Find out if you have vulnerabilities that put you at risk
Test your applications
Toggle filtering controls
All service groups
AWS
Azure
Google
Kubernetes
All Kubernetes service groups
Container
Deployment
Network Policy
Network
Pod Security Policy
Role
RoleBinding
Service
Report a new vulnerability
RULE
SERVICE GROUP
M
Wildcard principal has been specified in access policy
ElasticSearch
M
Wildcard principal specified in REST API access policy
API Gateway (REST APIs)
M
Windows Defender ATP (WDATP) integration in Security Center is disabled
Security Center
M
Windows VM scale set encryption at host is disabled
Compute
M
Workspaces is assigned public IP
WorkSpaces
M
X-ray tracing is disabled for Lambda function
Lambda
L
AKS cluster Network Policy feature is disabled
Container
L
App Service mutual TLS is disabled
App Service (Web Apps)
L
Cloud SQL for MySQL allows all users to see database names
Cloud SQL
L
Compute firewall allows open egress
Compute Engine
L
Container has no CPU limit
Deployment
L
Container is running with custom hosts file configuration
Deployment
L
Container is running with custom SELinux options
Deployment
L
Container is running with shared mount propagation
Deployment
L
Container is running without memory limit
Deployment
L
EC2 instance is not associated with IAM role and instance profile
EC2
L
ECS container definition mounts volumes with mount propagation set to "shared"
ECS
L
ECS task definition does not set CPU limit for containers
ECS
L
GKE Alias IP disabled
Kubernetes (Container) Engine
L
GKE cluster labels are missing
Kubernetes (Container) Engine
L
GKE Node Pool auto repair is disabled
Kubernetes (Container) Engine
L
GKE Node Pool auto upgrade disabled
Kubernetes (Container) Engine
L
GKE Node pool does not use a container-optimized OS
Kubernetes (Container) Engine
L
GKE PodSecurityPolicy controller is disabled
Kubernetes (Container) Engine
L
GKE Shield is disabled
Kubernetes (Container) Engine
L
IAM policies allow broad list actions on S3 buckets
IAM
L
IAM role attached to instance profile allows broad list actions on S3 buckets
EC2
L
Instance IP assignment is not set to private
Compute Engine
L
OS Login is disabled on instance
Compute Engine
L
Pod spec 'automountServiceAccountToken' should be set to 'false'
Service
Previous
Next