This repository has been archived by the owner on Apr 9, 2024. It is now read-only.
Secure Code Analysis #249
modernisation-platform-cicode-scanning.yml
on: schedule
tfsec
22s
checkov
32s
Matrix: tflint
Annotations
10 errors and 1 notice
|
checkov:
terraform/aurora.tf#L1
CKV_AWS_324: "Ensure that RDS Cluster log capture is enabled"
|
|
checkov:
terraform/aurora.tf#L1
CKV_AWS_162: "Ensure RDS cluster has IAM authentication enabled"
|
|
checkov:
terraform/aurora.tf#L1
CKV_AWS_313: "Ensure RDS cluster configured to copy tags to snapshots"
|
|
checkov:
terraform/ecs-iam.tf#L40
CKV_AWS_108: "Ensure IAM policies does not allow data exfiltration"
|
|
checkov:
terraform/ecs-iam.tf#L40
CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
|
|
checkov:
terraform/ecs-iam.tf#L40
CKV_AWS_111: "Ensure IAM policies does not allow write access without constraints"
|
|
checkov:
terraform/ecs-task-definition.tf#L2
CKV_AWS_336: "Ensure ECS containers are limited to read-only access to root filesystems"
|
|
checkov:
terraform/ecs.tf#L1
CKV_AWS_65: "Ensure container insights are enabled on ECS cluster"
|
|
checkov:
terraform/ecs.tf#L5
CKV_AWS_332: "Ensure ECS Fargate services run on the latest Fargate platform version"
|
|
checkov:
terraform/ecs.tf#L31
CKV_AWS_23: "Ensure every security groups rule has a description"
|
|
GitHub API token
Consider setting a GITHUB_TOKEN to prevent GitHub api rate limits
|