Find out if you have vulnerabilities that put you at risk
Test your applications
Toggle filtering controls
All service groups
AWS
All AWS service groups
Account Management
ACM
Amplify
API Gateway (REST APIs)
AppStream
AppSync
Athena
Batch
CloudFront
CloudTrail
CloudWatch
CodeBuild
Cognito
Config
DocumentDB
DynamoDB
EBS
EC2
ECR
ECS
EFS
EKS
ELB
EMR
ElastiCache
ElasticSearch
FSx
Glacier
Global Accelerator
Glue
IAM
Kinesis
KMS
Lambda
MQ
MSK
Neptune
QLDB
RDS
Redshift
S3
Sagemaker
Secrets Manager
SNS
SQS
SSM
Transfer
VPC
WAF
WorkSpaces
Azure
Google
Kubernetes
Report a new vulnerability
RULE
SERVICE GROUP
M
CloudWatch log metric filter and alarm are not set for Management Console sign-in without MFA
CloudWatch
M
CloudWatch log metric filter and alarm are not set for S3 bucket policy changes
CloudWatch
M
CloudWatch log metric filter and alarm are not set for unauthorized API calls
CloudWatch
M
CloudWatch log metric filter and alarm are not set for usage of root account
CloudWatch
M
CloudWatch log metric filter and alarm are not set for VPC changes
CloudWatch
M
CloudWatch log metric filter and alarm are not set for VPC route table changes
CloudWatch
M
CloudWatch log metric filter and alarm are not set for VPC security group changes
CloudWatch
M
CloudWatch log metric filter and alarm for AWS Organizations changes are not set for the master account
CloudWatch
M
CodeBuild project encryption is explicitly disabled
CodeBuild
M
Cognitive Search has insufficient replicas configured
Search
M
Cognitive Search service does not use system-assigned identities
Search
M
Cognitive Search service public network access is enabled
Search
M
Cognitive Search uses Free SKU
Search
M
Cognito user pool does not require multi-factor authentication method
Cognito
M
Compute firewall allows unrestricted SSH access
Compute Engine
M
Compute instance delete protection is disabled
Compute Engine
M
Compute instance uses the default service account with full access to all Cloud APIs
Compute Engine
M
Configuration aggregator does not collect data from all regions
Config
M
Contained database authentication is enabled
Cloud SQL
M
Container could be running with outdated image
Container
M
Container does not drop all default capabilities
Deployment
M
Container image quarantine is disabled
Container
M
Container insights is disabled for AKS
Container
M
Container is exposing SSH port
Deployment
M
Container is running in host's IPC namespace
Deployment
M
Container is running in host's network namespace
Deployment
M
Container is running in host's PID namespace
Deployment
M
Container is running with host path mount
Container
M
Container is running with multiple open ports
Container
M
Container is running with SYS_ADMIN capability
Deployment
Previous
Next