Find out if you have vulnerabilities that put you at risk
Test your applications
Toggle filtering controls
All service groups
AWS
All AWS service groups
Account Management
ACM
Amplify
API Gateway (REST APIs)
AppStream
AppSync
Athena
Batch
CloudFront
CloudTrail
CloudWatch
CodeBuild
Cognito
Config
DocumentDB
DynamoDB
EBS
EC2
ECR
ECS
EFS
EKS
ELB
EMR
ElastiCache
ElasticSearch
FSx
Glacier
Global Accelerator
Glue
IAM
Kinesis
KMS
Lambda
MQ
MSK
Neptune
QLDB
RDS
Redshift
S3
Sagemaker
Secrets Manager
SNS
SQS
SSM
Transfer
VPC
WAF
WorkSpaces
Azure
Google
Kubernetes
Report a new vulnerability
RULE
SERVICE GROUP
M
Container is running with writable root filesystem
Deployment
M
Container is running without AppArmor profile
Container
M
Container is running without liveness probe
Container
M
Container is running without privilege escalation control
Deployment
M
Container is running without root user control
Deployment
M
Container's UID could clash with host's UID
Container
M
Cosmos DB account ACL bypass for trusted services is enabled
CosmosDB (DocumentDB)
M
Cosmos DB account automatic failover is disabled
CosmosDB (DocumentDB)
M
Cosmos DB account does not restrict user access to data operations
CosmosDB (DocumentDB)
M
CosmosDB account public network access is enabled
CosmosDB (DocumentDB)
M
Cross DB ownership chaining is enabled
Cloud SQL
M
Custom Role should be assigned for administering resource locks
Role
M
Custom subscription role grants owner rights
Authorization
M
Customer supplied encryption keys are not used to encrypt compute disk
Compute Engine
M
Customer-supplied encryption keys are not used to encrypt VM compute instance
Compute Engine
M
Data Factory is not encrypted with a customer-managed key
Data Factory
M
Data Factory public access is enabled
Data Factory
M
Data generated by SSM operations and stored in S3 bucket is not encrypted
SSM
M
Data Lake Storage allows inbound access from any source instead of a restricted range
Data Lake
M
Data Lake Storage firewall disabled
Data Lake
M
Data stream is not encrypted at rest
Kinesis
M
Dataflow Internal Traffic Restriction
Dataflow
M
Dataproc Clusters are not encrypted with Customer-Managed Encryption Keys
Dataproc
M
Default network automatically created
Cloud Platform
M
Default service account is used
Compute Engine
M
Diagnostic setting does not capture AuditEvent category
Monitor
M
Direct internet access enabled for SageMaker Notebook Instance
Sagemaker
M
DNS managed zone DNSSEC key-signing keys should not use RSASHA1
Cloud DNS
M
DNS managed zone DNSSEC zone-signing keys should not use RSASHA1
Cloud DNS
M
DNSSEC is not enabled on managed zone
Cloud DNS
Previous
Next