Update fs_scan.yaml #104
liorj-orcaAnnotations
8 errors and 10 warnings
|
[HIGH] Global Security Field Is Undefined:
aws/positive3.json#L2
Details:
Global security field should be defined to prevent API to have insecure paths and
have this rules defined on securitySchemes
Recommendation:
A default security property should be defined
|
|
[HIGH] Global Security Field Is Undefined:
aws/positive2.yaml#L1
Details:
Global security field should be defined to prevent API to have insecure paths and
have this rules defined on securitySchemes
Recommendation:
A default security property should be defined
|
|
[HIGH] GKE using non-private nodes:
aws/positive1.yaml#L4
Details:
Kubernetes Clusters must be created with Private Clusters enabled
Recommendation:
'privateClusterConfig' should be defined and not null
|
|
[HIGH] Ec2 instance with public IPv4 address:
aws/ec2.tf#L1
Details:
EC2 Instance should not have a public IP address.
Recommendation:
'associate_public_ip_address' should be defined and not null
|
|
[HIGH] Ec2 instance with public IPv4 address:
aws/ec22.tf#L1
Details:
EC2 Instance should not have a public IP address.
Recommendation:
'associate_public_ip_address' should be defined and not null
|
|
[HIGH] Ec2 instance with public IPv4 address:
aws/ec222.tf#L1
Details:
EC2 Instance should not have a public IP address.
Recommendation:
'associate_public_ip_address' should be defined and not null
|
|
[HIGH] Cluster Master Authentication Disabled:
aws/positive1.yaml#L4
Details:
Kubernetes Engine Clusters must have Master Authentication set to enabled
Recommendation:
'masterAuth' should be defined and not null
|
|
Orca IaC Scan
Orca IaC scan failed with exit code 3
|
|
[MEDIUM] EBS volume unencrypted:
aws/ec2.tf#L53
Details:
The value on AWS EBS Volume Snapshot Encryptation must be true
Recommendation:
'aws_ebs_volume[web_host_storage].encrypted' associated with
aws_ebs_snapshot[example_snapshot] should be set
|
|
[MEDIUM] EBS volume unencrypted:
aws/ec222.tf#L53
Details:
The value on AWS EBS Volume Snapshot Encryptation must be true
Recommendation:
'aws_ebs_volume[web_host_storage].encrypted' associated with
aws_ebs_snapshot[example_snapshot] should be set
|
|
[MEDIUM] EBS volume unencrypted:
aws/ec22.tf#L53
Details:
The value on AWS EBS Volume Snapshot Encryptation must be true
Recommendation:
'aws_ebs_volume[web_host_storage].encrypted' associated with
aws_ebs_snapshot[example_snapshot] should be set
|
|
[MEDIUM] Numeric Schema Without Minimum:
aws/positive3.json#L18
Details:
Numeric schema (type set to 'integer' or 'number') should have 'minimum' defined.
Recommendation:
Numeric schema should have 'minimum' defined
|
|
[MEDIUM] Field 'securityScheme' On Components Is Undefined:
aws/positive3.json#L2
Details:
Components' securityScheme field must have a valid scheme
Recommendation:
A security scheme on components should be defined
|
|
[MEDIUM] Security group allows inbound access to http ports:
aws/ec222.tf#L77
Details:
The HTTP port is open to the internet in a Security Group
Recommendation:
aws_security_group.ingress shouldn't open the HTTP port (80)
|
|
[MEDIUM] Security group allows inbound access to http ports:
aws/ec22.tf#L77
Details:
The HTTP port is open to the internet in a Security Group
Recommendation:
aws_security_group.ingress shouldn't open the HTTP port (80)
|
|
[MEDIUM] Security group allows inbound access to http ports:
aws/ec2.tf#L77
Details:
The HTTP port is open to the internet in a Security Group
Recommendation:
aws_security_group.ingress shouldn't open the HTTP port (80)
|
|
[MEDIUM] S3 Bucket SSE Disabled:
aws/ec22.tf#L271
Details:
If algorithm is AES256 then the master key is null, empty or undefined, otherwise
the master key is required
Recommendation:
'aws_s3_bucket' to have 'server_side_encryption_configuration' associated
|
|
[MEDIUM] S3 Bucket SSE Disabled:
aws/ec2.tf#L271
Details:
If algorithm is AES256 then the master key is null, empty or undefined, otherwise
the master key is required
Recommendation:
'aws_s3_bucket' to have 'server_side_encryption_configuration' associated
|