensure that the --etcd-ca-file argument is set as appropriate | Kubernetes |
| 1677 | CKV_K8S_102 | resource | Job | Ensure that the --etcd-ca-file argument is set as appropriate | Kubernetes |
| 1678 | CKV_K8S_102 | resource | Pod | Ensure that the --etcd-ca-file argument is set as appropriate | Kubernetes |
| 1679 | CKV_K8S_102 | resource | PodTemplate | Ensure that the --etcd-ca-file argument is set as appropriate | Kubernetes |
| 1680 | CKV_K8S_102 | resource | ReplicaSet | Ensure that the --etcd-ca-file argument is set as appropriate | Kubernetes |
| 1681 | CKV_K8S_102 | resource | ReplicationController | Ensure that the --etcd-ca-file argument is set as appropriate | Kubernetes |
| 1682 | CKV_K8S_102 | resource | StatefulSet | Ensure that the --etcd-ca-file argument is set as appropriate | Kubernetes |
| 1683 | CKV_K8S_104 | resource | CronJob | Ensure that encryption providers are appropriately configured | Kubernetes |
| 1684 | CKV_K8S_104 | resource | DaemonSet | Ensure that encryption providers are appropriately configured | Kubernetes |
| 1685 | CKV_K8S_104 | resource | Deployment | Ensure that encryption providers are appropriately configured | Kubernetes |
| 1686 | CKV_K8S_104 | resource | Job | Ensure that encryption providers are appropriately configured | Kubernetes |
| 1687 | CKV_K8S_104 | resource | Pod | Ensure that encryption providers are appropriately configured | Kubernetes |
| 1688 | CKV_K8S_104 | resource | PodTemplate | Ensure that encryption providers are appropriately configured | Kubernetes |
| 1689 | CKV_K8S_104 | resource | ReplicaSet | Ensure that encryption providers are appropriately configured | Kubernetes |
| 1690 | CKV_K8S_104 | resource | ReplicationController | Ensure that encryption providers are appropriately configured | Kubernetes |
| 1691 | CKV_K8S_104 | resource | StatefulSet | Ensure that encryption providers are appropriately configured | Kubernetes |
| 1692 | CKV_K8S_105 | resource | CronJob | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes |
| 1693 | CKV_K8S_105 | resource | DaemonSet | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes |
| 1694 | CKV_K8S_105 | resource | Deployment | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes |
| 1695 | CKV_K8S_105 | resource | Job | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes |
| 1696 | CKV_K8S_105 | resource | Pod | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes |
| 1697 | CKV_K8S_105 | resource | PodTemplate | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes |
| 1698 | CKV_K8S_105 | resource | ReplicaSet | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes |
| 1699 | CKV_K8S_105 | resource | ReplicationController | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes |
| 1700 | CKV_K8S_105 | resource | StatefulSet | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes |
| 1701 | CKV_K8S_106 | resource | CronJob | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes |
| 1702 | CKV_K8S_106 | resource | DaemonSet | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes |
| 1703 | CKV_K8S_106 | resource | Deployment | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes |
| 1704 | CKV_K8S_106 | resource | Job | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes |
| 1705 | CKV_K8S_106 | resource | Pod | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes |
| 1706 | CKV_K8S_106 | resource | PodTemplate | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes |
| 1707 | CKV_K8S_106 | resource | ReplicaSet | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes |
| 1708 | CKV_K8S_106 | resource | ReplicationController | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes |
| 1709 | CKV_K8S_106 | resource | StatefulSet | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes |
| 1710 | CKV_K8S_107 | resource | CronJob | Ensure that the --profiling argument is set to false | Kubernetes |
| 1711 | CKV_K8S_107 | resource | DaemonSet | Ensure that the --profiling argument is set to false | Kubernetes |
| 1712 | CKV_K8S_107 | resource | Deployment | Ensure that the --profiling argument is set to false | Kubernetes |
| 1713 | CKV_K8S_107 | resource | Job | Ensure that the --profiling argument is set to false | Kubernetes |
| 1714 | CKV_K8S_107 | resource | Pod | Ensure that the --profiling argument is set to false | Kubernetes |
| 1715 | CKV_K8S_107 | resource | PodTemplate | Ensure that the --profiling argument is set to false | Kubernetes |
| 1716 | CKV_K8S_107 | resource | ReplicaSet | Ensure that the --profiling argument is set to false | Kubernetes |
| 1717 | CKV_K8S_107 | resource | ReplicationController | Ensure that the --profiling argument is set to false | Kubernetes |
| 1718 | CKV_K8S_107 | resource | StatefulSet | Ensure that the --profiling argument is set to false | Kubernetes |
| 1719 | CKV_K8S_108 | resource | CronJob | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes |
| 1720 | CKV_K8S_108 | resource | DaemonSet | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes |
| 1721 | CKV_K8S_108 | resource | Deployment | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes |
| 1722 | CKV_K8S_108 | resource | Job | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes |
| 1723 | CKV_K8S_108 | resource | Pod | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes |
| 1724 | CKV_K8S_108 | resource | PodTemplate | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes |
| 1725 | CKV_K8S_108 | resource | ReplicaSet | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes |
| 1726 | CKV_K8S_108 | resource | ReplicationController | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes |
| 1727 | CKV_K8S_108 | resource | StatefulSet | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes |
| 1728 | CKV_K8S_110 | resource | CronJob | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes |
| 1729 | CKV_K8S_110 | resource | DaemonSet | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes |
| 1730 | CKV_K8S_110 | resource | Deployment | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes |
| 1731 | CKV_K8S_110 | resource | Job | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes |
| 1732 | CKV_K8S_110 | resource | Pod | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes |
| 1733 | CKV_K8S_110 | resource | PodTemplate | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes |
| 1734 | CKV_K8S_110 | resource | ReplicaSet | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes |
| 1735 | CKV_K8S_110 | resource | ReplicationController | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes |
| 1736 | CKV_K8S_110 | resource | StatefulSet | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes |
| 1737 | CKV_K8S_111 | resource | CronJob | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes |
| 1738 | CKV_K8S_111 | resource | DaemonSet | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes |
| 1739 | CKV_K8S_111 | resource | Deployment | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes |
| 1740 | CKV_K8S_111 | resource | Job | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes |
| 1741 | CKV_K8S_111 | resource | Pod | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes |
| 1742 | CKV_K8S_111 | resource | PodTemplate | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes |
| 1743 | CKV_K8S_111 | resource | ReplicaSet | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes |
| 1744 | CKV_K8S_111 | resource | ReplicationController | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes |
| 1745 | CKV_K8S_111 | resource | StatefulSet | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes |
| 1746 | CKV_K8S_112 | resource | CronJob | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes |
| 1747 | CKV_K8S_112 | resource | DaemonSet | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes |
| 1748 | CKV_K8S_112 | resource | Deployment | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes |
| 1749 | CKV_K8S_112 | resource | Job | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes |
| 1750 | CKV_K8S_112 | resource | Pod | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes |
| 1751 | CKV_K8S_112 | resource | PodTemplate | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes |
| 1752 | CKV_K8S_112 | resource | ReplicaSet | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes |
| 1753 | CKV_K8S_112 | resource | ReplicationController | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes |
| 1754 | CKV_K8S_112 | resource | StatefulSet | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes |
| 1755 | CKV_K8S_113 | resource | CronJob | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes |
| 1756 | CKV_K8S_113 | resource | DaemonSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes |
| 1757 | CKV_K8S_113 | resource | Deployment | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes |
| 1758 | CKV_K8S_113 | resource | Job | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes |
| 1759 | CKV_K8S_113 | resource | Pod | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes |
| 1760 | CKV_K8S_113 | resource | PodTemplate | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes |
| 1761 | CKV_K8S_113 | resource | ReplicaSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes |
| 1762 | CKV_K8S_113 | resource | ReplicationController | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes |
| 1763 | CKV_K8S_113 | resource | StatefulSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes |
| 1764 | CKV_K8S_114 | resource | CronJob | Ensure that the --profiling argument is set to false | Kubernetes |
| 1765 | CKV_K8S_114 | resource | DaemonSet | Ensure that the --profiling argument is set to false | Kubernetes |
| 1766 | CKV_K8S_114 | resource | Deployment | Ensure that the --profiling argument is set to false | Kubernetes |
| 1767 | CKV_K8S_114 | resource | Job | Ensure that the --profiling argument is set to false | Kubernetes |
| 1768 | CKV_K8S_114 | resource | Pod | Ensure that the --profiling argument is set to false | Kubernetes |
| 1769 | CKV_K8S_114 | resource | PodTemplate | Ensure that the --profiling argument is set to false | Kubernetes |
| 1770 | CKV_K8S_114 | resource | ReplicaSet | Ensure that the --profiling argument is set to false | Kubernetes |
| 1771 | CKV_K8S_114 | resource | ReplicationController | Ensure that the --profiling argument is set to false | Kubernetes |
| 1772 | CKV_K8S_114 | resource | StatefulSet | Ensure that the --profiling argument is set to false | Kubernetes |
| 1773 | CKV_K8S_115 | resource | CronJob | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes |
| 1774 | CKV_K8S_115 | resource | DaemonSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes |
| 1775 | CKV_K8S_115 | resource | Deployment | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes |
| 1776 | CKV_K8S_115 | resource | Job | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes |
| 1777 | CKV_K8S_115 | resource | Pod | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes |
| 1778 | CKV_K8S_115 | resource | PodTemplate | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes |
| 1779 | CKV_K8S_115 | resource | ReplicaSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes |
| 1780 | CKV_K8S_115 | resource | ReplicationController | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes |
| 1781 | CKV_K8S_115 | resource | StatefulSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes |
| 1782 | CKV_K8S_116 | resource | CronJob | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes |
| 1783 | CKV_K8S_116 | resource | DaemonSet | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes |
| 1784 | CKV_K8S_116 | resource | Deployment | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes |
| 1785 | CKV_K8S_116 | resource | Job | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes |
| 1786 | CKV_K8S_116 | resource | Pod | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes |
| 1787 | CKV_K8S_116 | resource | PodTemplate | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes |
| 1788 | CKV_K8S_116 | resource | ReplicaSet | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes |
| 1789 | CKV_K8S_116 | resource | ReplicationController | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes |
| 1790 | CKV_K8S_116 | resource | StatefulSet | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes |
| 1791 | CKV_K8S_117 | resource | CronJob | Ensure that the --client-cert-auth argument is set to true | Kubernetes |
| 1792 | CKV_K8S_117 | resource | DaemonSet | Ensure that the --client-cert-auth argument is set to true | Kubernetes |
| 1793 | CKV_K8S_117 | resource | Deployment | Ensure that the --client-cert-auth argument is set to true | Kubernetes |
| 1794 | CKV_K8S_117 | resource | Job | Ensure that the --client-cert-auth argument is set to true | Kubernetes |
| 1795 | CKV_K8S_117 | resource | Pod | Ensure that the --client-cert-auth argument is set to true | Kubernetes |
| 1796 | CKV_K8S_117 | resource | PodTemplate | Ensure that the --client-cert-auth argument is set to true | Kubernetes |
| 1797 | CKV_K8S_117 | resource | ReplicaSet | Ensure that the --client-cert-auth argument is set to true | Kubernetes |
| 1798 | CKV_K8S_117 | resource | ReplicationController | Ensure that the --client-cert-auth argument is set to true | Kubernetes |
| 1799 | CKV_K8S_117 | resource | StatefulSet | Ensure that the --client-cert-auth argument is set to true | Kubernetes |
| 1800 | CKV_K8S_118 | resource | CronJob | Ensure that the --auto-tls argument is not set to true | Kubernetes |
| 1801 | CKV_K8S_118 | resource | DaemonSet | Ensure that the --auto-tls argument is not set to true | Kubernetes |
| 1802 | CKV_K8S_118 | resource | Deployment | Ensure that the --auto-tls argument is not set to true | Kubernetes |
| 1803 | CKV_K8S_118 | resource | Job | Ensure that the --auto-tls argument is not set to true | Kubernetes |
| 1804 | CKV_K8S_118 | resource | Pod | Ensure that the --auto-tls argument is not set to true | Kubernetes |
| 1805 | CKV_K8S_118 | resource | PodTemplate | Ensure that the --auto-tls argument is not set to true | Kubernetes |
| 1806 | CKV_K8S_118 | resource | ReplicaSet | Ensure that the --auto-tls argument is not set to true | Kubernetes |
| 1807 | CKV_K8S_118 | resource | ReplicationController | Ensure that the --auto-tls argument is not set to true | Kubernetes |
| 1808 | CKV_K8S_118 | resource | StatefulSet | Ensure that the --auto-tls argument is not set to true | Kubernetes |
| 1809 | CKV_K8S_119 | resource | CronJob | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes |
| 1810 | CKV_K8S_119 | resource | DaemonSet | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes |
| 1811 | CKV_K8S_119 | resource | Deployment | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes |
| 1812 | CKV_K8S_119 | resource | Job | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes |
| 1813 | CKV_K8S_119 | resource | Pod | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes |
| 1814 | CKV_K8S_119 | resource | PodTemplate | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes |
| 1815 | CKV_K8S_119 | resource | ReplicaSet | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes |
| 1816 | CKV_K8S_119 | resource | ReplicationController | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes |
| 1817 | CKV_K8S_119 | resource | StatefulSet | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes |
| 1818 | CKV_K8S_121 | resource | Pod | Ensure that the --peer-client-cert-auth argument is set to true | Kubernetes |
| 1819 | CKV_K8S_138 | resource | CronJob | Ensure that the --anonymous-auth argument is set to false | Kubernetes |
| 1820 | CKV_K8S_138 | resource | DaemonSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes |
| 1821 | CKV_K8S_138 | resource | Deployment | Ensure that the --anonymous-auth argument is set to false | Kubernetes |
| 1822 | CKV_K8S_138 | resource | Job | Ensure that the --anonymous-auth argument is set to false | Kubernetes |
| 1823 | CKV_K8S_138 | resource | Pod | Ensure that the --anonymous-auth argument is set to false | Kubernetes |
| 1824 | CKV_K8S_138 | resource | PodTemplate | Ensure that the --anonymous-auth argument is set to false | Kubernetes |
| 1825 | CKV_K8S_138 | resource | ReplicaSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes |
| 1826 | CKV_K8S_138 | resource | ReplicationController | Ensure that the --anonymous-auth argument is set to false | Kubernetes |
| 1827 | CKV_K8S_138 | resource | StatefulSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes |
| 1828 | CKV_K8S_139 | resource | CronJob | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes |
| 1829 | CKV_K8S_139 | resource | DaemonSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes |
| 1830 | CKV_K8S_139 | resource | Deployment | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes |
| 1831 | CKV_K8S_139 | resource | Job | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes |
| 1832 | CKV_K8S_139 | resource | Pod | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes |
| 1833 | CKV_K8S_139 | resource | PodTemplate | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes |
| 1834 | CKV_K8S_139 | resource | ReplicaSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes |
| 1835 | CKV_K8S_139 | resource | ReplicationController | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes |
| 1836 | CKV_K8S_139 | resource | StatefulSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes |
| 1837 | CKV_K8S_140 | resource | CronJob | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes |
| 1838 | CKV_K8S_140 | resource | DaemonSet | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes |
| 1839 | CKV_K8S_140 | resource | Deployment | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes |
| 1840 | CKV_K8S_140 | resource | Job | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes |
| 1841 | CKV_K8S_140 | resource | Pod | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes |
| 1842 | CKV_K8S_140 | resource | PodTemplate | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes |
| 1843 | CKV_K8S_140 | resource | ReplicaSet | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes |
| 1844 | CKV_K8S_140 | resource | ReplicationController | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes |
| 1845 | CKV_K8S_140 | resource | StatefulSet | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes |
| 1846 | CKV_K8S_141 | resource | CronJob | Ensure that the --read-only-port argument is set to 0 | Kubernetes |
| 1847 | CKV_K8S_141 | resource | DaemonSet | Ensure that the --read-only-port argument is set to 0 | Kubernetes |
| 1848 | CKV_K8S_141 | resource | Deployment | Ensure that the --read-only-port argument is set to 0 | Kubernetes |
| 1849 | CKV_K8S_141 | resource | Job | Ensure that the --read-only-port argument is set to 0 | Kubernetes |
| 1850 | CKV_K8S_141 | resource | Pod | Ensure that the --read-only-port argument is set to 0 | Kubernetes |
| 1851 | CKV_K8S_141 | resource | PodTemplate | Ensure that the --read-only-port argument is set to 0 | Kubernetes |
| 1852 | CKV_K8S_141 | resource | ReplicaSet | Ensure that the --read-only-port argument is set to 0 | Kubernetes |
| 1853 | CKV_K8S_141 | resource | ReplicationController | Ensure that the --read-only-port argument is set to 0 | Kubernetes |
| 1854 | CKV_K8S_141 | resource | StatefulSet | Ensure that the --read-only-port argument is set to 0 | Kubernetes |
| 1855 | CKV_K8S_143 | resource | CronJob | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes |
| 1856 | CKV_K8S_143 | resource | DaemonSet | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes |
| 1857 | CKV_K8S_143 | resource | Deployment | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes |
| 1858 | CKV_K8S_143 | resource | Job | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes |
| 1859 | CKV_K8S_143 | resource | Pod | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes |
| 1860 | CKV_K8S_143 | resource | PodTemplate | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes |
| 1861 | CKV_K8S_143 | resource | ReplicaSet | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes |
| 1862 | CKV_K8S_143 | resource | ReplicationController | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes |
| 1863 | CKV_K8S_143 | resource | StatefulSet | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes |
| 1864 | CKV_K8S_144 | resource | CronJob | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes |
| 1865 | CKV_K8S_144 | resource | DaemonSet | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes |
| 1866 | CKV_K8S_144 | resource | Deployment | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes |
| 1867 | CKV_K8S_144 | resource | Job | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes |
| 1868 | CKV_K8S_144 | resource | Pod | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes |
| 1869 | CKV_K8S_144 | resource | PodTemplate | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes |
| 1870 | CKV_K8S_144 | resource | ReplicaSet | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes |
| 1871 | CKV_K8S_144 | resource | ReplicationController | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes |
| 1872 | CKV_K8S_144 | resource | StatefulSet | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes |
| 1873 | CKV_K8S_145 | resource | CronJob | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes |
| 1874 | CKV_K8S_145 | resource | DaemonSet | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes |
| 1875 | CKV_K8S_145 | resource | Deployment | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes |
| 1876 | CKV_K8S_145 | resource | Job | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes |
| 1877 | CKV_K8S_145 | resource | Pod | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes |
| 1878 | CKV_K8S_145 | resource | PodTemplate | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes |
| 1879 | CKV_K8S_145 | resource | ReplicaSet | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes |
| 1880 | CKV_K8S_145 | resource | ReplicationController | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes |
| 1881 | CKV_K8S_145 | resource | StatefulSet | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes |
| 1882 | CKV_K8S_146 | resource | CronJob | Ensure that the --hostname-override argument is not set | Kubernetes |
| 1883 | CKV_K8S_146 | resource | DaemonSet | Ensure that the --hostname-override argument is not set | Kubernetes |
| 1884 | CKV_K8S_146 | resource | Deployment | Ensure that the --hostname-override argument is not set | Kubernetes |
| 1885 | CKV_K8S_146 | resource | Job | Ensure that the --hostname-override argument is not set | Kubernetes |
| 1886 | CKV_K8S_146 | resource | Pod | Ensure that the --hostname-override argument is not set | Kubernetes |
| 1887 | CKV_K8S_146 | resource | PodTemplate | Ensure that the --hostname-override argument is not set | Kubernetes |
| 1888 | CKV_K8S_146 | resource | ReplicaSet | Ensure that the --hostname-override argument is not set | Kubernetes |
| 1889 | CKV_K8S_146 | resource | ReplicationController | Ensure that the --hostname-override argument is not set | Kubernetes |
| 1890 | CKV_K8S_146 | resource | StatefulSet | Ensure that the --hostname-override argument is not set | Kubernetes |
| 1891 | CKV_K8S_147 | resource | CronJob | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes |
| 1892 | CKV_K8S_147 | resource | DaemonSet | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes |
| 1893 | CKV_K8S_147 | resource | Deployment | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes |
| 1894 | CKV_K8S_147 | resource | Job | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes |
| 1895 | CKV_K8S_147 | resource | Pod | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes |
| 1896 | CKV_K8S_147 | resource | PodTemplate | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes |
| 1897 | CKV_K8S_147 | resource | ReplicaSet | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes |
| 1898 | CKV_K8S_147 | resource | ReplicationController | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes |
| 1899 | CKV_K8S_147 | resource | StatefulSet | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes |
| 1900 | CKV_K8S_148 | resource | CronJob | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes |
| 1901 | CKV_K8S_148 | resource | DaemonSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes |
| 1902 | CKV_K8S_148 | resource | Deployment | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes |
| 1903 | CKV_K8S_148 | resource | Job | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes |
| 1904 | CKV_K8S_148 | resource | Pod | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes |
| 1905 | CKV_K8S_148 | resource | PodTemplate | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes |
| 1906 | CKV_K8S_148 | resource | ReplicaSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes |
| 1907 | CKV_K8S_148 | resource | ReplicationController | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes |
| 1908 | CKV_K8S_148 | resource | StatefulSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes |
| 1909 | CKV_K8S_149 | resource | CronJob | Ensure that the --rotate-certificates argument is not set to false | Kubernetes |
| 1910 | CKV_K8S_149 | resource | DaemonSet | Ensure that the --rotate-certificates argument is not set to false | Kubernetes |
| 1911 | CKV_K8S_149 | resource | Deployment | Ensure that the --rotate-certificates argument is not set to false | Kubernetes |
| 1912 | CKV_K8S_149 | resource | Job | Ensure that the --rotate-certificates argument is not set to false | Kubernetes |
| 1913 | CKV_K8S_149 | resource | Pod | Ensure that the --rotate-certificates argument is not set to false | Kubernetes |
| 1914 | CKV_K8S_149 | resource | PodTemplate | Ensure that the --rotate-certificates argument is not set to false | Kubernetes |
| 1915 | CKV_K8S_149 | resource | ReplicaSet | Ensure that the --rotate-certificates argument is not set to false | Kubernetes |
| 1916 | CKV_K8S_149 | resource | ReplicationController | Ensure that the --rotate-certificates argument is not set to false | Kubernetes |
| 1917 | CKV_K8S_149 | resource | StatefulSet | Ensure that the --rotate-certificates argument is not set to false | Kubernetes |
| 1918 | CKV_K8S_151 | resource | CronJob | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes |
| 1919 | CKV_K8S_151 | resource | DaemonSet | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes |
| 1920 | CKV_K8S_151 | resource | Deployment | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes |
| 1921 | CKV_K8S_151 | resource | Job | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes |
| 1922 | CKV_K8S_151 | resource | Pod | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes |
| 1923 | CKV_K8S_151 | resource | PodTemplate | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes |
| 1924 | CKV_K8S_151 | resource | ReplicaSet | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes |
| 1925 | CKV_K8S_151 | resource | ReplicationController | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes |
| 1926 | CKV_K8S_151 | resource | StatefulSet | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes |
| 1927 | CKV_K8S_152 | resource | Ingress | Prevent NGINX Ingress annotation snippets which contain LUA code execution. See CVE-2021-25742 | Kubernetes |
| 1928 | CKV_K8S_153 | resource | Ingress | Prevent All NGINX Ingress annotation snippets. See CVE-2021-25742 | Kubernetes |
| 1929 | CKV_K8S_154 | resource | Ingress | Prevent NGINX Ingress annotation snippets which contain alias statements See CVE-2021-25742 | Kubernetes |
| 1930 | CKV_K8S_155 | resource | ClusterRole | Minimize ClusterRoles that grant control over validating or mutating admission webhook configurations | Kubernetes |
| 1931 | CKV_K8S_156 | resource | ClusterRole | Minimize ClusterRoles that grant permissions to approve CertificateSigningRequests | Kubernetes |
| 1932 | CKV_K8S_157 | resource | ClusterRole | Minimize Roles and ClusterRoles that grant permissions to bind RoleBindings or ClusterRoleBindings | Kubernetes |
| 1933 | CKV_K8S_157 | resource | Role | Minimize Roles and ClusterRoles that grant permissions to bind RoleBindings or ClusterRoleBindings | Kubernetes |
| 1934 | CKV_K8S_158 | resource | ClusterRole | Minimize Roles and ClusterRoles that grant permissions to escalate Roles or ClusterRoles | Kubernetes |
| 1935 | CKV_K8S_158 | resource | Role | Minimize Roles and ClusterRoles that grant permissions to escalate Roles or ClusterRoles | Kubernetes |
| 1936 | CKV_LIN_1 | provider | linode | Ensure no hard coded Linode tokens exist in provider | Terraform |
| 1937 | CKV_LIN_2 | resource | linode_instance | Ensure SSH key set in authorized_keys | Terraform |
| 1938 | CKV_LIN_3 | resource | linode_user | Ensure email is set | Terraform |
| 1939 | CKV_LIN_4 | resource | linode_user | Ensure username is set | Terraform |
| 1940 | CKV_LIN_5 | resource | linode_firewall | Ensure Inbound Firewall Policy is not set to ACCEPT | Terraform |
| 1941 | CKV_LIN_6 | resource | linode_firewall | Ensure Outbound Firewall Policy is not set to ACCEPT | Terraform |
| 1942 | CKV_OCI_1 | provider | oci | Ensure no hard coded OCI private key in provider | Terraform |
| 1943 | CKV_OCI_2 | resource | oci_core_volume | Ensure OCI Block Storage Block Volume has backup enabled | Terraform |
| 1944 | CKV_OCI_3 | resource | oci_core_volume | OCI Block Storage Block Volumes are not encrypted with a Customer Managed Key (CMK) | Terraform |
| 1945 | CKV_OCI_4 | resource | oci_core_instance | Ensure OCI Compute Instance boot volume has in-transit data encryption enabled | Terraform |
| 1946 | CKV_OCI_5 | resource | oci_core_instance | Ensure OCI Compute Instance has Legacy MetaData service endpoint disabled | Terraform |
| 1947 | CKV_OCI_6 | resource | oci_core_instance | Ensure OCI Compute Instance has monitoring enabled | Terraform |
| 1948 | CKV_OCI_7 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage bucket can emit object events | Terraform |
| 1949 | CKV_OCI_8 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage has versioning enabled | Terraform |
| 1950 | CKV_OCI_9 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage is encrypted with Customer Managed Key | Terraform |
| 1951 | CKV_OCI_10 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage is not Public | Terraform |
| 1952 | CKV_OCI_11 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain lower case | Terraform |
| 1953 | CKV_OCI_12 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain Numeric characters | Terraform |
| 1954 | CKV_OCI_13 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain Special characters | Terraform |
| 1955 | CKV_OCI_14 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain Uppercase characters | Terraform |
| 1956 | CKV_OCI_15 | resource | oci_file_storage_file_system | Ensure OCI File System is Encrypted with a customer Managed Key | Terraform |
| 1957 | CKV_OCI_16 | resource | oci_core_security_list | Ensure VCN has an inbound security list | Terraform |
| 1958 | CKV_OCI_17 | resource | oci_core_security_list | Ensure VCN inbound security lists are stateless | Terraform |
| 1959 | CKV_OCI_18 | resource | oci_identity_authentication_policy | OCI IAM password policy for local (non-federated) users has a minimum length of 14 characters | Terraform |
| 1960 | CKV_OCI_19 | resource | oci_core_security_list | Ensure no security list allow ingress from 0.0.0.0:0 to port 22. | Terraform |
| 1961 | CKV_OCI_20 | resource | oci_core_security_list | Ensure no security list allow ingress from 0.0.0.0:0 to port 3389. | Terraform |
| 1962 | CKV_OCI_21 | resource | oci_core_network_security_group_security_rule | Ensure security group has stateless ingress security rules | Terraform |
| 1963 | CKV_OCI_22 | resource | oci_core_network_security_group_security_rule | Ensure no security groups rules allow ingress from 0.0.0.0/0 to port 22 | Terraform |
| 1964 | CKV2_OCI_1 | resource | oci_identity_group | Ensure administrator users are not associated with API keys | Terraform |
| 1965 | CKV2_OCI_1 | resource | oci_identity_user | Ensure administrator users are not associated with API keys | Terraform |
| 1966 | CKV2_OCI_1 | resource | oci_identity_user_group_membership | Ensure administrator users are not associated with API keys | Terraform |
| 1967 | CKV_OPENAPI_1 | resource | securityDefinitions | Ensure that securityDefinitions is defined and not empty. | OpenAPI |
| 1968 | CKV_OPENAPI_2 | resource | security | Ensure that if the security scheme is not of type 'oauth2', the array value must be empty | OpenAPI |
| 1969 | CKV_OPENAPI_3 | resource | components | Ensure that security schemes don't allow cleartext credentials over unencrypted channel | OpenAPI |
| 1970 | CKV_OPENAPI_4 | resource | security | Ensure that the global security field has rules defined | OpenAPI |
| 1971 | CKV_OPENAPI_5 | resource | security | Ensure that security operations is not empty. | OpenAPI |
| 1972 | CKV_OPENAPI_6 | resource | security | Ensure that security requirement defined in securityDefinitions. | OpenAPI |
| 1973 | CKV_OPENSTACK_1 | provider | openstack | Ensure no hard coded OpenStack password, token, or application_credential_secret exists in provider | Terraform |
| 1974 | CKV_OPENSTACK_2 | resource | openstack_compute_secgroup_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp) | Terraform |
| 1975 | CKV_OPENSTACK_2 | resource | openstack_networking_secgroup_rule_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp) | Terraform |
| 1976 | CKV_OPENSTACK_3 | resource | openstack_compute_secgroup_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp) | Terraform |
| 1977 | CKV_OPENSTACK_3 | resource | openstack_networking_secgroup_rule_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp) | Terraform |
| 1978 | CKV_OPENSTACK_4 | resource | openstack_compute_instance_v2 | Ensure that instance does not use basic credentials | Terraform |
| 1979 | CKV_OPENSTACK_5 | resource | openstack_fw_rule_v1 | Ensure firewall rule set a destination IP | Terraform |
| 1980 | CKV_PAN_1 | provider | panos | Ensure no hard coded PAN-OS credentials exist in provider | Terraform |
| 1981 | CKV_PAN_2 | resource | panos_management_profile | Ensure plain-text management HTTP is not enabled for an Interface Management Profile | Terraform |
| 1982 | CKV_PAN_3 | resource | panos_management_profile | Ensure plain-text management Telnet is not enabled for an Interface Management Profile | Terraform |
| 1983 | CKV_PAN_4 | resource | panos_security_policy | Ensure DSRI is not enabled within security policies | Terraform |
| 1984 | CKV_PAN_4 | resource | panos_security_rule_group | Ensure DSRI is not enabled within security policies | Terraform |
| 1985 | CKV_PAN_5 | resource | panos_security_policy | Ensure security rules do not have 'applications' set to 'any' | Terraform |
| 1986 | CKV_PAN_5 | resource | panos_security_rule_group | Ensure security rules do not have 'applications' set to 'any' | Terraform |
| 1987 | CKV_PAN_6 | resource | panos_security_policy | Ensure security rules do not have 'services' set to 'any' | Terraform |
| 1988 | CKV_PAN_6 | resource | panos_security_rule_group | Ensure security rules do not have 'services' set to 'any' | Terraform |
| 1989 | CKV_PAN_7 | resource | panos_security_policy | Ensure security rules do not have 'source_addresses' and 'destination_addresses' both containing values of 'any' | Terraform |
| 1990 | CKV_PAN_7 | resource | panos_security_rule_group | Ensure security rules do not have 'source_addresses' and 'destination_addresses' both containing values of 'any' | Terraform |
| 1991 | CKV_PAN_8 | resource | panos_security_policy | Ensure description is populated within security policies | Terraform |
| 1992 | CKV_PAN_8 | resource | panos_security_rule_group | Ensure description is populated within security policies | Terraform |
| 1993 | CKV_PAN_9 | resource | panos_security_policy | Ensure a Log Forwarding Profile is selected for each security policy rule | Terraform |
| 1994 | CKV_PAN_9 | resource | panos_security_rule_group | Ensure a Log Forwarding Profile is selected for each security policy rule | Terraform |
| 1995 | CKV_PAN_10 | resource | panos_security_policy | Ensure logging at session end is enabled within security policies | Terraform |
| 1996 | CKV_PAN_10 | resource | panos_security_rule_group | Ensure logging at session end is enabled within security policies | Terraform |
| 1997 | CKV_PAN_11 | resource | panos_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure encryption algorithms | Terraform |
| 1998 | CKV_PAN_11 | resource | panos_panorama_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure encryption algorithms | Terraform |
| 1999 | CKV_PAN_12 | resource | panos_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure authentication algorithms | Terraform |
| 2000 | CKV_PAN_12 | resource | panos_panorama_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure authentication algorithms | Terraform |
| 2001 | CKV_PAN_13 | resource | panos_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure protocols | Terraform |
| 2002 | CKV_PAN_13 | resource | panos_panorama_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure protocols | Terraform |
| 2003 | CKV_PAN_14 | resource | panos_panorama_zone | Ensure a Zone Protection Profile is defined within Security Zones | Terraform |
| 2004 | CKV_PAN_14 | resource | panos_zone | Ensure a Zone Protection Profile is defined within Security Zones | Terraform |
| 2005 | CKV_PAN_14 | resource | panos_zone_entry | Ensure a Zone Protection Profile is defined within Security Zones | Terraform |
| 2006 | CKV_PAN_15 | resource | panos_panorama_zone | Ensure an Include ACL is defined for a Zone when User-ID is enabled | Terraform |
| 2007 | CKV_PAN_15 | resource | panos_zone | Ensure an Include ACL is defined for a Zone when User-ID is enabled | Terraform |
| 2008 | CKV_SECRET_1 | Artifactory Credentials | secrets | Artifactory Credentials | secrets |
| 2009 | CKV_SECRET_2 | AWS Access Key | secrets | AWS Access Key | secrets |
| 2010 | CKV_SECRET_3 | Azure Storage Account access key | secrets | Azure Storage Account access key | secrets |
| 2011 | CKV_SECRET_4 | Basic Auth Credentials | secrets | Basic Auth Credentials | secrets |
| 2012 | CKV_SECRET_5 | Cloudant Credentials | secrets | Cloudant Credentials | secrets |
| 2013 | CKV_SECRET_6 | Base64 High Entropy String | secrets | Base64 High Entropy String | secrets |
| 2014 | CKV_SECRET_7 | IBM Cloud IAM Key | secrets | IBM Cloud IAM Key | secrets |
| 2015 | CKV_SECRET_8 | IBM COS HMAC Credentials | secrets | IBM COS HMAC Credentials | secrets |
| 2016 | CKV_SECRET_9 | JSON Web Token | secrets | JSON Web Token | secrets |
| 2017 | CKV_SECRET_11 | Mailchimp Access Key | secrets | Mailchimp Access Key | secrets |
| 2018 | CKV_SECRET_12 | NPM tokens | secrets | NPM tokens | secrets |
| 2019 | CKV_SECRET_13 | Private Key | secrets | Private Key | secrets |
| 2020 | CKV_SECRET_14 | Slack Token | secrets | Slack Token | secrets |
| 2021 | CKV_SECRET_15 | SoftLayer Credentials | secrets | SoftLayer Credentials | secrets |
| 2022 | CKV_SECRET_16 | Square OAuth Secret | secrets | Square OAuth Secret | secrets |
| 2023 | CKV_SECRET_17 | Stripe Access Key | secrets | Stripe Access Key | secrets |
| 2024 | CKV_SECRET_18 | Twilio API Key | secrets | Twilio API Key | secrets |
| 2025 | CKV_SECRET_19 | Hex High Entropy String | secrets | Hex High Entropy String | secrets |
elapsed time: 0:00:01.698385