Find out if you have vulnerabilities that put you at risk
Test your applications
Toggle filtering controls
All service groups
AWS
Azure
Google
Kubernetes
Report a new vulnerability
RULE
SERVICE GROUP
M
IAM role used for trust relationship does not have MFA or external IDs
IAM
M
IAM user does not have MFA (virtual or hardware) enabled
IAM
M
IAM user has privileged roles at project level
IAM
M
IAM user is not a member of at least one group
IAM
M
IAM user login profile does not enforce resetting the generated password
IAM
M
IAM users should not have both KMS admin and any of the KMS encrypter/decrypter roles.
IAM
M
Infrastructure Encryption is not enabled
Storage
M
IP forwarding enabled on the instance template
Compute
M
IP forwarding is enabled
Compute Engine
M
IP forwarding is enabled on the instance
Compute Engine
M
Job bookmarks generated by Glue are not encrypted
Glue
M
Key Vault accidental purge prevention is disabled
Key Vault
M
Key Vault is not protected by firewall
Key Vault
M
Key Vault logging is not enabled
Monitor
M
Key Vault purge protection is disabled
Key Vault
M
Key Vault soft deletion is not set to 90 days
Key Vault
M
KMS key does not have key rotation enabled
KMS
M
KMS keys are not automatically rotated
Cloud KMS
M
Kubernetes API Server allows public access
Container
M
Kubernetes Cluster is not VPC-Native.
Kubernetes (Container) Engine
M
Lambda Functions are not deployed within a VPC
Lambda
M
Lambda functions missing provisioned concurrency configuration
Lambda
M
Lambda permission has wildcard principal
Lambda
M
Legacy ABAC is enabled
Kubernetes (Container) Engine
M
Linux virtual machine has password authentication enabled
Compute
M
Linux VM scale set encryption at host is disabled
Compute
M
Load balancer access logging is not enabled
ELB
M
Load balancer is internet facing
ELB
M
Logging is not enabled on storage bucket
Cloud Storage
M
Logging metric filter and alert for audit configuration changes are not configured
Monitor
Previous
Next
