CKV_AZURE_109
Security
Medium
Ensure key vault allows firewall rules settings
BACK TO LIST
Terraform rules
Codiga Static Analysis engine checks all terraform code and surface security and safety issues as well as enforcement of best practices. No matter what cloud you use (AWS, GCP, Azure), Codiga got you covered and flags potential problems at every push and pull request.
CKV_AZURE_50
Security
Medium
Ensure Virtual Machine Extensions are not Installed
CKV_AZURE_120
Security
Medium
Ensure that Application Gateway enables WAF
CKV_AZURE_35
Security
Medium
Ensure default network access rule for Storage Accounts is set to deny
CKV2_AZURE_21
Security
Medium
Ensure Storage logging is enabled for Blob service for read requests
CKV_AZURE_116
Security
Medium
Ensure that AKS uses Azure Policies Add-on
CKV_AZURE_141
Security
Medium
Ensure AKS local admin account is disabled
CKV_AZURE_151
Security
Medium
Ensure Windows VM enables encryption
CKV_AZURE_44
Security
Medium
Ensure Storage Account is using the latest version of TLS encryption
CKV_AWS_57
Security
Medium
S3 Bucket has an ACL defined which allows public WRITE access.
CKV_AWS_178
Security
Medium
Ensure fx ontap file system is encrypted by KMS using a customer managed Key (CMK)
CKV2_AWS_3
Security
Medium
Ensure GuardDuty is enbaled to specific org/region
CKV2_AZURE_20
Security
Medium
Ensure Azure storage account logging for tables is enabled
CKV_AWS_137
Security
Medium
Ensure that Elasticsearch is configured inside a VPC
CKV_AWS_142
Security
Medium
Ensure Redshift cluster is encrypted by KMS
CKV_AWS_162
Security
Medium
Ensure RDS cluster has IAM authentication enabled
CKV_AWS_179
Security
Medium
Ensure FSX Windows filesystem is encrypted by KMS using a customer managed Key (CMK)
CKV_AWS_188
Security
Medium
Ensure RedShift Cluster is encrypted by KMS using a customer managed Key (CMK)
CKV_AWS_228
Security
Medium
Verify Elasticsearch domain is using an up to date TLS policy
CKV_AWS_248
Security
Medium
Ensure that Elasticsearch is not using the default Security Group
CKV_AWS_33
Security
Medium
Ensure KMS key policy does not contain wildcard (*) principal
CKV_AWS_71
Security
Medium
Ensure AWS Redshift database has audit logging enabled
CKV_AWS_84
Security
Medium
Ensure Elasticsearch Domain Logging is enabled
CKV_GIT_6
Security
Medium
Ensure all commits GPG signed
CKV_AZURE_103
Security
Medium
Ensure that Azure Data Factory uses Git repository for source control
CKV_AZURE_110
Security
Medium
Ensure that key vault enables purge protection
CKV_AZURE_16
Security
Medium
Ensure App Service is registered with an Azure Active Directory account
CKV_AZURE_17
Security
Medium
Ensure the web app has certificates set
CKV_AZURE_18
Security
Medium
Ensure that 'HTTP Version' is the latest if used to run the web app
CKV_AZURE_70
Security
Medium
Ensure function apps are only accessible over HTTPS
CKV2_AZURE_18
Security
Medium
Ensure that Storage Accounts use customer-managed key for encryption
CKV2_AZURE_2
Security
Medium
Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account