Find out if you have vulnerabilities that put you at risk
Test your applications
Toggle filtering controls
All service groups
AWS
Azure
Google
Kubernetes
All Kubernetes service groups
Container
Deployment
Network Policy
Network
Pod Security Policy
Role
RoleBinding
Service
Report a new vulnerability
RULE
SERVICE GROUP
M
Container is running with writable root filesystem
Deployment
M
Container is running without AppArmor profile
Container
M
Container is running without liveness probe
Container
M
Container is running without privilege escalation control
Deployment
M
Container is running without root user control
Deployment
M
Container's UID could clash with host's UID
Container
M
Cosmos DB account ACL bypass for trusted services is enabled
CosmosDB (DocumentDB)
M
Cosmos DB account automatic failover is disabled
CosmosDB (DocumentDB)
M
Cosmos DB account does not restrict user access to data operations
CosmosDB (DocumentDB)
M
CosmosDB account public network access is enabled
CosmosDB (DocumentDB)
M
Cross DB ownership chaining is enabled
Cloud SQL
M
Custom Role should be assigned for administering resource locks
Role
M
Custom subscription role grants owner rights
Authorization
M
Customer supplied encryption keys are not used to encrypt compute disk
Compute Engine
M
Customer-supplied encryption keys are not used to encrypt VM compute instance
Compute Engine
M
Data Factory is not encrypted with a customer-managed key
Data Factory
M
Data Factory public access is enabled
Data Factory
M
Data generated by SSM operations and stored in S3 bucket is not encrypted
SSM
M
Data Lake Storage allows inbound access from any source instead of a restricted range
Data Lake
M
Data Lake Storage firewall disabled
Data Lake
M
Data stream is not encrypted at rest
Kinesis
M
Dataflow Internal Traffic Restriction
Dataflow
M
Dataproc Clusters are not encrypted with Customer-Managed Encryption Keys
Dataproc
M
Default network automatically created
Cloud Platform
M
Default service account is used
Compute Engine
M
Diagnostic setting does not capture AuditEvent category
Monitor
M
Direct internet access enabled for SageMaker Notebook Instance
Sagemaker
M
DNS managed zone DNSSEC key-signing keys should not use RSASHA1
Cloud DNS
M
DNS managed zone DNSSEC zone-signing keys should not use RSASHA1
Cloud DNS
M
DNSSEC is not enabled on managed zone
Cloud DNS
Previous
Next
