Find out if you have vulnerabilities that put you at risk
Test your applications
Toggle filtering controls
All service groups
AWS
Azure
Google
Kubernetes
Report a new vulnerability
RULE
SERVICE GROUP
H
Public ALB Must Be Protected by AWS WAF
WAF
H
Public read access is enabled for storage containers and blobs
Storage
H
RDS database instance is publicly accessible
RDS
H
Redis cache insecure port is enabled
Redis
H
Redshift cluster does not require SSL connections
Redshift
H
Redshift cluster is publicly accessible
Redshift
H
Roles and cluster roles should not use wildcards for resource, verb, or apiGroup entries
Role
H
S3 bucket ACL allows public access to S3 bucket storing CloudTrail log files
S3
H
S3 bucket does not have `ignore_public_acls` enabled
S3
H
S3 bucket has `restrict_public_buckets` disabled
S3
H
S3 bucket is publicly readable
S3
H
S3 Bucket is publicly readable
S3
H
SageMaker Notebook root access is enabled
Sagemaker
H
SAS token can be used over insecure HTTP
Storage
H
Sensitive certificate key material is stored in state file
Secrets Manager
H
Service account has admin privileges
IAM
H
Service is using an external IP
Service
H
SQS queue policy allows all actions on the resource
SQS
H
SQS Queues are not encrypted at rest
SQS
H
SSL is not enabled on CloudSQL instance
Cloud SQL
H
Storage account blob service soft delete is disabled
Storage
H
Storage account does not enforce HTTPS
Storage
H
Storage container allows public access
Storage
H
Storage queue service logging is disabled
Storage
H
The built-in "cluster-admin" role is used
Deployment
H
The client traffic will not be encrypted in transit
MSK
H
The ElasticSearch cluster does not enforce HTTPS
ElasticSearch
H
The FSx for Windows File Server does not have retention backup period configured
FSx
H
The IAM role can be assumed by any service or principal
IAM
H
The log_connections setting is disabled on Postgresql DB
Cloud SQL
Previous
Next
