Find out if you have vulnerabilities that put you at risk
Test your applications
Toggle filtering controls
All service groups
AWS
Azure
Google
Kubernetes
Report a new vulnerability
RULE
SERVICE GROUP
M
CloudWatch log metric filter and alarm are not set for Management Console sign-in without MFA
CloudWatch
M
CloudWatch log metric filter and alarm are not set for S3 bucket policy changes
CloudWatch
M
CloudWatch log metric filter and alarm are not set for unauthorized API calls
CloudWatch
M
CloudWatch log metric filter and alarm are not set for usage of root account
CloudWatch
M
CloudWatch log metric filter and alarm are not set for VPC changes
CloudWatch
M
CloudWatch log metric filter and alarm are not set for VPC route table changes
CloudWatch
M
CloudWatch log metric filter and alarm are not set for VPC security group changes
CloudWatch
M
CloudWatch log metric filter and alarm for AWS Organizations changes are not set for the master account
CloudWatch
M
CodeBuild project encryption is explicitly disabled
CodeBuild
M
Cognitive Search has insufficient replicas configured
Search
M
Cognitive Search service does not use system-assigned identities
Search
M
Cognitive Search service public network access is enabled
Search
M
Cognitive Search uses Free SKU
Search
M
Cognito user pool does not require multi-factor authentication method
Cognito
M
Compute firewall allows unrestricted SSH access
Compute Engine
M
Compute instance delete protection is disabled
Compute Engine
M
Compute instance uses the default service account with full access to all Cloud APIs
Compute Engine
M
Configuration aggregator does not collect data from all regions
Config
M
Contained database authentication is enabled
Cloud SQL
M
Container could be running with outdated image
Container
M
Container does not drop all default capabilities
Deployment
M
Container image quarantine is disabled
Container
M
Container insights is disabled for AKS
Container
M
Container is exposing SSH port
Deployment
M
Container is running in host's IPC namespace
Deployment
M
Container is running in host's network namespace
Deployment
M
Container is running in host's PID namespace
Deployment
M
Container is running with host path mount
Container
M
Container is running with multiple open ports
Container
M
Container is running with SYS_ADMIN capability
Deployment
Previous
Next
