From c3afa0bfee0293e0a72f44a46d28e1cca61373e5 Mon Sep 17 00:00:00 2001 From: Adam La Morre Date: Sat, 31 Dec 2022 09:20:43 -0800 Subject: [PATCH 1/5] Rebuild deps --- example/yarn.lock | 89 +++++++++++++++++++++++++++++++++++++---------- package-lock.json | 4 +-- 2 files changed, 73 insertions(+), 20 deletions(-) diff --git a/example/yarn.lock b/example/yarn.lock index 53f4b01..40c13ab 100644 --- a/example/yarn.lock +++ b/example/yarn.lock @@ -9,6 +9,29 @@ dependencies: "@jridgewell/trace-mapping" "^0.3.0" +"@ant-design/colors@^6.0.0": + version "6.0.0" + resolved "https://registry.yarnpkg.com/@ant-design/colors/-/colors-6.0.0.tgz#9b9366257cffcc47db42b9d0203bb592c13c0298" + integrity sha512-qAZRvPzfdWHtfameEGP2Qvuf838NhergR35o+EuVyB5XvSA98xod5r4utvi4TJ3ywmevm290g9nsCG5MryrdWQ== + dependencies: + "@ctrl/tinycolor" "^3.4.0" + +"@ant-design/icons-svg@^4.2.1": + version "4.2.1" + resolved "https://registry.yarnpkg.com/@ant-design/icons-svg/-/icons-svg-4.2.1.tgz#8630da8eb4471a4aabdaed7d1ff6a97dcb2cf05a" + integrity sha512-EB0iwlKDGpG93hW8f85CTJTs4SvMX7tt5ceupvhALp1IF44SeUFOMhKUOYqpsoYWQKAOuTRDMqn75rEaKDp0Xw== + +"@ant-design/icons@^4.7.0": + version "4.8.0" + resolved "https://registry.yarnpkg.com/@ant-design/icons/-/icons-4.8.0.tgz#3084e2bb494cac3dad6c0392f77c1efc90ee1fa4" + integrity sha512-T89P2jG2vM7OJ0IfGx2+9FC5sQjtTzRSz+mCHTXkFn/ELZc2YpfStmYHmqzq2Jx55J0F7+O6i5/ZKFSVNWCKNg== + dependencies: + "@ant-design/colors" "^6.0.0" + "@ant-design/icons-svg" "^4.2.1" + "@babel/runtime" "^7.11.2" + classnames "^2.2.6" + rc-util "^5.9.4" + "@apideck/better-ajv-errors@^0.3.1": version "0.3.3" resolved "https://registry.yarnpkg.com/@apideck/better-ajv-errors/-/better-ajv-errors-0.3.3.tgz#ab0b1e981e1749bf59736cf7ebe25cfc9f949c15" @@ -1031,6 +1054,13 @@ dependencies: regenerator-runtime "^0.13.4" +"@babel/runtime@^7.18.3": + version "7.20.7" + resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.20.7.tgz#fcb41a5a70550e04a7b708037c7c32f7f356d8fd" + integrity sha512-UF0tvkUtxwAgZ5W/KrkHf0Rn0fdnLDU9ScxBrEVNUprE/MzirjK4MJUX1/BVDv00Sv8cljtukVK1aky++X1SjQ== + dependencies: + regenerator-runtime "^0.13.11" + "@babel/template@^7.16.7", "@babel/template@^7.3.3": version "7.16.7" resolved "https://registry.yarnpkg.com/@babel/template/-/template-7.16.7.tgz#8d126c8701fde4d66b264b3eba3d96f07666d155" @@ -1133,6 +1163,11 @@ dependencies: postcss-value-parser "^4.2.0" +"@ctrl/tinycolor@^3.4.0": + version "3.5.0" + resolved "https://registry.yarnpkg.com/@ctrl/tinycolor/-/tinycolor-3.5.0.tgz#6e52b3d1c38d13130101771821e09cdd414a16bc" + integrity sha512-tlJpwF40DEQcfR/QF+wNMVyGMaO9FQp6Z1Wahj4Gk3CJQYHwA2xVG7iKDFdW6zuxZY9XWOpGcfNCTsX4McOsOg== + "@eslint/eslintrc@^1.2.1": version "1.2.1" resolved "https://registry.yarnpkg.com/@eslint/eslintrc/-/eslintrc-1.2.1.tgz#8b5e1c49f4077235516bc9ec7d41378c0f69b8c6" @@ -2937,6 +2972,11 @@ cjs-module-lexer@^1.0.0: resolved "https://registry.yarnpkg.com/cjs-module-lexer/-/cjs-module-lexer-1.2.2.tgz#9f84ba3244a512f3a54e5277e8eef4c489864e40" integrity sha512-cOU9usZw8/dXIXKtwa8pM0OTJQuJkxMN6w30csNRUerHfeQ5R6U3kkU/FtJeIf3M202OHfY2U8ccInBG7/xogA== +classnames@^2.2.6: + version "2.3.2" + resolved "https://registry.yarnpkg.com/classnames/-/classnames-2.3.2.tgz#351d813bf0137fcc6a76a16b88208d2560a0d924" + integrity sha512-CSbhY4cFEJRe6/GQzIk5qXZ4Jeg5pcsP7b5peFSDpffpe1cqjASH/n9UTjBwOp6XpMSTwQ8Za2K5V02ueA7Tmw== + clean-css@^5.2.2: version "5.2.4" resolved "https://registry.yarnpkg.com/clean-css/-/clean-css-5.2.4.tgz#982b058f8581adb2ae062520808fb2429bd487a4" @@ -3970,10 +4010,10 @@ escodegen@^2.0.0: optionalDependencies: source-map "~0.6.1" -eslint-config-react-app@^7.0.0: - version "7.0.0" - resolved "https://registry.yarnpkg.com/eslint-config-react-app/-/eslint-config-react-app-7.0.0.tgz#0fa96d5ec1dfb99c029b1554362ab3fa1c3757df" - integrity sha512-xyymoxtIt1EOsSaGag+/jmcywRuieQoA2JbPCjnw9HukFj9/97aGPoZVFioaotzk1K5Qt9sHO5EutZbkrAXS0g== +eslint-config-react-app@^7.0.1: + version "7.0.1" + resolved "https://registry.yarnpkg.com/eslint-config-react-app/-/eslint-config-react-app-7.0.1.tgz#73ba3929978001c5c86274c017ea57eb5fa644b4" + integrity sha512-K6rNzvkIeHaTd8m/QEh1Zko0KI7BACWkkneSs6s9cKZC/J27X3eZR6Upt1jkmZ/4FK+XUOPPxMEN7+lbUXfSlA== dependencies: "@babel/core" "^7.16.0" "@babel/eslint-parser" "^7.16.3" @@ -6604,10 +6644,10 @@ next-tick@^1.1.0: resolved "https://registry.yarnpkg.com/next-tick/-/next-tick-1.1.0.tgz#1836ee30ad56d67ef281b22bd199f709449b35eb" integrity sha512-CXdUiJembsNjuToQvxayPZF9Vqht7hewsvy2sOWafLvi2awflj9mOC6bHIg50orX8IJvWKY9wYQ/zB2kogPslQ== -nextjs-websocket@^1.0.7: - version "1.0.7" - resolved "https://registry.yarnpkg.com/nextjs-websocket/-/nextjs-websocket-1.0.7.tgz#5a22f69857935ad2878a4e05db20d56059365154" - integrity sha512-fVqLhTQGj7DEXtAESqRJck+vY1Dn53YEQ1hgQS/M+eIVfP54hyU62nhwgTLOBkmDAzSbxAY2VSa4OlnhCrHgRQ== +nextjs-websocket@^1.0.8: + version "1.0.10" + resolved "https://registry.yarnpkg.com/nextjs-websocket/-/nextjs-websocket-1.0.10.tgz#f1b1b32eda18117b646828e011b3fdd8152c4a66" + integrity sha512-+k6jP8O/pemnhZsvcC68kE62j2yowQldYg0KzptzOMgUP4DbG22Id3jTmAQfFSLN9baEILfUyDrf/5eKT8NF7w== dependencies: websocket "^1.0.33" @@ -7819,6 +7859,14 @@ raw-body@^2.2.0: iconv-lite "0.4.24" unpipe "1.0.0" +rc-util@^5.9.4: + version "5.27.1" + resolved "https://registry.yarnpkg.com/rc-util/-/rc-util-5.27.1.tgz#d12f02b9577b04299c0f1a235c8acbcf56e2824b" + integrity sha512-PsjHA+f+KBCz+YTZxrl3ukJU5RoNKoe3KSNMh0xGiISbR67NaM9E9BiMjCwxa3AcCUOg/rZ+V0ZKLSimAA+e3w== + dependencies: + "@babel/runtime" "^7.18.3" + react-is "^16.12.0" + react-app-polyfill@^3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/react-app-polyfill/-/react-app-polyfill-3.0.0.tgz#95221e0a9bd259e5ca6b177c7bb1cb6768f68fd7" @@ -7835,10 +7883,10 @@ react-app-polyfill@^3.0.0: version "0.0.0" uid "" -react-dev-utils@^12.0.0: - version "12.0.0" - resolved "https://registry.yarnpkg.com/react-dev-utils/-/react-dev-utils-12.0.0.tgz#4eab12cdb95692a077616770b5988f0adf806526" - integrity sha512-xBQkitdxozPxt1YZ9O1097EJiVpwHr9FoAuEVURCKV0Av8NBERovJauzP7bo1ThvuhZ4shsQ1AJiu4vQpoT1AQ== +react-dev-utils@^12.0.1: + version "12.0.1" + resolved "https://registry.yarnpkg.com/react-dev-utils/-/react-dev-utils-12.0.1.tgz#ba92edb4a1f379bd46ccd6bcd4e7bc398df33e73" + integrity sha512-84Ivxmr17KjUupyqzFode6xKhjwuEJDROWKJy/BthkL7Wn6NJ8h4WE6k/exAv6ImS+0oZLRRW5j/aINMHyeGeQ== dependencies: "@babel/code-frame" "^7.16.0" address "^1.1.2" @@ -7859,7 +7907,7 @@ react-dev-utils@^12.0.0: open "^8.4.0" pkg-up "^3.1.0" prompts "^2.4.2" - react-error-overlay "^6.0.10" + react-error-overlay "^6.0.11" recursive-readdir "^2.2.2" shell-quote "^1.7.3" strip-ansi "^6.0.1" @@ -7869,10 +7917,10 @@ react-dev-utils@^12.0.0: version "0.0.0" uid "" -react-error-overlay@^6.0.10: - version "6.0.10" - resolved "https://registry.yarnpkg.com/react-error-overlay/-/react-error-overlay-6.0.10.tgz#0fe26db4fa85d9dbb8624729580e90e7159a59a6" - integrity sha512-mKR90fX7Pm5seCOfz8q9F+66VCc1PGsWSBxKbITjfKVQHMNF2zudxHnMdJiB1fRCb+XsbQV9sO9DCkgsMQgBIA== +react-error-overlay@^6.0.11: + version "6.0.11" + resolved "https://registry.yarnpkg.com/react-error-overlay/-/react-error-overlay-6.0.11.tgz#92835de5841c5cf08ba00ddd2d677b6d17ff9adb" + integrity sha512-/6UZ2qgEyH2aqzYZgQPxEnz33NJ2gNsnHA2o5+o4wW9bLM/JYQitNP9xPhsXwC08hMMovfGe/8retsdDsczPRg== react-grid-system@^7.1.2, react-grid-system@^7.3.2: version "7.3.2" @@ -7881,7 +7929,7 @@ react-grid-system@^7.1.2, react-grid-system@^7.3.2: dependencies: prop-types "^15.7.2" -react-is@^16.13.1, react-is@^16.4.2, react-is@^16.6.0, react-is@^16.7.0: +react-is@^16.12.0, react-is@^16.13.1, react-is@^16.4.2, react-is@^16.6.0, react-is@^16.7.0: version "16.13.1" resolved "https://registry.yarnpkg.com/react-is/-/react-is-16.13.1.tgz#789729a4dc36de2999dc156dd6c1d9c18cea56a4" integrity sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ== @@ -8050,6 +8098,11 @@ regenerate@^1.4.2: resolved "https://registry.yarnpkg.com/regenerate/-/regenerate-1.4.2.tgz#b9346d8827e8f5a32f7ba29637d398b69014848a" integrity sha512-zrceR/XhGYU/d/opr2EKO7aRHUeiBI8qjtfHqADTwZd6Szfy16la6kqD0MIUs5z5hx6AaKa+PixpPrR289+I0A== +regenerator-runtime@^0.13.11: + version "0.13.11" + resolved "https://registry.yarnpkg.com/regenerator-runtime/-/regenerator-runtime-0.13.11.tgz#f6dca3e7ceec20590d07ada785636a90cdca17f9" + integrity sha512-kY1AZVr2Ra+t+piVaJ4gxaFaReZVH40AKNo7UCX6W+dEwBo/2oZJzqfuN1qLq1oL45o56cPaTXELwrTh8Fpggg== + regenerator-runtime@^0.13.4, regenerator-runtime@^0.13.9: version "0.13.9" resolved "https://registry.yarnpkg.com/regenerator-runtime/-/regenerator-runtime-0.13.9.tgz#8925742a98ffd90814988d7566ad30ca3b263b52" diff --git a/package-lock.json b/package-lock.json index 8b6818b..4c2e3f9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "react-chat-engine-advanced", - "version": "0.1.27", + "version": "0.1.28", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "react-chat-engine-advanced", - "version": "0.1.27", + "version": "0.1.28", "license": "MIT", "dependencies": { "@ant-design/icons": "^4.7.0", From 0567cc9a0b399e291ff16494ce1abfaaab4bf0ca Mon Sep 17 00:00:00 2001 From: Adam La Morre Date: Sun, 1 Jan 2023 20:14:39 -0800 Subject: [PATCH 2/5] Example next project to work on --- example-next/.eslintrc.json | 3 + example-next/.gitignore | 36 + example-next/README.md | 36 + example-next/next.config.js | 6 + example-next/package-lock.json | 5118 ++++++++++++++++++ example-next/package.json | 24 + example-next/pages/_app.tsx | 5 + example-next/pages/_document.tsx | 13 + example-next/pages/index.tsx | 19 + example-next/public/favicon.ico | Bin 0 -> 25931 bytes example-next/public/next.svg | 1 + example-next/public/thirteen.svg | 1 + example-next/public/vercel.svg | 1 + example-next/tsconfig.json | 20 + example-next/yarn.lock | 2090 +++++++ package-lock.json | 18 +- package.json | 2 +- src/@types/nextjs-websocket/index.d.ts | 8 +- src/sockets/MultiChatSocket/childSocket.tsx | 4 +- src/sockets/SingleChatSocket/childSocket.tsx | 64 +- 20 files changed, 7421 insertions(+), 48 deletions(-) create mode 100644 example-next/.eslintrc.json create mode 100644 example-next/.gitignore create mode 100644 example-next/README.md create mode 100644 example-next/next.config.js create mode 100644 example-next/package-lock.json create mode 100644 example-next/package.json create mode 100644 example-next/pages/_app.tsx create mode 100644 example-next/pages/_document.tsx create mode 100644 example-next/pages/index.tsx create mode 100644 example-next/public/favicon.ico create mode 100644 example-next/public/next.svg create mode 100644 example-next/public/thirteen.svg create mode 100644 example-next/public/vercel.svg create mode 100644 example-next/tsconfig.json create mode 100644 example-next/yarn.lock diff --git a/example-next/.eslintrc.json b/example-next/.eslintrc.json new file mode 100644 index 0000000..bffb357 --- /dev/null +++ b/example-next/.eslintrc.json @@ -0,0 +1,3 @@ +{ + "extends": "next/core-web-vitals" +} diff --git a/example-next/.gitignore b/example-next/.gitignore new file mode 100644 index 0000000..c87c9b3 --- /dev/null +++ b/example-next/.gitignore @@ -0,0 +1,36 @@ +# See https://help.github.com/articles/ignoring-files/ for more about ignoring files. + +# dependencies +/node_modules +/.pnp +.pnp.js + +# testing +/coverage + +# next.js +/.next/ +/out/ + +# production +/build + +# misc +.DS_Store +*.pem + +# debug +npm-debug.log* +yarn-debug.log* +yarn-error.log* +.pnpm-debug.log* + +# local env files +.env*.local + +# vercel +.vercel + +# typescript +*.tsbuildinfo +next-env.d.ts diff --git a/example-next/README.md b/example-next/README.md new file mode 100644 index 0000000..fb9bcc9 --- /dev/null +++ b/example-next/README.md @@ -0,0 +1,36 @@ +This is a [Next.js](https://nextjs.org/) project bootstrapped with [`create-next-app`](https://github.com/vercel/next.js/tree/canary/packages/create-next-app). + +## Getting Started + +First, run the development server: + +```bash +npm run dev +# or +yarn dev +``` + +Open [http://localhost:3000](http://localhost:3000) with your browser to see the result. + +You can start editing the page by modifying `pages/index.tsx`. The page auto-updates as you edit the file. + +[API routes](https://nextjs.org/docs/api-routes/introduction) can be accessed on [http://localhost:3000/api/hello](http://localhost:3000/api/hello). This endpoint can be edited in `pages/api/hello.ts`. + +The `pages/api` directory is mapped to `/api/*`. Files in this directory are treated as [API routes](https://nextjs.org/docs/api-routes/introduction) instead of React pages. + +This project uses [`next/font`](https://nextjs.org/docs/basic-features/font-optimization) to automatically optimize and load Inter, a custom Google Font. + +## Learn More + +To learn more about Next.js, take a look at the following resources: + +- [Next.js Documentation](https://nextjs.org/docs) - learn about Next.js features and API. +- [Learn Next.js](https://nextjs.org/learn) - an interactive Next.js tutorial. + +You can check out [the Next.js GitHub repository](https://github.com/vercel/next.js/) - your feedback and contributions are welcome! + +## Deploy on Vercel + +The easiest way to deploy your Next.js app is to use the [Vercel Platform](https://vercel.com/new?utm_medium=default-template&filter=next.js&utm_source=create-next-app&utm_campaign=create-next-app-readme) from the creators of Next.js. + +Check out our [Next.js deployment documentation](https://nextjs.org/docs/deployment) for more details. diff --git a/example-next/next.config.js b/example-next/next.config.js new file mode 100644 index 0000000..a843cbe --- /dev/null +++ b/example-next/next.config.js @@ -0,0 +1,6 @@ +/** @type {import('next').NextConfig} */ +const nextConfig = { + reactStrictMode: true, +} + +module.exports = nextConfig diff --git a/example-next/package-lock.json b/example-next/package-lock.json new file mode 100644 index 0000000..ca097af --- /dev/null +++ b/example-next/package-lock.json @@ -0,0 +1,5118 @@ +{ + "name": "example-next", + "version": "0.1.0", + "lockfileVersion": 2, + "requires": true, + "packages": { + "": { + "name": "example-next", + "version": "0.1.0", + "dependencies": { + "@next/font": "13.1.1", + "@types/node": "18.11.18", + "@types/react": "18.0.26", + "@types/react-dom": "18.0.10", + "eslint": "8.31.0", + "eslint-config-next": "13.1.1", + "next": "13.1.1", + "react": "18.2.0", + "react-dom": "18.2.0", + "typescript": "4.9.4" + } + }, + "node_modules/@babel/runtime": { + "version": "7.20.7", + "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.20.7.tgz", + "integrity": "sha512-UF0tvkUtxwAgZ5W/KrkHf0Rn0fdnLDU9ScxBrEVNUprE/MzirjK4MJUX1/BVDv00Sv8cljtukVK1aky++X1SjQ==", + "dependencies": { + "regenerator-runtime": "^0.13.11" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@babel/runtime-corejs3": { + "version": "7.20.7", + "resolved": "https://registry.npmjs.org/@babel/runtime-corejs3/-/runtime-corejs3-7.20.7.tgz", + "integrity": "sha512-jr9lCZ4RbRQmCR28Q8U8Fu49zvFqLxTY9AMOUz+iyMohMoAgpEcVxY+wJNay99oXOpOcCTODkk70NDN2aaJEeg==", + "dependencies": { + "core-js-pure": "^3.25.1", + "regenerator-runtime": "^0.13.11" + }, + "engines": { + "node": ">=6.9.0" + } + }, + "node_modules/@eslint/eslintrc": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-1.4.1.tgz", + "integrity": "sha512-XXrH9Uarn0stsyldqDYq8r++mROmWRI1xKMXa640Bb//SY1+ECYX6VzT6Lcx5frD0V30XieqJ0oX9I2Xj5aoMA==", + "dependencies": { + "ajv": "^6.12.4", + "debug": "^4.3.2", + "espree": "^9.4.0", + "globals": "^13.19.0", + "ignore": "^5.2.0", + "import-fresh": "^3.2.1", + "js-yaml": "^4.1.0", + "minimatch": "^3.1.2", + "strip-json-comments": "^3.1.1" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/@humanwhocodes/config-array": { + "version": "0.11.8", + "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.8.tgz", + "integrity": "sha512-UybHIJzJnR5Qc/MsD9Kr+RpO2h+/P1GhOwdiLPXK5TWk5sgTdu88bTD9UP+CKbPPh5Rni1u0GjAdYQLemG8g+g==", + "dependencies": { + "@humanwhocodes/object-schema": "^1.2.1", + "debug": "^4.1.1", + "minimatch": "^3.0.5" + }, + "engines": { + "node": ">=10.10.0" + } + }, + "node_modules/@humanwhocodes/module-importer": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz", + "integrity": "sha512-bxveV4V8v5Yb4ncFTT3rPSgZBOpCkjfK0y4oVVVJwIuDVBRMDXrPyXRL988i5ap9m9bnyEEjWfm5WkBmtffLfA==", + "engines": { + "node": ">=12.22" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/nzakas" + } + }, + "node_modules/@humanwhocodes/object-schema": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz", + "integrity": "sha512-ZnQMnLV4e7hDlUvw8H+U8ASL02SS2Gn6+9Ac3wGGLIe7+je2AeAOxPY+izIPJDfFDb7eDjev0Us8MO1iFRN8hA==" + }, + "node_modules/@next/env": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/env/-/env-13.1.1.tgz", + "integrity": "sha512-vFMyXtPjSAiOXOywMojxfKIqE3VWN5RCAx+tT3AS3pcKjMLFTCJFUWsKv8hC+87Z1F4W3r68qTwDFZIFmd5Xkw==" + }, + "node_modules/@next/eslint-plugin-next": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/eslint-plugin-next/-/eslint-plugin-next-13.1.1.tgz", + "integrity": "sha512-SBrOFS8PC3nQ5aeZmawJkjKkWjwK9RoxvBSv/86nZp0ubdoVQoko8r8htALd9ufp16NhacCdqhu9bzZLDWtALQ==", + "dependencies": { + "glob": "7.1.7" + } + }, + "node_modules/@next/font": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/font/-/font-13.1.1.tgz", + "integrity": "sha512-amygRorS05hYK1/XQRZo5qBl7l2fpHnezeKU/cNveWU5QJg+sg8gMGkUXHtvesNKpiKIJshBRH1TzvO+2sKpvQ==" + }, + "node_modules/@next/swc-android-arm-eabi": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-android-arm-eabi/-/swc-android-arm-eabi-13.1.1.tgz", + "integrity": "sha512-qnFCx1kT3JTWhWve4VkeWuZiyjG0b5T6J2iWuin74lORCupdrNukxkq9Pm+Z7PsatxuwVJMhjUoYz7H4cWzx2A==", + "cpu": [ + "arm" + ], + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-android-arm64": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-android-arm64/-/swc-android-arm64-13.1.1.tgz", + "integrity": "sha512-eCiZhTzjySubNqUnNkQCjU3Fh+ep3C6b5DCM5FKzsTH/3Gr/4Y7EiaPZKILbvnXmhWtKPIdcY6Zjx51t4VeTfA==", + "cpu": [ + "arm64" + ], + "optional": true, + "os": [ + "android" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-darwin-arm64": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-13.1.1.tgz", + "integrity": "sha512-9zRJSSIwER5tu9ADDkPw5rIZ+Np44HTXpYMr0rkM656IvssowPxmhK0rTreC1gpUCYwFsRbxarUJnJsTWiutPg==", + "cpu": [ + "arm64" + ], + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-darwin-x64": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-13.1.1.tgz", + "integrity": "sha512-qWr9qEn5nrnlhB0rtjSdR00RRZEtxg4EGvicIipqZWEyayPxhUu6NwKiG8wZiYZCLfJ5KWr66PGSNeDMGlNaiA==", + "cpu": [ + "x64" + ], + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-freebsd-x64": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-freebsd-x64/-/swc-freebsd-x64-13.1.1.tgz", + "integrity": "sha512-UwP4w/NcQ7V/VJEj3tGVszgb4pyUCt3lzJfUhjDMUmQbzG9LDvgiZgAGMYH6L21MoyAATJQPDGiAMWAPKsmumA==", + "cpu": [ + "x64" + ], + "optional": true, + "os": [ + "freebsd" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-linux-arm-gnueabihf": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-linux-arm-gnueabihf/-/swc-linux-arm-gnueabihf-13.1.1.tgz", + "integrity": "sha512-CnsxmKHco9sosBs1XcvCXP845Db+Wx1G0qouV5+Gr+HT/ZlDYEWKoHVDgnJXLVEQzq4FmHddBNGbXvgqM1Gfkg==", + "cpu": [ + "arm" + ], + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-linux-arm64-gnu": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-13.1.1.tgz", + "integrity": "sha512-JfDq1eri5Dif+VDpTkONRd083780nsMCOKoFG87wA0sa4xL8LGcXIBAkUGIC1uVy9SMsr2scA9CySLD/i+Oqiw==", + "cpu": [ + "arm64" + ], + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-linux-arm64-musl": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-13.1.1.tgz", + "integrity": "sha512-GA67ZbDq2AW0CY07zzGt07M5b5Yaq5qUpFIoW3UFfjOPgb0Sqf3DAW7GtFMK1sF4ROHsRDMGQ9rnT0VM2dVfKA==", + "cpu": [ + "arm64" + ], + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-linux-x64-gnu": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-13.1.1.tgz", + "integrity": "sha512-nnjuBrbzvqaOJaV+XgT8/+lmXrSCOt1YYZn/irbDb2fR2QprL6Q7WJNgwsZNxiLSfLdv+2RJGGegBx9sLBEzGA==", + "cpu": [ + "x64" + ], + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-linux-x64-musl": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-13.1.1.tgz", + "integrity": "sha512-CM9xnAQNIZ8zf/igbIT/i3xWbQZYaF397H+JroF5VMOCUleElaMdQLL5riJml8wUfPoN3dtfn2s4peSr3azz/g==", + "cpu": [ + "x64" + ], + "optional": true, + "os": [ + "linux" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-win32-arm64-msvc": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-13.1.1.tgz", + "integrity": "sha512-pzUHOGrbgfGgPlOMx9xk3QdPJoRPU+om84hqVoe6u+E0RdwOG0Ho/2UxCgDqmvpUrMab1Deltlt6RqcXFpnigQ==", + "cpu": [ + "arm64" + ], + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-win32-ia32-msvc": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-win32-ia32-msvc/-/swc-win32-ia32-msvc-13.1.1.tgz", + "integrity": "sha512-WeX8kVS46aobM9a7Xr/kEPcrTyiwJqQv/tbw6nhJ4fH9xNZ+cEcyPoQkwPo570dCOLz3Zo9S2q0E6lJ/EAUOBg==", + "cpu": [ + "ia32" + ], + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@next/swc-win32-x64-msvc": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-13.1.1.tgz", + "integrity": "sha512-mVF0/3/5QAc5EGVnb8ll31nNvf3BWpPY4pBb84tk+BfQglWLqc5AC9q1Ht/YMWiEgs8ALNKEQ3GQnbY0bJF2Gg==", + "cpu": [ + "x64" + ], + "optional": true, + "os": [ + "win32" + ], + "engines": { + "node": ">= 10" + } + }, + "node_modules/@nodelib/fs.scandir": { + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==", + "dependencies": { + "@nodelib/fs.stat": "2.0.5", + "run-parallel": "^1.1.9" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.stat": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==", + "engines": { + "node": ">= 8" + } + }, + "node_modules/@nodelib/fs.walk": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==", + "dependencies": { + "@nodelib/fs.scandir": "2.1.5", + "fastq": "^1.6.0" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/@pkgr/utils": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/@pkgr/utils/-/utils-2.3.1.tgz", + "integrity": "sha512-wfzX8kc1PMyUILA+1Z/EqoE4UCXGy0iRGMhPwdfae1+f0OXlLqCk+By+aMzgJBzR9AzS4CDizioG6Ss1gvAFJw==", + "dependencies": { + "cross-spawn": "^7.0.3", + "is-glob": "^4.0.3", + "open": "^8.4.0", + "picocolors": "^1.0.0", + "tiny-glob": "^0.2.9", + "tslib": "^2.4.0" + }, + "engines": { + "node": "^12.20.0 || ^14.18.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/unts" + } + }, + "node_modules/@rushstack/eslint-patch": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@rushstack/eslint-patch/-/eslint-patch-1.2.0.tgz", + "integrity": "sha512-sXo/qW2/pAcmT43VoRKOJbDOfV3cYpq3szSVfIThQXNt+E4DfKj361vaAt3c88U5tPUxzEswam7GW48PJqtKAg==" + }, + "node_modules/@swc/helpers": { + "version": "0.4.14", + "resolved": "https://registry.npmjs.org/@swc/helpers/-/helpers-0.4.14.tgz", + "integrity": "sha512-4C7nX/dvpzB7za4Ql9K81xK3HPxCpHMgwTZVyf+9JQ6VUbn9jjZVN7/Nkdz/Ugzs2CSjqnL/UPXroiVBVHUWUw==", + "dependencies": { + "tslib": "^2.4.0" + } + }, + "node_modules/@types/json5": { + "version": "0.0.29", + "resolved": "https://registry.npmjs.org/@types/json5/-/json5-0.0.29.tgz", + "integrity": "sha512-dRLjCWHYg4oaA77cxO64oO+7JwCwnIzkZPdrrC71jQmQtlhM556pwKo5bUzqvZndkVbeFLIIi+9TC40JNF5hNQ==" + }, + "node_modules/@types/node": { + "version": "18.11.18", + "resolved": "https://registry.npmjs.org/@types/node/-/node-18.11.18.tgz", + "integrity": "sha512-DHQpWGjyQKSHj3ebjFI/wRKcqQcdR+MoFBygntYOZytCqNfkd2ZC4ARDJ2DQqhjH5p85Nnd3jhUJIXrszFX/JA==" + }, + "node_modules/@types/prop-types": { + "version": "15.7.5", + "resolved": "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.5.tgz", + "integrity": "sha512-JCB8C6SnDoQf0cNycqd/35A7MjcnK+ZTqE7judS6o7utxUCg6imJg3QK2qzHKszlTjcj2cn+NwMB2i96ubpj7w==" + }, + "node_modules/@types/react": { + "version": "18.0.26", + "resolved": "https://registry.npmjs.org/@types/react/-/react-18.0.26.tgz", + "integrity": "sha512-hCR3PJQsAIXyxhTNSiDFY//LhnMZWpNNr5etoCqx/iUfGc5gXWtQR2Phl908jVR6uPXacojQWTg4qRpkxTuGug==", + "dependencies": { + "@types/prop-types": "*", + "@types/scheduler": "*", + "csstype": "^3.0.2" + } + }, + "node_modules/@types/react-dom": { + "version": "18.0.10", + "resolved": "https://registry.npmjs.org/@types/react-dom/-/react-dom-18.0.10.tgz", + "integrity": "sha512-E42GW/JA4Qv15wQdqJq8DL4JhNpB3prJgjgapN3qJT9K2zO5IIAQh4VXvCEDupoqAwnz0cY4RlXeC/ajX5SFHg==", + "dependencies": { + "@types/react": "*" + } + }, + "node_modules/@types/scheduler": { + "version": "0.16.2", + "resolved": "https://registry.npmjs.org/@types/scheduler/-/scheduler-0.16.2.tgz", + "integrity": "sha512-hppQEBDmlwhFAXKJX2KnWLYu5yMfi91yazPb2l+lbJiwW+wdo1gNeRA+3RgNSO39WYX2euey41KEwnqesU2Jew==" + }, + "node_modules/@typescript-eslint/parser": { + "version": "5.47.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.47.1.tgz", + "integrity": "sha512-9Vb+KIv29r6GPu4EboWOnQM7T+UjpjXvjCPhNORlgm40a9Ia9bvaPJswvtae1gip2QEeVeGh6YquqAzEgoRAlw==", + "dependencies": { + "@typescript-eslint/scope-manager": "5.47.1", + "@typescript-eslint/types": "5.47.1", + "@typescript-eslint/typescript-estree": "5.47.1", + "debug": "^4.3.4" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependencies": { + "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/@typescript-eslint/scope-manager": { + "version": "5.47.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.47.1.tgz", + "integrity": "sha512-9hsFDsgUwrdOoW1D97Ewog7DYSHaq4WKuNs0LHF9RiCmqB0Z+XRR4Pf7u7u9z/8CciHuJ6yxNws1XznI3ddjEw==", + "dependencies": { + "@typescript-eslint/types": "5.47.1", + "@typescript-eslint/visitor-keys": "5.47.1" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/types": { + "version": "5.47.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.47.1.tgz", + "integrity": "sha512-CmALY9YWXEpwuu6377ybJBZdtSAnzXLSQcxLSqSQSbC7VfpMu/HLVdrnVJj7ycI138EHqocW02LPJErE35cE9A==", + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/@typescript-eslint/typescript-estree": { + "version": "5.47.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.47.1.tgz", + "integrity": "sha512-4+ZhFSuISAvRi2xUszEj0xXbNTHceV9GbH9S8oAD2a/F9SW57aJNQVOCxG8GPfSWH/X4eOPdMEU2jYVuWKEpWA==", + "dependencies": { + "@typescript-eslint/types": "5.47.1", + "@typescript-eslint/visitor-keys": "5.47.1", + "debug": "^4.3.4", + "globby": "^11.1.0", + "is-glob": "^4.0.3", + "semver": "^7.3.7", + "tsutils": "^3.21.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/@typescript-eslint/visitor-keys": { + "version": "5.47.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.47.1.tgz", + "integrity": "sha512-rF3pmut2JCCjh6BLRhNKdYjULMb1brvoaiWDlHfLNVgmnZ0sBVJrs3SyaKE1XoDDnJuAx/hDQryHYmPUuNq0ig==", + "dependencies": { + "@typescript-eslint/types": "5.47.1", + "eslint-visitor-keys": "^3.3.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/typescript-eslint" + } + }, + "node_modules/acorn": { + "version": "8.8.1", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.8.1.tgz", + "integrity": "sha512-7zFpHzhnqYKrkYdUjF1HI1bzd0VygEGX8lFk4k5zVMqHEoES+P+7TKI+EvLO9WVMJ8eekdO0aDEK044xTXwPPA==", + "bin": { + "acorn": "bin/acorn" + }, + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/acorn-jsx": { + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", + "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==", + "peerDependencies": { + "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0" + } + }, + "node_modules/ajv": { + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "dependencies": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/epoberezkin" + } + }, + "node_modules/ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", + "engines": { + "node": ">=8" + } + }, + "node_modules/ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "dependencies": { + "color-convert": "^2.0.1" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/chalk/ansi-styles?sponsor=1" + } + }, + "node_modules/argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==" + }, + "node_modules/aria-query": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/aria-query/-/aria-query-4.2.2.tgz", + "integrity": "sha512-o/HelwhuKpTj/frsOsbNLNgnNGVIFsVP/SW2BSF14gVl7kAfMOJ6/8wUAUvG1R1NHKrfG+2sHZTu0yauT1qBrA==", + "dependencies": { + "@babel/runtime": "^7.10.2", + "@babel/runtime-corejs3": "^7.10.2" + }, + "engines": { + "node": ">=6.0" + } + }, + "node_modules/array-includes": { + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.1.6.tgz", + "integrity": "sha512-sgTbLvL6cNnw24FnbaDyjmvddQ2ML8arZsgaJhoABMoplz/4QRhtrYS+alr1BUM1Bwp6dhx8vVCBSLG+StwOFw==", + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4", + "get-intrinsic": "^1.1.3", + "is-string": "^1.0.7" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/array-union": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==", + "engines": { + "node": ">=8" + } + }, + "node_modules/array.prototype.flat": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/array.prototype.flat/-/array.prototype.flat-1.3.1.tgz", + "integrity": "sha512-roTU0KWIOmJ4DRLmwKd19Otg0/mT3qPNt0Qb3GWW8iObuZXxrjB/pzn0R3hqpRSWg4HCwqx+0vwOnWnvlOyeIA==", + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4", + "es-shim-unscopables": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/array.prototype.flatmap": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/array.prototype.flatmap/-/array.prototype.flatmap-1.3.1.tgz", + "integrity": "sha512-8UGn9O1FDVvMNB0UlLv4voxRMze7+FpHyF5mSMRjWHUMlpoDViniy05870VlxhfgTnLbpuwTzvD76MTtWxB/mQ==", + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4", + "es-shim-unscopables": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/array.prototype.tosorted": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/array.prototype.tosorted/-/array.prototype.tosorted-1.1.1.tgz", + "integrity": "sha512-pZYPXPRl2PqWcsUs6LOMn+1f1532nEoPTYowBtqLwAW+W8vSVhkIGnmOX1t/UQjD6YGI0vcD2B1U7ZFGQH9jnQ==", + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4", + "es-shim-unscopables": "^1.0.0", + "get-intrinsic": "^1.1.3" + } + }, + "node_modules/ast-types-flow": { + "version": "0.0.7", + "resolved": "https://registry.npmjs.org/ast-types-flow/-/ast-types-flow-0.0.7.tgz", + "integrity": "sha512-eBvWn1lvIApYMhzQMsu9ciLfkBY499mFZlNqG+/9WR7PVlroQw0vG30cOQQbaKz3sCEc44TAOu2ykzqXSNnwag==" + }, + "node_modules/axe-core": { + "version": "4.6.1", + "resolved": "https://registry.npmjs.org/axe-core/-/axe-core-4.6.1.tgz", + "integrity": "sha512-lCZN5XRuOnpG4bpMq8v0khrWtUOn+i8lZSb6wHZH56ZfbIEv6XwJV84AAueh9/zi7qPVJ/E4yz6fmsiyOmXR4w==", + "engines": { + "node": ">=4" + } + }, + "node_modules/axobject-query": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/axobject-query/-/axobject-query-2.2.0.tgz", + "integrity": "sha512-Td525n+iPOOyUQIeBfcASuG6uJsDOITl7Mds5gFyerkWiX7qhUTdYUBlSgNMyVqtSJqwpt1kXGLdUt6SykLMRA==" + }, + "node_modules/balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==" + }, + "node_modules/brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/braces": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "dependencies": { + "fill-range": "^7.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/call-bind": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", + "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==", + "dependencies": { + "function-bind": "^1.1.1", + "get-intrinsic": "^1.0.2" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/callsites": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", + "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==", + "engines": { + "node": ">=6" + } + }, + "node_modules/caniuse-lite": { + "version": "1.0.30001441", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001441.tgz", + "integrity": "sha512-OyxRR4Vof59I3yGWXws6i908EtGbMzVUi3ganaZQHmydk1iwDhRnvaPG2WaR0KcqrDFKrxVZHULT396LEPhXfg==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/browserslist" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/caniuse-lite" + } + ] + }, + "node_modules/chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "dependencies": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/chalk/chalk?sponsor=1" + } + }, + "node_modules/client-only": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/client-only/-/client-only-0.0.1.tgz", + "integrity": "sha512-IV3Ou0jSMzZrd3pZ48nLkT9DA7Ag1pnPzaiQhpW7c3RbcqqzvzzVu+L8gfqMp/8IM2MQtSiqaCxrrcfu8I8rMA==" + }, + "node_modules/color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "dependencies": { + "color-name": "~1.1.4" + }, + "engines": { + "node": ">=7.0.0" + } + }, + "node_modules/color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" + }, + "node_modules/concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==" + }, + "node_modules/core-js-pure": { + "version": "3.27.1", + "resolved": "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.27.1.tgz", + "integrity": "sha512-BS2NHgwwUppfeoqOXqi08mUqS5FiZpuRuJJpKsaME7kJz0xxuk0xkhDdfMIlP/zLa80krBqss1LtD7f889heAw==", + "hasInstallScript": true, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/core-js" + } + }, + "node_modules/cross-spawn": { + "version": "7.0.3", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "dependencies": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/csstype": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.1.tgz", + "integrity": "sha512-DJR/VvkAvSZW9bTouZue2sSxDwdTN92uHjqeKVm+0dAqdfNykRzQ95tay8aXMBAAPpUiq4Qcug2L7neoRh2Egw==" + }, + "node_modules/damerau-levenshtein": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/damerau-levenshtein/-/damerau-levenshtein-1.0.8.tgz", + "integrity": "sha512-sdQSFB7+llfUcQHUQO3+B8ERRj0Oa4w9POWMI/puGtuf7gFywGmkaLCElnudfTiKZV+NvHqL0ifzdrI8Ro7ESA==" + }, + "node_modules/debug": { + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", + "dependencies": { + "ms": "2.1.2" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/deep-is": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", + "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==" + }, + "node_modules/define-lazy-prop": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-2.0.0.tgz", + "integrity": "sha512-Ds09qNh8yw3khSjiJjiUInaGX9xlqZDY7JVryGxdxV7NPeuqQfplOpQ66yJFZut3jLa5zOwkXw1g9EI2uKh4Og==", + "engines": { + "node": ">=8" + } + }, + "node_modules/define-properties": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.1.4.tgz", + "integrity": "sha512-uckOqKcfaVvtBdsVkdPv3XjveQJsNQqmhXgRi8uhvWWuPYZCNlzT8qAyblUgNoXdHdjMTzAqeGjAoli8f+bzPA==", + "dependencies": { + "has-property-descriptors": "^1.0.0", + "object-keys": "^1.1.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/dir-glob": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", + "integrity": "sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==", + "dependencies": { + "path-type": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/doctrine": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz", + "integrity": "sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w==", + "dependencies": { + "esutils": "^2.0.2" + }, + "engines": { + "node": ">=6.0.0" + } + }, + "node_modules/emoji-regex": { + "version": "9.2.2", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==" + }, + "node_modules/enhanced-resolve": { + "version": "5.12.0", + "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.12.0.tgz", + "integrity": "sha512-QHTXI/sZQmko1cbDoNAa3mJ5qhWUUNAq3vR0/YiD379fWQrcfuoX1+HW2S0MTt7XmoPLapdaDKUtelUSPic7hQ==", + "dependencies": { + "graceful-fs": "^4.2.4", + "tapable": "^2.2.0" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/es-abstract": { + "version": "1.20.5", + "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.20.5.tgz", + "integrity": "sha512-7h8MM2EQhsCA7pU/Nv78qOXFpD8Rhqd12gYiSJVkrH9+e8VuA8JlPJK/hQjjlLv6pJvx/z1iRFKzYb0XT/RuAQ==", + "dependencies": { + "call-bind": "^1.0.2", + "es-to-primitive": "^1.2.1", + "function-bind": "^1.1.1", + "function.prototype.name": "^1.1.5", + "get-intrinsic": "^1.1.3", + "get-symbol-description": "^1.0.0", + "gopd": "^1.0.1", + "has": "^1.0.3", + "has-property-descriptors": "^1.0.0", + "has-symbols": "^1.0.3", + "internal-slot": "^1.0.3", + "is-callable": "^1.2.7", + "is-negative-zero": "^2.0.2", + "is-regex": "^1.1.4", + "is-shared-array-buffer": "^1.0.2", + "is-string": "^1.0.7", + "is-weakref": "^1.0.2", + "object-inspect": "^1.12.2", + "object-keys": "^1.1.1", + "object.assign": "^4.1.4", + "regexp.prototype.flags": "^1.4.3", + "safe-regex-test": "^1.0.0", + "string.prototype.trimend": "^1.0.6", + "string.prototype.trimstart": "^1.0.6", + "unbox-primitive": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/es-shim-unscopables": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/es-shim-unscopables/-/es-shim-unscopables-1.0.0.tgz", + "integrity": "sha512-Jm6GPcCdC30eMLbZ2x8z2WuRwAws3zTBBKuusffYVUrNj/GVSUAZ+xKMaUpfNDR5IbyNA5LJbaecoUVbmUcB1w==", + "dependencies": { + "has": "^1.0.3" + } + }, + "node_modules/es-to-primitive": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/es-to-primitive/-/es-to-primitive-1.2.1.tgz", + "integrity": "sha512-QCOllgZJtaUo9miYBcLChTUaHNjJF3PYs1VidD7AwiEj1kYxKeQTctLAezAOH5ZKRH0g2IgPn6KwB4IT8iRpvA==", + "dependencies": { + "is-callable": "^1.1.4", + "is-date-object": "^1.0.1", + "is-symbol": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/eslint": { + "version": "8.31.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.31.0.tgz", + "integrity": "sha512-0tQQEVdmPZ1UtUKXjX7EMm9BlgJ08G90IhWh0PKDCb3ZLsgAOHI8fYSIzYVZej92zsgq+ft0FGsxhJ3xo2tbuA==", + "dependencies": { + "@eslint/eslintrc": "^1.4.1", + "@humanwhocodes/config-array": "^0.11.8", + "@humanwhocodes/module-importer": "^1.0.1", + "@nodelib/fs.walk": "^1.2.8", + "ajv": "^6.10.0", + "chalk": "^4.0.0", + "cross-spawn": "^7.0.2", + "debug": "^4.3.2", + "doctrine": "^3.0.0", + "escape-string-regexp": "^4.0.0", + "eslint-scope": "^7.1.1", + "eslint-utils": "^3.0.0", + "eslint-visitor-keys": "^3.3.0", + "espree": "^9.4.0", + "esquery": "^1.4.0", + "esutils": "^2.0.2", + "fast-deep-equal": "^3.1.3", + "file-entry-cache": "^6.0.1", + "find-up": "^5.0.0", + "glob-parent": "^6.0.2", + "globals": "^13.19.0", + "grapheme-splitter": "^1.0.4", + "ignore": "^5.2.0", + "import-fresh": "^3.0.0", + "imurmurhash": "^0.1.4", + "is-glob": "^4.0.0", + "is-path-inside": "^3.0.3", + "js-sdsl": "^4.1.4", + "js-yaml": "^4.1.0", + "json-stable-stringify-without-jsonify": "^1.0.1", + "levn": "^0.4.1", + "lodash.merge": "^4.6.2", + "minimatch": "^3.1.2", + "natural-compare": "^1.4.0", + "optionator": "^0.9.1", + "regexpp": "^3.2.0", + "strip-ansi": "^6.0.1", + "strip-json-comments": "^3.1.0", + "text-table": "^0.2.0" + }, + "bin": { + "eslint": "bin/eslint.js" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/eslint-config-next": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/eslint-config-next/-/eslint-config-next-13.1.1.tgz", + "integrity": "sha512-/5S2XGWlGaiqrRhzpn51ux5JUSLwx8PVK2keLi5xk7QmhfYB8PqE6R6SlVw6hgnf/VexvUXSrlNJ/su00NhtHQ==", + "dependencies": { + "@next/eslint-plugin-next": "13.1.1", + "@rushstack/eslint-patch": "^1.1.3", + "@typescript-eslint/parser": "^5.42.0", + "eslint-import-resolver-node": "^0.3.6", + "eslint-import-resolver-typescript": "^3.5.2", + "eslint-plugin-import": "^2.26.0", + "eslint-plugin-jsx-a11y": "^6.5.1", + "eslint-plugin-react": "^7.31.7", + "eslint-plugin-react-hooks": "^4.5.0" + }, + "peerDependencies": { + "eslint": "^7.23.0 || ^8.0.0", + "typescript": ">=3.3.1" + }, + "peerDependenciesMeta": { + "typescript": { + "optional": true + } + } + }, + "node_modules/eslint-import-resolver-node": { + "version": "0.3.6", + "resolved": "https://registry.npmjs.org/eslint-import-resolver-node/-/eslint-import-resolver-node-0.3.6.tgz", + "integrity": "sha512-0En0w03NRVMn9Uiyn8YRPDKvWjxCWkslUEhGNTdGx15RvPJYQ+lbOlqrlNI2vEAs4pDYK4f/HN2TbDmk5TP0iw==", + "dependencies": { + "debug": "^3.2.7", + "resolve": "^1.20.0" + } + }, + "node_modules/eslint-import-resolver-node/node_modules/debug": { + "version": "3.2.7", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", + "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", + "dependencies": { + "ms": "^2.1.1" + } + }, + "node_modules/eslint-import-resolver-typescript": { + "version": "3.5.2", + "resolved": "https://registry.npmjs.org/eslint-import-resolver-typescript/-/eslint-import-resolver-typescript-3.5.2.tgz", + "integrity": "sha512-zX4ebnnyXiykjhcBvKIf5TNvt8K7yX6bllTRZ14MiurKPjDpCAZujlszTdB8pcNXhZcOf+god4s9SjQa5GnytQ==", + "dependencies": { + "debug": "^4.3.4", + "enhanced-resolve": "^5.10.0", + "get-tsconfig": "^4.2.0", + "globby": "^13.1.2", + "is-core-module": "^2.10.0", + "is-glob": "^4.0.3", + "synckit": "^0.8.4" + }, + "engines": { + "node": "^14.18.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/unts/projects/eslint-import-resolver-ts" + }, + "peerDependencies": { + "eslint": "*", + "eslint-plugin-import": "*" + } + }, + "node_modules/eslint-import-resolver-typescript/node_modules/globby": { + "version": "13.1.3", + "resolved": "https://registry.npmjs.org/globby/-/globby-13.1.3.tgz", + "integrity": "sha512-8krCNHXvlCgHDpegPzleMq07yMYTO2sXKASmZmquEYWEmCx6J5UTRbp5RwMJkTJGtcQ44YpiUYUiN0b9mzy8Bw==", + "dependencies": { + "dir-glob": "^3.0.1", + "fast-glob": "^3.2.11", + "ignore": "^5.2.0", + "merge2": "^1.4.1", + "slash": "^4.0.0" + }, + "engines": { + "node": "^12.20.0 || ^14.13.1 || >=16.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/eslint-import-resolver-typescript/node_modules/slash": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz", + "integrity": "sha512-3dOsAHXXUkQTpOYcoAxLIorMTp4gIQr5IW3iVb7A7lFIp0VHhnynm9izx6TssdrIcVIESAlVjtnO2K8bg+Coew==", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/eslint-module-utils": { + "version": "2.7.4", + "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.7.4.tgz", + "integrity": "sha512-j4GT+rqzCoRKHwURX7pddtIPGySnX9Si/cgMI5ztrcqOPtk5dDEeZ34CQVPphnqkJytlc97Vuk05Um2mJ3gEQA==", + "dependencies": { + "debug": "^3.2.7" + }, + "engines": { + "node": ">=4" + }, + "peerDependenciesMeta": { + "eslint": { + "optional": true + } + } + }, + "node_modules/eslint-module-utils/node_modules/debug": { + "version": "3.2.7", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", + "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", + "dependencies": { + "ms": "^2.1.1" + } + }, + "node_modules/eslint-plugin-import": { + "version": "2.26.0", + "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.26.0.tgz", + "integrity": "sha512-hYfi3FXaM8WPLf4S1cikh/r4IxnO6zrhZbEGz2b660EJRbuxgpDS5gkCuYgGWg2xxh2rBuIr4Pvhve/7c31koA==", + "dependencies": { + "array-includes": "^3.1.4", + "array.prototype.flat": "^1.2.5", + "debug": "^2.6.9", + "doctrine": "^2.1.0", + "eslint-import-resolver-node": "^0.3.6", + "eslint-module-utils": "^2.7.3", + "has": "^1.0.3", + "is-core-module": "^2.8.1", + "is-glob": "^4.0.3", + "minimatch": "^3.1.2", + "object.values": "^1.1.5", + "resolve": "^1.22.0", + "tsconfig-paths": "^3.14.1" + }, + "engines": { + "node": ">=4" + }, + "peerDependencies": { + "eslint": "^2 || ^3 || ^4 || ^5 || ^6 || ^7.2.0 || ^8" + } + }, + "node_modules/eslint-plugin-import/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/eslint-plugin-import/node_modules/doctrine": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz", + "integrity": "sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw==", + "dependencies": { + "esutils": "^2.0.2" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/eslint-plugin-import/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" + }, + "node_modules/eslint-plugin-jsx-a11y": { + "version": "6.6.1", + "resolved": "https://registry.npmjs.org/eslint-plugin-jsx-a11y/-/eslint-plugin-jsx-a11y-6.6.1.tgz", + "integrity": "sha512-sXgFVNHiWffBq23uiS/JaP6eVR622DqwB4yTzKvGZGcPq6/yZ3WmOZfuBks/vHWo9GaFOqC2ZK4i6+C35knx7Q==", + "dependencies": { + "@babel/runtime": "^7.18.9", + "aria-query": "^4.2.2", + "array-includes": "^3.1.5", + "ast-types-flow": "^0.0.7", + "axe-core": "^4.4.3", + "axobject-query": "^2.2.0", + "damerau-levenshtein": "^1.0.8", + "emoji-regex": "^9.2.2", + "has": "^1.0.3", + "jsx-ast-utils": "^3.3.2", + "language-tags": "^1.0.5", + "minimatch": "^3.1.2", + "semver": "^6.3.0" + }, + "engines": { + "node": ">=4.0" + }, + "peerDependencies": { + "eslint": "^3 || ^4 || ^5 || ^6 || ^7 || ^8" + } + }, + "node_modules/eslint-plugin-jsx-a11y/node_modules/semver": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", + "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/eslint-plugin-react": { + "version": "7.31.11", + "resolved": "https://registry.npmjs.org/eslint-plugin-react/-/eslint-plugin-react-7.31.11.tgz", + "integrity": "sha512-TTvq5JsT5v56wPa9OYHzsrOlHzKZKjV+aLgS+55NJP/cuzdiQPC7PfYoUjMoxlffKtvijpk7vA/jmuqRb9nohw==", + "dependencies": { + "array-includes": "^3.1.6", + "array.prototype.flatmap": "^1.3.1", + "array.prototype.tosorted": "^1.1.1", + "doctrine": "^2.1.0", + "estraverse": "^5.3.0", + "jsx-ast-utils": "^2.4.1 || ^3.0.0", + "minimatch": "^3.1.2", + "object.entries": "^1.1.6", + "object.fromentries": "^2.0.6", + "object.hasown": "^1.1.2", + "object.values": "^1.1.6", + "prop-types": "^15.8.1", + "resolve": "^2.0.0-next.3", + "semver": "^6.3.0", + "string.prototype.matchall": "^4.0.8" + }, + "engines": { + "node": ">=4" + }, + "peerDependencies": { + "eslint": "^3 || ^4 || ^5 || ^6 || ^7 || ^8" + } + }, + "node_modules/eslint-plugin-react-hooks": { + "version": "4.6.0", + "resolved": "https://registry.npmjs.org/eslint-plugin-react-hooks/-/eslint-plugin-react-hooks-4.6.0.tgz", + "integrity": "sha512-oFc7Itz9Qxh2x4gNHStv3BqJq54ExXmfC+a1NjAta66IAN87Wu0R/QArgIS9qKzX3dXKPI9H5crl9QchNMY9+g==", + "engines": { + "node": ">=10" + }, + "peerDependencies": { + "eslint": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0" + } + }, + "node_modules/eslint-plugin-react/node_modules/doctrine": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz", + "integrity": "sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw==", + "dependencies": { + "esutils": "^2.0.2" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/eslint-plugin-react/node_modules/resolve": { + "version": "2.0.0-next.4", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-2.0.0-next.4.tgz", + "integrity": "sha512-iMDbmAWtfU+MHpxt/I5iWI7cY6YVEZUQ3MBgPQ++XD1PELuJHIl82xBmObyP2KyQmkNB2dsqF7seoQQiAn5yDQ==", + "dependencies": { + "is-core-module": "^2.9.0", + "path-parse": "^1.0.7", + "supports-preserve-symlinks-flag": "^1.0.0" + }, + "bin": { + "resolve": "bin/resolve" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/eslint-plugin-react/node_modules/semver": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", + "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==", + "bin": { + "semver": "bin/semver.js" + } + }, + "node_modules/eslint-scope": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.1.1.tgz", + "integrity": "sha512-QKQM/UXpIiHcLqJ5AOyIW7XZmzjkzQXYE54n1++wb0u9V/abW3l9uQnxX8Z5Xd18xyKIMTUAyQ0k1e8pz6LUrw==", + "dependencies": { + "esrecurse": "^4.3.0", + "estraverse": "^5.2.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + } + }, + "node_modules/eslint-utils": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", + "integrity": "sha512-uuQC43IGctw68pJA1RgbQS8/NP7rch6Cwd4j3ZBtgo4/8Flj4eGE7ZYSZRN3iq5pVUv6GPdW5Z1RFleo84uLDA==", + "dependencies": { + "eslint-visitor-keys": "^2.0.0" + }, + "engines": { + "node": "^10.0.0 || ^12.0.0 || >= 14.0.0" + }, + "funding": { + "url": "https://github.com/sponsors/mysticatea" + }, + "peerDependencies": { + "eslint": ">=5" + } + }, + "node_modules/eslint-utils/node_modules/eslint-visitor-keys": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "integrity": "sha512-0rSmRBzXgDzIsD6mGdJgevzgezI534Cer5L/vyMX0kHzT/jiB43jRhd9YUlMGYLQy2zprNmoT8qasCGtY+QaKw==", + "engines": { + "node": ">=10" + } + }, + "node_modules/eslint-visitor-keys": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.3.0.tgz", + "integrity": "sha512-mQ+suqKJVyeuwGYHAdjMFqjCyfl8+Ldnxuyp3ldiMBFKkvytrXUZWaiPCEav8qDHKty44bD+qV1IP4T+w+xXRA==", + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + } + }, + "node_modules/espree": { + "version": "9.4.1", + "resolved": "https://registry.npmjs.org/espree/-/espree-9.4.1.tgz", + "integrity": "sha512-XwctdmTO6SIvCzd9810yyNzIrOrqNYV9Koizx4C/mRhf9uq0o4yHoCEU/670pOxOL/MSraektvSAji79kX90Vg==", + "dependencies": { + "acorn": "^8.8.0", + "acorn-jsx": "^5.3.2", + "eslint-visitor-keys": "^3.3.0" + }, + "engines": { + "node": "^12.22.0 || ^14.17.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/eslint" + } + }, + "node_modules/esquery": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.4.0.tgz", + "integrity": "sha512-cCDispWt5vHHtwMY2YrAQ4ibFkAL8RbH5YGBnZBc90MolvvfkkQcJro/aZiAQUlQ3qgrYS6D6v8Gc5G5CQsc9w==", + "dependencies": { + "estraverse": "^5.1.0" + }, + "engines": { + "node": ">=0.10" + } + }, + "node_modules/esrecurse": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "integrity": "sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==", + "dependencies": { + "estraverse": "^5.2.0" + }, + "engines": { + "node": ">=4.0" + } + }, + "node_modules/estraverse": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", + "engines": { + "node": ">=4.0" + } + }, + "node_modules/esutils": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/fast-deep-equal": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==" + }, + "node_modules/fast-glob": { + "version": "3.2.12", + "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.2.12.tgz", + "integrity": "sha512-DVj4CQIYYow0BlaelwK1pHl5n5cRSJfM60UA0zK891sVInoPri2Ekj7+e1CT3/3qxXenpI+nBBmQAcJPJgaj4w==", + "dependencies": { + "@nodelib/fs.stat": "^2.0.2", + "@nodelib/fs.walk": "^1.2.3", + "glob-parent": "^5.1.2", + "merge2": "^1.3.0", + "micromatch": "^4.0.4" + }, + "engines": { + "node": ">=8.6.0" + } + }, + "node_modules/fast-glob/node_modules/glob-parent": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "dependencies": { + "is-glob": "^4.0.1" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/fast-json-stable-stringify": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==" + }, + "node_modules/fast-levenshtein": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", + "integrity": "sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==" + }, + "node_modules/fastq": { + "version": "1.15.0", + "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.15.0.tgz", + "integrity": "sha512-wBrocU2LCXXa+lWBt8RoIRD89Fi8OdABODa/kEnyeyjS5aZO5/GNvI5sEINADqP/h8M29UHTHUb53sUu5Ihqdw==", + "dependencies": { + "reusify": "^1.0.4" + } + }, + "node_modules/file-entry-cache": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-6.0.1.tgz", + "integrity": "sha512-7Gps/XWymbLk2QLYK4NzpMOrYjMhdIxXuIvy2QBsLE6ljuodKvdkWs/cpyJJ3CVIVpH0Oi1Hvg1ovbMzLdFBBg==", + "dependencies": { + "flat-cache": "^3.0.4" + }, + "engines": { + "node": "^10.12.0 || >=12.0.0" + } + }, + "node_modules/fill-range": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/find-up": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", + "dependencies": { + "locate-path": "^6.0.0", + "path-exists": "^4.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/flat-cache": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-3.0.4.tgz", + "integrity": "sha512-dm9s5Pw7Jc0GvMYbshN6zchCA9RgQlzzEZX3vylR9IqFfS8XciblUXOKfW6SiuJ0e13eDYZoZV5wdrev7P3Nwg==", + "dependencies": { + "flatted": "^3.1.0", + "rimraf": "^3.0.2" + }, + "engines": { + "node": "^10.12.0 || >=12.0.0" + } + }, + "node_modules/flatted": { + "version": "3.2.7", + "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.2.7.tgz", + "integrity": "sha512-5nqDSxl8nn5BSNxyR3n4I6eDmbolI6WT+QqR547RwxQapgjQBmtktdP+HTBb/a/zLsbzERTONyUB5pefh5TtjQ==" + }, + "node_modules/fs.realpath": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==" + }, + "node_modules/function-bind": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", + "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==" + }, + "node_modules/function.prototype.name": { + "version": "1.1.5", + "resolved": "https://registry.npmjs.org/function.prototype.name/-/function.prototype.name-1.1.5.tgz", + "integrity": "sha512-uN7m/BzVKQnCUF/iW8jYea67v++2u7m5UgENbHRtdDVclOUP+FMPlCNdmk0h/ysGyo2tavMJEDqJAkJdRa1vMA==", + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.3", + "es-abstract": "^1.19.0", + "functions-have-names": "^1.2.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/functions-have-names": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/functions-have-names/-/functions-have-names-1.2.3.tgz", + "integrity": "sha512-xckBUXyTIqT97tq2x2AMb+g163b5JFysYk0x4qxNFwbfQkmNZoiRHb6sPzI9/QV33WeuvVYBUIiD4NzNIyqaRQ==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-intrinsic": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.1.3.tgz", + "integrity": "sha512-QJVz1Tj7MS099PevUG5jvnt9tSkXN8K14dxQlikJuPt4uD9hHAHjLyLBiLR5zELelBdD9QNRAXZzsJx0WaDL9A==", + "dependencies": { + "function-bind": "^1.1.1", + "has": "^1.0.3", + "has-symbols": "^1.0.3" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-symbol-description": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/get-symbol-description/-/get-symbol-description-1.0.0.tgz", + "integrity": "sha512-2EmdH1YvIQiZpltCNgkuiUnyukzxM/R6NDJX31Ke3BG1Nq5b0S2PhX59UKi9vZpPDQVdqn+1IcaAwnzTT5vCjw==", + "dependencies": { + "call-bind": "^1.0.2", + "get-intrinsic": "^1.1.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-tsconfig": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/get-tsconfig/-/get-tsconfig-4.3.0.tgz", + "integrity": "sha512-YCcF28IqSay3fqpIu5y3Krg/utCBHBeoflkZyHj/QcqI2nrLPC3ZegS9CmIo+hJb8K7aiGsuUl7PwWVjNG2HQQ==", + "funding": { + "url": "https://github.com/privatenumber/get-tsconfig?sponsor=1" + } + }, + "node_modules/glob": { + "version": "7.1.7", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.7.tgz", + "integrity": "sha512-OvD9ENzPLbegENnYP5UUfJIirTg4+XwMWGaQfQTY0JenxNvvIKP3U3/tAQSPIu/lHxXYSZmpXlUHeqAIdKzBLQ==", + "dependencies": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.0.4", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + }, + "engines": { + "node": "*" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/glob-parent": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==", + "dependencies": { + "is-glob": "^4.0.3" + }, + "engines": { + "node": ">=10.13.0" + } + }, + "node_modules/globals": { + "version": "13.19.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-13.19.0.tgz", + "integrity": "sha512-dkQ957uSRWHw7CFXLUtUHQI3g3aWApYhfNR2O6jn/907riyTYKVBmxYVROkBcY614FSSeSJh7Xm7SrUWCxvJMQ==", + "dependencies": { + "type-fest": "^0.20.2" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/globalyzer": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/globalyzer/-/globalyzer-0.1.0.tgz", + "integrity": "sha512-40oNTM9UfG6aBmuKxk/giHn5nQ8RVz/SS4Ir6zgzOv9/qC3kKZ9v4etGTcJbEl/NyVQH7FGU7d+X1egr57Md2Q==" + }, + "node_modules/globby": { + "version": "11.1.0", + "resolved": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz", + "integrity": "sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g==", + "dependencies": { + "array-union": "^2.1.0", + "dir-glob": "^3.0.1", + "fast-glob": "^3.2.9", + "ignore": "^5.2.0", + "merge2": "^1.4.1", + "slash": "^3.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/globrex": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/globrex/-/globrex-0.1.2.tgz", + "integrity": "sha512-uHJgbwAMwNFf5mLst7IWLNg14x1CkeqglJb/K3doi4dw6q2IvAAmM/Y81kevy83wP+Sst+nutFTYOGg3d1lsxg==" + }, + "node_modules/gopd": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", + "integrity": "sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==", + "dependencies": { + "get-intrinsic": "^1.1.3" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/graceful-fs": { + "version": "4.2.10", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz", + "integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==" + }, + "node_modules/grapheme-splitter": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/grapheme-splitter/-/grapheme-splitter-1.0.4.tgz", + "integrity": "sha512-bzh50DW9kTPM00T8y4o8vQg89Di9oLJVLW/KaOGIXJWP/iqCN6WKYkbNOF04vFLJhwcpYUh9ydh/+5vpOqV4YQ==" + }, + "node_modules/has": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", + "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", + "dependencies": { + "function-bind": "^1.1.1" + }, + "engines": { + "node": ">= 0.4.0" + } + }, + "node_modules/has-bigints": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-bigints/-/has-bigints-1.0.2.tgz", + "integrity": "sha512-tSvCKtBr9lkF0Ex0aQiP9N+OpV4zi2r/Nee5VkRDbaqv35RLYMzbwQfFSZZH0kR+Rd6302UJZ2p/bJCEoR3VoQ==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", + "engines": { + "node": ">=8" + } + }, + "node_modules/has-property-descriptors": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.0.tgz", + "integrity": "sha512-62DVLZGoiEBDHQyqG4w9xCuZ7eJEwNmJRWw2VY84Oedb7WFcA27fiEVe8oUQx9hAUJ4ekurquucTGwsyO1XGdQ==", + "dependencies": { + "get-intrinsic": "^1.1.1" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-symbols": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", + "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-tostringtag": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.0.tgz", + "integrity": "sha512-kFjcSNhnlGV1kyoGk7OXKSawH5JOb/LzUc5w9B02hOTO0dfFRjbHQKvg1d6cf3HbeUmtU9VbbV3qzZ2Teh97WQ==", + "dependencies": { + "has-symbols": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/ignore": { + "version": "5.2.4", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.4.tgz", + "integrity": "sha512-MAb38BcSbH0eHNBxn7ql2NH/kX33OkB3lZ1BNdh7ENeRChHTYsTvWrMubiIAMNS2llXEEgZ1MUOBtXChP3kaFQ==", + "engines": { + "node": ">= 4" + } + }, + "node_modules/import-fresh": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz", + "integrity": "sha512-veYYhQa+D1QBKznvhUHxb8faxlrwUnxseDAbAp457E0wLNio2bOSKnjYDhMj+YiAq61xrMGhQk9iXVk5FzgQMw==", + "dependencies": { + "parent-module": "^1.0.0", + "resolve-from": "^4.0.0" + }, + "engines": { + "node": ">=6" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/imurmurhash": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", + "integrity": "sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==", + "engines": { + "node": ">=0.8.19" + } + }, + "node_modules/inflight": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==", + "dependencies": { + "once": "^1.3.0", + "wrappy": "1" + } + }, + "node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" + }, + "node_modules/internal-slot": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/internal-slot/-/internal-slot-1.0.4.tgz", + "integrity": "sha512-tA8URYccNzMo94s5MQZgH8NB/XTa6HsOo0MLfXTKKEnHVVdegzaQoFZ7Jp44bdvLvY2waT5dc+j5ICEswhi7UQ==", + "dependencies": { + "get-intrinsic": "^1.1.3", + "has": "^1.0.3", + "side-channel": "^1.0.4" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/is-bigint": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/is-bigint/-/is-bigint-1.0.4.tgz", + "integrity": "sha512-zB9CruMamjym81i2JZ3UMn54PKGsQzsJeo6xvN3HJJ4CAsQNB6iRutp2To77OfCNuoxspsIhzaPoO1zyCEhFOg==", + "dependencies": { + "has-bigints": "^1.0.1" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-boolean-object": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/is-boolean-object/-/is-boolean-object-1.1.2.tgz", + "integrity": "sha512-gDYaKHJmnj4aWxyj6YHyXVpdQawtVLHU5cb+eztPGczf6cjuTdwve5ZIEfgXqH4e57An1D1AKf8CZ3kYrQRqYA==", + "dependencies": { + "call-bind": "^1.0.2", + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-callable": { + "version": "1.2.7", + "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.2.7.tgz", + "integrity": "sha512-1BC0BVFhS/p0qtw6enp8e+8OD0UrK0oFLztSjNzhcKA3WDuJxxAPXzPuPtKkjEY9UUoEWlX/8fgKeu2S8i9JTA==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-core-module": { + "version": "2.11.0", + "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.11.0.tgz", + "integrity": "sha512-RRjxlvLDkD1YJwDbroBHMb+cukurkDWNyHx7D3oNB5x9rb5ogcksMC5wHCadcXoo67gVr/+3GFySh3134zi6rw==", + "dependencies": { + "has": "^1.0.3" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-date-object": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.5.tgz", + "integrity": "sha512-9YQaSxsAiSwcvS33MBk3wTCVnWK+HhF8VZR2jRxehM16QcVOdHqPn4VPHmRK4lSr38n9JriurInLcP90xsYNfQ==", + "dependencies": { + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-docker": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", + "integrity": "sha512-F+i2BKsFrH66iaUFc0woD8sLy8getkwTwtOBjvs56Cx4CgJDeKQeqfz8wAYiSb8JOprWhHH5p77PbmYCvvUuXQ==", + "bin": { + "is-docker": "cli.js" + }, + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-glob": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", + "dependencies": { + "is-extglob": "^2.1.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-negative-zero": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/is-negative-zero/-/is-negative-zero-2.0.2.tgz", + "integrity": "sha512-dqJvarLawXsFbNDeJW7zAz8ItJ9cd28YufuuFzh0G8pNHjJMnY08Dv7sYX2uF5UpQOwieAeOExEYAWWfu7ZZUA==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "engines": { + "node": ">=0.12.0" + } + }, + "node_modules/is-number-object": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/is-number-object/-/is-number-object-1.0.7.tgz", + "integrity": "sha512-k1U0IRzLMo7ZlYIfzRu23Oh6MiIFasgpb9X76eqfFZAqwH44UI4KTBvBYIZ1dSL9ZzChTB9ShHfLkR4pdW5krQ==", + "dependencies": { + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-path-inside": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", + "integrity": "sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==", + "engines": { + "node": ">=8" + } + }, + "node_modules/is-regex": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.1.4.tgz", + "integrity": "sha512-kvRdxDsxZjhzUX07ZnLydzS1TU/TJlTUHHY4YLL87e37oUA49DfkLqgy+VjFocowy29cKvcSiu+kIv728jTTVg==", + "dependencies": { + "call-bind": "^1.0.2", + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-shared-array-buffer": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/is-shared-array-buffer/-/is-shared-array-buffer-1.0.2.tgz", + "integrity": "sha512-sqN2UDu1/0y6uvXyStCOzyhAjCSlHceFoMKJW8W9EU9cvic/QdsZ0kEU93HEy3IUEFZIiH/3w+AH/UQbPHNdhA==", + "dependencies": { + "call-bind": "^1.0.2" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-string": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/is-string/-/is-string-1.0.7.tgz", + "integrity": "sha512-tE2UXzivje6ofPW7l23cjDOMa09gb7xlAqG6jG5ej6uPV32TlWP3NKPigtaGeHNu9fohccRYvIiZMfOOnOYUtg==", + "dependencies": { + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-symbol": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/is-symbol/-/is-symbol-1.0.4.tgz", + "integrity": "sha512-C/CPBqKWnvdcxqIARxyOh4v1UUEOCHpgDa0WYgpKDFMszcrPcffg5uhwSgPCLD2WWxmq6isisz87tzT01tuGhg==", + "dependencies": { + "has-symbols": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-weakref": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/is-weakref/-/is-weakref-1.0.2.tgz", + "integrity": "sha512-qctsuLZmIQ0+vSSMfoVvyFe2+GSEvnmZ2ezTup1SBse9+twCCeial6EEi3Nc2KFcf6+qz2FBPnjXsk8xhKSaPQ==", + "dependencies": { + "call-bind": "^1.0.2" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-wsl": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", + "integrity": "sha512-fKzAra0rGJUUBwGBgNkHZuToZcn+TtXHpeCgmkMJMMYx1sQDYaCSyjJBSCa2nH1DGm7s3n1oBnohoVTBaN7Lww==", + "dependencies": { + "is-docker": "^2.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==" + }, + "node_modules/js-sdsl": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/js-sdsl/-/js-sdsl-4.2.0.tgz", + "integrity": "sha512-dyBIzQBDkCqCu+0upx25Y2jGdbTGxE9fshMsCdK0ViOongpV+n5tXRcZY9v7CaVQ79AGS9KA1KHtojxiM7aXSQ==", + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/js-sdsl" + } + }, + "node_modules/js-tokens": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==" + }, + "node_modules/js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "dependencies": { + "argparse": "^2.0.1" + }, + "bin": { + "js-yaml": "bin/js-yaml.js" + } + }, + "node_modules/json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==" + }, + "node_modules/json-stable-stringify-without-jsonify": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", + "integrity": "sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==" + }, + "node_modules/json5": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", + "integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==", + "dependencies": { + "minimist": "^1.2.0" + }, + "bin": { + "json5": "lib/cli.js" + } + }, + "node_modules/jsx-ast-utils": { + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/jsx-ast-utils/-/jsx-ast-utils-3.3.3.tgz", + "integrity": "sha512-fYQHZTZ8jSfmWZ0iyzfwiU4WDX4HpHbMCZ3gPlWYiCl3BoeOTsqKBqnTVfH2rYT7eP5c3sVbeSPHnnJOaTrWiw==", + "dependencies": { + "array-includes": "^3.1.5", + "object.assign": "^4.1.3" + }, + "engines": { + "node": ">=4.0" + } + }, + "node_modules/language-subtag-registry": { + "version": "0.3.22", + "resolved": "https://registry.npmjs.org/language-subtag-registry/-/language-subtag-registry-0.3.22.tgz", + "integrity": "sha512-tN0MCzyWnoz/4nHS6uxdlFWoUZT7ABptwKPQ52Ea7URk6vll88bWBVhodtnlfEuCcKWNGoc+uGbw1cwa9IKh/w==" + }, + "node_modules/language-tags": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/language-tags/-/language-tags-1.0.7.tgz", + "integrity": "sha512-bSytju1/657hFjgUzPAPqszxH62ouE8nQFoFaVlIQfne4wO/wXC9A4+m8jYve7YBBvi59eq0SUpcshvG8h5Usw==", + "dependencies": { + "language-subtag-registry": "^0.3.20" + } + }, + "node_modules/levn": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", + "integrity": "sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==", + "dependencies": { + "prelude-ls": "^1.2.1", + "type-check": "~0.4.0" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/locate-path": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", + "dependencies": { + "p-locate": "^5.0.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/lodash.merge": { + "version": "4.6.2", + "resolved": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", + "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==" + }, + "node_modules/loose-envify": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz", + "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==", + "dependencies": { + "js-tokens": "^3.0.0 || ^4.0.0" + }, + "bin": { + "loose-envify": "cli.js" + } + }, + "node_modules/lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "dependencies": { + "yallist": "^4.0.0" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/merge2": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==", + "engines": { + "node": ">= 8" + } + }, + "node_modules/micromatch": { + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", + "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==", + "dependencies": { + "braces": "^3.0.2", + "picomatch": "^2.3.1" + }, + "engines": { + "node": ">=8.6" + } + }, + "node_modules/minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/minimist": { + "version": "1.2.7", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.7.tgz", + "integrity": "sha512-bzfL1YUZsP41gmu/qjrEk0Q6i2ix/cVeAhbCbqH9u3zYutS1cLg00qhrD0M2MVdCcx4Sc0UpP2eBWo9rotpq6g==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" + }, + "node_modules/nanoid": { + "version": "3.3.4", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz", + "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==", + "bin": { + "nanoid": "bin/nanoid.cjs" + }, + "engines": { + "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" + } + }, + "node_modules/natural-compare": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", + "integrity": "sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==" + }, + "node_modules/next": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/next/-/next-13.1.1.tgz", + "integrity": "sha512-R5eBAaIa3X7LJeYvv1bMdGnAVF4fVToEjim7MkflceFPuANY3YyvFxXee/A+acrSYwYPvOvf7f6v/BM/48ea5w==", + "dependencies": { + "@next/env": "13.1.1", + "@swc/helpers": "0.4.14", + "caniuse-lite": "^1.0.30001406", + "postcss": "8.4.14", + "styled-jsx": "5.1.1" + }, + "bin": { + "next": "dist/bin/next" + }, + "engines": { + "node": ">=14.6.0" + }, + "optionalDependencies": { + "@next/swc-android-arm-eabi": "13.1.1", + "@next/swc-android-arm64": "13.1.1", + "@next/swc-darwin-arm64": "13.1.1", + "@next/swc-darwin-x64": "13.1.1", + "@next/swc-freebsd-x64": "13.1.1", + "@next/swc-linux-arm-gnueabihf": "13.1.1", + "@next/swc-linux-arm64-gnu": "13.1.1", + "@next/swc-linux-arm64-musl": "13.1.1", + "@next/swc-linux-x64-gnu": "13.1.1", + "@next/swc-linux-x64-musl": "13.1.1", + "@next/swc-win32-arm64-msvc": "13.1.1", + "@next/swc-win32-ia32-msvc": "13.1.1", + "@next/swc-win32-x64-msvc": "13.1.1" + }, + "peerDependencies": { + "fibers": ">= 3.1.0", + "node-sass": "^6.0.0 || ^7.0.0", + "react": "^18.2.0", + "react-dom": "^18.2.0", + "sass": "^1.3.0" + }, + "peerDependenciesMeta": { + "fibers": { + "optional": true + }, + "node-sass": { + "optional": true + }, + "sass": { + "optional": true + } + } + }, + "node_modules/object-assign": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/object-inspect": { + "version": "1.12.2", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.2.tgz", + "integrity": "sha512-z+cPxW0QGUp0mcqcsgQyLVRDoXFQbXOwBaqyF7VIgI4TWNQsDHrBpUQslRmIfAoYWdYzs6UlKJtB2XJpTaNSpQ==", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/object-keys": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.1.1.tgz", + "integrity": "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/object.assign": { + "version": "4.1.4", + "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.4.tgz", + "integrity": "sha512-1mxKf0e58bvyjSCtKYY4sRe9itRk3PJpquJOjeIkz885CczcI4IvJJDLPS72oowuSh+pBxUFROpX+TU++hxhZQ==", + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "has-symbols": "^1.0.3", + "object-keys": "^1.1.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/object.entries": { + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/object.entries/-/object.entries-1.1.6.tgz", + "integrity": "sha512-leTPzo4Zvg3pmbQ3rDK69Rl8GQvIqMWubrkxONG9/ojtFE2rD9fjMKfSI5BxW3osRH1m6VdzmqK8oAY9aT4x5w==", + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/object.fromentries": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/object.fromentries/-/object.fromentries-2.0.6.tgz", + "integrity": "sha512-VciD13dswC4j1Xt5394WR4MzmAQmlgN72phd/riNp9vtD7tp4QQWJ0R4wvclXcafgcYK8veHRed2W6XeGBvcfg==", + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/object.hasown": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/object.hasown/-/object.hasown-1.1.2.tgz", + "integrity": "sha512-B5UIT3J1W+WuWIU55h0mjlwaqxiE5vYENJXIXZ4VFe05pNYrkKuK0U/6aFcb0pKywYJh7IhfoqUfKVmrJJHZHw==", + "dependencies": { + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/object.values": { + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/object.values/-/object.values-1.1.6.tgz", + "integrity": "sha512-FVVTkD1vENCsAcwNs9k6jea2uHC/X0+JcjG8YA60FN5CMaJmG95wT9jek/xX9nornqGRrBkKtzuAu2wuHpKqvw==", + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", + "dependencies": { + "wrappy": "1" + } + }, + "node_modules/open": { + "version": "8.4.0", + "resolved": "https://registry.npmjs.org/open/-/open-8.4.0.tgz", + "integrity": "sha512-XgFPPM+B28FtCCgSb9I+s9szOC1vZRSwgWsRUA5ylIxRTgKozqjOCrVOqGsYABPYK5qnfqClxZTFBa8PKt2v6Q==", + "dependencies": { + "define-lazy-prop": "^2.0.0", + "is-docker": "^2.1.1", + "is-wsl": "^2.2.0" + }, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/optionator": { + "version": "0.9.1", + "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.1.tgz", + "integrity": "sha512-74RlY5FCnhq4jRxVUPKDaRwrVNXMqsGsiW6AJw4XK8hmtm10wC0ypZBLw5IIp85NZMr91+qd1RvvENwg7jjRFw==", + "dependencies": { + "deep-is": "^0.1.3", + "fast-levenshtein": "^2.0.6", + "levn": "^0.4.1", + "prelude-ls": "^1.2.1", + "type-check": "^0.4.0", + "word-wrap": "^1.2.3" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/p-limit": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", + "dependencies": { + "yocto-queue": "^0.1.0" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/p-locate": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", + "dependencies": { + "p-limit": "^3.0.2" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/parent-module": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", + "integrity": "sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==", + "dependencies": { + "callsites": "^3.0.0" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/path-exists": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", + "engines": { + "node": ">=8" + } + }, + "node_modules/path-is-absolute": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/path-key": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", + "engines": { + "node": ">=8" + } + }, + "node_modules/path-parse": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==" + }, + "node_modules/path-type": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", + "integrity": "sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==", + "engines": { + "node": ">=8" + } + }, + "node_modules/picocolors": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", + "integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==" + }, + "node_modules/picomatch": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/postcss": { + "version": "8.4.14", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.14.tgz", + "integrity": "sha512-E398TUmfAYFPBSdzgeieK2Y1+1cpdxJx8yXbK/m57nRhKSmk1GB2tO4lbLBtlkfPQTDKfe4Xqv1ASWPpayPEig==", + "funding": [ + { + "type": "opencollective", + "url": "https://opencollective.com/postcss/" + }, + { + "type": "tidelift", + "url": "https://tidelift.com/funding/github/npm/postcss" + } + ], + "dependencies": { + "nanoid": "^3.3.4", + "picocolors": "^1.0.0", + "source-map-js": "^1.0.2" + }, + "engines": { + "node": "^10 || ^12 || >=14" + } + }, + "node_modules/prelude-ls": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", + "integrity": "sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==", + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/prop-types": { + "version": "15.8.1", + "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz", + "integrity": "sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg==", + "dependencies": { + "loose-envify": "^1.4.0", + "object-assign": "^4.1.1", + "react-is": "^16.13.1" + } + }, + "node_modules/punycode": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", + "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==", + "engines": { + "node": ">=6" + } + }, + "node_modules/queue-microtask": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] + }, + "node_modules/react": { + "version": "18.2.0", + "resolved": "https://registry.npmjs.org/react/-/react-18.2.0.tgz", + "integrity": "sha512-/3IjMdb2L9QbBdWiW5e3P2/npwMBaU9mHCSCUzNln0ZCYbcfTsGbTJrU/kGemdH2IWmB2ioZ+zkxtmq6g09fGQ==", + "dependencies": { + "loose-envify": "^1.1.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/react-dom": { + "version": "18.2.0", + "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-18.2.0.tgz", + "integrity": "sha512-6IMTriUmvsjHUjNtEDudZfuDQUoWXVxKHhlEGSk81n4YFS+r/Kl99wXiwlVXtPBtJenozv2P+hxDsw9eA7Xo6g==", + "dependencies": { + "loose-envify": "^1.1.0", + "scheduler": "^0.23.0" + }, + "peerDependencies": { + "react": "^18.2.0" + } + }, + "node_modules/react-is": { + "version": "16.13.1", + "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz", + "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==" + }, + "node_modules/regenerator-runtime": { + "version": "0.13.11", + "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.13.11.tgz", + "integrity": "sha512-kY1AZVr2Ra+t+piVaJ4gxaFaReZVH40AKNo7UCX6W+dEwBo/2oZJzqfuN1qLq1oL45o56cPaTXELwrTh8Fpggg==" + }, + "node_modules/regexp.prototype.flags": { + "version": "1.4.3", + "resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.4.3.tgz", + "integrity": "sha512-fjggEOO3slI6Wvgjwflkc4NFRCTZAu5CnNfBd5qOMYhWdn67nJBBu34/TkD++eeFmd8C9r9jfXJ27+nSiRkSUA==", + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.3", + "functions-have-names": "^1.2.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/regexpp": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/regexpp/-/regexpp-3.2.0.tgz", + "integrity": "sha512-pq2bWo9mVD43nbts2wGv17XLiNLya+GklZ8kaDLV2Z08gDCsGpnKn9BFMepvWuHCbyVvY7J5o5+BVvoQbmlJLg==", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/mysticatea" + } + }, + "node_modules/resolve": { + "version": "1.22.1", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.1.tgz", + "integrity": "sha512-nBpuuYuY5jFsli/JIs1oldw6fOQCBioohqWZg/2hiaOybXOft4lonv85uDOKXdf8rhyK159cxU5cDcK/NKk8zw==", + "dependencies": { + "is-core-module": "^2.9.0", + "path-parse": "^1.0.7", + "supports-preserve-symlinks-flag": "^1.0.0" + }, + "bin": { + "resolve": "bin/resolve" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/resolve-from": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", + "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==", + "engines": { + "node": ">=4" + } + }, + "node_modules/reusify": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", + "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==", + "engines": { + "iojs": ">=1.0.0", + "node": ">=0.10.0" + } + }, + "node_modules/rimraf": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", + "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==", + "dependencies": { + "glob": "^7.1.3" + }, + "bin": { + "rimraf": "bin.js" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, + "node_modules/run-parallel": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "dependencies": { + "queue-microtask": "^1.2.2" + } + }, + "node_modules/safe-regex-test": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/safe-regex-test/-/safe-regex-test-1.0.0.tgz", + "integrity": "sha512-JBUUzyOgEwXQY1NuPtvcj/qcBDbDmEvWufhlnXZIm75DEHp+afM1r1ujJpJsV/gSM4t59tpDyPi1sd6ZaPFfsA==", + "dependencies": { + "call-bind": "^1.0.2", + "get-intrinsic": "^1.1.3", + "is-regex": "^1.1.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/scheduler": { + "version": "0.23.0", + "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.23.0.tgz", + "integrity": "sha512-CtuThmgHNg7zIZWAXi3AsyIzA3n4xx7aNyjwC2VJldO2LMVDhFK+63xGqq6CsJH4rTAt6/M+N4GhZiDYPx9eUw==", + "dependencies": { + "loose-envify": "^1.1.0" + } + }, + "node_modules/semver": { + "version": "7.3.8", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz", + "integrity": "sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==", + "dependencies": { + "lru-cache": "^6.0.0" + }, + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/shebang-command": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", + "dependencies": { + "shebang-regex": "^3.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/shebang-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", + "engines": { + "node": ">=8" + } + }, + "node_modules/side-channel": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz", + "integrity": "sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==", + "dependencies": { + "call-bind": "^1.0.0", + "get-intrinsic": "^1.0.2", + "object-inspect": "^1.9.0" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/slash": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==", + "engines": { + "node": ">=8" + } + }, + "node_modules/source-map-js": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.0.2.tgz", + "integrity": "sha512-R0XvVJ9WusLiqTCEiGCmICCMplcCkIwwR11mOSD9CR5u+IXYdiseeEuXCVAjS54zqwkLcPNnmU4OeJ6tUrWhDw==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/string.prototype.matchall": { + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/string.prototype.matchall/-/string.prototype.matchall-4.0.8.tgz", + "integrity": "sha512-6zOCOcJ+RJAQshcTvXPHoxoQGONa3e/Lqx90wUA+wEzX78sg5Bo+1tQo4N0pohS0erG9qtCqJDjNCQBjeWVxyg==", + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4", + "get-intrinsic": "^1.1.3", + "has-symbols": "^1.0.3", + "internal-slot": "^1.0.3", + "regexp.prototype.flags": "^1.4.3", + "side-channel": "^1.0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/string.prototype.trimend": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.6.tgz", + "integrity": "sha512-JySq+4mrPf9EsDBEDYMOb/lM7XQLulwg5R/m1r0PXEFqrV0qHvl58sdTilSXtKOflCsK2E8jxf+GKC0T07RWwQ==", + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/string.prototype.trimstart": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.6.tgz", + "integrity": "sha512-omqjMDaY92pbn5HOX7f9IccLA+U1tA9GvtU4JrodiXFfYB7jPzzHpRzpglLAjtUV6bB557zwClJezTqnAiYnQA==", + "dependencies": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "dependencies": { + "ansi-regex": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/strip-bom": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz", + "integrity": "sha512-vavAMRXOgBVNF6nyEEmL3DBK19iRpDcoIwW+swQ+CbGiu7lju6t+JklA1MHweoWtadgt4ISVUsXLyDq34ddcwA==", + "engines": { + "node": ">=4" + } + }, + "node_modules/strip-json-comments": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/styled-jsx": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/styled-jsx/-/styled-jsx-5.1.1.tgz", + "integrity": "sha512-pW7uC1l4mBZ8ugbiZrcIsiIvVx1UmTfw7UkC3Um2tmfUq9Bhk8IiyEIPl6F8agHgjzku6j0xQEZbfA5uSgSaCw==", + "dependencies": { + "client-only": "0.0.1" + }, + "engines": { + "node": ">= 12.0.0" + }, + "peerDependencies": { + "react": ">= 16.8.0 || 17.x.x || ^18.0.0-0" + }, + "peerDependenciesMeta": { + "@babel/core": { + "optional": true + }, + "babel-plugin-macros": { + "optional": true + } + } + }, + "node_modules/supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "dependencies": { + "has-flag": "^4.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/supports-preserve-symlinks-flag": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/synckit": { + "version": "0.8.4", + "resolved": "https://registry.npmjs.org/synckit/-/synckit-0.8.4.tgz", + "integrity": "sha512-Dn2ZkzMdSX827QbowGbU/4yjWuvNaCoScLLoMo/yKbu+P4GBR6cRGKZH27k6a9bRzdqcyd1DE96pQtQ6uNkmyw==", + "dependencies": { + "@pkgr/utils": "^2.3.1", + "tslib": "^2.4.0" + }, + "engines": { + "node": "^14.18.0 || >=16.0.0" + }, + "funding": { + "url": "https://opencollective.com/unts" + } + }, + "node_modules/tapable": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.1.tgz", + "integrity": "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ==", + "engines": { + "node": ">=6" + } + }, + "node_modules/text-table": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", + "integrity": "sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==" + }, + "node_modules/tiny-glob": { + "version": "0.2.9", + "resolved": "https://registry.npmjs.org/tiny-glob/-/tiny-glob-0.2.9.tgz", + "integrity": "sha512-g/55ssRPUjShh+xkfx9UPDXqhckHEsHr4Vd9zX55oSdGZc/MD0m3sferOkwWtp98bv+kcVfEHtRJgBVJzelrzg==", + "dependencies": { + "globalyzer": "0.1.0", + "globrex": "^0.1.2" + } + }, + "node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dependencies": { + "is-number": "^7.0.0" + }, + "engines": { + "node": ">=8.0" + } + }, + "node_modules/tsconfig-paths": { + "version": "3.14.1", + "resolved": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.14.1.tgz", + "integrity": "sha512-fxDhWnFSLt3VuTwtvJt5fpwxBHg5AdKWMsgcPOOIilyjymcYVZoCQF8fvFRezCNfblEXmi+PcM1eYHeOAgXCOQ==", + "dependencies": { + "@types/json5": "^0.0.29", + "json5": "^1.0.1", + "minimist": "^1.2.6", + "strip-bom": "^3.0.0" + } + }, + "node_modules/tslib": { + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.4.1.tgz", + "integrity": "sha512-tGyy4dAjRIEwI7BzsB0lynWgOpfqjUdq91XXAlIWD2OwKBH7oCl/GZG/HT4BOHrTlPMOASlMQ7veyTqpmRcrNA==" + }, + "node_modules/tsutils": { + "version": "3.21.0", + "resolved": "https://registry.npmjs.org/tsutils/-/tsutils-3.21.0.tgz", + "integrity": "sha512-mHKK3iUXL+3UF6xL5k0PEhKRUBKPBCv/+RkEOpjRWxxx27KKRBmmA60A9pgOUvMi8GKhRMPEmjBRPzs2W7O1OA==", + "dependencies": { + "tslib": "^1.8.1" + }, + "engines": { + "node": ">= 6" + }, + "peerDependencies": { + "typescript": ">=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta" + } + }, + "node_modules/tsutils/node_modules/tslib": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" + }, + "node_modules/type-check": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", + "integrity": "sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==", + "dependencies": { + "prelude-ls": "^1.2.1" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/type-fest": { + "version": "0.20.2", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", + "integrity": "sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/typescript": { + "version": "4.9.4", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.4.tgz", + "integrity": "sha512-Uz+dTXYzxXXbsFpM86Wh3dKCxrQqUcVMxwU54orwlJjOpO3ao8L7j5lH+dWfTwgCwIuM9GQ2kvVotzYJMXTBZg==", + "bin": { + "tsc": "bin/tsc", + "tsserver": "bin/tsserver" + }, + "engines": { + "node": ">=4.2.0" + } + }, + "node_modules/unbox-primitive": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/unbox-primitive/-/unbox-primitive-1.0.2.tgz", + "integrity": "sha512-61pPlCD9h51VoreyJ0BReideM3MDKMKnh6+V9L08331ipq6Q8OFXZYiqP6n/tbHx4s5I9uRhcye6BrbkizkBDw==", + "dependencies": { + "call-bind": "^1.0.2", + "has-bigints": "^1.0.2", + "has-symbols": "^1.0.3", + "which-boxed-primitive": "^1.0.2" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/uri-js": { + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==", + "dependencies": { + "punycode": "^2.1.0" + } + }, + "node_modules/which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "dependencies": { + "isexe": "^2.0.0" + }, + "bin": { + "node-which": "bin/node-which" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/which-boxed-primitive": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/which-boxed-primitive/-/which-boxed-primitive-1.0.2.tgz", + "integrity": "sha512-bwZdv0AKLpplFY2KZRX6TvyuN7ojjr7lwkg6ml0roIy9YeuSr7JS372qlNW18UQYzgYK9ziGcerWqZOmEn9VNg==", + "dependencies": { + "is-bigint": "^1.0.1", + "is-boolean-object": "^1.1.0", + "is-number-object": "^1.0.4", + "is-string": "^1.0.5", + "is-symbol": "^1.0.3" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/word-wrap": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz", + "integrity": "sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==" + }, + "node_modules/yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" + }, + "node_modules/yocto-queue": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==", + "engines": { + "node": ">=10" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + } + }, + "dependencies": { + "@babel/runtime": { + "version": "7.20.7", + "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.20.7.tgz", + "integrity": "sha512-UF0tvkUtxwAgZ5W/KrkHf0Rn0fdnLDU9ScxBrEVNUprE/MzirjK4MJUX1/BVDv00Sv8cljtukVK1aky++X1SjQ==", + "requires": { + "regenerator-runtime": "^0.13.11" + } + }, + "@babel/runtime-corejs3": { + "version": "7.20.7", + "resolved": "https://registry.npmjs.org/@babel/runtime-corejs3/-/runtime-corejs3-7.20.7.tgz", + "integrity": "sha512-jr9lCZ4RbRQmCR28Q8U8Fu49zvFqLxTY9AMOUz+iyMohMoAgpEcVxY+wJNay99oXOpOcCTODkk70NDN2aaJEeg==", + "requires": { + "core-js-pure": "^3.25.1", + "regenerator-runtime": "^0.13.11" + } + }, + "@eslint/eslintrc": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-1.4.1.tgz", + "integrity": "sha512-XXrH9Uarn0stsyldqDYq8r++mROmWRI1xKMXa640Bb//SY1+ECYX6VzT6Lcx5frD0V30XieqJ0oX9I2Xj5aoMA==", + "requires": { + "ajv": "^6.12.4", + "debug": "^4.3.2", + "espree": "^9.4.0", + "globals": "^13.19.0", + "ignore": "^5.2.0", + "import-fresh": "^3.2.1", + "js-yaml": "^4.1.0", + "minimatch": "^3.1.2", + "strip-json-comments": "^3.1.1" + } + }, + "@humanwhocodes/config-array": { + "version": "0.11.8", + "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.8.tgz", + "integrity": "sha512-UybHIJzJnR5Qc/MsD9Kr+RpO2h+/P1GhOwdiLPXK5TWk5sgTdu88bTD9UP+CKbPPh5Rni1u0GjAdYQLemG8g+g==", + "requires": { + "@humanwhocodes/object-schema": "^1.2.1", + "debug": "^4.1.1", + "minimatch": "^3.0.5" + } + }, + "@humanwhocodes/module-importer": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz", + "integrity": "sha512-bxveV4V8v5Yb4ncFTT3rPSgZBOpCkjfK0y4oVVVJwIuDVBRMDXrPyXRL988i5ap9m9bnyEEjWfm5WkBmtffLfA==" + }, + "@humanwhocodes/object-schema": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz", + "integrity": "sha512-ZnQMnLV4e7hDlUvw8H+U8ASL02SS2Gn6+9Ac3wGGLIe7+je2AeAOxPY+izIPJDfFDb7eDjev0Us8MO1iFRN8hA==" + }, + "@next/env": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/env/-/env-13.1.1.tgz", + "integrity": "sha512-vFMyXtPjSAiOXOywMojxfKIqE3VWN5RCAx+tT3AS3pcKjMLFTCJFUWsKv8hC+87Z1F4W3r68qTwDFZIFmd5Xkw==" + }, + "@next/eslint-plugin-next": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/eslint-plugin-next/-/eslint-plugin-next-13.1.1.tgz", + "integrity": "sha512-SBrOFS8PC3nQ5aeZmawJkjKkWjwK9RoxvBSv/86nZp0ubdoVQoko8r8htALd9ufp16NhacCdqhu9bzZLDWtALQ==", + "requires": { + "glob": "7.1.7" + } + }, + "@next/font": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/font/-/font-13.1.1.tgz", + "integrity": "sha512-amygRorS05hYK1/XQRZo5qBl7l2fpHnezeKU/cNveWU5QJg+sg8gMGkUXHtvesNKpiKIJshBRH1TzvO+2sKpvQ==" + }, + "@next/swc-android-arm-eabi": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-android-arm-eabi/-/swc-android-arm-eabi-13.1.1.tgz", + "integrity": "sha512-qnFCx1kT3JTWhWve4VkeWuZiyjG0b5T6J2iWuin74lORCupdrNukxkq9Pm+Z7PsatxuwVJMhjUoYz7H4cWzx2A==", + "optional": true + }, + "@next/swc-android-arm64": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-android-arm64/-/swc-android-arm64-13.1.1.tgz", + "integrity": "sha512-eCiZhTzjySubNqUnNkQCjU3Fh+ep3C6b5DCM5FKzsTH/3Gr/4Y7EiaPZKILbvnXmhWtKPIdcY6Zjx51t4VeTfA==", + "optional": true + }, + "@next/swc-darwin-arm64": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-13.1.1.tgz", + "integrity": "sha512-9zRJSSIwER5tu9ADDkPw5rIZ+Np44HTXpYMr0rkM656IvssowPxmhK0rTreC1gpUCYwFsRbxarUJnJsTWiutPg==", + "optional": true + }, + "@next/swc-darwin-x64": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-13.1.1.tgz", + "integrity": "sha512-qWr9qEn5nrnlhB0rtjSdR00RRZEtxg4EGvicIipqZWEyayPxhUu6NwKiG8wZiYZCLfJ5KWr66PGSNeDMGlNaiA==", + "optional": true + }, + "@next/swc-freebsd-x64": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-freebsd-x64/-/swc-freebsd-x64-13.1.1.tgz", + "integrity": "sha512-UwP4w/NcQ7V/VJEj3tGVszgb4pyUCt3lzJfUhjDMUmQbzG9LDvgiZgAGMYH6L21MoyAATJQPDGiAMWAPKsmumA==", + "optional": true + }, + "@next/swc-linux-arm-gnueabihf": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-linux-arm-gnueabihf/-/swc-linux-arm-gnueabihf-13.1.1.tgz", + "integrity": "sha512-CnsxmKHco9sosBs1XcvCXP845Db+Wx1G0qouV5+Gr+HT/ZlDYEWKoHVDgnJXLVEQzq4FmHddBNGbXvgqM1Gfkg==", + "optional": true + }, + "@next/swc-linux-arm64-gnu": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-13.1.1.tgz", + "integrity": "sha512-JfDq1eri5Dif+VDpTkONRd083780nsMCOKoFG87wA0sa4xL8LGcXIBAkUGIC1uVy9SMsr2scA9CySLD/i+Oqiw==", + "optional": true + }, + "@next/swc-linux-arm64-musl": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-13.1.1.tgz", + "integrity": "sha512-GA67ZbDq2AW0CY07zzGt07M5b5Yaq5qUpFIoW3UFfjOPgb0Sqf3DAW7GtFMK1sF4ROHsRDMGQ9rnT0VM2dVfKA==", + "optional": true + }, + "@next/swc-linux-x64-gnu": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-13.1.1.tgz", + "integrity": "sha512-nnjuBrbzvqaOJaV+XgT8/+lmXrSCOt1YYZn/irbDb2fR2QprL6Q7WJNgwsZNxiLSfLdv+2RJGGegBx9sLBEzGA==", + "optional": true + }, + "@next/swc-linux-x64-musl": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-13.1.1.tgz", + "integrity": "sha512-CM9xnAQNIZ8zf/igbIT/i3xWbQZYaF397H+JroF5VMOCUleElaMdQLL5riJml8wUfPoN3dtfn2s4peSr3azz/g==", + "optional": true + }, + "@next/swc-win32-arm64-msvc": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-13.1.1.tgz", + "integrity": "sha512-pzUHOGrbgfGgPlOMx9xk3QdPJoRPU+om84hqVoe6u+E0RdwOG0Ho/2UxCgDqmvpUrMab1Deltlt6RqcXFpnigQ==", + "optional": true + }, + "@next/swc-win32-ia32-msvc": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-win32-ia32-msvc/-/swc-win32-ia32-msvc-13.1.1.tgz", + "integrity": "sha512-WeX8kVS46aobM9a7Xr/kEPcrTyiwJqQv/tbw6nhJ4fH9xNZ+cEcyPoQkwPo570dCOLz3Zo9S2q0E6lJ/EAUOBg==", + "optional": true + }, + "@next/swc-win32-x64-msvc": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-13.1.1.tgz", + "integrity": "sha512-mVF0/3/5QAc5EGVnb8ll31nNvf3BWpPY4pBb84tk+BfQglWLqc5AC9q1Ht/YMWiEgs8ALNKEQ3GQnbY0bJF2Gg==", + "optional": true + }, + "@nodelib/fs.scandir": { + "version": "2.1.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", + "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==", + "requires": { + "@nodelib/fs.stat": "2.0.5", + "run-parallel": "^1.1.9" + } + }, + "@nodelib/fs.stat": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", + "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==" + }, + "@nodelib/fs.walk": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", + "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==", + "requires": { + "@nodelib/fs.scandir": "2.1.5", + "fastq": "^1.6.0" + } + }, + "@pkgr/utils": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/@pkgr/utils/-/utils-2.3.1.tgz", + "integrity": "sha512-wfzX8kc1PMyUILA+1Z/EqoE4UCXGy0iRGMhPwdfae1+f0OXlLqCk+By+aMzgJBzR9AzS4CDizioG6Ss1gvAFJw==", + "requires": { + "cross-spawn": "^7.0.3", + "is-glob": "^4.0.3", + "open": "^8.4.0", + "picocolors": "^1.0.0", + "tiny-glob": "^0.2.9", + "tslib": "^2.4.0" + } + }, + "@rushstack/eslint-patch": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/@rushstack/eslint-patch/-/eslint-patch-1.2.0.tgz", + "integrity": "sha512-sXo/qW2/pAcmT43VoRKOJbDOfV3cYpq3szSVfIThQXNt+E4DfKj361vaAt3c88U5tPUxzEswam7GW48PJqtKAg==" + }, + "@swc/helpers": { + "version": "0.4.14", + "resolved": "https://registry.npmjs.org/@swc/helpers/-/helpers-0.4.14.tgz", + "integrity": "sha512-4C7nX/dvpzB7za4Ql9K81xK3HPxCpHMgwTZVyf+9JQ6VUbn9jjZVN7/Nkdz/Ugzs2CSjqnL/UPXroiVBVHUWUw==", + "requires": { + "tslib": "^2.4.0" + } + }, + "@types/json5": { + "version": "0.0.29", + "resolved": "https://registry.npmjs.org/@types/json5/-/json5-0.0.29.tgz", + "integrity": "sha512-dRLjCWHYg4oaA77cxO64oO+7JwCwnIzkZPdrrC71jQmQtlhM556pwKo5bUzqvZndkVbeFLIIi+9TC40JNF5hNQ==" + }, + "@types/node": { + "version": "18.11.18", + "resolved": "https://registry.npmjs.org/@types/node/-/node-18.11.18.tgz", + "integrity": "sha512-DHQpWGjyQKSHj3ebjFI/wRKcqQcdR+MoFBygntYOZytCqNfkd2ZC4ARDJ2DQqhjH5p85Nnd3jhUJIXrszFX/JA==" + }, + "@types/prop-types": { + "version": "15.7.5", + "resolved": "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.5.tgz", + "integrity": "sha512-JCB8C6SnDoQf0cNycqd/35A7MjcnK+ZTqE7judS6o7utxUCg6imJg3QK2qzHKszlTjcj2cn+NwMB2i96ubpj7w==" + }, + "@types/react": { + "version": "18.0.26", + "resolved": "https://registry.npmjs.org/@types/react/-/react-18.0.26.tgz", + "integrity": "sha512-hCR3PJQsAIXyxhTNSiDFY//LhnMZWpNNr5etoCqx/iUfGc5gXWtQR2Phl908jVR6uPXacojQWTg4qRpkxTuGug==", + "requires": { + "@types/prop-types": "*", + "@types/scheduler": "*", + "csstype": "^3.0.2" + } + }, + "@types/react-dom": { + "version": "18.0.10", + "resolved": "https://registry.npmjs.org/@types/react-dom/-/react-dom-18.0.10.tgz", + "integrity": "sha512-E42GW/JA4Qv15wQdqJq8DL4JhNpB3prJgjgapN3qJT9K2zO5IIAQh4VXvCEDupoqAwnz0cY4RlXeC/ajX5SFHg==", + "requires": { + "@types/react": "*" + } + }, + "@types/scheduler": { + "version": "0.16.2", + "resolved": "https://registry.npmjs.org/@types/scheduler/-/scheduler-0.16.2.tgz", + "integrity": "sha512-hppQEBDmlwhFAXKJX2KnWLYu5yMfi91yazPb2l+lbJiwW+wdo1gNeRA+3RgNSO39WYX2euey41KEwnqesU2Jew==" + }, + "@typescript-eslint/parser": { + "version": "5.47.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.47.1.tgz", + "integrity": "sha512-9Vb+KIv29r6GPu4EboWOnQM7T+UjpjXvjCPhNORlgm40a9Ia9bvaPJswvtae1gip2QEeVeGh6YquqAzEgoRAlw==", + "requires": { + "@typescript-eslint/scope-manager": "5.47.1", + "@typescript-eslint/types": "5.47.1", + "@typescript-eslint/typescript-estree": "5.47.1", + "debug": "^4.3.4" + } + }, + "@typescript-eslint/scope-manager": { + "version": "5.47.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.47.1.tgz", + "integrity": "sha512-9hsFDsgUwrdOoW1D97Ewog7DYSHaq4WKuNs0LHF9RiCmqB0Z+XRR4Pf7u7u9z/8CciHuJ6yxNws1XznI3ddjEw==", + "requires": { + "@typescript-eslint/types": "5.47.1", + "@typescript-eslint/visitor-keys": "5.47.1" + } + }, + "@typescript-eslint/types": { + "version": "5.47.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.47.1.tgz", + "integrity": "sha512-CmALY9YWXEpwuu6377ybJBZdtSAnzXLSQcxLSqSQSbC7VfpMu/HLVdrnVJj7ycI138EHqocW02LPJErE35cE9A==" + }, + "@typescript-eslint/typescript-estree": { + "version": "5.47.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.47.1.tgz", + "integrity": "sha512-4+ZhFSuISAvRi2xUszEj0xXbNTHceV9GbH9S8oAD2a/F9SW57aJNQVOCxG8GPfSWH/X4eOPdMEU2jYVuWKEpWA==", + "requires": { + "@typescript-eslint/types": "5.47.1", + "@typescript-eslint/visitor-keys": "5.47.1", + "debug": "^4.3.4", + "globby": "^11.1.0", + "is-glob": "^4.0.3", + "semver": "^7.3.7", + "tsutils": "^3.21.0" + } + }, + "@typescript-eslint/visitor-keys": { + "version": "5.47.1", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.47.1.tgz", + "integrity": "sha512-rF3pmut2JCCjh6BLRhNKdYjULMb1brvoaiWDlHfLNVgmnZ0sBVJrs3SyaKE1XoDDnJuAx/hDQryHYmPUuNq0ig==", + "requires": { + "@typescript-eslint/types": "5.47.1", + "eslint-visitor-keys": "^3.3.0" + } + }, + "acorn": { + "version": "8.8.1", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.8.1.tgz", + "integrity": "sha512-7zFpHzhnqYKrkYdUjF1HI1bzd0VygEGX8lFk4k5zVMqHEoES+P+7TKI+EvLO9WVMJ8eekdO0aDEK044xTXwPPA==" + }, + "acorn-jsx": { + "version": "5.3.2", + "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", + "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==", + "requires": {} + }, + "ajv": { + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", + "requires": { + "fast-deep-equal": "^3.1.1", + "fast-json-stable-stringify": "^2.0.0", + "json-schema-traverse": "^0.4.1", + "uri-js": "^4.2.2" + } + }, + "ansi-regex": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", + "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==" + }, + "ansi-styles": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", + "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", + "requires": { + "color-convert": "^2.0.1" + } + }, + "argparse": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", + "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==" + }, + "aria-query": { + "version": "4.2.2", + "resolved": "https://registry.npmjs.org/aria-query/-/aria-query-4.2.2.tgz", + "integrity": "sha512-o/HelwhuKpTj/frsOsbNLNgnNGVIFsVP/SW2BSF14gVl7kAfMOJ6/8wUAUvG1R1NHKrfG+2sHZTu0yauT1qBrA==", + "requires": { + "@babel/runtime": "^7.10.2", + "@babel/runtime-corejs3": "^7.10.2" + } + }, + "array-includes": { + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.1.6.tgz", + "integrity": "sha512-sgTbLvL6cNnw24FnbaDyjmvddQ2ML8arZsgaJhoABMoplz/4QRhtrYS+alr1BUM1Bwp6dhx8vVCBSLG+StwOFw==", + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4", + "get-intrinsic": "^1.1.3", + "is-string": "^1.0.7" + } + }, + "array-union": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", + "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==" + }, + "array.prototype.flat": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/array.prototype.flat/-/array.prototype.flat-1.3.1.tgz", + "integrity": "sha512-roTU0KWIOmJ4DRLmwKd19Otg0/mT3qPNt0Qb3GWW8iObuZXxrjB/pzn0R3hqpRSWg4HCwqx+0vwOnWnvlOyeIA==", + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4", + "es-shim-unscopables": "^1.0.0" + } + }, + "array.prototype.flatmap": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/array.prototype.flatmap/-/array.prototype.flatmap-1.3.1.tgz", + "integrity": "sha512-8UGn9O1FDVvMNB0UlLv4voxRMze7+FpHyF5mSMRjWHUMlpoDViniy05870VlxhfgTnLbpuwTzvD76MTtWxB/mQ==", + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4", + "es-shim-unscopables": "^1.0.0" + } + }, + "array.prototype.tosorted": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/array.prototype.tosorted/-/array.prototype.tosorted-1.1.1.tgz", + "integrity": "sha512-pZYPXPRl2PqWcsUs6LOMn+1f1532nEoPTYowBtqLwAW+W8vSVhkIGnmOX1t/UQjD6YGI0vcD2B1U7ZFGQH9jnQ==", + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4", + "es-shim-unscopables": "^1.0.0", + "get-intrinsic": "^1.1.3" + } + }, + "ast-types-flow": { + "version": "0.0.7", + "resolved": "https://registry.npmjs.org/ast-types-flow/-/ast-types-flow-0.0.7.tgz", + "integrity": "sha512-eBvWn1lvIApYMhzQMsu9ciLfkBY499mFZlNqG+/9WR7PVlroQw0vG30cOQQbaKz3sCEc44TAOu2ykzqXSNnwag==" + }, + "axe-core": { + "version": "4.6.1", + "resolved": "https://registry.npmjs.org/axe-core/-/axe-core-4.6.1.tgz", + "integrity": "sha512-lCZN5XRuOnpG4bpMq8v0khrWtUOn+i8lZSb6wHZH56ZfbIEv6XwJV84AAueh9/zi7qPVJ/E4yz6fmsiyOmXR4w==" + }, + "axobject-query": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/axobject-query/-/axobject-query-2.2.0.tgz", + "integrity": "sha512-Td525n+iPOOyUQIeBfcASuG6uJsDOITl7Mds5gFyerkWiX7qhUTdYUBlSgNMyVqtSJqwpt1kXGLdUt6SykLMRA==" + }, + "balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==" + }, + "brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "requires": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "braces": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", + "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "requires": { + "fill-range": "^7.0.1" + } + }, + "call-bind": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", + "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==", + "requires": { + "function-bind": "^1.1.1", + "get-intrinsic": "^1.0.2" + } + }, + "callsites": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", + "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==" + }, + "caniuse-lite": { + "version": "1.0.30001441", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001441.tgz", + "integrity": "sha512-OyxRR4Vof59I3yGWXws6i908EtGbMzVUi3ganaZQHmydk1iwDhRnvaPG2WaR0KcqrDFKrxVZHULT396LEPhXfg==" + }, + "chalk": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", + "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", + "requires": { + "ansi-styles": "^4.1.0", + "supports-color": "^7.1.0" + } + }, + "client-only": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/client-only/-/client-only-0.0.1.tgz", + "integrity": "sha512-IV3Ou0jSMzZrd3pZ48nLkT9DA7Ag1pnPzaiQhpW7c3RbcqqzvzzVu+L8gfqMp/8IM2MQtSiqaCxrrcfu8I8rMA==" + }, + "color-convert": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", + "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", + "requires": { + "color-name": "~1.1.4" + } + }, + "color-name": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", + "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==" + }, + "concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==" + }, + "core-js-pure": { + "version": "3.27.1", + "resolved": "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.27.1.tgz", + "integrity": "sha512-BS2NHgwwUppfeoqOXqi08mUqS5FiZpuRuJJpKsaME7kJz0xxuk0xkhDdfMIlP/zLa80krBqss1LtD7f889heAw==" + }, + "cross-spawn": { + "version": "7.0.3", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", + "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "requires": { + "path-key": "^3.1.0", + "shebang-command": "^2.0.0", + "which": "^2.0.1" + } + }, + "csstype": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.1.tgz", + "integrity": "sha512-DJR/VvkAvSZW9bTouZue2sSxDwdTN92uHjqeKVm+0dAqdfNykRzQ95tay8aXMBAAPpUiq4Qcug2L7neoRh2Egw==" + }, + "damerau-levenshtein": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/damerau-levenshtein/-/damerau-levenshtein-1.0.8.tgz", + "integrity": "sha512-sdQSFB7+llfUcQHUQO3+B8ERRj0Oa4w9POWMI/puGtuf7gFywGmkaLCElnudfTiKZV+NvHqL0ifzdrI8Ro7ESA==" + }, + "debug": { + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", + "requires": { + "ms": "2.1.2" + } + }, + "deep-is": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", + "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==" + }, + "define-lazy-prop": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-2.0.0.tgz", + "integrity": "sha512-Ds09qNh8yw3khSjiJjiUInaGX9xlqZDY7JVryGxdxV7NPeuqQfplOpQ66yJFZut3jLa5zOwkXw1g9EI2uKh4Og==" + }, + "define-properties": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.1.4.tgz", + "integrity": "sha512-uckOqKcfaVvtBdsVkdPv3XjveQJsNQqmhXgRi8uhvWWuPYZCNlzT8qAyblUgNoXdHdjMTzAqeGjAoli8f+bzPA==", + "requires": { + "has-property-descriptors": "^1.0.0", + "object-keys": "^1.1.1" + } + }, + "dir-glob": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", + "integrity": "sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==", + "requires": { + "path-type": "^4.0.0" + } + }, + "doctrine": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz", + "integrity": "sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w==", + "requires": { + "esutils": "^2.0.2" + } + }, + "emoji-regex": { + "version": "9.2.2", + "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", + "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==" + }, + "enhanced-resolve": { + "version": "5.12.0", + "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.12.0.tgz", + "integrity": "sha512-QHTXI/sZQmko1cbDoNAa3mJ5qhWUUNAq3vR0/YiD379fWQrcfuoX1+HW2S0MTt7XmoPLapdaDKUtelUSPic7hQ==", + "requires": { + "graceful-fs": "^4.2.4", + "tapable": "^2.2.0" + } + }, + "es-abstract": { + "version": "1.20.5", + "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.20.5.tgz", + "integrity": "sha512-7h8MM2EQhsCA7pU/Nv78qOXFpD8Rhqd12gYiSJVkrH9+e8VuA8JlPJK/hQjjlLv6pJvx/z1iRFKzYb0XT/RuAQ==", + "requires": { + "call-bind": "^1.0.2", + "es-to-primitive": "^1.2.1", + "function-bind": "^1.1.1", + "function.prototype.name": "^1.1.5", + "get-intrinsic": "^1.1.3", + "get-symbol-description": "^1.0.0", + "gopd": "^1.0.1", + "has": "^1.0.3", + "has-property-descriptors": "^1.0.0", + "has-symbols": "^1.0.3", + "internal-slot": "^1.0.3", + "is-callable": "^1.2.7", + "is-negative-zero": "^2.0.2", + "is-regex": "^1.1.4", + "is-shared-array-buffer": "^1.0.2", + "is-string": "^1.0.7", + "is-weakref": "^1.0.2", + "object-inspect": "^1.12.2", + "object-keys": "^1.1.1", + "object.assign": "^4.1.4", + "regexp.prototype.flags": "^1.4.3", + "safe-regex-test": "^1.0.0", + "string.prototype.trimend": "^1.0.6", + "string.prototype.trimstart": "^1.0.6", + "unbox-primitive": "^1.0.2" + } + }, + "es-shim-unscopables": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/es-shim-unscopables/-/es-shim-unscopables-1.0.0.tgz", + "integrity": "sha512-Jm6GPcCdC30eMLbZ2x8z2WuRwAws3zTBBKuusffYVUrNj/GVSUAZ+xKMaUpfNDR5IbyNA5LJbaecoUVbmUcB1w==", + "requires": { + "has": "^1.0.3" + } + }, + "es-to-primitive": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/es-to-primitive/-/es-to-primitive-1.2.1.tgz", + "integrity": "sha512-QCOllgZJtaUo9miYBcLChTUaHNjJF3PYs1VidD7AwiEj1kYxKeQTctLAezAOH5ZKRH0g2IgPn6KwB4IT8iRpvA==", + "requires": { + "is-callable": "^1.1.4", + "is-date-object": "^1.0.1", + "is-symbol": "^1.0.2" + } + }, + "escape-string-regexp": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", + "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==" + }, + "eslint": { + "version": "8.31.0", + "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.31.0.tgz", + "integrity": "sha512-0tQQEVdmPZ1UtUKXjX7EMm9BlgJ08G90IhWh0PKDCb3ZLsgAOHI8fYSIzYVZej92zsgq+ft0FGsxhJ3xo2tbuA==", + "requires": { + "@eslint/eslintrc": "^1.4.1", + "@humanwhocodes/config-array": "^0.11.8", + "@humanwhocodes/module-importer": "^1.0.1", + "@nodelib/fs.walk": "^1.2.8", + "ajv": "^6.10.0", + "chalk": "^4.0.0", + "cross-spawn": "^7.0.2", + "debug": "^4.3.2", + "doctrine": "^3.0.0", + "escape-string-regexp": "^4.0.0", + "eslint-scope": "^7.1.1", + "eslint-utils": "^3.0.0", + "eslint-visitor-keys": "^3.3.0", + "espree": "^9.4.0", + "esquery": "^1.4.0", + "esutils": "^2.0.2", + "fast-deep-equal": "^3.1.3", + "file-entry-cache": "^6.0.1", + "find-up": "^5.0.0", + "glob-parent": "^6.0.2", + "globals": "^13.19.0", + "grapheme-splitter": "^1.0.4", + "ignore": "^5.2.0", + "import-fresh": "^3.0.0", + "imurmurhash": "^0.1.4", + "is-glob": "^4.0.0", + "is-path-inside": "^3.0.3", + "js-sdsl": "^4.1.4", + "js-yaml": "^4.1.0", + "json-stable-stringify-without-jsonify": "^1.0.1", + "levn": "^0.4.1", + "lodash.merge": "^4.6.2", + "minimatch": "^3.1.2", + "natural-compare": "^1.4.0", + "optionator": "^0.9.1", + "regexpp": "^3.2.0", + "strip-ansi": "^6.0.1", + "strip-json-comments": "^3.1.0", + "text-table": "^0.2.0" + } + }, + "eslint-config-next": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/eslint-config-next/-/eslint-config-next-13.1.1.tgz", + "integrity": "sha512-/5S2XGWlGaiqrRhzpn51ux5JUSLwx8PVK2keLi5xk7QmhfYB8PqE6R6SlVw6hgnf/VexvUXSrlNJ/su00NhtHQ==", + "requires": { + "@next/eslint-plugin-next": "13.1.1", + "@rushstack/eslint-patch": "^1.1.3", + "@typescript-eslint/parser": "^5.42.0", + "eslint-import-resolver-node": "^0.3.6", + "eslint-import-resolver-typescript": "^3.5.2", + "eslint-plugin-import": "^2.26.0", + "eslint-plugin-jsx-a11y": "^6.5.1", + "eslint-plugin-react": "^7.31.7", + "eslint-plugin-react-hooks": "^4.5.0" + } + }, + "eslint-import-resolver-node": { + "version": "0.3.6", + "resolved": "https://registry.npmjs.org/eslint-import-resolver-node/-/eslint-import-resolver-node-0.3.6.tgz", + "integrity": "sha512-0En0w03NRVMn9Uiyn8YRPDKvWjxCWkslUEhGNTdGx15RvPJYQ+lbOlqrlNI2vEAs4pDYK4f/HN2TbDmk5TP0iw==", + "requires": { + "debug": "^3.2.7", + "resolve": "^1.20.0" + }, + "dependencies": { + "debug": { + "version": "3.2.7", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", + "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", + "requires": { + "ms": "^2.1.1" + } + } + } + }, + "eslint-import-resolver-typescript": { + "version": "3.5.2", + "resolved": "https://registry.npmjs.org/eslint-import-resolver-typescript/-/eslint-import-resolver-typescript-3.5.2.tgz", + "integrity": "sha512-zX4ebnnyXiykjhcBvKIf5TNvt8K7yX6bllTRZ14MiurKPjDpCAZujlszTdB8pcNXhZcOf+god4s9SjQa5GnytQ==", + "requires": { + "debug": "^4.3.4", + "enhanced-resolve": "^5.10.0", + "get-tsconfig": "^4.2.0", + "globby": "^13.1.2", + "is-core-module": "^2.10.0", + "is-glob": "^4.0.3", + "synckit": "^0.8.4" + }, + "dependencies": { + "globby": { + "version": "13.1.3", + "resolved": "https://registry.npmjs.org/globby/-/globby-13.1.3.tgz", + "integrity": "sha512-8krCNHXvlCgHDpegPzleMq07yMYTO2sXKASmZmquEYWEmCx6J5UTRbp5RwMJkTJGtcQ44YpiUYUiN0b9mzy8Bw==", + "requires": { + "dir-glob": "^3.0.1", + "fast-glob": "^3.2.11", + "ignore": "^5.2.0", + "merge2": "^1.4.1", + "slash": "^4.0.0" + } + }, + "slash": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-4.0.0.tgz", + "integrity": "sha512-3dOsAHXXUkQTpOYcoAxLIorMTp4gIQr5IW3iVb7A7lFIp0VHhnynm9izx6TssdrIcVIESAlVjtnO2K8bg+Coew==" + } + } + }, + "eslint-module-utils": { + "version": "2.7.4", + "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.7.4.tgz", + "integrity": "sha512-j4GT+rqzCoRKHwURX7pddtIPGySnX9Si/cgMI5ztrcqOPtk5dDEeZ34CQVPphnqkJytlc97Vuk05Um2mJ3gEQA==", + "requires": { + "debug": "^3.2.7" + }, + "dependencies": { + "debug": { + "version": "3.2.7", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", + "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", + "requires": { + "ms": "^2.1.1" + } + } + } + }, + "eslint-plugin-import": { + "version": "2.26.0", + "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.26.0.tgz", + "integrity": "sha512-hYfi3FXaM8WPLf4S1cikh/r4IxnO6zrhZbEGz2b660EJRbuxgpDS5gkCuYgGWg2xxh2rBuIr4Pvhve/7c31koA==", + "requires": { + "array-includes": "^3.1.4", + "array.prototype.flat": "^1.2.5", + "debug": "^2.6.9", + "doctrine": "^2.1.0", + "eslint-import-resolver-node": "^0.3.6", + "eslint-module-utils": "^2.7.3", + "has": "^1.0.3", + "is-core-module": "^2.8.1", + "is-glob": "^4.0.3", + "minimatch": "^3.1.2", + "object.values": "^1.1.5", + "resolve": "^1.22.0", + "tsconfig-paths": "^3.14.1" + }, + "dependencies": { + "debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "requires": { + "ms": "2.0.0" + } + }, + "doctrine": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz", + "integrity": "sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw==", + "requires": { + "esutils": "^2.0.2" + } + }, + "ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" + } + } + }, + "eslint-plugin-jsx-a11y": { + "version": "6.6.1", + "resolved": "https://registry.npmjs.org/eslint-plugin-jsx-a11y/-/eslint-plugin-jsx-a11y-6.6.1.tgz", + "integrity": "sha512-sXgFVNHiWffBq23uiS/JaP6eVR622DqwB4yTzKvGZGcPq6/yZ3WmOZfuBks/vHWo9GaFOqC2ZK4i6+C35knx7Q==", + "requires": { + "@babel/runtime": "^7.18.9", + "aria-query": "^4.2.2", + "array-includes": "^3.1.5", + "ast-types-flow": "^0.0.7", + "axe-core": "^4.4.3", + "axobject-query": "^2.2.0", + "damerau-levenshtein": "^1.0.8", + "emoji-regex": "^9.2.2", + "has": "^1.0.3", + "jsx-ast-utils": "^3.3.2", + "language-tags": "^1.0.5", + "minimatch": "^3.1.2", + "semver": "^6.3.0" + }, + "dependencies": { + "semver": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", + "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==" + } + } + }, + "eslint-plugin-react": { + "version": "7.31.11", + "resolved": "https://registry.npmjs.org/eslint-plugin-react/-/eslint-plugin-react-7.31.11.tgz", + "integrity": "sha512-TTvq5JsT5v56wPa9OYHzsrOlHzKZKjV+aLgS+55NJP/cuzdiQPC7PfYoUjMoxlffKtvijpk7vA/jmuqRb9nohw==", + "requires": { + "array-includes": "^3.1.6", + "array.prototype.flatmap": "^1.3.1", + "array.prototype.tosorted": "^1.1.1", + "doctrine": "^2.1.0", + "estraverse": "^5.3.0", + "jsx-ast-utils": "^2.4.1 || ^3.0.0", + "minimatch": "^3.1.2", + "object.entries": "^1.1.6", + "object.fromentries": "^2.0.6", + "object.hasown": "^1.1.2", + "object.values": "^1.1.6", + "prop-types": "^15.8.1", + "resolve": "^2.0.0-next.3", + "semver": "^6.3.0", + "string.prototype.matchall": "^4.0.8" + }, + "dependencies": { + "doctrine": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz", + "integrity": "sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw==", + "requires": { + "esutils": "^2.0.2" + } + }, + "resolve": { + "version": "2.0.0-next.4", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-2.0.0-next.4.tgz", + "integrity": "sha512-iMDbmAWtfU+MHpxt/I5iWI7cY6YVEZUQ3MBgPQ++XD1PELuJHIl82xBmObyP2KyQmkNB2dsqF7seoQQiAn5yDQ==", + "requires": { + "is-core-module": "^2.9.0", + "path-parse": "^1.0.7", + "supports-preserve-symlinks-flag": "^1.0.0" + } + }, + "semver": { + "version": "6.3.0", + "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz", + "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==" + } + } + }, + "eslint-plugin-react-hooks": { + "version": "4.6.0", + "resolved": "https://registry.npmjs.org/eslint-plugin-react-hooks/-/eslint-plugin-react-hooks-4.6.0.tgz", + "integrity": "sha512-oFc7Itz9Qxh2x4gNHStv3BqJq54ExXmfC+a1NjAta66IAN87Wu0R/QArgIS9qKzX3dXKPI9H5crl9QchNMY9+g==", + "requires": {} + }, + "eslint-scope": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.1.1.tgz", + "integrity": "sha512-QKQM/UXpIiHcLqJ5AOyIW7XZmzjkzQXYE54n1++wb0u9V/abW3l9uQnxX8Z5Xd18xyKIMTUAyQ0k1e8pz6LUrw==", + "requires": { + "esrecurse": "^4.3.0", + "estraverse": "^5.2.0" + } + }, + "eslint-utils": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", + "integrity": "sha512-uuQC43IGctw68pJA1RgbQS8/NP7rch6Cwd4j3ZBtgo4/8Flj4eGE7ZYSZRN3iq5pVUv6GPdW5Z1RFleo84uLDA==", + "requires": { + "eslint-visitor-keys": "^2.0.0" + }, + "dependencies": { + "eslint-visitor-keys": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", + "integrity": "sha512-0rSmRBzXgDzIsD6mGdJgevzgezI534Cer5L/vyMX0kHzT/jiB43jRhd9YUlMGYLQy2zprNmoT8qasCGtY+QaKw==" + } + } + }, + "eslint-visitor-keys": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.3.0.tgz", + "integrity": "sha512-mQ+suqKJVyeuwGYHAdjMFqjCyfl8+Ldnxuyp3ldiMBFKkvytrXUZWaiPCEav8qDHKty44bD+qV1IP4T+w+xXRA==" + }, + "espree": { + "version": "9.4.1", + "resolved": "https://registry.npmjs.org/espree/-/espree-9.4.1.tgz", + "integrity": "sha512-XwctdmTO6SIvCzd9810yyNzIrOrqNYV9Koizx4C/mRhf9uq0o4yHoCEU/670pOxOL/MSraektvSAji79kX90Vg==", + "requires": { + "acorn": "^8.8.0", + "acorn-jsx": "^5.3.2", + "eslint-visitor-keys": "^3.3.0" + } + }, + "esquery": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.4.0.tgz", + "integrity": "sha512-cCDispWt5vHHtwMY2YrAQ4ibFkAL8RbH5YGBnZBc90MolvvfkkQcJro/aZiAQUlQ3qgrYS6D6v8Gc5G5CQsc9w==", + "requires": { + "estraverse": "^5.1.0" + } + }, + "esrecurse": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", + "integrity": "sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==", + "requires": { + "estraverse": "^5.2.0" + } + }, + "estraverse": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", + "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==" + }, + "esutils": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", + "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==" + }, + "fast-deep-equal": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", + "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==" + }, + "fast-glob": { + "version": "3.2.12", + "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.2.12.tgz", + "integrity": "sha512-DVj4CQIYYow0BlaelwK1pHl5n5cRSJfM60UA0zK891sVInoPri2Ekj7+e1CT3/3qxXenpI+nBBmQAcJPJgaj4w==", + "requires": { + "@nodelib/fs.stat": "^2.0.2", + "@nodelib/fs.walk": "^1.2.3", + "glob-parent": "^5.1.2", + "merge2": "^1.3.0", + "micromatch": "^4.0.4" + }, + "dependencies": { + "glob-parent": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "requires": { + "is-glob": "^4.0.1" + } + } + } + }, + "fast-json-stable-stringify": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", + "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==" + }, + "fast-levenshtein": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", + "integrity": "sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==" + }, + "fastq": { + "version": "1.15.0", + "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.15.0.tgz", + "integrity": "sha512-wBrocU2LCXXa+lWBt8RoIRD89Fi8OdABODa/kEnyeyjS5aZO5/GNvI5sEINADqP/h8M29UHTHUb53sUu5Ihqdw==", + "requires": { + "reusify": "^1.0.4" + } + }, + "file-entry-cache": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-6.0.1.tgz", + "integrity": "sha512-7Gps/XWymbLk2QLYK4NzpMOrYjMhdIxXuIvy2QBsLE6ljuodKvdkWs/cpyJJ3CVIVpH0Oi1Hvg1ovbMzLdFBBg==", + "requires": { + "flat-cache": "^3.0.4" + } + }, + "fill-range": { + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", + "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "requires": { + "to-regex-range": "^5.0.1" + } + }, + "find-up": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", + "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", + "requires": { + "locate-path": "^6.0.0", + "path-exists": "^4.0.0" + } + }, + "flat-cache": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-3.0.4.tgz", + "integrity": "sha512-dm9s5Pw7Jc0GvMYbshN6zchCA9RgQlzzEZX3vylR9IqFfS8XciblUXOKfW6SiuJ0e13eDYZoZV5wdrev7P3Nwg==", + "requires": { + "flatted": "^3.1.0", + "rimraf": "^3.0.2" + } + }, + "flatted": { + "version": "3.2.7", + "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.2.7.tgz", + "integrity": "sha512-5nqDSxl8nn5BSNxyR3n4I6eDmbolI6WT+QqR547RwxQapgjQBmtktdP+HTBb/a/zLsbzERTONyUB5pefh5TtjQ==" + }, + "fs.realpath": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==" + }, + "function-bind": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", + "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==" + }, + "function.prototype.name": { + "version": "1.1.5", + "resolved": "https://registry.npmjs.org/function.prototype.name/-/function.prototype.name-1.1.5.tgz", + "integrity": "sha512-uN7m/BzVKQnCUF/iW8jYea67v++2u7m5UgENbHRtdDVclOUP+FMPlCNdmk0h/ysGyo2tavMJEDqJAkJdRa1vMA==", + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.3", + "es-abstract": "^1.19.0", + "functions-have-names": "^1.2.2" + } + }, + "functions-have-names": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/functions-have-names/-/functions-have-names-1.2.3.tgz", + "integrity": "sha512-xckBUXyTIqT97tq2x2AMb+g163b5JFysYk0x4qxNFwbfQkmNZoiRHb6sPzI9/QV33WeuvVYBUIiD4NzNIyqaRQ==" + }, + "get-intrinsic": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.1.3.tgz", + "integrity": "sha512-QJVz1Tj7MS099PevUG5jvnt9tSkXN8K14dxQlikJuPt4uD9hHAHjLyLBiLR5zELelBdD9QNRAXZzsJx0WaDL9A==", + "requires": { + "function-bind": "^1.1.1", + "has": "^1.0.3", + "has-symbols": "^1.0.3" + } + }, + "get-symbol-description": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/get-symbol-description/-/get-symbol-description-1.0.0.tgz", + "integrity": "sha512-2EmdH1YvIQiZpltCNgkuiUnyukzxM/R6NDJX31Ke3BG1Nq5b0S2PhX59UKi9vZpPDQVdqn+1IcaAwnzTT5vCjw==", + "requires": { + "call-bind": "^1.0.2", + "get-intrinsic": "^1.1.1" + } + }, + "get-tsconfig": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/get-tsconfig/-/get-tsconfig-4.3.0.tgz", + "integrity": "sha512-YCcF28IqSay3fqpIu5y3Krg/utCBHBeoflkZyHj/QcqI2nrLPC3ZegS9CmIo+hJb8K7aiGsuUl7PwWVjNG2HQQ==" + }, + "glob": { + "version": "7.1.7", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.7.tgz", + "integrity": "sha512-OvD9ENzPLbegENnYP5UUfJIirTg4+XwMWGaQfQTY0JenxNvvIKP3U3/tAQSPIu/lHxXYSZmpXlUHeqAIdKzBLQ==", + "requires": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.0.4", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + } + }, + "glob-parent": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", + "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==", + "requires": { + "is-glob": "^4.0.3" + } + }, + "globals": { + "version": "13.19.0", + "resolved": "https://registry.npmjs.org/globals/-/globals-13.19.0.tgz", + "integrity": "sha512-dkQ957uSRWHw7CFXLUtUHQI3g3aWApYhfNR2O6jn/907riyTYKVBmxYVROkBcY614FSSeSJh7Xm7SrUWCxvJMQ==", + "requires": { + "type-fest": "^0.20.2" + } + }, + "globalyzer": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/globalyzer/-/globalyzer-0.1.0.tgz", + "integrity": "sha512-40oNTM9UfG6aBmuKxk/giHn5nQ8RVz/SS4Ir6zgzOv9/qC3kKZ9v4etGTcJbEl/NyVQH7FGU7d+X1egr57Md2Q==" + }, + "globby": { + "version": "11.1.0", + "resolved": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz", + "integrity": "sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g==", + "requires": { + "array-union": "^2.1.0", + "dir-glob": "^3.0.1", + "fast-glob": "^3.2.9", + "ignore": "^5.2.0", + "merge2": "^1.4.1", + "slash": "^3.0.0" + } + }, + "globrex": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/globrex/-/globrex-0.1.2.tgz", + "integrity": "sha512-uHJgbwAMwNFf5mLst7IWLNg14x1CkeqglJb/K3doi4dw6q2IvAAmM/Y81kevy83wP+Sst+nutFTYOGg3d1lsxg==" + }, + "gopd": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", + "integrity": "sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==", + "requires": { + "get-intrinsic": "^1.1.3" + } + }, + "graceful-fs": { + "version": "4.2.10", + "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.10.tgz", + "integrity": "sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA==" + }, + "grapheme-splitter": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/grapheme-splitter/-/grapheme-splitter-1.0.4.tgz", + "integrity": "sha512-bzh50DW9kTPM00T8y4o8vQg89Di9oLJVLW/KaOGIXJWP/iqCN6WKYkbNOF04vFLJhwcpYUh9ydh/+5vpOqV4YQ==" + }, + "has": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", + "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", + "requires": { + "function-bind": "^1.1.1" + } + }, + "has-bigints": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-bigints/-/has-bigints-1.0.2.tgz", + "integrity": "sha512-tSvCKtBr9lkF0Ex0aQiP9N+OpV4zi2r/Nee5VkRDbaqv35RLYMzbwQfFSZZH0kR+Rd6302UJZ2p/bJCEoR3VoQ==" + }, + "has-flag": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", + "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==" + }, + "has-property-descriptors": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.0.tgz", + "integrity": "sha512-62DVLZGoiEBDHQyqG4w9xCuZ7eJEwNmJRWw2VY84Oedb7WFcA27fiEVe8oUQx9hAUJ4ekurquucTGwsyO1XGdQ==", + "requires": { + "get-intrinsic": "^1.1.1" + } + }, + "has-symbols": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", + "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==" + }, + "has-tostringtag": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.0.tgz", + "integrity": "sha512-kFjcSNhnlGV1kyoGk7OXKSawH5JOb/LzUc5w9B02hOTO0dfFRjbHQKvg1d6cf3HbeUmtU9VbbV3qzZ2Teh97WQ==", + "requires": { + "has-symbols": "^1.0.2" + } + }, + "ignore": { + "version": "5.2.4", + "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.2.4.tgz", + "integrity": "sha512-MAb38BcSbH0eHNBxn7ql2NH/kX33OkB3lZ1BNdh7ENeRChHTYsTvWrMubiIAMNS2llXEEgZ1MUOBtXChP3kaFQ==" + }, + "import-fresh": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz", + "integrity": "sha512-veYYhQa+D1QBKznvhUHxb8faxlrwUnxseDAbAp457E0wLNio2bOSKnjYDhMj+YiAq61xrMGhQk9iXVk5FzgQMw==", + "requires": { + "parent-module": "^1.0.0", + "resolve-from": "^4.0.0" + } + }, + "imurmurhash": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", + "integrity": "sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==" + }, + "inflight": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==", + "requires": { + "once": "^1.3.0", + "wrappy": "1" + } + }, + "inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" + }, + "internal-slot": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/internal-slot/-/internal-slot-1.0.4.tgz", + "integrity": "sha512-tA8URYccNzMo94s5MQZgH8NB/XTa6HsOo0MLfXTKKEnHVVdegzaQoFZ7Jp44bdvLvY2waT5dc+j5ICEswhi7UQ==", + "requires": { + "get-intrinsic": "^1.1.3", + "has": "^1.0.3", + "side-channel": "^1.0.4" + } + }, + "is-bigint": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/is-bigint/-/is-bigint-1.0.4.tgz", + "integrity": "sha512-zB9CruMamjym81i2JZ3UMn54PKGsQzsJeo6xvN3HJJ4CAsQNB6iRutp2To77OfCNuoxspsIhzaPoO1zyCEhFOg==", + "requires": { + "has-bigints": "^1.0.1" + } + }, + "is-boolean-object": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/is-boolean-object/-/is-boolean-object-1.1.2.tgz", + "integrity": "sha512-gDYaKHJmnj4aWxyj6YHyXVpdQawtVLHU5cb+eztPGczf6cjuTdwve5ZIEfgXqH4e57An1D1AKf8CZ3kYrQRqYA==", + "requires": { + "call-bind": "^1.0.2", + "has-tostringtag": "^1.0.0" + } + }, + "is-callable": { + "version": "1.2.7", + "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.2.7.tgz", + "integrity": "sha512-1BC0BVFhS/p0qtw6enp8e+8OD0UrK0oFLztSjNzhcKA3WDuJxxAPXzPuPtKkjEY9UUoEWlX/8fgKeu2S8i9JTA==" + }, + "is-core-module": { + "version": "2.11.0", + "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.11.0.tgz", + "integrity": "sha512-RRjxlvLDkD1YJwDbroBHMb+cukurkDWNyHx7D3oNB5x9rb5ogcksMC5wHCadcXoo67gVr/+3GFySh3134zi6rw==", + "requires": { + "has": "^1.0.3" + } + }, + "is-date-object": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.5.tgz", + "integrity": "sha512-9YQaSxsAiSwcvS33MBk3wTCVnWK+HhF8VZR2jRxehM16QcVOdHqPn4VPHmRK4lSr38n9JriurInLcP90xsYNfQ==", + "requires": { + "has-tostringtag": "^1.0.0" + } + }, + "is-docker": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", + "integrity": "sha512-F+i2BKsFrH66iaUFc0woD8sLy8getkwTwtOBjvs56Cx4CgJDeKQeqfz8wAYiSb8JOprWhHH5p77PbmYCvvUuXQ==" + }, + "is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==" + }, + "is-glob": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", + "requires": { + "is-extglob": "^2.1.1" + } + }, + "is-negative-zero": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/is-negative-zero/-/is-negative-zero-2.0.2.tgz", + "integrity": "sha512-dqJvarLawXsFbNDeJW7zAz8ItJ9cd28YufuuFzh0G8pNHjJMnY08Dv7sYX2uF5UpQOwieAeOExEYAWWfu7ZZUA==" + }, + "is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==" + }, + "is-number-object": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/is-number-object/-/is-number-object-1.0.7.tgz", + "integrity": "sha512-k1U0IRzLMo7ZlYIfzRu23Oh6MiIFasgpb9X76eqfFZAqwH44UI4KTBvBYIZ1dSL9ZzChTB9ShHfLkR4pdW5krQ==", + "requires": { + "has-tostringtag": "^1.0.0" + } + }, + "is-path-inside": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", + "integrity": "sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==" + }, + "is-regex": { + "version": "1.1.4", + "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.1.4.tgz", + "integrity": "sha512-kvRdxDsxZjhzUX07ZnLydzS1TU/TJlTUHHY4YLL87e37oUA49DfkLqgy+VjFocowy29cKvcSiu+kIv728jTTVg==", + "requires": { + "call-bind": "^1.0.2", + "has-tostringtag": "^1.0.0" + } + }, + "is-shared-array-buffer": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/is-shared-array-buffer/-/is-shared-array-buffer-1.0.2.tgz", + "integrity": "sha512-sqN2UDu1/0y6uvXyStCOzyhAjCSlHceFoMKJW8W9EU9cvic/QdsZ0kEU93HEy3IUEFZIiH/3w+AH/UQbPHNdhA==", + "requires": { + "call-bind": "^1.0.2" + } + }, + "is-string": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/is-string/-/is-string-1.0.7.tgz", + "integrity": "sha512-tE2UXzivje6ofPW7l23cjDOMa09gb7xlAqG6jG5ej6uPV32TlWP3NKPigtaGeHNu9fohccRYvIiZMfOOnOYUtg==", + "requires": { + "has-tostringtag": "^1.0.0" + } + }, + "is-symbol": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/is-symbol/-/is-symbol-1.0.4.tgz", + "integrity": "sha512-C/CPBqKWnvdcxqIARxyOh4v1UUEOCHpgDa0WYgpKDFMszcrPcffg5uhwSgPCLD2WWxmq6isisz87tzT01tuGhg==", + "requires": { + "has-symbols": "^1.0.2" + } + }, + "is-weakref": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/is-weakref/-/is-weakref-1.0.2.tgz", + "integrity": "sha512-qctsuLZmIQ0+vSSMfoVvyFe2+GSEvnmZ2ezTup1SBse9+twCCeial6EEi3Nc2KFcf6+qz2FBPnjXsk8xhKSaPQ==", + "requires": { + "call-bind": "^1.0.2" + } + }, + "is-wsl": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", + "integrity": "sha512-fKzAra0rGJUUBwGBgNkHZuToZcn+TtXHpeCgmkMJMMYx1sQDYaCSyjJBSCa2nH1DGm7s3n1oBnohoVTBaN7Lww==", + "requires": { + "is-docker": "^2.0.0" + } + }, + "isexe": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", + "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==" + }, + "js-sdsl": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/js-sdsl/-/js-sdsl-4.2.0.tgz", + "integrity": "sha512-dyBIzQBDkCqCu+0upx25Y2jGdbTGxE9fshMsCdK0ViOongpV+n5tXRcZY9v7CaVQ79AGS9KA1KHtojxiM7aXSQ==" + }, + "js-tokens": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==" + }, + "js-yaml": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", + "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", + "requires": { + "argparse": "^2.0.1" + } + }, + "json-schema-traverse": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", + "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==" + }, + "json-stable-stringify-without-jsonify": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", + "integrity": "sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==" + }, + "json5": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/json5/-/json5-1.0.2.tgz", + "integrity": "sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA==", + "requires": { + "minimist": "^1.2.0" + } + }, + "jsx-ast-utils": { + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/jsx-ast-utils/-/jsx-ast-utils-3.3.3.tgz", + "integrity": "sha512-fYQHZTZ8jSfmWZ0iyzfwiU4WDX4HpHbMCZ3gPlWYiCl3BoeOTsqKBqnTVfH2rYT7eP5c3sVbeSPHnnJOaTrWiw==", + "requires": { + "array-includes": "^3.1.5", + "object.assign": "^4.1.3" + } + }, + "language-subtag-registry": { + "version": "0.3.22", + "resolved": "https://registry.npmjs.org/language-subtag-registry/-/language-subtag-registry-0.3.22.tgz", + "integrity": "sha512-tN0MCzyWnoz/4nHS6uxdlFWoUZT7ABptwKPQ52Ea7URk6vll88bWBVhodtnlfEuCcKWNGoc+uGbw1cwa9IKh/w==" + }, + "language-tags": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/language-tags/-/language-tags-1.0.7.tgz", + "integrity": "sha512-bSytju1/657hFjgUzPAPqszxH62ouE8nQFoFaVlIQfne4wO/wXC9A4+m8jYve7YBBvi59eq0SUpcshvG8h5Usw==", + "requires": { + "language-subtag-registry": "^0.3.20" + } + }, + "levn": { + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", + "integrity": "sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==", + "requires": { + "prelude-ls": "^1.2.1", + "type-check": "~0.4.0" + } + }, + "locate-path": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", + "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", + "requires": { + "p-locate": "^5.0.0" + } + }, + "lodash.merge": { + "version": "4.6.2", + "resolved": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", + "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==" + }, + "loose-envify": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz", + "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==", + "requires": { + "js-tokens": "^3.0.0 || ^4.0.0" + } + }, + "lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "requires": { + "yallist": "^4.0.0" + } + }, + "merge2": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", + "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==" + }, + "micromatch": { + "version": "4.0.5", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", + "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==", + "requires": { + "braces": "^3.0.2", + "picomatch": "^2.3.1" + } + }, + "minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "requires": { + "brace-expansion": "^1.1.7" + } + }, + "minimist": { + "version": "1.2.7", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.7.tgz", + "integrity": "sha512-bzfL1YUZsP41gmu/qjrEk0Q6i2ix/cVeAhbCbqH9u3zYutS1cLg00qhrD0M2MVdCcx4Sc0UpP2eBWo9rotpq6g==" + }, + "ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" + }, + "nanoid": { + "version": "3.3.4", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz", + "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==" + }, + "natural-compare": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", + "integrity": "sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==" + }, + "next": { + "version": "13.1.1", + "resolved": "https://registry.npmjs.org/next/-/next-13.1.1.tgz", + "integrity": "sha512-R5eBAaIa3X7LJeYvv1bMdGnAVF4fVToEjim7MkflceFPuANY3YyvFxXee/A+acrSYwYPvOvf7f6v/BM/48ea5w==", + "requires": { + "@next/env": "13.1.1", + "@next/swc-android-arm-eabi": "13.1.1", + "@next/swc-android-arm64": "13.1.1", + "@next/swc-darwin-arm64": "13.1.1", + "@next/swc-darwin-x64": "13.1.1", + "@next/swc-freebsd-x64": "13.1.1", + "@next/swc-linux-arm-gnueabihf": "13.1.1", + "@next/swc-linux-arm64-gnu": "13.1.1", + "@next/swc-linux-arm64-musl": "13.1.1", + "@next/swc-linux-x64-gnu": "13.1.1", + "@next/swc-linux-x64-musl": "13.1.1", + "@next/swc-win32-arm64-msvc": "13.1.1", + "@next/swc-win32-ia32-msvc": "13.1.1", + "@next/swc-win32-x64-msvc": "13.1.1", + "@swc/helpers": "0.4.14", + "caniuse-lite": "^1.0.30001406", + "postcss": "8.4.14", + "styled-jsx": "5.1.1" + } + }, + "object-assign": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==" + }, + "object-inspect": { + "version": "1.12.2", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.2.tgz", + "integrity": "sha512-z+cPxW0QGUp0mcqcsgQyLVRDoXFQbXOwBaqyF7VIgI4TWNQsDHrBpUQslRmIfAoYWdYzs6UlKJtB2XJpTaNSpQ==" + }, + "object-keys": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.1.1.tgz", + "integrity": "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==" + }, + "object.assign": { + "version": "4.1.4", + "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.4.tgz", + "integrity": "sha512-1mxKf0e58bvyjSCtKYY4sRe9itRk3PJpquJOjeIkz885CczcI4IvJJDLPS72oowuSh+pBxUFROpX+TU++hxhZQ==", + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "has-symbols": "^1.0.3", + "object-keys": "^1.1.1" + } + }, + "object.entries": { + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/object.entries/-/object.entries-1.1.6.tgz", + "integrity": "sha512-leTPzo4Zvg3pmbQ3rDK69Rl8GQvIqMWubrkxONG9/ojtFE2rD9fjMKfSI5BxW3osRH1m6VdzmqK8oAY9aT4x5w==", + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4" + } + }, + "object.fromentries": { + "version": "2.0.6", + "resolved": "https://registry.npmjs.org/object.fromentries/-/object.fromentries-2.0.6.tgz", + "integrity": "sha512-VciD13dswC4j1Xt5394WR4MzmAQmlgN72phd/riNp9vtD7tp4QQWJ0R4wvclXcafgcYK8veHRed2W6XeGBvcfg==", + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4" + } + }, + "object.hasown": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/object.hasown/-/object.hasown-1.1.2.tgz", + "integrity": "sha512-B5UIT3J1W+WuWIU55h0mjlwaqxiE5vYENJXIXZ4VFe05pNYrkKuK0U/6aFcb0pKywYJh7IhfoqUfKVmrJJHZHw==", + "requires": { + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4" + } + }, + "object.values": { + "version": "1.1.6", + "resolved": "https://registry.npmjs.org/object.values/-/object.values-1.1.6.tgz", + "integrity": "sha512-FVVTkD1vENCsAcwNs9k6jea2uHC/X0+JcjG8YA60FN5CMaJmG95wT9jek/xX9nornqGRrBkKtzuAu2wuHpKqvw==", + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4" + } + }, + "once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", + "requires": { + "wrappy": "1" + } + }, + "open": { + "version": "8.4.0", + "resolved": "https://registry.npmjs.org/open/-/open-8.4.0.tgz", + "integrity": "sha512-XgFPPM+B28FtCCgSb9I+s9szOC1vZRSwgWsRUA5ylIxRTgKozqjOCrVOqGsYABPYK5qnfqClxZTFBa8PKt2v6Q==", + "requires": { + "define-lazy-prop": "^2.0.0", + "is-docker": "^2.1.1", + "is-wsl": "^2.2.0" + } + }, + "optionator": { + "version": "0.9.1", + "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.1.tgz", + "integrity": "sha512-74RlY5FCnhq4jRxVUPKDaRwrVNXMqsGsiW6AJw4XK8hmtm10wC0ypZBLw5IIp85NZMr91+qd1RvvENwg7jjRFw==", + "requires": { + "deep-is": "^0.1.3", + "fast-levenshtein": "^2.0.6", + "levn": "^0.4.1", + "prelude-ls": "^1.2.1", + "type-check": "^0.4.0", + "word-wrap": "^1.2.3" + } + }, + "p-limit": { + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", + "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", + "requires": { + "yocto-queue": "^0.1.0" + } + }, + "p-locate": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", + "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", + "requires": { + "p-limit": "^3.0.2" + } + }, + "parent-module": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", + "integrity": "sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==", + "requires": { + "callsites": "^3.0.0" + } + }, + "path-exists": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", + "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==" + }, + "path-is-absolute": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==" + }, + "path-key": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", + "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==" + }, + "path-parse": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==" + }, + "path-type": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", + "integrity": "sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==" + }, + "picocolors": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz", + "integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==" + }, + "picomatch": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==" + }, + "postcss": { + "version": "8.4.14", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.14.tgz", + "integrity": "sha512-E398TUmfAYFPBSdzgeieK2Y1+1cpdxJx8yXbK/m57nRhKSmk1GB2tO4lbLBtlkfPQTDKfe4Xqv1ASWPpayPEig==", + "requires": { + "nanoid": "^3.3.4", + "picocolors": "^1.0.0", + "source-map-js": "^1.0.2" + } + }, + "prelude-ls": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", + "integrity": "sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==" + }, + "prop-types": { + "version": "15.8.1", + "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.8.1.tgz", + "integrity": "sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg==", + "requires": { + "loose-envify": "^1.4.0", + "object-assign": "^4.1.1", + "react-is": "^16.13.1" + } + }, + "punycode": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", + "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==" + }, + "queue-microtask": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", + "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==" + }, + "react": { + "version": "18.2.0", + "resolved": "https://registry.npmjs.org/react/-/react-18.2.0.tgz", + "integrity": "sha512-/3IjMdb2L9QbBdWiW5e3P2/npwMBaU9mHCSCUzNln0ZCYbcfTsGbTJrU/kGemdH2IWmB2ioZ+zkxtmq6g09fGQ==", + "requires": { + "loose-envify": "^1.1.0" + } + }, + "react-dom": { + "version": "18.2.0", + "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-18.2.0.tgz", + "integrity": "sha512-6IMTriUmvsjHUjNtEDudZfuDQUoWXVxKHhlEGSk81n4YFS+r/Kl99wXiwlVXtPBtJenozv2P+hxDsw9eA7Xo6g==", + "requires": { + "loose-envify": "^1.1.0", + "scheduler": "^0.23.0" + } + }, + "react-is": { + "version": "16.13.1", + "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz", + "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==" + }, + "regenerator-runtime": { + "version": "0.13.11", + "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.13.11.tgz", + "integrity": "sha512-kY1AZVr2Ra+t+piVaJ4gxaFaReZVH40AKNo7UCX6W+dEwBo/2oZJzqfuN1qLq1oL45o56cPaTXELwrTh8Fpggg==" + }, + "regexp.prototype.flags": { + "version": "1.4.3", + "resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.4.3.tgz", + "integrity": "sha512-fjggEOO3slI6Wvgjwflkc4NFRCTZAu5CnNfBd5qOMYhWdn67nJBBu34/TkD++eeFmd8C9r9jfXJ27+nSiRkSUA==", + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.3", + "functions-have-names": "^1.2.2" + } + }, + "regexpp": { + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/regexpp/-/regexpp-3.2.0.tgz", + "integrity": "sha512-pq2bWo9mVD43nbts2wGv17XLiNLya+GklZ8kaDLV2Z08gDCsGpnKn9BFMepvWuHCbyVvY7J5o5+BVvoQbmlJLg==" + }, + "resolve": { + "version": "1.22.1", + "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.1.tgz", + "integrity": "sha512-nBpuuYuY5jFsli/JIs1oldw6fOQCBioohqWZg/2hiaOybXOft4lonv85uDOKXdf8rhyK159cxU5cDcK/NKk8zw==", + "requires": { + "is-core-module": "^2.9.0", + "path-parse": "^1.0.7", + "supports-preserve-symlinks-flag": "^1.0.0" + } + }, + "resolve-from": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", + "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==" + }, + "reusify": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", + "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==" + }, + "rimraf": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", + "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==", + "requires": { + "glob": "^7.1.3" + } + }, + "run-parallel": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", + "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==", + "requires": { + "queue-microtask": "^1.2.2" + } + }, + "safe-regex-test": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/safe-regex-test/-/safe-regex-test-1.0.0.tgz", + "integrity": "sha512-JBUUzyOgEwXQY1NuPtvcj/qcBDbDmEvWufhlnXZIm75DEHp+afM1r1ujJpJsV/gSM4t59tpDyPi1sd6ZaPFfsA==", + "requires": { + "call-bind": "^1.0.2", + "get-intrinsic": "^1.1.3", + "is-regex": "^1.1.4" + } + }, + "scheduler": { + "version": "0.23.0", + "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.23.0.tgz", + "integrity": "sha512-CtuThmgHNg7zIZWAXi3AsyIzA3n4xx7aNyjwC2VJldO2LMVDhFK+63xGqq6CsJH4rTAt6/M+N4GhZiDYPx9eUw==", + "requires": { + "loose-envify": "^1.1.0" + } + }, + "semver": { + "version": "7.3.8", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz", + "integrity": "sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==", + "requires": { + "lru-cache": "^6.0.0" + } + }, + "shebang-command": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", + "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", + "requires": { + "shebang-regex": "^3.0.0" + } + }, + "shebang-regex": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", + "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==" + }, + "side-channel": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz", + "integrity": "sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==", + "requires": { + "call-bind": "^1.0.0", + "get-intrinsic": "^1.0.2", + "object-inspect": "^1.9.0" + } + }, + "slash": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==" + }, + "source-map-js": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.0.2.tgz", + "integrity": "sha512-R0XvVJ9WusLiqTCEiGCmICCMplcCkIwwR11mOSD9CR5u+IXYdiseeEuXCVAjS54zqwkLcPNnmU4OeJ6tUrWhDw==" + }, + "string.prototype.matchall": { + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/string.prototype.matchall/-/string.prototype.matchall-4.0.8.tgz", + "integrity": "sha512-6zOCOcJ+RJAQshcTvXPHoxoQGONa3e/Lqx90wUA+wEzX78sg5Bo+1tQo4N0pohS0erG9qtCqJDjNCQBjeWVxyg==", + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4", + "get-intrinsic": "^1.1.3", + "has-symbols": "^1.0.3", + "internal-slot": "^1.0.3", + "regexp.prototype.flags": "^1.4.3", + "side-channel": "^1.0.4" + } + }, + "string.prototype.trimend": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/string.prototype.trimend/-/string.prototype.trimend-1.0.6.tgz", + "integrity": "sha512-JySq+4mrPf9EsDBEDYMOb/lM7XQLulwg5R/m1r0PXEFqrV0qHvl58sdTilSXtKOflCsK2E8jxf+GKC0T07RWwQ==", + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4" + } + }, + "string.prototype.trimstart": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/string.prototype.trimstart/-/string.prototype.trimstart-1.0.6.tgz", + "integrity": "sha512-omqjMDaY92pbn5HOX7f9IccLA+U1tA9GvtU4JrodiXFfYB7jPzzHpRzpglLAjtUV6bB557zwClJezTqnAiYnQA==", + "requires": { + "call-bind": "^1.0.2", + "define-properties": "^1.1.4", + "es-abstract": "^1.20.4" + } + }, + "strip-ansi": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", + "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", + "requires": { + "ansi-regex": "^5.0.1" + } + }, + "strip-bom": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz", + "integrity": "sha512-vavAMRXOgBVNF6nyEEmL3DBK19iRpDcoIwW+swQ+CbGiu7lju6t+JklA1MHweoWtadgt4ISVUsXLyDq34ddcwA==" + }, + "strip-json-comments": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", + "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==" + }, + "styled-jsx": { + "version": "5.1.1", + "resolved": "https://registry.npmjs.org/styled-jsx/-/styled-jsx-5.1.1.tgz", + "integrity": "sha512-pW7uC1l4mBZ8ugbiZrcIsiIvVx1UmTfw7UkC3Um2tmfUq9Bhk8IiyEIPl6F8agHgjzku6j0xQEZbfA5uSgSaCw==", + "requires": { + "client-only": "0.0.1" + } + }, + "supports-color": { + "version": "7.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", + "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", + "requires": { + "has-flag": "^4.0.0" + } + }, + "supports-preserve-symlinks-flag": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", + "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==" + }, + "synckit": { + "version": "0.8.4", + "resolved": "https://registry.npmjs.org/synckit/-/synckit-0.8.4.tgz", + "integrity": "sha512-Dn2ZkzMdSX827QbowGbU/4yjWuvNaCoScLLoMo/yKbu+P4GBR6cRGKZH27k6a9bRzdqcyd1DE96pQtQ6uNkmyw==", + "requires": { + "@pkgr/utils": "^2.3.1", + "tslib": "^2.4.0" + } + }, + "tapable": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.1.tgz", + "integrity": "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ==" + }, + "text-table": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", + "integrity": "sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==" + }, + "tiny-glob": { + "version": "0.2.9", + "resolved": "https://registry.npmjs.org/tiny-glob/-/tiny-glob-0.2.9.tgz", + "integrity": "sha512-g/55ssRPUjShh+xkfx9UPDXqhckHEsHr4Vd9zX55oSdGZc/MD0m3sferOkwWtp98bv+kcVfEHtRJgBVJzelrzg==", + "requires": { + "globalyzer": "0.1.0", + "globrex": "^0.1.2" + } + }, + "to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "requires": { + "is-number": "^7.0.0" + } + }, + "tsconfig-paths": { + "version": "3.14.1", + "resolved": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.14.1.tgz", + "integrity": "sha512-fxDhWnFSLt3VuTwtvJt5fpwxBHg5AdKWMsgcPOOIilyjymcYVZoCQF8fvFRezCNfblEXmi+PcM1eYHeOAgXCOQ==", + "requires": { + "@types/json5": "^0.0.29", + "json5": "^1.0.1", + "minimist": "^1.2.6", + "strip-bom": "^3.0.0" + } + }, + "tslib": { + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.4.1.tgz", + "integrity": "sha512-tGyy4dAjRIEwI7BzsB0lynWgOpfqjUdq91XXAlIWD2OwKBH7oCl/GZG/HT4BOHrTlPMOASlMQ7veyTqpmRcrNA==" + }, + "tsutils": { + "version": "3.21.0", + "resolved": "https://registry.npmjs.org/tsutils/-/tsutils-3.21.0.tgz", + "integrity": "sha512-mHKK3iUXL+3UF6xL5k0PEhKRUBKPBCv/+RkEOpjRWxxx27KKRBmmA60A9pgOUvMi8GKhRMPEmjBRPzs2W7O1OA==", + "requires": { + "tslib": "^1.8.1" + }, + "dependencies": { + "tslib": { + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", + "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" + } + } + }, + "type-check": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", + "integrity": "sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==", + "requires": { + "prelude-ls": "^1.2.1" + } + }, + "type-fest": { + "version": "0.20.2", + "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", + "integrity": "sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==" + }, + "typescript": { + "version": "4.9.4", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.4.tgz", + "integrity": "sha512-Uz+dTXYzxXXbsFpM86Wh3dKCxrQqUcVMxwU54orwlJjOpO3ao8L7j5lH+dWfTwgCwIuM9GQ2kvVotzYJMXTBZg==" + }, + "unbox-primitive": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/unbox-primitive/-/unbox-primitive-1.0.2.tgz", + "integrity": "sha512-61pPlCD9h51VoreyJ0BReideM3MDKMKnh6+V9L08331ipq6Q8OFXZYiqP6n/tbHx4s5I9uRhcye6BrbkizkBDw==", + "requires": { + "call-bind": "^1.0.2", + "has-bigints": "^1.0.2", + "has-symbols": "^1.0.3", + "which-boxed-primitive": "^1.0.2" + } + }, + "uri-js": { + "version": "4.4.1", + "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", + "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==", + "requires": { + "punycode": "^2.1.0" + } + }, + "which": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", + "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", + "requires": { + "isexe": "^2.0.0" + } + }, + "which-boxed-primitive": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/which-boxed-primitive/-/which-boxed-primitive-1.0.2.tgz", + "integrity": "sha512-bwZdv0AKLpplFY2KZRX6TvyuN7ojjr7lwkg6ml0roIy9YeuSr7JS372qlNW18UQYzgYK9ziGcerWqZOmEn9VNg==", + "requires": { + "is-bigint": "^1.0.1", + "is-boolean-object": "^1.1.0", + "is-number-object": "^1.0.4", + "is-string": "^1.0.5", + "is-symbol": "^1.0.3" + } + }, + "word-wrap": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz", + "integrity": "sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==" + }, + "wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==" + }, + "yallist": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", + "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==" + }, + "yocto-queue": { + "version": "0.1.0", + "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", + "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==" + } + } +} diff --git a/example-next/package.json b/example-next/package.json new file mode 100644 index 0000000..91a320b --- /dev/null +++ b/example-next/package.json @@ -0,0 +1,24 @@ +{ + "name": "example-next", + "version": "0.1.0", + "private": true, + "scripts": { + "dev": "next dev", + "build": "next build", + "start": "next start", + "lint": "next lint" + }, + "dependencies": { + "@next/font": "13.1.1", + "@types/node": "18.11.18", + "@types/react": "18.0.26", + "@types/react-dom": "18.0.10", + "eslint": "8.31.0", + "eslint-config-next": "13.1.1", + "next": "13.1.1", + "react": "18.2.0", + "react-chat-engine-advanced": "link:..", + "react-dom": "18.2.0", + "typescript": "4.9.4" + } +} diff --git a/example-next/pages/_app.tsx b/example-next/pages/_app.tsx new file mode 100644 index 0000000..da826ed --- /dev/null +++ b/example-next/pages/_app.tsx @@ -0,0 +1,5 @@ +import type { AppProps } from 'next/app'; + +export default function App({ Component, pageProps }: AppProps) { + return ; +} diff --git a/example-next/pages/_document.tsx b/example-next/pages/_document.tsx new file mode 100644 index 0000000..54e8bf3 --- /dev/null +++ b/example-next/pages/_document.tsx @@ -0,0 +1,13 @@ +import { Html, Head, Main, NextScript } from 'next/document' + +export default function Document() { + return ( + + + +
+ + + + ) +} diff --git a/example-next/pages/index.tsx b/example-next/pages/index.tsx new file mode 100644 index 0000000..eaa3d3b --- /dev/null +++ b/example-next/pages/index.tsx @@ -0,0 +1,19 @@ +import { + useMultiChatLogic, + MultiChatSocket, + MultiChatWindow, +} from 'react-chat-engine-advanced'; + +export default function Home() { + const chatProps = useMultiChatLogic( + '794653df-052a-4ad2-b0aa-d6c251a10aef', + 'adam', + 'pass1234' + ); + return ( +
+ + +
+ ); +} diff --git a/example-next/public/favicon.ico b/example-next/public/favicon.ico new file mode 100644 index 0000000000000000000000000000000000000000..718d6fea4835ec2d246af9800eddb7ffb276240c GIT binary patch literal 25931 zcmeHv30#a{`}aL_*G&7qml|y<+KVaDM2m#dVr!KsA!#An?kSQM(q<_dDNCpjEux83 zLb9Z^XxbDl(w>%i@8hT6>)&Gu{h#Oeyszu?xtw#Zb1mO{pgX9699l+Qppw7jXaYf~-84xW z)w4x8?=youko|}Vr~(D$UXIbiXABHh`p1?nn8Po~fxRJv}|0e(BPs|G`(TT%kKVJAdg5*Z|x0leQq0 zkdUBvb#>9F()jo|T~kx@OM8$9wzs~t2l;K=woNssA3l6|sx2r3+kdfVW@e^8e*E}v zA1y5{bRi+3Z`uD3{F7LgFJDdvm;nJilkzDku>BwXH(8ItVCXk*-lSJnR?-2UN%hJ){&rlvg`CDTj z)Bzo!3v7Ou#83zEDEFcKt(f1E0~=rqeEbTnMvWR#{+9pg%7G8y>u1OVRUSoox-ovF z2Ydma(;=YuBY(eI|04{hXzZD6_f(v~H;C~y5=DhAC{MMS>2fm~1H_t2$56pc$NH8( z5bH|<)71dV-_oCHIrzrT`2s-5w_+2CM0$95I6X8p^r!gHp+j_gd;9O<1~CEQQGS8) zS9Qh3#p&JM-G8rHekNmKVewU;pJRcTAog68KYo^dRo}(M>36U4Us zfgYWSiHZL3;lpWT=zNAW>Dh#mB!_@Lg%$ms8N-;aPqMn+C2HqZgz&9~Eu z4|Kp<`$q)Uw1R?y(~S>ePdonHxpV1#eSP1B;Ogo+-Pk}6#0GsZZ5!||ev2MGdh}_m z{DeR7?0-1^zVs&`AV6Vt;r3`I`OI_wgs*w=eO%_#7Kepl{B@xiyCANc(l zzIyd4y|c6PXWq9-|KM8(zIk8LPk(>a)zyFWjhT!$HJ$qX1vo@d25W<fvZQ2zUz5WRc(UnFMKHwe1| zWmlB1qdbiA(C0jmnV<}GfbKtmcu^2*P^O?MBLZKt|As~ge8&AAO~2K@zbXelK|4T<{|y4`raF{=72kC2Kn(L4YyenWgrPiv z@^mr$t{#X5VuIMeL!7Ab6_kG$&#&5p*Z{+?5U|TZ`B!7llpVmp@skYz&n^8QfPJzL z0G6K_OJM9x+Wu2gfN45phANGt{7=C>i34CV{Xqlx(fWpeAoj^N0Biu`w+MVcCUyU* zDZuzO0>4Z6fbu^T_arWW5n!E45vX8N=bxTVeFoep_G#VmNlQzAI_KTIc{6>c+04vr zx@W}zE5JNSU>!THJ{J=cqjz+4{L4A{Ob9$ZJ*S1?Ggg3klFp!+Y1@K+pK1DqI|_gq z5ZDXVpge8-cs!o|;K73#YXZ3AShj50wBvuq3NTOZ`M&qtjj#GOFfgExjg8Gn8>Vq5 z`85n+9|!iLCZF5$HJ$Iu($dm?8~-ofu}tEc+-pyke=3!im#6pk_Wo8IA|fJwD&~~F zc16osQ)EBo58U7XDuMexaPRjU@h8tXe%S{fA0NH3vGJFhuyyO!Uyl2^&EOpX{9As0 zWj+P>{@}jxH)8|r;2HdupP!vie{sJ28b&bo!8`D^x}TE$%zXNb^X1p@0PJ86`dZyj z%ce7*{^oo+6%&~I!8hQy-vQ7E)0t0ybH4l%KltWOo~8cO`T=157JqL(oq_rC%ea&4 z2NcTJe-HgFjNg-gZ$6!Y`SMHrlj}Etf7?r!zQTPPSv}{so2e>Fjs1{gzk~LGeesX%r(Lh6rbhSo_n)@@G-FTQy93;l#E)hgP@d_SGvyCp0~o(Y;Ee8{ zdVUDbHm5`2taPUOY^MAGOw*>=s7=Gst=D+p+2yON!0%Hk` zz5mAhyT4lS*T3LS^WSxUy86q&GnoHxzQ6vm8)VS}_zuqG?+3td68_x;etQAdu@sc6 zQJ&5|4(I?~3d-QOAODHpZ=hlSg(lBZ!JZWCtHHSj`0Wh93-Uk)_S%zsJ~aD>{`A0~ z9{AG(e|q3g5B%wYKRxiL2Y$8(4w6bzchKuloQW#e&S3n+P- z8!ds-%f;TJ1>)v)##>gd{PdS2Oc3VaR`fr=`O8QIO(6(N!A?pr5C#6fc~Ge@N%Vvu zaoAX2&(a6eWy_q&UwOhU)|P3J0Qc%OdhzW=F4D|pt0E4osw;%<%Dn58hAWD^XnZD= z>9~H(3bmLtxpF?a7su6J7M*x1By7YSUbxGi)Ot0P77`}P3{)&5Un{KD?`-e?r21!4vTTnN(4Y6Lin?UkSM z`MXCTC1@4A4~mvz%Rh2&EwY))LeoT=*`tMoqcEXI>TZU9WTP#l?uFv+@Dn~b(>xh2 z;>B?;Tz2SR&KVb>vGiBSB`@U7VIWFSo=LDSb9F{GF^DbmWAfpms8Sx9OX4CnBJca3 zlj9(x!dIjN?OG1X4l*imJNvRCk}F%!?SOfiOq5y^mZW)jFL@a|r-@d#f7 z2gmU8L3IZq0ynIws=}~m^#@&C%J6QFo~Mo4V`>v7MI-_!EBMMtb%_M&kvAaN)@ZVw z+`toz&WG#HkWDjnZE!6nk{e-oFdL^$YnbOCN}JC&{$#$O27@|Tn-skXr)2ml2~O!5 zX+gYoxhoc7qoU?C^3~&!U?kRFtnSEecWuH0B0OvLodgUAi}8p1 zrO6RSXHH}DMc$&|?D004DiOVMHV8kXCP@7NKB zgaZq^^O<7PoKEp72kby@W0Z!Y*Ay{&vfg#C&gG@YVR9g?FEocMUi1gSN$+V+ayF45{a zuDZDTN}mS|;BO%gEf}pjBfN2-gIrU#G5~cucA;dokXW89%>AyXJJI z9X4UlIWA|ZYHgbI z5?oFk@A=Ik7lrEQPDH!H+b`7_Y~aDb_qa=B2^Y&Ow41cU=4WDd40dp5(QS-WMN-=Y z9g;6_-JdNU;|6cPwf$ak*aJIcwL@1n$#l~zi{c{EW?T;DaW*E8DYq?Umtz{nJ&w-M zEMyTDrC&9K$d|kZe2#ws6)L=7K+{ zQw{XnV6UC$6-rW0emqm8wJoeZK)wJIcV?dST}Z;G0Arq{dVDu0&4kd%N!3F1*;*pW zR&qUiFzK=@44#QGw7k1`3t_d8&*kBV->O##t|tonFc2YWrL7_eqg+=+k;!F-`^b8> z#KWCE8%u4k@EprxqiV$VmmtiWxDLgnGu$Vs<8rppV5EajBXL4nyyZM$SWVm!wnCj-B!Wjqj5-5dNXukI2$$|Bu3Lrw}z65Lc=1G z^-#WuQOj$hwNGG?*CM_TO8Bg-1+qc>J7k5c51U8g?ZU5n?HYor;~JIjoWH-G>AoUP ztrWWLbRNqIjW#RT*WqZgPJXU7C)VaW5}MiijYbABmzoru6EmQ*N8cVK7a3|aOB#O& zBl8JY2WKfmj;h#Q!pN%9o@VNLv{OUL?rixHwOZuvX7{IJ{(EdPpuVFoQqIOa7giLVkBOKL@^smUA!tZ1CKRK}#SSM)iQHk)*R~?M!qkCruaS!#oIL1c z?J;U~&FfH#*98^G?i}pA{ z9Jg36t4=%6mhY(quYq*vSxptes9qy|7xSlH?G=S@>u>Ebe;|LVhs~@+06N<4CViBk zUiY$thvX;>Tby6z9Y1edAMQaiH zm^r3v#$Q#2T=X>bsY#D%s!bhs^M9PMAcHbCc0FMHV{u-dwlL;a1eJ63v5U*?Q_8JO zT#50!RD619#j_Uf))0ooADz~*9&lN!bBDRUgE>Vud-i5ck%vT=r^yD*^?Mp@Q^v+V zG#-?gKlr}Eeqifb{|So?HM&g91P8|av8hQoCmQXkd?7wIJwb z_^v8bbg`SAn{I*4bH$u(RZ6*xUhuA~hc=8czK8SHEKTzSxgbwi~9(OqJB&gwb^l4+m`k*Q;_?>Y-APi1{k zAHQ)P)G)f|AyjSgcCFps)Fh6Bca*Xznq36!pV6Az&m{O8$wGFD? zY&O*3*J0;_EqM#jh6^gMQKpXV?#1?>$ml1xvh8nSN>-?H=V;nJIwB07YX$e6vLxH( zqYwQ>qxwR(i4f)DLd)-$P>T-no_c!LsN@)8`e;W@)-Hj0>nJ-}Kla4-ZdPJzI&Mce zv)V_j;(3ERN3_@I$N<^|4Lf`B;8n+bX@bHbcZTopEmDI*Jfl)-pFDvo6svPRoo@(x z);_{lY<;);XzT`dBFpRmGrr}z5u1=pC^S-{ce6iXQlLGcItwJ^mZx{m$&DA_oEZ)B{_bYPq-HA zcH8WGoBG(aBU_j)vEy+_71T34@4dmSg!|M8Vf92Zj6WH7Q7t#OHQqWgFE3ARt+%!T z?oLovLVlnf?2c7pTc)~cc^($_8nyKwsN`RA-23ed3sdj(ys%pjjM+9JrctL;dy8a( z@en&CQmnV(()bu|Y%G1-4a(6x{aLytn$T-;(&{QIJB9vMox11U-1HpD@d(QkaJdEb zG{)+6Dos_L+O3NpWo^=gR?evp|CqEG?L&Ut#D*KLaRFOgOEK(Kq1@!EGcTfo+%A&I z=dLbB+d$u{sh?u)xP{PF8L%;YPPW53+@{>5W=Jt#wQpN;0_HYdw1{ksf_XhO4#2F= zyPx6Lx2<92L-;L5PD`zn6zwIH`Jk($?Qw({erA$^bC;q33hv!d!>%wRhj# zal^hk+WGNg;rJtb-EB(?czvOM=H7dl=vblBwAv>}%1@{}mnpUznfq1cE^sgsL0*4I zJ##!*B?=vI_OEVis5o+_IwMIRrpQyT_Sq~ZU%oY7c5JMIADzpD!Upz9h@iWg_>>~j zOLS;wp^i$-E?4<_cp?RiS%Rd?i;f*mOz=~(&3lo<=@(nR!_Rqiprh@weZlL!t#NCc zO!QTcInq|%#>OVgobj{~ixEUec`E25zJ~*DofsQdzIa@5^nOXj2T;8O`l--(QyU^$t?TGY^7#&FQ+2SS3B#qK*k3`ye?8jUYSajE5iBbJls75CCc(m3dk{t?- zopcER9{Z?TC)mk~gpi^kbbu>b-+a{m#8-y2^p$ka4n60w;Sc2}HMf<8JUvhCL0B&Btk)T`ctE$*qNW8L$`7!r^9T+>=<=2qaq-;ll2{`{Rg zc5a0ZUI$oG&j-qVOuKa=*v4aY#IsoM+1|c4Z)<}lEDvy;5huB@1RJPquU2U*U-;gu z=En2m+qjBzR#DEJDO`WU)hdd{Vj%^0V*KoyZ|5lzV87&g_j~NCjwv0uQVqXOb*QrQ zy|Qn`hxx(58c70$E;L(X0uZZ72M1!6oeg)(cdKO ze0gDaTz+ohR-#d)NbAH4x{I(21yjwvBQfmpLu$)|m{XolbgF!pmsqJ#D}(ylp6uC> z{bqtcI#hT#HW=wl7>p!38sKsJ`r8}lt-q%Keqy%u(xk=yiIJiUw6|5IvkS+#?JTBl z8H5(Q?l#wzazujH!8o>1xtn8#_w+397*_cy8!pQGP%K(Ga3pAjsaTbbXJlQF_+m+-UpUUent@xM zg%jqLUExj~o^vQ3Gl*>wh=_gOr2*|U64_iXb+-111aH}$TjeajM+I20xw(((>fej-@CIz4S1pi$(#}P7`4({6QS2CaQS4NPENDp>sAqD z$bH4KGzXGffkJ7R>V>)>tC)uax{UsN*dbeNC*v}#8Y#OWYwL4t$ePR?VTyIs!wea+ z5Urmc)X|^`MG~*dS6pGSbU+gPJoq*^a=_>$n4|P^w$sMBBy@f*Z^Jg6?n5?oId6f{ z$LW4M|4m502z0t7g<#Bx%X;9<=)smFolV&(V^(7Cv2-sxbxopQ!)*#ZRhTBpx1)Fc zNm1T%bONzv6@#|dz(w02AH8OXe>kQ#1FMCzO}2J_mST)+ExmBr9cva-@?;wnmWMOk z{3_~EX_xadgJGv&H@zK_8{(x84`}+c?oSBX*Ge3VdfTt&F}yCpFP?CpW+BE^cWY0^ zb&uBN!Ja3UzYHK-CTyA5=L zEMW{l3Usky#ly=7px648W31UNV@K)&Ub&zP1c7%)`{);I4b0Q<)B}3;NMG2JH=X$U zfIW4)4n9ZM`-yRj67I)YSLDK)qfUJ_ij}a#aZN~9EXrh8eZY2&=uY%2N0UFF7<~%M zsB8=erOWZ>Ct_#^tHZ|*q`H;A)5;ycw*IcmVxi8_0Xk}aJA^ath+E;xg!x+As(M#0=)3!NJR6H&9+zd#iP(m0PIW8$ z1Y^VX`>jm`W!=WpF*{ioM?C9`yOR>@0q=u7o>BP-eSHqCgMDj!2anwH?s%i2p+Q7D zzszIf5XJpE)IG4;d_(La-xenmF(tgAxK`Y4sQ}BSJEPs6N_U2vI{8=0C_F?@7<(G; zo$~G=8p+076G;`}>{MQ>t>7cm=zGtfbdDXm6||jUU|?X?CaE?(<6bKDYKeHlz}DA8 zXT={X=yp_R;HfJ9h%?eWvQ!dRgz&Su*JfNt!Wu>|XfU&68iRikRrHRW|ZxzRR^`eIGt zIeiDgVS>IeExKVRWW8-=A=yA`}`)ZkWBrZD`hpWIxBGkh&f#ijr449~m`j6{4jiJ*C!oVA8ZC?$1RM#K(_b zL9TW)kN*Y4%^-qPpMP7d4)o?Nk#>aoYHT(*g)qmRUb?**F@pnNiy6Fv9rEiUqD(^O zzyS?nBrX63BTRYduaG(0VVG2yJRe%o&rVrLjbxTaAFTd8s;<<@Qs>u(<193R8>}2_ zuwp{7;H2a*X7_jryzriZXMg?bTuegABb^87@SsKkr2)0Gyiax8KQWstw^v#ix45EVrcEhr>!NMhprl$InQMzjSFH54x5k9qHc`@9uKQzvL4ihcq{^B zPrVR=o_ic%Y>6&rMN)hTZsI7I<3&`#(nl+3y3ys9A~&^=4?PL&nd8)`OfG#n zwAMN$1&>K++c{^|7<4P=2y(B{jJsQ0a#U;HTo4ZmWZYvI{+s;Td{Yzem%0*k#)vjpB zia;J&>}ICate44SFYY3vEelqStQWFihx%^vQ@Do(sOy7yR2@WNv7Y9I^yL=nZr3mb zXKV5t@=?-Sk|b{XMhA7ZGB@2hqsx}4xwCW!in#C zI@}scZlr3-NFJ@NFaJlhyfcw{k^vvtGl`N9xSo**rDW4S}i zM9{fMPWo%4wYDG~BZ18BD+}h|GQKc-g^{++3MY>}W_uq7jGHx{mwE9fZiPCoxN$+7 zrODGGJrOkcPQUB(FD5aoS4g~7#6NR^ma7-!>mHuJfY5kTe6PpNNKC9GGRiu^L31uG z$7v`*JknQHsYB!Tm_W{a32TM099djW%5e+j0Ve_ct}IM>XLF1Ap+YvcrLV=|CKo6S zb+9Nl3_YdKP6%Cxy@6TxZ>;4&nTneadr z_ES90ydCev)LV!dN=#(*f}|ZORFdvkYBni^aLbUk>BajeWIOcmHP#8S)*2U~QKI%S zyrLmtPqb&TphJ;>yAxri#;{uyk`JJqODDw%(Z=2`1uc}br^V%>j!gS)D*q*f_-qf8&D;W1dJgQMlaH5er zN2U<%Smb7==vE}dDI8K7cKz!vs^73o9f>2sgiTzWcwY|BMYHH5%Vn7#kiw&eItCqa zIkR2~Q}>X=Ar8W|^Ms41Fm8o6IB2_j60eOeBB1Br!boW7JnoeX6Gs)?7rW0^5psc- zjS16yb>dFn>KPOF;imD}e!enuIniFzv}n$m2#gCCv4jM#ArwlzZ$7@9&XkFxZ4n!V zj3dyiwW4Ki2QG{@i>yuZXQizw_OkZI^-3otXC{!(lUpJF33gI60ak;Uqitp74|B6I zgg{b=Iz}WkhCGj1M=hu4#Aw173YxIVbISaoc z-nLZC*6Tgivd5V`K%GxhBsp@SUU60-rfc$=wb>zdJzXS&-5(NRRodFk;Kxk!S(O(a0e7oY=E( zAyS;Ow?6Q&XA+cnkCb{28_1N8H#?J!*$MmIwLq^*T_9-z^&UE@A(z9oGYtFy6EZef LrJugUA?W`A8`#=m literal 0 HcmV?d00001 diff --git a/example-next/public/next.svg b/example-next/public/next.svg new file mode 100644 index 0000000..5174b28 --- /dev/null +++ b/example-next/public/next.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/example-next/public/thirteen.svg b/example-next/public/thirteen.svg new file mode 100644 index 0000000..8977c1b --- /dev/null +++ b/example-next/public/thirteen.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/example-next/public/vercel.svg b/example-next/public/vercel.svg new file mode 100644 index 0000000..d2f8422 --- /dev/null +++ b/example-next/public/vercel.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/example-next/tsconfig.json b/example-next/tsconfig.json new file mode 100644 index 0000000..99710e8 --- /dev/null +++ b/example-next/tsconfig.json @@ -0,0 +1,20 @@ +{ + "compilerOptions": { + "target": "es5", + "lib": ["dom", "dom.iterable", "esnext"], + "allowJs": true, + "skipLibCheck": true, + "strict": true, + "forceConsistentCasingInFileNames": true, + "noEmit": true, + "esModuleInterop": true, + "module": "esnext", + "moduleResolution": "node", + "resolveJsonModule": true, + "isolatedModules": true, + "jsx": "preserve", + "incremental": true + }, + "include": ["next-env.d.ts", "**/*.ts", "**/*.tsx"], + "exclude": ["node_modules"] +} diff --git a/example-next/yarn.lock b/example-next/yarn.lock new file mode 100644 index 0000000..3473665 --- /dev/null +++ b/example-next/yarn.lock @@ -0,0 +1,2090 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY. +# yarn lockfile v1 + + +"@ant-design/colors@^6.0.0": + version "6.0.0" + resolved "https://registry.yarnpkg.com/@ant-design/colors/-/colors-6.0.0.tgz#9b9366257cffcc47db42b9d0203bb592c13c0298" + integrity sha512-qAZRvPzfdWHtfameEGP2Qvuf838NhergR35o+EuVyB5XvSA98xod5r4utvi4TJ3ywmevm290g9nsCG5MryrdWQ== + dependencies: + "@ctrl/tinycolor" "^3.4.0" + +"@ant-design/icons-svg@^4.2.1": + version "4.2.1" + resolved "https://registry.yarnpkg.com/@ant-design/icons-svg/-/icons-svg-4.2.1.tgz#8630da8eb4471a4aabdaed7d1ff6a97dcb2cf05a" + integrity sha512-EB0iwlKDGpG93hW8f85CTJTs4SvMX7tt5ceupvhALp1IF44SeUFOMhKUOYqpsoYWQKAOuTRDMqn75rEaKDp0Xw== + +"@ant-design/icons@^4.7.0": + version "4.8.0" + resolved "https://registry.yarnpkg.com/@ant-design/icons/-/icons-4.8.0.tgz#3084e2bb494cac3dad6c0392f77c1efc90ee1fa4" + integrity sha512-T89P2jG2vM7OJ0IfGx2+9FC5sQjtTzRSz+mCHTXkFn/ELZc2YpfStmYHmqzq2Jx55J0F7+O6i5/ZKFSVNWCKNg== + dependencies: + "@ant-design/colors" "^6.0.0" + "@ant-design/icons-svg" "^4.2.1" + "@babel/runtime" "^7.11.2" + classnames "^2.2.6" + rc-util "^5.9.4" + +"@babel/runtime-corejs3@^7.10.2": + version "7.20.7" + resolved "https://registry.yarnpkg.com/@babel/runtime-corejs3/-/runtime-corejs3-7.20.7.tgz#a1e5ea3d758ba6beb715210142912e3f29981d84" + integrity sha512-jr9lCZ4RbRQmCR28Q8U8Fu49zvFqLxTY9AMOUz+iyMohMoAgpEcVxY+wJNay99oXOpOcCTODkk70NDN2aaJEeg== + dependencies: + core-js-pure "^3.25.1" + regenerator-runtime "^0.13.11" + +"@babel/runtime@^7.10.2", "@babel/runtime@^7.11.2", "@babel/runtime@^7.18.3", "@babel/runtime@^7.18.9": + version "7.20.7" + resolved "https://registry.yarnpkg.com/@babel/runtime/-/runtime-7.20.7.tgz#fcb41a5a70550e04a7b708037c7c32f7f356d8fd" + integrity sha512-UF0tvkUtxwAgZ5W/KrkHf0Rn0fdnLDU9ScxBrEVNUprE/MzirjK4MJUX1/BVDv00Sv8cljtukVK1aky++X1SjQ== + dependencies: + regenerator-runtime "^0.13.11" + +"@ctrl/tinycolor@^3.4.0": + version "3.5.0" + resolved "https://registry.yarnpkg.com/@ctrl/tinycolor/-/tinycolor-3.5.0.tgz#6e52b3d1c38d13130101771821e09cdd414a16bc" + integrity sha512-tlJpwF40DEQcfR/QF+wNMVyGMaO9FQp6Z1Wahj4Gk3CJQYHwA2xVG7iKDFdW6zuxZY9XWOpGcfNCTsX4McOsOg== + +"@eslint/eslintrc@^1.4.1": + version "1.4.1" + resolved "https://registry.yarnpkg.com/@eslint/eslintrc/-/eslintrc-1.4.1.tgz#af58772019a2d271b7e2d4c23ff4ddcba3ccfb3e" + integrity sha512-XXrH9Uarn0stsyldqDYq8r++mROmWRI1xKMXa640Bb//SY1+ECYX6VzT6Lcx5frD0V30XieqJ0oX9I2Xj5aoMA== + dependencies: + ajv "^6.12.4" + debug "^4.3.2" + espree "^9.4.0" + globals "^13.19.0" + ignore "^5.2.0" + import-fresh "^3.2.1" + js-yaml "^4.1.0" + minimatch "^3.1.2" + strip-json-comments "^3.1.1" + +"@humanwhocodes/config-array@^0.11.8": + version "0.11.8" + resolved "https://registry.yarnpkg.com/@humanwhocodes/config-array/-/config-array-0.11.8.tgz#03595ac2075a4dc0f191cc2131de14fbd7d410b9" + integrity sha512-UybHIJzJnR5Qc/MsD9Kr+RpO2h+/P1GhOwdiLPXK5TWk5sgTdu88bTD9UP+CKbPPh5Rni1u0GjAdYQLemG8g+g== + dependencies: + "@humanwhocodes/object-schema" "^1.2.1" + debug "^4.1.1" + minimatch "^3.0.5" + +"@humanwhocodes/module-importer@^1.0.1": + version "1.0.1" + resolved "https://registry.yarnpkg.com/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz#af5b2691a22b44be847b0ca81641c5fb6ad0172c" + integrity sha512-bxveV4V8v5Yb4ncFTT3rPSgZBOpCkjfK0y4oVVVJwIuDVBRMDXrPyXRL988i5ap9m9bnyEEjWfm5WkBmtffLfA== + +"@humanwhocodes/object-schema@^1.2.1": + version "1.2.1" + resolved "https://registry.yarnpkg.com/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz#b520529ec21d8e5945a1851dfd1c32e94e39ff45" + integrity sha512-ZnQMnLV4e7hDlUvw8H+U8ASL02SS2Gn6+9Ac3wGGLIe7+je2AeAOxPY+izIPJDfFDb7eDjev0Us8MO1iFRN8hA== + +"@next/env@13.1.1": + version "13.1.1" + resolved "https://registry.yarnpkg.com/@next/env/-/env-13.1.1.tgz#6ff26488dc7674ef2bfdd1ca28fe43eed1113bea" + integrity sha512-vFMyXtPjSAiOXOywMojxfKIqE3VWN5RCAx+tT3AS3pcKjMLFTCJFUWsKv8hC+87Z1F4W3r68qTwDFZIFmd5Xkw== + +"@next/eslint-plugin-next@13.1.1": + version "13.1.1" + resolved "https://registry.yarnpkg.com/@next/eslint-plugin-next/-/eslint-plugin-next-13.1.1.tgz#cc5e419cc85587f73f2ac0046a91df01dc6fef8b" + integrity sha512-SBrOFS8PC3nQ5aeZmawJkjKkWjwK9RoxvBSv/86nZp0ubdoVQoko8r8htALd9ufp16NhacCdqhu9bzZLDWtALQ== + dependencies: + glob "7.1.7" + +"@next/font@13.1.1": + version "13.1.1" + resolved "https://registry.yarnpkg.com/@next/font/-/font-13.1.1.tgz#a0cb38bf8a181560f195d82f13f9f92fd0b0dd20" + integrity sha512-amygRorS05hYK1/XQRZo5qBl7l2fpHnezeKU/cNveWU5QJg+sg8gMGkUXHtvesNKpiKIJshBRH1TzvO+2sKpvQ== + +"@next/swc-android-arm-eabi@13.1.1": + version "13.1.1" + resolved "https://registry.yarnpkg.com/@next/swc-android-arm-eabi/-/swc-android-arm-eabi-13.1.1.tgz#b5c3cd1f79d5c7e6a3b3562785d4e5ac3555b9e1" + integrity sha512-qnFCx1kT3JTWhWve4VkeWuZiyjG0b5T6J2iWuin74lORCupdrNukxkq9Pm+Z7PsatxuwVJMhjUoYz7H4cWzx2A== + +"@next/swc-android-arm64@13.1.1": + version "13.1.1" + resolved "https://registry.yarnpkg.com/@next/swc-android-arm64/-/swc-android-arm64-13.1.1.tgz#e2ca9ccbba9ef770cb19fbe96d1ac00fe4cb330d" + integrity sha512-eCiZhTzjySubNqUnNkQCjU3Fh+ep3C6b5DCM5FKzsTH/3Gr/4Y7EiaPZKILbvnXmhWtKPIdcY6Zjx51t4VeTfA== + +"@next/swc-darwin-arm64@13.1.1": + version "13.1.1" + resolved "https://registry.yarnpkg.com/@next/swc-darwin-arm64/-/swc-darwin-arm64-13.1.1.tgz#4af00877332231bbd5a3703435fdd0b011e74767" + integrity sha512-9zRJSSIwER5tu9ADDkPw5rIZ+Np44HTXpYMr0rkM656IvssowPxmhK0rTreC1gpUCYwFsRbxarUJnJsTWiutPg== + +"@next/swc-darwin-x64@13.1.1": + version "13.1.1" + resolved "https://registry.yarnpkg.com/@next/swc-darwin-x64/-/swc-darwin-x64-13.1.1.tgz#bf4cb09e7e6ec6d91e031118dde2dd17078bcbbc" + integrity sha512-qWr9qEn5nrnlhB0rtjSdR00RRZEtxg4EGvicIipqZWEyayPxhUu6NwKiG8wZiYZCLfJ5KWr66PGSNeDMGlNaiA== + +"@next/swc-freebsd-x64@13.1.1": + version "13.1.1" + resolved "https://registry.yarnpkg.com/@next/swc-freebsd-x64/-/swc-freebsd-x64-13.1.1.tgz#6933ea1264328e8523e28818f912cd53824382d4" + integrity sha512-UwP4w/NcQ7V/VJEj3tGVszgb4pyUCt3lzJfUhjDMUmQbzG9LDvgiZgAGMYH6L21MoyAATJQPDGiAMWAPKsmumA== + +"@next/swc-linux-arm-gnueabihf@13.1.1": + version "13.1.1" + resolved "https://registry.yarnpkg.com/@next/swc-linux-arm-gnueabihf/-/swc-linux-arm-gnueabihf-13.1.1.tgz#b5896967aaba3873d809c3ad2e2039e89acde419" + integrity sha512-CnsxmKHco9sosBs1XcvCXP845Db+Wx1G0qouV5+Gr+HT/ZlDYEWKoHVDgnJXLVEQzq4FmHddBNGbXvgqM1Gfkg== + +"@next/swc-linux-arm64-gnu@13.1.1": + version "13.1.1" + resolved "https://registry.yarnpkg.com/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-13.1.1.tgz#91b3e9ea8575b1ded421c0ea0739b7bccf228469" + integrity sha512-JfDq1eri5Dif+VDpTkONRd083780nsMCOKoFG87wA0sa4xL8LGcXIBAkUGIC1uVy9SMsr2scA9CySLD/i+Oqiw== + +"@next/swc-linux-arm64-musl@13.1.1": + version "13.1.1" + resolved "https://registry.yarnpkg.com/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-13.1.1.tgz#83149ea05d7d55f3664d608dbe004c0d125f9147" + integrity sha512-GA67ZbDq2AW0CY07zzGt07M5b5Yaq5qUpFIoW3UFfjOPgb0Sqf3DAW7GtFMK1sF4ROHsRDMGQ9rnT0VM2dVfKA== + +"@next/swc-linux-x64-gnu@13.1.1": + version "13.1.1" + resolved "https://registry.yarnpkg.com/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-13.1.1.tgz#d7d0777b56de0dd82b78055772e13e18594a15ca" + integrity sha512-nnjuBrbzvqaOJaV+XgT8/+lmXrSCOt1YYZn/irbDb2fR2QprL6Q7WJNgwsZNxiLSfLdv+2RJGGegBx9sLBEzGA== + +"@next/swc-linux-x64-musl@13.1.1": + version "13.1.1" + resolved "https://registry.yarnpkg.com/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-13.1.1.tgz#41655722b127133cd95ab5bc8ca1473e9ab6876f" + integrity sha512-CM9xnAQNIZ8zf/igbIT/i3xWbQZYaF397H+JroF5VMOCUleElaMdQLL5riJml8wUfPoN3dtfn2s4peSr3azz/g== + +"@next/swc-win32-arm64-msvc@13.1.1": + version "13.1.1" + resolved "https://registry.yarnpkg.com/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-13.1.1.tgz#f10da3dfc9b3c2bbd202f5d449a9b807af062292" + integrity sha512-pzUHOGrbgfGgPlOMx9xk3QdPJoRPU+om84hqVoe6u+E0RdwOG0Ho/2UxCgDqmvpUrMab1Deltlt6RqcXFpnigQ== + +"@next/swc-win32-ia32-msvc@13.1.1": + version "13.1.1" + resolved "https://registry.yarnpkg.com/@next/swc-win32-ia32-msvc/-/swc-win32-ia32-msvc-13.1.1.tgz#4c0102b9b18ece15c818056d07e3917ee9dade78" + integrity sha512-WeX8kVS46aobM9a7Xr/kEPcrTyiwJqQv/tbw6nhJ4fH9xNZ+cEcyPoQkwPo570dCOLz3Zo9S2q0E6lJ/EAUOBg== + +"@next/swc-win32-x64-msvc@13.1.1": + version "13.1.1" + resolved "https://registry.yarnpkg.com/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-13.1.1.tgz#c209a37da13be27b722f9c40c40ab4b094866244" + integrity sha512-mVF0/3/5QAc5EGVnb8ll31nNvf3BWpPY4pBb84tk+BfQglWLqc5AC9q1Ht/YMWiEgs8ALNKEQ3GQnbY0bJF2Gg== + +"@nodelib/fs.scandir@2.1.5": + version "2.1.5" + resolved "https://registry.yarnpkg.com/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz#7619c2eb21b25483f6d167548b4cfd5a7488c3d5" + integrity sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g== + dependencies: + "@nodelib/fs.stat" "2.0.5" + run-parallel "^1.1.9" + +"@nodelib/fs.stat@2.0.5", "@nodelib/fs.stat@^2.0.2": + version "2.0.5" + resolved "https://registry.yarnpkg.com/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz#5bd262af94e9d25bd1e71b05deed44876a222e8b" + integrity sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A== + +"@nodelib/fs.walk@^1.2.3", "@nodelib/fs.walk@^1.2.8": + version "1.2.8" + resolved "https://registry.yarnpkg.com/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz#e95737e8bb6746ddedf69c556953494f196fe69a" + integrity sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg== + dependencies: + "@nodelib/fs.scandir" "2.1.5" + fastq "^1.6.0" + +"@pkgr/utils@^2.3.1": + version "2.3.1" + resolved "https://registry.yarnpkg.com/@pkgr/utils/-/utils-2.3.1.tgz#0a9b06ffddee364d6642b3cd562ca76f55b34a03" + integrity sha512-wfzX8kc1PMyUILA+1Z/EqoE4UCXGy0iRGMhPwdfae1+f0OXlLqCk+By+aMzgJBzR9AzS4CDizioG6Ss1gvAFJw== + dependencies: + cross-spawn "^7.0.3" + is-glob "^4.0.3" + open "^8.4.0" + picocolors "^1.0.0" + tiny-glob "^0.2.9" + tslib "^2.4.0" + +"@rushstack/eslint-patch@^1.1.3": + version "1.2.0" + resolved "https://registry.yarnpkg.com/@rushstack/eslint-patch/-/eslint-patch-1.2.0.tgz#8be36a1f66f3265389e90b5f9c9962146758f728" + integrity sha512-sXo/qW2/pAcmT43VoRKOJbDOfV3cYpq3szSVfIThQXNt+E4DfKj361vaAt3c88U5tPUxzEswam7GW48PJqtKAg== + +"@swc/helpers@0.4.14": + version "0.4.14" + resolved "https://registry.yarnpkg.com/@swc/helpers/-/helpers-0.4.14.tgz#1352ac6d95e3617ccb7c1498ff019654f1e12a74" + integrity sha512-4C7nX/dvpzB7za4Ql9K81xK3HPxCpHMgwTZVyf+9JQ6VUbn9jjZVN7/Nkdz/Ugzs2CSjqnL/UPXroiVBVHUWUw== + dependencies: + tslib "^2.4.0" + +"@types/json5@^0.0.29": + version "0.0.29" + resolved "https://registry.yarnpkg.com/@types/json5/-/json5-0.0.29.tgz#ee28707ae94e11d2b827bcbe5270bcea7f3e71ee" + integrity sha512-dRLjCWHYg4oaA77cxO64oO+7JwCwnIzkZPdrrC71jQmQtlhM556pwKo5bUzqvZndkVbeFLIIi+9TC40JNF5hNQ== + +"@types/node@18.11.18": + version "18.11.18" + resolved "https://registry.yarnpkg.com/@types/node/-/node-18.11.18.tgz#8dfb97f0da23c2293e554c5a50d61ef134d7697f" + integrity sha512-DHQpWGjyQKSHj3ebjFI/wRKcqQcdR+MoFBygntYOZytCqNfkd2ZC4ARDJ2DQqhjH5p85Nnd3jhUJIXrszFX/JA== + +"@types/prop-types@*": + version "15.7.5" + resolved "https://registry.yarnpkg.com/@types/prop-types/-/prop-types-15.7.5.tgz#5f19d2b85a98e9558036f6a3cacc8819420f05cf" + integrity sha512-JCB8C6SnDoQf0cNycqd/35A7MjcnK+ZTqE7judS6o7utxUCg6imJg3QK2qzHKszlTjcj2cn+NwMB2i96ubpj7w== + +"@types/react-dom@18.0.10": + version "18.0.10" + resolved "https://registry.yarnpkg.com/@types/react-dom/-/react-dom-18.0.10.tgz#3b66dec56aa0f16a6cc26da9e9ca96c35c0b4352" + integrity sha512-E42GW/JA4Qv15wQdqJq8DL4JhNpB3prJgjgapN3qJT9K2zO5IIAQh4VXvCEDupoqAwnz0cY4RlXeC/ajX5SFHg== + dependencies: + "@types/react" "*" + +"@types/react-scroll@^1.8.3": + version "1.8.5" + resolved "https://registry.yarnpkg.com/@types/react-scroll/-/react-scroll-1.8.5.tgz#be0803e62a40ba3ffbe4dcc7348cea32d8a87f41" + integrity sha512-+adEt41hQHMX4aoBOD9Y336QzQzAtlFXTrsFWToS+efgqsYXUOo0JKLeI0O5GLE50Peap6DsbUQRK6gnv8t6wQ== + dependencies: + "@types/react" "*" + +"@types/react@*", "@types/react@18.0.26": + version "18.0.26" + resolved "https://registry.yarnpkg.com/@types/react/-/react-18.0.26.tgz#8ad59fc01fef8eaf5c74f4ea392621749f0b7917" + integrity sha512-hCR3PJQsAIXyxhTNSiDFY//LhnMZWpNNr5etoCqx/iUfGc5gXWtQR2Phl908jVR6uPXacojQWTg4qRpkxTuGug== + dependencies: + "@types/prop-types" "*" + "@types/scheduler" "*" + csstype "^3.0.2" + +"@types/scheduler@*": + version "0.16.2" + resolved "https://registry.yarnpkg.com/@types/scheduler/-/scheduler-0.16.2.tgz#1a62f89525723dde24ba1b01b092bf5df8ad4d39" + integrity sha512-hppQEBDmlwhFAXKJX2KnWLYu5yMfi91yazPb2l+lbJiwW+wdo1gNeRA+3RgNSO39WYX2euey41KEwnqesU2Jew== + +"@typescript-eslint/parser@^5.42.0": + version "5.47.1" + resolved "https://registry.yarnpkg.com/@typescript-eslint/parser/-/parser-5.47.1.tgz#c4bf16f8c3c7608ce4bf8ff804b677fc899f173f" + integrity sha512-9Vb+KIv29r6GPu4EboWOnQM7T+UjpjXvjCPhNORlgm40a9Ia9bvaPJswvtae1gip2QEeVeGh6YquqAzEgoRAlw== + dependencies: + "@typescript-eslint/scope-manager" "5.47.1" + "@typescript-eslint/types" "5.47.1" + "@typescript-eslint/typescript-estree" "5.47.1" + debug "^4.3.4" + +"@typescript-eslint/scope-manager@5.47.1": + version "5.47.1" + resolved "https://registry.yarnpkg.com/@typescript-eslint/scope-manager/-/scope-manager-5.47.1.tgz#0d302b3c2f20ab24e4787bf3f5a0d8c449b823bd" + integrity sha512-9hsFDsgUwrdOoW1D97Ewog7DYSHaq4WKuNs0LHF9RiCmqB0Z+XRR4Pf7u7u9z/8CciHuJ6yxNws1XznI3ddjEw== + dependencies: + "@typescript-eslint/types" "5.47.1" + "@typescript-eslint/visitor-keys" "5.47.1" + +"@typescript-eslint/types@5.47.1": + version "5.47.1" + resolved "https://registry.yarnpkg.com/@typescript-eslint/types/-/types-5.47.1.tgz#459f07428aec5a8c4113706293c2ae876741ac8e" + integrity sha512-CmALY9YWXEpwuu6377ybJBZdtSAnzXLSQcxLSqSQSbC7VfpMu/HLVdrnVJj7ycI138EHqocW02LPJErE35cE9A== + +"@typescript-eslint/typescript-estree@5.47.1": + version "5.47.1" + resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-5.47.1.tgz#b9d8441308aca53df7f69b2c67a887b82c9ed418" + integrity sha512-4+ZhFSuISAvRi2xUszEj0xXbNTHceV9GbH9S8oAD2a/F9SW57aJNQVOCxG8GPfSWH/X4eOPdMEU2jYVuWKEpWA== + dependencies: + "@typescript-eslint/types" "5.47.1" + "@typescript-eslint/visitor-keys" "5.47.1" + debug "^4.3.4" + globby "^11.1.0" + is-glob "^4.0.3" + semver "^7.3.7" + tsutils "^3.21.0" + +"@typescript-eslint/visitor-keys@5.47.1": + version "5.47.1" + resolved "https://registry.yarnpkg.com/@typescript-eslint/visitor-keys/-/visitor-keys-5.47.1.tgz#d35c2da544dbb685db9c5b5b85adac0a1d74d1f2" + integrity sha512-rF3pmut2JCCjh6BLRhNKdYjULMb1brvoaiWDlHfLNVgmnZ0sBVJrs3SyaKE1XoDDnJuAx/hDQryHYmPUuNq0ig== + dependencies: + "@typescript-eslint/types" "5.47.1" + eslint-visitor-keys "^3.3.0" + +acorn-jsx@^5.3.2: + version "5.3.2" + resolved "https://registry.yarnpkg.com/acorn-jsx/-/acorn-jsx-5.3.2.tgz#7ed5bb55908b3b2f1bc55c6af1653bada7f07937" + integrity sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ== + +acorn@^8.8.0: + version "8.8.1" + resolved "https://registry.yarnpkg.com/acorn/-/acorn-8.8.1.tgz#0a3f9cbecc4ec3bea6f0a80b66ae8dd2da250b73" + integrity sha512-7zFpHzhnqYKrkYdUjF1HI1bzd0VygEGX8lFk4k5zVMqHEoES+P+7TKI+EvLO9WVMJ8eekdO0aDEK044xTXwPPA== + +ajv@^6.10.0, ajv@^6.12.4: + version "6.12.6" + resolved "https://registry.yarnpkg.com/ajv/-/ajv-6.12.6.tgz#baf5a62e802b07d977034586f8c3baf5adf26df4" + integrity sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g== + dependencies: + fast-deep-equal "^3.1.1" + fast-json-stable-stringify "^2.0.0" + json-schema-traverse "^0.4.1" + uri-js "^4.2.2" + +ansi-regex@^5.0.1: + version "5.0.1" + resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.1.tgz#082cb2c89c9fe8659a311a53bd6a4dc5301db304" + integrity sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ== + +ansi-styles@^4.1.0: + version "4.3.0" + resolved "https://registry.yarnpkg.com/ansi-styles/-/ansi-styles-4.3.0.tgz#edd803628ae71c04c85ae7a0906edad34b648937" + integrity sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg== + dependencies: + color-convert "^2.0.1" + +argparse@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/argparse/-/argparse-2.0.1.tgz#246f50f3ca78a3240f6c997e8a9bd1eac49e4b38" + integrity sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q== + +aria-query@^4.2.2: + version "4.2.2" + resolved "https://registry.yarnpkg.com/aria-query/-/aria-query-4.2.2.tgz#0d2ca6c9aceb56b8977e9fed6aed7e15bbd2f83b" + integrity sha512-o/HelwhuKpTj/frsOsbNLNgnNGVIFsVP/SW2BSF14gVl7kAfMOJ6/8wUAUvG1R1NHKrfG+2sHZTu0yauT1qBrA== + dependencies: + "@babel/runtime" "^7.10.2" + "@babel/runtime-corejs3" "^7.10.2" + +array-includes@^3.1.4, array-includes@^3.1.5, array-includes@^3.1.6: + version "3.1.6" + resolved "https://registry.yarnpkg.com/array-includes/-/array-includes-3.1.6.tgz#9e9e720e194f198266ba9e18c29e6a9b0e4b225f" + integrity sha512-sgTbLvL6cNnw24FnbaDyjmvddQ2ML8arZsgaJhoABMoplz/4QRhtrYS+alr1BUM1Bwp6dhx8vVCBSLG+StwOFw== + dependencies: + call-bind "^1.0.2" + define-properties "^1.1.4" + es-abstract "^1.20.4" + get-intrinsic "^1.1.3" + is-string "^1.0.7" + +array-union@^2.1.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/array-union/-/array-union-2.1.0.tgz#b798420adbeb1de828d84acd8a2e23d3efe85e8d" + integrity sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw== + +array.prototype.flat@^1.2.5: + version "1.3.1" + resolved "https://registry.yarnpkg.com/array.prototype.flat/-/array.prototype.flat-1.3.1.tgz#ffc6576a7ca3efc2f46a143b9d1dda9b4b3cf5e2" + integrity sha512-roTU0KWIOmJ4DRLmwKd19Otg0/mT3qPNt0Qb3GWW8iObuZXxrjB/pzn0R3hqpRSWg4HCwqx+0vwOnWnvlOyeIA== + dependencies: + call-bind "^1.0.2" + define-properties "^1.1.4" + es-abstract "^1.20.4" + es-shim-unscopables "^1.0.0" + +array.prototype.flatmap@^1.3.1: + version "1.3.1" + resolved "https://registry.yarnpkg.com/array.prototype.flatmap/-/array.prototype.flatmap-1.3.1.tgz#1aae7903c2100433cb8261cd4ed310aab5c4a183" + integrity sha512-8UGn9O1FDVvMNB0UlLv4voxRMze7+FpHyF5mSMRjWHUMlpoDViniy05870VlxhfgTnLbpuwTzvD76MTtWxB/mQ== + dependencies: + call-bind "^1.0.2" + define-properties "^1.1.4" + es-abstract "^1.20.4" + es-shim-unscopables "^1.0.0" + +array.prototype.tosorted@^1.1.1: + version "1.1.1" + resolved "https://registry.yarnpkg.com/array.prototype.tosorted/-/array.prototype.tosorted-1.1.1.tgz#ccf44738aa2b5ac56578ffda97c03fd3e23dd532" + integrity sha512-pZYPXPRl2PqWcsUs6LOMn+1f1532nEoPTYowBtqLwAW+W8vSVhkIGnmOX1t/UQjD6YGI0vcD2B1U7ZFGQH9jnQ== + dependencies: + call-bind "^1.0.2" + define-properties "^1.1.4" + es-abstract "^1.20.4" + es-shim-unscopables "^1.0.0" + get-intrinsic "^1.1.3" + +ast-types-flow@^0.0.7: + version "0.0.7" + resolved "https://registry.yarnpkg.com/ast-types-flow/-/ast-types-flow-0.0.7.tgz#f70b735c6bca1a5c9c22d982c3e39e7feba3bdad" + integrity sha512-eBvWn1lvIApYMhzQMsu9ciLfkBY499mFZlNqG+/9WR7PVlroQw0vG30cOQQbaKz3sCEc44TAOu2ykzqXSNnwag== + +axe-core@^4.4.3: + version "4.6.1" + resolved "https://registry.yarnpkg.com/axe-core/-/axe-core-4.6.1.tgz#79cccdee3e3ab61a8f42c458d4123a6768e6fbce" + integrity sha512-lCZN5XRuOnpG4bpMq8v0khrWtUOn+i8lZSb6wHZH56ZfbIEv6XwJV84AAueh9/zi7qPVJ/E4yz6fmsiyOmXR4w== + +axios@^0.24.0: + version "0.24.0" + resolved "https://registry.yarnpkg.com/axios/-/axios-0.24.0.tgz#804e6fa1e4b9c5288501dd9dff56a7a0940d20d6" + integrity sha512-Q6cWsys88HoPgAaFAVUb0WpPk0O8iTeisR9IMqy9G8AbO4NlpVknrnQS03zzF9PGAWgO3cgletO3VjV/P7VztA== + dependencies: + follow-redirects "^1.14.4" + +axobject-query@^2.2.0: + version "2.2.0" + resolved "https://registry.yarnpkg.com/axobject-query/-/axobject-query-2.2.0.tgz#943d47e10c0b704aa42275e20edf3722648989be" + integrity sha512-Td525n+iPOOyUQIeBfcASuG6uJsDOITl7Mds5gFyerkWiX7qhUTdYUBlSgNMyVqtSJqwpt1kXGLdUt6SykLMRA== + +balanced-match@^1.0.0: + version "1.0.2" + resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.2.tgz#e83e3a7e3f300b34cb9d87f615fa0cbf357690ee" + integrity sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw== + +brace-expansion@^1.1.7: + version "1.1.11" + resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.11.tgz#3c7fcbf529d87226f3d2f52b966ff5271eb441dd" + integrity sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA== + dependencies: + balanced-match "^1.0.0" + concat-map "0.0.1" + +braces@^3.0.2: + version "3.0.2" + resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.2.tgz#3454e1a462ee8d599e236df336cd9ea4f8afe107" + integrity sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A== + dependencies: + fill-range "^7.0.1" + +bufferutil@^4.0.1: + version "4.0.7" + resolved "https://registry.yarnpkg.com/bufferutil/-/bufferutil-4.0.7.tgz#60c0d19ba2c992dd8273d3f73772ffc894c153ad" + integrity sha512-kukuqc39WOHtdxtw4UScxF/WVnMFVSQVKhtx3AjZJzhd0RGZZldcrfSEbVsWWe6KNH253574cq5F+wpv0G9pJw== + dependencies: + node-gyp-build "^4.3.0" + +call-bind@^1.0.0, call-bind@^1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/call-bind/-/call-bind-1.0.2.tgz#b1d4e89e688119c3c9a903ad30abb2f6a919be3c" + integrity sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA== + dependencies: + function-bind "^1.1.1" + get-intrinsic "^1.0.2" + +callsites@^3.0.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/callsites/-/callsites-3.1.0.tgz#b3630abd8943432f54b3f0519238e33cd7df2f73" + integrity sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ== + +caniuse-lite@^1.0.30001406: + version "1.0.30001441" + resolved "https://registry.yarnpkg.com/caniuse-lite/-/caniuse-lite-1.0.30001441.tgz#987437b266260b640a23cd18fbddb509d7f69f3e" + integrity sha512-OyxRR4Vof59I3yGWXws6i908EtGbMzVUi3ganaZQHmydk1iwDhRnvaPG2WaR0KcqrDFKrxVZHULT396LEPhXfg== + +chalk@^4.0.0: + version "4.1.2" + resolved "https://registry.yarnpkg.com/chalk/-/chalk-4.1.2.tgz#aac4e2b7734a740867aeb16bf02aad556a1e7a01" + integrity sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA== + dependencies: + ansi-styles "^4.1.0" + supports-color "^7.1.0" + +classnames@^2.2.6: + version "2.3.2" + resolved "https://registry.yarnpkg.com/classnames/-/classnames-2.3.2.tgz#351d813bf0137fcc6a76a16b88208d2560a0d924" + integrity sha512-CSbhY4cFEJRe6/GQzIk5qXZ4Jeg5pcsP7b5peFSDpffpe1cqjASH/n9UTjBwOp6XpMSTwQ8Za2K5V02ueA7Tmw== + +client-only@0.0.1: + version "0.0.1" + resolved "https://registry.yarnpkg.com/client-only/-/client-only-0.0.1.tgz#38bba5d403c41ab150bff64a95c85013cf73bca1" + integrity sha512-IV3Ou0jSMzZrd3pZ48nLkT9DA7Ag1pnPzaiQhpW7c3RbcqqzvzzVu+L8gfqMp/8IM2MQtSiqaCxrrcfu8I8rMA== + +color-convert@^2.0.1: + version "2.0.1" + resolved "https://registry.yarnpkg.com/color-convert/-/color-convert-2.0.1.tgz#72d3a68d598c9bdb3af2ad1e84f21d896abd4de3" + integrity sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ== + dependencies: + color-name "~1.1.4" + +color-name@~1.1.4: + version "1.1.4" + resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.4.tgz#c2a09a87acbde69543de6f63fa3995c826c536a2" + integrity sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA== + +concat-map@0.0.1: + version "0.0.1" + resolved "https://registry.yarnpkg.com/concat-map/-/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b" + integrity sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg== + +core-js-pure@^3.25.1: + version "3.27.1" + resolved "https://registry.yarnpkg.com/core-js-pure/-/core-js-pure-3.27.1.tgz#ede4a6b8440585c7190062757069c01d37a19dca" + integrity sha512-BS2NHgwwUppfeoqOXqi08mUqS5FiZpuRuJJpKsaME7kJz0xxuk0xkhDdfMIlP/zLa80krBqss1LtD7f889heAw== + +cross-spawn@^7.0.2, cross-spawn@^7.0.3: + version "7.0.3" + resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6" + integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w== + dependencies: + path-key "^3.1.0" + shebang-command "^2.0.0" + which "^2.0.1" + +csstype@^3.0.2: + version "3.1.1" + resolved "https://registry.yarnpkg.com/csstype/-/csstype-3.1.1.tgz#841b532c45c758ee546a11d5bd7b7b473c8c30b9" + integrity sha512-DJR/VvkAvSZW9bTouZue2sSxDwdTN92uHjqeKVm+0dAqdfNykRzQ95tay8aXMBAAPpUiq4Qcug2L7neoRh2Egw== + +d@1, d@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/d/-/d-1.0.1.tgz#8698095372d58dbee346ffd0c7093f99f8f9eb5a" + integrity sha512-m62ShEObQ39CfralilEQRjH6oAMtNCV1xJyEx5LpRYUVN+EviphDgUc/F3hnYbADmkiNs67Y+3ylmlG7Lnu+FA== + dependencies: + es5-ext "^0.10.50" + type "^1.0.1" + +damerau-levenshtein@^1.0.8: + version "1.0.8" + resolved "https://registry.yarnpkg.com/damerau-levenshtein/-/damerau-levenshtein-1.0.8.tgz#b43d286ccbd36bc5b2f7ed41caf2d0aba1f8a6e7" + integrity sha512-sdQSFB7+llfUcQHUQO3+B8ERRj0Oa4w9POWMI/puGtuf7gFywGmkaLCElnudfTiKZV+NvHqL0ifzdrI8Ro7ESA== + +debug@^2.2.0, debug@^2.6.9: + version "2.6.9" + resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.9.tgz#5d128515df134ff327e90a4c93f4e077a536341f" + integrity sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA== + dependencies: + ms "2.0.0" + +debug@^3.2.7: + version "3.2.7" + resolved "https://registry.yarnpkg.com/debug/-/debug-3.2.7.tgz#72580b7e9145fb39b6676f9c5e5fb100b934179a" + integrity sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ== + dependencies: + ms "^2.1.1" + +debug@^4.1.1, debug@^4.3.2, debug@^4.3.4: + version "4.3.4" + resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.4.tgz#1319f6579357f2338d3337d2cdd4914bb5dcc865" + integrity sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ== + dependencies: + ms "2.1.2" + +deep-is@^0.1.3: + version "0.1.4" + resolved "https://registry.yarnpkg.com/deep-is/-/deep-is-0.1.4.tgz#a6f2dce612fadd2ef1f519b73551f17e85199831" + integrity sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ== + +define-lazy-prop@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/define-lazy-prop/-/define-lazy-prop-2.0.0.tgz#3f7ae421129bcaaac9bc74905c98a0009ec9ee7f" + integrity sha512-Ds09qNh8yw3khSjiJjiUInaGX9xlqZDY7JVryGxdxV7NPeuqQfplOpQ66yJFZut3jLa5zOwkXw1g9EI2uKh4Og== + +define-properties@^1.1.3, define-properties@^1.1.4: + version "1.1.4" + resolved "https://registry.yarnpkg.com/define-properties/-/define-properties-1.1.4.tgz#0b14d7bd7fbeb2f3572c3a7eda80ea5d57fb05b1" + integrity sha512-uckOqKcfaVvtBdsVkdPv3XjveQJsNQqmhXgRi8uhvWWuPYZCNlzT8qAyblUgNoXdHdjMTzAqeGjAoli8f+bzPA== + dependencies: + has-property-descriptors "^1.0.0" + object-keys "^1.1.1" + +dir-glob@^3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/dir-glob/-/dir-glob-3.0.1.tgz#56dbf73d992a4a93ba1584f4534063fd2e41717f" + integrity sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA== + dependencies: + path-type "^4.0.0" + +doctrine@^2.1.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/doctrine/-/doctrine-2.1.0.tgz#5cd01fc101621b42c4cd7f5d1a66243716d3f39d" + integrity sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw== + dependencies: + esutils "^2.0.2" + +doctrine@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/doctrine/-/doctrine-3.0.0.tgz#addebead72a6574db783639dc87a121773973961" + integrity sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w== + dependencies: + esutils "^2.0.2" + +emoji-regex@^9.2.2: + version "9.2.2" + resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-9.2.2.tgz#840c8803b0d8047f4ff0cf963176b32d4ef3ed72" + integrity sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg== + +enhanced-resolve@^5.10.0: + version "5.12.0" + resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.12.0.tgz#300e1c90228f5b570c4d35babf263f6da7155634" + integrity sha512-QHTXI/sZQmko1cbDoNAa3mJ5qhWUUNAq3vR0/YiD379fWQrcfuoX1+HW2S0MTt7XmoPLapdaDKUtelUSPic7hQ== + dependencies: + graceful-fs "^4.2.4" + tapable "^2.2.0" + +es-abstract@^1.19.0, es-abstract@^1.20.4: + version "1.20.5" + resolved "https://registry.yarnpkg.com/es-abstract/-/es-abstract-1.20.5.tgz#e6dc99177be37cacda5988e692c3fa8b218e95d2" + integrity sha512-7h8MM2EQhsCA7pU/Nv78qOXFpD8Rhqd12gYiSJVkrH9+e8VuA8JlPJK/hQjjlLv6pJvx/z1iRFKzYb0XT/RuAQ== + dependencies: + call-bind "^1.0.2" + es-to-primitive "^1.2.1" + function-bind "^1.1.1" + function.prototype.name "^1.1.5" + get-intrinsic "^1.1.3" + get-symbol-description "^1.0.0" + gopd "^1.0.1" + has "^1.0.3" + has-property-descriptors "^1.0.0" + has-symbols "^1.0.3" + internal-slot "^1.0.3" + is-callable "^1.2.7" + is-negative-zero "^2.0.2" + is-regex "^1.1.4" + is-shared-array-buffer "^1.0.2" + is-string "^1.0.7" + is-weakref "^1.0.2" + object-inspect "^1.12.2" + object-keys "^1.1.1" + object.assign "^4.1.4" + regexp.prototype.flags "^1.4.3" + safe-regex-test "^1.0.0" + string.prototype.trimend "^1.0.6" + string.prototype.trimstart "^1.0.6" + unbox-primitive "^1.0.2" + +es-shim-unscopables@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/es-shim-unscopables/-/es-shim-unscopables-1.0.0.tgz#702e632193201e3edf8713635d083d378e510241" + integrity sha512-Jm6GPcCdC30eMLbZ2x8z2WuRwAws3zTBBKuusffYVUrNj/GVSUAZ+xKMaUpfNDR5IbyNA5LJbaecoUVbmUcB1w== + dependencies: + has "^1.0.3" + +es-to-primitive@^1.2.1: + version "1.2.1" + resolved "https://registry.yarnpkg.com/es-to-primitive/-/es-to-primitive-1.2.1.tgz#e55cd4c9cdc188bcefb03b366c736323fc5c898a" + integrity sha512-QCOllgZJtaUo9miYBcLChTUaHNjJF3PYs1VidD7AwiEj1kYxKeQTctLAezAOH5ZKRH0g2IgPn6KwB4IT8iRpvA== + dependencies: + is-callable "^1.1.4" + is-date-object "^1.0.1" + is-symbol "^1.0.2" + +es5-ext@^0.10.35, es5-ext@^0.10.50: + version "0.10.62" + resolved "https://registry.yarnpkg.com/es5-ext/-/es5-ext-0.10.62.tgz#5e6adc19a6da524bf3d1e02bbc8960e5eb49a9a5" + integrity sha512-BHLqn0klhEpnOKSrzn/Xsz2UIW8j+cGmo9JLzr8BiUapV8hPL9+FliFqjwr9ngW7jWdnxv6eO+/LqyhJVqgrjA== + dependencies: + es6-iterator "^2.0.3" + es6-symbol "^3.1.3" + next-tick "^1.1.0" + +es6-iterator@^2.0.3: + version "2.0.3" + resolved "https://registry.yarnpkg.com/es6-iterator/-/es6-iterator-2.0.3.tgz#a7de889141a05a94b0854403b2d0a0fbfa98f3b7" + integrity sha512-zw4SRzoUkd+cl+ZoE15A9o1oQd920Bb0iOJMQkQhl3jNc03YqVjAhG7scf9C5KWRU/R13Orf588uCC6525o02g== + dependencies: + d "1" + es5-ext "^0.10.35" + es6-symbol "^3.1.1" + +es6-symbol@^3.1.1, es6-symbol@^3.1.3: + version "3.1.3" + resolved "https://registry.yarnpkg.com/es6-symbol/-/es6-symbol-3.1.3.tgz#bad5d3c1bcdac28269f4cb331e431c78ac705d18" + integrity sha512-NJ6Yn3FuDinBaBRWl/q5X/s4koRHBrgKAu+yGI6JCBeiu3qrcbJhwT2GeR/EXVfylRk8dpQVJoLEFhK+Mu31NA== + dependencies: + d "^1.0.1" + ext "^1.1.2" + +escape-string-regexp@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz#14ba83a5d373e3d311e5afca29cf5bfad965bf34" + integrity sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA== + +eslint-config-next@13.1.1: + version "13.1.1" + resolved "https://registry.yarnpkg.com/eslint-config-next/-/eslint-config-next-13.1.1.tgz#b1a6602b0a339820585d4b2f8d2e08866b6699a7" + integrity sha512-/5S2XGWlGaiqrRhzpn51ux5JUSLwx8PVK2keLi5xk7QmhfYB8PqE6R6SlVw6hgnf/VexvUXSrlNJ/su00NhtHQ== + dependencies: + "@next/eslint-plugin-next" "13.1.1" + "@rushstack/eslint-patch" "^1.1.3" + "@typescript-eslint/parser" "^5.42.0" + eslint-import-resolver-node "^0.3.6" + eslint-import-resolver-typescript "^3.5.2" + eslint-plugin-import "^2.26.0" + eslint-plugin-jsx-a11y "^6.5.1" + eslint-plugin-react "^7.31.7" + eslint-plugin-react-hooks "^4.5.0" + +eslint-import-resolver-node@^0.3.6: + version "0.3.6" + resolved "https://registry.yarnpkg.com/eslint-import-resolver-node/-/eslint-import-resolver-node-0.3.6.tgz#4048b958395da89668252001dbd9eca6b83bacbd" + integrity sha512-0En0w03NRVMn9Uiyn8YRPDKvWjxCWkslUEhGNTdGx15RvPJYQ+lbOlqrlNI2vEAs4pDYK4f/HN2TbDmk5TP0iw== + dependencies: + debug "^3.2.7" + resolve "^1.20.0" + +eslint-import-resolver-typescript@^3.5.2: + version "3.5.2" + resolved "https://registry.yarnpkg.com/eslint-import-resolver-typescript/-/eslint-import-resolver-typescript-3.5.2.tgz#9431acded7d898fd94591a08ea9eec3514c7de91" + integrity sha512-zX4ebnnyXiykjhcBvKIf5TNvt8K7yX6bllTRZ14MiurKPjDpCAZujlszTdB8pcNXhZcOf+god4s9SjQa5GnytQ== + dependencies: + debug "^4.3.4" + enhanced-resolve "^5.10.0" + get-tsconfig "^4.2.0" + globby "^13.1.2" + is-core-module "^2.10.0" + is-glob "^4.0.3" + synckit "^0.8.4" + +eslint-module-utils@^2.7.3: + version "2.7.4" + resolved "https://registry.yarnpkg.com/eslint-module-utils/-/eslint-module-utils-2.7.4.tgz#4f3e41116aaf13a20792261e61d3a2e7e0583974" + integrity sha512-j4GT+rqzCoRKHwURX7pddtIPGySnX9Si/cgMI5ztrcqOPtk5dDEeZ34CQVPphnqkJytlc97Vuk05Um2mJ3gEQA== + dependencies: + debug "^3.2.7" + +eslint-plugin-import@^2.26.0: + version "2.26.0" + resolved "https://registry.yarnpkg.com/eslint-plugin-import/-/eslint-plugin-import-2.26.0.tgz#f812dc47be4f2b72b478a021605a59fc6fe8b88b" + integrity sha512-hYfi3FXaM8WPLf4S1cikh/r4IxnO6zrhZbEGz2b660EJRbuxgpDS5gkCuYgGWg2xxh2rBuIr4Pvhve/7c31koA== + dependencies: + array-includes "^3.1.4" + array.prototype.flat "^1.2.5" + debug "^2.6.9" + doctrine "^2.1.0" + eslint-import-resolver-node "^0.3.6" + eslint-module-utils "^2.7.3" + has "^1.0.3" + is-core-module "^2.8.1" + is-glob "^4.0.3" + minimatch "^3.1.2" + object.values "^1.1.5" + resolve "^1.22.0" + tsconfig-paths "^3.14.1" + +eslint-plugin-jsx-a11y@^6.5.1: + version "6.6.1" + resolved "https://registry.yarnpkg.com/eslint-plugin-jsx-a11y/-/eslint-plugin-jsx-a11y-6.6.1.tgz#93736fc91b83fdc38cc8d115deedfc3091aef1ff" + integrity sha512-sXgFVNHiWffBq23uiS/JaP6eVR622DqwB4yTzKvGZGcPq6/yZ3WmOZfuBks/vHWo9GaFOqC2ZK4i6+C35knx7Q== + dependencies: + "@babel/runtime" "^7.18.9" + aria-query "^4.2.2" + array-includes "^3.1.5" + ast-types-flow "^0.0.7" + axe-core "^4.4.3" + axobject-query "^2.2.0" + damerau-levenshtein "^1.0.8" + emoji-regex "^9.2.2" + has "^1.0.3" + jsx-ast-utils "^3.3.2" + language-tags "^1.0.5" + minimatch "^3.1.2" + semver "^6.3.0" + +eslint-plugin-react-hooks@^4.5.0: + version "4.6.0" + resolved "https://registry.yarnpkg.com/eslint-plugin-react-hooks/-/eslint-plugin-react-hooks-4.6.0.tgz#4c3e697ad95b77e93f8646aaa1630c1ba607edd3" + integrity sha512-oFc7Itz9Qxh2x4gNHStv3BqJq54ExXmfC+a1NjAta66IAN87Wu0R/QArgIS9qKzX3dXKPI9H5crl9QchNMY9+g== + +eslint-plugin-react@^7.31.7: + version "7.31.11" + resolved "https://registry.yarnpkg.com/eslint-plugin-react/-/eslint-plugin-react-7.31.11.tgz#011521d2b16dcf95795df688a4770b4eaab364c8" + integrity sha512-TTvq5JsT5v56wPa9OYHzsrOlHzKZKjV+aLgS+55NJP/cuzdiQPC7PfYoUjMoxlffKtvijpk7vA/jmuqRb9nohw== + dependencies: + array-includes "^3.1.6" + array.prototype.flatmap "^1.3.1" + array.prototype.tosorted "^1.1.1" + doctrine "^2.1.0" + estraverse "^5.3.0" + jsx-ast-utils "^2.4.1 || ^3.0.0" + minimatch "^3.1.2" + object.entries "^1.1.6" + object.fromentries "^2.0.6" + object.hasown "^1.1.2" + object.values "^1.1.6" + prop-types "^15.8.1" + resolve "^2.0.0-next.3" + semver "^6.3.0" + string.prototype.matchall "^4.0.8" + +eslint-scope@^7.1.1: + version "7.1.1" + resolved "https://registry.yarnpkg.com/eslint-scope/-/eslint-scope-7.1.1.tgz#fff34894c2f65e5226d3041ac480b4513a163642" + integrity sha512-QKQM/UXpIiHcLqJ5AOyIW7XZmzjkzQXYE54n1++wb0u9V/abW3l9uQnxX8Z5Xd18xyKIMTUAyQ0k1e8pz6LUrw== + dependencies: + esrecurse "^4.3.0" + estraverse "^5.2.0" + +eslint-utils@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/eslint-utils/-/eslint-utils-3.0.0.tgz#8aebaface7345bb33559db0a1f13a1d2d48c3672" + integrity sha512-uuQC43IGctw68pJA1RgbQS8/NP7rch6Cwd4j3ZBtgo4/8Flj4eGE7ZYSZRN3iq5pVUv6GPdW5Z1RFleo84uLDA== + dependencies: + eslint-visitor-keys "^2.0.0" + +eslint-visitor-keys@^2.0.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz#f65328259305927392c938ed44eb0a5c9b2bd303" + integrity sha512-0rSmRBzXgDzIsD6mGdJgevzgezI534Cer5L/vyMX0kHzT/jiB43jRhd9YUlMGYLQy2zprNmoT8qasCGtY+QaKw== + +eslint-visitor-keys@^3.3.0: + version "3.3.0" + resolved "https://registry.yarnpkg.com/eslint-visitor-keys/-/eslint-visitor-keys-3.3.0.tgz#f6480fa6b1f30efe2d1968aa8ac745b862469826" + integrity sha512-mQ+suqKJVyeuwGYHAdjMFqjCyfl8+Ldnxuyp3ldiMBFKkvytrXUZWaiPCEav8qDHKty44bD+qV1IP4T+w+xXRA== + +eslint@8.31.0: + version "8.31.0" + resolved "https://registry.yarnpkg.com/eslint/-/eslint-8.31.0.tgz#75028e77cbcff102a9feae1d718135931532d524" + integrity sha512-0tQQEVdmPZ1UtUKXjX7EMm9BlgJ08G90IhWh0PKDCb3ZLsgAOHI8fYSIzYVZej92zsgq+ft0FGsxhJ3xo2tbuA== + dependencies: + "@eslint/eslintrc" "^1.4.1" + "@humanwhocodes/config-array" "^0.11.8" + "@humanwhocodes/module-importer" "^1.0.1" + "@nodelib/fs.walk" "^1.2.8" + ajv "^6.10.0" + chalk "^4.0.0" + cross-spawn "^7.0.2" + debug "^4.3.2" + doctrine "^3.0.0" + escape-string-regexp "^4.0.0" + eslint-scope "^7.1.1" + eslint-utils "^3.0.0" + eslint-visitor-keys "^3.3.0" + espree "^9.4.0" + esquery "^1.4.0" + esutils "^2.0.2" + fast-deep-equal "^3.1.3" + file-entry-cache "^6.0.1" + find-up "^5.0.0" + glob-parent "^6.0.2" + globals "^13.19.0" + grapheme-splitter "^1.0.4" + ignore "^5.2.0" + import-fresh "^3.0.0" + imurmurhash "^0.1.4" + is-glob "^4.0.0" + is-path-inside "^3.0.3" + js-sdsl "^4.1.4" + js-yaml "^4.1.0" + json-stable-stringify-without-jsonify "^1.0.1" + levn "^0.4.1" + lodash.merge "^4.6.2" + minimatch "^3.1.2" + natural-compare "^1.4.0" + optionator "^0.9.1" + regexpp "^3.2.0" + strip-ansi "^6.0.1" + strip-json-comments "^3.1.0" + text-table "^0.2.0" + +espree@^9.4.0: + version "9.4.1" + resolved "https://registry.yarnpkg.com/espree/-/espree-9.4.1.tgz#51d6092615567a2c2cff7833445e37c28c0065bd" + integrity sha512-XwctdmTO6SIvCzd9810yyNzIrOrqNYV9Koizx4C/mRhf9uq0o4yHoCEU/670pOxOL/MSraektvSAji79kX90Vg== + dependencies: + acorn "^8.8.0" + acorn-jsx "^5.3.2" + eslint-visitor-keys "^3.3.0" + +esquery@^1.4.0: + version "1.4.0" + resolved "https://registry.yarnpkg.com/esquery/-/esquery-1.4.0.tgz#2148ffc38b82e8c7057dfed48425b3e61f0f24a5" + integrity sha512-cCDispWt5vHHtwMY2YrAQ4ibFkAL8RbH5YGBnZBc90MolvvfkkQcJro/aZiAQUlQ3qgrYS6D6v8Gc5G5CQsc9w== + dependencies: + estraverse "^5.1.0" + +esrecurse@^4.3.0: + version "4.3.0" + resolved "https://registry.yarnpkg.com/esrecurse/-/esrecurse-4.3.0.tgz#7ad7964d679abb28bee72cec63758b1c5d2c9921" + integrity sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag== + dependencies: + estraverse "^5.2.0" + +estraverse@^5.1.0, estraverse@^5.2.0, estraverse@^5.3.0: + version "5.3.0" + resolved "https://registry.yarnpkg.com/estraverse/-/estraverse-5.3.0.tgz#2eea5290702f26ab8fe5370370ff86c965d21123" + integrity sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA== + +esutils@^2.0.2: + version "2.0.3" + resolved "https://registry.yarnpkg.com/esutils/-/esutils-2.0.3.tgz#74d2eb4de0b8da1293711910d50775b9b710ef64" + integrity sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g== + +ext@^1.1.2: + version "1.7.0" + resolved "https://registry.yarnpkg.com/ext/-/ext-1.7.0.tgz#0ea4383c0103d60e70be99e9a7f11027a33c4f5f" + integrity sha512-6hxeJYaL110a9b5TEJSj0gojyHQAmA2ch5Os+ySCiA1QGdS697XWY1pzsrSjqA9LDEEgdB/KypIlR59RcLuHYw== + dependencies: + type "^2.7.2" + +fast-deep-equal@^3.1.1, fast-deep-equal@^3.1.3: + version "3.1.3" + resolved "https://registry.yarnpkg.com/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz#3a7d56b559d6cbc3eb512325244e619a65c6c525" + integrity sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q== + +fast-glob@^3.2.11, fast-glob@^3.2.9: + version "3.2.12" + resolved "https://registry.yarnpkg.com/fast-glob/-/fast-glob-3.2.12.tgz#7f39ec99c2e6ab030337142da9e0c18f37afae80" + integrity sha512-DVj4CQIYYow0BlaelwK1pHl5n5cRSJfM60UA0zK891sVInoPri2Ekj7+e1CT3/3qxXenpI+nBBmQAcJPJgaj4w== + dependencies: + "@nodelib/fs.stat" "^2.0.2" + "@nodelib/fs.walk" "^1.2.3" + glob-parent "^5.1.2" + merge2 "^1.3.0" + micromatch "^4.0.4" + +fast-json-stable-stringify@^2.0.0: + version "2.1.0" + resolved "https://registry.yarnpkg.com/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz#874bf69c6f404c2b5d99c481341399fd55892633" + integrity sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw== + +fast-levenshtein@^2.0.6: + version "2.0.6" + resolved "https://registry.yarnpkg.com/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz#3d8a5c66883a16a30ca8643e851f19baa7797917" + integrity sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw== + +fastq@^1.6.0: + version "1.15.0" + resolved "https://registry.yarnpkg.com/fastq/-/fastq-1.15.0.tgz#d04d07c6a2a68fe4599fea8d2e103a937fae6b3a" + integrity sha512-wBrocU2LCXXa+lWBt8RoIRD89Fi8OdABODa/kEnyeyjS5aZO5/GNvI5sEINADqP/h8M29UHTHUb53sUu5Ihqdw== + dependencies: + reusify "^1.0.4" + +file-entry-cache@^6.0.1: + version "6.0.1" + resolved "https://registry.yarnpkg.com/file-entry-cache/-/file-entry-cache-6.0.1.tgz#211b2dd9659cb0394b073e7323ac3c933d522027" + integrity sha512-7Gps/XWymbLk2QLYK4NzpMOrYjMhdIxXuIvy2QBsLE6ljuodKvdkWs/cpyJJ3CVIVpH0Oi1Hvg1ovbMzLdFBBg== + dependencies: + flat-cache "^3.0.4" + +fill-range@^7.0.1: + version "7.0.1" + resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.0.1.tgz#1919a6a7c75fe38b2c7c77e5198535da9acdda40" + integrity sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ== + dependencies: + to-regex-range "^5.0.1" + +find-up@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/find-up/-/find-up-5.0.0.tgz#4c92819ecb7083561e4f4a240a86be5198f536fc" + integrity sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng== + dependencies: + locate-path "^6.0.0" + path-exists "^4.0.0" + +flat-cache@^3.0.4: + version "3.0.4" + resolved "https://registry.yarnpkg.com/flat-cache/-/flat-cache-3.0.4.tgz#61b0338302b2fe9f957dcc32fc2a87f1c3048b11" + integrity sha512-dm9s5Pw7Jc0GvMYbshN6zchCA9RgQlzzEZX3vylR9IqFfS8XciblUXOKfW6SiuJ0e13eDYZoZV5wdrev7P3Nwg== + dependencies: + flatted "^3.1.0" + rimraf "^3.0.2" + +flatted@^3.1.0: + version "3.2.7" + resolved "https://registry.yarnpkg.com/flatted/-/flatted-3.2.7.tgz#609f39207cb614b89d0765b477cb2d437fbf9787" + integrity sha512-5nqDSxl8nn5BSNxyR3n4I6eDmbolI6WT+QqR547RwxQapgjQBmtktdP+HTBb/a/zLsbzERTONyUB5pefh5TtjQ== + +follow-redirects@^1.14.4: + version "1.15.2" + resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.2.tgz#b460864144ba63f2681096f274c4e57026da2c13" + integrity sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA== + +fs.realpath@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/fs.realpath/-/fs.realpath-1.0.0.tgz#1504ad2523158caa40db4a2787cb01411994ea4f" + integrity sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw== + +function-bind@^1.1.1: + version "1.1.1" + resolved "https://registry.yarnpkg.com/function-bind/-/function-bind-1.1.1.tgz#a56899d3ea3c9bab874bb9773b7c5ede92f4895d" + integrity sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A== + +function.prototype.name@^1.1.5: + version "1.1.5" + resolved "https://registry.yarnpkg.com/function.prototype.name/-/function.prototype.name-1.1.5.tgz#cce0505fe1ffb80503e6f9e46cc64e46a12a9621" + integrity sha512-uN7m/BzVKQnCUF/iW8jYea67v++2u7m5UgENbHRtdDVclOUP+FMPlCNdmk0h/ysGyo2tavMJEDqJAkJdRa1vMA== + dependencies: + call-bind "^1.0.2" + define-properties "^1.1.3" + es-abstract "^1.19.0" + functions-have-names "^1.2.2" + +functions-have-names@^1.2.2: + version "1.2.3" + resolved "https://registry.yarnpkg.com/functions-have-names/-/functions-have-names-1.2.3.tgz#0404fe4ee2ba2f607f0e0ec3c80bae994133b834" + integrity sha512-xckBUXyTIqT97tq2x2AMb+g163b5JFysYk0x4qxNFwbfQkmNZoiRHb6sPzI9/QV33WeuvVYBUIiD4NzNIyqaRQ== + +get-intrinsic@^1.0.2, get-intrinsic@^1.1.1, get-intrinsic@^1.1.3: + version "1.1.3" + resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.1.3.tgz#063c84329ad93e83893c7f4f243ef63ffa351385" + integrity sha512-QJVz1Tj7MS099PevUG5jvnt9tSkXN8K14dxQlikJuPt4uD9hHAHjLyLBiLR5zELelBdD9QNRAXZzsJx0WaDL9A== + dependencies: + function-bind "^1.1.1" + has "^1.0.3" + has-symbols "^1.0.3" + +get-symbol-description@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/get-symbol-description/-/get-symbol-description-1.0.0.tgz#7fdb81c900101fbd564dd5f1a30af5aadc1e58d6" + integrity sha512-2EmdH1YvIQiZpltCNgkuiUnyukzxM/R6NDJX31Ke3BG1Nq5b0S2PhX59UKi9vZpPDQVdqn+1IcaAwnzTT5vCjw== + dependencies: + call-bind "^1.0.2" + get-intrinsic "^1.1.1" + +get-tsconfig@^4.2.0: + version "4.3.0" + resolved "https://registry.yarnpkg.com/get-tsconfig/-/get-tsconfig-4.3.0.tgz#4c26fae115d1050e836aea65d6fe56b507ee249b" + integrity sha512-YCcF28IqSay3fqpIu5y3Krg/utCBHBeoflkZyHj/QcqI2nrLPC3ZegS9CmIo+hJb8K7aiGsuUl7PwWVjNG2HQQ== + +glob-parent@^5.1.2: + version "5.1.2" + resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.2.tgz#869832c58034fe68a4093c17dc15e8340d8401c4" + integrity sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow== + dependencies: + is-glob "^4.0.1" + +glob-parent@^6.0.2: + version "6.0.2" + resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-6.0.2.tgz#6d237d99083950c79290f24c7642a3de9a28f9e3" + integrity sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A== + dependencies: + is-glob "^4.0.3" + +glob@7.1.7: + version "7.1.7" + resolved "https://registry.yarnpkg.com/glob/-/glob-7.1.7.tgz#3b193e9233f01d42d0b3f78294bbeeb418f94a90" + integrity sha512-OvD9ENzPLbegENnYP5UUfJIirTg4+XwMWGaQfQTY0JenxNvvIKP3U3/tAQSPIu/lHxXYSZmpXlUHeqAIdKzBLQ== + dependencies: + fs.realpath "^1.0.0" + inflight "^1.0.4" + inherits "2" + minimatch "^3.0.4" + once "^1.3.0" + path-is-absolute "^1.0.0" + +glob@^7.1.3: + version "7.2.3" + resolved "https://registry.yarnpkg.com/glob/-/glob-7.2.3.tgz#b8df0fb802bbfa8e89bd1d938b4e16578ed44f2b" + integrity sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q== + dependencies: + fs.realpath "^1.0.0" + inflight "^1.0.4" + inherits "2" + minimatch "^3.1.1" + once "^1.3.0" + path-is-absolute "^1.0.0" + +globals@^13.19.0: + version "13.19.0" + resolved "https://registry.yarnpkg.com/globals/-/globals-13.19.0.tgz#7a42de8e6ad4f7242fbcca27ea5b23aca367b5c8" + integrity sha512-dkQ957uSRWHw7CFXLUtUHQI3g3aWApYhfNR2O6jn/907riyTYKVBmxYVROkBcY614FSSeSJh7Xm7SrUWCxvJMQ== + dependencies: + type-fest "^0.20.2" + +globalyzer@0.1.0: + version "0.1.0" + resolved "https://registry.yarnpkg.com/globalyzer/-/globalyzer-0.1.0.tgz#cb76da79555669a1519d5a8edf093afaa0bf1465" + integrity sha512-40oNTM9UfG6aBmuKxk/giHn5nQ8RVz/SS4Ir6zgzOv9/qC3kKZ9v4etGTcJbEl/NyVQH7FGU7d+X1egr57Md2Q== + +globby@^11.1.0: + version "11.1.0" + resolved "https://registry.yarnpkg.com/globby/-/globby-11.1.0.tgz#bd4be98bb042f83d796f7e3811991fbe82a0d34b" + integrity sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g== + dependencies: + array-union "^2.1.0" + dir-glob "^3.0.1" + fast-glob "^3.2.9" + ignore "^5.2.0" + merge2 "^1.4.1" + slash "^3.0.0" + +globby@^13.1.2: + version "13.1.3" + resolved "https://registry.yarnpkg.com/globby/-/globby-13.1.3.tgz#f62baf5720bcb2c1330c8d4ef222ee12318563ff" + integrity sha512-8krCNHXvlCgHDpegPzleMq07yMYTO2sXKASmZmquEYWEmCx6J5UTRbp5RwMJkTJGtcQ44YpiUYUiN0b9mzy8Bw== + dependencies: + dir-glob "^3.0.1" + fast-glob "^3.2.11" + ignore "^5.2.0" + merge2 "^1.4.1" + slash "^4.0.0" + +globrex@^0.1.2: + version "0.1.2" + resolved "https://registry.yarnpkg.com/globrex/-/globrex-0.1.2.tgz#dd5d9ec826232730cd6793a5e33a9302985e6098" + integrity sha512-uHJgbwAMwNFf5mLst7IWLNg14x1CkeqglJb/K3doi4dw6q2IvAAmM/Y81kevy83wP+Sst+nutFTYOGg3d1lsxg== + +gopd@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/gopd/-/gopd-1.0.1.tgz#29ff76de69dac7489b7c0918a5788e56477c332c" + integrity sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA== + dependencies: + get-intrinsic "^1.1.3" + +graceful-fs@^4.2.4: + version "4.2.10" + resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.10.tgz#147d3a006da4ca3ce14728c7aefc287c367d7a6c" + integrity sha512-9ByhssR2fPVsNZj478qUUbKfmL0+t5BDVyjShtyZZLiK7ZDAArFFfopyOTj0M05wE2tJPisA4iTnnXl2YoPvOA== + +grapheme-splitter@^1.0.4: + version "1.0.4" + resolved "https://registry.yarnpkg.com/grapheme-splitter/-/grapheme-splitter-1.0.4.tgz#9cf3a665c6247479896834af35cf1dbb4400767e" + integrity sha512-bzh50DW9kTPM00T8y4o8vQg89Di9oLJVLW/KaOGIXJWP/iqCN6WKYkbNOF04vFLJhwcpYUh9ydh/+5vpOqV4YQ== + +has-bigints@^1.0.1, has-bigints@^1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/has-bigints/-/has-bigints-1.0.2.tgz#0871bd3e3d51626f6ca0966668ba35d5602d6eaa" + integrity sha512-tSvCKtBr9lkF0Ex0aQiP9N+OpV4zi2r/Nee5VkRDbaqv35RLYMzbwQfFSZZH0kR+Rd6302UJZ2p/bJCEoR3VoQ== + +has-flag@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/has-flag/-/has-flag-4.0.0.tgz#944771fd9c81c81265c4d6941860da06bb59479b" + integrity sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ== + +has-property-descriptors@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/has-property-descriptors/-/has-property-descriptors-1.0.0.tgz#610708600606d36961ed04c196193b6a607fa861" + integrity sha512-62DVLZGoiEBDHQyqG4w9xCuZ7eJEwNmJRWw2VY84Oedb7WFcA27fiEVe8oUQx9hAUJ4ekurquucTGwsyO1XGdQ== + dependencies: + get-intrinsic "^1.1.1" + +has-symbols@^1.0.2, has-symbols@^1.0.3: + version "1.0.3" + resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.0.3.tgz#bb7b2c4349251dce87b125f7bdf874aa7c8b39f8" + integrity sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A== + +has-tostringtag@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/has-tostringtag/-/has-tostringtag-1.0.0.tgz#7e133818a7d394734f941e73c3d3f9291e658b25" + integrity sha512-kFjcSNhnlGV1kyoGk7OXKSawH5JOb/LzUc5w9B02hOTO0dfFRjbHQKvg1d6cf3HbeUmtU9VbbV3qzZ2Teh97WQ== + dependencies: + has-symbols "^1.0.2" + +has@^1.0.3: + version "1.0.3" + resolved "https://registry.yarnpkg.com/has/-/has-1.0.3.tgz#722d7cbfc1f6aa8241f16dd814e011e1f41e8796" + integrity sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw== + dependencies: + function-bind "^1.1.1" + +ignore@^5.2.0: + version "5.2.4" + resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.2.4.tgz#a291c0c6178ff1b960befe47fcdec301674a6324" + integrity sha512-MAb38BcSbH0eHNBxn7ql2NH/kX33OkB3lZ1BNdh7ENeRChHTYsTvWrMubiIAMNS2llXEEgZ1MUOBtXChP3kaFQ== + +import-fresh@^3.0.0, import-fresh@^3.2.1: + version "3.3.0" + resolved "https://registry.yarnpkg.com/import-fresh/-/import-fresh-3.3.0.tgz#37162c25fcb9ebaa2e6e53d5b4d88ce17d9e0c2b" + integrity sha512-veYYhQa+D1QBKznvhUHxb8faxlrwUnxseDAbAp457E0wLNio2bOSKnjYDhMj+YiAq61xrMGhQk9iXVk5FzgQMw== + dependencies: + parent-module "^1.0.0" + resolve-from "^4.0.0" + +imurmurhash@^0.1.4: + version "0.1.4" + resolved "https://registry.yarnpkg.com/imurmurhash/-/imurmurhash-0.1.4.tgz#9218b9b2b928a238b13dc4fb6b6d576f231453ea" + integrity sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA== + +inflight@^1.0.4: + version "1.0.6" + resolved "https://registry.yarnpkg.com/inflight/-/inflight-1.0.6.tgz#49bd6331d7d02d0c09bc910a1075ba8165b56df9" + integrity sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA== + dependencies: + once "^1.3.0" + wrappy "1" + +inherits@2: + version "2.0.4" + resolved "https://registry.yarnpkg.com/inherits/-/inherits-2.0.4.tgz#0fa2c64f932917c3433a0ded55363aae37416b7c" + integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ== + +internal-slot@^1.0.3: + version "1.0.4" + resolved "https://registry.yarnpkg.com/internal-slot/-/internal-slot-1.0.4.tgz#8551e7baf74a7a6ba5f749cfb16aa60722f0d6f3" + integrity sha512-tA8URYccNzMo94s5MQZgH8NB/XTa6HsOo0MLfXTKKEnHVVdegzaQoFZ7Jp44bdvLvY2waT5dc+j5ICEswhi7UQ== + dependencies: + get-intrinsic "^1.1.3" + has "^1.0.3" + side-channel "^1.0.4" + +is-bigint@^1.0.1: + version "1.0.4" + resolved "https://registry.yarnpkg.com/is-bigint/-/is-bigint-1.0.4.tgz#08147a1875bc2b32005d41ccd8291dffc6691df3" + integrity sha512-zB9CruMamjym81i2JZ3UMn54PKGsQzsJeo6xvN3HJJ4CAsQNB6iRutp2To77OfCNuoxspsIhzaPoO1zyCEhFOg== + dependencies: + has-bigints "^1.0.1" + +is-boolean-object@^1.1.0: + version "1.1.2" + resolved "https://registry.yarnpkg.com/is-boolean-object/-/is-boolean-object-1.1.2.tgz#5c6dc200246dd9321ae4b885a114bb1f75f63719" + integrity sha512-gDYaKHJmnj4aWxyj6YHyXVpdQawtVLHU5cb+eztPGczf6cjuTdwve5ZIEfgXqH4e57An1D1AKf8CZ3kYrQRqYA== + dependencies: + call-bind "^1.0.2" + has-tostringtag "^1.0.0" + +is-callable@^1.1.4, is-callable@^1.2.7: + version "1.2.7" + resolved "https://registry.yarnpkg.com/is-callable/-/is-callable-1.2.7.tgz#3bc2a85ea742d9e36205dcacdd72ca1fdc51b055" + integrity sha512-1BC0BVFhS/p0qtw6enp8e+8OD0UrK0oFLztSjNzhcKA3WDuJxxAPXzPuPtKkjEY9UUoEWlX/8fgKeu2S8i9JTA== + +is-core-module@^2.10.0, is-core-module@^2.8.1, is-core-module@^2.9.0: + version "2.11.0" + resolved "https://registry.yarnpkg.com/is-core-module/-/is-core-module-2.11.0.tgz#ad4cb3e3863e814523c96f3f58d26cc570ff0144" + integrity sha512-RRjxlvLDkD1YJwDbroBHMb+cukurkDWNyHx7D3oNB5x9rb5ogcksMC5wHCadcXoo67gVr/+3GFySh3134zi6rw== + dependencies: + has "^1.0.3" + +is-date-object@^1.0.1: + version "1.0.5" + resolved "https://registry.yarnpkg.com/is-date-object/-/is-date-object-1.0.5.tgz#0841d5536e724c25597bf6ea62e1bd38298df31f" + integrity sha512-9YQaSxsAiSwcvS33MBk3wTCVnWK+HhF8VZR2jRxehM16QcVOdHqPn4VPHmRK4lSr38n9JriurInLcP90xsYNfQ== + dependencies: + has-tostringtag "^1.0.0" + +is-docker@^2.0.0, is-docker@^2.1.1: + version "2.2.1" + resolved "https://registry.yarnpkg.com/is-docker/-/is-docker-2.2.1.tgz#33eeabe23cfe86f14bde4408a02c0cfb853acdaa" + integrity sha512-F+i2BKsFrH66iaUFc0woD8sLy8getkwTwtOBjvs56Cx4CgJDeKQeqfz8wAYiSb8JOprWhHH5p77PbmYCvvUuXQ== + +is-extglob@^2.1.1: + version "2.1.1" + resolved "https://registry.yarnpkg.com/is-extglob/-/is-extglob-2.1.1.tgz#a88c02535791f02ed37c76a1b9ea9773c833f8c2" + integrity sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ== + +is-glob@^4.0.0, is-glob@^4.0.1, is-glob@^4.0.3: + version "4.0.3" + resolved "https://registry.yarnpkg.com/is-glob/-/is-glob-4.0.3.tgz#64f61e42cbbb2eec2071a9dac0b28ba1e65d5084" + integrity sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg== + dependencies: + is-extglob "^2.1.1" + +is-negative-zero@^2.0.2: + version "2.0.2" + resolved "https://registry.yarnpkg.com/is-negative-zero/-/is-negative-zero-2.0.2.tgz#7bf6f03a28003b8b3965de3ac26f664d765f3150" + integrity sha512-dqJvarLawXsFbNDeJW7zAz8ItJ9cd28YufuuFzh0G8pNHjJMnY08Dv7sYX2uF5UpQOwieAeOExEYAWWfu7ZZUA== + +is-number-object@^1.0.4: + version "1.0.7" + resolved "https://registry.yarnpkg.com/is-number-object/-/is-number-object-1.0.7.tgz#59d50ada4c45251784e9904f5246c742f07a42fc" + integrity sha512-k1U0IRzLMo7ZlYIfzRu23Oh6MiIFasgpb9X76eqfFZAqwH44UI4KTBvBYIZ1dSL9ZzChTB9ShHfLkR4pdW5krQ== + dependencies: + has-tostringtag "^1.0.0" + +is-number@^7.0.0: + version "7.0.0" + resolved "https://registry.yarnpkg.com/is-number/-/is-number-7.0.0.tgz#7535345b896734d5f80c4d06c50955527a14f12b" + integrity sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng== + +is-path-inside@^3.0.3: + version "3.0.3" + resolved "https://registry.yarnpkg.com/is-path-inside/-/is-path-inside-3.0.3.tgz#d231362e53a07ff2b0e0ea7fed049161ffd16283" + integrity sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ== + +is-regex@^1.1.4: + version "1.1.4" + resolved "https://registry.yarnpkg.com/is-regex/-/is-regex-1.1.4.tgz#eef5663cd59fa4c0ae339505323df6854bb15958" + integrity sha512-kvRdxDsxZjhzUX07ZnLydzS1TU/TJlTUHHY4YLL87e37oUA49DfkLqgy+VjFocowy29cKvcSiu+kIv728jTTVg== + dependencies: + call-bind "^1.0.2" + has-tostringtag "^1.0.0" + +is-shared-array-buffer@^1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/is-shared-array-buffer/-/is-shared-array-buffer-1.0.2.tgz#8f259c573b60b6a32d4058a1a07430c0a7344c79" + integrity sha512-sqN2UDu1/0y6uvXyStCOzyhAjCSlHceFoMKJW8W9EU9cvic/QdsZ0kEU93HEy3IUEFZIiH/3w+AH/UQbPHNdhA== + dependencies: + call-bind "^1.0.2" + +is-string@^1.0.5, is-string@^1.0.7: + version "1.0.7" + resolved "https://registry.yarnpkg.com/is-string/-/is-string-1.0.7.tgz#0dd12bf2006f255bb58f695110eff7491eebc0fd" + integrity sha512-tE2UXzivje6ofPW7l23cjDOMa09gb7xlAqG6jG5ej6uPV32TlWP3NKPigtaGeHNu9fohccRYvIiZMfOOnOYUtg== + dependencies: + has-tostringtag "^1.0.0" + +is-symbol@^1.0.2, is-symbol@^1.0.3: + version "1.0.4" + resolved "https://registry.yarnpkg.com/is-symbol/-/is-symbol-1.0.4.tgz#a6dac93b635b063ca6872236de88910a57af139c" + integrity sha512-C/CPBqKWnvdcxqIARxyOh4v1UUEOCHpgDa0WYgpKDFMszcrPcffg5uhwSgPCLD2WWxmq6isisz87tzT01tuGhg== + dependencies: + has-symbols "^1.0.2" + +is-typedarray@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/is-typedarray/-/is-typedarray-1.0.0.tgz#e479c80858df0c1b11ddda6940f96011fcda4a9a" + integrity sha512-cyA56iCMHAh5CdzjJIa4aohJyeO1YbwLi3Jc35MmRU6poroFjIGZzUzupGiRPOjgHg9TLu43xbpwXk523fMxKA== + +is-weakref@^1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/is-weakref/-/is-weakref-1.0.2.tgz#9529f383a9338205e89765e0392efc2f100f06f2" + integrity sha512-qctsuLZmIQ0+vSSMfoVvyFe2+GSEvnmZ2ezTup1SBse9+twCCeial6EEi3Nc2KFcf6+qz2FBPnjXsk8xhKSaPQ== + dependencies: + call-bind "^1.0.2" + +is-wsl@^2.2.0: + version "2.2.0" + resolved "https://registry.yarnpkg.com/is-wsl/-/is-wsl-2.2.0.tgz#74a4c76e77ca9fd3f932f290c17ea326cd157271" + integrity sha512-fKzAra0rGJUUBwGBgNkHZuToZcn+TtXHpeCgmkMJMMYx1sQDYaCSyjJBSCa2nH1DGm7s3n1oBnohoVTBaN7Lww== + dependencies: + is-docker "^2.0.0" + +isexe@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/isexe/-/isexe-2.0.0.tgz#e8fbf374dc556ff8947a10dcb0572d633f2cfa10" + integrity sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw== + +js-sdsl@^4.1.4: + version "4.2.0" + resolved "https://registry.yarnpkg.com/js-sdsl/-/js-sdsl-4.2.0.tgz#278e98b7bea589b8baaf048c20aeb19eb7ad09d0" + integrity sha512-dyBIzQBDkCqCu+0upx25Y2jGdbTGxE9fshMsCdK0ViOongpV+n5tXRcZY9v7CaVQ79AGS9KA1KHtojxiM7aXSQ== + +"js-tokens@^3.0.0 || ^4.0.0": + version "4.0.0" + resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499" + integrity sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ== + +js-yaml@^4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.0.tgz#c1fb65f8f5017901cdd2c951864ba18458a10602" + integrity sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA== + dependencies: + argparse "^2.0.1" + +json-schema-traverse@^0.4.1: + version "0.4.1" + resolved "https://registry.yarnpkg.com/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz#69f6a87d9513ab8bb8fe63bdb0979c448e684660" + integrity sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg== + +json-stable-stringify-without-jsonify@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz#9db7b59496ad3f3cfef30a75142d2d930ad72651" + integrity sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw== + +json5@^1.0.1: + version "1.0.2" + resolved "https://registry.yarnpkg.com/json5/-/json5-1.0.2.tgz#63d98d60f21b313b77c4d6da18bfa69d80e1d593" + integrity sha512-g1MWMLBiz8FKi1e4w0UyVL3w+iJceWAFBAaBnnGKOpNa5f8TLktkbre1+s6oICydWAm+HRUGTmI+//xv2hvXYA== + dependencies: + minimist "^1.2.0" + +"jsx-ast-utils@^2.4.1 || ^3.0.0", jsx-ast-utils@^3.3.2: + version "3.3.3" + resolved "https://registry.yarnpkg.com/jsx-ast-utils/-/jsx-ast-utils-3.3.3.tgz#76b3e6e6cece5c69d49a5792c3d01bd1a0cdc7ea" + integrity sha512-fYQHZTZ8jSfmWZ0iyzfwiU4WDX4HpHbMCZ3gPlWYiCl3BoeOTsqKBqnTVfH2rYT7eP5c3sVbeSPHnnJOaTrWiw== + dependencies: + array-includes "^3.1.5" + object.assign "^4.1.3" + +language-subtag-registry@^0.3.20: + version "0.3.22" + resolved "https://registry.yarnpkg.com/language-subtag-registry/-/language-subtag-registry-0.3.22.tgz#2e1500861b2e457eba7e7ae86877cbd08fa1fd1d" + integrity sha512-tN0MCzyWnoz/4nHS6uxdlFWoUZT7ABptwKPQ52Ea7URk6vll88bWBVhodtnlfEuCcKWNGoc+uGbw1cwa9IKh/w== + +language-tags@^1.0.5: + version "1.0.7" + resolved "https://registry.yarnpkg.com/language-tags/-/language-tags-1.0.7.tgz#41cc248730f3f12a452c2e2efe32bc0bbce67967" + integrity sha512-bSytju1/657hFjgUzPAPqszxH62ouE8nQFoFaVlIQfne4wO/wXC9A4+m8jYve7YBBvi59eq0SUpcshvG8h5Usw== + dependencies: + language-subtag-registry "^0.3.20" + +levn@^0.4.1: + version "0.4.1" + resolved "https://registry.yarnpkg.com/levn/-/levn-0.4.1.tgz#ae4562c007473b932a6200d403268dd2fffc6ade" + integrity sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ== + dependencies: + prelude-ls "^1.2.1" + type-check "~0.4.0" + +locate-path@^6.0.0: + version "6.0.0" + resolved "https://registry.yarnpkg.com/locate-path/-/locate-path-6.0.0.tgz#55321eb309febbc59c4801d931a72452a681d286" + integrity sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw== + dependencies: + p-locate "^5.0.0" + +lodash-es@^4.17.21: + version "4.17.21" + resolved "https://registry.yarnpkg.com/lodash-es/-/lodash-es-4.17.21.tgz#43e626c46e6591b7750beb2b50117390c609e3ee" + integrity sha512-mKnC+QJ9pWVzv+C4/U3rRsHapFfHvQFoFB92e52xeyGMcX6/OlIl78je1u8vePzYZSkkogMPJ2yjxxsb89cxyw== + +lodash.merge@^4.6.2: + version "4.6.2" + resolved "https://registry.yarnpkg.com/lodash.merge/-/lodash.merge-4.6.2.tgz#558aa53b43b661e1925a0afdfa36a9a1085fe57a" + integrity sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ== + +lodash.throttle@^4.1.1: + version "4.1.1" + resolved "https://registry.yarnpkg.com/lodash.throttle/-/lodash.throttle-4.1.1.tgz#c23e91b710242ac70c37f1e1cda9274cc39bf2f4" + integrity sha512-wIkUCfVKpVsWo3JSZlc+8MB5it+2AN5W8J7YVMST30UrvcQNZ1Okbj+rbVniijTWE6FGYy4XJq/rHkas8qJMLQ== + +lodash@^4.17.21: + version "4.17.21" + resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" + integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg== + +loose-envify@^1.1.0, loose-envify@^1.4.0: + version "1.4.0" + resolved "https://registry.yarnpkg.com/loose-envify/-/loose-envify-1.4.0.tgz#71ee51fa7be4caec1a63839f7e682d8132d30caf" + integrity sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q== + dependencies: + js-tokens "^3.0.0 || ^4.0.0" + +lru-cache@^6.0.0: + version "6.0.0" + resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-6.0.0.tgz#6d6fe6570ebd96aaf90fcad1dafa3b2566db3a94" + integrity sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA== + dependencies: + yallist "^4.0.0" + +merge2@^1.3.0, merge2@^1.4.1: + version "1.4.1" + resolved "https://registry.yarnpkg.com/merge2/-/merge2-1.4.1.tgz#4368892f885e907455a6fd7dc55c0c9d404990ae" + integrity sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg== + +micromatch@^4.0.4: + version "4.0.5" + resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-4.0.5.tgz#bc8999a7cbbf77cdc89f132f6e467051b49090c6" + integrity sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA== + dependencies: + braces "^3.0.2" + picomatch "^2.3.1" + +minimatch@^3.0.4, minimatch@^3.0.5, minimatch@^3.1.1, minimatch@^3.1.2: + version "3.1.2" + resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.2.tgz#19cd194bfd3e428f049a70817c038d89ab4be35b" + integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw== + dependencies: + brace-expansion "^1.1.7" + +minimist@^1.2.0, minimist@^1.2.6: + version "1.2.7" + resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.7.tgz#daa1c4d91f507390437c6a8bc01078e7000c4d18" + integrity sha512-bzfL1YUZsP41gmu/qjrEk0Q6i2ix/cVeAhbCbqH9u3zYutS1cLg00qhrD0M2MVdCcx4Sc0UpP2eBWo9rotpq6g== + +ms@2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/ms/-/ms-2.0.0.tgz#5608aeadfc00be6c2901df5f9861788de0d597c8" + integrity sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A== + +ms@2.1.2: + version "2.1.2" + resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009" + integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w== + +ms@^2.1.1: + version "2.1.3" + resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.3.tgz#574c8138ce1d2b5861f0b44579dbadd60c6615b2" + integrity sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA== + +nanoid@^3.3.4: + version "3.3.4" + resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.4.tgz#730b67e3cd09e2deacf03c027c81c9d9dbc5e8ab" + integrity sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw== + +natural-compare@^1.4.0: + version "1.4.0" + resolved "https://registry.yarnpkg.com/natural-compare/-/natural-compare-1.4.0.tgz#4abebfeed7541f2c27acfb29bdbbd15c8d5ba4f7" + integrity sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw== + +next-tick@^1.1.0: + version "1.1.0" + resolved "https://registry.yarnpkg.com/next-tick/-/next-tick-1.1.0.tgz#1836ee30ad56d67ef281b22bd199f709449b35eb" + integrity sha512-CXdUiJembsNjuToQvxayPZF9Vqht7hewsvy2sOWafLvi2awflj9mOC6bHIg50orX8IJvWKY9wYQ/zB2kogPslQ== + +next@13.1.1: + version "13.1.1" + resolved "https://registry.yarnpkg.com/next/-/next-13.1.1.tgz#42b825f650410649aff1017d203a088d77c80b5b" + integrity sha512-R5eBAaIa3X7LJeYvv1bMdGnAVF4fVToEjim7MkflceFPuANY3YyvFxXee/A+acrSYwYPvOvf7f6v/BM/48ea5w== + dependencies: + "@next/env" "13.1.1" + "@swc/helpers" "0.4.14" + caniuse-lite "^1.0.30001406" + postcss "8.4.14" + styled-jsx "5.1.1" + optionalDependencies: + "@next/swc-android-arm-eabi" "13.1.1" + "@next/swc-android-arm64" "13.1.1" + "@next/swc-darwin-arm64" "13.1.1" + "@next/swc-darwin-x64" "13.1.1" + "@next/swc-freebsd-x64" "13.1.1" + "@next/swc-linux-arm-gnueabihf" "13.1.1" + "@next/swc-linux-arm64-gnu" "13.1.1" + "@next/swc-linux-arm64-musl" "13.1.1" + "@next/swc-linux-x64-gnu" "13.1.1" + "@next/swc-linux-x64-musl" "13.1.1" + "@next/swc-win32-arm64-msvc" "13.1.1" + "@next/swc-win32-ia32-msvc" "13.1.1" + "@next/swc-win32-x64-msvc" "13.1.1" + +nextjs-websocket@^1.0.11: + version "1.0.11" + resolved "https://registry.yarnpkg.com/nextjs-websocket/-/nextjs-websocket-1.0.11.tgz#b5cd776c3cf600f144bba9ebe4430344f5cbc4e4" + integrity sha512-5+NsWcl9Oc8fu3n660h7iVwaOQ1ctbANsrfmE8rlXmHI2syQM+1c8Tn3iCd70oxDUQXeuWNgRiCzBfOAKwmKxw== + dependencies: + websocket "^1.0.33" + +node-gyp-build@^4.3.0: + version "4.5.0" + resolved "https://registry.yarnpkg.com/node-gyp-build/-/node-gyp-build-4.5.0.tgz#7a64eefa0b21112f89f58379da128ac177f20e40" + integrity sha512-2iGbaQBV+ITgCz76ZEjmhUKAKVf7xfY1sRl4UiKQspfZMH2h06SyhNsnSVy50cwkFQDGLyif6m/6uFXHkOZ6rg== + +object-assign@^4.1.1: + version "4.1.1" + resolved "https://registry.yarnpkg.com/object-assign/-/object-assign-4.1.1.tgz#2109adc7965887cfc05cbbd442cac8bfbb360863" + integrity sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg== + +object-inspect@^1.12.2, object-inspect@^1.9.0: + version "1.12.2" + resolved "https://registry.yarnpkg.com/object-inspect/-/object-inspect-1.12.2.tgz#c0641f26394532f28ab8d796ab954e43c009a8ea" + integrity sha512-z+cPxW0QGUp0mcqcsgQyLVRDoXFQbXOwBaqyF7VIgI4TWNQsDHrBpUQslRmIfAoYWdYzs6UlKJtB2XJpTaNSpQ== + +object-keys@^1.1.1: + version "1.1.1" + resolved "https://registry.yarnpkg.com/object-keys/-/object-keys-1.1.1.tgz#1c47f272df277f3b1daf061677d9c82e2322c60e" + integrity sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA== + +object.assign@^4.1.3, object.assign@^4.1.4: + version "4.1.4" + resolved "https://registry.yarnpkg.com/object.assign/-/object.assign-4.1.4.tgz#9673c7c7c351ab8c4d0b516f4343ebf4dfb7799f" + integrity sha512-1mxKf0e58bvyjSCtKYY4sRe9itRk3PJpquJOjeIkz885CczcI4IvJJDLPS72oowuSh+pBxUFROpX+TU++hxhZQ== + dependencies: + call-bind "^1.0.2" + define-properties "^1.1.4" + has-symbols "^1.0.3" + object-keys "^1.1.1" + +object.entries@^1.1.6: + version "1.1.6" + resolved "https://registry.yarnpkg.com/object.entries/-/object.entries-1.1.6.tgz#9737d0e5b8291edd340a3e3264bb8a3b00d5fa23" + integrity sha512-leTPzo4Zvg3pmbQ3rDK69Rl8GQvIqMWubrkxONG9/ojtFE2rD9fjMKfSI5BxW3osRH1m6VdzmqK8oAY9aT4x5w== + dependencies: + call-bind "^1.0.2" + define-properties "^1.1.4" + es-abstract "^1.20.4" + +object.fromentries@^2.0.6: + version "2.0.6" + resolved "https://registry.yarnpkg.com/object.fromentries/-/object.fromentries-2.0.6.tgz#cdb04da08c539cffa912dcd368b886e0904bfa73" + integrity sha512-VciD13dswC4j1Xt5394WR4MzmAQmlgN72phd/riNp9vtD7tp4QQWJ0R4wvclXcafgcYK8veHRed2W6XeGBvcfg== + dependencies: + call-bind "^1.0.2" + define-properties "^1.1.4" + es-abstract "^1.20.4" + +object.hasown@^1.1.2: + version "1.1.2" + resolved "https://registry.yarnpkg.com/object.hasown/-/object.hasown-1.1.2.tgz#f919e21fad4eb38a57bc6345b3afd496515c3f92" + integrity sha512-B5UIT3J1W+WuWIU55h0mjlwaqxiE5vYENJXIXZ4VFe05pNYrkKuK0U/6aFcb0pKywYJh7IhfoqUfKVmrJJHZHw== + dependencies: + define-properties "^1.1.4" + es-abstract "^1.20.4" + +object.values@^1.1.5, object.values@^1.1.6: + version "1.1.6" + resolved "https://registry.yarnpkg.com/object.values/-/object.values-1.1.6.tgz#4abbaa71eba47d63589d402856f908243eea9b1d" + integrity sha512-FVVTkD1vENCsAcwNs9k6jea2uHC/X0+JcjG8YA60FN5CMaJmG95wT9jek/xX9nornqGRrBkKtzuAu2wuHpKqvw== + dependencies: + call-bind "^1.0.2" + define-properties "^1.1.4" + es-abstract "^1.20.4" + +once@^1.3.0: + version "1.4.0" + resolved "https://registry.yarnpkg.com/once/-/once-1.4.0.tgz#583b1aa775961d4b113ac17d9c50baef9dd76bd1" + integrity sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w== + dependencies: + wrappy "1" + +open@^8.4.0: + version "8.4.0" + resolved "https://registry.yarnpkg.com/open/-/open-8.4.0.tgz#345321ae18f8138f82565a910fdc6b39e8c244f8" + integrity sha512-XgFPPM+B28FtCCgSb9I+s9szOC1vZRSwgWsRUA5ylIxRTgKozqjOCrVOqGsYABPYK5qnfqClxZTFBa8PKt2v6Q== + dependencies: + define-lazy-prop "^2.0.0" + is-docker "^2.1.1" + is-wsl "^2.2.0" + +optionator@^0.9.1: + version "0.9.1" + resolved "https://registry.yarnpkg.com/optionator/-/optionator-0.9.1.tgz#4f236a6373dae0566a6d43e1326674f50c291499" + integrity sha512-74RlY5FCnhq4jRxVUPKDaRwrVNXMqsGsiW6AJw4XK8hmtm10wC0ypZBLw5IIp85NZMr91+qd1RvvENwg7jjRFw== + dependencies: + deep-is "^0.1.3" + fast-levenshtein "^2.0.6" + levn "^0.4.1" + prelude-ls "^1.2.1" + type-check "^0.4.0" + word-wrap "^1.2.3" + +p-limit@^3.0.2: + version "3.1.0" + resolved "https://registry.yarnpkg.com/p-limit/-/p-limit-3.1.0.tgz#e1daccbe78d0d1388ca18c64fea38e3e57e3706b" + integrity sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ== + dependencies: + yocto-queue "^0.1.0" + +p-locate@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/p-locate/-/p-locate-5.0.0.tgz#83c8315c6785005e3bd021839411c9e110e6d834" + integrity sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw== + dependencies: + p-limit "^3.0.2" + +parent-module@^1.0.0: + version "1.0.1" + resolved "https://registry.yarnpkg.com/parent-module/-/parent-module-1.0.1.tgz#691d2709e78c79fae3a156622452d00762caaaa2" + integrity sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g== + dependencies: + callsites "^3.0.0" + +path-exists@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/path-exists/-/path-exists-4.0.0.tgz#513bdbe2d3b95d7762e8c1137efa195c6c61b5b3" + integrity sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w== + +path-is-absolute@^1.0.0: + version "1.0.1" + resolved "https://registry.yarnpkg.com/path-is-absolute/-/path-is-absolute-1.0.1.tgz#174b9268735534ffbc7ace6bf53a5a9e1b5c5f5f" + integrity sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg== + +path-key@^3.1.0: + version "3.1.1" + resolved "https://registry.yarnpkg.com/path-key/-/path-key-3.1.1.tgz#581f6ade658cbba65a0d3380de7753295054f375" + integrity sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q== + +path-parse@^1.0.7: + version "1.0.7" + resolved "https://registry.yarnpkg.com/path-parse/-/path-parse-1.0.7.tgz#fbc114b60ca42b30d9daf5858e4bd68bbedb6735" + integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== + +path-type@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/path-type/-/path-type-4.0.0.tgz#84ed01c0a7ba380afe09d90a8c180dcd9d03043b" + integrity sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw== + +picocolors@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/picocolors/-/picocolors-1.0.0.tgz#cb5bdc74ff3f51892236eaf79d68bc44564ab81c" + integrity sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ== + +picomatch@^2.3.1: + version "2.3.1" + resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.1.tgz#3ba3833733646d9d3e4995946c1365a67fb07a42" + integrity sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA== + +postcss@8.4.14: + version "8.4.14" + resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.14.tgz#ee9274d5622b4858c1007a74d76e42e56fd21caf" + integrity sha512-E398TUmfAYFPBSdzgeieK2Y1+1cpdxJx8yXbK/m57nRhKSmk1GB2tO4lbLBtlkfPQTDKfe4Xqv1ASWPpayPEig== + dependencies: + nanoid "^3.3.4" + picocolors "^1.0.0" + source-map-js "^1.0.2" + +prelude-ls@^1.2.1: + version "1.2.1" + resolved "https://registry.yarnpkg.com/prelude-ls/-/prelude-ls-1.2.1.tgz#debc6489d7a6e6b0e7611888cec880337d316396" + integrity sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g== + +prop-types@^15.7.2, prop-types@^15.8.1: + version "15.8.1" + resolved "https://registry.yarnpkg.com/prop-types/-/prop-types-15.8.1.tgz#67d87bf1a694f48435cf332c24af10214a3140b5" + integrity sha512-oj87CgZICdulUohogVAR7AjlC0327U4el4L6eAvOqCeudMDVU0NThNaV+b9Df4dXgSP1gXMTnPdhfe/2qDH5cg== + dependencies: + loose-envify "^1.4.0" + object-assign "^4.1.1" + react-is "^16.13.1" + +punycode@^2.1.0: + version "2.1.1" + resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.1.1.tgz#b58b010ac40c22c5657616c8d2c2c02c7bf479ec" + integrity sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A== + +queue-microtask@^1.2.2: + version "1.2.3" + resolved "https://registry.yarnpkg.com/queue-microtask/-/queue-microtask-1.2.3.tgz#4929228bbc724dfac43e0efb058caf7b6cfb6243" + integrity sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A== + +rc-util@^5.9.4: + version "5.27.1" + resolved "https://registry.yarnpkg.com/rc-util/-/rc-util-5.27.1.tgz#d12f02b9577b04299c0f1a235c8acbcf56e2824b" + integrity sha512-PsjHA+f+KBCz+YTZxrl3ukJU5RoNKoe3KSNMh0xGiISbR67NaM9E9BiMjCwxa3AcCUOg/rZ+V0ZKLSimAA+e3w== + dependencies: + "@babel/runtime" "^7.18.3" + react-is "^16.12.0" + +"react-chat-engine-advanced@link:..": + version "0.0.0" + uid "" + +react-dom@18.2.0: + version "18.2.0" + resolved "https://registry.yarnpkg.com/react-dom/-/react-dom-18.2.0.tgz#22aaf38708db2674ed9ada224ca4aa708d821e3d" + integrity sha512-6IMTriUmvsjHUjNtEDudZfuDQUoWXVxKHhlEGSk81n4YFS+r/Kl99wXiwlVXtPBtJenozv2P+hxDsw9eA7Xo6g== + dependencies: + loose-envify "^1.1.0" + scheduler "^0.23.0" + +react-grid-system@^7.3.2: + version "7.3.2" + resolved "https://registry.yarnpkg.com/react-grid-system/-/react-grid-system-7.3.2.tgz#b3e8cc704d432b097bd03c6ea8c2bbed05974475" + integrity sha512-SR5FKJvvN+Sl/OqSpyhLaesfc2cHKxFlP5xL53jUp3m+vF40OYiJbCuW+U43YeNEZQUfR38K3Ec+dVxl9y6MUg== + dependencies: + prop-types "^15.7.2" + +react-is@^16.12.0, react-is@^16.13.1: + version "16.13.1" + resolved "https://registry.yarnpkg.com/react-is/-/react-is-16.13.1.tgz#789729a4dc36de2999dc156dd6c1d9c18cea56a4" + integrity sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ== + +react-scroll@^1.8.4: + version "1.8.9" + resolved "https://registry.yarnpkg.com/react-scroll/-/react-scroll-1.8.9.tgz#96f8a82f882b187970c2338759225c7e619d915b" + integrity sha512-9m7ztraiX/l6L7erzYAD3fhnveNckei6/NkWfqwN2e0FRdoE2W6Pk4oi2Nah7mWpPCPAeIgegfaqZACTimPOwg== + dependencies: + lodash.throttle "^4.1.1" + prop-types "^15.7.2" + +react@18.2.0: + version "18.2.0" + resolved "https://registry.yarnpkg.com/react/-/react-18.2.0.tgz#555bd98592883255fa00de14f1151a917b5d77d5" + integrity sha512-/3IjMdb2L9QbBdWiW5e3P2/npwMBaU9mHCSCUzNln0ZCYbcfTsGbTJrU/kGemdH2IWmB2ioZ+zkxtmq6g09fGQ== + dependencies: + loose-envify "^1.1.0" + +regenerator-runtime@^0.13.11: + version "0.13.11" + resolved "https://registry.yarnpkg.com/regenerator-runtime/-/regenerator-runtime-0.13.11.tgz#f6dca3e7ceec20590d07ada785636a90cdca17f9" + integrity sha512-kY1AZVr2Ra+t+piVaJ4gxaFaReZVH40AKNo7UCX6W+dEwBo/2oZJzqfuN1qLq1oL45o56cPaTXELwrTh8Fpggg== + +regexp.prototype.flags@^1.4.3: + version "1.4.3" + resolved "https://registry.yarnpkg.com/regexp.prototype.flags/-/regexp.prototype.flags-1.4.3.tgz#87cab30f80f66660181a3bb7bf5981a872b367ac" + integrity sha512-fjggEOO3slI6Wvgjwflkc4NFRCTZAu5CnNfBd5qOMYhWdn67nJBBu34/TkD++eeFmd8C9r9jfXJ27+nSiRkSUA== + dependencies: + call-bind "^1.0.2" + define-properties "^1.1.3" + functions-have-names "^1.2.2" + +regexpp@^3.2.0: + version "3.2.0" + resolved "https://registry.yarnpkg.com/regexpp/-/regexpp-3.2.0.tgz#0425a2768d8f23bad70ca4b90461fa2f1213e1b2" + integrity sha512-pq2bWo9mVD43nbts2wGv17XLiNLya+GklZ8kaDLV2Z08gDCsGpnKn9BFMepvWuHCbyVvY7J5o5+BVvoQbmlJLg== + +resolve-from@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/resolve-from/-/resolve-from-4.0.0.tgz#4abcd852ad32dd7baabfe9b40e00a36db5f392e6" + integrity sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g== + +resolve@^1.20.0, resolve@^1.22.0: + version "1.22.1" + resolved "https://registry.yarnpkg.com/resolve/-/resolve-1.22.1.tgz#27cb2ebb53f91abb49470a928bba7558066ac177" + integrity sha512-nBpuuYuY5jFsli/JIs1oldw6fOQCBioohqWZg/2hiaOybXOft4lonv85uDOKXdf8rhyK159cxU5cDcK/NKk8zw== + dependencies: + is-core-module "^2.9.0" + path-parse "^1.0.7" + supports-preserve-symlinks-flag "^1.0.0" + +resolve@^2.0.0-next.3: + version "2.0.0-next.4" + resolved "https://registry.yarnpkg.com/resolve/-/resolve-2.0.0-next.4.tgz#3d37a113d6429f496ec4752d2a2e58efb1fd4660" + integrity sha512-iMDbmAWtfU+MHpxt/I5iWI7cY6YVEZUQ3MBgPQ++XD1PELuJHIl82xBmObyP2KyQmkNB2dsqF7seoQQiAn5yDQ== + dependencies: + is-core-module "^2.9.0" + path-parse "^1.0.7" + supports-preserve-symlinks-flag "^1.0.0" + +reusify@^1.0.4: + version "1.0.4" + resolved "https://registry.yarnpkg.com/reusify/-/reusify-1.0.4.tgz#90da382b1e126efc02146e90845a88db12925d76" + integrity sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw== + +rimraf@^3.0.2: + version "3.0.2" + resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-3.0.2.tgz#f1a5402ba6220ad52cc1282bac1ae3aa49fd061a" + integrity sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA== + dependencies: + glob "^7.1.3" + +run-parallel@^1.1.9: + version "1.2.0" + resolved "https://registry.yarnpkg.com/run-parallel/-/run-parallel-1.2.0.tgz#66d1368da7bdf921eb9d95bd1a9229e7f21a43ee" + integrity sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA== + dependencies: + queue-microtask "^1.2.2" + +safe-regex-test@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/safe-regex-test/-/safe-regex-test-1.0.0.tgz#793b874d524eb3640d1873aad03596db2d4f2295" + integrity sha512-JBUUzyOgEwXQY1NuPtvcj/qcBDbDmEvWufhlnXZIm75DEHp+afM1r1ujJpJsV/gSM4t59tpDyPi1sd6ZaPFfsA== + dependencies: + call-bind "^1.0.2" + get-intrinsic "^1.1.3" + is-regex "^1.1.4" + +scheduler@^0.23.0: + version "0.23.0" + resolved "https://registry.yarnpkg.com/scheduler/-/scheduler-0.23.0.tgz#ba8041afc3d30eb206a487b6b384002e4e61fdfe" + integrity sha512-CtuThmgHNg7zIZWAXi3AsyIzA3n4xx7aNyjwC2VJldO2LMVDhFK+63xGqq6CsJH4rTAt6/M+N4GhZiDYPx9eUw== + dependencies: + loose-envify "^1.1.0" + +semver@^6.3.0: + version "6.3.0" + resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d" + integrity sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw== + +semver@^7.3.7: + version "7.3.8" + resolved "https://registry.yarnpkg.com/semver/-/semver-7.3.8.tgz#07a78feafb3f7b32347d725e33de7e2a2df67798" + integrity sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A== + dependencies: + lru-cache "^6.0.0" + +shebang-command@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/shebang-command/-/shebang-command-2.0.0.tgz#ccd0af4f8835fbdc265b82461aaf0c36663f34ea" + integrity sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA== + dependencies: + shebang-regex "^3.0.0" + +shebang-regex@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/shebang-regex/-/shebang-regex-3.0.0.tgz#ae16f1644d873ecad843b0307b143362d4c42172" + integrity sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A== + +side-channel@^1.0.4: + version "1.0.4" + resolved "https://registry.yarnpkg.com/side-channel/-/side-channel-1.0.4.tgz#efce5c8fdc104ee751b25c58d4290011fa5ea2cf" + integrity sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw== + dependencies: + call-bind "^1.0.0" + get-intrinsic "^1.0.2" + object-inspect "^1.9.0" + +slash@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/slash/-/slash-3.0.0.tgz#6539be870c165adbd5240220dbe361f1bc4d4634" + integrity sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q== + +slash@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/slash/-/slash-4.0.0.tgz#2422372176c4c6c5addb5e2ada885af984b396a7" + integrity sha512-3dOsAHXXUkQTpOYcoAxLIorMTp4gIQr5IW3iVb7A7lFIp0VHhnynm9izx6TssdrIcVIESAlVjtnO2K8bg+Coew== + +source-map-js@^1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/source-map-js/-/source-map-js-1.0.2.tgz#adbc361d9c62df380125e7f161f71c826f1e490c" + integrity sha512-R0XvVJ9WusLiqTCEiGCmICCMplcCkIwwR11mOSD9CR5u+IXYdiseeEuXCVAjS54zqwkLcPNnmU4OeJ6tUrWhDw== + +string.prototype.matchall@^4.0.8: + version "4.0.8" + resolved "https://registry.yarnpkg.com/string.prototype.matchall/-/string.prototype.matchall-4.0.8.tgz#3bf85722021816dcd1bf38bb714915887ca79fd3" + integrity sha512-6zOCOcJ+RJAQshcTvXPHoxoQGONa3e/Lqx90wUA+wEzX78sg5Bo+1tQo4N0pohS0erG9qtCqJDjNCQBjeWVxyg== + dependencies: + call-bind "^1.0.2" + define-properties "^1.1.4" + es-abstract "^1.20.4" + get-intrinsic "^1.1.3" + has-symbols "^1.0.3" + internal-slot "^1.0.3" + regexp.prototype.flags "^1.4.3" + side-channel "^1.0.4" + +string.prototype.trimend@^1.0.6: + version "1.0.6" + resolved "https://registry.yarnpkg.com/string.prototype.trimend/-/string.prototype.trimend-1.0.6.tgz#c4a27fa026d979d79c04f17397f250a462944533" + integrity sha512-JySq+4mrPf9EsDBEDYMOb/lM7XQLulwg5R/m1r0PXEFqrV0qHvl58sdTilSXtKOflCsK2E8jxf+GKC0T07RWwQ== + dependencies: + call-bind "^1.0.2" + define-properties "^1.1.4" + es-abstract "^1.20.4" + +string.prototype.trimstart@^1.0.6: + version "1.0.6" + resolved "https://registry.yarnpkg.com/string.prototype.trimstart/-/string.prototype.trimstart-1.0.6.tgz#e90ab66aa8e4007d92ef591bbf3cd422c56bdcf4" + integrity sha512-omqjMDaY92pbn5HOX7f9IccLA+U1tA9GvtU4JrodiXFfYB7jPzzHpRzpglLAjtUV6bB557zwClJezTqnAiYnQA== + dependencies: + call-bind "^1.0.2" + define-properties "^1.1.4" + es-abstract "^1.20.4" + +strip-ansi@^6.0.1: + version "6.0.1" + resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" + integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== + dependencies: + ansi-regex "^5.0.1" + +strip-bom@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/strip-bom/-/strip-bom-3.0.0.tgz#2334c18e9c759f7bdd56fdef7e9ae3d588e68ed3" + integrity sha512-vavAMRXOgBVNF6nyEEmL3DBK19iRpDcoIwW+swQ+CbGiu7lju6t+JklA1MHweoWtadgt4ISVUsXLyDq34ddcwA== + +strip-json-comments@^3.1.0, strip-json-comments@^3.1.1: + version "3.1.1" + resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-3.1.1.tgz#31f1281b3832630434831c310c01cccda8cbe006" + integrity sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig== + +styled-jsx@5.1.1: + version "5.1.1" + resolved "https://registry.yarnpkg.com/styled-jsx/-/styled-jsx-5.1.1.tgz#839a1c3aaacc4e735fed0781b8619ea5d0009d1f" + integrity sha512-pW7uC1l4mBZ8ugbiZrcIsiIvVx1UmTfw7UkC3Um2tmfUq9Bhk8IiyEIPl6F8agHgjzku6j0xQEZbfA5uSgSaCw== + dependencies: + client-only "0.0.1" + +supports-color@^7.1.0: + version "7.2.0" + resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-7.2.0.tgz#1b7dcdcb32b8138801b3e478ba6a51caa89648da" + integrity sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw== + dependencies: + has-flag "^4.0.0" + +supports-preserve-symlinks-flag@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz#6eda4bd344a3c94aea376d4cc31bc77311039e09" + integrity sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w== + +synckit@^0.8.4: + version "0.8.4" + resolved "https://registry.yarnpkg.com/synckit/-/synckit-0.8.4.tgz#0e6b392b73fafdafcde56692e3352500261d64ec" + integrity sha512-Dn2ZkzMdSX827QbowGbU/4yjWuvNaCoScLLoMo/yKbu+P4GBR6cRGKZH27k6a9bRzdqcyd1DE96pQtQ6uNkmyw== + dependencies: + "@pkgr/utils" "^2.3.1" + tslib "^2.4.0" + +tapable@^2.2.0: + version "2.2.1" + resolved "https://registry.yarnpkg.com/tapable/-/tapable-2.2.1.tgz#1967a73ef4060a82f12ab96af86d52fdb76eeca0" + integrity sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ== + +text-table@^0.2.0: + version "0.2.0" + resolved "https://registry.yarnpkg.com/text-table/-/text-table-0.2.0.tgz#7f5ee823ae805207c00af2df4a84ec3fcfa570b4" + integrity sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw== + +tiny-glob@^0.2.9: + version "0.2.9" + resolved "https://registry.yarnpkg.com/tiny-glob/-/tiny-glob-0.2.9.tgz#2212d441ac17928033b110f8b3640683129d31e2" + integrity sha512-g/55ssRPUjShh+xkfx9UPDXqhckHEsHr4Vd9zX55oSdGZc/MD0m3sferOkwWtp98bv+kcVfEHtRJgBVJzelrzg== + dependencies: + globalyzer "0.1.0" + globrex "^0.1.2" + +to-regex-range@^5.0.1: + version "5.0.1" + resolved "https://registry.yarnpkg.com/to-regex-range/-/to-regex-range-5.0.1.tgz#1648c44aae7c8d988a326018ed72f5b4dd0392e4" + integrity sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ== + dependencies: + is-number "^7.0.0" + +tsconfig-paths@^3.14.1: + version "3.14.1" + resolved "https://registry.yarnpkg.com/tsconfig-paths/-/tsconfig-paths-3.14.1.tgz#ba0734599e8ea36c862798e920bcf163277b137a" + integrity sha512-fxDhWnFSLt3VuTwtvJt5fpwxBHg5AdKWMsgcPOOIilyjymcYVZoCQF8fvFRezCNfblEXmi+PcM1eYHeOAgXCOQ== + dependencies: + "@types/json5" "^0.0.29" + json5 "^1.0.1" + minimist "^1.2.6" + strip-bom "^3.0.0" + +tslib@^1.8.1: + version "1.14.1" + resolved "https://registry.yarnpkg.com/tslib/-/tslib-1.14.1.tgz#cf2d38bdc34a134bcaf1091c41f6619e2f672d00" + integrity sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg== + +tslib@^2.4.0: + version "2.4.1" + resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.4.1.tgz#0d0bfbaac2880b91e22df0768e55be9753a5b17e" + integrity sha512-tGyy4dAjRIEwI7BzsB0lynWgOpfqjUdq91XXAlIWD2OwKBH7oCl/GZG/HT4BOHrTlPMOASlMQ7veyTqpmRcrNA== + +tsutils@^3.21.0: + version "3.21.0" + resolved "https://registry.yarnpkg.com/tsutils/-/tsutils-3.21.0.tgz#b48717d394cea6c1e096983eed58e9d61715b623" + integrity sha512-mHKK3iUXL+3UF6xL5k0PEhKRUBKPBCv/+RkEOpjRWxxx27KKRBmmA60A9pgOUvMi8GKhRMPEmjBRPzs2W7O1OA== + dependencies: + tslib "^1.8.1" + +type-check@^0.4.0, type-check@~0.4.0: + version "0.4.0" + resolved "https://registry.yarnpkg.com/type-check/-/type-check-0.4.0.tgz#07b8203bfa7056c0657050e3ccd2c37730bab8f1" + integrity sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew== + dependencies: + prelude-ls "^1.2.1" + +type-fest@^0.20.2: + version "0.20.2" + resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.20.2.tgz#1bf207f4b28f91583666cb5fbd327887301cd5f4" + integrity sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ== + +type@^1.0.1: + version "1.2.0" + resolved "https://registry.yarnpkg.com/type/-/type-1.2.0.tgz#848dd7698dafa3e54a6c479e759c4bc3f18847a0" + integrity sha512-+5nt5AAniqsCnu2cEQQdpzCAh33kVx8n0VoFidKpB1dVVLAN/F+bgVOqOJqOnEnrhp222clB5p3vUlD+1QAnfg== + +type@^2.7.2: + version "2.7.2" + resolved "https://registry.yarnpkg.com/type/-/type-2.7.2.tgz#2376a15a3a28b1efa0f5350dcf72d24df6ef98d0" + integrity sha512-dzlvlNlt6AXU7EBSfpAscydQ7gXB+pPGsPnfJnZpiNJBDj7IaJzQlBZYGdEi4R9HmPdBv2XmWJ6YUtoTa7lmCw== + +typedarray-to-buffer@^3.1.5: + version "3.1.5" + resolved "https://registry.yarnpkg.com/typedarray-to-buffer/-/typedarray-to-buffer-3.1.5.tgz#a97ee7a9ff42691b9f783ff1bc5112fe3fca9080" + integrity sha512-zdu8XMNEDepKKR+XYOXAVPtWui0ly0NtohUscw+UmaHiAWT8hrV1rr//H6V+0DvJ3OQ19S979M0laLfX8rm82Q== + dependencies: + is-typedarray "^1.0.0" + +typescript@4.9.4: + version "4.9.4" + resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.9.4.tgz#a2a3d2756c079abda241d75f149df9d561091e78" + integrity sha512-Uz+dTXYzxXXbsFpM86Wh3dKCxrQqUcVMxwU54orwlJjOpO3ao8L7j5lH+dWfTwgCwIuM9GQ2kvVotzYJMXTBZg== + +unbox-primitive@^1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/unbox-primitive/-/unbox-primitive-1.0.2.tgz#29032021057d5e6cdbd08c5129c226dff8ed6f9e" + integrity sha512-61pPlCD9h51VoreyJ0BReideM3MDKMKnh6+V9L08331ipq6Q8OFXZYiqP6n/tbHx4s5I9uRhcye6BrbkizkBDw== + dependencies: + call-bind "^1.0.2" + has-bigints "^1.0.2" + has-symbols "^1.0.3" + which-boxed-primitive "^1.0.2" + +uri-js@^4.2.2: + version "4.4.1" + resolved "https://registry.yarnpkg.com/uri-js/-/uri-js-4.4.1.tgz#9b1a52595225859e55f669d928f88c6c57f2a77e" + integrity sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg== + dependencies: + punycode "^2.1.0" + +utf-8-validate@^5.0.2: + version "5.0.10" + resolved "https://registry.yarnpkg.com/utf-8-validate/-/utf-8-validate-5.0.10.tgz#d7d10ea39318171ca982718b6b96a8d2442571a2" + integrity sha512-Z6czzLq4u8fPOyx7TU6X3dvUZVvoJmxSQ+IcrlmagKhilxlhZgxPK6C5Jqbkw1IDUmFTM+cz9QDnnLTwDz/2gQ== + dependencies: + node-gyp-build "^4.3.0" + +websocket@^1.0.33: + version "1.0.34" + resolved "https://registry.yarnpkg.com/websocket/-/websocket-1.0.34.tgz#2bdc2602c08bf2c82253b730655c0ef7dcab3111" + integrity sha512-PRDso2sGwF6kM75QykIesBijKSVceR6jL2G8NGYyq2XrItNC2P5/qL5XeR056GhA+Ly7JMFvJb9I312mJfmqnQ== + dependencies: + bufferutil "^4.0.1" + debug "^2.2.0" + es5-ext "^0.10.50" + typedarray-to-buffer "^3.1.5" + utf-8-validate "^5.0.2" + yaeti "^0.0.6" + +which-boxed-primitive@^1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/which-boxed-primitive/-/which-boxed-primitive-1.0.2.tgz#13757bc89b209b049fe5d86430e21cf40a89a8e6" + integrity sha512-bwZdv0AKLpplFY2KZRX6TvyuN7ojjr7lwkg6ml0roIy9YeuSr7JS372qlNW18UQYzgYK9ziGcerWqZOmEn9VNg== + dependencies: + is-bigint "^1.0.1" + is-boolean-object "^1.1.0" + is-number-object "^1.0.4" + is-string "^1.0.5" + is-symbol "^1.0.3" + +which@^2.0.1: + version "2.0.2" + resolved "https://registry.yarnpkg.com/which/-/which-2.0.2.tgz#7c6a8dd0a636a0327e10b59c9286eee93f3f51b1" + integrity sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA== + dependencies: + isexe "^2.0.0" + +word-wrap@^1.2.3: + version "1.2.3" + resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.3.tgz#610636f6b1f703891bd34771ccb17fb93b47079c" + integrity sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ== + +wrappy@1: + version "1.0.2" + resolved "https://registry.yarnpkg.com/wrappy/-/wrappy-1.0.2.tgz#b5243d8f3ec1aa35f1364605bc0d1036e30ab69f" + integrity sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ== + +yaeti@^0.0.6: + version "0.0.6" + resolved "https://registry.yarnpkg.com/yaeti/-/yaeti-0.0.6.tgz#f26f484d72684cf42bedfb76970aa1608fbf9577" + integrity sha512-MvQa//+KcZCUkBTIC9blM+CU9J2GzuTytsOUwf2lidtvkx/6gnEp1QvJv34t9vdjhFmha/mUiNDbN0D0mJWdug== + +yallist@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/yallist/-/yallist-4.0.0.tgz#9bb92790d9c0effec63be73519e11a35019a3a72" + integrity sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A== + +yocto-queue@^0.1.0: + version "0.1.0" + resolved "https://registry.yarnpkg.com/yocto-queue/-/yocto-queue-0.1.0.tgz#0294eb3dee05028d31ee1a5fa2c556a6aaf10a1b" + integrity sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q== diff --git a/package-lock.json b/package-lock.json index 4c2e3f9..03db1f8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,11 +1,11 @@ { - "name": "react-chat-engine-advanced", + "name": "react-chat-engine-advanced-test", "version": "0.1.28", "lockfileVersion": 2, "requires": true, "packages": { "": { - "name": "react-chat-engine-advanced", + "name": "react-chat-engine-advanced-test", "version": "0.1.28", "license": "MIT", "dependencies": { @@ -14,7 +14,7 @@ "axios": "^0.24.0", "lodash": "^4.17.21", "lodash-es": "^4.17.21", - "nextjs-websocket": "^1.0.8", + "nextjs-websocket": "^1.0.11", "react-grid-system": "^7.3.2", "react-scroll": "^1.8.4" }, @@ -26798,9 +26798,9 @@ "integrity": "sha512-CXdUiJembsNjuToQvxayPZF9Vqht7hewsvy2sOWafLvi2awflj9mOC6bHIg50orX8IJvWKY9wYQ/zB2kogPslQ==" }, "node_modules/nextjs-websocket": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/nextjs-websocket/-/nextjs-websocket-1.0.8.tgz", - "integrity": "sha512-8RAYFb9DMqe/z00tUcouOj7eSNnwJuJdWlFTEVx1bYh2h/zTLjUfayeQfsf7tHFRd2vx7SSxLW/wBJQruV4Omw==", + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/nextjs-websocket/-/nextjs-websocket-1.0.11.tgz", + "integrity": "sha512-5+NsWcl9Oc8fu3n660h7iVwaOQ1ctbANsrfmE8rlXmHI2syQM+1c8Tn3iCd70oxDUQXeuWNgRiCzBfOAKwmKxw==", "dependencies": { "websocket": "^1.0.33" }, @@ -60590,9 +60590,9 @@ "integrity": "sha512-CXdUiJembsNjuToQvxayPZF9Vqht7hewsvy2sOWafLvi2awflj9mOC6bHIg50orX8IJvWKY9wYQ/zB2kogPslQ==" }, "nextjs-websocket": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/nextjs-websocket/-/nextjs-websocket-1.0.8.tgz", - "integrity": "sha512-8RAYFb9DMqe/z00tUcouOj7eSNnwJuJdWlFTEVx1bYh2h/zTLjUfayeQfsf7tHFRd2vx7SSxLW/wBJQruV4Omw==", + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/nextjs-websocket/-/nextjs-websocket-1.0.11.tgz", + "integrity": "sha512-5+NsWcl9Oc8fu3n660h7iVwaOQ1ctbANsrfmE8rlXmHI2syQM+1c8Tn3iCd70oxDUQXeuWNgRiCzBfOAKwmKxw==", "requires": { "websocket": "^1.0.33" } diff --git a/package.json b/package.json index 3dbfa30..4bc6dd5 100644 --- a/package.json +++ b/package.json @@ -81,7 +81,7 @@ "axios": "^0.24.0", "lodash": "^4.17.21", "lodash-es": "^4.17.21", - "nextjs-websocket": "^1.0.8", + "nextjs-websocket": "^1.0.11", "react-grid-system": "^7.3.2", "react-scroll": "^1.8.4" } diff --git a/src/@types/nextjs-websocket/index.d.ts b/src/@types/nextjs-websocket/index.d.ts index 98e5f0c..be47d49 100644 --- a/src/@types/nextjs-websocket/index.d.ts +++ b/src/@types/nextjs-websocket/index.d.ts @@ -1,5 +1,5 @@ declare module 'nextjs-websocket' { - import { WebSocket } from 'nextjs-websocket'; - - export { WebSocket } - } \ No newline at end of file + import { WebSocket, WebSocketNext } from 'nextjs-websocket'; + + export { WebSocket, WebSocketNext }; +} diff --git a/src/sockets/MultiChatSocket/childSocket.tsx b/src/sockets/MultiChatSocket/childSocket.tsx index 105abf3..fb02c0e 100644 --- a/src/sockets/MultiChatSocket/childSocket.tsx +++ b/src/sockets/MultiChatSocket/childSocket.tsx @@ -2,7 +2,7 @@ import React from 'react'; import { Props } from './props'; -import { WebSocket } from 'nextjs-websocket'; +import { WebSocketNext } from 'nextjs-websocket'; export const ChildSocket: React.FC = (props: Props) => { const { sessionToken } = props; @@ -39,7 +39,7 @@ export const ChildSocket: React.FC = (props: Props) => { const wsUrl = props.wsUrl ? props.wsUrl : 'wss://api.chatengine.io'; return ( - = (props: Props) => { - const [now, setNow] = useState(Date.now()); - const [shouldPongBy, setShouldPongBy] = useState(Date.now() + minLag); + // const [now, setNow] = useState(Date.now()); + // const [shouldPongBy, setShouldPongBy] = useState(Date.now() + minLag); const { projectId, chatId, chatAccessKey } = props; - useEffect(() => { - if (now > shouldPongBy) { - props.onRefresh && props.onRefresh(); - setShouldPongBy(Date.now() + minLag); - } - }, [now, shouldPongBy]); + // useEffect(() => { + // if (now > shouldPongBy) { + // props.onRefresh && props.onRefresh(); + // setShouldPongBy(Date.now() + minLag); + // } + // }, [now, shouldPongBy]); - useEffect(() => { - return () => { - clearInterval(pingIntervalId); - clearInterval(timeIntervalId); - }; - }, []); + // useEffect(() => { + // return () => { + // clearInterval(pingIntervalId); + // clearInterval(timeIntervalId); + // }; + // }, []); const onConnect = () => { - pingIntervalId = setInterval(() => { - try { - socketRef.sendMessage(JSON.stringify('ping')); - } catch (e) { - console.log('Ping error', e); - } - }, pingInterval); - timeIntervalId = setInterval(() => setNow(Date.now()), 1000); + // pingIntervalId = setInterval(() => { + // try { + // socketRef.sendMessage(JSON.stringify('ping')); + // } catch (e) { + // console.log('Ping error', e); + // } + // }, pingInterval); + // timeIntervalId = setInterval(() => setNow(Date.now()), 1000); props.onConnect && props.onConnect(); }; @@ -48,7 +48,7 @@ export const ChildSocket: React.FC = (props: Props) => { const eventJSON = JSON.parse(event); if (eventJSON.action === 'pong') { - setShouldPongBy(Date.now() + minLag); + // setShouldPongBy(Date.now() + minLag); } else if (eventJSON.action === 'login_error') { console.log( `Your chat auth credentials were not correct: \n @@ -85,11 +85,11 @@ export const ChildSocket: React.FC = (props: Props) => { const wsUrl = props.wsUrl ? props.wsUrl : 'wss://api.chatengine.io'; return ( - (socketRef = ref)} + // childRef={(ref: WebSocket) => (socketRef = ref)} onOpen={onConnect} onError={props.onError} onMessage={onMessage} From 67aa39b585460e6970dbbdf208c2420806831477 Mon Sep 17 00:00:00 2001 From: Adam La Morre Date: Sun, 1 Jan 2023 20:26:44 -0800 Subject: [PATCH 3/5] 0.1.29 --- .iac-data/arm_data.json | 1 + package.json | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 .iac-data/arm_data.json diff --git a/.iac-data/arm_data.json b/.iac-data/arm_data.json new file mode 100644 index 0000000..c3e3b7d --- /dev/null +++ b/.iac-data/arm_data.json @@ -0,0 +1 @@ +{"builtins":[{"decl":{"args":[{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"abs"},{"decl":{"args":[{"of":[{"of":{"type":"any"},"type":"set"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"all"},{"decl":{"args":[{"of":{"type":"any"},"type":"set"},{"of":{"type":"any"},"type":"set"}],"result":{"of":{"type":"any"},"type":"set"},"type":"function"},"infix":"\u0026","name":"and"},{"decl":{"args":[{"of":[{"of":{"type":"any"},"type":"set"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"any"},{"decl":{"args":[{"dynamic":{"type":"any"},"type":"array"},{"dynamic":{"type":"any"},"type":"array"}],"result":{"dynamic":{"type":"any"},"type":"array"},"type":"function"},"name":"array.concat"},{"decl":{"args":[{"dynamic":{"type":"any"},"type":"array"},{"type":"number"},{"type":"number"}],"result":{"dynamic":{"type":"any"},"type":"array"},"type":"function"},"name":"array.slice"},{"decl":{"args":[{"type":"any"},{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"infix":":=","name":"assign"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"base64.decode"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"base64.encode"},{"decl":{"args":[{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"base64.is_valid"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"base64url.decode"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"base64url.encode"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"base64url.encode_no_pad"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"bits.and"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"bits.lsh"},{"decl":{"args":[{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"bits.negate"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"bits.or"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"bits.rsh"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"bits.xor"},{"decl":{"args":[{"type":"any"}],"result":{"dynamic":{"type":"any"},"type":"array"},"type":"function"},"name":"cast_array"},{"decl":{"args":[{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"cast_boolean"},{"decl":{"args":[{"type":"any"}],"result":{"type":"null"},"type":"function"},"name":"cast_null"},{"decl":{"args":[{"type":"any"}],"result":{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},"type":"function"},"name":"cast_object"},{"decl":{"args":[{"type":"any"}],"result":{"of":{"type":"any"},"type":"set"},"type":"function"},"name":"cast_set"},{"decl":{"args":[{"type":"any"}],"result":{"type":"string"},"type":"function"},"name":"cast_string"},{"decl":{"args":[{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"ceil"},{"decl":{"args":[{"type":"string"},{"of":[{"of":{"type":"string"},"type":"set"},{"dynamic":{"type":"string"},"type":"array"}],"type":"any"}],"result":{"type":"string"},"type":"function"},"name":"concat"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"contains"},{"decl":{"args":[{"of":[{"of":{"type":"any"},"type":"set"},{"dynamic":{"type":"any"},"type":"array"},{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},{"type":"string"}],"type":"any"}],"result":{"type":"number"},"type":"function"},"name":"count"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"crypto.md5"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"crypto.sha1"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"crypto.sha256"},{"decl":{"args":[{"type":"string"}],"result":{"dynamic":{"key":{"type":"string"},"value":{"type":"any"}},"type":"object"},"type":"function"},"name":"crypto.x509.parse_certificate_request"},{"decl":{"args":[{"type":"string"}],"result":{"dynamic":{"dynamic":{"key":{"type":"string"},"value":{"type":"any"}},"type":"object"},"type":"array"},"type":"function"},"name":"crypto.x509.parse_certificates"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"type":"number"},"type":"function"},"infix":"/","name":"div"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"endswith"},{"decl":{"args":[{"type":"any"},{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"infix":"=","name":"eq"},{"decl":{"args":[{"type":"any"},{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"infix":"==","name":"equal"},{"decl":{"args":[{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"floor"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"type":"string"},"type":"function"},"name":"format_int"},{"decl":{"args":[{"type":"string"},{"dynamic":{"type":"string"},"type":"array"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"glob.match"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"glob.quote_meta"},{"decl":{"args":[{"dynamic":{"key":{"type":"any"},"value":{"of":[{"of":{"type":"any"},"type":"set"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"}},"type":"object"},{"of":[{"of":{"type":"any"},"type":"set"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"}],"result":{"of":{"type":"any"},"type":"set"},"type":"function"},"name":"graph.reachable"},{"decl":{"args":[{"type":"any"},{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"infix":"\u003e","name":"gt"},{"decl":{"args":[{"type":"any"},{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"infix":"\u003e=","name":"gte"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"hex.decode"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"hex.encode"},{"decl":{"args":[{"dynamic":{"key":{"type":"string"},"value":{"type":"any"}},"type":"object"}],"result":{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},"type":"function"},"name":"http.send"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"number"},"type":"function"},"name":"indexof"},{"decl":{"args":[{"of":{"of":{"type":"any"},"type":"set"},"type":"set"}],"result":{"of":{"type":"any"},"type":"set"},"type":"function"},"name":"intersection"},{"decl":{"args":[{"type":"string"}],"result":{"static":[{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},{"type":"string"}],"type":"array"},"type":"function"},"name":"io.jwt.decode"},{"decl":{"args":[{"type":"string"},{"dynamic":{"key":{"type":"string"},"value":{"type":"any"}},"type":"object"}],"result":{"static":[{"type":"boolean"},{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"}],"type":"array"},"type":"function"},"name":"io.jwt.decode_verify"},{"decl":{"args":[{"dynamic":{"key":{"type":"string"},"value":{"type":"any"}},"type":"object"},{"dynamic":{"key":{"type":"string"},"value":{"type":"any"}},"type":"object"},{"dynamic":{"key":{"type":"string"},"value":{"type":"any"}},"type":"object"}],"result":{"type":"string"},"type":"function"},"name":"io.jwt.encode_sign"},{"decl":{"args":[{"type":"string"},{"type":"string"},{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"io.jwt.encode_sign_raw"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_es256"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_es384"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_es512"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_hs256"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_hs384"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_hs512"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_ps256"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_ps384"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_ps512"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_rs256"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_rs384"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_rs512"},{"decl":{"args":[{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"is_array"},{"decl":{"args":[{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"is_boolean"},{"decl":{"args":[{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"is_null"},{"decl":{"args":[{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"is_number"},{"decl":{"args":[{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"is_object"},{"decl":{"args":[{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"is_set"},{"decl":{"args":[{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"is_string"},{"decl":{"args":[{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},{"of":[{"dynamic":{"of":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"},"type":"array"},{"of":{"of":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"},"type":"set"}],"type":"any"}],"result":{"type":"any"},"type":"function"},"name":"json.filter"},{"decl":{"args":[{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"json.is_valid"},{"decl":{"args":[{"type":"any"}],"result":{"type":"string"},"type":"function"},"name":"json.marshal"},{"decl":{"args":[{"type":"any"},{"dynamic":{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"static":[{"key":"op","value":{"type":"string"}},{"key":"path","value":{"type":"any"}}],"type":"object"},"type":"array"}],"result":{"type":"any"},"type":"function"},"name":"json.patch"},{"decl":{"args":[{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},{"of":[{"dynamic":{"of":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"},"type":"array"},{"of":{"of":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"},"type":"set"}],"type":"any"}],"result":{"type":"any"},"type":"function"},"name":"json.remove"},{"decl":{"args":[{"type":"string"}],"result":{"type":"any"},"type":"function"},"name":"json.unmarshal"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"lower"},{"decl":{"args":[{"type":"any"},{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"infix":"\u003c","name":"lt"},{"decl":{"args":[{"type":"any"},{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"infix":"\u003c=","name":"lte"},{"decl":{"args":[{"of":[{"of":{"type":"any"},"type":"set"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"}],"result":{"type":"any"},"type":"function"},"name":"max"},{"decl":{"args":[{"of":[{"of":{"type":"any"},"type":"set"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"}],"result":{"type":"any"},"type":"function"},"name":"min"},{"decl":{"args":[{"of":[{"type":"number"},{"of":{"type":"any"},"type":"set"}],"type":"any"},{"of":[{"type":"number"},{"of":{"type":"any"},"type":"set"}],"type":"any"}],"result":{"of":[{"type":"number"},{"of":{"type":"any"},"type":"set"}],"type":"any"},"type":"function"},"infix":"-","name":"minus"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"type":"number"},"type":"function"},"infix":"*","name":"mul"},{"decl":{"args":[{"type":"any"},{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"infix":"!=","name":"neq"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"net.cidr_contains"},{"decl":{"args":[{"of":[{"type":"string"},{"dynamic":{"of":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"},"type":"array"},{"of":{"of":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"},"type":"set"},{"dynamic":{"key":{"type":"string"},"value":{"of":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"}},"type":"object"}],"type":"any"},{"of":[{"type":"string"},{"dynamic":{"of":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"},"type":"array"},{"of":{"of":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"},"type":"set"},{"dynamic":{"key":{"type":"string"},"value":{"of":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"}},"type":"object"}],"type":"any"}],"result":{"of":{"static":[{"type":"any"},{"type":"any"}],"type":"array"},"type":"set"},"type":"function"},"name":"net.cidr_contains_matches"},{"decl":{"args":[{"type":"string"}],"result":{"of":{"type":"string"},"type":"set"},"type":"function"},"name":"net.cidr_expand"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"net.cidr_intersects"},{"decl":{"args":[{"of":[{"dynamic":{"of":[{"type":"string"}],"type":"any"},"type":"array"},{"of":{"type":"string"},"type":"set"}],"type":"any"}],"result":{"of":{"type":"string"},"type":"set"},"type":"function"},"name":"net.cidr_merge"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"net.cidr_overlap"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"dynamic":{"type":"number"},"type":"array"},"type":"function"},"name":"numbers.range"},{"decl":{"args":[{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},{"of":[{"dynamic":{"type":"any"},"type":"array"},{"of":{"type":"any"},"type":"set"},{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"}],"type":"any"}],"result":{"type":"any"},"type":"function"},"name":"object.filter"},{"decl":{"args":[{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},{"type":"any"},{"type":"any"}],"result":{"type":"any"},"type":"function"},"name":"object.get"},{"decl":{"args":[{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},{"of":[{"dynamic":{"type":"any"},"type":"array"},{"of":{"type":"any"},"type":"set"},{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"}],"type":"any"}],"result":{"type":"any"},"type":"function"},"name":"object.remove"},{"decl":{"args":[{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"}],"result":{"type":"any"},"type":"function"},"name":"object.union"},{"decl":{"result":{"dynamic":{"key":{"type":"string"},"value":{"type":"any"}},"type":"object"},"type":"function"},"name":"opa.runtime"},{"decl":{"args":[{"of":{"type":"any"},"type":"set"},{"of":{"type":"any"},"type":"set"}],"result":{"of":{"type":"any"},"type":"set"},"type":"function"},"infix":"|","name":"or"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"type":"number"},"type":"function"},"infix":"+","name":"plus"},{"decl":{"args":[{"of":[{"of":{"type":"number"},"type":"set"},{"dynamic":{"type":"number"},"type":"array"}],"type":"any"}],"result":{"type":"number"},"type":"function"},"name":"product"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"re_match"},{"decl":{"args":[{"type":"string"},{"type":"string"},{"type":"number"}],"result":{"dynamic":{"dynamic":{"type":"string"},"type":"array"},"type":"array"},"type":"function"},"name":"regex.find_all_string_submatch_n"},{"decl":{"args":[{"type":"string"},{"type":"string"},{"type":"number"}],"result":{"dynamic":{"type":"string"},"type":"array"},"type":"function"},"name":"regex.find_n"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"regex.globs_match"},{"decl":{"args":[{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"regex.is_valid"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"regex.match"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"dynamic":{"type":"string"},"type":"array"},"type":"function"},"name":"regex.split"},{"decl":{"args":[{"type":"string"},{"type":"string"},{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"regex.template_match"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"dynamic":{"key":{"type":"string"},"value":{"type":"any"}},"type":"object"},"type":"function"},"name":"rego.parse_module"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"type":"number"},"type":"function"},"infix":"%","name":"rem"},{"decl":{"args":[{"type":"string"},{"type":"string"},{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"replace"},{"decl":{"args":[{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"round"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"number"},"type":"function"},"name":"semver.compare"},{"decl":{"args":[{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"semver.is_valid"},{"decl":{"args":[{"of":{"type":"any"},"type":"set"},{"of":{"type":"any"},"type":"set"}],"result":{"of":{"type":"any"},"type":"set"},"type":"function"},"name":"set_diff"},{"decl":{"args":[{"of":[{"dynamic":{"type":"any"},"type":"array"},{"of":{"type":"any"},"type":"set"}],"type":"any"}],"result":{"dynamic":{"type":"any"},"type":"array"},"type":"function"},"name":"sort"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"dynamic":{"type":"string"},"type":"array"},"type":"function"},"name":"split"},{"decl":{"args":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"result":{"type":"string"},"type":"function"},"name":"sprintf"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"startswith"},{"decl":{"args":[{"dynamic":{"key":{"type":"string"},"value":{"type":"string"}},"type":"object"},{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"strings.replace_n"},{"decl":{"args":[{"type":"string"},{"type":"number"},{"type":"number"}],"result":{"type":"string"},"type":"function"},"name":"substring"},{"decl":{"args":[{"of":[{"of":{"type":"number"},"type":"set"},{"dynamic":{"type":"number"},"type":"array"}],"type":"any"}],"result":{"type":"number"},"type":"function"},"name":"sum"},{"decl":{"args":[{"type":"number"},{"type":"number"},{"type":"number"},{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"time.add_date"},{"decl":{"args":[{"of":[{"type":"number"},{"static":[{"type":"number"},{"type":"string"}],"type":"array"}],"type":"any"}],"result":{"static":[{"type":"number"},{"type":"number"},{"type":"number"}],"type":"array"},"type":"function"},"name":"time.clock"},{"decl":{"args":[{"of":[{"type":"number"},{"static":[{"type":"number"},{"type":"string"}],"type":"array"}],"type":"any"}],"result":{"static":[{"type":"number"},{"type":"number"},{"type":"number"}],"type":"array"},"type":"function"},"name":"time.date"},{"decl":{"result":{"type":"number"},"type":"function"},"name":"time.now_ns"},{"decl":{"args":[{"type":"string"}],"result":{"type":"number"},"type":"function"},"name":"time.parse_duration_ns"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"number"},"type":"function"},"name":"time.parse_ns"},{"decl":{"args":[{"type":"string"}],"result":{"type":"number"},"type":"function"},"name":"time.parse_rfc3339_ns"},{"decl":{"args":[{"of":[{"type":"number"},{"static":[{"type":"number"},{"type":"string"}],"type":"array"}],"type":"any"}],"result":{"type":"string"},"type":"function"},"name":"time.weekday"},{"decl":{"args":[{"of":[{"type":"number"},{"type":"string"},{"type":"boolean"},{"type":"null"}],"type":"any"}],"result":{"type":"number"},"type":"function"},"name":"to_number"},{"decl":{"args":[{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"trace"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"trim"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"trim_left"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"trim_prefix"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"trim_right"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"trim_space"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"trim_suffix"},{"decl":{"args":[{"of":[{"type":"any"}],"type":"any"}],"result":{"type":"string"},"type":"function"},"name":"type_name"},{"decl":{"args":[{"of":{"of":{"type":"any"},"type":"set"},"type":"set"}],"result":{"of":{"type":"any"},"type":"set"},"type":"function"},"name":"union"},{"decl":{"args":[{"type":"string"}],"result":{"type":"number"},"type":"function"},"name":"units.parse_bytes"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"upper"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"urlquery.decode"},{"decl":{"args":[{"type":"string"}],"result":{"dynamic":{"key":{"type":"string"},"value":{"dynamic":{"type":"string"},"type":"array"}},"type":"object"},"type":"function"},"name":"urlquery.decode_object"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"urlquery.encode"},{"decl":{"args":[{"dynamic":{"key":{"type":"string"},"value":{"of":[{"type":"string"},{"dynamic":{"type":"string"},"type":"array"},{"of":{"type":"string"},"type":"set"}],"type":"any"}},"type":"object"}],"result":{"type":"string"},"type":"function"},"name":"urlquery.encode_object"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"uuid.rfc4122"},{"decl":{"args":[{"type":"any"}],"result":{"static":[{"dynamic":{"type":"any"},"type":"array"},{"type":"any"}],"type":"array"},"type":"function"},"name":"walk","relation":true},{"decl":{"args":[{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"yaml.is_valid"},{"decl":{"args":[{"type":"any"}],"result":{"type":"string"},"type":"function"},"name":"yaml.marshal"},{"decl":{"args":[{"type":"string"}],"result":{"type":"any"},"type":"function"},"name":"yaml.unmarshal"}],"default_decision":"/schemas/terraform/aws/deny","ecosystems":{"CIS-AWS-Foundations":{"category":"CIS","latest_version":"v1.4.0","name":"CIS Amazon Web Services Foundations Benchmark","versions":{"v1.1.0":{"controls":{"1.1":{"mappings":[],"references":[],"title":"Avoid the use of the \"root\" account (Scored)"},"1.10":{"mappings":[],"references":[],"title":"Ensure IAM password policy prevents password reuse (Scored)"},"1.11":{"mappings":[],"references":[],"title":"Ensure IAM password policy expires passwords within 90 days or less (Scored)"},"1.12":{"mappings":[],"references":[],"title":"Ensure no root account access key exists (Scored)"},"1.13":{"mappings":[],"references":[],"title":"Ensure MFA is enabled for the \"root\" account (Scored)"},"1.14":{"mappings":[],"references":[],"title":"Ensure hardware MFA is enabled for the \"root\" account (Scored)"},"1.15":{"mappings":[],"references":[],"title":"Ensure security questions are registered in the AWS account (Not Scored)"},"1.16":{"mappings":[],"references":[],"title":"Ensure IAM policies are attached only to groups or roles (Scored)"},"1.17":{"mappings":[],"references":[],"title":"Enable detailed billing (Scored)"},"1.18":{"mappings":[],"references":[],"title":"Ensure IAM Master and IAM Manager roles are active (Scored)"},"1.19":{"mappings":[],"references":[],"title":"Maintain current contact details (Scored)"},"1.2":{"mappings":[],"references":[],"title":"Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Scored)"},"1.20":{"mappings":[],"references":[],"title":"Ensure security contact information is registered (Scored)"},"1.21":{"mappings":[],"references":[],"title":"Ensure IAM instance roles are used for AWS resource access from instances (Not Scored)"},"1.22":{"mappings":[],"references":[],"title":"Ensure a support role has been created to manage incidents with AWS Support (Scored)"},"1.23":{"mappings":[],"references":[],"title":"Do not setup access keys during initial user setup for all IAM users that have a console password (Not Scored)"},"1.24":{"mappings":[],"references":[],"title":"Ensure IAM policies that allow full \"*:*\" administrative privileges are not created (Scored)"},"1.3":{"mappings":[],"references":[],"title":"Ensure credentials unused for 90 days or greater are disabled (Scored)"},"1.4":{"mappings":[],"references":[],"title":"Ensure access keys are rotated every 90 days or less (Scored)"},"1.5":{"mappings":[],"references":[],"title":"Ensure IAM password policy requires at least one uppercase letter (Scored)"},"1.6":{"mappings":[],"references":[],"title":"Ensure IAM password policy require at least one lowercase letter (Scored)"},"1.7":{"mappings":[],"references":[],"title":"Ensure IAM password policy require at least one symbol (Scored)"},"1.8":{"mappings":[],"references":[],"title":"Ensure IAM password policy require at least one number (Scored)"},"1.9":{"mappings":[],"references":[],"title":"Ensure IAM password policy requires minimum length of 14 or greater (Scored)"},"2.1":{"mappings":[],"references":[],"title":"Ensure CloudTrail is enabled in all regions (Scored)"},"2.2":{"mappings":[],"references":[],"title":"Ensure CloudTrail log file validation is enabled (Scored)"},"2.3":{"mappings":[],"references":[],"title":"Ensure the S3 bucket CloudTrail logs to is not publicly accessible (Scored)"},"2.4":{"mappings":[],"references":[],"title":"Ensure CloudTrail trails are integrated with CloudWatch Logs (Scored)"},"2.5":{"mappings":[],"references":[],"title":"Ensure AWS Config is enabled in all regions (Scored)"},"2.6":{"mappings":[],"references":[],"title":"Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket (Scored)"},"2.7":{"mappings":[],"references":[],"title":"Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Scored)"},"2.8":{"mappings":[],"references":[],"title":"Ensure rotation for customer created CMKs is enabled (Scored)"},"3.1":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for unauthorized API calls (Scored)"},"3.10":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for security group changes (Scored)"},"3.11":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) (Scored)"},"3.12":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for changes to network gateways (Scored)"},"3.13":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for route table"},"3.14":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for VPC changes (Scored)"},"3.15":{"mappings":[],"references":[],"title":"Ensure appropriate subscribers to each SNS topic (Not Scored)"},"3.2":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for Management Console sign-in without MFA (Scored)"},"3.3":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for usage of \"root\" account (Scored)"},"3.4":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for IAM policy changes (Scored)"},"3.5":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for CloudTrail configuration changes (Scored)"},"3.6":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for AWS Management Console authentication failures (Scored)"},"3.7":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs (Scored)"},"3.8":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for S3 bucket policy changes (Scored)"},"3.9":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for AWS Config configuration changes (Scored)"},"4.1":{"mappings":[],"references":[],"title":"Ensure no security groups allow ingress from 0.0.0.0/0 to port 22 (Scored)"},"4.2":{"mappings":[],"references":[],"title":"Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389 (Scored)"},"4.3":{"mappings":[],"references":[],"title":"Ensure VPC flow logging is enabled in all VPCs (Scored)"},"4.4":{"mappings":[],"references":[],"title":"Ensure the default security group of every VPC restricts all traffic (Scored)"},"4.5":{"mappings":[],"references":[],"title":"Ensure routing tables for VPC peering are \"least access\" (Not Scored)"}},"links":[],"release_date":"2016-11-29"},"v1.4.0":{"controls":{"1.1":{"mappings":[],"references":[],"title":"Maintain current contact details (Manual)"},"1.10":{"mappings":[],"references":[],"title":"Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Automated)"},"1.11":{"mappings":[],"references":[],"title":"Do not setup access keys during initial user setup for all IAM users that have a console password (Manual)"},"1.12":{"mappings":[],"references":[],"title":"Ensure credentials unused for 45 days or greater are disabled (Automated)"},"1.13":{"mappings":[],"references":[],"title":"Ensure there is only one active access key available for any single IAM user (Automated)"},"1.14":{"mappings":[],"references":[],"title":"Ensure access keys are rotated every 90 days or less (Automated)"},"1.15":{"mappings":[],"references":[],"title":"Ensure IAM Users Receive Permissions Only Through Groups (Automated)"},"1.16":{"mappings":[],"references":[],"title":"Ensure IAM policies that allow full \"*:*\" administrative privileges are not attached (Automated)"},"1.17":{"mappings":[],"references":[],"title":"Ensure a support role has been created to manage incidents with AWS Support (Automated)"},"1.18":{"mappings":[],"references":[],"title":"Ensure IAM instance roles are used for AWS resource access from instances (Manual)"},"1.19":{"mappings":[],"references":[],"title":"Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed (Automated)"},"1.2":{"mappings":[],"references":[],"title":"Ensure security contact information is registered (Manual)"},"1.20":{"mappings":[],"references":[],"title":"Ensure that IAM Access analyzer is enabled for all regions (Automated)"},"1.21":{"mappings":[],"references":[],"title":"Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments (Manual)"},"1.3":{"mappings":[],"references":[],"title":"Ensure security questions are registered in the AWS account (Manual)"},"1.4":{"mappings":[],"references":[],"title":"Ensure no 'root' user account access key exists (Automated)"},"1.5":{"mappings":[],"references":[],"title":"Ensure MFA is enabled for the 'root' user account (Automated)"},"1.6":{"mappings":[],"references":[],"title":"Ensure hardware MFA is enabled for the 'root' user account (Automated)"},"1.7":{"mappings":[],"references":[],"title":"Eliminate use of the 'root' user for administrative and daily tasks (Automated)"},"1.8":{"mappings":[],"references":[],"title":"Ensure IAM password policy requires minimum length of 14 or greater (Automated)"},"1.9":{"mappings":[],"references":[],"title":"Ensure IAM password policy prevents password reuse (Automated)"},"2.1":{"mappings":[],"references":[],"title":"Simple Storage Service (S3)"},"2.1.1":{"mappings":[],"references":[],"title":"Ensure all S3 buckets employ encryption-at-rest (Manual)"},"2.1.2":{"mappings":[],"references":[],"title":"Ensure S3 Bucket Policy is set to deny HTTP requests (Manual)"},"2.1.3":{"mappings":[],"references":[],"title":"Ensure MFA Delete is enable on S3 buckets (Automated)"},"2.1.4":{"mappings":[],"references":[],"title":"Ensure all data in Amazon S3 has been discovered, classified and secured when required. (Manual)"},"2.1.5":{"mappings":[],"references":[],"title":"Ensure that S3 Buckets are configured with 'Block public access (bucket settings)' (Automated)"},"2.2":{"mappings":[],"references":[],"title":"Elastic Compute Cloud (EC2)"},"2.2.1":{"mappings":[],"references":[],"title":"Ensure EBS volume encryption is enabled (Manual)"},"2.3":{"mappings":[],"references":[],"title":"Relational Database Service (RDS)"},"2.3.1":{"mappings":[],"references":[],"title":"Ensure that encryption is enabled for RDS Instances (Automated)"},"3.1":{"mappings":[],"references":[],"title":"Ensure CloudTrail is enabled in all regions (Automated)"},"3.10":{"mappings":[],"references":[],"title":"Ensure that Object-level logging for write events is enabled for S3 bucket (Automated)"},"3.11":{"mappings":[],"references":[],"title":"Ensure that Object-level logging for read events is enabled for S3 bucket (Automated)"},"3.2":{"mappings":[],"references":[],"title":"Ensure CloudTrail log file validation is enabled (Automated)"},"3.3":{"mappings":[],"references":[],"title":"Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible (Automated)"},"3.4":{"mappings":[],"references":[],"title":"Ensure CloudTrail trails are integrated with CloudWatch Logs (Automated)"},"3.5":{"mappings":[],"references":[],"title":"Ensure AWS Config is enabled in all regions (Automated)"},"3.6":{"mappings":[],"references":[],"title":"Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket (Automated)"},"3.7":{"mappings":[],"references":[],"title":"Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Automated)"},"3.8":{"mappings":[],"references":[],"title":"Ensure rotation for customer created CMKs is enabled (Automated)"},"3.9":{"mappings":[],"references":[],"title":"Ensure VPC flow logging is enabled in all VPCs (Automated)"},"4.1":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for unauthorized API calls (Automated)"},"4.10":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for security group changes (Automated)"},"4.11":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) (Automated)"},"4.12":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for changes to network gateways (Automated)"},"4.13":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for route table changes (Automated)"},"4.14":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for VPC changes (Automated)"},"4.15":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exists for AWS Organizations changes (Automated)"},"4.2":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for Management Console sign-in without MFA (Automated)"},"4.3":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for usage of 'root' account (Automated)"},"4.4":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for IAM policy changes (Automated)"},"4.5":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for CloudTrail configuration changes (Automated)"},"4.6":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for AWS Management Console authentication failures (Automated)"},"4.7":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs (Automated)"},"4.8":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for S3 bucket policy changes (Automated)"},"4.9":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for AWS Config configuration changes (Automated)"},"5.1":{"mappings":[],"references":[],"title":"Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports (Automated)"},"5.2":{"mappings":[],"references":[],"title":"Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports (Automated)"},"5.3":{"mappings":[],"references":[],"title":"Ensure the default security group of every VPC restricts all traffic (Automated)"},"5.4":{"mappings":[],"references":[],"title":"Ensure routing tables for VPC peering are \"least access\" (Manual)"}},"links":[],"release_date":"2021-05-28"}}},"CIS-AZURE-Foundations":{"category":"CIS","latest_version":"v1.4.0","name":"CIS Microsoft Azure Foundations Benchmark","versions":{"v1.4.0":{"controls":{"1.1":{"mappings":[],"references":[],"title":"Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users (Manual)"},"1.10":{"mappings":[],"references":[],"title":"Ensure that 'Users can add gallery apps to My Apps' is set to 'No' (Manual)"},"1.11":{"mappings":[],"references":[],"title":"Ensure that 'Users can register applications' is set to 'No' (Manual)"},"1.12":{"mappings":[],"references":[],"title":"Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' (Manual)"},"1.13":{"mappings":[],"references":[],"title":"Ensure that 'Guest invite restrictions' is set to \"Only users assigned to specific admin roles can invite guest users\" (Manual)"},"1.14":{"mappings":[],"references":[],"title":"Ensure That 'Restrict access to Azure AD administration portal' is Set to \"Yes\" (Manual)"},"1.15":{"mappings":[],"references":[],"title":"Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' (Manual)"},"1.16":{"mappings":[],"references":[],"title":"Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' (Manual)"},"1.17":{"mappings":[],"references":[],"title":"Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' (Manual)"},"1.18":{"mappings":[],"references":[],"title":"Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' (Manual)"},"1.19":{"mappings":[],"references":[],"title":"Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' (Manual)"},"1.2":{"mappings":[],"references":[],"title":"Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users (Manual)"},"1.20":{"mappings":[],"references":[],"title":"Ensure That No Custom Subscription Owner Roles Are Created (Automated)"},"1.21":{"mappings":[],"references":[],"title":"Ensure Security Defaults is enabled on Azure Active Directory (Manual)"},"1.22":{"mappings":[],"references":[],"title":"Ensure a Custom Role is Assigned Permissions for Administering Resource Locks (Manual)"},"1.3":{"mappings":[],"references":[],"title":"Ensure guest users are reviewed on a monthly basis (Manual)"},"1.4":{"mappings":[],"references":[],"title":"Ensure that 'Restore multi-factor authentication on all remembered devices' is Enabled (Manual)"},"1.5":{"mappings":[],"references":[],"title":"Ensure That 'Number of methods required to reset' is set to '2' (Manual)"},"1.6":{"mappings":[],"references":[],"title":"Ensure that 'Number of days before users are asked to re- confirm their authentication information' is not set to '0' (Manual)"},"1.7":{"mappings":[],"references":[],"title":"Ensure that 'Notify users on password resets?' is set to 'Yes' (Manual)"},"1.8":{"mappings":[],"references":[],"title":"Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' (Manual)"},"1.9":{"mappings":[],"references":[],"title":"Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' (Manual)"},"2.1":{"mappings":[],"references":[],"title":"Ensure that Microsoft Defender for Servers is set to 'On' (Manual)"},"2.10":{"mappings":[],"references":[],"title":"Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected (Manual)"},"2.11":{"mappings":[],"references":[],"title":"Ensure That Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' (Automated)"},"2.12":{"mappings":[],"references":[],"title":"Ensure Any of the ASC Default Policy Setting is Not Set to 'Disabled' (Manual)"},"2.13":{"mappings":[],"references":[],"title":"Ensure 'Additional email addresses' is Configured with a Security Contact Email (Automated)"},"2.14":{"mappings":[],"references":[],"title":"Ensure That 'Notify about alerts with the following severity' is Set to 'High' (Automated)"},"2.15":{"mappings":[],"references":[],"title":"Ensure That 'All users with the following roles' is set to 'Owner' (Automated)"},"2.2":{"mappings":[],"references":[],"title":"Ensure that Microsoft Defender for App Service is set to 'On' (Manual)"},"2.3":{"mappings":[],"references":[],"title":"Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' (Manual)"},"2.4":{"mappings":[],"references":[],"title":"Ensure that Microsoft Defender for SQL servers on machines is set to 'On' (Manual)"},"2.5":{"mappings":[],"references":[],"title":"Ensure that Microsoft Defender for Storage is set to 'On' (Manual)"},"2.6":{"mappings":[],"references":[],"title":"Ensure that Microsoft Defender for Kubernetes is set to 'On' (Manual)"},"2.7":{"mappings":[],"references":[],"title":"Ensure that Microsoft Defender for Container Registries is set to 'On' (Manual)"},"2.8":{"mappings":[],"references":[],"title":"Ensure that Microsoft Defender for Key Vault is set to 'On' (Manual)"},"2.9":{"mappings":[],"references":[],"title":"Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected (Manual)"},"3.1":{"mappings":[],"references":[],"title":"Ensure that 'Secure transfer required' is set to 'Enabled' (Automated)"},"3.10":{"mappings":[],"references":[],"title":"Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests (Automated)"},"3.11":{"mappings":[],"references":[],"title":"Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests (Automated)"},"3.12":{"mappings":[],"references":[],"title":"Ensure the \"Minimum TLS version\" is set to \"Version 1.2\" (Automated)"},"3.2":{"mappings":[],"references":[],"title":"Ensure That Storage Account Access Keys are Periodically Regenerated (Manual)"},"3.3":{"mappings":[],"references":[],"title":"Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests (Automated)"},"3.4":{"mappings":[],"references":[],"title":"Ensure that Shared Access Signature Tokens Expire Within an Hour (Manual)"},"3.5":{"mappings":[],"references":[],"title":"Ensure that 'Public access level' is set to Private for blob containers (Automated)"},"3.6":{"mappings":[],"references":[],"title":"Ensure Default Network Access Rule for Storage Accounts is Set to Deny (Automated)"},"3.7":{"mappings":[],"references":[],"title":"Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access (Automated)"},"3.8":{"mappings":[],"references":[],"title":"Ensure Soft Delete is Enabled for Azure Storage (Automated)"},"3.9":{"mappings":[],"references":[],"title":"Ensure Storage for Critical Data are Encrypted with Customer Managed Keys (Manual)"},"4.1":{"mappings":[],"references":[],"title":"SQL Server - Auditing"},"4.1.1":{"mappings":[],"references":[],"title":"Ensure that 'Auditing' is set to 'On' (Automated)"},"4.1.2":{"mappings":[],"references":[],"title":"Ensure that 'Data encryption' is set to 'On' on a SQL Database (Automated)"},"4.1.3":{"mappings":[],"references":[],"title":"Ensure that 'Auditing' Retention is 'greater than 90 days' (Automated)"},"4.2":{"mappings":[],"references":[],"title":"SQL Server - Azure Defender for SQL"},"4.2.1":{"mappings":[],"references":[],"title":"Ensure that Advanced Threat Protection (ATP) on a SQL Server is Set to 'Enabled' (Automated)"},"4.2.2":{"mappings":[],"references":[],"title":"Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account (Automated)"},"4.2.3":{"mappings":[],"references":[],"title":"Ensure that VA setting 'Periodic recurring scans' to 'on' for each SQL server (Automated)"},"4.2.4":{"mappings":[],"references":[],"title":"Ensure that VA setting 'Send scan reports to' is configured for a SQL server (Automated)"},"4.2.5":{"mappings":[],"references":[],"title":"Ensure that Vulnerability Assessment Setting 'Also send email notifications to admins and subscription owners' is Set for Each SQL Server (Automated)"},"4.3":{"mappings":[],"references":[],"title":"PostgreSQL Database Server"},"4.3.1":{"mappings":[],"references":[],"title":"Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server (Automated)"},"4.3.2":{"mappings":[],"references":[],"title":"Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server (Automated)"},"4.3.3":{"mappings":[],"references":[],"title":"Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server (Automated)"},"4.3.4":{"mappings":[],"references":[],"title":"Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server (Automated)"},"4.3.5":{"mappings":[],"references":[],"title":"Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server (Automated)"},"4.3.6":{"mappings":[],"references":[],"title":"Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server (Automated)"},"4.3.7":{"mappings":[],"references":[],"title":"Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled (Manual)"},"4.3.8":{"mappings":[],"references":[],"title":"Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' (Automated)"},"4.4":{"mappings":[],"references":[],"title":"MySQL Database"},"4.4.1":{"mappings":[],"references":[],"title":"Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server (Automated)"},"4.4.2":{"mappings":[],"references":[],"title":"Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server (Automated)"},"4.5":{"mappings":[],"references":[],"title":"Ensure that Azure Active Directory Admin is configured (Automated)"},"4.6":{"mappings":[],"references":[],"title":"Ensure SQL server's TDE protector is encrypted with Customer-managed key (Automated)"},"5.1":{"mappings":[],"references":[],"title":"Configuring Diagnostic Settings"},"5.1.1":{"mappings":[],"references":[],"title":"Ensure that a 'Diagnostics Setting' exists (Manual)"},"5.1.2":{"mappings":[],"references":[],"title":"Ensure Diagnostic Setting captures appropriate categories (Automated)"},"5.1.3":{"mappings":[],"references":[],"title":"Ensure the storage container storing the activity logs is not publicly accessible (Automated)"},"5.1.4":{"mappings":[],"references":[],"title":"Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) (Automated)"},"5.1.5":{"mappings":[],"references":[],"title":"Ensure that logging for Azure KeyVault is 'Enabled' (Automated)"},"5.2":{"mappings":[],"references":[],"title":"Monitoring using Activity Log Alerts"},"5.2.1":{"mappings":[],"references":[],"title":"Ensure that Activity Log Alert exists for Create Policy Assignment (Automated)"},"5.2.2":{"mappings":[],"references":[],"title":"Ensure that Activity Log Alert exists for Delete Policy Assignment (Automated)"},"5.2.3":{"mappings":[],"references":[],"title":"Ensure that Activity Log Alert exists for Create or Update Network Security Group (Automated)"},"5.2.4":{"mappings":[],"references":[],"title":"Ensure that Activity Log Alert exists for Delete Network Security Group (Automated)"},"5.2.5":{"mappings":[],"references":[],"title":"Ensure that Activity Log Alert exists for Create or Update Network Security Group (Automated)"},"5.2.6":{"mappings":[],"references":[],"title":"Ensure that activity log alert exists for the Delete Network Security Group Rule (Automated)"},"5.2.7":{"mappings":[],"references":[],"title":"Ensure that Activity Log Alert exists for Create or Update Security Solution (Automated)"},"5.2.8":{"mappings":[],"references":[],"title":"Ensure that Activity Log Alert exists for Delete Security Solution (Automated)"},"5.2.9":{"mappings":[],"references":[],"title":"Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule (Automated)"},"5.3":{"mappings":[],"references":[],"title":"Ensure that Diagnostic Logs Are Enabled for All Services that Support it. (Manual)"},"6.1":{"mappings":[],"references":[],"title":"Ensure that RDP access is restricted from the internet (Automated)"},"6.2":{"mappings":[],"references":[],"title":"Ensure that SSH access is restricted from the internet (Automated)"},"6.3":{"mappings":[],"references":[],"title":"Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) (Automated)"},"6.4":{"mappings":[],"references":[],"title":"Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' (Automated)"},"6.5":{"mappings":[],"references":[],"title":"Ensure that Network Watcher is 'Enabled' (Manual)"},"6.6":{"mappings":[],"references":[],"title":"Ensure that UDP Services are restricted from the Internet (Automated)"},"7.1":{"mappings":[],"references":[],"title":"Ensure Virtual Machines are utilizing Managed Disks (Manual)"},"7.2":{"mappings":[],"references":[],"title":"Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) (Automated)"},"7.3":{"mappings":[],"references":[],"title":"Ensure that 'Unattached disks' are encrypted with CMK (Automated)"},"7.4":{"mappings":[],"references":[],"title":"Ensure that Only Approved Extensions Are Installed (Automated)"},"7.5":{"mappings":[],"references":[],"title":"Ensure that the latest OS Patches for all Virtual Machines are applied (Manual)"},"7.6":{"mappings":[],"references":[],"title":"Ensure that the endpoint protection for all Virtual Machines is installed (Manual)"},"7.7":{"mappings":[],"references":[],"title":"Ensure that VHD's are Encrypted (Manual)"},"8.1":{"mappings":[],"references":[],"title":"Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults (Automated)"},"8.2":{"mappings":[],"references":[],"title":"Ensure that the Expiration Date is set for all Keys in Non- RBAC Key Vaults. (Manual)"},"8.3":{"mappings":[],"references":[],"title":"Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults (Automated)"},"8.4":{"mappings":[],"references":[],"title":"Ensure that the Expiration Date is set for all Secrets in Non- RBAC Key Vaults (Manual)"},"8.5":{"mappings":[],"references":[],"title":"Ensure that Resource Locks are set for Mission Critical Azure Resources (Manual)"},"8.6":{"mappings":[],"references":[],"title":"Ensure the key vault is recoverable (Automated)"},"8.7":{"mappings":[],"references":[],"title":"Enable role-based access control (RBAC) within Azure Kubernetes Services (Automated)"},"9.1":{"mappings":[],"references":[],"title":"Ensure App Service Authentication is set up for apps in Azure App Service (Automated)"},"9.10":{"mappings":[],"references":[],"title":"Ensure FTP deployments are Disabled (Automated)"},"9.11":{"mappings":[],"references":[],"title":"Ensure Azure Keyvaults are Used to Store Secrets (Manual)"},"9.2":{"mappings":[],"references":[],"title":"Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service (Automated)"},"9.3":{"mappings":[],"references":[],"title":"Ensure Web App is using the latest version of TLS encryption (Automated)"},"9.4":{"mappings":[],"references":[],"title":"Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' (Automated)"},"9.5":{"mappings":[],"references":[],"title":"Ensure that Register with Azure Active Directory is enabled on App Service (Automated)"},"9.6":{"mappings":[],"references":[],"title":"Ensure That 'PHP version' is the Latest, If Used to Run the Web App (Manual)"},"9.7":{"mappings":[],"references":[],"title":"Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App (Manual)"},"9.8":{"mappings":[],"references":[],"title":"Ensure that 'Java version' is the latest, if used to run the Web App (Manual)"},"9.9":{"mappings":[],"references":[],"title":"Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App (Automated)"}},"links":[],"release_date":"2021-11-26"}}},"CIS-Controls":{"category":"CIS","latest_version":"v8","name":"CIS Critical Security Controls","versions":{"v8":{"controls":{"1.1":{"mappings":[],"references":[],"title":"Establish and Maintain Detailed Enterprise Asset Inventory"},"1.2":{"mappings":[],"references":[],"title":"Address Unauthorized Assets"},"1.3":{"mappings":[],"references":[],"title":"Utilize an Active Discovery Tool"},"1.4":{"mappings":[],"references":[],"title":"Use Dynamic Host Configuration Protocol (DHCP) Logging to Update Enterprise Asset Inventory"},"1.5":{"mappings":[],"references":[],"title":"Use a Passive Asset Discovery Tool"},"10.1":{"mappings":[],"references":[],"title":"Deploy and Maintain Anti-Malware Software"},"10.2":{"mappings":[],"references":[],"title":"Configure Automatic Anti-Malware Signature Updates"},"10.3":{"mappings":[],"references":[],"title":"Disable Autorun and Autoplay for Removable Media"},"10.4":{"mappings":[],"references":[],"title":"Configure Automatic Anti-Malware Scanning of Removable Media"},"10.5":{"mappings":[],"references":[],"title":"Enable Anti-Exploitation Features"},"10.6":{"mappings":[],"references":[],"title":"Centrally Manage Anti-Malware Software"},"10.7":{"mappings":[],"references":[],"title":"Use Behavior-Based Anti-Malware Software"},"11.1":{"mappings":[],"references":[],"title":"Establish and Maintain a Data Recovery Process"},"11.2":{"mappings":[],"references":[],"title":"Perform Automated Backups"},"11.3":{"mappings":[],"references":[],"title":"Protect Recovery Data"},"11.4":{"mappings":[],"references":[],"title":"Establish and Maintain an Isolated Instance of Recovery Data"},"11.5":{"mappings":[],"references":[],"title":"Test Data Recovery"},"12.1":{"mappings":[],"references":[],"title":"Ensure Network Infrastructure is Up-to-Date"},"12.2":{"mappings":[],"references":[],"title":"Establish and Maintain a Secure Network Architecture"},"12.3":{"mappings":[],"references":[],"title":"Securely Manage Network Infrastructure"},"12.4":{"mappings":[],"references":[],"title":"Establish and Maintain Architecture Diagram(s)"},"12.5":{"mappings":[],"references":[],"title":"Centralize Network Authentication, Authorization, and Auditing (AAA)"},"12.6":{"mappings":[],"references":[],"title":"Use of Secure Network Management and Communication Protocols"},"12.7":{"mappings":[],"references":[],"title":"Ensure Remote Devices Utilize a VPN and are Connecting to an Enterprises AAA Infrastructure"},"12.8":{"mappings":[],"references":[],"title":"Establish and Maintain Dedicated Computing Resources for All Administrative Work"},"13.1":{"mappings":[],"references":[],"title":"Centralize Security Event Alerting"},"13.10":{"mappings":[],"references":[],"title":"Perform Application Layer Filtering"},"13.11":{"mappings":[],"references":[],"title":"Tune Security Event Alerting Thresholds"},"13.2":{"mappings":[],"references":[],"title":"Deploy a Host-Based Intrusion Detection Solution"},"13.3":{"mappings":[],"references":[],"title":"Deploy a Network Intrusion Detection Solution"},"13.4":{"mappings":[],"references":[],"title":"Perform Traffic Filtering Between Network Segments"},"13.5":{"mappings":[],"references":[],"title":"Manage Access Control for Remote Assets"},"13.6":{"mappings":[],"references":[],"title":"Collect Network Traffic Flow Logs"},"13.7":{"mappings":[],"references":[],"title":"Deploy a Host-Based Intrusion Prevention Solution"},"13.8":{"mappings":[],"references":[],"title":"Deploy a Network Intrusion Prevention Solution"},"13.9":{"mappings":[],"references":[],"title":"Deploy Port-Level Access Control"},"14.1":{"mappings":[],"references":[],"title":"Establish and Maintain a Security Awareness Program"},"14.2":{"mappings":[],"references":[],"title":"Train Workforce Members to Recognize Social Engineering Attacks"},"14.3":{"mappings":[],"references":[],"title":"Train Workforce Members on Authentication Best Practices"},"14.4":{"mappings":[],"references":[],"title":"Train Workforce on Data Handling Best Practices"},"14.5":{"mappings":[],"references":[],"title":"Train Workforce Members on Causes of Unintentional Data Exposure"},"14.6":{"mappings":[],"references":[],"title":"Train Workforce Members on Recognizing and Reporting Security Incidents"},"14.7":{"mappings":[],"references":[],"title":"Train Workforce on How to Identify and Report if Their Enterprise Assets are Missing Security Updates"},"14.8":{"mappings":[],"references":[],"title":"Train Workforce on the Dangers of Connecting to and Transmitting Enterprise Data Over Insecure Networks"},"14.9":{"mappings":[],"references":[],"title":"Conduct Role-Specific Security Awareness and Skills Training"},"15.1":{"mappings":[],"references":[],"title":"Establish and Maintain an Inventory of Service Providers"},"15.2":{"mappings":[],"references":[],"title":"Establish and Maintain a Service Provider Management Policy"},"15.3":{"mappings":[],"references":[],"title":"Classify Service Providers"},"15.4":{"mappings":[],"references":[],"title":"Ensure Service Provider Contracts Include Security Requirements"},"15.5":{"mappings":[],"references":[],"title":"Assess Service Providers"},"15.6":{"mappings":[],"references":[],"title":"Monitor Service Providers"},"15.7":{"mappings":[],"references":[],"title":"Securely Decommission Service Providers"},"16.1":{"mappings":[],"references":[],"title":"Establish and Maintain a Secure Application Development Process"},"16.10":{"mappings":[],"references":[],"title":"Apply Secure Design Principles in Application Architectures"},"16.11":{"mappings":[],"references":[],"title":"Leverage Vetted Modules or Services for Application Security Components"},"16.12":{"mappings":[],"references":[],"title":"Implement Code-Level Security Checks"},"16.13":{"mappings":[],"references":[],"title":"Conduct Application Penetration Testing"},"16.14":{"mappings":[],"references":[],"title":"Conduct Threat Modeling"},"16.2":{"mappings":[],"references":[],"title":"Establish and Maintain a Process to Accept and Address Software Vulnerabilities"},"16.3":{"mappings":[],"references":[],"title":"Perform Root Cause Analysis on Security Vulnerabilities"},"16.4":{"mappings":[],"references":[],"title":"Establish and Manage an Inventory of Third-Party Software Components"},"16.5":{"mappings":[],"references":[],"title":"Use Up-to-Date and Trusted Third-Party Software Components"},"16.6":{"mappings":[],"references":[],"title":"Establish and Maintain a Severity Rating System and Process for Application Vulnerabilities"},"16.7":{"mappings":[],"references":[],"title":"Use Standard Hardening Configuration Templates for Application Infrastructure"},"16.8":{"mappings":[],"references":[],"title":"Separate Production and Non-Production Systems"},"16.9":{"mappings":[],"references":[],"title":"Train Developers in Application Security Concepts and Secure Coding"},"17.1":{"mappings":[],"references":[],"title":"Designate Personnel to Manage Incident Handling"},"17.2":{"mappings":[],"references":[],"title":"Establish and Maintain Contact Information for Reporting Security Incidents"},"17.3":{"mappings":[],"references":[],"title":"Establish and Maintain an Enterprise Process for Reporting Incidents"},"17.4":{"mappings":[],"references":[],"title":"Establish and Maintain an Incident Response Process"},"17.5":{"mappings":[],"references":[],"title":"Assign Key Roles and Responsibilities"},"17.6":{"mappings":[],"references":[],"title":"Define Mechanisms for Communicating During Incident Response"},"17.7":{"mappings":[],"references":[],"title":"Conduct Routine Incident Response Exercises"},"17.8":{"mappings":[],"references":[],"title":"Conduct Post-Incident Reviews"},"17.9":{"mappings":[],"references":[],"title":"Establish and Maintain Security Incident Thresholds"},"18.1":{"mappings":[],"references":[],"title":"Establish and Maintain a Penetration Testing Program"},"18.2":{"mappings":[],"references":[],"title":"Perform Periodic External Penetration Tests"},"18.3":{"mappings":[],"references":[],"title":"Remediate Penetration Test Findings"},"18.4":{"mappings":[],"references":[],"title":"Validate Security Measures"},"18.5":{"mappings":[],"references":[],"title":"Perform Periodic Internal Penetration Tests"},"2.1":{"mappings":[],"references":[],"title":"Establish and Maintain a Software Inventory"},"2.2":{"mappings":[],"references":[],"title":"Ensure Authorized Software is Currently Supported"},"2.3":{"mappings":[],"references":[],"title":"Address Unauthorized Software"},"2.4":{"mappings":[],"references":[],"title":"Utilize Automated Software Inventory Tools"},"2.5":{"mappings":[],"references":[],"title":"Allowlist Authorized Software"},"2.6":{"mappings":[],"references":[],"title":"Allowlist Authorized Libraries"},"2.7":{"mappings":[],"references":[],"title":"Allowlist Authorized Scripts"},"3.1":{"mappings":[],"references":[],"title":"Establish and Maintain a Data Management Process"},"3.10":{"mappings":[],"references":[],"title":"Encrypt Sensitive Data in Transit"},"3.11":{"mappings":[],"references":[],"title":"Encrypt Sensitive Data at Rest"},"3.12":{"mappings":[],"references":[],"title":"Segment Data Processing and Storage Based on Sensitivity"},"3.13":{"mappings":[],"references":[],"title":"Deploy a Data Loss Prevention Solution"},"3.14":{"mappings":[],"references":[],"title":"Log Sensitive Data Access"},"3.2":{"mappings":[],"references":[],"title":"Establish and Maintain a Data Inventory"},"3.3":{"mappings":[],"references":[],"title":"Configure Data Access Control Lists"},"3.4":{"mappings":[],"references":[],"title":"Enforce Data Retention"},"3.5":{"mappings":[],"references":[],"title":"Securely Dispose of Data"},"3.6":{"mappings":[],"references":[],"title":"Encrypt Data on End-User Devices"},"3.7":{"mappings":[],"references":[],"title":"Establish and Maintain a Data Classification Scheme"},"3.8":{"mappings":[],"references":[],"title":"Document Data Flows"},"3.9":{"mappings":[],"references":[],"title":"Encrypt Data on Removable Media"},"4.1":{"mappings":[],"references":[],"title":"Establish and Maintain a Secure Configuration Process"},"4.10":{"mappings":[],"references":[],"title":"Enforce Automatic Device Lockout on Portable End-User Devices"},"4.11":{"mappings":[],"references":[],"title":"Enforce Remote Wipe Capability on Portable End-User Devices"},"4.12":{"mappings":[],"references":[],"title":"Separate Enterprise Workspaces on Mobile End-User Devices"},"4.2":{"mappings":[],"references":[],"title":"Establish and Maintain a Secure Configuration Process for Network Infrastructure"},"4.3":{"mappings":[],"references":[],"title":"Configure Automatic Session Locking on Enterprise Assets"},"4.4":{"mappings":[],"references":[],"title":"Implement and Manage a Firewall on Servers"},"4.5":{"mappings":[],"references":[],"title":"Implement and Manage a Firewall on End-User Devices"},"4.6":{"mappings":[],"references":[],"title":"Securely Manage Enterprise Assets and Software"},"4.7":{"mappings":[],"references":[],"title":"Manage Default Accounts on Enterprise Assets and Software"},"4.8":{"mappings":[],"references":[],"title":"Uninstall or Disable Unnecessary Services on Enterprise Assets and Software"},"4.9":{"mappings":[],"references":[],"title":"Configure Trusted DNS Servers on Enterprise Assets"},"5.1":{"mappings":[],"references":[],"title":"Establish and Maintain an Inventory of Accounts"},"5.2":{"mappings":[],"references":[],"title":"Use Unique Passwords"},"5.3":{"mappings":[],"references":[],"title":"Disable Dormant Accounts"},"5.4":{"mappings":[],"references":[],"title":"Restrict Administrator Privileges to Dedicated Administrator Accounts"},"5.5":{"mappings":[],"references":[],"title":"Establish and Maintain an Inventory of Service Accounts"},"5.6":{"mappings":[],"references":[],"title":"Centralize Account Management"},"6.1":{"mappings":[],"references":[],"title":"Establish an Access Granting Process"},"6.2":{"mappings":[],"references":[],"title":"Establish an Access Revoking Process"},"6.3":{"mappings":[],"references":[],"title":"Require MFA for Externally-Exposed Applications"},"6.4":{"mappings":[],"references":[],"title":"Require MFA for Remote Network Access"},"6.5":{"mappings":[],"references":[],"title":"Require MFA for Administrative Access"},"6.6":{"mappings":[],"references":[],"title":"Establish and Maintain an Inventory of Authentication and Authorization Systems"},"6.7":{"mappings":[],"references":[],"title":"Centralize Access Control"},"6.8":{"mappings":[],"references":[],"title":"Define and Maintain Role-Based Access Control"},"7.1":{"mappings":[],"references":[],"title":"Establish and Maintain a Vulnerability Management Process"},"7.2":{"mappings":[],"references":[],"title":"Establish and Maintain a Remediation Process"},"7.3":{"mappings":[],"references":[],"title":"Perform Automated Operating System Patch Management"},"7.4":{"mappings":[],"references":[],"title":"Perform Automated Application Patch Management"},"7.5":{"mappings":[],"references":[],"title":"Perform Automated Vulnerability Scans of Internal Enterprise Assets"},"7.6":{"mappings":[],"references":[],"title":"Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets"},"7.7":{"mappings":[],"references":[],"title":"Remediate Detected Vulnerabilities"},"8.1":{"mappings":[],"references":[],"title":"Establish and Maintain an Audit Log Management Process"},"8.10":{"mappings":[],"references":[],"title":"Retain Audit Logs"},"8.11":{"mappings":[],"references":[],"title":"Conduct Audit Log Reviews"},"8.12":{"mappings":[],"references":[],"title":"Collect Service Provider Logs"},"8.2":{"mappings":[],"references":[],"title":"Collect Audit Logs"},"8.3":{"mappings":[],"references":[],"title":"Ensure Adequate Audit Log Storage"},"8.4":{"mappings":[],"references":[],"title":"Standardize Time Synchronization"},"8.5":{"mappings":[],"references":[],"title":"Collect Detailed Audit Logs"},"8.6":{"mappings":[],"references":[],"title":"Collect DNS Query Audit Logs"},"8.7":{"mappings":[],"references":[],"title":"Collect URL Request Audit Logs"},"8.8":{"mappings":[],"references":[],"title":"Collect Command-Line Audit Logs"},"8.9":{"mappings":[],"references":[],"title":"Centralize Audit Logs"},"9.1":{"mappings":[],"references":[],"title":"Ensure Use of Only Fully Supported Browsers and Email Clients"},"9.2":{"mappings":[],"references":[],"title":"Use DNS Filtering Services"},"9.3":{"mappings":[],"references":[],"title":"Maintain and Enforce Network-Based URL Filters"},"9.4":{"mappings":[],"references":[],"title":"Restrict Unnecessary or Unauthorized Browser and Email Client Extensions"},"9.5":{"mappings":[],"references":[],"title":"Implement DMARC"},"9.6":{"mappings":[],"references":[],"title":"Block Unnecessary File Types"},"9.7":{"mappings":[],"references":[],"title":"Deploy and Maintain Email Server Anti-Malware Protections"}},"links":["https://www.cisecurity.org/controls/"],"release_date":"2021-05-01"}}},"CIS-GCP-Foundations":{"category":"CIS","latest_version":"v1.3.0","name":"CIS Google Cloud Platform Foundation Benchmark","versions":{"v1.2.0":{"controls":{"1.1":{"mappings":[],"references":[],"title":"Ensure that corporate login credentials are used (Automated)"},"1.10":{"mappings":[],"references":[],"title":"Ensure KMS encryption keys are rotated within a period of 90 days (Automated)"},"1.11":{"mappings":[],"references":[],"title":"Ensure that Separation of duties is enforced while assigning KMS related roles to users (Automated)"},"1.12":{"mappings":[],"references":[],"title":"Ensure API keys are not created for a project (Manual)"},"1.13":{"mappings":[],"references":[],"title":"Ensure API keys are restricted to use by only specified Hosts and Apps (Manual)"},"1.14":{"mappings":[],"references":[],"title":"Ensure API keys are restricted to only APIs that application needs access (Manual)"},"1.15":{"mappings":[],"references":[],"title":"Ensure API keys are rotated every 90 days (Manual)"},"1.2":{"mappings":[],"references":[],"title":"Ensure that multi-factor authentication is enabled for all non-service accounts (Manual)"},"1.3":{"mappings":[],"references":[],"title":"Ensure that Security Key Enforcement is enabled for all admin accounts (Manual)"},"1.4":{"mappings":[],"references":[],"title":"Ensure that there are only GCP-managed service account keys for each service account (Automated)"},"1.5":{"mappings":[],"references":[],"title":"Ensure that Service Account has no Admin privileges (Automated)"},"1.6":{"mappings":[],"references":[],"title":"Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level (Automated)"},"1.7":{"mappings":[],"references":[],"title":"Ensure user-managed/external keys for service accounts are rotated every 90 days or less (Automated)"},"1.8":{"mappings":[],"references":[],"title":"Ensure that Separation of duties is enforced while assigning service account related roles to users (Manual)"},"1.9":{"mappings":[],"references":[],"title":"Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible (Automated)"},"2.1":{"mappings":[],"references":[],"title":"Ensure that Cloud Audit Logging is configured properly across all services and all users from a project (Automated)"},"2.10":{"mappings":[],"references":[],"title":"Ensure that the log metric filter and alerts exist for Cloud Storage IAM permission changes (Automated)"},"2.11":{"mappings":[],"references":[],"title":"Ensure that the log metric filter and alerts exist for SQL instance configuration changes (Automated)"},"2.12":{"mappings":[],"references":[],"title":"Ensure that Cloud DNS logging is enabled for all VPC networks (Automated)"},"2.2":{"mappings":[],"references":[],"title":"Ensure that sinks are configured for all log entries (Automated)"},"2.3":{"mappings":[],"references":[],"title":"Ensure that retention policies on log buckets are configured using Bucket Lock (Automated)"},"2.4":{"mappings":[],"references":[],"title":"Ensure log metric filter and alerts exist for project ownership assignments/changes (Automated)"},"2.5":{"mappings":[],"references":[],"title":"Ensure that the log metric filter and alerts exist for Audit Configuration changes (Automated)"},"2.6":{"mappings":[],"references":[],"title":"Ensure that the log metric filter and alerts exist for Custom Role changes (Automated)"},"2.7":{"mappings":[],"references":[],"title":"Ensure that the log metric filter and alerts exist for VPC Network Firewall rule changes (Automated)"},"2.8":{"mappings":[],"references":[],"title":"Ensure that the log metric filter and alerts exist for VPC network route changes (Automated)"},"2.9":{"mappings":[],"references":[],"title":"Ensure that the log metric filter and alerts exist for VPC network changes (Automated)"},"3.1":{"mappings":[],"references":[],"title":"Ensure that the default network does not exist in a project (Automated)"},"3.10":{"mappings":[],"references":[],"title":"Ensure Firewall Rules for instances behind Identity Aware Proxy (IAP) only allow the traffic from Google Cloud Loadbalancer (GCLB) Health Check and Proxy Addresses (Manual)"},"3.2":{"mappings":[],"references":[],"title":"Ensure legacy networks do not exist for a project (Automated)"},"3.3":{"mappings":[],"references":[],"title":"Ensure that DNSSEC is enabled for Cloud DNS (Automated)"},"3.4":{"mappings":[],"references":[],"title":"Ensure that RSASHA1 is not used for the key-signing key in Cloud DNS DNSSEC (Manual)"},"3.5":{"mappings":[],"references":[],"title":"Ensure that RSASHA1 is not used for the zone-signing key in Cloud DNS DNSSEC (Manual)"},"3.6":{"mappings":[],"references":[],"title":"Ensure that SSH access is restricted from the internet (Automated)"},"3.7":{"mappings":[],"references":[],"title":"Ensure that RDP access is restricted from the Internet (Automated)"},"3.8":{"mappings":[],"references":[],"title":"Ensure that VPC Flow Logs is enabled for every subnet in a VPC Network (Automated)"},"3.9":{"mappings":[],"references":[],"title":"Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites (Manual)"},"4.1":{"mappings":[],"references":[],"title":"Ensure that instances are not configured to use the default service account (Automated)"},"4.10":{"mappings":[],"references":[],"title":"Ensure that App Engine applications enforce HTTPS connections (Manual)"},"4.11":{"mappings":[],"references":[],"title":"Ensure that Compute instances have Confidential Computing enabled (Automated)"},"4.2":{"mappings":[],"references":[],"title":"Ensure that instances are not configured to use the default service account with full access to all Cloud APIs (Automated)"},"4.3":{"mappings":[],"references":[],"title":"Ensure \"Block Project-wide SSH keys\" is enabled for VM instances (Automated)"},"4.4":{"mappings":[],"references":[],"title":"Ensure oslogin is enabled for a Project (Automated)"},"4.5":{"mappings":[],"references":[],"title":"Ensure 'Enable connecting to serial ports' is not enabled for VM Instance (Automated)"},"4.6":{"mappings":[],"references":[],"title":"Ensure that IP forwarding is not enabled on Instances (Automated)"},"4.7":{"mappings":[],"references":[],"title":"Ensure VM disks for critical VMs are encrypted with Customer-Supplied Encryption Keys (CSEK) (Automated)"},"4.8":{"mappings":[],"references":[],"title":"Ensure Compute instances are launched with Shielded VM enabled (Automated)"},"4.9":{"mappings":[],"references":[],"title":"Ensure that Compute instances do not have public IP addresses (Automated)"},"5.1":{"mappings":[],"references":[],"title":"Ensure that Cloud Storage bucket is not anonymously or publicly accessible (Automated)"},"5.2":{"mappings":[],"references":[],"title":"Ensure that Cloud Storage buckets have uniform bucket- level access enabled (Automated)"},"6.1":{"mappings":[],"references":[],"title":"MySQL Database"},"6.1.1":{"mappings":[],"references":[],"title":"Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges (Automated)"},"6.1.2":{"mappings":[],"references":[],"title":"Ensure 'skip_show_database' database flag for Cloud SQL Mysql instance is set to 'on' (Automated)"},"6.1.3":{"mappings":[],"references":[],"title":"Ensure that the 'local_infile' database flag for a Cloud SQL Mysql instance is set to 'off' (Automated)"},"6.2":{"mappings":[],"references":[],"title":"PostgreSQL Database"},"6.2.1":{"mappings":[],"references":[],"title":"Ensure that the 'log_checkpoints' database flag for Cloud SQL PostgreSQL instance is set to 'on' (Automated)"},"6.2.10":{"mappings":[],"references":[],"title":"Ensure 'log_planner_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' (Automated)"},"6.2.11":{"mappings":[],"references":[],"title":"Ensure 'log_executor_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' (Automated)"},"6.2.12":{"mappings":[],"references":[],"title":"Ensure 'log_statement_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' (Automated)"},"6.2.13":{"mappings":[],"references":[],"title":"Ensure that the 'log_min_messages' database flag for Cloud SQL PostgreSQL instance is set appropriately (Manual)"},"6.2.14":{"mappings":[],"references":[],"title":"Ensure 'log_min_error_statement' database flag for Cloud SQL PostgreSQL instance is set to 'Error' or stricter (Automated)"},"6.2.15":{"mappings":[],"references":[],"title":"Ensure that the 'log_temp_files' database flag for Cloud SQL PostgreSQL instance is set to '0' (on) (Automated)"},"6.2.16":{"mappings":[],"references":[],"title":"Ensure that the 'log_min_duration_statement' database flag for Cloud SQL PostgreSQL instance is set to '-1' (disabled) (Automated)"},"6.2.2":{"mappings":[],"references":[],"title":"Ensure 'log_error_verbosity' database flag for Cloud SQL PostgreSQL instance is set to 'DEFAULT' or stricter (Manual)"},"6.2.3":{"mappings":[],"references":[],"title":"Ensure that the 'log_connections' database flag for Cloud SQL PostgreSQL instance is set to 'on' (Automated)"},"6.2.4":{"mappings":[],"references":[],"title":"Ensure that the 'log_disconnections' database flag for Cloud SQL PostgreSQL instance is set to 'on' (Automated)"},"6.2.5":{"mappings":[],"references":[],"title":"Ensure 'log_duration' database flag for Cloud SQL PostgreSQL instance is set to 'on' (Manual)"},"6.2.6":{"mappings":[],"references":[],"title":"Ensure that the 'log_lock_waits' database flag for Cloud SQL PostgreSQL instance is set to 'on' (Automated)"},"6.2.7":{"mappings":[],"references":[],"title":"Ensure 'log_statement' database flag for Cloud SQL PostgreSQL instance is set appropriately (Manual)"},"6.2.8":{"mappings":[],"references":[],"title":"Ensure 'log_hostname' database flag for Cloud SQL PostgreSQL instance is set appropriately (Automated)"},"6.2.9":{"mappings":[],"references":[],"title":"Ensure 'log_parser_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' (Automated)"},"6.3":{"mappings":[],"references":[],"title":"SQL Server"},"6.3.1":{"mappings":[],"references":[],"title":"Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off' (Automated)"},"6.3.2":{"mappings":[],"references":[],"title":"Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off' (Automated)"},"6.3.3":{"mappings":[],"references":[],"title":"Ensure 'user connections' database flag for Cloud SQL SQL Server instance is set as appropriate (Automated)"},"6.3.4":{"mappings":[],"references":[],"title":"Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured (Automated)"},"6.3.5":{"mappings":[],"references":[],"title":"Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off' (Automated)"},"6.3.6":{"mappings":[],"references":[],"title":"Ensure '3625 (trace flag)' database flag for Cloud SQL SQL Server instance is set to 'off' (Automated)"},"6.3.7":{"mappings":[],"references":[],"title":"Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off' (Automated)"},"6.4":{"mappings":[],"references":[],"title":"Ensure that the Cloud SQL database instance requires all incoming connections to use SSL (Automated)"},"6.5":{"mappings":[],"references":[],"title":"Ensure that Cloud SQL database instances are not open to the world (Automated)"},"6.6":{"mappings":[],"references":[],"title":"Ensure that Cloud SQL database instances do not have public IPs (Automated)"},"6.7":{"mappings":[],"references":[],"title":"Ensure that Cloud SQL database instances are configured with automated backups (Automated)"},"7.1":{"mappings":[],"references":[],"title":"Ensure that BigQuery datasets are not anonymously or publicly accessible (Automated)"},"7.2":{"mappings":[],"references":[],"title":"Ensure that all BigQuery Tables are encrypted with Customer-managed encryption key (CMEK) (Automated)"},"7.3":{"mappings":[],"references":[],"title":"Ensure that a Default Customer-managed encryption key (CMEK) is specified for all BigQuery Data Sets (Automated)"}},"links":[],"release_date":"2021-05-01"},"v1.3.0":{"controls":{"1.1":{"mappings":[],"references":[],"title":"Ensure that Corporate Login Credentials are Used (Manual)"},"1.10":{"mappings":[],"references":[],"title":"Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days (Automated)"},"1.11":{"mappings":[],"references":[],"title":"Ensure That Separation of Duties Is Enforced While Assigning KMS Related Roles to Users (Automated)"},"1.12":{"mappings":[],"references":[],"title":"Ensure API Keys Are Not Created for a Project (Manual)"},"1.13":{"mappings":[],"references":[],"title":"Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps (Manual)"},"1.14":{"mappings":[],"references":[],"title":"Ensure API Keys Are Restricted to Only APIs That Application Needs Access (Manual)"},"1.15":{"mappings":[],"references":[],"title":"Ensure API Keys Are Rotated Every 90 Days (Manual)"},"1.16":{"mappings":[],"references":[],"title":"Ensure Essential Contacts is Configured for Organization (Automated)"},"1.17":{"mappings":[],"references":[],"title":"Ensure that Dataproc Cluster is encrypted using Customer- Managed Encryption Key (Automated)"},"1.18":{"mappings":[],"references":[],"title":"Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager (Manual)"},"1.2":{"mappings":[],"references":[],"title":"Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts (Manual)"},"1.3":{"mappings":[],"references":[],"title":"Ensure that Security Key Enforcement is Enabled for All Admin Accounts (Manual)"},"1.4":{"mappings":[],"references":[],"title":"Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account (Automated)"},"1.5":{"mappings":[],"references":[],"title":"Ensure That Service Account Has No Admin Privileges (Automated)"},"1.6":{"mappings":[],"references":[],"title":"Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level (Automated)"},"1.7":{"mappings":[],"references":[],"title":"Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer (Automated)"},"1.8":{"mappings":[],"references":[],"title":"Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users (Automated)"},"1.9":{"mappings":[],"references":[],"title":"Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly Accessible (Automated)"},"2.1":{"mappings":[],"references":[],"title":"Ensure That Cloud Audit Logging Is Configured Properly Across All Services and All Users From a Project (Automated)"},"2.10":{"mappings":[],"references":[],"title":"Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes (Automated)"},"2.11":{"mappings":[],"references":[],"title":"Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes (Automated)"},"2.12":{"mappings":[],"references":[],"title":"Ensure That Cloud DNS Logging Is Enabled for All VPC Networks (Automated)"},"2.13":{"mappings":[],"references":[],"title":"Ensure Cloud Asset Inventory Is Enabled (Automated)"},"2.14":{"mappings":[],"references":[],"title":"Ensure 'Access Transparency' is 'Enabled' (Manual)"},"2.15":{"mappings":[],"references":[],"title":"Ensure 'Access Approval' is 'Enabled' (Automated)"},"2.2":{"mappings":[],"references":[],"title":"Ensure That Sinks Are Configured for All Log Entries (Automated)"},"2.3":{"mappings":[],"references":[],"title":"Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock (Automated)"},"2.4":{"mappings":[],"references":[],"title":"Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes (Automated)"},"2.5":{"mappings":[],"references":[],"title":"Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes (Automated)"},"2.6":{"mappings":[],"references":[],"title":"Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes (Automated)"},"2.7":{"mappings":[],"references":[],"title":"Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes (Automated)"},"2.8":{"mappings":[],"references":[],"title":"Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes (Automated)"},"2.9":{"mappings":[],"references":[],"title":"Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes (Automated)"},"3.1":{"mappings":[],"references":[],"title":"Ensure That the Default Network Does Not Exist in a Project (Automated)"},"3.10":{"mappings":[],"references":[],"title":"Use Identity Aware Proxy (IAP) to Ensure Only Traffic From Google IP Addresses are 'Allowed' (Manual)"},"3.2":{"mappings":[],"references":[],"title":"Ensure Legacy Networks Do Not Exist for Older Projects (Automated)"},"3.3":{"mappings":[],"references":[],"title":"Ensure That DNSSEC Is Enabled for Cloud DNS (Automated)"},"3.4":{"mappings":[],"references":[],"title":"Ensure That RSASHA1 Is Not Used for the Key-Signing Key in Cloud DNS DNSSEC (Manual)"},"3.5":{"mappings":[],"references":[],"title":"Ensure That RSASHA1 Is Not Used for the Zone-Signing Key in Cloud DNS DNSSEC (Manual)"},"3.6":{"mappings":[],"references":[],"title":"Ensure That SSH Access Is Restricted From the Internet (Automated)"},"3.7":{"mappings":[],"references":[],"title":"Ensure That RDP Access Is Restricted From the Internet (Automated)"},"3.8":{"mappings":[],"references":[],"title":"Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC Network (Automated)"},"3.9":{"mappings":[],"references":[],"title":"Ensure No HTTPS or SSL Proxy Load Balancers Permit SSL Policies With Weak Cipher Suites (Manual)"},"4.1":{"mappings":[],"references":[],"title":"Ensure That Instances Are Not Configured To Use the Default Service Account (Automated)"},"4.10":{"mappings":[],"references":[],"title":"Ensure That App Engine Applications Enforce HTTPS Connections (Manual)"},"4.11":{"mappings":[],"references":[],"title":"Ensure That Compute Instances Have Confidential Computing Enabled (Automated)"},"4.12":{"mappings":[],"references":[],"title":"Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects (Manual)"},"4.2":{"mappings":[],"references":[],"title":"Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs (Automated)"},"4.3":{"mappings":[],"references":[],"title":"Ensure “Block Project-Wide SSH Keys” Is Enabled for VM Instances (Automated)"},"4.4":{"mappings":[],"references":[],"title":"Ensure Oslogin Is Enabled for a Project (Automated)"},"4.5":{"mappings":[],"references":[],"title":"Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance (Automated)"},"4.6":{"mappings":[],"references":[],"title":"Ensure That IP Forwarding Is Not Enabled on Instances (Automated)"},"4.7":{"mappings":[],"references":[],"title":"Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK) (Automated)"},"4.8":{"mappings":[],"references":[],"title":"Ensure Compute Instances Are Launched With Shielded VM Enabled (Automated)"},"4.9":{"mappings":[],"references":[],"title":"Ensure That Compute Instances Do Not Have Public IP Addresses (Automated)"},"5.1":{"mappings":[],"references":[],"title":"Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible (Automated)"},"5.2":{"mappings":[],"references":[],"title":"Ensure That Cloud Storage Buckets Have Uniform Bucket- Level Access Enabled (Automated)"},"6.1.1":{"mappings":[],"references":[],"title":"Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges (Manual)"},"6.1.2":{"mappings":[],"references":[],"title":"Ensure 'Skip_show_database' Database Flag for Cloud SQL MySQL Instance Is Set to 'On' (Automated)"},"6.1.3":{"mappings":[],"references":[],"title":"Ensure That the 'Local_infile' Database Flag for a Cloud SQL MySQL Instance Is Set to 'Off' (Automated)"},"6.2.1":{"mappings":[],"references":[],"title":"Ensure 'Log_error_verbosity' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'DEFAULT' or Stricter (Manual)"},"6.2.2":{"mappings":[],"references":[],"title":"Ensure That the 'Log_connections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On' (Automated)"},"6.2.3":{"mappings":[],"references":[],"title":"Ensure That the 'Log_disconnections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On' (Automated)"},"6.2.4":{"mappings":[],"references":[],"title":"Ensure 'Log_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately (Manual)"},"6.2.5":{"mappings":[],"references":[],"title":"Ensure 'Log_hostname' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'on' (Automated)"},"6.2.6":{"mappings":[],"references":[],"title":"Ensure That the 'Log_min_messages' Database Flag for Cloud SQL PostgreSQL Instance Is Set to at least 'Warning' (Manual)"},"6.2.7":{"mappings":[],"references":[],"title":"Ensure 'Log_min_error_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'Error' or Stricter (Automated)"},"6.2.8":{"mappings":[],"references":[],"title":"Ensure That the 'Log_min_duration_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to '-1′ (Disabled) (Automated)"},"6.2.9":{"mappings":[],"references":[],"title":"Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging (Automated)"},"6.3.1":{"mappings":[],"references":[],"title":"Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off' (Automated)"},"6.3.2":{"mappings":[],"references":[],"title":"Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off' (Automated)"},"6.3.3":{"mappings":[],"references":[],"title":"Ensure 'user Connections' Database Flag for Cloud Sql Sql Server Instance Is Set to a Non-limiting Value (Automated)"},"6.3.4":{"mappings":[],"references":[],"title":"Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured (Automated)"},"6.3.5":{"mappings":[],"references":[],"title":"Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off' (Automated)"},"6.3.6":{"mappings":[],"references":[],"title":"Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'off' (Automated)"},"6.3.7":{"mappings":[],"references":[],"title":"Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off' (Automated)"},"6.4":{"mappings":[],"references":[],"title":"Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL (Automated)"},"6.5":{"mappings":[],"references":[],"title":"Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses (Automated)"},"6.6":{"mappings":[],"references":[],"title":"Ensure That Cloud SQL Database Instances Do Not Have Public IPs (Automated)"},"6.7":{"mappings":[],"references":[],"title":"Ensure That Cloud SQL Database Instances Are Configured With Automated Backups (Automated)"},"7.1":{"mappings":[],"references":[],"title":"Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible (Manual)"},"7.2":{"mappings":[],"references":[],"title":"Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK) (Automated)"},"7.3":{"mappings":[],"references":[],"title":"Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets (Manual)"}},"release_date":"2022-03-31"}}},"CIS-Kubernetes-Foundations":{"category:":"CIS","latest_version":"v1.6.0","name":" CIS Kubernetes Benchmark","versions":{"v1.6.0":{"controls":{"1.1.1":{"mappings":[],"references":[],"title":"Ensure that the API server pod specification file permissions are set to 644 or more restrictive (Automated)"},"1.1.10":{"mappings":[],"references":[],"title":"Ensure that the Container Network Interface file ownership is set to root:root (Manual)"},"1.1.11":{"mappings":[],"references":[],"title":"Ensure that the etcd data directory permissions are set to 700 or more restrictive (Automated)"},"1.1.12":{"mappings":[],"references":[],"title":"Ensure that the etcd data directory ownership is set to etcd:etcd (Automated)"},"1.1.13":{"mappings":[],"references":[],"title":"Ensure that the admin.conf file permissions are set to 644 or more restrictive (Automated)"},"1.1.14":{"mappings":[],"references":[],"title":"Ensure that the admin.conf file ownership is set to root:root (Automated)"},"1.1.15":{"mappings":[],"references":[],"title":"Ensure that the scheduler.conf file permissions are set to 644 or more restrictive (Automated)"},"1.1.16":{"mappings":[],"references":[],"title":"Ensure that the scheduler.conf file ownership is set to root:root (Automated)"},"1.1.17":{"mappings":[],"references":[],"title":"Ensure that the controller-manager.conf file permissions are set to 644 or more restrictive (Automated)"},"1.1.18":{"mappings":[],"references":[],"title":"Ensure that the controller-manager.conf file ownership is set to root:root (Automated)"},"1.1.19":{"mappings":[],"references":[],"title":"Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Automated)"},"1.1.2":{"mappings":[],"references":[],"title":"Ensure that the API server pod specification file ownership is set to root:root (Automated)"},"1.1.20":{"mappings":[],"references":[],"title":"Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictive (Manual)"},"1.1.21":{"mappings":[],"references":[],"title":"Ensure that the Kubernetes PKI key file permissions are set to 600 (Manual)"},"1.1.3":{"mappings":[],"references":[],"title":"Ensure that the controller manager pod specification file permissions are set to 644 or more restrictive (Automated)"},"1.1.4":{"mappings":[],"references":[],"title":"Ensure that the controller manager pod specification file ownership is set to root:root (Automated)"},"1.1.5":{"mappings":[],"references":[],"title":"Ensure that the scheduler pod specification file permissions are set to 644 or more restrictive (Automated)"},"1.1.6":{"mappings":[],"references":[],"title":"Ensure that the scheduler pod specification file ownership is set to root:root (Automated)"},"1.1.7":{"mappings":[],"references":[],"title":"Ensure that the etcd pod specification file permissions are set to 644 or more restrictive (Automated)"},"1.1.8":{"mappings":[],"references":[],"title":"Ensure that the etcd pod specification file ownership is set to root:root (Automated)"},"1.1.9":{"mappings":[],"references":[],"title":"Ensure that the Container Network Interface file permissions are set to 644 or more restrictive (Manual)"},"1.2.1":{"mappings":[],"references":[],"title":"Ensure that the --anonymous-auth argument is set to false (Manual)"},"1.2.10":{"mappings":[],"references":[],"title":"Ensure that the admission control plugin EventRateLimit is set (Manual)"},"1.2.11":{"mappings":[],"references":[],"title":"Ensure that the admission control plugin AlwaysAdmit is not set (Automated)"},"1.2.12":{"mappings":[],"references":[],"title":"Ensure that the admission control plugin AlwaysPullImages is set (Manual)"},"1.2.13":{"mappings":[],"references":[],"title":"Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used (Manual)"},"1.2.14":{"mappings":[],"references":[],"title":"Ensure that the admission control plugin ServiceAccount is set (Automated)"},"1.2.15":{"mappings":[],"references":[],"title":"Ensure that the admission control plugin NamespaceLifecycle is set (Automated)"},"1.2.16":{"mappings":[],"references":[],"title":"Ensure that the admission control plugin PodSecurityPolicy is set (Automated)"},"1.2.17":{"mappings":[],"references":[],"title":"Ensure that the admission control plugin NodeRestriction is set (Automated)"},"1.2.18":{"mappings":[],"references":[],"title":"Ensure that the --insecure-bind-address argument is not set (Automated)"},"1.2.19":{"mappings":[],"references":[],"title":"Ensure that the --insecure-port argument is set to 0 (Automated)"},"1.2.2":{"mappings":[],"references":[],"title":"Ensure that the --basic-auth-file argument is not set (Automated)"},"1.2.20":{"mappings":[],"references":[],"title":"Ensure that the --secure-port argument is not set to 0 (Automated)"},"1.2.21":{"mappings":[],"references":[],"title":"Ensure that the --profiling argument is set to false (Automated)"},"1.2.22":{"mappings":[],"references":[],"title":"Ensure that the --audit-log-path argument is set (Automated)"},"1.2.23":{"mappings":[],"references":[],"title":"Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Automated)"},"1.2.24":{"mappings":[],"references":[],"title":"Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Automated)"},"1.2.25":{"mappings":[],"references":[],"title":"Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Automated)"},"1.2.26":{"mappings":[],"references":[],"title":"Ensure that the --request-timeout argument is set as appropriate (Automated)"},"1.2.27":{"mappings":[],"references":[],"title":"Ensure that the --service-account-lookup argument is set to true (Automated)"},"1.2.28":{"mappings":[],"references":[],"title":"Ensure that the --service-account-key-file argument is set as appropriate (Automated)"},"1.2.29":{"mappings":[],"references":[],"title":"Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Automated)"},"1.2.3":{"mappings":[],"references":[],"title":"Ensure that the --token-auth-file parameter is not set (Automated)"},"1.2.30":{"mappings":[],"references":[],"title":"Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate (Automated)"},"1.2.31":{"mappings":[],"references":[],"title":"Ensure that the --client-ca-file argument is set as appropriate (Automated)"},"1.2.32":{"mappings":[],"references":[],"title":"Ensure that the --etcd-cafile argument is set as appropriate (Automated)"},"1.2.33":{"mappings":[],"references":[],"title":"Ensure that the --encryption-provider-config argument is set as appropriate (Manual)"},"1.2.34":{"mappings":[],"references":[],"title":"Ensure that encryption providers are appropriately configured (Manual)"},"1.2.35":{"mappings":[],"references":[],"title":"Ensure that the API Server only makes use of Strong Cryptographic Ciphers (Manual)"},"1.2.4":{"mappings":[],"references":[],"title":"Ensure that the --kubelet-https argument is set to true (Automated)"},"1.2.5":{"mappings":[],"references":[],"title":"Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate (Automated)"},"1.2.6":{"mappings":[],"references":[],"title":"Ensure that the --kubelet-certificate-authority argument is set as appropriate (Automated)"},"1.2.7":{"mappings":[],"references":[],"title":"Ensure that the --authorization-mode argument is not set to AlwaysAllow (Automated)"},"1.2.8":{"mappings":[],"references":[],"title":"Ensure that the --authorization-mode argument includes Node (Automated)"},"1.2.9":{"mappings":[],"references":[],"title":"Ensure that the --authorization-mode argument includes RBAC (Automated)"},"1.3.1":{"mappings":[],"references":[],"title":"Ensure that the --terminated-pod-gc-threshold argument is"},"1.3.2":{"mappings":[],"references":[],"title":"Ensure that the --profiling argument is set to false (Automated)"},"1.3.3":{"mappings":[],"references":[],"title":"Ensure that the --use-service-account-credentials argument is set to true (Automated)"},"1.3.4":{"mappings":[],"references":[],"title":"Ensure that the --service-account-private-key-file argument is set as appropriate (Automated)"},"1.3.5":{"mappings":[],"references":[],"title":"Ensure that the --root-ca-file argument is set as appropriate (Automated)"},"1.3.6":{"mappings":[],"references":[],"title":"Ensure that the RotateKubeletServerCertificate argument is set to true (Automated)"},"1.3.7":{"mappings":[],"references":[],"title":"Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)"},"1.4.1":{"mappings":[],"references":[],"title":"Ensure that the --profiling argument is set to false (Automated)"},"1.4.2":{"mappings":[],"references":[],"title":"Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)"},"2.1":{"mappings":[],"references":[],"title":"Ensure that the --cert-file and --key-file arguments are set as"},"2.2":{"mappings":[],"references":[],"title":"Ensure that the --client-cert-auth argument is set to true (Automated)"},"2.3":{"mappings":[],"references":[],"title":"Ensure that the --auto-tls argument is not set to true (Automated)"},"2.4":{"mappings":[],"references":[],"title":"Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate (Automated)"},"2.5":{"mappings":[],"references":[],"title":"Ensure that the --peer-client-cert-auth argument is set to true (Automated)"},"2.6":{"mappings":[],"references":[],"title":"Ensure that the --peer-auto-tls argument is not set to true (Automated)"},"2.7":{"mappings":[],"references":[],"title":"Ensure that a unique Certificate Authority is used for etcd (Manual)"},"3.1.1":{"mappings":[],"references":[],"title":"Client certificate authentication should not be used for users (Manual)"},"3.2":{"mappings":[],"references":[],"title":"Logging"},"3.2.1":{"mappings":[],"references":[],"title":"Ensure that a minimal audit policy is created (Manual)"},"3.2.2":{"mappings":[],"references":[],"title":"Ensure that the audit policy covers key security concerns (Manual)"},"4.1.1":{"mappings":[],"references":[],"title":"Ensure that the kubelet service file permissions are set to 644 or more restrictive (Automated)"},"4.1.10":{"mappings":[],"references":[],"title":"Ensure that the kubelet --config configuration file ownership is set to root:root (Automated)"},"4.1.2":{"mappings":[],"references":[],"title":"Ensure that the kubelet service file ownership is set to root:root (Automated)"},"4.1.3":{"mappings":[],"references":[],"title":"If proxy kubeconfig file exists ensure permissions are set to 644 or more restrictive (Manual)"},"4.1.4":{"mappings":[],"references":[],"title":"If proxy kubeconfig file exists ensure ownership is set to root:root (Manual)"},"4.1.5":{"mappings":[],"references":[],"title":"Ensure that the --kubeconfig kubelet.conf file permissions are set to 644 or more restrictive (Automated)"},"4.1.6":{"mappings":[],"references":[],"title":"Ensure that the --kubeconfig kubelet.conf file ownership is set to root:root (Manual)"},"4.1.7":{"mappings":[],"references":[],"title":"Ensure that the certificate authorities file permissions are set to 644 or more restrictive (Manual)"},"4.1.8":{"mappings":[],"references":[],"title":"Ensure that the client certificate authorities file ownership is set to root:root (Manual)"},"4.1.9":{"mappings":[],"references":[],"title":"Ensure that the kubelet --config configuration file has permissions set to 644 or more restrictive (Automated)"},"4.2.1":{"mappings":[],"references":[],"title":"Ensure that the --anonymous-auth argument is set to false (Automated)"},"4.2.10":{"mappings":[],"references":[],"title":"Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate (Manual)"},"4.2.11":{"mappings":[],"references":[],"title":"Ensure that the --rotate-certificates argument is not set to false (Manual)"},"4.2.12":{"mappings":[],"references":[],"title":"Verify that the RotateKubeletServerCertificate argument is set to true (Manual)"},"4.2.13":{"mappings":[],"references":[],"title":"Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers (Manual)"},"4.2.2":{"mappings":[],"references":[],"title":"Ensure that the --authorization-mode argument is not set to AlwaysAllow (Automated)"},"4.2.3":{"mappings":[],"references":[],"title":"Ensure that the --client-ca-file argument is set as appropriate (Automated)"},"4.2.4":{"mappings":[],"references":[],"title":"Verify that the --read-only-port argument is set to 0 (Manual)"},"4.2.5":{"mappings":[],"references":[],"title":"Ensure that the --streaming-connection-idle-timeout argument is not set to 0 (Manual)"},"4.2.6":{"mappings":[],"references":[],"title":"Ensure that the --protect-kernel-defaults argument is set to true (Automated)"},"4.2.7":{"mappings":[],"references":[],"title":"Ensure that the --make-iptables-util-chains argument is set to true (Automated)"},"4.2.8":{"mappings":[],"references":[],"title":"Ensure that the --hostname-override argument is not set (Manual)"},"4.2.9":{"mappings":[],"references":[],"title":"Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture (Manual)"},"5.1.1":{"mappings":[],"references":[],"title":"Ensure that the cluster-admin role is only used where required (Manual)"},"5.1.2":{"mappings":[],"references":[],"title":"Minimize access to secrets (Manual)"},"5.1.3":{"mappings":[],"references":[],"title":"Minimize wildcard use in Roles and ClusterRoles (Manual)"},"5.1.4":{"mappings":[],"references":[],"title":"Minimize access to create pods (Manual)"},"5.1.5":{"mappings":[],"references":[],"title":"Ensure that default service accounts are not actively used."},"5.1.6":{"mappings":[],"references":[],"title":"Ensure that Service Account Tokens are only mounted where necessary (Manual)"},"5.2":{"mappings":[],"references":[],"title":"Pod Security Policies"},"5.2.1":{"mappings":[],"references":[],"title":"Minimize the admission of privileged containers (Manual)"},"5.2.2":{"mappings":[],"references":[],"title":"Minimize the admission of containers wishing to share the host process ID namespace (Manual)"},"5.2.3":{"mappings":[],"references":[],"title":"Minimize the admission of containers wishing to share the host IPC namespace (Manual)"},"5.2.4":{"mappings":[],"references":[],"title":"Minimize the admission of containers wishing to share the host network namespace (Manual)"},"5.2.5":{"mappings":[],"references":[],"title":"Minimize the admission of containers with allowPrivilegeEscalation (Manual)"},"5.2.6":{"mappings":[],"references":[],"title":"Minimize the admission of root containers (Manual)"},"5.2.7":{"mappings":[],"references":[],"title":"Minimize the admission of containers with the NET_RAW capability (Manual)"},"5.2.8":{"mappings":[],"references":[],"title":"Minimize the admission of containers with added capabilities (Manual)"},"5.2.9":{"mappings":[],"references":[],"title":"Minimize the admission of containers with capabilities assigned (Manual)"},"5.3.1":{"mappings":[],"references":[],"title":"Ensure that the CNI in use supports Network Policies (Manual)"},"5.3.2":{"mappings":[],"references":[],"title":"Ensure that all Namespaces have Network Policies defined (Manual)"},"5.4.1":{"mappings":[],"references":[],"title":"Prefer using secrets as files over secrets as environment variables (Manual)"},"5.4.2":{"mappings":[],"references":[],"title":"Consider external secret storage (Manual)"},"5.5":{"mappings":[],"references":[],"title":"Extensible Admission Control"},"5.5.1":{"mappings":[],"references":[],"title":"Configure Image Provenance using ImagePolicyWebhook admission controller (Manual)"},"5.7.1":{"mappings":[],"references":[],"title":"Create administrative boundaries between resources using namespaces (Manual)"},"5.7.2":{"mappings":[],"references":[],"title":"Ensure that the seccomp profile is set to docker/default in your pod definitions (Manual)"},"5.7.3":{"mappings":[],"references":[],"title":"Apply Security Context to Your Pods and Containers (Manual)"},"5.7.4":{"mappings":[],"references":[],"title":"The default namespace should not be used (Manual)"}},"links":["https://www.cisecurity.org/benchmark/kubernetes/"],"release_date":"2020-07-23"}}},"CSA-CCM":{"category":"CSA-CCM","latest_version":"v4.0.5","name":"Cloud Controls Matrix","versions":{"v4.0.4":{"controls":{"A\u0026A-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain audit and assurance policies and procedures and standards. Review and update the policies and procedures at least annually."},"A\u0026A-02":{"mappings":[],"references":[],"title":"Conduct independent audit and assurance assessments according to relevant standards at least annually."},"A\u0026A-03":{"mappings":[],"references":[],"title":"Perform independent audit and assurance assessments according to risk-based plans and policies."},"A\u0026A-04":{"mappings":[],"references":[],"title":"Verify compliance with all relevant standards, regulations, legal/contractual, and statutory requirements applicable to the audit."},"A\u0026A-05":{"mappings":[],"references":[],"title":"Define and implement an Audit Management process to support audit planning, risk analysis, security control assessment, conclusion, remediation schedules, report generation, and review of past reports and supporting evidence."},"A\u0026A-06":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain a risk-based corrective action plan to remediate audit findings, review and report remediation status to relevant stakeholders."},"AIS-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for application security to provide guidance to the appropriate planning, delivery and support of the organization's application security capabilities. Review and update the policies and procedures at least annually."},"AIS-02":{"mappings":[],"references":[],"title":"Establish, document and maintain baseline requirements for securing different applications."},"AIS-03":{"mappings":[],"references":[],"title":"Define and implement technical and operational metrics in alignment with business objectives, security requirements, and compliance obligations."},"AIS-04":{"mappings":[],"references":[],"title":"Define and implement a SDLC process for application design, development, deployment, and operation in accordance with security requirements defined by the organization."},"AIS-05":{"mappings":[],"references":[],"title":"Implement a testing strategy, including criteria for acceptance of new information systems, upgrades and new versions, which provides application security assurance and maintains compliance while enabling organizational speed of delivery goals. Automate when applicable and possible."},"AIS-06":{"mappings":[],"references":[],"title":"Establish and implement strategies and capabilities for secure, standardized, and compliant application deployment. Automate where possible."},"AIS-07":{"mappings":[],"references":[],"title":"Define and implement a process to remediate application security vulnerabilities, automating remediation when possible."},"BCR-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain business continuity management and operational resilience policies and procedures. Review and update the policies and procedures at least annually."},"BCR-02":{"mappings":[],"references":[],"title":"Determine the impact of business disruptions and risks to establish criteria for developing business continuity and operational resilience strategies and capabilities."},"BCR-03":{"mappings":[],"references":[],"title":"Establish strategies to reduce the impact of, withstand, and recover from business disruptions within risk appetite."},"BCR-04":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain a business continuity plan based on the results of the operational resilience strategies and capabilities."},"BCR-05":{"mappings":[],"references":[],"title":"Develop, identify, and acquire documentation that is relevant to support the business continuity and operational resilience programs. Make the documentation available to authorized stakeholders and review periodically."},"BCR-06":{"mappings":[],"references":[],"title":"Exercise and test business continuity and operational resilience plans at least annually or upon significant changes."},"BCR-07":{"mappings":[],"references":[],"title":"Establish communication with stakeholders and participants in the course of business continuity and resilience procedures."},"BCR-08":{"mappings":[],"references":[],"title":"Periodically backup data stored in the cloud. Ensure the confidentiality, integrity and availability of the backup, and verify data restoration from backup for resiliency."},"BCR-09":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain a disaster response plan to recover from natural and man-made disasters. Update the plan at least annually or upon significant changes."},"BCR-10":{"mappings":[],"references":[],"title":"Exercise the disaster response plan annually or upon significant changes, including if possible local emergency authorities."},"BCR-11":{"mappings":[],"references":[],"title":"Supplement business-critical equipment with redundant equipment independently located at a reasonable minimum distance in accordance with applicable industry standards."},"CCC-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for managing the risks associated with applying changes to organization assets, including application, systems, infrastructure, configuration, etc., regardless of whether the assets are managed internally or externally (i.e., outsourced). Review and update the policies and procedures at least annually."},"CCC-02":{"mappings":[],"references":[],"title":"Follow a defined quality change control, approval and testing process with established baselines, testing, and release standards."},"CCC-03":{"mappings":[],"references":[],"title":"Manage the risks associated with applying changes to organization assets, including application, systems, infrastructure, configuration, etc., regardless of whether the assets are managed internally or externally (i.e., outsourced)."},"CCC-04":{"mappings":[],"references":[],"title":"Restrict the unauthorized addition, removal, update, and management of organization assets."},"CCC-05":{"mappings":[],"references":[],"title":"Include provisions limiting changes directly impacting CSCs owned environments/tenants to explicitly authorized requests within service level agreements between CSPs and CSCs."},"CCC-06":{"mappings":[],"references":[],"title":"Establish change management baselines for all relevant authorized changes on organization assets."},"CCC-07":{"mappings":[],"references":[],"title":"Implement detection measures with proactive notification in case of changes deviating from the established baseline."},"CCC-08":{"mappings":[],"references":[],"title":"Implement a procedure for the management of exceptions, including emergencies, in the change and configuration process. Align the procedure with the requirements of GRC-04: Policy Exception Process."},"CCC-09":{"mappings":[],"references":[],"title":"Define and implement a process to proactively roll back changes to a previous known good state in case of errors or security concerns."},"CEK-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for Cryptography, Encryption and Key Management. Review and update the policies and procedures at least annually."},"CEK-02":{"mappings":[],"references":[],"title":"Define and implement cryptographic, encryption and key management roles and responsibilities."},"CEK-03":{"mappings":[],"references":[],"title":"Provide cryptographic protection to data at-rest and in-transit, using cryptographic libraries certified to approved standards."},"CEK-04":{"mappings":[],"references":[],"title":"Use encryption algorithms that are appropriate for data protection, considering the classification of data, associated risks, and usability of the encryption technology."},"CEK-05":{"mappings":[],"references":[],"title":"Establish a standard change management procedure, to accommodate changes from internal and external sources, for review, approval, implementation and communication of cryptographic, encryption and key management technology changes."},"CEK-06":{"mappings":[],"references":[],"title":"Manage and adopt changes to cryptography-, encryption-, and key management-related systems (including policies and procedures) that fully account for downstream effects of proposed changes, including residual risk, cost, and benefits analysis."},"CEK-07":{"mappings":[],"references":[],"title":"Establish and maintain an encryption and key management risk program that includes provisions for risk assessment, risk treatment, risk context, monitoring, and feedback."},"CEK-08":{"mappings":[],"references":[],"title":"CSPs must provide the capability for CSCs to manage their own data encryption keys."},"CEK-09":{"mappings":[],"references":[],"title":"Audit encryption and key management systems, policies, and processes with a frequency that is proportional to the risk exposure of the system with audit occurring preferably continuously but at least annually and after any security event(s)."},"CEK-10":{"mappings":[],"references":[],"title":"Generate Cryptographic keys using industry accepted cryptographic libraries specifying the algorithm strength and the random number generator used."},"CEK-11":{"mappings":[],"references":[],"title":"Manage cryptographic secret and private keys that are provisioned for a unique purpose."},"CEK-12":{"mappings":[],"references":[],"title":"Rotate cryptographic keys in accordance with the calculated cryptoperiod, which includes provisions for considering the risk of information disclosure and legal and regulatory requirements."},"CEK-13":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to revoke and remove cryptographic keys prior to the end of its established cryptoperiod, when a key is compromised, or an entity is no longer part of the organization, which include provisions for legal and regulatory requirements."},"CEK-14":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to destroy keys stored outside a secure environment and revoke keys stored in Hardware Security Modules (HSMs) when they are no longer needed, which include provisions for legal and regulatory requirements."},"CEK-15":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to create keys in a pre-activated state when they have been generated but not authorized for use, which include provisions for legal and regulatory requirements."},"CEK-16":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to monitor, review and approve key transitions from any state to/from suspension, which include provisions for legal and regulatory requirements."},"CEK-17":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to deactivate keys at the time of their expiration date, which include provisions for legal and regulatory requirements."},"CEK-18":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to manage archived keys in a secure repository requiring least privilege access, which include provisions for legal and regulatory requirements."},"CEK-19":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to use compromised keys to encrypt information only in controlled circumstance, and thereafter exclusively for decrypting data and never for encrypting data, which include provisions for legal and regulatory requirements."},"CEK-20":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to assess the risk to operational continuity versus the risk of the keying material and the information it protects being exposed if control of the keying material is lost, which include provisions for legal and regulatory requirements."},"CEK-21":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures in order for the key management system to track and report all cryptographic materials and changes in status, which include provisions for legal and regulatory requirements."},"DCS-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the secure disposal of equipment used outside the organization's premises. If the equipment is not physically destroyed a data destruction procedure that renders recovery of information impossible must be applied. Review and update the policies and procedures at least annually."},"DCS-02":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the relocation or transfer of hardware, software, or data/information to an offsite or alternate location. The relocation or transfer request requires the written or cryptographically verifiable authorization. Review and update the policies and procedures at least annually."},"DCS-03":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for maintaining a safe and secure working environment in offices, rooms, and facilities. Review and update the policies and procedures at least annually."},"DCS-04":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the secure transportation of physical media. Review and update the policies and procedures at least annually."},"DCS-05":{"mappings":[],"references":[],"title":"Classify and document the physical, and logical assets (e.g., applications) based on the organizational business risk."},"DCS-06":{"mappings":[],"references":[],"title":"Catalogue and track all relevant physical and logical assets located at all of the CSP's sites within a secured system."},"DCS-07":{"mappings":[],"references":[],"title":"Implement physical security perimeters to safeguard personnel, data, and information systems. Establish physical security perimeters between the administrative and business areas and the data storage and processing facilities areas."},"DCS-08":{"mappings":[],"references":[],"title":"Use equipment identification as a method for connection authentication."},"DCS-09":{"mappings":[],"references":[],"title":"Allow only authorized personnel access to secure areas, with all ingress and egress points restricted, documented, and monitored by physical access control mechanisms. Retain access control records on a periodic basis as deemed appropriate by the organization."},"DCS-10":{"mappings":[],"references":[],"title":"Implement, maintain, and operate datacenter surveillance systems at the external perimeter and at all the ingress and egress points to detect unauthorized ingress and egress attempts."},"DCS-11":{"mappings":[],"references":[],"title":"Train datacenter personnel to respond to unauthorized ingress or egress attempts."},"DCS-12":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures that ensure a risk-based protection of power and telecommunication cables from a threat of interception, interference or damage at all facilities, offices and rooms."},"DCS-13":{"mappings":[],"references":[],"title":"Implement and maintain data center environmental control systems that monitor, maintain and test for continual effectiveness the temperature and humidity conditions within accepted industry standards."},"DCS-14":{"mappings":[],"references":[],"title":"Secure, monitor, maintain, and test utilities services for continual effectiveness at planned intervals."},"DCS-15":{"mappings":[],"references":[],"title":"Keep business-critical equipment away from locations subject to high probability for environmental risk events."},"DSP-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the classification, protection and handling of data throughout its lifecycle, and according to all applicable laws and regulations, standards, and risk level. Review and update the policies and procedures at least annually."},"DSP-02":{"mappings":[],"references":[],"title":"Apply industry accepted methods for the secure disposal of data from storage media such that data is not recoverable by any forensic means."},"DSP-03":{"mappings":[],"references":[],"title":"Create and maintain a data inventory, at least for any sensitive data and personal data."},"DSP-04":{"mappings":[],"references":[],"title":"Classify data according to its type and sensitivity level."},"DSP-05":{"mappings":[],"references":[],"title":"Create data flow documentation to identify what data is processed, stored or transmitted where. Review data flow documentation at defined intervals, at least annually, and after any change."},"DSP-06":{"mappings":[],"references":[],"title":"Document ownership and stewardship of all relevant documented personal and sensitive data. Perform review at least annually."},"DSP-07":{"mappings":[],"references":[],"title":"Develop systems, products, and business practices based upon a principle of security by design and industry best practices."},"DSP-08":{"mappings":[],"references":[],"title":"Develop systems, products, and business practices based upon a principle of privacy by design and industry best practices. Ensure that systems' privacy settings are configured by default, according to all applicable laws and regulations."},"DSP-09":{"mappings":[],"references":[],"title":"Conduct a Data Protection Impact Assessment (DPIA) to evaluate the origin, nature, particularity and severity of the risks upon the processing of personal data, according to any applicable laws, regulations and industry best practices."},"DSP-10":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures that ensure any transfer of personal or sensitive data is protected from unauthorized access and only processed within scope as permitted by the respective laws and regulations."},"DSP-11":{"mappings":[],"references":[],"title":"Define and implement, processes, procedures and technical measures to enable data subjects to request access to, modification, or deletion of their personal data, according to any applicable laws and regulations."},"DSP-12":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to ensure that personal data is processed according to any applicable laws and regulations and for the purposes declared to the data subject."},"DSP-13":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the transfer and sub-processing of personal data within the service supply chain, according to any applicable laws and regulations."},"DSP-14":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to disclose the details of any personal or sensitive data access by sub-processors to the data owner prior to initiation of that processing."},"DSP-15":{"mappings":[],"references":[],"title":"Obtain authorization from data owners, and manage associated risk before replicating or using production data in non-production environments."},"DSP-16":{"mappings":[],"references":[],"title":"Data retention, archiving and deletion is managed in accordance with business requirements, applicable laws and regulations."},"DSP-17":{"mappings":[],"references":[],"title":"Define and implement, processes, procedures and technical measures to protect sensitive data throughout it's lifecycle."},"DSP-18":{"mappings":[],"references":[],"title":"The CSP must have in place, and describe to CSCs the procedure to manage and respond to requests for disclosure of Personal Data by Law Enforcement Authorities according to applicable laws and regulations. The CSP must give special attention to the notification procedure to interested CSCs, unless otherwise prohibited, such as a prohibition under criminal law to preserve confidentiality of a law enforcement investigation."},"DSP-19":{"mappings":[],"references":[],"title":"Define and implement, processes, procedures and technical measures to specify and document the physical locations of data, including any locations in which data is processed or backed up."},"GRC-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for an information governance program, which is sponsored by the leadership of the organization. Review and update the policies and procedures at least annually."},"GRC-02":{"mappings":[],"references":[],"title":"Establish a formal, documented, and leadership-sponsored Enterprise Risk Management (ERM) program that includes policies and procedures for identification, evaluation, ownership, treatment, and acceptance of cloud security and privacy risks."},"GRC-03":{"mappings":[],"references":[],"title":"Review all relevant organizational policies and associated procedures at least annually or when a substantial change occurs within the organization."},"GRC-04":{"mappings":[],"references":[],"title":"Establish and follow an approved exception process as mandated by the governance program whenever a deviation from an established policy occurs."},"GRC-05":{"mappings":[],"references":[],"title":"Develop and implement an Information Security Program, which includes programs for all the relevant domains of the CCM."},"GRC-06":{"mappings":[],"references":[],"title":"Define and document roles and responsibilities for planning, implementing, operating, assessing, and improving governance programs."},"GRC-07":{"mappings":[],"references":[],"title":"Identify and document all relevant standards, regulations, legal/contractual, and statutory requirements, which are applicable to your organization."},"GRC-08":{"mappings":[],"references":[],"title":"Establish and maintain contact with cloud-related special interest groups and other relevant entities in line with business context."},"HRS-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for background verification of all new employees (including but not limited to remote employees, contractors, and third parties) according to local laws, regulations, ethics, and contractual constraints and proportional to the data classification to be accessed, the business requirements, and acceptable risk. Review and update the policies and procedures at least annually."},"HRS-02":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for defining allowances and conditions for the acceptable use of organizationally-owned or managed assets. Review and update the policies and procedures at least annually."},"HRS-03":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures that require unattended workspaces to not have openly visible confidential data. Review and update the policies and procedures at least annually."},"HRS-04":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures to protect information accessed, processed or stored at remote sites and locations. Review and update the policies and procedures at least annually."},"HRS-05":{"mappings":[],"references":[],"title":"Establish and document procedures for the return of organization-owned assets by terminated employees."},"HRS-06":{"mappings":[],"references":[],"title":"Establish, document, and communicate to all personnel the procedures outlining the roles and responsibilities concerning changes in employment."},"HRS-07":{"mappings":[],"references":[],"title":"Employees sign the employee agreement prior to being granted access to organizational information systems, resources and assets."},"HRS-08":{"mappings":[],"references":[],"title":"The organization includes within the employment agreements provisions and/or terms for adherence to established information governance and security policies."},"HRS-09":{"mappings":[],"references":[],"title":"Document and communicate roles and responsibilities of employees, as they relate to information assets and security."},"HRS-10":{"mappings":[],"references":[],"title":"Identify, document, and review, at planned intervals, requirements for non-disclosure/confidentiality agreements reflecting the organization's needs for the protection of data and operational details."},"HRS-11":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain a security awareness training program for all employees of the organization and provide regular training updates."},"HRS-12":{"mappings":[],"references":[],"title":"Provide all employees with access to sensitive organizational and personal data with appropriate security awareness training and regular updates in organizational procedures, processes, and policies relating to their professional function relative to the organization."},"HRS-13":{"mappings":[],"references":[],"title":"Make employees aware of their roles and responsibilities for maintaining awareness and compliance with established policies and procedures and applicable legal, statutory, or regulatory compliance obligations."},"IAM-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, implement, apply, evaluate and maintain policies and procedures for identity and access management. Review and update the policies and procedures at least annually."},"IAM-02":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, implement, apply, evaluate and maintain strong password policies and procedures. Review and update the policies and procedures at least annually."},"IAM-03":{"mappings":[],"references":[],"title":"Manage, store, and review the information of system identities, and level of access."},"IAM-04":{"mappings":[],"references":[],"title":"Employ the separation of duties principle when implementing information system access."},"IAM-05":{"mappings":[],"references":[],"title":"Employ the least privilege principle when implementing information system access."},"IAM-06":{"mappings":[],"references":[],"title":"Define and implement a user access provisioning process which authorizes, records, and communicates access changes to data and assets."},"IAM-07":{"mappings":[],"references":[],"title":"De-provision or respectively modify access of movers / leavers or system identity changes in a timely manner in order to effectively adopt and communicate identity and access management policies."},"IAM-08":{"mappings":[],"references":[],"title":"Review and revalidate user access for least privilege and separation of duties with a frequency that is commensurate with organizational risk tolerance."},"IAM-09":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the segregation of privileged access roles such that administrative access to data, encryption and key management capabilities and logging capabilities are distinct and separated."},"IAM-10":{"mappings":[],"references":[],"title":"Define and implement an access process to ensure privileged access roles and rights are granted for a time limited period, and implement procedures to prevent the culmination of segregated privileged access."},"IAM-11":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes and procedures for customers to participate, where applicable, in the granting of access for agreed, high risk (as defined by the organizational risk assessment) privileged access roles."},"IAM-12":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to ensure the logging infrastructure is read-only for all with write access, including privileged access roles, and that the ability to disable it is controlled through a procedure that ensures the segregation of duties and break glass procedures."},"IAM-13":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures that ensure users are identifiable through unique IDs or which can associate individuals to the usage of user IDs."},"IAM-14":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for authenticating access to systems, application and data assets, including multifactor authentication for at least privileged user and sensitive data access. Adopt digital certificates or alternatives which achieve an equivalent level of security for system identities."},"IAM-15":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the secure management of passwords."},"IAM-16":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to verify access to data and system functions is authorized."},"IPY-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for interoperability and portability including requirements for: a. Communications between application interfaces b. Information processing interoperability c. Application development portability d. Information/Data exchange, usage, portability, integrity, and persistence Review and update the policies and procedures at least annually."},"IPY-02":{"mappings":[],"references":[],"title":"Provide application interface(s) to CSCs so that they programmatically retrieve their data to enable interoperability and portability."},"IPY-03":{"mappings":[],"references":[],"title":"Implement cryptographically secure and standardized network protocols for the management, import and export of data."},"IPY-04":{"mappings":[],"references":[],"title":"Agreements must include provisions specifying CSCs access to data upon contract termination and will include: a. Data format b. Length of time the data will be stored c. Scope of the data retained and made available to the CSCs d. Data deletion policy"},"IVS-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for infrastructure and virtualization security. Review and update the policies and procedures at least annually."},"IVS-02":{"mappings":[],"references":[],"title":"Plan and monitor the availability, quality, and adequate capacity of resources in order to deliver the required system performance as determined by the business."},"IVS-03":{"mappings":[],"references":[],"title":"Monitor, encrypt and restrict communications between environments to only authenticated and authorized connections, as justified by the business. Review these configurations at least annually, and support them by a documented justification of all allowed services, protocols, ports, and compensating controls."},"IVS-04":{"mappings":[],"references":[],"title":"Harden host and guest OS, hypervisor or infrastructure control plane according to their respective best practices, and supported by technical controls, as part of a security baseline."},"IVS-05":{"mappings":[],"references":[],"title":"Separate production and non-production environments."},"IVS-06":{"mappings":[],"references":[],"title":"Design, develop, deploy and configure applications and infrastructures such that CSP and CSC (tenant) user access and intra-tenant access is appropriately segmented and segregated, monitored and restricted from other tenants."},"IVS-07":{"mappings":[],"references":[],"title":"Use secure and encrypted communication channels when migrating servers, services, applications, or data to cloud environments. Such channels must include only up-to-date and approved protocols."},"IVS-08":{"mappings":[],"references":[],"title":"Identify and document high-risk environments."},"IVS-09":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and defense-in-depth techniques for protection, detection, and timely response to network-based attacks."},"LOG-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for logging and monitoring. Review and update the policies and procedures at least annually."},"LOG-02":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to ensure the security and retention of audit logs."},"LOG-03":{"mappings":[],"references":[],"title":"Identify and monitor security-related events within applications and the underlying infrastructure. Define and implement a system to generate alerts to responsible stakeholders based on such events and corresponding metrics."},"LOG-04":{"mappings":[],"references":[],"title":"Restrict audit logs access to authorized personnel and maintain records that provide unique access accountability."},"LOG-05":{"mappings":[],"references":[],"title":"Monitor security audit logs to detect activity outside of typical or expected patterns. Establish and follow a defined process to review and take appropriate and timely actions on detected anomalies."},"LOG-06":{"mappings":[],"references":[],"title":"Use a reliable time source across all relevant information processing systems."},"LOG-07":{"mappings":[],"references":[],"title":"Establish, document and implement which information meta/data system events should be logged. Review and update the scope at least annually or whenever there is a change in the threat environment."},"LOG-08":{"mappings":[],"references":[],"title":"Generate audit records containing relevant security information."},"LOG-09":{"mappings":[],"references":[],"title":"The information system protects audit records from unauthorized access, modification, and deletion."},"LOG-10":{"mappings":[],"references":[],"title":"Establish and maintain a monitoring and internal reporting capability over the operations of cryptographic, encryption and key management policies, processes, procedures, and controls."},"LOG-11":{"mappings":[],"references":[],"title":"Log and monitor key lifecycle management events to enable auditing and reporting on usage of cryptographic keys."},"LOG-12":{"mappings":[],"references":[],"title":"Monitor and log physical access using an auditable access control system."},"LOG-13":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the reporting of anomalies and failures of the monitoring system and provide immediate notification to the accountable party."},"SEF-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for Security Incident Management, E-Discovery, and Cloud Forensics. Review and update the policies and procedures at least annually."},"SEF-02":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the timely management of security incidents. Review and update the policies and procedures at least annually."},"SEF-03":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain a security incident response plan, which includes but is not limited to: relevant internal departments, impacted CSCs, and other business critical relationships (such as supply-chain) that may be impacted."},"SEF-04":{"mappings":[],"references":[],"title":"Test and update as necessary incident response plans at planned intervals or upon significant organizational or environmental changes for effectiveness."},"SEF-05":{"mappings":[],"references":[],"title":"Establish and monitor information security incident metrics."},"SEF-06":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures supporting business processes to triage security-related events."},"SEF-07":{"mappings":[],"references":[],"title":"Define and implement, processes, procedures and technical measures for security breach notifications. Report security breaches and assumed security breaches including any relevant supply chain breaches, as per applicable SLAs, laws and regulations."},"SEF-08":{"mappings":[],"references":[],"title":"Maintain points of contact for applicable regulation authorities, national and local law enforcement, and other legal jurisdictional authorities."},"STA-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the application of the Shared Security Responsibility Model (SSRM) within the organization. Review and update the policies and procedures at least annually."},"STA-02":{"mappings":[],"references":[],"title":"Apply, document, implement and manage the SSRM throughout the supply chain for the cloud service offering."},"STA-03":{"mappings":[],"references":[],"title":"Provide SSRM Guidance to the CSC detailing information about the SSRM applicability throughout the supply chain."},"STA-04":{"mappings":[],"references":[],"title":"Delineate the shared ownership and applicability of all CSA CCM controls according to the SSRM for the cloud service offering."},"STA-05":{"mappings":[],"references":[],"title":"Review and validate SSRM documentation for all cloud services offerings the organization uses."},"STA-06":{"mappings":[],"references":[],"title":"Implement, operate, and audit or assess the portions of the SSRM which the organization is responsible for."},"STA-07":{"mappings":[],"references":[],"title":"Develop and maintain an inventory of all supply chain relationships."},"STA-08":{"mappings":[],"references":[],"title":"CSPs periodically review risk factors associated with all organizations within their supply chain."},"STA-09":{"mappings":[],"references":[],"title":"Service agreements between CSPs and CSCs (tenants) must incorporate at least the following mutually-agreed upon provisions and/or terms: - Scope, characteristics and location of business relationship and services offered - Information security requirements (including SSRM) - Change management process - Logging and monitoring capability - Incident management and communication procedures - Right to audit and third party assessment - Service termination - Interoperability and portability requirements - Data privacy"},"STA-10":{"mappings":[],"references":[],"title":"Review supply chain agreements between CSPs and CSCs at least annually."},"STA-11":{"mappings":[],"references":[],"title":"Define and implement a process for conducting internal assessments to confirm conformance and effectiveness of standards, policies, procedures, and service level agreement activities at least annually."},"STA-12":{"mappings":[],"references":[],"title":"Implement policies requiring all CSPs throughout the supply chain to comply with information security, confidentiality, access control, privacy, audit, personnel policy and service level requirements and standards."},"STA-13":{"mappings":[],"references":[],"title":"Periodically review the organization's supply chain partners' IT governance policies and procedures."},"STA-14":{"mappings":[],"references":[],"title":"Define and implement a process for conducting security assessments periodically for all organizations within the supply chain."},"TVM-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures to identify, report and prioritize the remediation of vulnerabilities, in order to protect systems against vulnerability exploitation. Review and update the policies and procedures at least annually."},"TVM-02":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures to protect against malware on managed assets. Review and update the policies and procedures at least annually."},"TVM-03":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to enable both scheduled and emergency responses to vulnerability identifications, based on the identified risk."},"TVM-04":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to update detection tools, threat signatures, and indicators of compromise on a weekly, or more frequent basis."},"TVM-05":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to identify updates for applications which use third party or open source libraries according to the organization's vulnerability management policy."},"TVM-06":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the periodic performance of penetration testing by independent third parties."},"TVM-07":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the detection of vulnerabilities on organizationally managed assets at least monthly."},"TVM-08":{"mappings":[],"references":[],"title":"Use a risk-based model for effective prioritization of vulnerability remediation using an industry recognized framework."},"TVM-09":{"mappings":[],"references":[],"title":"Define and implement a process for tracking and reporting vulnerability identification and remediation activities that includes stakeholder notification."},"TVM-10":{"mappings":[],"references":[],"title":"Establish, monitor and report metrics for vulnerability identification and remediation at defined intervals."},"UEM-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for all endpoints. Review and update the policies and procedures at least annually."},"UEM-02":{"mappings":[],"references":[],"title":"Define, document, apply and evaluate a list of approved services, applications and sources of applications (stores) acceptable for use by endpoints when accessing or storing organization-managed data."},"UEM-03":{"mappings":[],"references":[],"title":"Define and implement a process for the validation of the endpoint device's compatibility with operating systems and applications."},"UEM-04":{"mappings":[],"references":[],"title":"Maintain an inventory of all endpoints used to store and access company data."},"UEM-05":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to enforce policies and controls for all endpoints permitted to access systems and/or store, transmit, or process organizational data."},"UEM-06":{"mappings":[],"references":[],"title":"Configure all relevant interactive-use endpoints to require an automatic lock screen."},"UEM-07":{"mappings":[],"references":[],"title":"Manage changes to endpoint operating systems, patch levels, and/or applications through the company's change management processes."},"UEM-08":{"mappings":[],"references":[],"title":"Protect information from unauthorized disclosure on managed endpoint devices with storage encryption."},"UEM-09":{"mappings":[],"references":[],"title":"Configure managed endpoints with anti-malware detection and prevention technology and services."},"UEM-10":{"mappings":[],"references":[],"title":"Configure managed endpoints with properly configured software firewalls."},"UEM-11":{"mappings":[],"references":[],"title":"Configure managed endpoints with Data Loss Prevention (DLP) technologies and rules in accordance with a risk assessment."},"UEM-12":{"mappings":[],"references":[],"title":"Enable remote geo-location capabilities for all managed mobile endpoints."},"UEM-13":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to enable the deletion of company data remotely on managed endpoint devices."},"UEM-14":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical and/or contractual measures to maintain proper security of third-party endpoints with access to organizational assets."}},"links":["https://cloudsecurityalliance.org/research/cloud-controls-matrix/"],"release_date":"2021-12-08"},"v4.0.5":{"controls":{"A\u0026A-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain audit and assurance policies and procedures and standards. Review and update the policies and procedures at least annually."},"A\u0026A-02":{"mappings":[],"references":[],"title":"Conduct independent audit and assurance assessments according to relevant standards at least annually."},"A\u0026A-03":{"mappings":[],"references":[],"title":"Perform independent audit and assurance assessments according to risk-based plans and policies."},"A\u0026A-04":{"mappings":[],"references":[],"title":"Verify compliance with all relevant standards, regulations, legal/contractual, and statutory requirements applicable to the audit."},"A\u0026A-05":{"mappings":[],"references":[],"title":"Define and implement an Audit Management process to support audit planning, risk analysis, security control assessment, conclusion, remediation schedules, report generation, and review of past reports and supporting evidence."},"A\u0026A-06":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain a risk-based corrective action plan to remediate audit findings, review and report remediation status to relevant stakeholders."},"AIS-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for application security to provide guidance to the appropriate planning, delivery and support of the organization's application security capabilities. Review and update the policies and procedures at least annually."},"AIS-02":{"mappings":[],"references":[],"title":"Establish, document and maintain baseline requirements for securing different applications."},"AIS-03":{"mappings":[],"references":[],"title":"Define and implement technical and operational metrics in alignment with business objectives, security requirements, and compliance obligations."},"AIS-04":{"mappings":[],"references":[],"title":"Define and implement a SDLC process for application design, development, deployment, and operation in accordance with security requirements defined by the organization."},"AIS-05":{"mappings":[],"references":[],"title":"Implement a testing strategy, including criteria for acceptance of new information systems, upgrades and new versions, which provides application security assurance and maintains compliance while enabling organizational speed of delivery goals. Automate when applicable and possible."},"AIS-06":{"mappings":[],"references":[],"title":"Establish and implement strategies and capabilities for secure, standardized, and compliant application deployment. Automate where possible."},"AIS-07":{"mappings":[],"references":[],"title":"Define and implement a process to remediate application security vulnerabilities, automating remediation when possible."},"BCR-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain business continuity management and operational resilience policies and procedures. Review and update the policies and procedures at least annually."},"BCR-02":{"mappings":[],"references":[],"title":"Determine the impact of business disruptions and risks to establish criteria for developing business continuity and operational resilience strategies and capabilities."},"BCR-03":{"mappings":[],"references":[],"title":"Establish strategies to reduce the impact of, withstand, and recover from business disruptions within risk appetite."},"BCR-04":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain a business continuity plan based on the results of the operational resilience strategies and capabilities."},"BCR-05":{"mappings":[],"references":[],"title":"Develop, identify, and acquire documentation that is relevant to support the business continuity and operational resilience programs. Make the documentation available to authorized stakeholders and review periodically."},"BCR-06":{"mappings":[],"references":[],"title":"Exercise and test business continuity and operational resilience plans at least annually or upon significant changes."},"BCR-07":{"mappings":[],"references":[],"title":"Establish communication with stakeholders and participants in the course of business continuity and resilience procedures."},"BCR-08":{"mappings":[],"references":[],"title":"Periodically backup data stored in the cloud. Ensure the confidentiality, integrity and availability of the backup, and verify data restoration from backup for resiliency."},"BCR-09":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain a disaster response plan to recover from natural and man-made disasters. Update the plan at least annually or upon significant changes."},"BCR-10":{"mappings":[],"references":[],"title":"Exercise the disaster response plan annually or upon significant changes, including if possible local emergency authorities."},"BCR-11":{"mappings":[],"references":[],"title":"Supplement business-critical equipment with redundant equipment independently located at a reasonable minimum distance in accordance with applicable industry standards."},"CCC-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for managing the risks associated with applying changes to organization assets, including application, systems, infrastructure, configuration, etc., regardless of whether the assets are managed internally or externally (i.e., outsourced). Review and update the policies and procedures at least annually."},"CCC-02":{"mappings":[],"references":[],"title":"Follow a defined quality change control, approval and testing process with established baselines, testing, and release standards."},"CCC-03":{"mappings":[],"references":[],"title":"Manage the risks associated with applying changes to organization assets, including application, systems, infrastructure, configuration, etc., regardless of whether the assets are managed internally or externally (i.e., outsourced)."},"CCC-04":{"mappings":[],"references":[],"title":"Restrict the unauthorized addition, removal, update, and management of organization assets."},"CCC-05":{"mappings":[],"references":[],"title":"Include provisions limiting changes directly impacting CSCs owned environments/tenants to explicitly authorized requests within service level agreements between CSPs and CSCs."},"CCC-06":{"mappings":[],"references":[],"title":"Establish change management baselines for all relevant authorized changes on organization assets."},"CCC-07":{"mappings":[],"references":[],"title":"Implement detection measures with proactive notification in case of changes deviating from the established baseline."},"CCC-08":{"mappings":[],"references":[],"title":"Implement a procedure for the management of exceptions, including emergencies, in the change and configuration process. Align the procedure with the requirements of GRC-04: Policy Exception Process."},"CCC-09":{"mappings":[],"references":[],"title":"Define and implement a process to proactively roll back changes to a previous known good state in case of errors or security concerns."},"CEK-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for Cryptography, Encryption and Key Management. Review and update the policies and procedures at least annually."},"CEK-02":{"mappings":[],"references":[],"title":"Define and implement cryptographic, encryption and key management roles and responsibilities."},"CEK-03":{"mappings":[],"references":[],"title":"Provide cryptographic protection to data at-rest and in-transit, using cryptographic libraries certified to approved standards."},"CEK-04":{"mappings":[],"references":[],"title":"Use encryption algorithms that are appropriate for data protection, considering the classification of data, associated risks, and usability of the encryption technology."},"CEK-05":{"mappings":[],"references":[],"title":"Establish a standard change management procedure, to accommodate changes from internal and external sources, for review, approval, implementation and communication of cryptographic, encryption and key management technology changes."},"CEK-06":{"mappings":[],"references":[],"title":"Manage and adopt changes to cryptography-, encryption-, and key management-related systems (including policies and procedures) that fully account for downstream effects of proposed changes, including residual risk, cost, and benefits analysis."},"CEK-07":{"mappings":[],"references":[],"title":"Establish and maintain an encryption and key management risk program that includes provisions for risk assessment, risk treatment, risk context, monitoring, and feedback."},"CEK-08":{"mappings":[],"references":[],"title":"CSPs must provide the capability for CSCs to manage their own data encryption keys."},"CEK-09":{"mappings":[],"references":[],"title":"Audit encryption and key management systems, policies, and processes with a frequency that is proportional to the risk exposure of the system with audit occurring preferably continuously but at least annually and after any security event(s)."},"CEK-10":{"mappings":[],"references":[],"title":"Generate Cryptographic keys using industry accepted cryptographic libraries specifying the algorithm strength and the random number generator used."},"CEK-11":{"mappings":[],"references":[],"title":"Manage cryptographic secret and private keys that are provisioned for a unique purpose."},"CEK-12":{"mappings":[],"references":[],"title":"Rotate cryptographic keys in accordance with the calculated cryptoperiod, which includes provisions for considering the risk of information disclosure and legal and regulatory requirements."},"CEK-13":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to revoke and remove cryptographic keys prior to the end of its established cryptoperiod, when a key is compromised, or an entity is no longer part of the organization, which include provisions for legal and regulatory requirements."},"CEK-14":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to destroy keys stored outside a secure environment and revoke keys stored in Hardware Security Modules (HSMs) when they are no longer needed, which include provisions for legal and regulatory requirements."},"CEK-15":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to create keys in a pre-activated state when they have been generated but not authorized for use, which include provisions for legal and regulatory requirements."},"CEK-16":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to monitor, review and approve key transitions from any state to/from suspension, which include provisions for legal and regulatory requirements."},"CEK-17":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to deactivate keys at the time of their expiration date, which include provisions for legal and regulatory requirements."},"CEK-18":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to manage archived keys in a secure repository requiring least privilege access, which include provisions for legal and regulatory requirements."},"CEK-19":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to use compromised keys to encrypt information only in controlled circumstance, and thereafter exclusively for decrypting data and never for encrypting data, which include provisions for legal and regulatory requirements."},"CEK-20":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to assess the risk to operational continuity versus the risk of the keying material and the information it protects being exposed if control of the keying material is lost, which include provisions for legal and regulatory requirements."},"CEK-21":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures in order for the key management system to track and report all cryptographic materials and changes in status, which include provisions for legal and regulatory requirements."},"DCS-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the secure disposal of equipment used outside the organization's premises. If the equipment is not physically destroyed a data destruction procedure that renders recovery of information impossible must be applied. Review and update the policies and procedures at least annually."},"DCS-02":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the relocation or transfer of hardware, software, or data/information to an offsite or alternate location. The relocation or transfer request requires the written or cryptographically verifiable authorization. Review and update the policies and procedures at least annually."},"DCS-03":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for maintaining a safe and secure working environment in offices, rooms, and facilities. Review and update the policies and procedures at least annually."},"DCS-04":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the secure transportation of physical media. Review and update the policies and procedures at least annually."},"DCS-05":{"mappings":[],"references":[],"title":"Classify and document the physical, and logical assets (e.g., applications) based on the organizational business risk."},"DCS-06":{"mappings":[],"references":[],"title":"Catalogue and track all relevant physical and logical assets located at all of the CSP's sites within a secured system."},"DCS-07":{"mappings":[],"references":[],"title":"Implement physical security perimeters to safeguard personnel, data, and information systems. Establish physical security perimeters between the administrative and business areas and the data storage and processing facilities areas."},"DCS-08":{"mappings":[],"references":[],"title":"Use equipment identification as a method for connection authentication."},"DCS-09":{"mappings":[],"references":[],"title":"Allow only authorized personnel access to secure areas, with all ingress and egress points restricted, documented, and monitored by physical access control mechanisms. Retain access control records on a periodic basis as deemed appropriate by the organization."},"DCS-10":{"mappings":[],"references":[],"title":"Implement, maintain, and operate datacenter surveillance systems at the external perimeter and at all the ingress and egress points to detect unauthorized ingress and egress attempts."},"DCS-11":{"mappings":[],"references":[],"title":"Train datacenter personnel to respond to unauthorized ingress or egress attempts."},"DCS-12":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures that ensure a risk-based protection of power and telecommunication cables from a threat of interception, interference or damage at all facilities, offices and rooms."},"DCS-13":{"mappings":[],"references":[],"title":"Implement and maintain data center environmental control systems that monitor, maintain and test for continual effectiveness the temperature and humidity conditions within accepted industry standards."},"DCS-14":{"mappings":[],"references":[],"title":"Secure, monitor, maintain, and test utilities services for continual effectiveness at planned intervals."},"DCS-15":{"mappings":[],"references":[],"title":"Keep business-critical equipment away from locations subject to high probability for environmental risk events."},"DSP-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the classification, protection and handling of data throughout its lifecycle, and according to all applicable laws and regulations, standards, and risk level. Review and update the policies and procedures at least annually."},"DSP-02":{"mappings":[],"references":[],"title":"Apply industry accepted methods for the secure disposal of data from storage media such that data is not recoverable by any forensic means."},"DSP-03":{"mappings":[],"references":[],"title":"Create and maintain a data inventory, at least for any sensitive data and personal data."},"DSP-04":{"mappings":[],"references":[],"title":"Classify data according to its type and sensitivity level."},"DSP-05":{"mappings":[],"references":[],"title":"Create data flow documentation to identify what data is processed, stored or transmitted where. Review data flow documentation at defined intervals, at least annually, and after any change."},"DSP-06":{"mappings":[],"references":[],"title":"Document ownership and stewardship of all relevant documented personal and sensitive data. Perform review at least annually."},"DSP-07":{"mappings":[],"references":[],"title":"Develop systems, products, and business practices based upon a principle of security by design and industry best practices."},"DSP-08":{"mappings":[],"references":[],"title":"Develop systems, products, and business practices based upon a principle of privacy by design and industry best practices. Ensure that systems' privacy settings are configured by default, according to all applicable laws and regulations."},"DSP-09":{"mappings":[],"references":[],"title":"Conduct a Data Protection Impact Assessment (DPIA) to evaluate the origin, nature, particularity and severity of the risks upon the processing of personal data, according to any applicable laws, regulations and industry best practices."},"DSP-10":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures that ensure any transfer of personal or sensitive data is protected from unauthorized access and only processed within scope as permitted by the respective laws and regulations."},"DSP-11":{"mappings":[],"references":[],"title":"Define and implement, processes, procedures and technical measures to enable data subjects to request access to, modification, or deletion of their personal data, according to any applicable laws and regulations."},"DSP-12":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to ensure that personal data is processed according to any applicable laws and regulations and for the purposes declared to the data subject."},"DSP-13":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the transfer and sub-processing of personal data within the service supply chain, according to any applicable laws and regulations."},"DSP-14":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to disclose the details of any personal or sensitive data access by sub-processors to the data owner prior to initiation of that processing."},"DSP-15":{"mappings":[],"references":[],"title":"Obtain authorization from data owners, and manage associated risk before replicating or using production data in non-production environments."},"DSP-16":{"mappings":[],"references":[],"title":"Data retention, archiving and deletion is managed in accordance with business requirements, applicable laws and regulations."},"DSP-17":{"mappings":[],"references":[],"title":"Define and implement, processes, procedures and technical measures to protect sensitive data throughout it's lifecycle."},"DSP-18":{"mappings":[],"references":[],"title":"The CSP must have in place, and describe to CSCs the procedure to manage and respond to requests for disclosure of Personal Data by Law Enforcement Authorities according to applicable laws and regulations. The CSP must give special attention to the notification procedure to interested CSCs, unless otherwise prohibited, such as a prohibition under criminal law to preserve confidentiality of a law enforcement investigation."},"DSP-19":{"mappings":[],"references":[],"title":"Define and implement, processes, procedures and technical measures to specify and document the physical locations of data, including any locations in which data is processed or backed up."},"GRC-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for an information governance program, which is sponsored by the leadership of the organization. Review and update the policies and procedures at least annually."},"GRC-02":{"mappings":[],"references":[],"title":"Establish a formal, documented, and leadership-sponsored Enterprise Risk Management (ERM) program that includes policies and procedures for identification, evaluation, ownership, treatment, and acceptance of cloud security and privacy risks."},"GRC-03":{"mappings":[],"references":[],"title":"Review all relevant organizational policies and associated procedures at least annually or when a substantial change occurs within the organization."},"GRC-04":{"mappings":[],"references":[],"title":"Establish and follow an approved exception process as mandated by the governance program whenever a deviation from an established policy occurs."},"GRC-05":{"mappings":[],"references":[],"title":"Develop and implement an Information Security Program, which includes programs for all the relevant domains of the CCM."},"GRC-06":{"mappings":[],"references":[],"title":"Define and document roles and responsibilities for planning, implementing, operating, assessing, and improving governance programs."},"GRC-07":{"mappings":[],"references":[],"title":"Identify and document all relevant standards, regulations, legal/contractual, and statutory requirements, which are applicable to your organization."},"GRC-08":{"mappings":[],"references":[],"title":"Establish and maintain contact with cloud-related special interest groups and other relevant entities in line with business context."},"HRS-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for background verification of all new employees (including but not limited to remote employees, contractors, and third parties) according to local laws, regulations, ethics, and contractual constraints and proportional to the data classification to be accessed, the business requirements, and acceptable risk. Review and update the policies and procedures at least annually."},"HRS-02":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for defining allowances and conditions for the acceptable use of organizationally-owned or managed assets. Review and update the policies and procedures at least annually."},"HRS-03":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures that require unattended workspaces to not have openly visible confidential data. Review and update the policies and procedures at least annually."},"HRS-04":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures to protect information accessed, processed or stored at remote sites and locations. Review and update the policies and procedures at least annually."},"HRS-05":{"mappings":[],"references":[],"title":"Establish and document procedures for the return of organization-owned assets by terminated employees."},"HRS-06":{"mappings":[],"references":[],"title":"Establish, document, and communicate to all personnel the procedures outlining the roles and responsibilities concerning changes in employment."},"HRS-07":{"mappings":[],"references":[],"title":"Employees sign the employee agreement prior to being granted access to organizational information systems, resources and assets."},"HRS-08":{"mappings":[],"references":[],"title":"The organization includes within the employment agreements provisions and/or terms for adherence to established information governance and security policies."},"HRS-09":{"mappings":[],"references":[],"title":"Document and communicate roles and responsibilities of employees, as they relate to information assets and security."},"HRS-10":{"mappings":[],"references":[],"title":"Identify, document, and review, at planned intervals, requirements for non-disclosure/confidentiality agreements reflecting the organization's needs for the protection of data and operational details."},"HRS-11":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain a security awareness training program for all employees of the organization and provide regular training updates."},"HRS-12":{"mappings":[],"references":[],"title":"Provide all employees with access to sensitive organizational and personal data with appropriate security awareness training and regular updates in organizational procedures, processes, and policies relating to their professional function relative to the organization."},"HRS-13":{"mappings":[],"references":[],"title":"Make employees aware of their roles and responsibilities for maintaining awareness and compliance with established policies and procedures and applicable legal, statutory, or regulatory compliance obligations."},"IAM-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, implement, apply, evaluate and maintain policies and procedures for identity and access management. Review and update the policies and procedures at least annually."},"IAM-02":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, implement, apply, evaluate and maintain strong password policies and procedures. Review and update the policies and procedures at least annually."},"IAM-03":{"mappings":[],"references":[],"title":"Manage, store, and review the information of system identities, and level of access."},"IAM-04":{"mappings":[],"references":[],"title":"Employ the separation of duties principle when implementing information system access."},"IAM-05":{"mappings":[],"references":[],"title":"Employ the least privilege principle when implementing information system access."},"IAM-06":{"mappings":[],"references":[],"title":"Define and implement a user access provisioning process which authorizes, records, and communicates access changes to data and assets."},"IAM-07":{"mappings":[],"references":[],"title":"De-provision or respectively modify access of movers / leavers or system identity changes in a timely manner in order to effectively adopt and communicate identity and access management policies."},"IAM-08":{"mappings":[],"references":[],"title":"Review and revalidate user access for least privilege and separation of duties with a frequency that is commensurate with organizational risk tolerance."},"IAM-09":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the segregation of privileged access roles such that administrative access to data, encryption and key management capabilities and logging capabilities are distinct and separated."},"IAM-10":{"mappings":[],"references":[],"title":"Define and implement an access process to ensure privileged access roles and rights are granted for a time limited period, and implement procedures to prevent the culmination of segregated privileged access."},"IAM-11":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes and procedures for customers to participate, where applicable, in the granting of access for agreed, high risk (as defined by the organizational risk assessment) privileged access roles."},"IAM-12":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to ensure the logging infrastructure is read-only for all with write access, including privileged access roles, and that the ability to disable it is controlled through a procedure that ensures the segregation of duties and break glass procedures."},"IAM-13":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures that ensure users are identifiable through unique IDs or which can associate individuals to the usage of user IDs."},"IAM-14":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for authenticating access to systems, application and data assets, including multifactor authentication for at least privileged user and sensitive data access. Adopt digital certificates or alternatives which achieve an equivalent level of security for system identities."},"IAM-15":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the secure management of passwords."},"IAM-16":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to verify access to data and system functions is authorized."},"IPY-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for interoperability and portability including requirements for: a. Communications between application interfaces b. Information processing interoperability c. Application development portability d. Information/Data exchange, usage, portability, integrity, and persistence Review and update the policies and procedures at least annually."},"IPY-02":{"mappings":[],"references":[],"title":"Provide application interface(s) to CSCs so that they programmatically retrieve their data to enable interoperability and portability."},"IPY-03":{"mappings":[],"references":[],"title":"Implement cryptographically secure and standardized network protocols for the management, import and export of data."},"IPY-04":{"mappings":[],"references":[],"title":"Agreements must include provisions specifying CSCs access to data upon contract termination and will include: a. Data format b. Length of time the data will be stored c. Scope of the data retained and made available to the CSCs d. Data deletion policy"},"IVS-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for infrastructure and virtualization security. Review and update the policies and procedures at least annually."},"IVS-02":{"mappings":[],"references":[],"title":"Plan and monitor the availability, quality, and adequate capacity of resources in order to deliver the required system performance as determined by the business."},"IVS-03":{"mappings":[],"references":[],"title":"Monitor, encrypt and restrict communications between environments to only authenticated and authorized connections, as justified by the business. Review these configurations at least annually, and support them by a documented justification of all allowed services, protocols, ports, and compensating controls."},"IVS-04":{"mappings":[],"references":[],"title":"Harden host and guest OS, hypervisor or infrastructure control plane according to their respective best practices, and supported by technical controls, as part of a security baseline."},"IVS-05":{"mappings":[],"references":[],"title":"Separate production and non-production environments."},"IVS-06":{"mappings":[],"references":[],"title":"Design, develop, deploy and configure applications and infrastructures such that CSP and CSC (tenant) user access and intra-tenant access is appropriately segmented and segregated, monitored and restricted from other tenants."},"IVS-07":{"mappings":[],"references":[],"title":"Use secure and encrypted communication channels when migrating servers, services, applications, or data to cloud environments. Such channels must include only up-to-date and approved protocols."},"IVS-08":{"mappings":[],"references":[],"title":"Identify and document high-risk environments."},"IVS-09":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and defense-in-depth techniques for protection, detection, and timely response to network-based attacks."},"LOG-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for logging and monitoring. Review and update the policies and procedures at least annually."},"LOG-02":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to ensure the security and retention of audit logs."},"LOG-03":{"mappings":[],"references":[],"title":"Identify and monitor security-related events within applications and the underlying infrastructure. Define and implement a system to generate alerts to responsible stakeholders based on such events and corresponding metrics."},"LOG-04":{"mappings":[],"references":[],"title":"Restrict audit logs access to authorized personnel and maintain records that provide unique access accountability."},"LOG-05":{"mappings":[],"references":[],"title":"Monitor security audit logs to detect activity outside of typical or expected patterns. Establish and follow a defined process to review and take appropriate and timely actions on detected anomalies."},"LOG-06":{"mappings":[],"references":[],"title":"Use a reliable time source across all relevant information processing systems."},"LOG-07":{"mappings":[],"references":[],"title":"Establish, document and implement which information meta/data system events should be logged. Review and update the scope at least annually or whenever there is a change in the threat environment."},"LOG-08":{"mappings":[],"references":[],"title":"Generate audit records containing relevant security information."},"LOG-09":{"mappings":[],"references":[],"title":"The information system protects audit records from unauthorized access, modification, and deletion."},"LOG-10":{"mappings":[],"references":[],"title":"Establish and maintain a monitoring and internal reporting capability over the operations of cryptographic, encryption and key management policies, processes, procedures, and controls."},"LOG-11":{"mappings":[],"references":[],"title":"Log and monitor key lifecycle management events to enable auditing and reporting on usage of cryptographic keys."},"LOG-12":{"mappings":[],"references":[],"title":"Monitor and log physical access using an auditable access control system."},"LOG-13":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the reporting of anomalies and failures of the monitoring system and provide immediate notification to the accountable party."},"SEF-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for Security Incident Management, E-Discovery, and Cloud Forensics. Review and update the policies and procedures at least annually."},"SEF-02":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the timely management of security incidents. Review and update the policies and procedures at least annually."},"SEF-03":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain a security incident response plan, which includes but is not limited to: relevant internal departments, impacted CSCs, and other business critical relationships (such as supply-chain) that may be impacted."},"SEF-04":{"mappings":[],"references":[],"title":"Test and update as necessary incident response plans at planned intervals or upon significant organizational or environmental changes for effectiveness."},"SEF-05":{"mappings":[],"references":[],"title":"Establish and monitor information security incident metrics."},"SEF-06":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures supporting business processes to triage security-related events."},"SEF-07":{"mappings":[],"references":[],"title":"Define and implement, processes, procedures and technical measures for security breach notifications. Report security breaches and assumed security breaches including any relevant supply chain breaches, as per applicable SLAs, laws and regulations."},"SEF-08":{"mappings":[],"references":[],"title":"Maintain points of contact for applicable regulation authorities, national and local law enforcement, and other legal jurisdictional authorities."},"STA-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the application of the Shared Security Responsibility Model (SSRM) within the organization. Review and update the policies and procedures at least annually."},"STA-02":{"mappings":[],"references":[],"title":"Apply, document, implement and manage the SSRM throughout the supply chain for the cloud service offering."},"STA-03":{"mappings":[],"references":[],"title":"Provide SSRM Guidance to the CSC detailing information about the SSRM applicability throughout the supply chain."},"STA-04":{"mappings":[],"references":[],"title":"Delineate the shared ownership and applicability of all CSA CCM controls according to the SSRM for the cloud service offering."},"STA-05":{"mappings":[],"references":[],"title":"Review and validate SSRM documentation for all cloud services offerings the organization uses."},"STA-06":{"mappings":[],"references":[],"title":"Implement, operate, and audit or assess the portions of the SSRM which the organization is responsible for."},"STA-07":{"mappings":[],"references":[],"title":"Develop and maintain an inventory of all supply chain relationships."},"STA-08":{"mappings":[],"references":[],"title":"CSPs periodically review risk factors associated with all organizations within their supply chain."},"STA-09":{"mappings":[],"references":[],"title":"Service agreements between CSPs and CSCs (tenants) must incorporate at least the following mutually-agreed upon provisions and/or terms: - Scope, characteristics and location of business relationship and services offered - Information security requirements (including SSRM) - Change management process - Logging and monitoring capability - Incident management and communication procedures - Right to audit and third party assessment - Service termination - Interoperability and portability requirements - Data privacy"},"STA-10":{"mappings":[],"references":[],"title":"Review supply chain agreements between CSPs and CSCs at least annually."},"STA-11":{"mappings":[],"references":[],"title":"Define and implement a process for conducting internal assessments to confirm conformance and effectiveness of standards, policies, procedures, and service level agreement activities at least annually."},"STA-12":{"mappings":[],"references":[],"title":"Implement policies requiring all CSPs throughout the supply chain to comply with information security, confidentiality, access control, privacy, audit, personnel policy and service level requirements and standards."},"STA-13":{"mappings":[],"references":[],"title":"Periodically review the organization's supply chain partners' IT governance policies and procedures."},"STA-14":{"mappings":[],"references":[],"title":"Define and implement a process for conducting security assessments periodically for all organizations within the supply chain."},"TVM-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures to identify, report and prioritize the remediation of vulnerabilities, in order to protect systems against vulnerability exploitation. Review and update the policies and procedures at least annually."},"TVM-02":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures to protect against malware on managed assets. Review and update the policies and procedures at least annually."},"TVM-03":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to enable both scheduled and emergency responses to vulnerability identifications, based on the identified risk."},"TVM-04":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to update detection tools, threat signatures, and indicators of compromise on a weekly, or more frequent basis."},"TVM-05":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to identify updates for applications which use third party or open source libraries according to the organization's vulnerability management policy."},"TVM-06":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the periodic performance of penetration testing by independent third parties."},"TVM-07":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the detection of vulnerabilities on organizationally managed assets at least monthly."},"TVM-08":{"mappings":[],"references":[],"title":"Use a risk-based model for effective prioritization of vulnerability remediation using an industry recognized framework."},"TVM-09":{"mappings":[],"references":[],"title":"Define and implement a process for tracking and reporting vulnerability identification and remediation activities that includes stakeholder notification."},"TVM-10":{"mappings":[],"references":[],"title":"Establish, monitor and report metrics for vulnerability identification and remediation at defined intervals."},"UEM-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for all endpoints. Review and update the policies and procedures at least annually."},"UEM-02":{"mappings":[],"references":[],"title":"Define, document, apply and evaluate a list of approved services, applications and sources of applications (stores) acceptable for use by endpoints when accessing or storing organization-managed data."},"UEM-03":{"mappings":[],"references":[],"title":"Define and implement a process for the validation of the endpoint device's compatibility with operating systems and applications."},"UEM-04":{"mappings":[],"references":[],"title":"Maintain an inventory of all endpoints used to store and access company data."},"UEM-05":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to enforce policies and controls for all endpoints permitted to access systems and/or store, transmit, or process organizational data."},"UEM-06":{"mappings":[],"references":[],"title":"Configure all relevant interactive-use endpoints to require an automatic lock screen."},"UEM-07":{"mappings":[],"references":[],"title":"Manage changes to endpoint operating systems, patch levels, and/or applications through the company's change management processes."},"UEM-08":{"mappings":[],"references":[],"title":"Protect information from unauthorized disclosure on managed endpoint devices with storage encryption."},"UEM-09":{"mappings":[],"references":[],"title":"Configure managed endpoints with anti-malware detection and prevention technology and services."},"UEM-10":{"mappings":[],"references":[],"title":"Configure managed endpoints with properly configured software firewalls."},"UEM-11":{"mappings":[],"references":[],"title":"Configure managed endpoints with Data Loss Prevention (DLP) technologies and rules in accordance with a risk assessment."},"UEM-12":{"mappings":[],"references":[],"title":"Enable remote geo-location capabilities for all managed mobile endpoints."},"UEM-13":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to enable the deletion of company data remotely on managed endpoint devices."},"UEM-14":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical and/or contractual measures to maintain proper security of third-party endpoints with access to organizational assets."}},"links":["https://cloudsecurityalliance.org/research/cloud-controls-matrix/"],"release_date":"2022-02-10"}}},"ISO-IEC-27002":{"category":"ISO IEC 27002:2007","latest_version":"27002/AC:2007","name":"Information technology - Security techniques - Code of practice for information security management","versions":{"27002/AC:2007":{"controls":{},"links":[],"release_date":"2007-09-00"}}},"aws":{"SNYK_CC_AWS_402":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-Controls","v8","11.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"502","impact":"Data stored in the snapshot may be sensitive. Without encryption the data may be accessed without appropriate authorization","issue":"The AMI snapshot is not encrypted","publicId":"SNYK-CC-AWS-402","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html","https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html"],"remediation":{"terraform":"Set `ebs_block_device_rules.encrypted` attribute to `true`"},"severity":"medium","subType":"EC2","title":"AMI snapshot is not encrypted"},"SNYK_CC_AWS_403":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","2.2.1"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"503","impact":"EBS block storage devices will not be encrypted. Each device will have to be explicitly encrypted on creation","issue":"EBS encryption by default is explicitly disabled ","publicId":"SNYK-CC-AWS-403","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html"],"remediation":{"terraform":"Set `enabled` attribute to `true`"},"severity":"medium","subType":"EBS","title":"EBS encryption by default is disabled"},"SNYK_CC_AWS_404":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-Controls","v8","11.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"504","impact":"Data stored in the snapshot may be sensitive. Without encryption the data may be accessed without appropriate authorization","issue":"The AMI snapshot copy is not encrypted","publicId":"SNYK-CC-AWS-404","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html","https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html"],"remediation":{"terraform":"Set `encrypted` attribute to `true`"},"severity":"medium","subType":"EC2","title":"AMI snapshot copy is not encrypted"},"SNYK_CC_AWS_405":{"compliance":[["CIS-Controls","v8","12.2"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"505","impact":"Maliciously crafted headers may be accepted by the load balancer","issue":"The application load balancer is not set to drop invalid headers.","publicId":"SNYK-CC-AWS-405","references":["https://docs.aws.amazon.com/config/latest/developerguide/alb-http-drop-invalid-header-enabled.html"],"remediation":{"cloudformation":"Set `Properties.LoadBalancerAttributes.Key` to `routing.http.drop_invalid_header_fields.enabled` and `Properties.LoadBalancerAttributes.Value` to `true`","terraform":"Set `drop_invalid_header_fields` to `true`"},"severity":"low","subType":"Elastic Load Balancing","title":"ALB does not drop invalid headers"},"SNYK_CC_AWS_406":{"id":"506","impact":"Compliance reports and dashboards may not include all relevant information","issue":"Configuration aggregator does not collect data from all regions","publicId":"SNYK-CC-AWS-406","references":["https://docs.aws.amazon.com/config/latest/developerguide/aggregate-data.html"],"remediation":{"cloudformation":"Set `Properties.AccountAggregationSources.AllAwsRegions` attribute to `true`","terraform":"Set `organization_aggregation_source.all_regions` attribute to `true`"},"severity":"low","subType":"Config","title":"Configuration aggregator does not contain all regions"},"SNYK_CC_AWS_407":{"compliance":[["CIS-Controls","v8","11.2"],["CSA-CCM","v4.0.5","BCR-08"]],"id":"507","impact":"No cluster backups will be saved automatically, rebuilding after disaster may be more difficult","issue":"ElastiCache cluster automatic backup is disabled","publicId":"SNYK-CC-AWS-407","references":["https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_Snapshot.html"],"remediation":{"cloudformation":"Set `Properties.SnapshotRetentionLimit` to `1` or more","terraform":"Set `resource.snapshot_retention_limit` to `1` or more"},"severity":"medium","subType":"ElastiCache","title":"ElastiCache automatic backup is disabled"},"SNYK_CC_AWS_408":{"compliance":[["CIS-Controls","v8","11.2"],["CSA-CCM","v4.0.5","BCR-08"]],"id":"508","impact":"No automatic backups will occur, availability risk if disaster occurs and manual backups have not been set","issue":"Automatic backup of AWS Relational Database is disabled","policyEngineType":"opa","publicId":"SNYK-CC-AWS-408","references":["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"],"remediation":{"cloudformation":"Set `Properties.BackupRetentionPeriod` to `1` or more","terraform":"Set `resource.backup_retention_period` to `1` or more"},"severity":"medium","subType":"RDS","title":"RDS automatic backup is disabled","type":"terraform"},"SNYK_CC_AWS_409":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","2.1.1"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"disabled":true,"disabledReason":"The tool is not currently able to determine the encryption state of the S3 bucket","id":"509","impact":"Anyone with access to the destination S3 bucket will be able to read the contents of the object","issue":"Objects are not encrypted by default when stored in the S3 bucket","publicId":"SNYK-CC-AWS-409","references":["https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-bucket-encryption.html"],"remediation":{"terraform":"Set `server_side_encryption` attribute to `AES256` or `aws:kms`"},"severity":"medium","subType":"S3","title":"S3 object is not encrypted"},"SNYK_CC_AWS_410":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"510","impact":"Should someone gain unauthorized access to the output location the data may be accessed","issue":"Query results produced by Athena are may not be encrypted","publicId":"SNYK-CC-AWS-410","references":["https://docs.aws.amazon.com/athena/latest/ug/encryption.html","https://docs.aws.amazon.com/athena/latest/ug/encrypting-query-results-stored-in-s3.html"],"remediation":{"cloudformation":"Set `Properties.WorkGroupConfiguration.ResultConfiguration.EncryptionConfiguration.EncryptionOption` to `CSE_KMS`, `SSE_KMS` or `SSE_S3`.","terraform":"Set `configuration.result_configuration.encryption_configuration.encryption_option` to `CSE_KMS`, `SSE_KMS` or `SSE_S3`."},"severity":"medium","subType":"RDS","title":"Athena workgroup result encryption is not enforced"},"SNYK_CC_AWS_411":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"511","impact":"Should someone gain unauthorized access to the device or backup the data may be accessed","issue":"Root volume in WorkSpace is not encrypted","publicId":"SNYK-CC-AWS-411","references":["https://docs.aws.amazon.com/workspaces/latest/adminguide/encrypt-workspaces.html"],"remediation":{"cloudformation":"Set `Properties.RootVolumeEncryptionEnabled` to `true`.","terraform":"Set `root_volume_encryption_enabled` to `true`."},"severity":"medium","subType":"WorkSpace","title":"WorkSpace root device encryption is disabled"},"SNYK_CC_AWS_412":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"512","impact":"Should someone gain unauthorized access to the device or backup they would be able to read the contents","issue":"User volumes in WorkSpace are not encrypted","publicId":"SNYK-CC-AWS-412","references":["https://docs.aws.amazon.com/workspaces/latest/adminguide/encrypt-workspaces.html"],"remediation":{"cloudformation":"Set `Properties.UserVolumeEncryptionEnabled` to `true`","terraform":"Set `user_volume_encryption_enabled` to `true`"},"severity":"medium","subType":"WorkSpace","title":"WorkSpace user volume encryption is disabled"},"SNYK_CC_AWS_413":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"513","impact":"The content could be intercepted and manipulated in transit","issue":"Data between ECS host and EFS server is not encrypted in transit","publicId":"SNYK-CC-AWS-413","references":["https://docs.aws.amazon.com/AmazonECS/latest/developerguide/efs-volumes.html#specify-efs-config"],"remediation":{"cloudformation":"Set `Properties.Volumes.EFSVolumeConfiguration.TransitEncryption` attribute to `ENABLED`.","terraform":"Set `volume.efs_volume_configuration.transit_encryption` attribute to `ENABLED`."},"severity":"medium","subType":"ECS","title":"EFS in task definition does not encrypt data in transit"},"SNYK_CC_AWS_414":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"514","impact":"Users will connect to DB instance with password, which are less secure than temporary tokens which expire","issue":"IAM database authentication is disabled, authentication tokens are not used to connect to DB instance","publicId":"SNYK-CC-AWS-414","references":["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html"],"remediation":{"cloudformation":"Set `Properties.EnableIAMDatabaseAuthentication` to `true`.","terraform":"Set `iam_database_authentication_enabled` to `true`."},"severity":"medium","subType":"RDS","title":"RDS IAM authentication is disabled"},"SNYK_CC_AWS_415":{"compliance":[["CIS-AWS-Foundations","v1.4.0","3.7"]],"id":"515","impact":"Scope of use of the key cannot be controlled via KMS/IAM policies","issue":"Log group is not encrypted with customer managed key","publicId":"SNYK-CC-AWS-415","references":["https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html","https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and-customer-managed-cmks.html"],"remediation":{"cloudformation":"Set `Properties.KmsKeyId` attribute with customer managed key id","terraform":"Set `kms_key_id` attribute with customer managed key id"},"severity":"low","subType":"CloudWatch","title":"CloudWatch log group not encrypted with managed key"},"SNYK_CC_AWS_416":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"516","impact":"Scope of use of the key cannot be controlled via KMS/IAM policies","issue":"Docdb cluster is not encrypted with customer managed key","publicId":"SNYK-CC-AWS-416","references":["https://docs.aws.amazon.com/documentdb/latest/developerguide/encryption-at-rest.html","https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and-customer-managed-cmks.html"],"remediation":{"cloudformation":"Set `Properties.KmsKeyId` attribute to customer managed key id","terraform":"Set `kms_key_id` attribute to customer managed key id"},"severity":"low","subType":"DocumentDB","title":"Docdb cluster not encrypted with customer managed key"},"SNYK_CC_AWS_417":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"517","impact":"Scope of use of the key cannot be controlled via KMS/IAM policies","issue":"DynamoDB table is not encrypted with customer managed KMS key","publicId":"SNYK-CC-AWS-417","references":["https://docs.aws.amazon.com/kms/latest/developerguide/services-dynamodb.html","https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and-customer-managed-cmks.html"],"remediation":{"cloudformation":"Set `Properties.SSESpecification.SSEType` attribute to `KMS`, and `Properties.SSESpecification.KMSMasterKeyId` attribute to customer managed key ARN","terraform":"Set `server_side_encryption.kms_key_arn` attribute to customer managed key ARN"},"severity":"low","subType":"DynamoDB","title":"DynamoDB not encrypted with customer managed key"},"SNYK_CC_AWS_418":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"518","impact":"Scope of use of the key cannot be controlled via KMS/IAM policies","issue":"ECR repository is not encrypted with customer managed key","publicId":"SNYK-CC-AWS-418","references":["https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html","https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and-customer-managed-cmks.html"],"remediation":{"cloudformation":"Set `Properties.EncryptionConfiguration.KmsKey` attribute to customer managed KMS key","terraform":"Set `encryption_configuration.kms_key` attribute to customer managed KMS key"},"severity":"low","subType":"ECR","title":"ECR repository is not encrypted with customer managed key"},"SNYK_CC_AWS_419":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"419","impact":"If someone gains unauthorized access to the cache storage location the contents will be readable which may disclose sensitive information","issue":"API gateway cache is not encrypted","publicId":"SNYK-CC-AWS-419","references":["https://docs.aws.amazon.com/apigateway/latest/developerguide/data-protection-encryption.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-deployment-stagedescription.html"],"remediation":{"cloudformation":"Set `Properties.StageDescription.CacheDataEncrypted` attribute to `true`","terraform":"Set `settings.cache_data_encrypted` attribute to `true`"},"severity":"medium","subType":"API Gateway (REST APIs)","title":"API gateway cached responses are not encrypted"},"SNYK_CC_AWS_420":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"420","impact":"Scope of use of the encryption key cannot be controlled via KMS/IAM policies","issue":"Sagemaker is note encrypted with customer managed key","publicId":"SNYK-CC-AWS-420","references":["https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-notebookinstance.html","https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and-customer-managed-cmks.html"],"remediation":{"cloudformation":"Set `Properties.KmsKeyId` to customer managed key id ","terraform":"Set `kms_key_id` attribute to customer managed key id"},"severity":"low","subType":"Sagemaker","title":"Sagemaker is not encrypted with customer managed key"},"SNYK_CC_AWS_421":{"id":"521","impact":"Scope of use of the encryption key cannot be controlled via KMS/IAM policies","issue":"Secrets Manager is not encrypted with customer managed key","publicId":"SNYK-CC-AWS-421","references":["https://docs.aws.amazon.com/kms/latest/developerguide/services-secrets-manager.html"],"remediation":{"cloudformation":"Set `Properties.KmsKeyId` attribute to customer managed key id","terraform":"Set `kms_key_id` attribute to customer managed key id"},"severity":"low","subType":"Secrets Manager","title":"Secrets Manager is not encrypted with customer managed key"},"SNYK_CC_AWS_422":{"id":"522","impact":"Scope of use of the encryption key cannot be controlled via KMS/IAM policies","issue":"SNS topic is not encrypted with customer managed key","publicId":"SNYK-CC-AWS-422","references":["https://docs.aws.amazon.com/sns/latest/dg/sns-create-topic.html","https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and-customer-managed-cmks.html"],"remediation":{"cloudformation":"Set `Properties.KmsMasterKeyId` attribute to a customer managed key id ","terraform":"Set `kms_master_key_id` attribute to a customer managed key id"},"severity":"low","subType":"SNS","title":"SNS topic is not encrypted with customer managed key"},"SNYK_CC_AWS_423":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"523","impact":"Default VPC is designed to help get started with AWS, however dedicated VPCs are recommended for any production deployments","issue":"Default VPC resources is being maintained","publicId":"SNYK-CC-AWS-423","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_vpc","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc.html","https://github.com/gruntwork-io/cloud-nuke"],"remediation":{"terraform":"Remove `aws_default_vpc` resource"},"severity":"low","subType":"VPC","title":"Default VPC resource detected"},"SNYK_CC_AWS_424":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"524","impact":"Instances should send and receive traffic with own IP address only. Disabling this check allows the instance to spoof other devices on the local network or intercept traffic. Ignore this issue if you are deploying a NAT instance which requires this setting to be disabled","issue":"Address source/destination checking has been disabled","publicId":"SNYK-CC-AWS-424","references":["https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html#EIP_Disable_SrcDestCheck"],"remediation":{"cloudformation":"Set `Properties.SourceDestCheck` attribute to `true`","terraform":"Set `source_dest_check` attribute to `true`"},"severity":"low","subType":"EC2","title":"Address source/destination check disabled on the instance"},"SNYK_CC_AWS_425":{"id":"525","impact":"Availability of the service may be impacted if unhealthy instances are not replaced","issue":"EC2 is unable to replace instances when they are reported as unhealthy","publicId":"SNYK-CC-AWS-425","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-ec2-fleet.html"],"remediation":{"cloudformation":"Set `ReplaceUnhealthyInstances` attribute to `true`","terraform":"Set `replace_unhealthy_instances` attribute to `true`"},"severity":"low","subType":"EC2","title":"EC2 is unable to replace unhealthy instances"},"SNYK_CC_AWS_426":{"compliance":[["CSA-CCM","v4.0.5","CCC-04"]],"id":"526","impact":"Without this setting enabled the instances can be terminated by accident. This setting should only be used for instances with high availability requirements. Enabling this may prevent IaC workflows from updating the instance, for example terraform will not be able to terminate the instance to update instance type","issue":"To prevent instance from being accidentally terminated using Amazon EC2, you can enable termination protection for the instance","publicId":"SNYK-CC-AWS-426","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingDisableAPITermination"],"remediation":{"cloudformation":"Set `DisableApiTermination` attribute with value `true`","terraform":"Set `disable_api_termination` attribute with value `true`"},"severity":"low","subType":"EC2","title":"EC2 API termination protection is not enabled"},"SNYK_CC_AWS_427":{"compliance":[["CIS-Controls","v8","12.2"],["CSA-CCM","v4.0.5","DSP-17"]],"id":"527","impact":"Instances will be potentially accessible over public internet, which may lead to unauthorized access","issue":"Instances launched in this subnet will automatically have public IP assigned","publicId":"SNYK-CC-AWS-427","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html"],"remediation":{"cloudformation":"Set `Properties.MapPublicIpOnLaunch` attribute with value `true`","terraform":"Set `map_public_ip_on_launch` attribute with value `true`"},"severity":"low","subType":"VPC","title":"Public IPs are automatically mapped to instances"},"SNYK_CC_AWS_428":{"compliance":[["CIS-Controls","v8","13.5"],["CSA-CCM","v4.0.5","IAM-16"]],"id":"528","impact":"By default endpoints have no access controls applied which means anyone within account can access them","issue":"Access policy is not attached to the endpoint","publicId":"SNYK-CC-AWS-428","references":["https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html"],"remediation":{"cloudformation":"Set `Properties.PolicyDocument` attribute","terraform":"Set `policy` attribute"},"severity":"medium","subType":"VPC","title":"Access policy is not attached to the endpoint"},"SNYK_CC_AWS_429":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"529","impact":"Traffic mirroring can be abused to obtained unauthorized access to data in transit","issue":"Traffic mirroring session was enabled","publicId":"SNYK-CC-AWS-429","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_traffic_mirror_session","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-trafficmirrorsession.html"],"remediation":{"cloudformation":"Remove traffic mirroring session resource when not actively utilized","terraform":"Remove traffic mirroring session resource when not actively utilized"},"severity":"low","subType":"EC2","title":"Traffic mirroring session enabled"},"SNYK_CC_AWS_430":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"530","impact":"Job will have elevated privileges on the host instance which may allow it to access information about other workloads","issue":"Batch job runs with privileged flag set to true","publicId":"SNYK-CC-AWS-430","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/batch_job_definition","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-batch-jobdefinition.html"],"remediation":{"cloudformation":"Remove `Properties.ContainerProperties.Privileged` attribute or set it to `false`","terraform":"Remove `privileged` attribute or set it to `false`"},"severity":"high","subType":"Batch","title":"Batch job runs in privileged mode"},"SNYK_CC_AWS_431":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"531","impact":"Granting permission to perform any action is against 'least privilege' principle","issue":"Wildcard action has been specified in policy action","publicId":"SNYK-CC-AWS-431","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain_policy","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#cfn-elasticsearch-domain-accesspolicies"],"remediation":{"cloudformation":"Remove `*` values from `Action` in policy document. Add specific permissions only for example `es:ESHttpGet`","terraform":"Remove `*` values from `Action` in policy document. Add specific permissions only for example `es:ESHttpGet`"},"severity":"medium","subType":"ElasticSearch","title":"Wildcard action in ElasticSearch access policy"},"SNYK_CC_AWS_432":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"532","impact":"Using wild card will grant unnecessary access to any user in the account","issue":"Wildcard principal has been specified in access policy","publicId":"SNYK-CC-AWS-432","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain_policy","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#cfn-elasticsearch-domain-accesspolicies"],"remediation":{"cloudformation":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`","terraform":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`"},"severity":"medium","subType":"ElasticSearch","title":"Wildcard principal in ElasticSearch access policy"},"SNYK_CC_AWS_433":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"533","impact":"Using wild card will grant unnecessary access to any user in the account","issue":"Wildcard principal has been specified in access policy","publicId":"SNYK-CC-AWS-433","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_policy","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-resourcepolicy.html"],"remediation":{"cloudformation":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`","terraform":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`"},"severity":"medium","subType":"Secrets Manager","title":"Wildcard principal in SecretsManager access policy"},"SNYK_CC_AWS_434":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"534","impact":"Wildcard permissions grant broad permissions. The best practice recommends to providing only required permissions explicitly","issue":"Wildcard action has been specified in policy","publicId":"SNYK-CC-AWS-434","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_policy","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-resourcepolicy.html"],"remediation":{"cloudformation":"Remove `*` values from `Action` in policy document. Add specific permissions only for example `secretsmanager:DescribeSecret`","terraform":"Remove `*` values from `Action` in policy document. Add specific permissions only for example `secretsmanager:DescribeSecret`"},"severity":"medium","subType":"Secrets Manager","title":"Wildcard action in SecretsManager access policy"},"SNYK_CC_AWS_435":{"compliance":[["CIS-Controls","v8","8.2"],["CIS-Controls","v8","8.12"],["CSA-CCM","v4.0.5","LOG-08"]],"id":"535","impact":"You will not be able to audit events within your DocDB Cluster, which may hinder ability to detect anomalous behavior","issue":"Events performed within your DocumentDB Cluster will not be logged using Amazon CloudWatch Logs","publicId":"SNYK-CC-AWS-435","references":["https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-docdb-dbclusterparametergroup.html","https://docs.aws.amazon.com/documentdb/latest/developerguide/cluster_parameter_groups-list_of_parameters.html"],"remediation":{"cloudformation":"Set `Properties.Parameters.audit_logs` attribute to `enabled`.","terraform":"Set `parameters.name` attribute to `audit_logs`, and `parameters.value` attribute to `enabled`"},"severity":"medium","subType":"DocumentDB","title":"Audit logging is not enabled in DocDB parameter group"},"SNYK_CC_AWS_436":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"536","impact":"Wildcard permissions grant broad permissions. The best practice recommends to providing only required permissions explicitly","issue":"Unsafe wildcard action in Lambda permission object","publicId":"SNYK-CC-AWS-436","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html","https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege"],"remediation":{"cloudformation":"Remove wildcard `*` from `Properties.Action`","terraform":"Remove wildcard `*` from `Action`"},"severity":"medium","subType":"Lambda","title":"Wildcard action in Lambda permission"},"SNYK_CC_AWS_437":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"537","impact":"Wildcard in principal attribute potentially grants access to everyone in the account. This makes it hard to revoke permissions from specific users","issue":"Unsafe wildcard principal used in Lambda permission object","publicId":"SNYK-CC-AWS-437","references":["https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html"],"remediation":{"cloudformation":"Remove wildcard `*` from `Properties.Principal`","terraform":"Remove wildcard `*` from `Principal`"},"severity":"medium","subType":"Lambda","title":"Wildcard principal in Lambda permission"},"SNYK_CC_AWS_438":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","2.3.1"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"538","impact":"In the event of a data breach, sensitive data stored on the RDS cluster will be accessible","issue":"RDS cluster does not have encryption at rest enabled which means data is stored on cluster in plaintext","publicId":"SNYK-CC-AWS-438","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_global_cluster","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-globalcluster.html","https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html"],"remediation":{"cloudformation":"Set `Properties.StorageEncrypted` attribute to `true`","terraform":"Set `storage_encrypted` attribute to `true`"},"severity":"medium","subType":"RDS","title":"RDS global cluster does not have encryption enabled"},"SNYK_CC_AWS_439":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","2.3.1"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"539","impact":"In the occurrence of a data breach, sensitive data stored on the RDS cluster will be accessible","issue":"RDS cluster does not have encryption enabled which means data is stored on cluster in plaintext","publicId":"SNYK-CC-AWS-439","references":["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html"],"remediation":{"cloudformation":"Set `Properties.StorageEncrypted` attribute to `true`","terraform":"Set `storage_encrypted` attribute to `true`"},"severity":"medium","subType":"RDS","title":"RDS cluster does not have encryption enabled"},"SNYK_CC_AWS_440":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"540","impact":"Data transferred between client and Redshift is vulnerable to hijacking and information disclosure","issue":"Redshift Cluster does not require SSL connections to be used, which means data may not be encrypted in transit","publicId":"SNYK-CC-AWS-440","references":["https://docs.aws.amazon.com/redshift/latest/mgmt/connecting-ssl-support.html","https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-parameter-groups.html"],"remediation":{"cloudformation":"Set `Properties.Parameters.ParameterName` to `require_ssl` and `Properties.Parameters.ParameterValue` to `true`","terraform":"Set `parameter.name` to `require_ssl` and `parameter.value` to `true`"},"severity":"medium","subType":"Redshift","title":"Redshift cluster does not require SSL connections"},"SNYK_CC_AWS_441":{"compliance":[["CIS-Controls","v8","3.11"]],"id":"541","impact":"Scope of use of the key cannot be controlled via KMS/IAM policies","issue":"Sagemaker is not encrypted with customer managed key","publicId":"SNYK-CC-AWS-441","references":["https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-endpointconfig.html","https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and-customer-managed-cmks.html"],"remediation":{"cloudformation":"Set `Properties.KmsKeyId` attribute to a customer managed key id","terraform":"Set `kms_key_id` attribute to a customer managed key id"},"severity":"low","subType":"Sagemaker","title":"Sagemaker is not encrypted with customer managed key"},"SNYK_CC_AWS_442":{"id":"542","impact":"Scope of use of the key cannot be controlled via KMS/IAM policies","issue":"Sagemaker data capture location is not encrypted with customer managed key","publicId":"SNYK-CC-AWS-442","references":["https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html","https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and-customer-managed-cmks.html"],"remediation":{"cloudformation":"Set `Properties.DataCaptureConfig.KmsKeyId` to a customer managed key id","terraform":"Set `data_capture_config.kms_key_id` to a customer managed key id"},"severity":"low","subType":"Sagemaker","title":"Sagemaker data capture location is not encrypted with customer managed key"},"SNYK_CC_AWS_443":{"compliance":[["CSA-CCM","v4.0.5","IAM-15"]],"id":"543","impact":"User will not be forced to rotate the password, which may have been disclosed to the administrator","issue":"Password reset not required in IAM login profile, meaning user is not forced to reset password on resource creation","publicId":"SNYK-CC-AWS-443","references":["https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_login_profile"],"remediation":{"cloudformation":"Set `Properties.LoginProfile.PasswordResetRequired` attribute to `true`","terraform":"set `password_reset_required` attribute to `true`"},"severity":"medium","subType":"IAM","title":"Password reset not required in IAM login profile"},"SNYK_CC_AWS_444":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"544","impact":"Wildcard permissions grant broad permissions. The best practice recommends to providing only required permissions explicitly","issue":"Glue policy has wildcard action, which should not be used","publicId":"SNYK-CC-AWS-444","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/glue_resource_policy"],"remediation":{"terraform":"Remove `*` from glue policy actions"},"severity":"high","subType":"Glue","title":"Glue policy has wildcard action"},"SNYK_CC_AWS_445":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"545","impact":"Any IAM entity matching the wildcard will be able to make a request for an action or operation on the AWS resource","issue":"Wildcard principal has been specified in glue resource policy","publicId":"SNYK-CC-AWS-445","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/glue_resource_policy","https://docs.aws.amazon.com/glue/latest/dg/glue-resource-policies.html"],"remediation":{"terraform":"Ensure Principal in policy's statement does not contain a wildcard (`*`)"},"severity":"medium","subType":"Glue","title":"Glue policy has wildcard principal"},"SNYK_CC_AWS_446":{"disabled":true,"id":"546","impact":"Scope of use of the key cannot be controlled via KMS/IAM policies","issue":"Secret is not encrypted with customer managed key","publicId":"SNYK-CC-AWS-446","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret","https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and-customer-managed-cmks.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html"],"remediation":{"cloudformation":"Set `KmsKeyId` attribute to a valid customer managed key","terraform":"Set `kms_key_id` attribute to a valid customer managed key"},"severity":"medium","subType":"Secrets Manager","title":"Secret not encrypted with a customer managed key"},"SNYK_CC_AWS_447":{"compliance":[["CIS-Controls","v8","4.7"],["CIS-AWS-Foundations","v1.4.0","1.4"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"547","impact":"Account `root` user by default has permission to the entire account. It is best practice to use this user only in break glass procedures","issue":"IAM access key has been generated for account `root` user","publicId":"SNYK-CC-AWS-447","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html"],"remediation":{"cloudformation":"Delete access keys for `root` user","terraform":"Delete access keys for `root` user"},"severity":"high","subType":"IAM","title":"IAM access key generated for `root` user"},"SNYK_CC_AWS_448":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"548","impact":"Anyone accessing data in the CloudWatch logs will be able to read the contents which may contain sensitive information","issue":"CloudWatch logs generated by Glue will not be encrypted","publicId":"SNYK-CC-AWS-448","references":["https://docs.aws.amazon.com/glue/latest/dg/set-up-encryption.html","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/glue_security_configuration","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-securityconfiguration.html"],"remediation":{"cloudformation":"Set `CloudWatchEncryptionMode` attribute value to `SSE-KMS`","terraform":"Set `cloudwatch_encryption_mode` attribute value to `SSE-KMS`"},"severity":"medium","subType":"Glue","title":"Glue CloudWatch log encryption disabled"},"SNYK_CC_AWS_449":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"549","impact":"Anyone with access to the job bookmarks will be able to read the sensitive information","issue":"Job bookmarks generated by Glue are not encrypted","publicId":"SNYK-CC-AWS-449","references":["https://docs.aws.amazon.com/glue/latest/dg/set-up-encryption.html","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/glue_security_configuration","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-securityconfiguration.html"],"remediation":{"cloudformation":"Set `EncryptionConfiguration.JobBookmarksEncryption.JobBookmarksEncryptionMode` to `CSE-KMS`","terraform":" Set `encryption_configuration.job_bookmarks_encryption.job_bookmarks_encryption_mode` to `CSE-KMS`"},"severity":"medium","subType":"Glue","title":"Glue job bookmarks encryption disabled"},"SNYK_CC_AWS_450":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"550","impact":"Sensitive data processed by the stream may be readable in the kinesis storage layer","issue":"Data stream is not encrypted at rest","publicId":"SNYK-CC-AWS-450","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kinesis_firehose_delivery_stream","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kinesisfirehose-deliverystream.html"],"remediation":{"cloudformation":"Set `DeliveryStreamEncryptionConfigurationInput.KeyType` to `AWS_OWNED_CMK` or `CUSTOMER_MANAGED_CMK`","terraform":" Set `server_side_encryption.enabled` attribute to `true`"},"severity":"medium","subType":"Kinesis","title":"Kinesis data stream is not encrypted at rest"},"SNYK_CC_AWS_451":{"compliance":[["CIS-Controls","v8","6.3"],["CSA-CCM","v4.0.5","IAM-14"]],"id":"551","impact":"Single-factor authentication mechanisms such as passwords can be lost or compromised","issue":"Cognito user pool does not require multi-factor authentication method","publicId":"SNYK-CC-AWS-451","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cognito_user_pool","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html"],"remediation":{"cloudformation":"Set `Properties.MfaConfiguration` attribute to `OFF`","terraform":"Set `mfa_configuration` attribute to `OFF`"},"severity":"low","subType":"Cognito","title":"Cognito user pool without MFA"},"SNYK_CC_AWS_452":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"552","impact":"Granting permission to perform any action is against 'least privilege' principle","issue":"Wildcard action has been specified in access policy","publicId":"SNYK-CC-AWS-452","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_rest_api","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-policy"],"remediation":{"cloudformation":"Remove `*` values from `Action` in policy document. Add specific permissions only for example `execute-api:Invoke`","terraform":"Remove `*` values from `Action` in policy document. Add specific permissions only for example `execute-api:Invoke`"},"severity":"medium","subType":"API Gateway (REST APIs)","title":"Wildcard action in api gateway access policy"},"SNYK_CC_AWS_453":{"compliance":[["CSA-CCM","v4.0.5","IAM-05"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"553","impact":"Using wild card will grant unnecessary access to any IAM entity in the account","issue":"Wildcard principal has been specified in rest API access policy","publicId":"SNYK-CC-AWS-453","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_rest_api","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-policy"],"remediation":{"cloudformation":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`","terraform":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`"},"severity":"medium","subType":"API Gateway (REST APIs)","title":"Wildcard principal in rest api access policy"},"SNYK_CC_AWS_454":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"554","impact":"Anyone with access to data catalog will be able to retrieve the connection password","issue":"The Glue connection password stored in metadata is not encrypted","publicId":"SNYK-CC-AWS-454","references":["https://docs.aws.amazon.com/glue/latest/dg/encrypt-connection-passwords.html","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/glue_data_catalog_encryption_settings","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-datacatalogencryptionsettings.html"],"remediation":{"cloudformation":"Set `DataCatalogEncryptionSettings.ConnectionPasswordEncryption.ReturnConnectionPasswordEncrypted` to `SSE-KMS` ","terraform":" Set `data_catalog_encryption_settings.connection_password_encryption.return_connection_password_encrypted` to `true`"},"severity":"medium","subType":"Glue","title":"Glue connection password encryption disabled"},"SNYK_CC_AWS_456":{"compliance":[["CIS-Controls","v8","3.11"]],"id":"556","impact":"Data transferred between client and EC2 instance will use TLS encryption only which may be brokered by proxies. Use KSM to add additional layer of protection","issue":"SSM session is not using KMS to encrypt data between client and EC2 instance","publicId":"SNYK-CC-AWS-456","references":["https://docs.aws.amazon.com/systems-manager/latest/userguide/session-preferences-enable-encryption.html","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_document","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-content","https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-create-preferences-cli.html"],"remediation":{"cloudformation":"Set `Properties.Content.inputs.kmsKeyId` to a valid KMS key","terraform":"Set `content.inputs.kmsKeyId` to a valid KMS key"},"severity":"low","subType":"SSM","title":"SSM session does not use KMS encryption"},"SNYK_CC_AWS_457":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","2.1.1"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"557","impact":"The data generated by Glue and stored in S3 bucket can be read by anyone with access to the S3 bucket. This data may contain sensitive information","issue":"Glue does not encrypt data stored in the S3 bucket","publicId":"SNYK-CC-AWS-457","references":["https://docs.aws.amazon.com/glue/latest/dg/set-up-encryption.html","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/glue_security_configuration","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-securityconfiguration.html"],"remediation":{"cloudformation":"Set `Properties.EncryptionConfiguration.S3Encryptions.S3EncryptionMode` attribute to `SSE-KMS` or `SSE-S3`","terraform":" Set `encryption_configuration.s3_encryption.s3_encryption_mode` attribute to `SSE-KMS` or `SSE-S3`"},"severity":"medium","subType":"Glue","title":"Glue S3 bucket encryption disabled"},"SNYK_CC_AWS_458":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","2.1.1"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"558","impact":"Anyone with access to the S3 bucket and SSM data objects will be able to read potentially sensitive contents","issue":"Data generated by SSM operations and stored in S3 bucket is not encrypted","publicId":"SNYK-CC-AWS-458","references":["https://docs.aws.amazon.com/systems-manager/latest/userguide/data-protection.html","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_document","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-content"],"remediation":{"cloudformation":" Set `s3EncryptionEnabled` to 'true'","terraform":" Set `s3EncryptionEnabled` to 'true'"},"severity":"medium","subType":"SSM","title":"SSM S3 data storage not encrypted"},"SNYK_CC_AWS_700":{"compliance":[["CSA-CCM","v4.0.5","IAM-05"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Using wild card will grant unnecessary access to any user in the account","issue":"Wildcard principal has been specified in access policy","publicId":"SNYK-CC-AWS-700","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_policy","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-resourcepolicy.html"],"remediation":{"terraform":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`"},"severity":"medium","subType":"Glacier","title":"Wildcard principal in Glacier Vault access policy"},"SNYK_CC_AWS_701":{"compliance":[["CSA-CCM","v4.0.5","IAM-16"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Using wild card will grant unnecessary access to any user in the account","issue":"Wildcard principal has been specified in access policy","publicId":"SNYK-CC-AWS-701","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_policy","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-resourcepolicy.html"],"remediation":{"cloudformation":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`","terraform":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`"},"severity":"medium","subType":"SQS","title":"Wildcard principal in SQS access policy"},"SNYK_CC_AWS_702":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"impact":"All users with SendCommand API permission can run all PartiQL commands on any table","issue":"QLDB ledger permissions is set to ALLOW_ALL mode","publicId":"SNYK-CC-AWS-702","references":["https://docs.aws.amazon.com/qldb/latest/developerguide/getting-started-standard-mode.html"],"remediation":{"cloudformation":"Set `PermissionsMode` to `STANDARD`","terraform":"Set `permissions_mode` to `STANDARD`"},"severity":"medium","subType":"Quantum Ledger Database","title":"QLDB ledger permissions in ALLOW_ALL mode"},"SNYK_CC_AWS_704":{"compliance":[["CSA-CCM","v4.0.5","IAM-05"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Using wild card will grant unnecessary access to any user in the account","issue":"Wildcard principal has been specified in access policy","publicId":"SNYK-CC-AWS-704","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_policy","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-resourcepolicy.html"],"remediation":{"cloudformation":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`","terraform":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`"},"severity":"medium","subType":"SNS","title":"Wildcard principal in SNS topic access policy"},"SNYK_CC_AWS_705":{"compliance":[["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-16"]],"impact":"The compromised instance will be able to exfiltrate data without any restrictions.","issue":"Direct internet access enabled for SageMaker Notebook Instance","publicId":"SNYK-CC-AWS-705","references":["https://docs.aws.amazon.com/sagemaker/latest/dg/infrastructure-connect-to-resources.html","https://aws.amazon.com/blogs/machine-learning/understanding-amazon-sagemaker-notebook-instance-networking-configurations-and-advanced-routing-options/"],"remediation":{"cloudformation":"Set `Properties.DirectInternetAccess` attribute to `Disabled`. Note you will have to configure required VPC configuration to establish any network connectivity to the Internet","terraform":"Set `direct_internet_access` attribute to `Disabled`. Note you will have to configure required VPC configuration to establish any network connectivity to the Internet"},"severity":"medium","subType":"Sagemaker","title":"Direct internet access enabled for SageMaker Notebook Instance"},"SNYK_CC_AWS_706":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"The SFTP server can be accessed from the Internet, which may expose sensitive data to unauthorized users","issue":"Transfer server is publicly accessible","publicId":"SNYK-CC-AWS-706","references":["https://aws.amazon.com/premiumsupport/knowledge-center/aws-sftp-endpoint-type/","https://aws.amazon.com/blogs/storage/update-your-aws-transfer-family-server-endpoint-type-from-vpc_endpoint-to-vpc/"],"remediation":{"cloudformation":"Set `Properties.EndpointType` attribute to `VPC`","terraform":"Set `endpoint_type` attribute to `VPC`"},"severity":"medium","subType":"Transfer","title":"Transfer server is publicly accessible"},"SNYK_CC_AWS_707":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"impact":"Data encryption at rest will not be enforced by EMR. Note the underlying storage backend may have own encryption settings applied already. See referenced encryption options for more details.","issue":"Encryption at rest disabled in EMR security configuration","publicId":"SNYK-CC-AWS-707","references":["https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-create-security-configuration.html","https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-data-encryption-options.html"],"remediation":{"cloudformation":"Set `Properties.SecurityConfiguration` attribute with appropriate security configuration policy. See references for configuration specification.","terraform":"Set `configuration` attribute with appropriate security configuration policy. See references for configuration specification."},"severity":"medium","subType":"Elastic Map Reduce (EMR)","title":"Encryption at rest disabled in EMR security configuration"},"SNYK_CC_AWS_708":{"compliance":[["CIS-Controls","v8","3.10"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"impact":"The data transferred between DocumentDB cluster and clients will not be encrypted","issue":"TLS is disabled on DocumentDB","publicId":"SNYK-CC-AWS-708","references":["https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-docdb-dbclusterparametergroup.html","https://docs.aws.amazon.com/documentdb/latest/developerguide/cluster_parameter_groups-list_of_parameters.html"],"remediation":{"cloudformation":"Set `Properties.Parameters.tls` attribute to `enabled`","terraform":"Set `parameters.name` attribute to `tls`, and `parameters.value` attribute to `enabled`"},"severity":"medium","subType":"DocumentDB","title":"TLS is disabled on DocumentDB"},"SNYK_CC_AWS_709":{"compliance":[["CSA-CCM","v4.0.5","IAM-05"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Using wild card will grant unnecessary access to any user in the account","issue":"Wildcard principal has been specified in access policy","publicId":"SNYK-CC-AWS-709","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_policy","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-resourcepolicy.html"],"remediation":{"cloudformation":"Set `Principal` attribute in the policy to specific entities, for example `arn:aws:iam::123456789012:user/JohnDoe`","terraform":"Set `Principal` attribute in the policy to specific entities, for example `arn:aws:iam::123456789012:user/JohnDoe`"},"severity":"medium","subType":"KMS","title":"Wildcard principal in KMS key access policy"},"SNYK_CC_AWS_710":{"compliance":[["CIS-Controls","v8","5.6"],["CSA-CCM","v4.0.5","IAM-14"]],"impact":"IAM integration allows you to avoid using passwords in favour of short lived tokens.","issue":"IAM authentication for RDS cluster is disabled","publicId":"SNYK-CC-AWS-710","references":["https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html"],"remediation":{"cloudformation":"Set `Properties.EnableIAMDatabaseAuthentication` attribute to `true`","terraform":"Set `iam_database_authentication_enabled` attribute to `true`"},"severity":"medium","subType":"RDS","title":"IAM authentication for RDS cluster is disabled"},"SNYK_CC_AWS_732":{"compliance":[["CIS-Controls","v8","6.8"],["CSA-CCM","v4.0.5","IAM-05"],["CSA-CCM","v4.0.5","IAM-16"]],"description":"The IAM policy allows all IAM actions on resource","id":"832","impact":"Granting permission to perform any IAM action is against 'least privilege' principle","issue":"The IAM policy allows all IAM actions on resource","publicId":"SNYK-CC-AWS-732","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html","https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html"],"remediation":{"cloudformation":"Set `Action` attribute in `Properties.PolicyDocument` to specific actions e.g. `iam:ListUsers`","terraform":"Set `statement.action` attribute to specific actions e.g. `iam:ListUsers`"},"severity":"high","subType":"IAM","title":"Broad IAM permissions in IAM policy"},"SNYK_CC_TF_1":{"compliance":[["CIS-Controls","v8","13.9"],["CIS-AWS-Foundations","v1.4.0","5.2"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"101","impact":"That potentially everyone can access your resource","issue":"That inbound traffic is allowed to a resource from any source instead of a restricted range","publicId":"SNYK-CC-TF-1","references":["https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html"],"remediation":{"cloudformation":"Set `Properties.SecurityGroupIngress.CidrIp` attribute with a more restrictive IP, for example `192.16.0.0/24`","terraform":"Set `cidr_block` attribute with a more restrictive IP, for example `192.16.0.0/24`"},"severity":"medium","subType":"VPC","title":"Security Group allows open ingress"},"SNYK_CC_TF_10":{"compliance":[["CIS-Controls","v8","5.2"],["CSA-CCM","v4.0.5","IAM-02"]],"id":"110","impact":"Your password is not following the recommended security practices and is not as strong as it should be","issue":"Your password does not contain numbers","publicId":"SNYK-CC-TF-10","references":[],"remediation":{"terraform":"Set the `require_numbers` attribute to be `true` to increase the strength of your password"},"severity":"medium","subType":"IAM","title":"IAM password should contain numbers"},"SNYK_CC_TF_106":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"206","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"DynamoDB Acceleration (DAX) is not encrypted","publicId":"SNYK-CC-TF-106","references":["https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dax-cluster.html#cfn-dax-cluster-ssespecification","https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DAXEncryptionAtRest.html"],"remediation":{"cloudformation":"Set `Properties.SSESpecification.SSEEnabled` attribute to `true`","terraform":"Set `server_side_encryption.enable` attribute to `true`"},"severity":"medium","subType":"DynamoDB","title":"Non-encrypted DynamoDB DAX"},"SNYK_CC_TF_107":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"207","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"EKS cluster secrets are not encrypted","publicId":"SNYK-CC-TF-107","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster#encryption_config","https://aws.amazon.com/blogs/containers/using-eks-encryption-provider-support-for-defense-in-depth/"],"remediation":{"cloudformation":"Set the `Properties.EncryptionConfig` object with the relevant `provider` \u0026 `resources`.","terraform":"Set the `encryption_config` object with the relevant `provider` \u0026 `resources`."},"severity":"medium","subType":"EKS","title":"EKS cluster has non-encrypted secrets at rest"},"SNYK_CC_TF_108":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"208","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"Redshift DB is not encrypted","publicId":"SNYK-CC-TF-108","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#encrypted","https://docs.aws.amazon.com/redshift/latest/mgmt/security-server-side-encryption.html"],"remediation":{"cloudformation":"Set `Properties.Encrypted` attribute to `true`","terraform":"Set `encrypted` attribute to `true`."},"severity":"medium","subType":"Redshift","title":"Non-encrypted Redshift DB at rest"},"SNYK_CC_TF_109":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"209","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"DocDB is not encrypted","publicId":"SNYK-CC-TF-109","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster#storage_encrypted","https://docs.aws.amazon.com/documentdb/latest/developerguide/encryption-at-rest.html"],"remediation":{"cloudformation":"Set `Properties.StorageEncrypted` attribute to `true`","terraform":"Set `storage_encrypted` attribute to `true`."},"severity":"medium","subType":"DocumentDB","title":"Non-encrypted DocDB at rest"},"SNYK_CC_TF_11":{"compliance":[["CIS-Controls","v8","5.2"],["CIS-AWS-Foundations","v1.4.0","1.8"],["CSA-CCM","v4.0.5","IAM-02"]],"id":"111","impact":"Your password is not following the recommended security practices and is not as strong as it should be","issue":"Your password does not enforce a minimum length","publicId":"SNYK-CC-TF-11","references":[],"remediation":{"terraform":"Set the `minimum_password_length` attribute to be at least `14` to increase the strength of your password"},"severity":"medium","subType":"IAM","title":"IAM requires minimum password length"},"SNYK_CC_TF_110":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"210","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"Athena DB is not encrypted","publicId":"SNYK-CC-TF-110","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_database#encryption_configuration","https://docs.aws.amazon.com/athena/latest/ug/encryption.html"],"resolve":"Set `encryption_configuration` object.","severity":"medium","subType":"Athena","title":"Non-encrypted Athena DB at rest"},"SNYK_CC_TF_111":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"211","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"CodeBuild project encryption is explicitly disabled","publicId":"SNYK-CC-TF-111","references":["https://docs.aws.amazon.com/codebuild/latest/userguide/security-encryption.html"],"remediation":{"cloudformation":"Set `Properties.Artifacts.EncryptionDisabled` or `Properties.SecondaryArtifacts.EncryptionDisabled` attributes to `false`, or remove the attribute from configuration","terraform":"Set `artifacts.encryption_disabled` or `secondary_artifacts.encryption_disabled` attributes to `false`, or remove the attribute from configuration"},"severity":"medium","subType":"CodeBuild","title":"Non-Encrypted CodeBuild artifacts"},"SNYK_CC_TF_113":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-Controls","v8","4.6"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"213","impact":"Encryption of the results can be disabled by the client, and in an event of unauthorized access to the data they would be able to read the contents","issue":"Athena workgroup settings can be overridden by client","publicId":"SNYK-CC-TF-113","references":["https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html","https://docs.aws.amazon.com/athena/latest/ug/encryption.html","https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings.html"],"remediation":{"cloudformation":"Set `Properties.WorkGroupConfiguration.EnforceWorkGroupConfiguration` attribute to `true`","terraform":"Set `configuration.enforce_workgroup_configuration` attribute to `true`"},"severity":"medium","subType":"Athena","title":"Athena workgroup does not enforce service settings"},"SNYK_CC_TF_116":{"compliance":[["CIS-Controls","v8","6.8"],["CIS-AWS-Foundations","v1.4.0","1.15"],["CSA-CCM","v4.0.5","IAM-16"]],"id":"216","impact":"Increases the security management overhead","issue":"The IAM policy is directly attached to a user","publicId":"SNYK-CC-TF-116","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html","https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#use-groups-for-permissions"],"remediation":{"cloudformation":"Attach policy to a group or role, instead of user. Remove `Properties.Users` attribute","terraform":"Attach policy to a group or role, instead of user. For example, use `aws_iam_group_policy_attachment` resource"},"severity":"low","subType":"IAM","title":"IAM Policy attached to user"},"SNYK_CC_TF_117":{"compliance":[["CIS-Controls","v8","6.8"],["CIS-AWS-Foundations","v1.4.0","1.15"],["CSA-CCM","v4.0.5","IAM-16"]],"id":"217","impact":"Anyone will be allowed to assume the role, and perform actions granted in attached policies","issue":"The IAM role can be assumed by any service or principal","publicId":"SNYK-CC-TF-117","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_permissions-to-switch.html","https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_compare-resource-policies.html"],"remediation":{"cloudformation":"Set `Principal` in `Properties.AssumeRolePolicyDocument` attribute to specific service or account, e.g. `Service: ec2.amazonaws.com`","terraform":"Set `Principal` attribute to specific service or account, e.g. `Service: ec2.amazonaws.com`"},"severity":"high","subType":"IAM","title":"IAM Role can be assumed by anyone"},"SNYK_CC_TF_118":{"compliance":[["CIS-Controls","v8","6.8"],["CIS-AWS-Foundations","v1.4.0","1.15"],["CSA-CCM","v4.0.5","IAM-16"]],"id":"218","impact":"Any principal in the account will be able to use the permissions granted by the attached policies","issue":"The IAM role can be assumed by any principal in the account and is therefore considered too broad. Note the `arn:aws:iam::123456789012:root` arn acts as a wildcard, which allows any principal in the `123456789012` account with the `sts:AssumeRole` permission to assume this role","publicId":"SNYK-CC-TF-118","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_permissions-to-switch.html","https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_compare-resource-policies.html"],"remediation":{"cloudformation":"Set `Principal` in `Properties.AssumeRolePolicyDocument` attribute to specific principal, e.g. `arn:aws:iam::1234:role/role-name`","terraform":"Set `Principal` attribute to specific principal, e.g. `arn:aws:iam::1234:role/role-name`"},"severity":"high","subType":"IAM","title":"IAM Role can be assumed by anyone in the account"},"SNYK_CC_TF_119":{"compliance":[["CIS-Controls","v8","3.3"],["CIS-AWS-Foundations","v1.4.0","1.16"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"219","impact":"Any identity with this policy will have full administrative rights in the account","issue":"The IAM Policy grants all permissions to all resources","publicId":"SNYK-CC-TF-119","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html"],"remediation":{"cloudformation":"Set `Actions` and `Resources` attributes to limited subset, e.g `Actions: ['s3:Create*']`","terraform":"Set `Actions` and `Resources` attributes to limited subset, e.g `Actions: ['s3:Create*']`"},"severity":"medium","subType":"IAM","title":"IAM Policy grants full administrative rights"},"SNYK_CC_TF_12":{"compliance":[["CIS-Controls","v8","5.2"],["CIS-AWS-Foundations","v1.4.0","1.9"],["CSA-CCM","v4.0.5","IAM-02"]],"id":"112","impact":"Your password is not following the recommended security practices and is not as strong as it should be","issue":"Your password could be reused","publicId":"SNYK-CC-TF-12","references":[],"remediation":{"terraform":"Set the `password_reuse_prevention` attribute to be `24` to ensure the previous 24 passwords cannot be reused"},"severity":"medium","subType":"IAM","title":"IAM password reuse prevention is missing"},"SNYK_CC_TF_121":{"compliance":[["CIS-Controls","v8","3.3"],["CIS-AWS-Foundations","v1.4.0","1.16"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"221","impact":"Anyone will be able to read and write to the bucket","issue":"The S3 policy grants all permissions to any principal","publicId":"SNYK-CC-TF-121","references":["https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html"],"remediation":{"cloudformation":"Set `Actions` and `Principals` attributes of the policy to limited set, e.g `Principals: {AWS: ['arn:aws:iam::1234:root]}`","terraform":"Set `Actions` and `Principals` attributes of the policy to limited set, e.g `Principals: {AWS: ['arn:aws:iam::1234:root]}`"},"severity":"high","subType":"S3","title":"S3 Policy grants full rights to anyone"},"SNYK_CC_TF_122":{"compliance":[["CIS-Controls","v8","4.6"]],"id":"222","impact":"The secret value will readable to anyone with access to VCS","issue":"Secret value has been declared in environment variable","publicId":"SNYK-CC-TF-122","references":["https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html"],"remediation":{"cloudformation":"Remove secret value from `environment` definition","terraform":"Remove secret value from `environment` definition"},"severity":"high","subType":"Lambda","title":"Potentially sensitive variable in lambda environment"},"SNYK_CC_TF_123":{"compliance":[["CIS-Controls","v8","4.6"],["CSA-CCM","v4.0.5","IAM-15"]],"disabled":true,"id":"223","impact":"Anyone with access to VCS will be able to obtain the secret keys, and access the unauthorized resources","issue":"Secret keys have been hardcoded in user_data script","publicId":"SNYK-CC-TF-123","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html"],"remediation":{"cloudformation":"Remove secret value from `Properties.UserData` attribute","terraform":"Remove secret value from `user_data` attribute"},"severity":"high","subType":"EC2","title":"Hard coded secrets in EC2 metadata"},"SNYK_CC_TF_124":{"compliance":[["CIS-Controls","v8","11.3"],["CSA-CCM","v4.0.5","BCR-08"]],"id":"224","impact":"Changes or deletion of objects will not be reversible","issue":"S3 bucket versioning is disabled","publicId":"SNYK-CC-TF-124","references":["https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html"],"remediation":{"cloudformation":"Set `Properties.VersioningConfiguration.Status` attribute to `Enabled`","terraform":"For AWS provider \u003c v4.0.0, set `versioning.enabled` attribute to `true`. For AWS provider \u003e= v4.0.0, add aws_s3_bucket_versioning resource."},"severity":"low","subType":"S3","title":"S3 bucket versioning disabled"},"SNYK_CC_TF_125":{"compliance":[["CIS-Controls","v8","11.2"],["CSA-CCM","v4.0.5","BCR-08"]],"id":"225","impact":"No automated backups of DynamoDB data","issue":"DynamoDB does not have Point-in-Time Recovery enabled","publicId":"SNYK-CC-TF-125","references":["https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/PointInTimeRecovery_Howitworks.html","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table#point_in_time_recovery"],"remediation":{"cloudformation":"Set `Properties.PointInTimeRecoverySpecification.PointInTimeRecoveryEnabled` attribute to `true`","terraform":"Set `point_in_time_recovery.enabled` attribute to `true`"},"severity":"medium","subType":"DynamoDB","title":"DynamoDB point-in-time recovery disabled"},"SNYK_CC_TF_126":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","CCC-04"]],"id":"226","impact":"Image tags can be modified post deployment","issue":"The AWS ECR registry does not enforce immutable tags","publicId":"SNYK-CC-TF-126","references":["https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-tag-mutability.html"],"remediation":{"cloudformation":"Set `Properties.ImageTagMutability` attribute to `IMMUTABLE`","terraform":"Set `image_tag_mutability` attribute to `IMMUTABLE`"},"severity":"low","subType":"ECR","title":"ECR Registry allows mutable tags"},"SNYK_CC_TF_127":{"compliance":[["CIS-Controls","v8","6.5"],["CIS-AWS-Foundations","v1.4.0","2.1.3"],["CSA-CCM","v4.0.5","IAM-10"]],"impact":"Object could be deleted without stronger MFA authorization","issue":"S3 bucket will not enforce MFA login on delete requests","publicId":"SNYK-CC-TF-127","references":["https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html","https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html","https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html"],"resolve":"Follow instructions in `https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html` to manually configure the MFA setting. For AWS provider \u003c v4.0.0 set `versioning.mfa_delete` attribute to `true` in aws_s3_bucket resource. For AWS provider \u003e= v4.0.0 set 'versioning_configuration.mfa_delete` attribute to `Enabled`. The terraform change is required to reflect the setting in the state file","severity":"low","subType":"S3","title":"S3 bucket MFA delete control disabled"},"SNYK_CC_TF_128":{"id":"228","impact":"Performance log events will not be collected and displayed in CloudWatch","issue":"ECS ContainerInsights will not be enabled on the cluster","publicId":"SNYK-CC-TF-128","references":["https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/ContainerInsights.html"],"remediation":{"cloudformation":"Set `Properties.ClusterSettings.Name` attribute to `containerInsights`, and `Properties.ClusterSettings.Value` to `enabled`","terraform":"Set `settings.name` attribute to `containerInsights`, and `settings.value` to `enabled`"},"severity":"low","subType":"ECS","title":"ECS ContainerInsights disabled"},"SNYK_CC_TF_129":{"compliance":[["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"]],"id":"229","impact":"Traces will not be collected for this api gateway, which can impede incident management","issue":"X-Ray tracing is not enabled for this api gateway stage","publicId":"SNYK-CC-TF-129","references":["https://docs.aws.amazon.com/xray/latest/devguide/xray-services-apigateway.html","https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enabling-xray.html","https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-understanding-xray-traces.html"],"remediation":{"cloudformation":"Set `Properties.TracingEnabled` attribute to `true`","terraform":"Set `xray_tracing_enabled` attribute to `true`"},"severity":"low","subType":"API Gateway (REST APIs)","title":"API Gateway X-Ray tracing disabled"},"SNYK_CC_TF_13":{"compliance":[["CIS-Controls","v8","5.2"],["CSA-CCM","v4.0.5","IAM-02"]],"id":"113","impact":"That if your password is leaked, your exposure window is much longer","issue":"Your password has a long or no expiry time","publicId":"SNYK-CC-TF-13","references":[],"remediation":{"terraform":"Set the `max_password_age` attribute to be less than `90` therefore reducing your exposure window"},"severity":"medium","subType":"IAM","title":"IAM should have max password age"},"SNYK_CC_TF_130":{"compliance":[["CIS-Controls","v8","12.2"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"230","impact":"Metadata service may be vulnerable to reverse proxy/open firewall misconfigurations and server side request forgery attacks","issue":"Instance Metadata Service v2 is not enforced","publicId":"SNYK-CC-TF-130","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html","https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html","https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html","https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/"],"resolve":"Set `metadata_options.http_tokens` attribute to `required`","severity":"low","subType":"EC2","title":"EC2 instance accepts IMDSv1"},"SNYK_CC_TF_131":{"compliance":[["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"]],"id":"231","impact":"Audit records may not be available during investigation","issue":"Amazon EKS control plane logging is not enabled for all log types","publicId":"SNYK-CC-TF-131","references":["https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html"],"resolve":"Set `enabled_cluster_log_types` attribute to `['api', 'audit', 'authenticator', 'controllerManager', 'scheduler' ]`","severity":"low","subType":"EKS","title":"EKS control plane logging insufficient"},"SNYK_CC_TF_132":{"id":"232","impact":"Audit records may not be available during investigation","issue":"Amazon MQ Broker logging is disabled","publicId":"SNYK-CC-TF-132","references":["https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/security-logging-monitoring-cloudwatch.html"],"remediation":{"cloudformation":"Set `Properties.Logs.General` attribute to `true`","terraform":"Set `logs.general` attribute to `true`"},"severity":"low","subType":"MQ","title":"MQ broker general logs are disabled"},"SNYK_CC_TF_133":{"id":"233","impact":"Trace logs will not be available during investigation","issue":"Amazon X-Ray tracing is not enabled for Lambda function","publicId":"SNYK-CC-TF-133","references":["https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html"],"remediation":{"cloudformation":"Set `Properties.TracingConfig.Mode` attribute to `Active` or `PassThrough`","terraform":"Set `tracing_config.mode` attribute to `Active` or `PassThrough`"},"severity":"low","subType":"Lambda","title":"X-ray tracing is disabled for Lambda function"},"SNYK_CC_TF_134":{"compliance":[["CIS-Controls","v8","8.10"],["CSA-CCM","v4.0.5","LOG-02"]],"id":"234","impact":"Logs will be kept indefinitely and incur AWS costs","issue":"Amazon CloudWatch log group does not specify retention period","publicId":"SNYK-CC-TF-134","references":["https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html"],"remediation":{"cloudformation":"Set `Properties.RetentionInDays` attribute to required value, e.g. set `365`","terraform":"Set `retention_in_days` attribute to required value, e.g. set `365`"},"severity":"low","subType":"CloudWatch","title":"CloudWatch Log group retention period not set"},"SNYK_CC_TF_135":{"compliance":[["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"]],"id":"235","impact":"Logs will not be collected in all the regions","issue":"Amazon CloudTrail is not enabled for all regions","publicId":"SNYK-CC-TF-135","references":["https://docs.aws.amazon.com/awscloudtrail/latest/userguide/receive-cloudtrail-log-files-from-multiple-regions.html"],"remediation":{"cloudformation":"Set `Properties.IsMultiRegionTrail` attribute to `true`","terraform":"Set `is_multi_region_trail` attribute to `true`"},"severity":"low","subType":"CloudTrail","title":"CloudTrail does not include all regions"},"SNYK_CC_TF_136":{"compliance":[["CIS-Controls","v8","8.2"],["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"],["CSA-CCM","v4.0.5","LOG-08"]],"id":"236","impact":"Audit records may not be available during investigation","issue":"Amazon Redshift cluster logging is not enabled","publicId":"SNYK-CC-TF-136","references":["https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html"],"remediation":{"cloudformation":"Set `Properties.LoggingProperties` attribute","terraform":"Set `logging.enable` attribute to `true`"},"severity":"low","subType":"Redshift","title":"Redshift cluster logging disabled"},"SNYK_CC_TF_137":{"compliance":[["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"]],"id":"237","impact":"Audit records may not be available during investigation","issue":"Amazon Global Accelerator flow logs are disabled","publicId":"SNYK-CC-TF-137","references":["https://docs.aws.amazon.com/global-accelerator/latest/dg/monitoring-global-accelerator.flow-logs.html"],"resolve":"Set `attributes.flow_logs_enabled` attribute to `true`","severity":"low","subType":"Global Accelerator","title":"Global Accelerator flow logs disabled"},"SNYK_CC_TF_138":{"compliance":[["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"]],"id":"238","impact":"Audit records may not be available during investigation","issue":"Amazon Api Gateway access logging is not enabled","publicId":"SNYK-CC-TF-138","references":["https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-logging.html"],"remediation":{"cloudformation":"Set `Properties.AccessLogSetting.DestinationArn` attribute","terraform":"Set `access_log_settings` attribute"},"severity":"low","subType":"API Gateway (REST APIs)","title":"API Gateway access logging disabled"},"SNYK_CC_TF_139":{"compliance":[["CIS-Controls","v8","8.2"],["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"],["CSA-CCM","v4.0.5","LOG-08"]],"id":"239","impact":"Audit records may not be available during investigation","issue":"Amazon MSK Cluster logs are not enabled","publicId":"SNYK-CC-TF-139","references":["https://docs.aws.amazon.com/msk/latest/developerguide/msk-logging.html"],"remediation":{"cloudformation":"Set at least one of available `Properties.LoggingInfo.BrokerLogs` attributes to `enabled`","terraform":"Set at least one of available `logging_info.broker_logs` attributes to `enabled`"},"severity":"low","subType":"Managed Streaming for Kafka (MSK)","title":"MSK Cluster logging disabled"},"SNYK_CC_TF_14":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","3.8"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","CEK-12"]],"id":"114","impact":"That data is being encrypted with a key which is valid for a longer period of time, resulting in a greater exposure window should that key be leaked","issue":"That your encryption keys are not being rotated by AWS","publicId":"SNYK-CC-TF-14","references":[],"remediation":{"cloudformation":"Set `Properties.EnableKeyRotation` attribute to `true`","terraform":"Set `enable_key_rotation` attribute to `true`"},"severity":"low","subType":"KMS","title":"KMS key does not have key rotation enabled"},"SNYK_CC_TF_140":{"compliance":[["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"]],"id":"240","impact":"Audit records may not be available during investigation","issue":"Amazon Elasticsearch domain logging is not enabled","publicId":"SNYK-CC-TF-140","references":["https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-createdomain-configure-slow-logs.html"],"remediation":{"cloudformation":"Set `Properties.LogPublishingOptions.AUDIT_LOGS.Enabled` attribute to `true`","terraform":"Set `log_publishing_options` attribute"},"severity":"low","subType":"ElasticSearch","title":"Elasticsearch domain logging disabled"},"SNYK_CC_TF_141":{"compliance":[["CIS-Controls","v8","8.2"],["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"],["CSA-CCM","v4.0.5","LOG-08"]],"id":"241","impact":"Audit records may not be available during investigation","issue":"Amazon DocDB logging is not enabled","publicId":"SNYK-CC-TF-141","references":["https://docs.aws.amazon.com/documentdb/latest/developerguide/logging-and-monitoring.html"],"remediation":{"cloudformation":"Set `Properties.EnableCloudwatchLogsExports` attribute to `['profiler', 'audit']`","terraform":"Set `enabled_cloudwatch_logs_exports` attribute to `['profiler', 'audit']`"},"severity":"low","subType":"DocumentDB","title":"DocDB logging disabled"},"SNYK_CC_TF_142":{"compliance":[["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"]],"id":"242","impact":"Audit records may not be available during investigation","issue":"Amazon CloudFront distribution access logging is not enabled","publicId":"SNYK-CC-TF-142","references":["https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/logging_using_cloudtrail.html"],"remediation":{"cloudformation":"Set `Properties.DistributionConfig.Logging` attribute","terraform":"Set `logging_config` attribute"},"severity":"low","subType":"CloudFront","title":"CloudFront access logging disabled"},"SNYK_CC_TF_15":{"compliance":[["CIS-Controls","v8","8.5"],["CIS-AWS-Foundations","v1.4.0","3.1"],["CSA-CCM","v4.0.5","LOG-08"]],"id":"115","impact":"That you cannot keep a record of all access and events on your account","issue":"Logs are not being kept for your CloudTrail activity","publicId":"SNYK-CC-TF-15","references":[],"remediation":{"cloudformation":"Set the `Properties.IsLogging` attribute to `true`","terraform":"Set the `enable_logging` attribute to `true`"},"severity":"high","subType":"CloudTrail","title":"CloudTrail has logging disabled"},"SNYK_CC_TF_16":{"compliance":[["CIS-Controls","v8","8.3"],["CIS-AWS-Foundations","v1.4.0","3.2"],["CSA-CCM","v4.0.5","LOG-09"]],"id":"116","impact":"You cannot trust the integrity of the log files and determine whether they have been tampered with.","issue":"The CloudTrail logs integrity is not been enforced","publicId":"SNYK-CC-TF-16","references":[],"remediation":{"cloudformation":"Set the `Properties.EnableLogFileValidation` attribute to `true`","terraform":"Set the `enable_log_file_validation` attribute to `true`"},"severity":"medium","subType":"CloudTrail","title":"CloudTrail does not have log file validation enabled"},"SNYK_CC_TF_17":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","3.7"],["CSA-CCM","v4.0.5","LOG-02"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"117","impact":"IAM policies cannot be used to control access to the decryption keys","issue":"The CloudTrail logs are not encrypted with managed key","publicId":"SNYK-CC-TF-17","references":["https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html"],"remediation":{"cloudformation":"Set `KMSKeyId` attribute to valid KMS key id","terraform":"Set `kms_key_id` attribute to valid KMS key id"},"severity":"low","subType":"CloudTrail","title":"CloudTrail logs are not encrypted with managed key"},"SNYK_CC_TF_18":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CIS-AWS-Foundations","v1.4.0","2.1.5"],["CIS-AWS-Foundations","v1.4.0","3.3"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"118","impact":"That you may be leaking sensitive information to members of the public without realizing.","issue":"That this S3 bucket is publicly readable without any authentication or authorization. ","publicId":"SNYK-CC-TF-18","references":["https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl"],"remediation":{"cloudformation":"Set `AccessControl` attribute to `private`, or remove the attribute","terraform":"Set `acl` attribute to `private`, or remove the attribute"},"severity":"medium","subType":"S3","title":"S3 Bucket is publicly readable"},"SNYK_CC_TF_19":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CIS-AWS-Foundations","v1.4.0","2.1.5"],["CIS-AWS-Foundations","v1.4.0","3.3"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"119","impact":"That you may be leaking sensitive information to members of the public and this data could be modified without your knowledge.","issue":"That this S3 bucket is publicly writeable without any authentication or authorization. ","publicId":"SNYK-CC-TF-19","references":["https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl"],"remediation":{"cloudformation":"Set the `Properties.AccessControl` attribute to `private`, or remove the attribute","terraform":"Set the `acl` attribute to `private`, or remove the attribute"},"severity":"high","subType":"S3","title":"S3 Bucket is publicly readable and writable"},"SNYK_CC_TF_2":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-Controls","v8","11.3"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"102","impact":"That should someone gain unauthorized access to the data they would be able to read the contents. ","issue":"That this EBS snapshot is not encrypted. The default behavior is for EBS snapshot to be encrypted. ","publicId":"SNYK-CC-TF-2","references":[],"remediation":{"terraform":"Adding or updating the attribute `encrypted` and setting it to `true` to ensure the snapshots are now encrypted. "},"severity":"medium","subType":"EC2","title":"Non-encrypted EBS snapshot"},"SNYK_CC_TF_201":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","2.3.1"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"201","impact":"Should someone gain unauthorized access to the data they would be able to read the contents.","issue":"The DB instance storage is not encrypted by default","publicId":"SNYK-CC-TF-201","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#storage_encrypted"],"remediation":{"cloudformation":"Set `Properties.StorageEncrypted` attribute to `true`","terraform":"Set `storage_encrypted` attribute to true"},"severity":"medium","subType":"RDS","title":"Non-encrypted RDS instance at rest"},"SNYK_CC_TF_204":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"204","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"EFS system file is not encrypted","publicId":"SNYK-CC-TF-204","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_file_system#encrypted","https://docs.aws.amazon.com/efs/latest/ug/encryption-at-rest.html"],"remediation":{"cloudformation":"Set `Properties.Encrypted` attribute to `true`","terraform":"Set `encrypted` attribute to `true`."},"severity":"medium","subType":"EFS","title":"Non-encrypted EFS at rest"},"SNYK_CC_TF_205":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"205","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"The Neptune Cluster storage encrypted set by default to false","publicId":"SNYK-CC-TF-205","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/neptune_cluster#storage_encrypted","https://docs.aws.amazon.com/neptune/latest/userguide/encrypt.html"],"remediation":{"cloudformation":"Set `Properties.StorageEncrypted` attribute to `true`","terraform":"Set `storage_encrypted` attribute to `true`"},"severity":"medium","subType":"Neptune","title":"Non-encrypted Neptune cluster at rest"},"SNYK_CC_TF_214":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"214","impact":"The data could be read in transit.","issue":"Data in the Elasticache Replication Group is not securely encrypted in transit","publicId":"SNYK-CC-TF-214","references":["https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html"],"remediation":{"cloudformation":"Set `Properties.TransitEncryptionEnabled` attribute to `true`","terraform":"Set `transit_encryption_enabled` attribute to `true`"},"severity":"medium","subType":"ElastiCache","title":"Non-Encrypted ElastiCache data in transit"},"SNYK_CC_TF_215":{"compliance":[["CSA-CCM","v4.0.5","IAM-14"]],"id":"215","impact":"Anyone with network access to the cluster can read cached data","issue":"Elasticache cluster can be accessed without authentication token","publicId":"SNYK-CC-TF-215","references":["https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html","https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/auth.html"],"remediation":{"cloudformation":"Add an external reference to `AuthToken`. Do not add the secret directly into the file.","terraform":"Add an external reference to `auth_token`. Do not add the secret directly into the file."},"severity":"medium","subType":"ElastiCache","title":"ElastiCache cluster does not require authentication"},"SNYK_CC_TF_256":{"compliance":[["CIS-Controls","v8","8.9"],["CIS-AWS-Foundations","v1.4.0","3.4"]],"id":"356","impact":"Alarms cannot be configured to alert on CloudTrail events","issue":"CloudTrail does not deliver logs to CloudWatch","publicId":"SNYK-CC-TF-256","references":["https://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html"],"remediation":{"cloudformation":"Set `Properties.CloudWatchLogsLogGroupArn` attribute to cloudwatch log group ARN","terraform":"Set `cloud_watch_logs_group_arn` attribute to cloudwatch log group ARN"},"severity":"low","subType":"CloudTrail","title":"CloudTrail not integrated with CloudWatch"},"SNYK_CC_TF_3":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","2.2.1"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"103","impact":"That should someone gain unauthorized access to the data they would be able to read the contents. ","issue":"That this EBS volume is not encrypted. The default behavior is for EBS volumes to be encrypted. ","publicId":"SNYK-CC-TF-3","references":[],"remediation":{"cloudformation":"Set `Properties.Encrypted` attribute to `true`","terraform":"Set `encrypted` attribute to `true`"},"severity":"medium","subType":"EC2","title":"Non-encrypted EBS volume"},"SNYK_CC_TF_37":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"137","impact":"That potentially everyone can access your resource","issue":"That inbound traffic is allowed to a resource from any source instead of a restricted range","publicId":"SNYK-CC-TF-37","references":[],"remediation":{"cloudformation":"Set `CidrIp` attribute to specific IP range only, e.g. `192.168.1.0/24`","terraform":"Set `cidr_blocks` attribute to specific IP range only, e.g. `192.168.1.0/24`"},"severity":"medium","subType":"VPC","title":"AWS Security Group Rule allows public access"},"SNYK_CC_TF_38":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"138","impact":"That potentially everyone can access your resource","issue":"That inbound traffic is allowed to a resource from any source instead of a restricted range","publicId":"SNYK-CC-TF-38","references":["https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-security-groups.html"],"remediation":{"cloudformation":"Set `CIDRIP` attribute to specific IP range only, for example `192.168.1.0/24`","terraform":"Set `cidr` attribute to specific IP range only, for example `192.168.1.0/24`"},"severity":"medium","subType":"Redshift","title":"AWS Redshift Security Group allows public access"},"SNYK_CC_TF_39":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"139","impact":"That potentially everyone can access your resource","issue":"That inbound traffic is allowed to a resource from any source instead of a restricted range","publicId":"SNYK-CC-TF-39","references":["https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_AuthorizeDBSecurityGroupIngress.html"],"remediation":{"cloudformation":"Set `Properties.CIDRIP` attribute to specific IP range only, for example `192.168.1.0/24`","terraform":"Set `cidr` attribute to specific IP range only, for example `192.168.1.0/24`"},"severity":"medium","subType":"RDS","title":"AWS DB Security Group allows public access"},"SNYK_CC_TF_4":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","2.1.1"],["CSA-CCM","v4.0.5","CEK-03"]],"impact":"A non-encrypted S3 bucket increases the likelihood of unintentional data exposure","issue":"Non-encrypted S3 Bucket","publicId":"SNYK-CC-TF-4","references":["https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-bucket-encryption.html"],"remediation":{"cloudformation":"Set `BucketEncryption` attribute","terraform":"For AWS provider \u003c v4.0.0, set `server_side_encryption_configuration` block attribute. For AWS provider \u003e= v4.0.0 add aws_s3_bucket_server_side_encryption_configuration resource."},"severity":"medium","subType":"S3","title":"Non-encrypted S3 Bucket"},"SNYK_CC_TF_40":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"140","impact":"That potentially everyone can access your resource","issue":"That inbound traffic is allowed to a resource from any source instead of a restricted range","publicId":"SNYK-CC-TF-40","references":[],"remediation":{"terraform":"Set cidr_block to specific IP range only, e.g. `192.168.1.0/24`"},"resolve":"Set cidr_block to specific IP range only, e.g. `192.168.1.0/24`","severity":"medium","subType":"VPC","title":"AWS Default Network ACL allows public access"},"SNYK_CC_TF_41":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"141","impact":"That potentially everyone can access your resource","issue":"That inbound traffic is allowed to a resource from any source instead of a restricted range","publicId":"SNYK-CC-TF-41","references":["https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html"],"remediation":{"cloudformation":"Set `Properties.CidrBlock` or `Properties.Ipv6CidrBlock` attribute to specific IP range only, for example `192.168.0.0/24`","terraform":"Set `cidr_block` attribute to specific IP range only, for example `192.168.1.0/24`"},"severity":"medium","subType":"VPC","title":"AWS Network ACL allows public access"},"SNYK_CC_TF_42":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"142","impact":"That potentially everyone can access your resource","issue":"That inbound traffic is allowed to a resource from any source instead of a restricted range","publicId":"SNYK-CC-TF-42","references":[],"remediation":{"cloudformation":"Set `CidrBlock` to specific IP range only, e.g. `192.168.1.0/24`","terraform":"Set cidr_block to specific IP range only, e.g. `192.168.1.0/24`"},"severity":"medium","subType":"VPC","title":"AWS Network ACL Rule allows public access"},"SNYK_CC_TF_45":{"compliance":[["CIS-Controls","v8","3.14"],["CIS-Controls","v8","8.2"],["CIS-Controls","v8","8.12"],["CIS-AWS-Foundations","v1.4.0","3.6"],["CSA-CCM","v4.0.5","LOG-08"]],"impact":"There will be no audit trail of access to s3 objects","issue":"The s3 access logs will not be collected","publicId":"SNYK-CC-TF-45","references":["https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html"],"remediation":{"cloudformation":"Set `Properties.LoggingConfiguration` attribute","terraform":"For AWS provider \u003c v4.0.0, add `logging` block attribute. For AWS provider \u003e= v4.0.0, add aws_s3_bucket_logging resource."},"severity":"low","subType":"S3","title":"S3 server access logging is disabled"},"SNYK_CC_TF_46":{"compliance":[["CSA-CCM","v4.0.5","IVS-04"]],"description":"","id":"146","impact":"Increases attack vector reachability","issue":"The EC2-Classic resources run in shared environment","publicId":"SNYK-CC-TF-46","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-classic-platform.html"],"resolve":"Migrate the resource to VPC mode","severity":"low","subType":"EC2","title":"AWS EC2-Classic resource detected"},"SNYK_CC_TF_47":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"147","impact":"The content could be intercepted and manipulated in transit","issue":"Load balancer endpoint does not enforce HTTPS","publicId":"SNYK-CC-TF-47","references":["https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html"],"remediation":{"cloudformation":"Set the `Properties.Protocol` attribute to `HTTPS` or `TLS`","terraform":"Set the `protocol` attribute to `HTTPS` or `TLS`"},"severity":"medium","subType":"Elastic Load Balancing","title":"Load balancer endpoint does not enforce HTTPS"},"SNYK_CC_TF_48":{"compliance":[["CIS-Controls","v8","4.1"],["CSA-CCM","v4.0.5","IVS-03"],["CSA-CCM","v4.0.5","IVS-04"],["CSA-CCM","v4.0.5","CCC-01"]],"id":"148","impact":"Increases attack vector reachability","issue":"Load balancer is internet facing","publicId":"SNYK-CC-TF-48","references":["https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-internet-facing-load-balancers.html"],"remediation":{"cloudformation":"Set `Properties.Scheme` attribute to `internal`","terraform":"Set `internal` attribute to `true`"},"severity":"low","subType":"Elastic Load Balancing","title":"Load balancer is internet facing"},"SNYK_CC_TF_49":{"compliance":[["CIS-Controls","v8","3.10"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"149","impact":"Older cipher suites could be vulnerable to hijacking and information disclosure","issue":"The load balancer will accept older TLS/SSL cipher suits","publicId":"SNYK-CC-TF-49","references":["https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies"],"remediation":{"cloudformation":"Set `Properties.SslPolicy` attribute to latest AWS predefined security policy","terraform":"Set `ssl_policy` attribute to latest AWS predefined security policy"},"severity":"low","subType":"Elastic Load Balancing","title":"ELB does not enforce latest TLS/SSL policy"},"SNYK_CC_TF_5":{"compliance":[["CIS-Controls","v8","13.9"],["CIS-AWS-Foundations","v1.4.0","5.2"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"105","impact":"That potentially everyone can access your resource","issue":"That inbound traffic is allowed to a resource from any source instead of a restricted range","publicId":"SNYK-CC-TF-5","references":[],"remediation":{"terraform":"Updating the `cidr_block` attribute with a more restrictive IP range or a specific IP address to ensure traffic can only come from known sources."},"severity":"medium","subType":"VPC","title":"Default VPC Security Group allows open ingress"},"SNYK_CC_TF_50":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"description":"","id":"150","impact":"Increases attack vector reachability","issue":"AWS resource is publicly accessible","publicId":"SNYK-CC-TF-50","references":["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html","https://docs.aws.amazon.com/redshift/latest/mgmt/managing-clusters-vpc.html"],"remediation":{"terraform":"Set `publicly_accessible` attribute to `false`"},"severity":"high","subType":"Public Access","title":"Resource is publicly accessible"},"SNYK_CC_TF_51":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"151","impact":"Increases attack vector reachability","issue":"AWS resource could be accessed externally via public IP","publicId":"SNYK-CC-TF-51","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html","https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-in-vpc.html"],"remediation":{"terraform":"Set `associate_public_ip_address` attribute to `false`"},"resolve":"","severity":"low","subType":"EC2","title":"Resource has public IP assigned"},"SNYK_CC_TF_52":{"compliance":[["CIS-Controls","v8","3.12"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"152","impact":"The secret value will readable to anyone with access to VCS","issue":"Secret value has been declared in variable definition","publicId":"SNYK-CC-TF-52","references":["https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html"],"remediation":{"cloudformation":"Remove secret value from `ContainerDefinitions.Environment` map","terraform":"Remove secret value from `environment` map"},"severity":"medium","subType":"ECS","title":"Potentially sensitive variable in task definition"},"SNYK_CC_TF_53":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","2.2.1"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"153","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"The root block device for ec2 instance is not encrypted","publicId":"SNYK-CC-TF-53","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/RootDeviceStorage.html","https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html","https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-root-volume-property/","https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/device_naming.html"],"remediation":{"cloudformation":"Set `BlockDeviceMappings.Encrypted` attribute of root device to `true`","terraform":"Set `root_block_device.encrypted` attribute to `true`"},"severity":"medium","subType":"EC2","title":"Non-Encrypted root block device"},"SNYK_CC_TF_54":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"154","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"The SQS queue is not encrypted at rest","publicId":"SNYK-CC-TF-54","references":["https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html"],"remediation":{"cloudformation":"Set `Properties.KmsMasterKeyId` attribute to KMS key, for example `alias/aws/sqs`, or set `SqsManagedSseEnabled` to `true`","terraform":"Either set `kms_master_key_id` attribute to KMS key or set `sqs_managed_sse_enabled` to `true`"},"severity":"medium","subType":"SQS","title":"Non-Encrypted SQS Queue"},"SNYK_CC_TF_55":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"155","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"The SNS topic is not encrypted at rest","publicId":"SNYK-CC-TF-55","references":["https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html"],"remediation":{"cloudformation":"Set `KmsMasterKeyId` attribute to KMS key for example `alias/aws/sns`","terraform":"Set `kms_master_key_id` attribute to KMS key"},"severity":"medium","subType":"SNS","title":"Non-Encrypted SNS Topic"},"SNYK_CC_TF_56":{"id":"156","impact":"Increases the security management overhead","issue":"The description field is missing in the security group","publicId":"SNYK-CC-TF-56","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html"],"resolve":"Set `description` attribute to meaningful statement","severity":"low","subType":"VPC","title":"Security group description is missing"},"SNYK_CC_TF_57":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"157","impact":"The content could be intercepted and manipulated in transit","issue":"Cloudfront distribution does not enforce HTTPS","publicId":"SNYK-CC-TF-57","references":["https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesViewerProtocolPolicy","https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-to-cloudfront.html"],"remediation":{"cloudformation":"Set `Properties.DistributionConfig.ViewerProtocolPolicy` attribute to `redirect-to-https` or `https-only`","terraform":"Set `default_cache_behavior.viewer_protocol_policy` attribute to `redirect-to-https` or `https-only`"},"severity":"medium","subType":"CloudFront","title":"Cloudfront distribution does not enforce HTTPS"},"SNYK_CC_TF_58":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"158","impact":"Older cipher suites could be vulnerable to hijacking and information disclosure","issue":"The cloudfront distribution will accept older TLS/SSL cipher suits","publicId":"SNYK-CC-TF-58","references":["https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy","https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html"],"remediation":{"cloudformation":"Set `Properties.DistributionConfig.ViewerCertificate.MinimumProtocolVersion` attribute to `TLSv1.2_2019`","terraform":"Set `viewer_certificate.minimum_protocol_version` attribute to `TLSv1.2_2019`"},"severity":"low","subType":"CloudFront","title":"Distribution does not enforce latest TLS/SSL policy"},"SNYK_CC_TF_59":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"159","impact":"The content could be intercepted and manipulated in transit","issue":"The client traffic will not be encrypted in transit","publicId":"SNYK-CC-TF-59","references":["https://docs.aws.amazon.com/msk/latest/developerguide/msk-encryption.html"],"remediation":{"cloudformation":"Set `Properties.EncryptionInfo.EncryptionInTransit.ClientBroker` attribute to `TLS`","terraform":"Set `encryption_info.encryption_in_transit.client_broker` attribute to `TLS`"},"severity":"medium","subType":"Managed Streaming for Kafka (MSK)","title":"MSK allows client plaintext traffic"},"SNYK_CC_TF_6":{"compliance":[["CIS-Controls","v8","13.9"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"106","impact":"That traffic from a resource could reach any destination, in the event of a breach this means data could be uploaded externally or additional resources targeted","issue":"That outbound traffic is not restricted to a specific range from a resource","publicId":"SNYK-CC-TF-6","references":[],"remediation":{"terraform":"Updating the `cidr_block` attribute with a more restrictive IP range or a specific IP address to ensure traffic can only reach known destinations."},"severity":"medium","subType":"VPC","title":"Default VPC Security Group allows open egress"},"SNYK_CC_TF_60":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"160","impact":"The content could be intercepted and manipulated in transit","issue":"The inter-cluster traffic will not be encrypted in transit","publicId":"SNYK-CC-TF-60","references":["https://docs.aws.amazon.com/msk/latest/developerguide/msk-encryption.html"],"remediation":{"cloudformation":"Set `Properties.EncryptionInfo.EncryptionInTransit.InCluster` attribute to `true`","terraform":"Set `encryption_info.encryption_in_transit.in_cluster` attribute to `true`"},"severity":"medium","subType":"Managed Streaming for Kafka (MSK)","title":"MSK allows in cluster plaintext traffic"},"SNYK_CC_TF_61":{"compliance":[["CIS-Controls","v8","4.1"],["CIS-Controls","v8","7.1"],["CSA-CCM","v4.0.5","TVM-01"],["CSA-CCM","v4.0.5","TVM-07"],["CSA-CCM","v4.0.5","AIS-07"]],"impact":"The known vulnerabilities will not be automatically discovered","issue":"The ECR image scan for known vulnerabilities is disabled","publicId":"SNYK-CC-TF-61","references":["https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html"],"remediation":{"cloudformation":"Set `Properties.ImageScanningConfiguration` attribute to `true`","terraform":"Set `image_scanning_configuration.scan_on_push` attribute to `true`"},"severity":"low","subType":"ECR","title":"ECR image scanning is disabled"},"SNYK_CC_TF_62":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"162","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"The AWS kinesis server-side encryption is disabled","publicId":"SNYK-CC-TF-62","references":["https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.htm://docs.aws.amazon.com/streams/latest/dev/server-side-encryption.html"],"remediation":{"cloudformation":"Set `Properties.StreamEncryption.EncryptionType` attribute to `KMS`","terraform":"Set `encryption_type` attribute to `KMS`"},"severity":"medium","subType":"Kinesis","title":"Non-Encrypted Kinesis Stream"},"SNYK_CC_TF_63":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"163","impact":"Older cipher suites could be vulnerable to hijacking and information disclosure","issue":"The API gateway will accept older TLS cipher suits","publicId":"SNYK-CC-TF-63","references":["https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.html"],"remediation":{"cloudformation":"Set `Properties.SecurityPolicy` attribute to `TLS_1_2`","terraform":"Set `security_policy` attribute to `TLS_1_2`"},"severity":"low","subType":"API Gateway (REST APIs)","title":"API Gateway does not enforce latest TLS/SSL policy"},"SNYK_CC_TF_64":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"164","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"The elasticsearch cluster is not encrypted at rest","publicId":"SNYK-CC-TF-64","references":["https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/encryption-at-rest.html","https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/aes-supported-instance-types.html"],"remediation":{"cloudformation":"Set `Properties.EncryptionAtRestOptions` attribute to `true`","terraform":"Set `encrypt_at_rest.enabled` attribute to `true`"},"severity":"medium","subType":"ElasticSearch","title":"Non-encrypted ElasticSearch cluster"},"SNYK_CC_TF_65":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"165","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"The instance type does not support encryption at rest","publicId":"SNYK-CC-TF-65","references":["https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/encryption-at-rest.html","https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/aes-supported-instance-types.html"],"remediation":{"cloudformation":"Set `Properties.ElasticsearchClusterConfig.InstanceType` attribute to supported instance type e.g. `c5.large.elasticsearch`, and set `EncryptionAtRestOptions.enabled` attribute to `true`","terraform":"Set `cluster_config.instance_type` attribute to supported instance type e.g. `c5.large.elasticsearch`, and set `encrypt_at_rest.enabled` attribute to `true`"},"severity":"medium","subType":"ElasticSearch","title":"Encryption at rest is not supported by instance type"},"SNYK_CC_TF_66":{"compliance":[["CIS-Controls","v8","3.10"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"166","impact":"The content could be intercepted and manipulated in transit","issue":"The inter-cluster traffic will not be encrypted in transit","publicId":"SNYK-CC-TF-66","references":["https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/ntn.html"],"remediation":{"cloudformation":"Set `Properties.NodeToNodeEncryptionOptions` attribute to `true`","terraform":"Set `node_to_node_encryption.enabled` attribute to `true`"},"severity":"medium","subType":"ElasticSearch","title":"Node-to-node encryption is disabled"},"SNYK_CC_TF_67":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"167","impact":"The content could be intercepted and manipulated in transit","issue":"The HTTPS is not enforced for elasticsearch cluster","publicId":"SNYK-CC-TF-67","references":["https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-data-protection.html"],"remediation":{"cloudformation":"Set `Properties.DomainEndpointOptions.EnforceHTTPS` attribute to `true`","terraform":"Set `domain_endpoint_options.enforce_https` attribute to `true`"},"severity":"medium","subType":"ElasticSearch","title":"Cluster does not enforce HTTPS"},"SNYK_CC_TF_68":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"168","impact":"Older cipher suites could be vulnerable to hijacking and information disclosure","issue":"The elasticsearch cluster will accept older TLS/SSL cipher suits","publicId":"SNYK-CC-TF-68","references":["https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-data-protection.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html"],"remediation":{"cloudformation":"Set `Properties.DomainEndpointOptions.TLSSecurityPolicy` attribute to `Policy-Min-TLS-1-2-2019-07`","terraform":"Set `domain_endpoint_options.tls_security_policy` attribute to `Policy-Min-TLS-1-2-2019-07`"},"severity":"medium","subType":"ElasticSearch","title":"Cluster does not enforce latest TLS/SSL policy"},"SNYK_CC_TF_69":{"compliance":[["CIS-Controls","v8","6.8"],["CIS-AWS-Foundations","v1.4.0","1.16"],["CSA-CCM","v4.0.5","IAM-05"],["CSA-CCM","v4.0.5","IAM-16"]],"description":"","id":"169","impact":"Granting permission to perform any action is against 'least privilege' principle","issue":"The IAM policy allows all actions on resource","publicId":"SNYK-CC-TF-69","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html","https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html"],"remediation":{"cloudformation":"Set `Action` attribute in `Properties.PolicyDocument` to specific actions e.g. `s3:ListBucket`","terraform":"Set `statement.action` attribute to specific actions e.g. `s3:ListBucket`"},"severity":"high","subType":"IAM","title":"Wildcard action in IAM Policy"},"SNYK_CC_TF_7":{"compliance":[["CIS-Controls","v8","5.2"],["CSA-CCM","v4.0.5","IAM-02"]],"id":"107","impact":"Your password is not following the recommended security practices and is not as strong as it should be","issue":"Your password does not contain uppercase characters","publicId":"SNYK-CC-TF-7","references":[],"remediation":{"terraform":"Set the `require_uppercase_characters` attribute to be `true` to increase the strength of your password"},"severity":"medium","subType":"IAM","title":"IAM password should contain uppercase"},"SNYK_CC_TF_70":{"compliance":[["CIS-Controls","v8","6.8"],["CIS-AWS-Foundations","v1.4.0","1.15"],["CIS-AWS-Foundations","v1.4.0","1.16"],["CSA-CCM","v4.0.5","IAM-16"]],"id":"170","impact":"Granting permission to perform any action is against 'least privilege' principle","issue":"The SQS queue policy allows all actions on the resource","publicId":"SNYK-CC-TF-70","references":["https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-authentication-and-access-control.html"],"remediation":{"cloudformation":"Set `Action` in `Properties.PolicyDocument` attribute to specific actions for example `sqs:SendMessage`","terraform":"Set `Action` in policy heredoc to specific actions e.g. `sqs:SendMessage`"},"severity":"high","subType":"SQS","title":"Wildcard action in SQS Policy"},"SNYK_CC_TF_71":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"171","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"The ElastiCache replication group is not encrypted at rest","publicId":"SNYK-CC-TF-71","references":["https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/at-rest-encryption.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticache-replicationgroup.html"],"remediation":{"cloudformation":"Set `Properties.AtRestEncryptionEnabled` attribute to `true`","terraform":"Set `at_rest_encryption_enabled` attribute to `true`"},"severity":"medium","subType":"ElastiCache","title":"Non-Encrypted ElastiCache Replication Group"},"SNYK_CC_TF_72":{"compliance":[["CIS-Controls","v8","13.9"],["CSA-CCM","v4.0.5","IVS-03"]],"impact":"Open egress can be used to exfiltrate data to unauthorized destinations, and enable access to potentially malicious resources","issue":"The security group rule allows open egress","publicId":"SNYK-CC-TF-72","references":["https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html","https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-best-practices.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html"],"remediation":{"cloudformation":"Set `Properties.SecurityGroupEgress.CidrIp` attribute to specific ranges e.g. `192.168.1.0/24`","terraform":"Set `cidr_blocks` attribute to specific ranges e.g. `192.168.1.0/24`"},"severity":"low","subType":"VPC","title":"Rule allows open egress"},"SNYK_CC_TF_73":{"compliance":[["CIS-Controls","v8","13.9"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"173","impact":"Open egress can be used to exfiltrate data to unauthorized destinations, and enable access to potentially malicious resources","issue":"The inline security group rule allows open egress","publicId":"SNYK-CC-TF-73","references":["https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html","https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-best-practices.html"],"remediation":{"cloudformation":"Set `Properties.SecurityGroupEgress.CidrIp` attribute to specific ranges e.g. `192.168.1.0/24`","terraform":"Set `egress.cidr_blocks` attribute to specific ranges e.g. `192.168.1.0/24`"},"severity":"low","subType":"VPC","title":"AWS Security Group allows open egress"},"SNYK_CC_TF_74":{"compliance":[["CIS-Controls","v8","4.6"],["CSA-CCM","v4.0.5","IAM-15"]],"id":"174","impact":"Use of provider attributes can lead to accidental disclosure of credentials in configuration files, variable definition files, event logs or console logs","issue":"Credentials are configured via provider attributes","publicId":"SNYK-CC-TF-74","references":["https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html","https://registry.terraform.io/providers/hashicorp/aws/latest/docs"],"resolve":"Set access credentials via environment variables, and remove `access_key` and `secret_key` attributes from the configuration","severity":"high","subType":"Provider","title":"Credentials are configured via provider attributes"},"SNYK_CC_TF_75":{"compliance":[["CIS-Controls","v8","4.4"],["CIS-Controls","v8","12.2"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"175","impact":"The WAF service will not protect the application from common web based attacks such as SQL injections","issue":"The AWS WAF is not in front of cloudfront distribution","publicId":"SNYK-CC-TF-75","references":["https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-awswaf.html","https://docs.aws.amazon.com/waf/latest/developerguide/web-acl.html"],"remediation":{"cloudformation":"Set `Properties.DistributionConfig.WebACLId` attribute to existing AWS WAF acl ARN","terraform":"Set `web_acl_id` attribute to existing AWS WAF acl ARN"},"severity":"low","subType":"CloudFront","title":"Cloudfront distribution without WAF"},"SNYK_CC_TF_8":{"compliance":[["CIS-Controls","v8","5.2"],["CSA-CCM","v4.0.5","IAM-02"]],"id":"108","impact":"Your password is not following the recommended security practices and is not as strong as it should be","issue":"Your password does not contain lowercase characters","publicId":"SNYK-CC-TF-8","references":[],"remediation":{"terraform":"Set the `require_lowercase_characters` attribute to be `true` to increase the strength of your password"},"severity":"medium","subType":"IAM","title":"IAM password should contain lowercase"},"SNYK_CC_TF_9":{"compliance":[["CIS-Controls","v8","5.2"],["CSA-CCM","v4.0.5","IAM-02"]],"id":"109","impact":"Your password is not following the recommended security practices and is not as strong as it should be","issue":"Your password does not contain symbols","publicId":"SNYK-CC-TF-9","references":[],"remediation":{"terraform":"Set the `require_symbols` attribute to be `true` to increase the strength of your password"},"severity":"medium","subType":"IAM","title":"IAM password should contain symbols"},"SNYK_CC_TF_93":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"193","impact":"Any AWS account will be able to perform actions specified in the policy","issue":"The ECR policy allows access to any account","publicId":"SNYK-CC-TF-93","references":["https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policies.html"],"remediation":{"cloudformation":"Set `Statement.Principal` attribute of policy document to specific accounts only e.g. `arn:aws:iam::account-id:root`","terraform":"Set `statement.principal` attribute of policy document to specific accounts only e.g. `arn:aws:iam::account-id:root`"},"severity":"high","subType":"ECR","title":"ECR policy allows public access"},"SNYK_CC_TF_94":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"194","impact":"Anyone may be able to establish network connectivity to the API server","issue":"API endpoint of the EKS cluster is public","publicId":"SNYK-CC-TF-94","references":["https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html"],"resolve":"Set `vpc_config.public_access_cidrs` attribute to specific net address e.g. `192.168.0.0/24`, or set `vpc_config.endpoint_public_access` attribute to `false`","severity":"high","subType":"EKS","title":"EKS cluster allows public access"},"SNYK_CC_TF_95":{"compliance":[["CIS-Controls","v8","3.3"],["CIS-AWS-Foundations","v1.4.0","2.1.5"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"195","impact":"Anyone who can manage bucket's ACLs will be able to grant public access to the bucket","issue":"Bucket does not prevent creation of public ACLs","publicId":"SNYK-CC-TF-95","references":["https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html","https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html","https://docs.aws.amazon.com/AmazonS3/latest/user-guide/block-public-access.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html"],"remediation":{"cloudformation":"Set `Properties.PublicAccessBlockConfiguration.BlockPublicAcls` attribute to `true`","terraform":"Set the `aws_s3_bucket_public_access_block` `block_public_acls` field to true."},"severity":"high","subType":"S3","title":"S3 block public ACLs control is disabled"},"SNYK_CC_TF_96":{"compliance":[["CIS-Controls","v8","3.3"],["CIS-AWS-Foundations","v1.4.0","2.1.5"],["CSA-CCM","v4.0.5","IAM-05"]],"impact":"Anyone who can manage bucket's policies will be able to grant public access to the bucket.","issue":"Bucket does not prevent creation of public policies","publicId":"SNYK-CC-TF-96","references":["https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html","https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html","https://docs.aws.amazon.com/AmazonS3/latest/user-guide/block-public-access.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html"],"remediation":{"cloudformation":"Set `Properties.PublicAccessBlockConfiguration.BlockPublicPolicy` attribute to `true`","terraform":"Set `aws_s3_bucket_public_access_block` `block_public_policy` attribute to `true`"},"severity":"high","subType":"S3","title":"S3 block public policy control is disabled"},"SNYK_CC_TF_97":{"compliance":[["CIS-Controls","v8","3.3"],["CIS-AWS-Foundations","v1.4.0","2.1.5"],["CSA-CCM","v4.0.5","IAM-05"]],"impact":"If public ACL is attached to the bucket, anyone will be able to read and/or write to the bucket.","issue":"Bucket will recognize public ACLs and allow public access","publicId":"SNYK-CC-TF-97","references":["https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html","https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html","https://docs.aws.amazon.com/AmazonS3/latest/user-guide/block-public-access.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html"],"remediation":{"cloudformation":"Set `Properties.PublicAccessBlockConfiguration.IgnorePublicAcls` attribute to `true`","terraform":"Set `aws_s3_bucket_public_access_block` `ignore_public_acls` attribute to `true`"},"severity":"high","subType":"S3","title":"S3 ignore public ACLs control is disabled"},"SNYK_CC_TF_98":{"compliance":[["CIS-Controls","v8","3.3"],["CIS-AWS-Foundations","v1.4.0","2.1.5"],["CSA-CCM","v4.0.5","IAM-05"]],"impact":"If public policy is attached to the bucket, anyone will be able to read and/or write to the bucket.","issue":"Bucket will recognize public policies and allow public access","publicId":"SNYK-CC-TF-98","references":["https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html","https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html","https://docs.aws.amazon.com/AmazonS3/latest/user-guide/block-public-access.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html"],"remediation":{"cloudformation":"Set `Properties.PublicAccessBlockConfiguration.RestrictPublicBuckets` attribute to `true`","terraform":"Set `aws_s3_bucket_public_access_block` `restrict_public_buckets` attribute to `true`"},"severity":"high","subType":"S3","title":"S3 restrict public bucket control is disabled"},"SNYK_CC_TF_99":{"compliance":[["CIS-Controls","v8","3.3"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"199","impact":"Anyone could potentially access resources behind the gateway","issue":"API gateway will accept http methods without authorization header","publicId":"SNYK-CC-TF-99","references":["https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-method-settings-method-request.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-method.html"],"remediation":{"cloudformation":"Set `Properties.AuthorizationType` attribute to value other than `NONE`","terraform":"Set `authorization` attribute to value other than `NONE`"},"severity":"high","subType":"API Gateway (REST APIs)","title":"API Gateway allows anonymous access"}},"azure":{"SNYK_CC_AZURE_468":{"compliance":[["CIS-Controls","v8","8.1"],["CIS-AZURE-Foundations","v1.4.0","4.1.3"],["CSA-CCM","v4.0.5","LOG-02"]],"impact":"Audit records may not be available during investigation","issue":"Azure SQL database audit retention period is below 90 days","publicId":"SNYK-CC-AZURE-468","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_database","https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview"],"remediation":{"arm":"Set `retentionDays` attribute to `90` or greater. Alternatively set the value to `0` to retain records indefinitely","terraform":"Set `retention_in_days` attribute to `90` or greater. Alternatively set the value to `0` to retain records indefinitely"},"severity":"low","subType":"Database","title":"Azure SQL database audit retention period is below 90 days"},"SNYK_CC_AZURE_470":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","BCR-08"]],"impact":"Database contents are not backed up in multiple geographical locations for disaster prevention","issue":"MariaDB geo-redundant backup is disabled","publicId":"SNYK-CC-AZURE-470","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mariadb_server","https://docs.microsoft.com/en-us/azure/mariadb/concepts-backup#backup-redundancy-options"],"remediation":{"arm":"Set `properties.storageProfile.geoRedundantBackup` attribute to `Enabled`","terraform":"Set `geo_redundant_backup_enabled` attribute to `true`"},"severity":"low","subType":"Database","title":"MariaDB geo-redundant backup disabled"},"SNYK_CC_AZURE_471":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"571","impact":"Database service port can be potentially accessed by anyone on the internet. This exposes the service to the authentication brute force attacks","issue":"MariaDB public access is enabled","publicId":"SNYK-CC-AZURE-471","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mariadb_server","https://docs.microsoft.com/en-us/azure/mariadb/howto-deny-public-network-access"],"remediation":{"arm":"Set `properties.publicNetworkAccess` attribute to `Disabled`","terraform":"Set `public_network_access_enabled` attribute to `false`"},"severity":"medium","subType":"Database","title":"MariaDB public access is enabled"},"SNYK_CC_AZURE_472":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","DSP-10"]],"impact":"Data-in-transit in vulnerable to interception and exfiltration","issue":"MariaDB server does not enforce SSL","publicId":"SNYK-CC-AZURE-472","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mariadb_server","https://mariadb.com/kb/en/securing-connections-for-client-and-server/"],"remediation":{"arm":"Set `publicNetworkAccess` attribute to `Disabled`","terraform":"Set `public_network_access_enabled` attribute to `false`"},"severity":"medium","subType":"Database","title":"MariaDB server does not enforce SSL"},"SNYK_CC_AZURE_473":{"compliance":[["CIS-Controls","v8","5.6"],["CIS-Controls","v8","16.10"],["CIS-Controls","v8","6.7"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Alternative certificate based authentication introduced management overhead. Certificates are harder to revoke and rotate than active directory membership","issue":"Service fabric does not use active directory authentication","publicId":"SNYK-CC-AZURE-473","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/service_fabric_cluster","https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-creation-setup-aad"],"remediation":{"arm":"Set an `azureActiveDirectory` attribute","terraform":"Set an `azure_active_directory` block with the following attributes, `tenant_id`, `cluster_application_id`, `client_application_id`"},"severity":"medium","subType":"Service Fabric","title":"Service fabric does not use active directory authentication"},"SNYK_CC_AZURE_474":{"compliance":[["CIS-Controls","v8","13.10"],["CIS-Controls","v8","12.2"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Application will not be protected using a Web Application Firewall","issue":"WAF not enabled on application gateway","publicId":"SNYK-CC-AZURE-474","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_gateway","https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-web-application-firewall-portal"],"remediation":{"arm":"Set `properties.webApplicationFirewallConfiguration.enabled` attribute to `true`","terraform":"Set `enabled` attribute to `true` within the `waf_configuration` block"},"severity":"medium","subType":"Network","title":"WAF not enabled on application gateway"},"SNYK_CC_AZURE_475":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"575","impact":"Storage devices attached to the VM will not be encrypted at rest","issue":"Linux VM scale set encryption at host disabled","publicId":"SNYK-CC-AZURE-475","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine_scale_set","https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disks-enable-host-based-encryption-cli"],"remediation":{"arm":"Set `properties.securityProfile.encryptionAtHost` attribute to `true`","terraform":"Set `encryption_at_host_enabled` attribute to `true`"},"severity":"medium","subType":"Compute","title":"Linux VM scale set encryption at host disabled"},"SNYK_CC_AZURE_476":{"compliance":[["CIS-Controls","v8","13.10"],["CIS-Controls","v8","12.2"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Azure Front Door will not apply WAF policy to the linked web applications","issue":"FrontDoor WAF disabled","publicId":"SNYK-CC-AZURE-476","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/frontdoor#web_application_firewall_policy_link_id","https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/afds-overview"],"remediation":{"arm":"Set `properties.webApplicationFirewallPolicyLink` attribute within the `id` of firewall policy","terraform":"Set `web_application_firewall_policy_link_id` attribute within the `frontend_endpoint` block"},"severity":"medium","subType":"Network","title":"FrontDoor WAF disabled"},"SNYK_CC_AZURE_477":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-Controls","v8","3.10"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Data in transit is vulnerable to interception and manipulation","issue":"Redis cache non SSL port enabled","publicId":"SNYK-CC-AZURE-477","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/redis_cache","https://docs.microsoft.com/en-us/azure/azure-cache-for-redis/cache-management-faq"],"remediation":{"arm":"Set `properties.enableNonSslPort` attribute to `false`","terraform":"Set `enable_non_ssl_port` port to `false`"},"severity":"medium","subType":"Redis","title":"Redis cache insecure port enabled"},"SNYK_CC_AZURE_478":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Storage devices attached to the VM will not be encrypted at rest","issue":"Windows VM scale set encryption at host disabled","publicId":"SNYK-CC-AZURE-478","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_virtual_machine_scale_set","https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disks-enable-host-based-encryption-cli"],"remediation":{"arm":"Set `properties.securityProfile.encryptionAtHost` attribute to `true`","terraform":"Set `encryption_at_host_enabled` attribute to `true`"},"severity":"medium","subType":"Compute","title":"Windows VM scale set encryption at host disabled"},"SNYK_CC_AZURE_500":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","DSP-10"]],"impact":"The connection and transmitted data could be intercepted and manipulated","issue":"Function App does not enforce use of HTTPS connections, users can access via HTTP","publicId":"SNYK-CC-AZURE-500","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#https_only","https://docs.microsoft.com/en-us/azure/azure-functions/security-concepts#require-https"],"remediation":{"arm":"Set `httpsOnly` attribute to `true`","terraform":"Set `https_only` attribute to `true`"},"severity":"medium","subType":"App Service (Web Apps)","title":" Function App does not enforce HTTPS"},"SNYK_CC_AZURE_501":{"compliance":[["CIS-Controls","v8","5.6"],["CIS-Controls","v8","16.10"],["CIS-Controls","v8","6.7"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Users will not be able to use Azure Active Directory for authentication in their Function App","issue":"Function App built-in authentication disabled","publicId":"SNYK-CC-AZURE-501","references":["https://docs.microsoft.com/en-us/azure/azure-functions/security-concepts#authenticationauthorization","https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization"],"remediation":{"arm":"Set `properties.enabled` to `true`","terraform":"Set `auth_settings.enabled` attribute to `true`"},"severity":"medium","subType":"App Service (Web Apps)","title":"Function App built-in authentication disabled"},"SNYK_CC_AZURE_502":{"compliance":[["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Audit records may not be available during investigation","issue":"Function App logging has been explicitly disabled","publicId":"SNYK-CC-AZURE-502","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#enable_builtin_logging","https://docs.microsoft.com/en-us/azure/azure-functions/functions-monitoring#collecting-telemetry-data"],"remediation":{"arm":"Set `properties.detailedErrorMessages` and `properties.failedRequestsTracing` attributes to `true`","terraform":"Set `enable_builtin_logging` attribute to `true`"},"severity":"low","subType":"App Service (Web Apps)","title":"Function App logging disabled"},"SNYK_CC_AZURE_504":{"compliance":[["CIS-Controls","v8","3.3"],["CSA-CCM","v4.0.5","IAM-05"]],"impact":"Anonymous users can access your API documentation and specifications","issue":"API Management allows anonymous access to developer portal","publicId":"SNYK-CC-AZURE-504","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management#enabled","https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-oauth2"],"remediation":{"arm":"Set `name` to `signin` and `properties.enabled` to `true`","terraform":"Set a `sign_in.enabled` attribute set to `true`"},"severity":"low","subType":"API Management","title":"API Management allows anonymous access to developer portal"},"SNYK_CC_AZURE_505":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"505","impact":"Usage of outdated protocols pose a security risk and a lack of technical support, using these protocols means your APIs are vulnerable to attack","issue":"API Management allows insecure TLS/SSL protocols","publicId":"SNYK-CC-AZURE-505","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management#enable_backend_ssl30","https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-manage-protocols-ciphers"],"remediation":{"arm":"Set `properties.tls11Enabled` and `properties.tls10Enabled` to `false`","terraform":"Set any `security.enable_backend_*` attributes to `false`"},"severity":"low","subType":"API Management","title":"API Management allows insecure TLS/SSL protocols"},"SNYK_CC_AZURE_508":{"compliance":[["CIS-Controls","v8","5.4"],["CSA-CCM","v4.0.5","IAM-05"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-09"]],"id":"608","impact":"Job will have elevated privileges on the host instance which may allow it to access information about other workloads","issue":"Batch job runs in admin mode","publicId":"SNYK-CC-AZURE-508","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/batch_pool#elevation_level","https://docs.microsoft.com/en-us/azure/batch/batch-user-accounts#elevated-access-for-tasks"],"remediation":{"arm":"Set `properties.startTask.userIdentity.autoUser.elevationLevel` to `NonAdmin`","terraform":"Set `start_task.user_identity.auto_user.elevation_level` attribute to `NonAdmin`"},"severity":"high","subType":"Batch","title":"Batch job runs in admin mode"},"SNYK_CC_AZURE_509":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"The content could be intercepted and manipulated in transit","issue":"CDN Endpoint https not enforced","publicId":"SNYK-CC-AZURE-509","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cdn_endpoint#is_http_allowed","https://docs.microsoft.com/en-us/azure/cdn/cdn-custom-ssl?tabs=option-1-default-enable-https-with-a-cdn-managed-certificate"],"remediation":{"arm":"Set `properties.isHttpAllowed` to `false`","terraform":"Set `is_http_allowed` to `false`"},"severity":"medium","subType":"CDN","title":"CDN Endpoint https not enforced"},"SNYK_CC_AZURE_510":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","BCR-03"]],"impact":"Account will experience loss of write availability for all the duration of the write region outage","issue":"CosmosDB Account automatic failover disabled","publicId":"SNYK-CC-AZURE-510","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_account#enable_automatic_failover","https://docs.microsoft.com/en-us/azure/cosmos-db/high-availability"],"remediation":{"arm":"Set `properties.enableAutomaticFailover` to `true`","terraform":"Set `enable_automatic_failover` attribute to `true`"},"severity":"low","subType":"CosmosDB (DocumentDB)","title":"CosmosDB account automatic failover disabled"},"SNYK_CC_AZURE_511":{"compliance":[["CIS-Controls","v8","16.1"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Databases under the account may be accessible by anyone on the Internet","issue":"CosmosDB account public network access enabled","publicId":"SNYK-CC-AZURE-511","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_account#public_network_access_enabled","https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-configure-firewall"],"remediation":{"arm":"`properties.publicNetworkAccess` to `Disabled`","terraform":"Set `public_network_access_enabled` attribute to `false`"},"severity":"medium","subType":"CosmosDB (DocumentDB)","title":"CosmosDB account public network access enabled"},"SNYK_CC_AZURE_512":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","CCC-04"],["CSA-CCM","v4.0.5","IAM-05"]],"impact":"The Azure services will be able to connect to the DB without explicit allow acl","issue":"CosmosDB account acl bypass for trusted services enabled","publicId":"SNYK-CC-AZURE-512","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_account#network_acl_bypass_for_azure_services","https://docs.microsoft.com/en-us/azure/cosmos-db/analytical-store-private-endpoints"],"remediation":{"arm":"Set `properties.networkAclBypass` to `None`","terraform":"Set `network_acl_bypass_for_azure_services` attribute to `false`"},"severity":"low","subType":"CosmosDB (DocumentDB)","title":"CosmosDB account acl bypass for trusted services enabled"},"SNYK_CC_AZURE_513":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"The REST APIs are subject to attacks from the public internet, such as zero-day vulnerabilities and unauthorized access via lost credentials","issue":"The Azure Data Factory REST APIs are accessible from the Internet","publicId":"SNYK-CC-AZURE-513","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_factory#public_network_enabled","https://docs.microsoft.com/en-us/azure/data-factory/data-movement-security-considerations"],"remediation":{"arm":"Set `properties.publicNetworkAccess` to `Disabled`","terraform":"Set `public_network_enabled` to `false`"},"severity":"medium","subType":"Data Factory","title":"Data Factory public access enabled"},"SNYK_CC_AZURE_514":{"id":"614","impact":"Scope of use of the key cannot be controlled via access policies","issue":"Data Factory is not using customer managed key to encrypt data","publicId":"SNYK-CC-AZURE-514","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_factory#customer_managed_key_id","https://docs.microsoft.com/en-us/azure/data-factory/enable-customer-managed-key"],"remediation":{"arm":"Set `properties.encryption.keyName` attribute to customer managed key","terraform":"Set `customer_managed_key_id` attribute"},"severity":"low","subType":"Data Factory","title":"Data Factory not encrypted with customer managed key"},"SNYK_CC_AZURE_515":{"compliance":[["CIS-Controls","v8","4.4"],["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Data Lake Storage will be accessible from the internet which increases the external attack vectors","issue":"Data Lake Storage firewall disabled","publicId":"SNYK-CC-AZURE-515","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_lake_store#firewall_state","https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-best-practices#enable-the-data-lake-storage-gen2-firewall-with-azure-service-access"],"remediation":{"arm":"Set `properties.firewallState` to `Enabled`","terraform":"Set `firewall_state` attribute to `Enabled`"},"severity":"high","subType":"Data Lake","title":"Data Lake Storage firewall disabled"},"SNYK_CC_AZURE_516":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Services deployed in the network will not benefit from advanced DDoS protection features such as attack alerting and analytics","issue":"Virtual Network DDoS protection plan disabled","publicId":"SNYK-CC-AZURE-516","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network#ddos_protection_plan","https://docs.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview"],"remediation":{"arm":"Set `properties.enableDdosProtection` to `true`","terraform":"Set `ddos_protection_plan.enable` attribute to `true`"},"severity":"low","subType":"Network","title":"Virtual Network DDoS protection plan disabled"},"SNYK_CC_AZURE_517":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-14"],["CSA-CCM","v4.0.5","IAM-16"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"617","impact":"Unauthenticated users will be able to access the data stored in the cache","issue":"Redis Cache accessible without authentication","publicId":"SNYK-CC-AZURE-517","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/redis_cache#enable_authentication","https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/azure-cache-for-redis-security-baseline"],"remediation":{"terraform":"Set `redis_configuration.enable_authentication` attribute to `true`"},"severity":"medium","subType":"Redis","title":"Redis Cache accessible without authentication"},"SNYK_CC_AZURE_518":{"compliance":[["CIS-Controls","v8","11.2"],["CSA-CCM","v4.0.5","BCR-08"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"In the event of hardware failure or other disasters, data may be lost. Note this is only available to Premium Service Tier Caches (SKUs)","issue":"Redis Cache backup disabled","publicId":"SNYK-CC-AZURE-518","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/redis_cache#rdb_backup_enabled","https://docs.microsoft.com/en-us/azure/azure-cache-for-redis/cache-how-to-premium-persistence"],"remediation":{"arm":"Set `properties.redisConfiguration.rdb-backup-enabled` to `true`","terraform":"Set `rdb_backup_enabled` to `true`"},"severity":"low","subType":"Redis","title":"Redis Cache backup disabled"},"SNYK_CC_AZURE_519":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","DSP-10"]],"impact":"Usage of outdated protocols pose a security risk and a lack of technical support, using these protocols means your APIs are vulnerable to attack","issue":"API Management frontend allows insecure TLS/SSL protocols","publicId":"SNYK-CC-AZURE-519","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management#enable_frontend_ssl30","https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-manage-protocols-ciphers"],"remediation":{"terraform":"Set `enable_frontend_ssl30` `enable_frontend_tls10` `enable_frontend_tls11` attributes to `false`"},"severity":"low","subType":"API Management","title":"API Management frontend allows insecure TLS/SSL protocols"},"SNYK_CC_AZURE_521":{"compliance":[["CIS-AZURE-Foundations","v1.4.0","2.4"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"SQL servers will not be protected with threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center","issue":"Azure Defender is disabled on SQL servers","publicId":"SNYK-CC-AZURE-521","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing","https://docs.microsoft.com/en-us/azure/security-center/azure-defender","CIS Microsoft Azure Foundations Benchmark v1.3.0 - 2.1 Ensure that Azure Defender is set to On for Servers"],"remediation":{"arm":"Set `name` to `SqlServers` and `properties.pricingTier` to `Standard`","terraform":"Set `tier` to `Standard` and `resource_type` to `SqlServers`"},"severity":"low","subType":"Security Center","title":"Azure Defender is disabled on SQL servers"},"SNYK_CC_AZURE_522":{"compliance":[["CIS-AZURE-Foundations","v1.4.0","2.2"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"App Service might be vulnerable to a broad range of threats","issue":"App Service is not protected by Azure Defender","publicId":"SNYK-CC-AZURE-522","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing","https://docs.microsoft.com/en-us/azure/security-center/azure-defender","CIS Microsoft Azure Foundations Benchmark v1.3.1 - 2.2 Ensure that Azure Defender is set to On for App Service"],"remediation":{"arm":"Set `name` to `AppServices` and `properties.pricingTier` to `Standard`","terraform":"Set `tier` to `Standard` and `resource_type` to `AppServices`"},"severity":"low","subType":"Security Center","title":"App Service is not protected by Azure Defender"},"SNYK_CC_AZURE_524":{"compliance":[["CIS-AZURE-Foundations","v1.4.0","2.4"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"SQL server virtual machines will not be protected with threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center","issue":"Azure Defender is disabled on SQL server virtual machines","publicId":"SNYK-CC-AZURE-524","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing","https://docs.microsoft.com/en-us/azure/security-center/azure-defender","CIS Benchmark - `2.4 Ensure that Azure Defender is set to On for Sql servers on machines`"],"remediation":{"arm":"Set `name` to `SqlServerVirtualMachines` and `properties.pricingTier` to `Standard`","terraform":"Set `tier` to `Standard` and `resource_type` to `SqlServerVirtualMachines`"},"severity":"low","subType":"Security Center","title":"Azure Defender is disabled on SQL server virtual machines"},"SNYK_CC_AZURE_525":{"compliance":[["CIS-AZURE-Foundations","v1.4.0","2.5"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Storage accounts will not be protected with threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center","issue":"Azure Defender is disabled on storage accounts","publicId":"SNYK-CC-AZURE-525","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing","https://docs.microsoft.com/en-us/azure/security-center/azure-defender","https://github.com/Azure/azure-quickstart-templates/blob/master/quickstarts/microsoft.storage/storage-advanced-threat-protection-create/azuredeploy.json#L72","CIS Benchmark - `2.5 Ensure that Azure Defender is set to On for Storage`"],"remediation":{"arm":"Set `name` to `StorageAccounts` and `properties.pricingTier` to `Standard`","terraform":"Set `tier` to `Standard` and `resource_type` to `StorageAccounts`"},"severity":"low","subType":"Security Center","title":"Azure Defender is disabled on storage accounts"},"SNYK_CC_AZURE_526":{"compliance":[["CIS-Controls","v8","10.1"],["CIS-Controls","v8","13.1"],["CIS-Controls","v8","16.10"],["CIS-AZURE-Foundations","v1.4.0","2.6"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Kubernetes services will not be protected with threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center","issue":"Azure Defender is disabled on kubernetes service","publicId":"SNYK-CC-AZURE-526","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing","https://docs.microsoft.com/en-us/azure/security-center/azure-defender","CIS Benchmark - `2.6 Ensure that Azure Defender is set to On for Kubernetes`"],"remediation":{"arm":"Set `name` to `KubernetesService` and `properties.pricingTier` to `Standard`","terraform":"Set `tier` to `Standard` and `resource_type` to `KubernetesService`"},"severity":"low","subType":"Security Center","title":"Azure Defender is disabled on kubernetes service"},"SNYK_CC_AZURE_527":{"compliance":[["CIS-AZURE-Foundations","v1.4.0","2.7"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Container Registry will not be protected with threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center","issue":"Ensure that Azure Defender is set to On for Container Registries","publicId":"SNYK-CC-AZURE-527","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing","https://docs.microsoft.com/en-us/azure/security-center/azure-defender","CIS Microsoft Azure Foundations Benchmark v1.3.0 - 2.7 Ensure that Azure Defender is set to On for Container Registries"],"remediation":{"arm":"Set `name` to `ContainerRegistry` and `properties.pricingTier` to `Standard`","terraform":"Set `tier` to `Standard` and `resource_type` to `ContainerRegistry`"},"severity":"low","subType":"Security Center","title":"Azure Defender is disabled for Container Registries"},"SNYK_CC_AZURE_528":{"compliance":[["CIS-Controls","v8","10.1"],["CIS-Controls","v8","16.10"],["CIS-Controls","v8","13.1"],["CIS-AZURE-Foundations","v1.4.0","2.8"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Key Vault service will not be protected with threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center","issue":"Key Vault is not protected by Azure Defender","publicId":"SNYK-CC-AZURE-528","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing","https://docs.microsoft.com/en-us/azure/security-center/azure-defender","CIS Benchmark - `2.8 Ensure that Azure Defender is set to On for Key Vault`"],"remediation":{"arm":"Set `name` to `KeyVaults` and `properties.pricingTier` to `Standard`","terraform":"Set `tier` to `Standard` and `resource_type` to `KeyVaults`"},"severity":"low","subType":"Security Center","title":"Key Vault is not protected by Azure Defender"},"SNYK_CC_AZURE_529":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AZURE-Foundations","v1.4.0","2.11"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Security Center will not automatically provision Monitoring Agent on all compatible virtual machines, you will not automatically be provided with alerts on security misconfigurations, updates, and vulnerabilities","issue":"Automatic provisioning of monitoring agent is disabled","publicId":"SNYK-CC-AZURE-529","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_auto_provisioning","https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection"],"remediation":{"arm":"Set `autoProvision` to `On`","terraform":"Set `auto_provision` to `On`"},"severity":"low","subType":"Security Center","title":"Automatic provisioning of monitoring agent is disabled"},"SNYK_CC_AZURE_532":{"compliance":[["CIS-AZURE-Foundations","v1.4.0","2.14"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Subscription admins will not receive security alerts for important events, which may affect system security","issue":"High severity security notifications disabled","publicId":"SNYK-CC-AZURE-532","references":["https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details","https://docs.microsoft.com/en-us/rest/api/securitycenter/security-contacts/list","CIS Microsoft Azure Foundations Benchmark v1.3.1 - 2.14 Ensure that 'Notify about alerts with the following severity' is set to 'High'"],"remediation":{"arm":"Set `alertNotifications.state` to `On` and `alertNotifications.minimalSeverity` to `High`"},"severity":"low","subType":"Security Center","title":"High severity security notifications disabled"},"SNYK_CC_AZURE_533":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CIS-AZURE-Foundations","v1.4.0","9.10"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"impact":"FTP is a plain-text protocol that is vulnerable to manipulation and eavesdropping","issue":"App Service allows FTP deployments","publicId":"SNYK-CC-AZURE-533","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service#ftps_state","https://docs.microsoft.com/en-us/azure/app-service/deploy-ftp?tabs=portal#enforce-ftps","CIS Microsoft Azure Foundations Benchmark v1.3.1 - 9.10 Ensure FTP deployments are disabled"],"remediation":{"arm":"Set `ftpsState` to `FtpsOnly` or `Disabled` if not needed","terraform":"Set `ftps_state` to `FtpsOnly` or `Disabled`"},"severity":"high","subType":"App Service (Web Apps)","title":"App Service allows FTP deployments"},"SNYK_CC_AZURE_534":{"compliance":[["CIS-Controls","v8","8.2"],["CSA-CCM","v4.0.5","LOG-08"]],"id":"634","impact":"Unable to monitor individual requests and to diagnose issues with the Storage Queue service","issue":"Storage Queue service logging is disabled","publicId":"SNYK-CC-AZURE-534","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#queue_properties","https://docs.microsoft.com/en-us/azure/storage/queues/monitor-queue-storage?tabs=azure-portal","CIS Microsoft Azure Foundations Benchmark v1.3.1 - 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests"],"remediation":{"arm":"Add `resource.properties.logs` attribute entry for each of `StorageRead`, `StorageWrite`, and `StorageDelete`","terraform":"Set `delete`,`read` and `write` in the `queue_properties.logging` to `true`"},"severity":"low","subType":"Storage","title":"Storage Queue service logging is disabled"},"SNYK_CC_AZURE_535":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AZURE-Foundations","v1.4.0","3.5"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-16"]],"impact":"Client has unauthorized read access to storage container or blob","issue":"Public access level for storage containers \u0026 blobs is enabled","publicId":"SNYK-CC-AZURE-535","references":["https://docs.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-configure?tabs=portal","CIS Microsoft Azure Foundations Benchmark v1.3.1 - 3.5 Ensure that 'Public access level' is set to Private for blob containers"],"remediation":{"arm":"Set `properties.PublicAccess` to `None`","terraform":"Set `allow_blob_public_access` to `false`"},"severity":"high","subType":"Storage","title":"Public access level for storage containers \u0026 blobs is enabled"},"SNYK_CC_AZURE_537":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AZURE-Foundations","v1.4.0","4.2.1"],["CSA-CCM","v4.0.5","TVM-07"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Advanced Threat Protection can identify potential SQL injection, access from unusual location or data center, access from unfamiliar principal or potentially harmful application, and brute force SQL credentials","issue":"Advanced Threat Protection is disabled on SQL server","publicId":"SNYK-CC-AZURE-537","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/advanced_threat_protection","https://docs.microsoft.com/en-us/azure/azure-sql/database/threat-detection-configure"],"remediation":{"terraform":"Set `enabled` attribute to `true`"},"severity":"low","subType":"Security Center","title":"Advanced Threat Protection is disabled on SQL server"},"SNYK_CC_AZURE_539":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AZURE-Foundations","v1.4.0","4.2.3"],["CSA-CCM","v4.0.5","TVM-07"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"New vulnerabilities may not be detected in timely manner. This can leave the SQL server vulnerable to potential attack and exploitation","issue":"Periodic vulnerability assessment is not enabled on SQL server","publicId":"SNYK-CC-AZURE-539","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server_vulnerability_assessment","https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment","CIS Benchmark - 4.2.3: Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server"],"remediation":{"arm":"Set `properties.recurringScans.isEnabled` to `true`","terraform":"Set `recurring_scans.enabled` to `true`"},"severity":"low","subType":"Database","title":"Periodic vulnerability assessment is not enabled on SQL server"},"SNYK_CC_AZURE_540":{"compliance":[["CIS-AZURE-Foundations","v1.4.0","4.2.5"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Administrators will not be automatically notified, which can lead to time delay in identifying risks and taking corrective measures","issue":"MSSQL Vulnerability Assessment email notifications are disabled","publicId":"SNYK-CC-AZURE-540","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server_vulnerability_assessment","https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment","CIS Microsoft Azure Foundations Benchmark v1.3.1 - 4.2.5 Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server"],"remediation":{"arm":"Set `properties.recurringScans.emailSubscriptionAdmins` to `true`","terraform":"Set `recurring_scans.email_subscription_admins` to `true`"},"severity":"low","subType":"Database","title":"MSSQL Vulnerability Assessment email notifications are disabled"},"SNYK_CC_AZURE_542":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-Controls","v8","10.1"],["CIS-Controls","v8","13.1"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Missing Windows Server Endpoint Detection and Response (EDR) capabilities","issue":"Windows Defender ATP (WDATP) integration in Security Center disabled","publicId":"SNYK-CC-AZURE-542","references":["CIS Microsoft Azure Foundations Benchmark: 2.9 - Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected","https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_setting","https://docs.microsoft.com/en-us/azure/security-center/security-center-wdatp?tabs=windows","https://docs.microsoft.com/en-us/azure/templates/microsoft.security/settings?tabs=json"],"remediation":{"arm":"Set `name` to `WDATP` and `properties.enabled` to `true`","terraform":"Set `setting_name` to `WDATP` and `enabled` to `true`"},"severity":"medium","subType":"Security Center","title":"Windows Defender ATP (WDATP) integration in Security Center disabled"},"SNYK_CC_AZURE_543":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AZURE-Foundations","v1.4.0","2.10"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Missing analysis of Azure Resource Manager records to detect unusual or potentially harmful operations in the Azure subscription environment","issue":"Microsoft Cloud App Security (MCAS) integration in Security Center disabled","publicId":"SNYK-CC-AZURE-543","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_setting","https://docs.microsoft.com/en-us/cloud-app-security/","https://docs.microsoft.com/en-us/azure/templates/microsoft.security/settings?tabs=json","CIS Microsoft Azure Foundations Benchmark: 2.10 - Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected"],"remediation":{"arm":"Set `name` to `MCAS`, and set `properties.enabled` to `true`","terraform":"Set `setting_name` to `MCAS` and `enabled` to `true`"},"severity":"medium","subType":"Security Center","title":"Microsoft Cloud App Security (MCAS) integration in Security Center disabled"},"SNYK_CC_AZURE_552":{"compliance":[["CIS-Controls","v8","8.5"],["CIS-AZURE-Foundations","v1.4.0","5.1.2"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Not capturing the diagnostic setting categories for appropriate management activities leads to missing important alerts","issue":"Ensure Diagnostic Setting captures appropriate categories","publicId":"SNYK-CC-AZURE-552","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting#category","https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/resource-manager-diagnostic-settings ","CIS Benchmark v1.3.1 - 5.1.2 Ensure Diagnostic Setting captures appropriate categories"],"remediation":{"terraform":"Set log blocks for the categories `Administrative`,`Alert`,`Policy`,`Security` with `enabled` set to `true` for each"},"severity":"low","subType":"Monitor","title":"Ensure Diagnostic Setting captures appropriate categories"},"SNYK_CC_AZURE_553":{"compliance":[["CIS-Controls","v8","10.1"],["CIS-Controls","v8","16.10"],["CIS-Controls","v8","13.1"],["CIS-AZURE-Foundations","v1.4.0","2.1"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Virtual machines are not protected against advanced threats","issue":"Azure Defender is disabled for Virtual Machines","publicId":"SNYK-CC-AZURE-553","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing","https://docs.microsoft.com/en-us/azure/security-center/azure-defender"],"remediation":{"arm":"Set `name` to `VirtualMachines` and `properties.pricingTier` to `Standard`","terraform":"Set `tier` to `Standard` and `resource_type` to `VirtualMachines`"},"severity":"medium","subType":"Security Center","title":"Azure Defender is disabled for Virtual Machines"},"SNYK_CC_AZURE_554":{"compliance":[["CIS-Controls","v8","10.1"],["CIS-Controls","v8","16.10"],["CIS-Controls","v8","13.1"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"id":"554","impact":"ARM is not protected against advanced threats","issue":"Azure Defender is disabled for Azure Resource Management (ARM)","publicId":"SNYK-CC-AZURE-554","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing","https://docs.microsoft.com/en-us/azure/security-center/azure-defender"],"remediation":{"arm":"Set `name` to `Arm` and `properties.pricingTier` to `Standard`","terraform":"Set `tier` to `Standard` and `resource_type` to `Arm`"},"severity":"medium","subType":"Security Center","title":"Azure Defender is disabled for Azure Resource Management (ARM)"},"SNYK_CC_AZURE_555":{"compliance":[["CIS-Controls","v8","10.1"],["CIS-Controls","v8","16.10"],["CIS-Controls","v8","13.1"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Azure DNS is not protected against advanced threats","issue":"Azure Defender is disabled for Azure DNS","publicId":"SNYK-CC-AZURE-555","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing","https://docs.microsoft.com/en-us/azure/security-center/azure-defender"],"remediation":{"arm":"Set `name` to `Dns` and `properties.pricingTier` to `Standard`","terraform":"Set `tier` to `Standard` and `resource_type` to `Dns`"},"severity":"medium","subType":"Security Center","title":"Azure Defender is disabled for Azure DNS"},"SNYK_CC_AZURE_594":{"compliance":[["CIS-Controls","v8","5.6"],["CIS-Controls","v8","6.7"],["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"The admin user account is a technical account that allows depersonalized access and should be replaced by personalized, managed identities.","issue":"Azure Container Registry Admin is enabled","publicId":"SNYK-CC-AZURE-594","references":["https://docs.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli#admin-account","https://docs.microsoft.com/en-us/azure/templates/microsoft.containerregistry/registries?tabs=json"],"remediation":{"arm":"Set `properties.adminUserEnabled` to `false`","terraform":"Set `admin_enabled` to `false`, or remove the property from the resource"},"severity":"medium","subType":"Container","title":"Azure Container Registry Admin is enabled"},"SNYK_CC_AZURE_595":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","BCR-08"]],"impact":"Missing geo replication leads to reduced availability of container images","issue":"Geo replication for Azure Container Images disabled","publicId":"SNYK-CC-AZURE-595","references":["https://docs.microsoft.com/en-us/azure/templates/microsoft.containerregistry/registries/replications?tabs=json","https://azure.microsoft.com/en-gb/blog/azure-container-registry-makes-geo-replication-generally-available-adding-lifecycle-management-capabilities/","https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/container-registry/container-registry-get-started-geo-replication-template.md"],"remediation":{"terraform":"Set a `georeplications` block within the resource, including a valid `location` property"},"severity":"low","subType":"Container","title":"Geo replication for Azure Container Images disabled"},"SNYK_CC_AZURE_597":{"compliance":[["CIS-Controls","v8","10.1"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Container images are not scanned for malware","issue":"Container image quarantine disabled","publicId":"SNYK-CC-AZURE-597","references":["https://docs.microsoft.com/en-us/azure/container-registry/container-registry-faq#how-do-i-enable-automatic-image-quarantine-for-a-registry-"],"remediation":{"arm":"Set `properties.policies.quarantinePolicy.status` to `enabled`","terraform":"Set `quarantine_policy_enabled` to `true`, or remove the property from the resource"},"severity":"medium","subType":"Container","title":"Container image quarantine disabled"},"SNYK_CC_AZURE_605":{"compliance":[["CIS-Controls","v8","4.7"],["CSA-CCM","v4.0.5","IAM-05"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"The local Kubernetes accounts can be used to avoid attribution of action on the cluster resources.","issue":"AKS local accounts are enabled","publicId":"SNYK-CC-AZURE-605","references":["https://docs.microsoft.com/en-us/azure/aks/managed-aad#disable-local-accounts","https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.AKS.LocalAccounts/"],"remediation":{"arm":"Set `properties.disableLocalAccounts` attribute to `true`"},"severity":"medium","subType":"Container","title":"AKS local accounts are enabled"},"SNYK_CC_AZURE_606":{"compliance":[["CIS-Controls","v8","5.6"],["CIS-Controls","v8","6.7"],["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"AKS-managed integration provides an easy way to use Azure AD authorization for AKS. Consider configuring AKS-managed Azure AD integration for AKS clusters.","issue":"AKS managed Azure Active Directory integration is disabled","publicId":"SNYK-CC-AZURE-606","references":["https://docs.microsoft.com/en-us/azure/aks/managed-aad"],"remediation":{"arm":"Set `properties.aadProfile.managed` to `true`"},"severity":"low","subType":"Container","title":"AKS managed Azure Active Directory integration is disabled"},"SNYK_CC_AZURE_607":{"compliance":[["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Missing insights into workload states of the AKS cluster makes it difficult to detect and remedy performance issues","issue":"AKS cluster does not have platform diagnostic logging enabled","publicId":"SNYK-CC-AZURE-607","references":["https://docs.microsoft.com/en-us/azure/aks/concepts-diagnostics","https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/resource-manager-diagnostic-settings?tabs=json","https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/DataConnectorsAzureKubernetes_Deploy.json","https://docs.microsoft.com/en-us/azure/templates/microsoft.containerservice/managedclusters?tabs=json"],"remediation":{"arm":"Set items of `properties.logs` with `category` as `cluster-autoscaler`, `kube-apiserver`, `kube-scheduler`, and `kube-controller-manager` where `properties.logs[ITEM].enabled` to `true`. In addition, set item of `properties.metrics` with `category` as `AllMetrics` where `properties.metrics[ITEM].enabled` to `true`"},"severity":"low","subType":"Container","title":"AKS cluster does not have platform diagnostic logging enabled"},"SNYK_CC_AZURE_608":{"compliance":[["CIS-Controls","v8","12.2"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IVS-02"]],"impact":"Using the free SKU might negatively impact the availability of the App Configuration","issue":"An SLA should be used for App Configuration","publicId":"SNYK-CC-AZURE-608","references":["https://azure.microsoft.com/en-gb/pricing/details/app-configuration/","https://docs.microsoft.com/en-us/azure/templates/microsoft.appconfiguration/configurationstores?tabs=json"],"remediation":{"arm":"Set `sku.name` to `Standard`","terraform":"Set `sku` to `standard`"},"severity":"medium","subType":"App Service (Web Apps)","title":"An SLA should be used for App Configuration"},"SNYK_CC_AZURE_609":{"compliance":[["CIS-Controls","v8","12.2"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IVS-02"]],"impact":"Application Gateways in version 1 should be deployed with an SKU instance size of medium or large. Running production workloads on small application gateways may overload the processing capacity and lead to service unavailability","issue":"App Gateway should use a production level SKU","publicId":"SNYK-CC-AZURE-609","references":["https://docs.microsoft.com/en-us/azure/application-gateway/quick-create-template"],"remediation":{"arm":"Set `properties.sku.name` to any option other than `Standard_Small`","terraform":"Set `sku.name` to any option other than `Standard_Small`"},"severity":"low","subType":"Network","title":"App Gateway should use a production level SKU"},"SNYK_CC_AZURE_610":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Out-of-date OWASP rules might not protect as effectively as more recent rule sets","issue":"App Gateway does not use OWASP 3.x rules","publicId":"SNYK-CC-AZURE-610","references":["https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview","https://docs.microsoft.com/en-us/azure/templates/microsoft.network/applicationgateways?tabs=bicep"],"remediation":{"arm":"Set `properties.webApplicationFirewallConfiguration.ruleSetType` to `OWASP` and `properties.webApplicationFirewallConfiguration.ruleSetVersion` to `3.2`","terraform":"Set `waf_configuration.rule_set_type` to `OWASP` and `waf_configuration.rule_set_version` to `3.1`"},"severity":"medium","subType":"Network","title":"App Gateway does not use OWASP 3.x rules"},"SNYK_CC_AZURE_611":{"compliance":[["CIS-Controls","v8","12.2"],["CIS-Controls","v8","13.10"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Backend resources are not proactively protected by web application firewall","issue":"WAF prevention mode not enabled","publicId":"SNYK-CC-AZURE-611","references":["https://docs.microsoft.com/en-us/azure/templates/microsoft.network/applicationgateways?tabs=json","https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview#waf-modes"],"remediation":{"arm":"Set `properties.webApplicationFirewallConfiguration.firewallMode` to `Prevention`"},"severity":"medium","subType":"Network","title":"WAF prevention mode not enabled"},"SNYK_CC_AZURE_613":{"compliance":[["CIS-Controls","v8","16.8"],["CSA-CCM","v4.0.5","IVS-05"]],"impact":"Missing advanced auto scale and traffic management features can cause stability issues for production workload","issue":"App Service does not use production level SKU","publicId":"SNYK-CC-AZURE-613","references":["https://azure.microsoft.com/en-us/pricing/details/app-service/windows/","https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service_plan","https://docs.microsoft.com/en-us/azure/templates/microsoft.web/2019-08-01/serverfarms?tabs=bicep"],"remediation":{"arm":"Set `sku.tier` to `Standard` or higher","terraform":"Set `sku.tier` to `Standard` or higher"},"severity":"low","subType":"App Service (Web Apps)","title":"App Service does not use production level SKU"},"SNYK_CC_AZURE_618":{"compliance":[["CIS-Controls","v8","12.2"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IVS-02"]],"impact":"A single App Service Plan instance increases the risk of application unavailability","issue":"Use two or more App Service Plan instances","publicId":"SNYK-CC-AZURE-618","references":["https://docs.microsoft.com/en-us/azure/app-service/overview-hosting-plans","https://docs.microsoft.com/en-us/azure/templates/microsoft.web/serverfarms?tabs=json"],"remediation":{"arm":"Set `sku.capacity` to `2` or more","terraform":"Set `sku.capacity` to `2` or more"},"severity":"medium","subType":"App Service (Web Apps)","title":"Use two or more App Service Plan instances"},"SNYK_CC_AZURE_619":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","DSP-10"]],"impact":"Leaving remote debugging enabled might increase exposure to unnecessary risk","issue":"App Service remote debugging enabled","publicId":"SNYK-CC-AZURE-619","references":["https://devblogs.microsoft.com/premier-developer/remote-debugging-azure-app-services/","https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites?tabs=bicep"],"remediation":{"arm":"Set `properties.remoteDebuggingEnabled` to `false`","terraform":"Set `site_config.remote_debugging_enabled` to `false`, or remove the `remote_debugging_enabled` property"},"severity":"medium","subType":"App Service (Web Apps)","title":"App Service remote debugging enabled"},"SNYK_CC_AZURE_620":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","CEK-03"]],"impact":"Unencrypted variables might leak sensitive information","issue":"Ensure Automation Variables are encrypted","publicId":"SNYK-CC-AZURE-620","references":["https://docs.microsoft.com/en-us/azure/automation/automation-secure-asset-encryption","https://docs.microsoft.com/en-us/azure/templates/microsoft.automation/automationaccounts/variables?tabs=json"],"remediation":{"arm":"Set `properties.isEncrypted` to `true`","terraform":"In your `azurerm_automation_variable_bool`, `azurerm_automation_variable_datetime`, `azurerm_automation_variable_int`, or `azurerm_automation_variable_string` resources, set `encrypted to `true``"},"severity":"medium","subType":"Automation","title":"Ensure Automation Variables are encrypted"},"SNYK_CC_AZURE_621":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","IAM-05"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Account key-based write access to account data exposes sensitive configuration options to non-administrative accounts","issue":"Restrict user access to data operations in Azure Cosmos DB","publicId":"SNYK-CC-AZURE-621","references":["https://docs.microsoft.com/en-us/azure/cosmos-db/audit-control-plane-logs","https://docs.microsoft.com/en-us/azure/templates/microsoft.documentdb/databaseaccounts?tabs=json"],"remediation":{"arm":"Set `Properties.disableKeyBasedMetadataWriteAccess` to `true`","terraform":"Set `access_key_metadata_writes_enabled` to `false`"},"severity":"medium","subType":"CosmosDB (DocumentDB)","title":"Restrict user access to data operations in Azure Cosmos DB"},"SNYK_CC_AZURE_624":{"compliance":[["CIS-AZURE-Foundations","v1.4.0","8.6"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Accidentally purged vaults and vault items are not recoverable and might lead to data loss","issue":"Key Vault purge protection is disabled","publicId":"SNYK-CC-AZURE-624","references":["https://docs.microsoft.com/en-us/azure/key-vault/general/soft-delete-overview#purge-protection","https://docs.microsoft.com/en-us/azure/templates/microsoft.keyvault/vaults?tabs=bicep","CIS Microsoft Azure Foundations Benchmark v1.3.1 - 8.4 Ensure the key vault is recoverable"],"remediation":{"arm":"Set `properties.enablePurgeProtection` to `true`","terraform":"Set `purge_protection_enabled` to `true`"},"severity":"medium","subType":"Security Center","title":"Key Vault purge protection is disabled"},"SNYK_CC_AZURE_625":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AZURE-Foundations","v1.4.0","8.6"],["CSA-CCM","v4.0.5","BCR-08"]],"impact":"Accidentally deleted vaults and vault items are not recoverable and might lead to data loss","issue":"Key Vault soft deletion not set to 90 days","publicId":"SNYK-CC-AZURE-625","references":["https://docs.microsoft.com/en-us/azure/key-vault/general/soft-delete-overview","https://docs.microsoft.com/en-us/azure/templates/microsoft.keyvault/vaults?tabs=bicep","CIS Microsoft Azure Foundations Benchmark v1.3.1 - 8.4 Ensure the key vault is recoverable"],"remediation":{"arm":"Set `properties.enableSoftDelete` to `true` and `softDeleteRetentionInDays` to `90`, or remove the attributes entirely to use enabled soft delete default with 90 days retention","terraform":"Set `soft_delete_retention_days` to `90`, or remove the attribute entirely to use 90 days default retention"},"severity":"medium","subType":"Key Vault","title":"Key Vault soft deletion not set to 90 days"},"SNYK_CC_AZURE_627":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","DSP-10"]],"impact":"An outdated TLS version might lead to data leakage or manipulation","issue":"MySQL minimum TLS version \ No newline at end of file diff --git a/package.json b/package.json index 4bc6dd5..1121c65 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,5 @@ { - "version": "0.1.28", + "version": "0.1.29", "license": "MIT", "main": "dist/index.js", "typings": "dist/index.d.ts", From b7b7ea78365e6000aa16e88f8a8acc49e89d0219 Mon Sep 17 00:00:00 2001 From: Adam La Morre Date: Sun, 1 Jan 2023 20:26:54 -0800 Subject: [PATCH 4/5] Remive iac data --- .iac-data/arm_data.json | 1 - 1 file changed, 1 deletion(-) delete mode 100644 .iac-data/arm_data.json diff --git a/.iac-data/arm_data.json b/.iac-data/arm_data.json deleted file mode 100644 index c3e3b7d..0000000 --- a/.iac-data/arm_data.json +++ /dev/null @@ -1 +0,0 @@ -{"builtins":[{"decl":{"args":[{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"abs"},{"decl":{"args":[{"of":[{"of":{"type":"any"},"type":"set"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"all"},{"decl":{"args":[{"of":{"type":"any"},"type":"set"},{"of":{"type":"any"},"type":"set"}],"result":{"of":{"type":"any"},"type":"set"},"type":"function"},"infix":"\u0026","name":"and"},{"decl":{"args":[{"of":[{"of":{"type":"any"},"type":"set"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"any"},{"decl":{"args":[{"dynamic":{"type":"any"},"type":"array"},{"dynamic":{"type":"any"},"type":"array"}],"result":{"dynamic":{"type":"any"},"type":"array"},"type":"function"},"name":"array.concat"},{"decl":{"args":[{"dynamic":{"type":"any"},"type":"array"},{"type":"number"},{"type":"number"}],"result":{"dynamic":{"type":"any"},"type":"array"},"type":"function"},"name":"array.slice"},{"decl":{"args":[{"type":"any"},{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"infix":":=","name":"assign"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"base64.decode"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"base64.encode"},{"decl":{"args":[{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"base64.is_valid"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"base64url.decode"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"base64url.encode"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"base64url.encode_no_pad"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"bits.and"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"bits.lsh"},{"decl":{"args":[{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"bits.negate"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"bits.or"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"bits.rsh"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"bits.xor"},{"decl":{"args":[{"type":"any"}],"result":{"dynamic":{"type":"any"},"type":"array"},"type":"function"},"name":"cast_array"},{"decl":{"args":[{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"cast_boolean"},{"decl":{"args":[{"type":"any"}],"result":{"type":"null"},"type":"function"},"name":"cast_null"},{"decl":{"args":[{"type":"any"}],"result":{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},"type":"function"},"name":"cast_object"},{"decl":{"args":[{"type":"any"}],"result":{"of":{"type":"any"},"type":"set"},"type":"function"},"name":"cast_set"},{"decl":{"args":[{"type":"any"}],"result":{"type":"string"},"type":"function"},"name":"cast_string"},{"decl":{"args":[{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"ceil"},{"decl":{"args":[{"type":"string"},{"of":[{"of":{"type":"string"},"type":"set"},{"dynamic":{"type":"string"},"type":"array"}],"type":"any"}],"result":{"type":"string"},"type":"function"},"name":"concat"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"contains"},{"decl":{"args":[{"of":[{"of":{"type":"any"},"type":"set"},{"dynamic":{"type":"any"},"type":"array"},{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},{"type":"string"}],"type":"any"}],"result":{"type":"number"},"type":"function"},"name":"count"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"crypto.md5"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"crypto.sha1"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"crypto.sha256"},{"decl":{"args":[{"type":"string"}],"result":{"dynamic":{"key":{"type":"string"},"value":{"type":"any"}},"type":"object"},"type":"function"},"name":"crypto.x509.parse_certificate_request"},{"decl":{"args":[{"type":"string"}],"result":{"dynamic":{"dynamic":{"key":{"type":"string"},"value":{"type":"any"}},"type":"object"},"type":"array"},"type":"function"},"name":"crypto.x509.parse_certificates"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"type":"number"},"type":"function"},"infix":"/","name":"div"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"endswith"},{"decl":{"args":[{"type":"any"},{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"infix":"=","name":"eq"},{"decl":{"args":[{"type":"any"},{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"infix":"==","name":"equal"},{"decl":{"args":[{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"floor"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"type":"string"},"type":"function"},"name":"format_int"},{"decl":{"args":[{"type":"string"},{"dynamic":{"type":"string"},"type":"array"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"glob.match"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"glob.quote_meta"},{"decl":{"args":[{"dynamic":{"key":{"type":"any"},"value":{"of":[{"of":{"type":"any"},"type":"set"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"}},"type":"object"},{"of":[{"of":{"type":"any"},"type":"set"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"}],"result":{"of":{"type":"any"},"type":"set"},"type":"function"},"name":"graph.reachable"},{"decl":{"args":[{"type":"any"},{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"infix":"\u003e","name":"gt"},{"decl":{"args":[{"type":"any"},{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"infix":"\u003e=","name":"gte"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"hex.decode"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"hex.encode"},{"decl":{"args":[{"dynamic":{"key":{"type":"string"},"value":{"type":"any"}},"type":"object"}],"result":{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},"type":"function"},"name":"http.send"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"number"},"type":"function"},"name":"indexof"},{"decl":{"args":[{"of":{"of":{"type":"any"},"type":"set"},"type":"set"}],"result":{"of":{"type":"any"},"type":"set"},"type":"function"},"name":"intersection"},{"decl":{"args":[{"type":"string"}],"result":{"static":[{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},{"type":"string"}],"type":"array"},"type":"function"},"name":"io.jwt.decode"},{"decl":{"args":[{"type":"string"},{"dynamic":{"key":{"type":"string"},"value":{"type":"any"}},"type":"object"}],"result":{"static":[{"type":"boolean"},{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"}],"type":"array"},"type":"function"},"name":"io.jwt.decode_verify"},{"decl":{"args":[{"dynamic":{"key":{"type":"string"},"value":{"type":"any"}},"type":"object"},{"dynamic":{"key":{"type":"string"},"value":{"type":"any"}},"type":"object"},{"dynamic":{"key":{"type":"string"},"value":{"type":"any"}},"type":"object"}],"result":{"type":"string"},"type":"function"},"name":"io.jwt.encode_sign"},{"decl":{"args":[{"type":"string"},{"type":"string"},{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"io.jwt.encode_sign_raw"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_es256"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_es384"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_es512"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_hs256"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_hs384"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_hs512"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_ps256"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_ps384"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_ps512"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_rs256"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_rs384"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"io.jwt.verify_rs512"},{"decl":{"args":[{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"is_array"},{"decl":{"args":[{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"is_boolean"},{"decl":{"args":[{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"is_null"},{"decl":{"args":[{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"is_number"},{"decl":{"args":[{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"is_object"},{"decl":{"args":[{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"is_set"},{"decl":{"args":[{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"is_string"},{"decl":{"args":[{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},{"of":[{"dynamic":{"of":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"},"type":"array"},{"of":{"of":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"},"type":"set"}],"type":"any"}],"result":{"type":"any"},"type":"function"},"name":"json.filter"},{"decl":{"args":[{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"json.is_valid"},{"decl":{"args":[{"type":"any"}],"result":{"type":"string"},"type":"function"},"name":"json.marshal"},{"decl":{"args":[{"type":"any"},{"dynamic":{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"static":[{"key":"op","value":{"type":"string"}},{"key":"path","value":{"type":"any"}}],"type":"object"},"type":"array"}],"result":{"type":"any"},"type":"function"},"name":"json.patch"},{"decl":{"args":[{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},{"of":[{"dynamic":{"of":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"},"type":"array"},{"of":{"of":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"},"type":"set"}],"type":"any"}],"result":{"type":"any"},"type":"function"},"name":"json.remove"},{"decl":{"args":[{"type":"string"}],"result":{"type":"any"},"type":"function"},"name":"json.unmarshal"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"lower"},{"decl":{"args":[{"type":"any"},{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"infix":"\u003c","name":"lt"},{"decl":{"args":[{"type":"any"},{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"infix":"\u003c=","name":"lte"},{"decl":{"args":[{"of":[{"of":{"type":"any"},"type":"set"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"}],"result":{"type":"any"},"type":"function"},"name":"max"},{"decl":{"args":[{"of":[{"of":{"type":"any"},"type":"set"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"}],"result":{"type":"any"},"type":"function"},"name":"min"},{"decl":{"args":[{"of":[{"type":"number"},{"of":{"type":"any"},"type":"set"}],"type":"any"},{"of":[{"type":"number"},{"of":{"type":"any"},"type":"set"}],"type":"any"}],"result":{"of":[{"type":"number"},{"of":{"type":"any"},"type":"set"}],"type":"any"},"type":"function"},"infix":"-","name":"minus"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"type":"number"},"type":"function"},"infix":"*","name":"mul"},{"decl":{"args":[{"type":"any"},{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"infix":"!=","name":"neq"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"net.cidr_contains"},{"decl":{"args":[{"of":[{"type":"string"},{"dynamic":{"of":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"},"type":"array"},{"of":{"of":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"},"type":"set"},{"dynamic":{"key":{"type":"string"},"value":{"of":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"}},"type":"object"}],"type":"any"},{"of":[{"type":"string"},{"dynamic":{"of":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"},"type":"array"},{"of":{"of":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"},"type":"set"},{"dynamic":{"key":{"type":"string"},"value":{"of":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"type":"any"}},"type":"object"}],"type":"any"}],"result":{"of":{"static":[{"type":"any"},{"type":"any"}],"type":"array"},"type":"set"},"type":"function"},"name":"net.cidr_contains_matches"},{"decl":{"args":[{"type":"string"}],"result":{"of":{"type":"string"},"type":"set"},"type":"function"},"name":"net.cidr_expand"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"net.cidr_intersects"},{"decl":{"args":[{"of":[{"dynamic":{"of":[{"type":"string"}],"type":"any"},"type":"array"},{"of":{"type":"string"},"type":"set"}],"type":"any"}],"result":{"of":{"type":"string"},"type":"set"},"type":"function"},"name":"net.cidr_merge"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"net.cidr_overlap"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"dynamic":{"type":"number"},"type":"array"},"type":"function"},"name":"numbers.range"},{"decl":{"args":[{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},{"of":[{"dynamic":{"type":"any"},"type":"array"},{"of":{"type":"any"},"type":"set"},{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"}],"type":"any"}],"result":{"type":"any"},"type":"function"},"name":"object.filter"},{"decl":{"args":[{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},{"type":"any"},{"type":"any"}],"result":{"type":"any"},"type":"function"},"name":"object.get"},{"decl":{"args":[{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},{"of":[{"dynamic":{"type":"any"},"type":"array"},{"of":{"type":"any"},"type":"set"},{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"}],"type":"any"}],"result":{"type":"any"},"type":"function"},"name":"object.remove"},{"decl":{"args":[{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"},{"dynamic":{"key":{"type":"any"},"value":{"type":"any"}},"type":"object"}],"result":{"type":"any"},"type":"function"},"name":"object.union"},{"decl":{"result":{"dynamic":{"key":{"type":"string"},"value":{"type":"any"}},"type":"object"},"type":"function"},"name":"opa.runtime"},{"decl":{"args":[{"of":{"type":"any"},"type":"set"},{"of":{"type":"any"},"type":"set"}],"result":{"of":{"type":"any"},"type":"set"},"type":"function"},"infix":"|","name":"or"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"type":"number"},"type":"function"},"infix":"+","name":"plus"},{"decl":{"args":[{"of":[{"of":{"type":"number"},"type":"set"},{"dynamic":{"type":"number"},"type":"array"}],"type":"any"}],"result":{"type":"number"},"type":"function"},"name":"product"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"re_match"},{"decl":{"args":[{"type":"string"},{"type":"string"},{"type":"number"}],"result":{"dynamic":{"dynamic":{"type":"string"},"type":"array"},"type":"array"},"type":"function"},"name":"regex.find_all_string_submatch_n"},{"decl":{"args":[{"type":"string"},{"type":"string"},{"type":"number"}],"result":{"dynamic":{"type":"string"},"type":"array"},"type":"function"},"name":"regex.find_n"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"regex.globs_match"},{"decl":{"args":[{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"regex.is_valid"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"regex.match"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"dynamic":{"type":"string"},"type":"array"},"type":"function"},"name":"regex.split"},{"decl":{"args":[{"type":"string"},{"type":"string"},{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"regex.template_match"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"dynamic":{"key":{"type":"string"},"value":{"type":"any"}},"type":"object"},"type":"function"},"name":"rego.parse_module"},{"decl":{"args":[{"type":"number"},{"type":"number"}],"result":{"type":"number"},"type":"function"},"infix":"%","name":"rem"},{"decl":{"args":[{"type":"string"},{"type":"string"},{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"replace"},{"decl":{"args":[{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"round"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"number"},"type":"function"},"name":"semver.compare"},{"decl":{"args":[{"type":"any"}],"result":{"type":"boolean"},"type":"function"},"name":"semver.is_valid"},{"decl":{"args":[{"of":{"type":"any"},"type":"set"},{"of":{"type":"any"},"type":"set"}],"result":{"of":{"type":"any"},"type":"set"},"type":"function"},"name":"set_diff"},{"decl":{"args":[{"of":[{"dynamic":{"type":"any"},"type":"array"},{"of":{"type":"any"},"type":"set"}],"type":"any"}],"result":{"dynamic":{"type":"any"},"type":"array"},"type":"function"},"name":"sort"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"dynamic":{"type":"string"},"type":"array"},"type":"function"},"name":"split"},{"decl":{"args":[{"type":"string"},{"dynamic":{"type":"any"},"type":"array"}],"result":{"type":"string"},"type":"function"},"name":"sprintf"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"startswith"},{"decl":{"args":[{"dynamic":{"key":{"type":"string"},"value":{"type":"string"}},"type":"object"},{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"strings.replace_n"},{"decl":{"args":[{"type":"string"},{"type":"number"},{"type":"number"}],"result":{"type":"string"},"type":"function"},"name":"substring"},{"decl":{"args":[{"of":[{"of":{"type":"number"},"type":"set"},{"dynamic":{"type":"number"},"type":"array"}],"type":"any"}],"result":{"type":"number"},"type":"function"},"name":"sum"},{"decl":{"args":[{"type":"number"},{"type":"number"},{"type":"number"},{"type":"number"}],"result":{"type":"number"},"type":"function"},"name":"time.add_date"},{"decl":{"args":[{"of":[{"type":"number"},{"static":[{"type":"number"},{"type":"string"}],"type":"array"}],"type":"any"}],"result":{"static":[{"type":"number"},{"type":"number"},{"type":"number"}],"type":"array"},"type":"function"},"name":"time.clock"},{"decl":{"args":[{"of":[{"type":"number"},{"static":[{"type":"number"},{"type":"string"}],"type":"array"}],"type":"any"}],"result":{"static":[{"type":"number"},{"type":"number"},{"type":"number"}],"type":"array"},"type":"function"},"name":"time.date"},{"decl":{"result":{"type":"number"},"type":"function"},"name":"time.now_ns"},{"decl":{"args":[{"type":"string"}],"result":{"type":"number"},"type":"function"},"name":"time.parse_duration_ns"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"number"},"type":"function"},"name":"time.parse_ns"},{"decl":{"args":[{"type":"string"}],"result":{"type":"number"},"type":"function"},"name":"time.parse_rfc3339_ns"},{"decl":{"args":[{"of":[{"type":"number"},{"static":[{"type":"number"},{"type":"string"}],"type":"array"}],"type":"any"}],"result":{"type":"string"},"type":"function"},"name":"time.weekday"},{"decl":{"args":[{"of":[{"type":"number"},{"type":"string"},{"type":"boolean"},{"type":"null"}],"type":"any"}],"result":{"type":"number"},"type":"function"},"name":"to_number"},{"decl":{"args":[{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"trace"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"trim"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"trim_left"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"trim_prefix"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"trim_right"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"trim_space"},{"decl":{"args":[{"type":"string"},{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"trim_suffix"},{"decl":{"args":[{"of":[{"type":"any"}],"type":"any"}],"result":{"type":"string"},"type":"function"},"name":"type_name"},{"decl":{"args":[{"of":{"of":{"type":"any"},"type":"set"},"type":"set"}],"result":{"of":{"type":"any"},"type":"set"},"type":"function"},"name":"union"},{"decl":{"args":[{"type":"string"}],"result":{"type":"number"},"type":"function"},"name":"units.parse_bytes"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"upper"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"urlquery.decode"},{"decl":{"args":[{"type":"string"}],"result":{"dynamic":{"key":{"type":"string"},"value":{"dynamic":{"type":"string"},"type":"array"}},"type":"object"},"type":"function"},"name":"urlquery.decode_object"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"urlquery.encode"},{"decl":{"args":[{"dynamic":{"key":{"type":"string"},"value":{"of":[{"type":"string"},{"dynamic":{"type":"string"},"type":"array"},{"of":{"type":"string"},"type":"set"}],"type":"any"}},"type":"object"}],"result":{"type":"string"},"type":"function"},"name":"urlquery.encode_object"},{"decl":{"args":[{"type":"string"}],"result":{"type":"string"},"type":"function"},"name":"uuid.rfc4122"},{"decl":{"args":[{"type":"any"}],"result":{"static":[{"dynamic":{"type":"any"},"type":"array"},{"type":"any"}],"type":"array"},"type":"function"},"name":"walk","relation":true},{"decl":{"args":[{"type":"string"}],"result":{"type":"boolean"},"type":"function"},"name":"yaml.is_valid"},{"decl":{"args":[{"type":"any"}],"result":{"type":"string"},"type":"function"},"name":"yaml.marshal"},{"decl":{"args":[{"type":"string"}],"result":{"type":"any"},"type":"function"},"name":"yaml.unmarshal"}],"default_decision":"/schemas/terraform/aws/deny","ecosystems":{"CIS-AWS-Foundations":{"category":"CIS","latest_version":"v1.4.0","name":"CIS Amazon Web Services Foundations Benchmark","versions":{"v1.1.0":{"controls":{"1.1":{"mappings":[],"references":[],"title":"Avoid the use of the \"root\" account (Scored)"},"1.10":{"mappings":[],"references":[],"title":"Ensure IAM password policy prevents password reuse (Scored)"},"1.11":{"mappings":[],"references":[],"title":"Ensure IAM password policy expires passwords within 90 days or less (Scored)"},"1.12":{"mappings":[],"references":[],"title":"Ensure no root account access key exists (Scored)"},"1.13":{"mappings":[],"references":[],"title":"Ensure MFA is enabled for the \"root\" account (Scored)"},"1.14":{"mappings":[],"references":[],"title":"Ensure hardware MFA is enabled for the \"root\" account (Scored)"},"1.15":{"mappings":[],"references":[],"title":"Ensure security questions are registered in the AWS account (Not Scored)"},"1.16":{"mappings":[],"references":[],"title":"Ensure IAM policies are attached only to groups or roles (Scored)"},"1.17":{"mappings":[],"references":[],"title":"Enable detailed billing (Scored)"},"1.18":{"mappings":[],"references":[],"title":"Ensure IAM Master and IAM Manager roles are active (Scored)"},"1.19":{"mappings":[],"references":[],"title":"Maintain current contact details (Scored)"},"1.2":{"mappings":[],"references":[],"title":"Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Scored)"},"1.20":{"mappings":[],"references":[],"title":"Ensure security contact information is registered (Scored)"},"1.21":{"mappings":[],"references":[],"title":"Ensure IAM instance roles are used for AWS resource access from instances (Not Scored)"},"1.22":{"mappings":[],"references":[],"title":"Ensure a support role has been created to manage incidents with AWS Support (Scored)"},"1.23":{"mappings":[],"references":[],"title":"Do not setup access keys during initial user setup for all IAM users that have a console password (Not Scored)"},"1.24":{"mappings":[],"references":[],"title":"Ensure IAM policies that allow full \"*:*\" administrative privileges are not created (Scored)"},"1.3":{"mappings":[],"references":[],"title":"Ensure credentials unused for 90 days or greater are disabled (Scored)"},"1.4":{"mappings":[],"references":[],"title":"Ensure access keys are rotated every 90 days or less (Scored)"},"1.5":{"mappings":[],"references":[],"title":"Ensure IAM password policy requires at least one uppercase letter (Scored)"},"1.6":{"mappings":[],"references":[],"title":"Ensure IAM password policy require at least one lowercase letter (Scored)"},"1.7":{"mappings":[],"references":[],"title":"Ensure IAM password policy require at least one symbol (Scored)"},"1.8":{"mappings":[],"references":[],"title":"Ensure IAM password policy require at least one number (Scored)"},"1.9":{"mappings":[],"references":[],"title":"Ensure IAM password policy requires minimum length of 14 or greater (Scored)"},"2.1":{"mappings":[],"references":[],"title":"Ensure CloudTrail is enabled in all regions (Scored)"},"2.2":{"mappings":[],"references":[],"title":"Ensure CloudTrail log file validation is enabled (Scored)"},"2.3":{"mappings":[],"references":[],"title":"Ensure the S3 bucket CloudTrail logs to is not publicly accessible (Scored)"},"2.4":{"mappings":[],"references":[],"title":"Ensure CloudTrail trails are integrated with CloudWatch Logs (Scored)"},"2.5":{"mappings":[],"references":[],"title":"Ensure AWS Config is enabled in all regions (Scored)"},"2.6":{"mappings":[],"references":[],"title":"Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket (Scored)"},"2.7":{"mappings":[],"references":[],"title":"Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Scored)"},"2.8":{"mappings":[],"references":[],"title":"Ensure rotation for customer created CMKs is enabled (Scored)"},"3.1":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for unauthorized API calls (Scored)"},"3.10":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for security group changes (Scored)"},"3.11":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) (Scored)"},"3.12":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for changes to network gateways (Scored)"},"3.13":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for route table"},"3.14":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for VPC changes (Scored)"},"3.15":{"mappings":[],"references":[],"title":"Ensure appropriate subscribers to each SNS topic (Not Scored)"},"3.2":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for Management Console sign-in without MFA (Scored)"},"3.3":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for usage of \"root\" account (Scored)"},"3.4":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for IAM policy changes (Scored)"},"3.5":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for CloudTrail configuration changes (Scored)"},"3.6":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for AWS Management Console authentication failures (Scored)"},"3.7":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs (Scored)"},"3.8":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for S3 bucket policy changes (Scored)"},"3.9":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for AWS Config configuration changes (Scored)"},"4.1":{"mappings":[],"references":[],"title":"Ensure no security groups allow ingress from 0.0.0.0/0 to port 22 (Scored)"},"4.2":{"mappings":[],"references":[],"title":"Ensure no security groups allow ingress from 0.0.0.0/0 to port 3389 (Scored)"},"4.3":{"mappings":[],"references":[],"title":"Ensure VPC flow logging is enabled in all VPCs (Scored)"},"4.4":{"mappings":[],"references":[],"title":"Ensure the default security group of every VPC restricts all traffic (Scored)"},"4.5":{"mappings":[],"references":[],"title":"Ensure routing tables for VPC peering are \"least access\" (Not Scored)"}},"links":[],"release_date":"2016-11-29"},"v1.4.0":{"controls":{"1.1":{"mappings":[],"references":[],"title":"Maintain current contact details (Manual)"},"1.10":{"mappings":[],"references":[],"title":"Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Automated)"},"1.11":{"mappings":[],"references":[],"title":"Do not setup access keys during initial user setup for all IAM users that have a console password (Manual)"},"1.12":{"mappings":[],"references":[],"title":"Ensure credentials unused for 45 days or greater are disabled (Automated)"},"1.13":{"mappings":[],"references":[],"title":"Ensure there is only one active access key available for any single IAM user (Automated)"},"1.14":{"mappings":[],"references":[],"title":"Ensure access keys are rotated every 90 days or less (Automated)"},"1.15":{"mappings":[],"references":[],"title":"Ensure IAM Users Receive Permissions Only Through Groups (Automated)"},"1.16":{"mappings":[],"references":[],"title":"Ensure IAM policies that allow full \"*:*\" administrative privileges are not attached (Automated)"},"1.17":{"mappings":[],"references":[],"title":"Ensure a support role has been created to manage incidents with AWS Support (Automated)"},"1.18":{"mappings":[],"references":[],"title":"Ensure IAM instance roles are used for AWS resource access from instances (Manual)"},"1.19":{"mappings":[],"references":[],"title":"Ensure that all the expired SSL/TLS certificates stored in AWS IAM are removed (Automated)"},"1.2":{"mappings":[],"references":[],"title":"Ensure security contact information is registered (Manual)"},"1.20":{"mappings":[],"references":[],"title":"Ensure that IAM Access analyzer is enabled for all regions (Automated)"},"1.21":{"mappings":[],"references":[],"title":"Ensure IAM users are managed centrally via identity federation or AWS Organizations for multi-account environments (Manual)"},"1.3":{"mappings":[],"references":[],"title":"Ensure security questions are registered in the AWS account (Manual)"},"1.4":{"mappings":[],"references":[],"title":"Ensure no 'root' user account access key exists (Automated)"},"1.5":{"mappings":[],"references":[],"title":"Ensure MFA is enabled for the 'root' user account (Automated)"},"1.6":{"mappings":[],"references":[],"title":"Ensure hardware MFA is enabled for the 'root' user account (Automated)"},"1.7":{"mappings":[],"references":[],"title":"Eliminate use of the 'root' user for administrative and daily tasks (Automated)"},"1.8":{"mappings":[],"references":[],"title":"Ensure IAM password policy requires minimum length of 14 or greater (Automated)"},"1.9":{"mappings":[],"references":[],"title":"Ensure IAM password policy prevents password reuse (Automated)"},"2.1":{"mappings":[],"references":[],"title":"Simple Storage Service (S3)"},"2.1.1":{"mappings":[],"references":[],"title":"Ensure all S3 buckets employ encryption-at-rest (Manual)"},"2.1.2":{"mappings":[],"references":[],"title":"Ensure S3 Bucket Policy is set to deny HTTP requests (Manual)"},"2.1.3":{"mappings":[],"references":[],"title":"Ensure MFA Delete is enable on S3 buckets (Automated)"},"2.1.4":{"mappings":[],"references":[],"title":"Ensure all data in Amazon S3 has been discovered, classified and secured when required. (Manual)"},"2.1.5":{"mappings":[],"references":[],"title":"Ensure that S3 Buckets are configured with 'Block public access (bucket settings)' (Automated)"},"2.2":{"mappings":[],"references":[],"title":"Elastic Compute Cloud (EC2)"},"2.2.1":{"mappings":[],"references":[],"title":"Ensure EBS volume encryption is enabled (Manual)"},"2.3":{"mappings":[],"references":[],"title":"Relational Database Service (RDS)"},"2.3.1":{"mappings":[],"references":[],"title":"Ensure that encryption is enabled for RDS Instances (Automated)"},"3.1":{"mappings":[],"references":[],"title":"Ensure CloudTrail is enabled in all regions (Automated)"},"3.10":{"mappings":[],"references":[],"title":"Ensure that Object-level logging for write events is enabled for S3 bucket (Automated)"},"3.11":{"mappings":[],"references":[],"title":"Ensure that Object-level logging for read events is enabled for S3 bucket (Automated)"},"3.2":{"mappings":[],"references":[],"title":"Ensure CloudTrail log file validation is enabled (Automated)"},"3.3":{"mappings":[],"references":[],"title":"Ensure the S3 bucket used to store CloudTrail logs is not publicly accessible (Automated)"},"3.4":{"mappings":[],"references":[],"title":"Ensure CloudTrail trails are integrated with CloudWatch Logs (Automated)"},"3.5":{"mappings":[],"references":[],"title":"Ensure AWS Config is enabled in all regions (Automated)"},"3.6":{"mappings":[],"references":[],"title":"Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket (Automated)"},"3.7":{"mappings":[],"references":[],"title":"Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Automated)"},"3.8":{"mappings":[],"references":[],"title":"Ensure rotation for customer created CMKs is enabled (Automated)"},"3.9":{"mappings":[],"references":[],"title":"Ensure VPC flow logging is enabled in all VPCs (Automated)"},"4.1":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for unauthorized API calls (Automated)"},"4.10":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for security group changes (Automated)"},"4.11":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) (Automated)"},"4.12":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for changes to network gateways (Automated)"},"4.13":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for route table changes (Automated)"},"4.14":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for VPC changes (Automated)"},"4.15":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exists for AWS Organizations changes (Automated)"},"4.2":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for Management Console sign-in without MFA (Automated)"},"4.3":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for usage of 'root' account (Automated)"},"4.4":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for IAM policy changes (Automated)"},"4.5":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for CloudTrail configuration changes (Automated)"},"4.6":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for AWS Management Console authentication failures (Automated)"},"4.7":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs (Automated)"},"4.8":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for S3 bucket policy changes (Automated)"},"4.9":{"mappings":[],"references":[],"title":"Ensure a log metric filter and alarm exist for AWS Config configuration changes (Automated)"},"5.1":{"mappings":[],"references":[],"title":"Ensure no Network ACLs allow ingress from 0.0.0.0/0 to remote server administration ports (Automated)"},"5.2":{"mappings":[],"references":[],"title":"Ensure no security groups allow ingress from 0.0.0.0/0 to remote server administration ports (Automated)"},"5.3":{"mappings":[],"references":[],"title":"Ensure the default security group of every VPC restricts all traffic (Automated)"},"5.4":{"mappings":[],"references":[],"title":"Ensure routing tables for VPC peering are \"least access\" (Manual)"}},"links":[],"release_date":"2021-05-28"}}},"CIS-AZURE-Foundations":{"category":"CIS","latest_version":"v1.4.0","name":"CIS Microsoft Azure Foundations Benchmark","versions":{"v1.4.0":{"controls":{"1.1":{"mappings":[],"references":[],"title":"Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users (Manual)"},"1.10":{"mappings":[],"references":[],"title":"Ensure that 'Users can add gallery apps to My Apps' is set to 'No' (Manual)"},"1.11":{"mappings":[],"references":[],"title":"Ensure that 'Users can register applications' is set to 'No' (Manual)"},"1.12":{"mappings":[],"references":[],"title":"Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' (Manual)"},"1.13":{"mappings":[],"references":[],"title":"Ensure that 'Guest invite restrictions' is set to \"Only users assigned to specific admin roles can invite guest users\" (Manual)"},"1.14":{"mappings":[],"references":[],"title":"Ensure That 'Restrict access to Azure AD administration portal' is Set to \"Yes\" (Manual)"},"1.15":{"mappings":[],"references":[],"title":"Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' (Manual)"},"1.16":{"mappings":[],"references":[],"title":"Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' (Manual)"},"1.17":{"mappings":[],"references":[],"title":"Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' (Manual)"},"1.18":{"mappings":[],"references":[],"title":"Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' (Manual)"},"1.19":{"mappings":[],"references":[],"title":"Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' (Manual)"},"1.2":{"mappings":[],"references":[],"title":"Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users (Manual)"},"1.20":{"mappings":[],"references":[],"title":"Ensure That No Custom Subscription Owner Roles Are Created (Automated)"},"1.21":{"mappings":[],"references":[],"title":"Ensure Security Defaults is enabled on Azure Active Directory (Manual)"},"1.22":{"mappings":[],"references":[],"title":"Ensure a Custom Role is Assigned Permissions for Administering Resource Locks (Manual)"},"1.3":{"mappings":[],"references":[],"title":"Ensure guest users are reviewed on a monthly basis (Manual)"},"1.4":{"mappings":[],"references":[],"title":"Ensure that 'Restore multi-factor authentication on all remembered devices' is Enabled (Manual)"},"1.5":{"mappings":[],"references":[],"title":"Ensure That 'Number of methods required to reset' is set to '2' (Manual)"},"1.6":{"mappings":[],"references":[],"title":"Ensure that 'Number of days before users are asked to re- confirm their authentication information' is not set to '0' (Manual)"},"1.7":{"mappings":[],"references":[],"title":"Ensure that 'Notify users on password resets?' is set to 'Yes' (Manual)"},"1.8":{"mappings":[],"references":[],"title":"Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' (Manual)"},"1.9":{"mappings":[],"references":[],"title":"Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' (Manual)"},"2.1":{"mappings":[],"references":[],"title":"Ensure that Microsoft Defender for Servers is set to 'On' (Manual)"},"2.10":{"mappings":[],"references":[],"title":"Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected (Manual)"},"2.11":{"mappings":[],"references":[],"title":"Ensure That Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' (Automated)"},"2.12":{"mappings":[],"references":[],"title":"Ensure Any of the ASC Default Policy Setting is Not Set to 'Disabled' (Manual)"},"2.13":{"mappings":[],"references":[],"title":"Ensure 'Additional email addresses' is Configured with a Security Contact Email (Automated)"},"2.14":{"mappings":[],"references":[],"title":"Ensure That 'Notify about alerts with the following severity' is Set to 'High' (Automated)"},"2.15":{"mappings":[],"references":[],"title":"Ensure That 'All users with the following roles' is set to 'Owner' (Automated)"},"2.2":{"mappings":[],"references":[],"title":"Ensure that Microsoft Defender for App Service is set to 'On' (Manual)"},"2.3":{"mappings":[],"references":[],"title":"Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' (Manual)"},"2.4":{"mappings":[],"references":[],"title":"Ensure that Microsoft Defender for SQL servers on machines is set to 'On' (Manual)"},"2.5":{"mappings":[],"references":[],"title":"Ensure that Microsoft Defender for Storage is set to 'On' (Manual)"},"2.6":{"mappings":[],"references":[],"title":"Ensure that Microsoft Defender for Kubernetes is set to 'On' (Manual)"},"2.7":{"mappings":[],"references":[],"title":"Ensure that Microsoft Defender for Container Registries is set to 'On' (Manual)"},"2.8":{"mappings":[],"references":[],"title":"Ensure that Microsoft Defender for Key Vault is set to 'On' (Manual)"},"2.9":{"mappings":[],"references":[],"title":"Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected (Manual)"},"3.1":{"mappings":[],"references":[],"title":"Ensure that 'Secure transfer required' is set to 'Enabled' (Automated)"},"3.10":{"mappings":[],"references":[],"title":"Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests (Automated)"},"3.11":{"mappings":[],"references":[],"title":"Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests (Automated)"},"3.12":{"mappings":[],"references":[],"title":"Ensure the \"Minimum TLS version\" is set to \"Version 1.2\" (Automated)"},"3.2":{"mappings":[],"references":[],"title":"Ensure That Storage Account Access Keys are Periodically Regenerated (Manual)"},"3.3":{"mappings":[],"references":[],"title":"Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests (Automated)"},"3.4":{"mappings":[],"references":[],"title":"Ensure that Shared Access Signature Tokens Expire Within an Hour (Manual)"},"3.5":{"mappings":[],"references":[],"title":"Ensure that 'Public access level' is set to Private for blob containers (Automated)"},"3.6":{"mappings":[],"references":[],"title":"Ensure Default Network Access Rule for Storage Accounts is Set to Deny (Automated)"},"3.7":{"mappings":[],"references":[],"title":"Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access (Automated)"},"3.8":{"mappings":[],"references":[],"title":"Ensure Soft Delete is Enabled for Azure Storage (Automated)"},"3.9":{"mappings":[],"references":[],"title":"Ensure Storage for Critical Data are Encrypted with Customer Managed Keys (Manual)"},"4.1":{"mappings":[],"references":[],"title":"SQL Server - Auditing"},"4.1.1":{"mappings":[],"references":[],"title":"Ensure that 'Auditing' is set to 'On' (Automated)"},"4.1.2":{"mappings":[],"references":[],"title":"Ensure that 'Data encryption' is set to 'On' on a SQL Database (Automated)"},"4.1.3":{"mappings":[],"references":[],"title":"Ensure that 'Auditing' Retention is 'greater than 90 days' (Automated)"},"4.2":{"mappings":[],"references":[],"title":"SQL Server - Azure Defender for SQL"},"4.2.1":{"mappings":[],"references":[],"title":"Ensure that Advanced Threat Protection (ATP) on a SQL Server is Set to 'Enabled' (Automated)"},"4.2.2":{"mappings":[],"references":[],"title":"Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account (Automated)"},"4.2.3":{"mappings":[],"references":[],"title":"Ensure that VA setting 'Periodic recurring scans' to 'on' for each SQL server (Automated)"},"4.2.4":{"mappings":[],"references":[],"title":"Ensure that VA setting 'Send scan reports to' is configured for a SQL server (Automated)"},"4.2.5":{"mappings":[],"references":[],"title":"Ensure that Vulnerability Assessment Setting 'Also send email notifications to admins and subscription owners' is Set for Each SQL Server (Automated)"},"4.3":{"mappings":[],"references":[],"title":"PostgreSQL Database Server"},"4.3.1":{"mappings":[],"references":[],"title":"Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server (Automated)"},"4.3.2":{"mappings":[],"references":[],"title":"Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server (Automated)"},"4.3.3":{"mappings":[],"references":[],"title":"Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server (Automated)"},"4.3.4":{"mappings":[],"references":[],"title":"Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server (Automated)"},"4.3.5":{"mappings":[],"references":[],"title":"Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server (Automated)"},"4.3.6":{"mappings":[],"references":[],"title":"Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server (Automated)"},"4.3.7":{"mappings":[],"references":[],"title":"Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled (Manual)"},"4.3.8":{"mappings":[],"references":[],"title":"Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' (Automated)"},"4.4":{"mappings":[],"references":[],"title":"MySQL Database"},"4.4.1":{"mappings":[],"references":[],"title":"Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server (Automated)"},"4.4.2":{"mappings":[],"references":[],"title":"Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server (Automated)"},"4.5":{"mappings":[],"references":[],"title":"Ensure that Azure Active Directory Admin is configured (Automated)"},"4.6":{"mappings":[],"references":[],"title":"Ensure SQL server's TDE protector is encrypted with Customer-managed key (Automated)"},"5.1":{"mappings":[],"references":[],"title":"Configuring Diagnostic Settings"},"5.1.1":{"mappings":[],"references":[],"title":"Ensure that a 'Diagnostics Setting' exists (Manual)"},"5.1.2":{"mappings":[],"references":[],"title":"Ensure Diagnostic Setting captures appropriate categories (Automated)"},"5.1.3":{"mappings":[],"references":[],"title":"Ensure the storage container storing the activity logs is not publicly accessible (Automated)"},"5.1.4":{"mappings":[],"references":[],"title":"Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) (Automated)"},"5.1.5":{"mappings":[],"references":[],"title":"Ensure that logging for Azure KeyVault is 'Enabled' (Automated)"},"5.2":{"mappings":[],"references":[],"title":"Monitoring using Activity Log Alerts"},"5.2.1":{"mappings":[],"references":[],"title":"Ensure that Activity Log Alert exists for Create Policy Assignment (Automated)"},"5.2.2":{"mappings":[],"references":[],"title":"Ensure that Activity Log Alert exists for Delete Policy Assignment (Automated)"},"5.2.3":{"mappings":[],"references":[],"title":"Ensure that Activity Log Alert exists for Create or Update Network Security Group (Automated)"},"5.2.4":{"mappings":[],"references":[],"title":"Ensure that Activity Log Alert exists for Delete Network Security Group (Automated)"},"5.2.5":{"mappings":[],"references":[],"title":"Ensure that Activity Log Alert exists for Create or Update Network Security Group (Automated)"},"5.2.6":{"mappings":[],"references":[],"title":"Ensure that activity log alert exists for the Delete Network Security Group Rule (Automated)"},"5.2.7":{"mappings":[],"references":[],"title":"Ensure that Activity Log Alert exists for Create or Update Security Solution (Automated)"},"5.2.8":{"mappings":[],"references":[],"title":"Ensure that Activity Log Alert exists for Delete Security Solution (Automated)"},"5.2.9":{"mappings":[],"references":[],"title":"Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule (Automated)"},"5.3":{"mappings":[],"references":[],"title":"Ensure that Diagnostic Logs Are Enabled for All Services that Support it. (Manual)"},"6.1":{"mappings":[],"references":[],"title":"Ensure that RDP access is restricted from the internet (Automated)"},"6.2":{"mappings":[],"references":[],"title":"Ensure that SSH access is restricted from the internet (Automated)"},"6.3":{"mappings":[],"references":[],"title":"Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) (Automated)"},"6.4":{"mappings":[],"references":[],"title":"Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' (Automated)"},"6.5":{"mappings":[],"references":[],"title":"Ensure that Network Watcher is 'Enabled' (Manual)"},"6.6":{"mappings":[],"references":[],"title":"Ensure that UDP Services are restricted from the Internet (Automated)"},"7.1":{"mappings":[],"references":[],"title":"Ensure Virtual Machines are utilizing Managed Disks (Manual)"},"7.2":{"mappings":[],"references":[],"title":"Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) (Automated)"},"7.3":{"mappings":[],"references":[],"title":"Ensure that 'Unattached disks' are encrypted with CMK (Automated)"},"7.4":{"mappings":[],"references":[],"title":"Ensure that Only Approved Extensions Are Installed (Automated)"},"7.5":{"mappings":[],"references":[],"title":"Ensure that the latest OS Patches for all Virtual Machines are applied (Manual)"},"7.6":{"mappings":[],"references":[],"title":"Ensure that the endpoint protection for all Virtual Machines is installed (Manual)"},"7.7":{"mappings":[],"references":[],"title":"Ensure that VHD's are Encrypted (Manual)"},"8.1":{"mappings":[],"references":[],"title":"Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults (Automated)"},"8.2":{"mappings":[],"references":[],"title":"Ensure that the Expiration Date is set for all Keys in Non- RBAC Key Vaults. (Manual)"},"8.3":{"mappings":[],"references":[],"title":"Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults (Automated)"},"8.4":{"mappings":[],"references":[],"title":"Ensure that the Expiration Date is set for all Secrets in Non- RBAC Key Vaults (Manual)"},"8.5":{"mappings":[],"references":[],"title":"Ensure that Resource Locks are set for Mission Critical Azure Resources (Manual)"},"8.6":{"mappings":[],"references":[],"title":"Ensure the key vault is recoverable (Automated)"},"8.7":{"mappings":[],"references":[],"title":"Enable role-based access control (RBAC) within Azure Kubernetes Services (Automated)"},"9.1":{"mappings":[],"references":[],"title":"Ensure App Service Authentication is set up for apps in Azure App Service (Automated)"},"9.10":{"mappings":[],"references":[],"title":"Ensure FTP deployments are Disabled (Automated)"},"9.11":{"mappings":[],"references":[],"title":"Ensure Azure Keyvaults are Used to Store Secrets (Manual)"},"9.2":{"mappings":[],"references":[],"title":"Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service (Automated)"},"9.3":{"mappings":[],"references":[],"title":"Ensure Web App is using the latest version of TLS encryption (Automated)"},"9.4":{"mappings":[],"references":[],"title":"Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' (Automated)"},"9.5":{"mappings":[],"references":[],"title":"Ensure that Register with Azure Active Directory is enabled on App Service (Automated)"},"9.6":{"mappings":[],"references":[],"title":"Ensure That 'PHP version' is the Latest, If Used to Run the Web App (Manual)"},"9.7":{"mappings":[],"references":[],"title":"Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App (Manual)"},"9.8":{"mappings":[],"references":[],"title":"Ensure that 'Java version' is the latest, if used to run the Web App (Manual)"},"9.9":{"mappings":[],"references":[],"title":"Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App (Automated)"}},"links":[],"release_date":"2021-11-26"}}},"CIS-Controls":{"category":"CIS","latest_version":"v8","name":"CIS Critical Security Controls","versions":{"v8":{"controls":{"1.1":{"mappings":[],"references":[],"title":"Establish and Maintain Detailed Enterprise Asset Inventory"},"1.2":{"mappings":[],"references":[],"title":"Address Unauthorized Assets"},"1.3":{"mappings":[],"references":[],"title":"Utilize an Active Discovery Tool"},"1.4":{"mappings":[],"references":[],"title":"Use Dynamic Host Configuration Protocol (DHCP) Logging to Update Enterprise Asset Inventory"},"1.5":{"mappings":[],"references":[],"title":"Use a Passive Asset Discovery Tool"},"10.1":{"mappings":[],"references":[],"title":"Deploy and Maintain Anti-Malware Software"},"10.2":{"mappings":[],"references":[],"title":"Configure Automatic Anti-Malware Signature Updates"},"10.3":{"mappings":[],"references":[],"title":"Disable Autorun and Autoplay for Removable Media"},"10.4":{"mappings":[],"references":[],"title":"Configure Automatic Anti-Malware Scanning of Removable Media"},"10.5":{"mappings":[],"references":[],"title":"Enable Anti-Exploitation Features"},"10.6":{"mappings":[],"references":[],"title":"Centrally Manage Anti-Malware Software"},"10.7":{"mappings":[],"references":[],"title":"Use Behavior-Based Anti-Malware Software"},"11.1":{"mappings":[],"references":[],"title":"Establish and Maintain a Data Recovery Process"},"11.2":{"mappings":[],"references":[],"title":"Perform Automated Backups"},"11.3":{"mappings":[],"references":[],"title":"Protect Recovery Data"},"11.4":{"mappings":[],"references":[],"title":"Establish and Maintain an Isolated Instance of Recovery Data"},"11.5":{"mappings":[],"references":[],"title":"Test Data Recovery"},"12.1":{"mappings":[],"references":[],"title":"Ensure Network Infrastructure is Up-to-Date"},"12.2":{"mappings":[],"references":[],"title":"Establish and Maintain a Secure Network Architecture"},"12.3":{"mappings":[],"references":[],"title":"Securely Manage Network Infrastructure"},"12.4":{"mappings":[],"references":[],"title":"Establish and Maintain Architecture Diagram(s)"},"12.5":{"mappings":[],"references":[],"title":"Centralize Network Authentication, Authorization, and Auditing (AAA)"},"12.6":{"mappings":[],"references":[],"title":"Use of Secure Network Management and Communication Protocols"},"12.7":{"mappings":[],"references":[],"title":"Ensure Remote Devices Utilize a VPN and are Connecting to an Enterprises AAA Infrastructure"},"12.8":{"mappings":[],"references":[],"title":"Establish and Maintain Dedicated Computing Resources for All Administrative Work"},"13.1":{"mappings":[],"references":[],"title":"Centralize Security Event Alerting"},"13.10":{"mappings":[],"references":[],"title":"Perform Application Layer Filtering"},"13.11":{"mappings":[],"references":[],"title":"Tune Security Event Alerting Thresholds"},"13.2":{"mappings":[],"references":[],"title":"Deploy a Host-Based Intrusion Detection Solution"},"13.3":{"mappings":[],"references":[],"title":"Deploy a Network Intrusion Detection Solution"},"13.4":{"mappings":[],"references":[],"title":"Perform Traffic Filtering Between Network Segments"},"13.5":{"mappings":[],"references":[],"title":"Manage Access Control for Remote Assets"},"13.6":{"mappings":[],"references":[],"title":"Collect Network Traffic Flow Logs"},"13.7":{"mappings":[],"references":[],"title":"Deploy a Host-Based Intrusion Prevention Solution"},"13.8":{"mappings":[],"references":[],"title":"Deploy a Network Intrusion Prevention Solution"},"13.9":{"mappings":[],"references":[],"title":"Deploy Port-Level Access Control"},"14.1":{"mappings":[],"references":[],"title":"Establish and Maintain a Security Awareness Program"},"14.2":{"mappings":[],"references":[],"title":"Train Workforce Members to Recognize Social Engineering Attacks"},"14.3":{"mappings":[],"references":[],"title":"Train Workforce Members on Authentication Best Practices"},"14.4":{"mappings":[],"references":[],"title":"Train Workforce on Data Handling Best Practices"},"14.5":{"mappings":[],"references":[],"title":"Train Workforce Members on Causes of Unintentional Data Exposure"},"14.6":{"mappings":[],"references":[],"title":"Train Workforce Members on Recognizing and Reporting Security Incidents"},"14.7":{"mappings":[],"references":[],"title":"Train Workforce on How to Identify and Report if Their Enterprise Assets are Missing Security Updates"},"14.8":{"mappings":[],"references":[],"title":"Train Workforce on the Dangers of Connecting to and Transmitting Enterprise Data Over Insecure Networks"},"14.9":{"mappings":[],"references":[],"title":"Conduct Role-Specific Security Awareness and Skills Training"},"15.1":{"mappings":[],"references":[],"title":"Establish and Maintain an Inventory of Service Providers"},"15.2":{"mappings":[],"references":[],"title":"Establish and Maintain a Service Provider Management Policy"},"15.3":{"mappings":[],"references":[],"title":"Classify Service Providers"},"15.4":{"mappings":[],"references":[],"title":"Ensure Service Provider Contracts Include Security Requirements"},"15.5":{"mappings":[],"references":[],"title":"Assess Service Providers"},"15.6":{"mappings":[],"references":[],"title":"Monitor Service Providers"},"15.7":{"mappings":[],"references":[],"title":"Securely Decommission Service Providers"},"16.1":{"mappings":[],"references":[],"title":"Establish and Maintain a Secure Application Development Process"},"16.10":{"mappings":[],"references":[],"title":"Apply Secure Design Principles in Application Architectures"},"16.11":{"mappings":[],"references":[],"title":"Leverage Vetted Modules or Services for Application Security Components"},"16.12":{"mappings":[],"references":[],"title":"Implement Code-Level Security Checks"},"16.13":{"mappings":[],"references":[],"title":"Conduct Application Penetration Testing"},"16.14":{"mappings":[],"references":[],"title":"Conduct Threat Modeling"},"16.2":{"mappings":[],"references":[],"title":"Establish and Maintain a Process to Accept and Address Software Vulnerabilities"},"16.3":{"mappings":[],"references":[],"title":"Perform Root Cause Analysis on Security Vulnerabilities"},"16.4":{"mappings":[],"references":[],"title":"Establish and Manage an Inventory of Third-Party Software Components"},"16.5":{"mappings":[],"references":[],"title":"Use Up-to-Date and Trusted Third-Party Software Components"},"16.6":{"mappings":[],"references":[],"title":"Establish and Maintain a Severity Rating System and Process for Application Vulnerabilities"},"16.7":{"mappings":[],"references":[],"title":"Use Standard Hardening Configuration Templates for Application Infrastructure"},"16.8":{"mappings":[],"references":[],"title":"Separate Production and Non-Production Systems"},"16.9":{"mappings":[],"references":[],"title":"Train Developers in Application Security Concepts and Secure Coding"},"17.1":{"mappings":[],"references":[],"title":"Designate Personnel to Manage Incident Handling"},"17.2":{"mappings":[],"references":[],"title":"Establish and Maintain Contact Information for Reporting Security Incidents"},"17.3":{"mappings":[],"references":[],"title":"Establish and Maintain an Enterprise Process for Reporting Incidents"},"17.4":{"mappings":[],"references":[],"title":"Establish and Maintain an Incident Response Process"},"17.5":{"mappings":[],"references":[],"title":"Assign Key Roles and Responsibilities"},"17.6":{"mappings":[],"references":[],"title":"Define Mechanisms for Communicating During Incident Response"},"17.7":{"mappings":[],"references":[],"title":"Conduct Routine Incident Response Exercises"},"17.8":{"mappings":[],"references":[],"title":"Conduct Post-Incident Reviews"},"17.9":{"mappings":[],"references":[],"title":"Establish and Maintain Security Incident Thresholds"},"18.1":{"mappings":[],"references":[],"title":"Establish and Maintain a Penetration Testing Program"},"18.2":{"mappings":[],"references":[],"title":"Perform Periodic External Penetration Tests"},"18.3":{"mappings":[],"references":[],"title":"Remediate Penetration Test Findings"},"18.4":{"mappings":[],"references":[],"title":"Validate Security Measures"},"18.5":{"mappings":[],"references":[],"title":"Perform Periodic Internal Penetration Tests"},"2.1":{"mappings":[],"references":[],"title":"Establish and Maintain a Software Inventory"},"2.2":{"mappings":[],"references":[],"title":"Ensure Authorized Software is Currently Supported"},"2.3":{"mappings":[],"references":[],"title":"Address Unauthorized Software"},"2.4":{"mappings":[],"references":[],"title":"Utilize Automated Software Inventory Tools"},"2.5":{"mappings":[],"references":[],"title":"Allowlist Authorized Software"},"2.6":{"mappings":[],"references":[],"title":"Allowlist Authorized Libraries"},"2.7":{"mappings":[],"references":[],"title":"Allowlist Authorized Scripts"},"3.1":{"mappings":[],"references":[],"title":"Establish and Maintain a Data Management Process"},"3.10":{"mappings":[],"references":[],"title":"Encrypt Sensitive Data in Transit"},"3.11":{"mappings":[],"references":[],"title":"Encrypt Sensitive Data at Rest"},"3.12":{"mappings":[],"references":[],"title":"Segment Data Processing and Storage Based on Sensitivity"},"3.13":{"mappings":[],"references":[],"title":"Deploy a Data Loss Prevention Solution"},"3.14":{"mappings":[],"references":[],"title":"Log Sensitive Data Access"},"3.2":{"mappings":[],"references":[],"title":"Establish and Maintain a Data Inventory"},"3.3":{"mappings":[],"references":[],"title":"Configure Data Access Control Lists"},"3.4":{"mappings":[],"references":[],"title":"Enforce Data Retention"},"3.5":{"mappings":[],"references":[],"title":"Securely Dispose of Data"},"3.6":{"mappings":[],"references":[],"title":"Encrypt Data on End-User Devices"},"3.7":{"mappings":[],"references":[],"title":"Establish and Maintain a Data Classification Scheme"},"3.8":{"mappings":[],"references":[],"title":"Document Data Flows"},"3.9":{"mappings":[],"references":[],"title":"Encrypt Data on Removable Media"},"4.1":{"mappings":[],"references":[],"title":"Establish and Maintain a Secure Configuration Process"},"4.10":{"mappings":[],"references":[],"title":"Enforce Automatic Device Lockout on Portable End-User Devices"},"4.11":{"mappings":[],"references":[],"title":"Enforce Remote Wipe Capability on Portable End-User Devices"},"4.12":{"mappings":[],"references":[],"title":"Separate Enterprise Workspaces on Mobile End-User Devices"},"4.2":{"mappings":[],"references":[],"title":"Establish and Maintain a Secure Configuration Process for Network Infrastructure"},"4.3":{"mappings":[],"references":[],"title":"Configure Automatic Session Locking on Enterprise Assets"},"4.4":{"mappings":[],"references":[],"title":"Implement and Manage a Firewall on Servers"},"4.5":{"mappings":[],"references":[],"title":"Implement and Manage a Firewall on End-User Devices"},"4.6":{"mappings":[],"references":[],"title":"Securely Manage Enterprise Assets and Software"},"4.7":{"mappings":[],"references":[],"title":"Manage Default Accounts on Enterprise Assets and Software"},"4.8":{"mappings":[],"references":[],"title":"Uninstall or Disable Unnecessary Services on Enterprise Assets and Software"},"4.9":{"mappings":[],"references":[],"title":"Configure Trusted DNS Servers on Enterprise Assets"},"5.1":{"mappings":[],"references":[],"title":"Establish and Maintain an Inventory of Accounts"},"5.2":{"mappings":[],"references":[],"title":"Use Unique Passwords"},"5.3":{"mappings":[],"references":[],"title":"Disable Dormant Accounts"},"5.4":{"mappings":[],"references":[],"title":"Restrict Administrator Privileges to Dedicated Administrator Accounts"},"5.5":{"mappings":[],"references":[],"title":"Establish and Maintain an Inventory of Service Accounts"},"5.6":{"mappings":[],"references":[],"title":"Centralize Account Management"},"6.1":{"mappings":[],"references":[],"title":"Establish an Access Granting Process"},"6.2":{"mappings":[],"references":[],"title":"Establish an Access Revoking Process"},"6.3":{"mappings":[],"references":[],"title":"Require MFA for Externally-Exposed Applications"},"6.4":{"mappings":[],"references":[],"title":"Require MFA for Remote Network Access"},"6.5":{"mappings":[],"references":[],"title":"Require MFA for Administrative Access"},"6.6":{"mappings":[],"references":[],"title":"Establish and Maintain an Inventory of Authentication and Authorization Systems"},"6.7":{"mappings":[],"references":[],"title":"Centralize Access Control"},"6.8":{"mappings":[],"references":[],"title":"Define and Maintain Role-Based Access Control"},"7.1":{"mappings":[],"references":[],"title":"Establish and Maintain a Vulnerability Management Process"},"7.2":{"mappings":[],"references":[],"title":"Establish and Maintain a Remediation Process"},"7.3":{"mappings":[],"references":[],"title":"Perform Automated Operating System Patch Management"},"7.4":{"mappings":[],"references":[],"title":"Perform Automated Application Patch Management"},"7.5":{"mappings":[],"references":[],"title":"Perform Automated Vulnerability Scans of Internal Enterprise Assets"},"7.6":{"mappings":[],"references":[],"title":"Perform Automated Vulnerability Scans of Externally-Exposed Enterprise Assets"},"7.7":{"mappings":[],"references":[],"title":"Remediate Detected Vulnerabilities"},"8.1":{"mappings":[],"references":[],"title":"Establish and Maintain an Audit Log Management Process"},"8.10":{"mappings":[],"references":[],"title":"Retain Audit Logs"},"8.11":{"mappings":[],"references":[],"title":"Conduct Audit Log Reviews"},"8.12":{"mappings":[],"references":[],"title":"Collect Service Provider Logs"},"8.2":{"mappings":[],"references":[],"title":"Collect Audit Logs"},"8.3":{"mappings":[],"references":[],"title":"Ensure Adequate Audit Log Storage"},"8.4":{"mappings":[],"references":[],"title":"Standardize Time Synchronization"},"8.5":{"mappings":[],"references":[],"title":"Collect Detailed Audit Logs"},"8.6":{"mappings":[],"references":[],"title":"Collect DNS Query Audit Logs"},"8.7":{"mappings":[],"references":[],"title":"Collect URL Request Audit Logs"},"8.8":{"mappings":[],"references":[],"title":"Collect Command-Line Audit Logs"},"8.9":{"mappings":[],"references":[],"title":"Centralize Audit Logs"},"9.1":{"mappings":[],"references":[],"title":"Ensure Use of Only Fully Supported Browsers and Email Clients"},"9.2":{"mappings":[],"references":[],"title":"Use DNS Filtering Services"},"9.3":{"mappings":[],"references":[],"title":"Maintain and Enforce Network-Based URL Filters"},"9.4":{"mappings":[],"references":[],"title":"Restrict Unnecessary or Unauthorized Browser and Email Client Extensions"},"9.5":{"mappings":[],"references":[],"title":"Implement DMARC"},"9.6":{"mappings":[],"references":[],"title":"Block Unnecessary File Types"},"9.7":{"mappings":[],"references":[],"title":"Deploy and Maintain Email Server Anti-Malware Protections"}},"links":["https://www.cisecurity.org/controls/"],"release_date":"2021-05-01"}}},"CIS-GCP-Foundations":{"category":"CIS","latest_version":"v1.3.0","name":"CIS Google Cloud Platform Foundation Benchmark","versions":{"v1.2.0":{"controls":{"1.1":{"mappings":[],"references":[],"title":"Ensure that corporate login credentials are used (Automated)"},"1.10":{"mappings":[],"references":[],"title":"Ensure KMS encryption keys are rotated within a period of 90 days (Automated)"},"1.11":{"mappings":[],"references":[],"title":"Ensure that Separation of duties is enforced while assigning KMS related roles to users (Automated)"},"1.12":{"mappings":[],"references":[],"title":"Ensure API keys are not created for a project (Manual)"},"1.13":{"mappings":[],"references":[],"title":"Ensure API keys are restricted to use by only specified Hosts and Apps (Manual)"},"1.14":{"mappings":[],"references":[],"title":"Ensure API keys are restricted to only APIs that application needs access (Manual)"},"1.15":{"mappings":[],"references":[],"title":"Ensure API keys are rotated every 90 days (Manual)"},"1.2":{"mappings":[],"references":[],"title":"Ensure that multi-factor authentication is enabled for all non-service accounts (Manual)"},"1.3":{"mappings":[],"references":[],"title":"Ensure that Security Key Enforcement is enabled for all admin accounts (Manual)"},"1.4":{"mappings":[],"references":[],"title":"Ensure that there are only GCP-managed service account keys for each service account (Automated)"},"1.5":{"mappings":[],"references":[],"title":"Ensure that Service Account has no Admin privileges (Automated)"},"1.6":{"mappings":[],"references":[],"title":"Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level (Automated)"},"1.7":{"mappings":[],"references":[],"title":"Ensure user-managed/external keys for service accounts are rotated every 90 days or less (Automated)"},"1.8":{"mappings":[],"references":[],"title":"Ensure that Separation of duties is enforced while assigning service account related roles to users (Manual)"},"1.9":{"mappings":[],"references":[],"title":"Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible (Automated)"},"2.1":{"mappings":[],"references":[],"title":"Ensure that Cloud Audit Logging is configured properly across all services and all users from a project (Automated)"},"2.10":{"mappings":[],"references":[],"title":"Ensure that the log metric filter and alerts exist for Cloud Storage IAM permission changes (Automated)"},"2.11":{"mappings":[],"references":[],"title":"Ensure that the log metric filter and alerts exist for SQL instance configuration changes (Automated)"},"2.12":{"mappings":[],"references":[],"title":"Ensure that Cloud DNS logging is enabled for all VPC networks (Automated)"},"2.2":{"mappings":[],"references":[],"title":"Ensure that sinks are configured for all log entries (Automated)"},"2.3":{"mappings":[],"references":[],"title":"Ensure that retention policies on log buckets are configured using Bucket Lock (Automated)"},"2.4":{"mappings":[],"references":[],"title":"Ensure log metric filter and alerts exist for project ownership assignments/changes (Automated)"},"2.5":{"mappings":[],"references":[],"title":"Ensure that the log metric filter and alerts exist for Audit Configuration changes (Automated)"},"2.6":{"mappings":[],"references":[],"title":"Ensure that the log metric filter and alerts exist for Custom Role changes (Automated)"},"2.7":{"mappings":[],"references":[],"title":"Ensure that the log metric filter and alerts exist for VPC Network Firewall rule changes (Automated)"},"2.8":{"mappings":[],"references":[],"title":"Ensure that the log metric filter and alerts exist for VPC network route changes (Automated)"},"2.9":{"mappings":[],"references":[],"title":"Ensure that the log metric filter and alerts exist for VPC network changes (Automated)"},"3.1":{"mappings":[],"references":[],"title":"Ensure that the default network does not exist in a project (Automated)"},"3.10":{"mappings":[],"references":[],"title":"Ensure Firewall Rules for instances behind Identity Aware Proxy (IAP) only allow the traffic from Google Cloud Loadbalancer (GCLB) Health Check and Proxy Addresses (Manual)"},"3.2":{"mappings":[],"references":[],"title":"Ensure legacy networks do not exist for a project (Automated)"},"3.3":{"mappings":[],"references":[],"title":"Ensure that DNSSEC is enabled for Cloud DNS (Automated)"},"3.4":{"mappings":[],"references":[],"title":"Ensure that RSASHA1 is not used for the key-signing key in Cloud DNS DNSSEC (Manual)"},"3.5":{"mappings":[],"references":[],"title":"Ensure that RSASHA1 is not used for the zone-signing key in Cloud DNS DNSSEC (Manual)"},"3.6":{"mappings":[],"references":[],"title":"Ensure that SSH access is restricted from the internet (Automated)"},"3.7":{"mappings":[],"references":[],"title":"Ensure that RDP access is restricted from the Internet (Automated)"},"3.8":{"mappings":[],"references":[],"title":"Ensure that VPC Flow Logs is enabled for every subnet in a VPC Network (Automated)"},"3.9":{"mappings":[],"references":[],"title":"Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites (Manual)"},"4.1":{"mappings":[],"references":[],"title":"Ensure that instances are not configured to use the default service account (Automated)"},"4.10":{"mappings":[],"references":[],"title":"Ensure that App Engine applications enforce HTTPS connections (Manual)"},"4.11":{"mappings":[],"references":[],"title":"Ensure that Compute instances have Confidential Computing enabled (Automated)"},"4.2":{"mappings":[],"references":[],"title":"Ensure that instances are not configured to use the default service account with full access to all Cloud APIs (Automated)"},"4.3":{"mappings":[],"references":[],"title":"Ensure \"Block Project-wide SSH keys\" is enabled for VM instances (Automated)"},"4.4":{"mappings":[],"references":[],"title":"Ensure oslogin is enabled for a Project (Automated)"},"4.5":{"mappings":[],"references":[],"title":"Ensure 'Enable connecting to serial ports' is not enabled for VM Instance (Automated)"},"4.6":{"mappings":[],"references":[],"title":"Ensure that IP forwarding is not enabled on Instances (Automated)"},"4.7":{"mappings":[],"references":[],"title":"Ensure VM disks for critical VMs are encrypted with Customer-Supplied Encryption Keys (CSEK) (Automated)"},"4.8":{"mappings":[],"references":[],"title":"Ensure Compute instances are launched with Shielded VM enabled (Automated)"},"4.9":{"mappings":[],"references":[],"title":"Ensure that Compute instances do not have public IP addresses (Automated)"},"5.1":{"mappings":[],"references":[],"title":"Ensure that Cloud Storage bucket is not anonymously or publicly accessible (Automated)"},"5.2":{"mappings":[],"references":[],"title":"Ensure that Cloud Storage buckets have uniform bucket- level access enabled (Automated)"},"6.1":{"mappings":[],"references":[],"title":"MySQL Database"},"6.1.1":{"mappings":[],"references":[],"title":"Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges (Automated)"},"6.1.2":{"mappings":[],"references":[],"title":"Ensure 'skip_show_database' database flag for Cloud SQL Mysql instance is set to 'on' (Automated)"},"6.1.3":{"mappings":[],"references":[],"title":"Ensure that the 'local_infile' database flag for a Cloud SQL Mysql instance is set to 'off' (Automated)"},"6.2":{"mappings":[],"references":[],"title":"PostgreSQL Database"},"6.2.1":{"mappings":[],"references":[],"title":"Ensure that the 'log_checkpoints' database flag for Cloud SQL PostgreSQL instance is set to 'on' (Automated)"},"6.2.10":{"mappings":[],"references":[],"title":"Ensure 'log_planner_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' (Automated)"},"6.2.11":{"mappings":[],"references":[],"title":"Ensure 'log_executor_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' (Automated)"},"6.2.12":{"mappings":[],"references":[],"title":"Ensure 'log_statement_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' (Automated)"},"6.2.13":{"mappings":[],"references":[],"title":"Ensure that the 'log_min_messages' database flag for Cloud SQL PostgreSQL instance is set appropriately (Manual)"},"6.2.14":{"mappings":[],"references":[],"title":"Ensure 'log_min_error_statement' database flag for Cloud SQL PostgreSQL instance is set to 'Error' or stricter (Automated)"},"6.2.15":{"mappings":[],"references":[],"title":"Ensure that the 'log_temp_files' database flag for Cloud SQL PostgreSQL instance is set to '0' (on) (Automated)"},"6.2.16":{"mappings":[],"references":[],"title":"Ensure that the 'log_min_duration_statement' database flag for Cloud SQL PostgreSQL instance is set to '-1' (disabled) (Automated)"},"6.2.2":{"mappings":[],"references":[],"title":"Ensure 'log_error_verbosity' database flag for Cloud SQL PostgreSQL instance is set to 'DEFAULT' or stricter (Manual)"},"6.2.3":{"mappings":[],"references":[],"title":"Ensure that the 'log_connections' database flag for Cloud SQL PostgreSQL instance is set to 'on' (Automated)"},"6.2.4":{"mappings":[],"references":[],"title":"Ensure that the 'log_disconnections' database flag for Cloud SQL PostgreSQL instance is set to 'on' (Automated)"},"6.2.5":{"mappings":[],"references":[],"title":"Ensure 'log_duration' database flag for Cloud SQL PostgreSQL instance is set to 'on' (Manual)"},"6.2.6":{"mappings":[],"references":[],"title":"Ensure that the 'log_lock_waits' database flag for Cloud SQL PostgreSQL instance is set to 'on' (Automated)"},"6.2.7":{"mappings":[],"references":[],"title":"Ensure 'log_statement' database flag for Cloud SQL PostgreSQL instance is set appropriately (Manual)"},"6.2.8":{"mappings":[],"references":[],"title":"Ensure 'log_hostname' database flag for Cloud SQL PostgreSQL instance is set appropriately (Automated)"},"6.2.9":{"mappings":[],"references":[],"title":"Ensure 'log_parser_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off' (Automated)"},"6.3":{"mappings":[],"references":[],"title":"SQL Server"},"6.3.1":{"mappings":[],"references":[],"title":"Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off' (Automated)"},"6.3.2":{"mappings":[],"references":[],"title":"Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off' (Automated)"},"6.3.3":{"mappings":[],"references":[],"title":"Ensure 'user connections' database flag for Cloud SQL SQL Server instance is set as appropriate (Automated)"},"6.3.4":{"mappings":[],"references":[],"title":"Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured (Automated)"},"6.3.5":{"mappings":[],"references":[],"title":"Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off' (Automated)"},"6.3.6":{"mappings":[],"references":[],"title":"Ensure '3625 (trace flag)' database flag for Cloud SQL SQL Server instance is set to 'off' (Automated)"},"6.3.7":{"mappings":[],"references":[],"title":"Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off' (Automated)"},"6.4":{"mappings":[],"references":[],"title":"Ensure that the Cloud SQL database instance requires all incoming connections to use SSL (Automated)"},"6.5":{"mappings":[],"references":[],"title":"Ensure that Cloud SQL database instances are not open to the world (Automated)"},"6.6":{"mappings":[],"references":[],"title":"Ensure that Cloud SQL database instances do not have public IPs (Automated)"},"6.7":{"mappings":[],"references":[],"title":"Ensure that Cloud SQL database instances are configured with automated backups (Automated)"},"7.1":{"mappings":[],"references":[],"title":"Ensure that BigQuery datasets are not anonymously or publicly accessible (Automated)"},"7.2":{"mappings":[],"references":[],"title":"Ensure that all BigQuery Tables are encrypted with Customer-managed encryption key (CMEK) (Automated)"},"7.3":{"mappings":[],"references":[],"title":"Ensure that a Default Customer-managed encryption key (CMEK) is specified for all BigQuery Data Sets (Automated)"}},"links":[],"release_date":"2021-05-01"},"v1.3.0":{"controls":{"1.1":{"mappings":[],"references":[],"title":"Ensure that Corporate Login Credentials are Used (Manual)"},"1.10":{"mappings":[],"references":[],"title":"Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days (Automated)"},"1.11":{"mappings":[],"references":[],"title":"Ensure That Separation of Duties Is Enforced While Assigning KMS Related Roles to Users (Automated)"},"1.12":{"mappings":[],"references":[],"title":"Ensure API Keys Are Not Created for a Project (Manual)"},"1.13":{"mappings":[],"references":[],"title":"Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps (Manual)"},"1.14":{"mappings":[],"references":[],"title":"Ensure API Keys Are Restricted to Only APIs That Application Needs Access (Manual)"},"1.15":{"mappings":[],"references":[],"title":"Ensure API Keys Are Rotated Every 90 Days (Manual)"},"1.16":{"mappings":[],"references":[],"title":"Ensure Essential Contacts is Configured for Organization (Automated)"},"1.17":{"mappings":[],"references":[],"title":"Ensure that Dataproc Cluster is encrypted using Customer- Managed Encryption Key (Automated)"},"1.18":{"mappings":[],"references":[],"title":"Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager (Manual)"},"1.2":{"mappings":[],"references":[],"title":"Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts (Manual)"},"1.3":{"mappings":[],"references":[],"title":"Ensure that Security Key Enforcement is Enabled for All Admin Accounts (Manual)"},"1.4":{"mappings":[],"references":[],"title":"Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account (Automated)"},"1.5":{"mappings":[],"references":[],"title":"Ensure That Service Account Has No Admin Privileges (Automated)"},"1.6":{"mappings":[],"references":[],"title":"Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level (Automated)"},"1.7":{"mappings":[],"references":[],"title":"Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer (Automated)"},"1.8":{"mappings":[],"references":[],"title":"Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users (Automated)"},"1.9":{"mappings":[],"references":[],"title":"Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly Accessible (Automated)"},"2.1":{"mappings":[],"references":[],"title":"Ensure That Cloud Audit Logging Is Configured Properly Across All Services and All Users From a Project (Automated)"},"2.10":{"mappings":[],"references":[],"title":"Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes (Automated)"},"2.11":{"mappings":[],"references":[],"title":"Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes (Automated)"},"2.12":{"mappings":[],"references":[],"title":"Ensure That Cloud DNS Logging Is Enabled for All VPC Networks (Automated)"},"2.13":{"mappings":[],"references":[],"title":"Ensure Cloud Asset Inventory Is Enabled (Automated)"},"2.14":{"mappings":[],"references":[],"title":"Ensure 'Access Transparency' is 'Enabled' (Manual)"},"2.15":{"mappings":[],"references":[],"title":"Ensure 'Access Approval' is 'Enabled' (Automated)"},"2.2":{"mappings":[],"references":[],"title":"Ensure That Sinks Are Configured for All Log Entries (Automated)"},"2.3":{"mappings":[],"references":[],"title":"Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock (Automated)"},"2.4":{"mappings":[],"references":[],"title":"Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes (Automated)"},"2.5":{"mappings":[],"references":[],"title":"Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes (Automated)"},"2.6":{"mappings":[],"references":[],"title":"Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes (Automated)"},"2.7":{"mappings":[],"references":[],"title":"Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes (Automated)"},"2.8":{"mappings":[],"references":[],"title":"Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes (Automated)"},"2.9":{"mappings":[],"references":[],"title":"Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes (Automated)"},"3.1":{"mappings":[],"references":[],"title":"Ensure That the Default Network Does Not Exist in a Project (Automated)"},"3.10":{"mappings":[],"references":[],"title":"Use Identity Aware Proxy (IAP) to Ensure Only Traffic From Google IP Addresses are 'Allowed' (Manual)"},"3.2":{"mappings":[],"references":[],"title":"Ensure Legacy Networks Do Not Exist for Older Projects (Automated)"},"3.3":{"mappings":[],"references":[],"title":"Ensure That DNSSEC Is Enabled for Cloud DNS (Automated)"},"3.4":{"mappings":[],"references":[],"title":"Ensure That RSASHA1 Is Not Used for the Key-Signing Key in Cloud DNS DNSSEC (Manual)"},"3.5":{"mappings":[],"references":[],"title":"Ensure That RSASHA1 Is Not Used for the Zone-Signing Key in Cloud DNS DNSSEC (Manual)"},"3.6":{"mappings":[],"references":[],"title":"Ensure That SSH Access Is Restricted From the Internet (Automated)"},"3.7":{"mappings":[],"references":[],"title":"Ensure That RDP Access Is Restricted From the Internet (Automated)"},"3.8":{"mappings":[],"references":[],"title":"Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC Network (Automated)"},"3.9":{"mappings":[],"references":[],"title":"Ensure No HTTPS or SSL Proxy Load Balancers Permit SSL Policies With Weak Cipher Suites (Manual)"},"4.1":{"mappings":[],"references":[],"title":"Ensure That Instances Are Not Configured To Use the Default Service Account (Automated)"},"4.10":{"mappings":[],"references":[],"title":"Ensure That App Engine Applications Enforce HTTPS Connections (Manual)"},"4.11":{"mappings":[],"references":[],"title":"Ensure That Compute Instances Have Confidential Computing Enabled (Automated)"},"4.12":{"mappings":[],"references":[],"title":"Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects (Manual)"},"4.2":{"mappings":[],"references":[],"title":"Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs (Automated)"},"4.3":{"mappings":[],"references":[],"title":"Ensure “Block Project-Wide SSH Keys” Is Enabled for VM Instances (Automated)"},"4.4":{"mappings":[],"references":[],"title":"Ensure Oslogin Is Enabled for a Project (Automated)"},"4.5":{"mappings":[],"references":[],"title":"Ensure 'Enable Connecting to Serial Ports' Is Not Enabled for VM Instance (Automated)"},"4.6":{"mappings":[],"references":[],"title":"Ensure That IP Forwarding Is Not Enabled on Instances (Automated)"},"4.7":{"mappings":[],"references":[],"title":"Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK) (Automated)"},"4.8":{"mappings":[],"references":[],"title":"Ensure Compute Instances Are Launched With Shielded VM Enabled (Automated)"},"4.9":{"mappings":[],"references":[],"title":"Ensure That Compute Instances Do Not Have Public IP Addresses (Automated)"},"5.1":{"mappings":[],"references":[],"title":"Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible (Automated)"},"5.2":{"mappings":[],"references":[],"title":"Ensure That Cloud Storage Buckets Have Uniform Bucket- Level Access Enabled (Automated)"},"6.1.1":{"mappings":[],"references":[],"title":"Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges (Manual)"},"6.1.2":{"mappings":[],"references":[],"title":"Ensure 'Skip_show_database' Database Flag for Cloud SQL MySQL Instance Is Set to 'On' (Automated)"},"6.1.3":{"mappings":[],"references":[],"title":"Ensure That the 'Local_infile' Database Flag for a Cloud SQL MySQL Instance Is Set to 'Off' (Automated)"},"6.2.1":{"mappings":[],"references":[],"title":"Ensure 'Log_error_verbosity' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'DEFAULT' or Stricter (Manual)"},"6.2.2":{"mappings":[],"references":[],"title":"Ensure That the 'Log_connections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On' (Automated)"},"6.2.3":{"mappings":[],"references":[],"title":"Ensure That the 'Log_disconnections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On' (Automated)"},"6.2.4":{"mappings":[],"references":[],"title":"Ensure 'Log_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately (Manual)"},"6.2.5":{"mappings":[],"references":[],"title":"Ensure 'Log_hostname' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'on' (Automated)"},"6.2.6":{"mappings":[],"references":[],"title":"Ensure That the 'Log_min_messages' Database Flag for Cloud SQL PostgreSQL Instance Is Set to at least 'Warning' (Manual)"},"6.2.7":{"mappings":[],"references":[],"title":"Ensure 'Log_min_error_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'Error' or Stricter (Automated)"},"6.2.8":{"mappings":[],"references":[],"title":"Ensure That the 'Log_min_duration_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to '-1′ (Disabled) (Automated)"},"6.2.9":{"mappings":[],"references":[],"title":"Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging (Automated)"},"6.3.1":{"mappings":[],"references":[],"title":"Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off' (Automated)"},"6.3.2":{"mappings":[],"references":[],"title":"Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off' (Automated)"},"6.3.3":{"mappings":[],"references":[],"title":"Ensure 'user Connections' Database Flag for Cloud Sql Sql Server Instance Is Set to a Non-limiting Value (Automated)"},"6.3.4":{"mappings":[],"references":[],"title":"Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured (Automated)"},"6.3.5":{"mappings":[],"references":[],"title":"Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off' (Automated)"},"6.3.6":{"mappings":[],"references":[],"title":"Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'off' (Automated)"},"6.3.7":{"mappings":[],"references":[],"title":"Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off' (Automated)"},"6.4":{"mappings":[],"references":[],"title":"Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL (Automated)"},"6.5":{"mappings":[],"references":[],"title":"Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses (Automated)"},"6.6":{"mappings":[],"references":[],"title":"Ensure That Cloud SQL Database Instances Do Not Have Public IPs (Automated)"},"6.7":{"mappings":[],"references":[],"title":"Ensure That Cloud SQL Database Instances Are Configured With Automated Backups (Automated)"},"7.1":{"mappings":[],"references":[],"title":"Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible (Manual)"},"7.2":{"mappings":[],"references":[],"title":"Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK) (Automated)"},"7.3":{"mappings":[],"references":[],"title":"Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets (Manual)"}},"release_date":"2022-03-31"}}},"CIS-Kubernetes-Foundations":{"category:":"CIS","latest_version":"v1.6.0","name":" CIS Kubernetes Benchmark","versions":{"v1.6.0":{"controls":{"1.1.1":{"mappings":[],"references":[],"title":"Ensure that the API server pod specification file permissions are set to 644 or more restrictive (Automated)"},"1.1.10":{"mappings":[],"references":[],"title":"Ensure that the Container Network Interface file ownership is set to root:root (Manual)"},"1.1.11":{"mappings":[],"references":[],"title":"Ensure that the etcd data directory permissions are set to 700 or more restrictive (Automated)"},"1.1.12":{"mappings":[],"references":[],"title":"Ensure that the etcd data directory ownership is set to etcd:etcd (Automated)"},"1.1.13":{"mappings":[],"references":[],"title":"Ensure that the admin.conf file permissions are set to 644 or more restrictive (Automated)"},"1.1.14":{"mappings":[],"references":[],"title":"Ensure that the admin.conf file ownership is set to root:root (Automated)"},"1.1.15":{"mappings":[],"references":[],"title":"Ensure that the scheduler.conf file permissions are set to 644 or more restrictive (Automated)"},"1.1.16":{"mappings":[],"references":[],"title":"Ensure that the scheduler.conf file ownership is set to root:root (Automated)"},"1.1.17":{"mappings":[],"references":[],"title":"Ensure that the controller-manager.conf file permissions are set to 644 or more restrictive (Automated)"},"1.1.18":{"mappings":[],"references":[],"title":"Ensure that the controller-manager.conf file ownership is set to root:root (Automated)"},"1.1.19":{"mappings":[],"references":[],"title":"Ensure that the Kubernetes PKI directory and file ownership is set to root:root (Automated)"},"1.1.2":{"mappings":[],"references":[],"title":"Ensure that the API server pod specification file ownership is set to root:root (Automated)"},"1.1.20":{"mappings":[],"references":[],"title":"Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictive (Manual)"},"1.1.21":{"mappings":[],"references":[],"title":"Ensure that the Kubernetes PKI key file permissions are set to 600 (Manual)"},"1.1.3":{"mappings":[],"references":[],"title":"Ensure that the controller manager pod specification file permissions are set to 644 or more restrictive (Automated)"},"1.1.4":{"mappings":[],"references":[],"title":"Ensure that the controller manager pod specification file ownership is set to root:root (Automated)"},"1.1.5":{"mappings":[],"references":[],"title":"Ensure that the scheduler pod specification file permissions are set to 644 or more restrictive (Automated)"},"1.1.6":{"mappings":[],"references":[],"title":"Ensure that the scheduler pod specification file ownership is set to root:root (Automated)"},"1.1.7":{"mappings":[],"references":[],"title":"Ensure that the etcd pod specification file permissions are set to 644 or more restrictive (Automated)"},"1.1.8":{"mappings":[],"references":[],"title":"Ensure that the etcd pod specification file ownership is set to root:root (Automated)"},"1.1.9":{"mappings":[],"references":[],"title":"Ensure that the Container Network Interface file permissions are set to 644 or more restrictive (Manual)"},"1.2.1":{"mappings":[],"references":[],"title":"Ensure that the --anonymous-auth argument is set to false (Manual)"},"1.2.10":{"mappings":[],"references":[],"title":"Ensure that the admission control plugin EventRateLimit is set (Manual)"},"1.2.11":{"mappings":[],"references":[],"title":"Ensure that the admission control plugin AlwaysAdmit is not set (Automated)"},"1.2.12":{"mappings":[],"references":[],"title":"Ensure that the admission control plugin AlwaysPullImages is set (Manual)"},"1.2.13":{"mappings":[],"references":[],"title":"Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used (Manual)"},"1.2.14":{"mappings":[],"references":[],"title":"Ensure that the admission control plugin ServiceAccount is set (Automated)"},"1.2.15":{"mappings":[],"references":[],"title":"Ensure that the admission control plugin NamespaceLifecycle is set (Automated)"},"1.2.16":{"mappings":[],"references":[],"title":"Ensure that the admission control plugin PodSecurityPolicy is set (Automated)"},"1.2.17":{"mappings":[],"references":[],"title":"Ensure that the admission control plugin NodeRestriction is set (Automated)"},"1.2.18":{"mappings":[],"references":[],"title":"Ensure that the --insecure-bind-address argument is not set (Automated)"},"1.2.19":{"mappings":[],"references":[],"title":"Ensure that the --insecure-port argument is set to 0 (Automated)"},"1.2.2":{"mappings":[],"references":[],"title":"Ensure that the --basic-auth-file argument is not set (Automated)"},"1.2.20":{"mappings":[],"references":[],"title":"Ensure that the --secure-port argument is not set to 0 (Automated)"},"1.2.21":{"mappings":[],"references":[],"title":"Ensure that the --profiling argument is set to false (Automated)"},"1.2.22":{"mappings":[],"references":[],"title":"Ensure that the --audit-log-path argument is set (Automated)"},"1.2.23":{"mappings":[],"references":[],"title":"Ensure that the --audit-log-maxage argument is set to 30 or as appropriate (Automated)"},"1.2.24":{"mappings":[],"references":[],"title":"Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate (Automated)"},"1.2.25":{"mappings":[],"references":[],"title":"Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate (Automated)"},"1.2.26":{"mappings":[],"references":[],"title":"Ensure that the --request-timeout argument is set as appropriate (Automated)"},"1.2.27":{"mappings":[],"references":[],"title":"Ensure that the --service-account-lookup argument is set to true (Automated)"},"1.2.28":{"mappings":[],"references":[],"title":"Ensure that the --service-account-key-file argument is set as appropriate (Automated)"},"1.2.29":{"mappings":[],"references":[],"title":"Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate (Automated)"},"1.2.3":{"mappings":[],"references":[],"title":"Ensure that the --token-auth-file parameter is not set (Automated)"},"1.2.30":{"mappings":[],"references":[],"title":"Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate (Automated)"},"1.2.31":{"mappings":[],"references":[],"title":"Ensure that the --client-ca-file argument is set as appropriate (Automated)"},"1.2.32":{"mappings":[],"references":[],"title":"Ensure that the --etcd-cafile argument is set as appropriate (Automated)"},"1.2.33":{"mappings":[],"references":[],"title":"Ensure that the --encryption-provider-config argument is set as appropriate (Manual)"},"1.2.34":{"mappings":[],"references":[],"title":"Ensure that encryption providers are appropriately configured (Manual)"},"1.2.35":{"mappings":[],"references":[],"title":"Ensure that the API Server only makes use of Strong Cryptographic Ciphers (Manual)"},"1.2.4":{"mappings":[],"references":[],"title":"Ensure that the --kubelet-https argument is set to true (Automated)"},"1.2.5":{"mappings":[],"references":[],"title":"Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate (Automated)"},"1.2.6":{"mappings":[],"references":[],"title":"Ensure that the --kubelet-certificate-authority argument is set as appropriate (Automated)"},"1.2.7":{"mappings":[],"references":[],"title":"Ensure that the --authorization-mode argument is not set to AlwaysAllow (Automated)"},"1.2.8":{"mappings":[],"references":[],"title":"Ensure that the --authorization-mode argument includes Node (Automated)"},"1.2.9":{"mappings":[],"references":[],"title":"Ensure that the --authorization-mode argument includes RBAC (Automated)"},"1.3.1":{"mappings":[],"references":[],"title":"Ensure that the --terminated-pod-gc-threshold argument is"},"1.3.2":{"mappings":[],"references":[],"title":"Ensure that the --profiling argument is set to false (Automated)"},"1.3.3":{"mappings":[],"references":[],"title":"Ensure that the --use-service-account-credentials argument is set to true (Automated)"},"1.3.4":{"mappings":[],"references":[],"title":"Ensure that the --service-account-private-key-file argument is set as appropriate (Automated)"},"1.3.5":{"mappings":[],"references":[],"title":"Ensure that the --root-ca-file argument is set as appropriate (Automated)"},"1.3.6":{"mappings":[],"references":[],"title":"Ensure that the RotateKubeletServerCertificate argument is set to true (Automated)"},"1.3.7":{"mappings":[],"references":[],"title":"Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)"},"1.4.1":{"mappings":[],"references":[],"title":"Ensure that the --profiling argument is set to false (Automated)"},"1.4.2":{"mappings":[],"references":[],"title":"Ensure that the --bind-address argument is set to 127.0.0.1 (Automated)"},"2.1":{"mappings":[],"references":[],"title":"Ensure that the --cert-file and --key-file arguments are set as"},"2.2":{"mappings":[],"references":[],"title":"Ensure that the --client-cert-auth argument is set to true (Automated)"},"2.3":{"mappings":[],"references":[],"title":"Ensure that the --auto-tls argument is not set to true (Automated)"},"2.4":{"mappings":[],"references":[],"title":"Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate (Automated)"},"2.5":{"mappings":[],"references":[],"title":"Ensure that the --peer-client-cert-auth argument is set to true (Automated)"},"2.6":{"mappings":[],"references":[],"title":"Ensure that the --peer-auto-tls argument is not set to true (Automated)"},"2.7":{"mappings":[],"references":[],"title":"Ensure that a unique Certificate Authority is used for etcd (Manual)"},"3.1.1":{"mappings":[],"references":[],"title":"Client certificate authentication should not be used for users (Manual)"},"3.2":{"mappings":[],"references":[],"title":"Logging"},"3.2.1":{"mappings":[],"references":[],"title":"Ensure that a minimal audit policy is created (Manual)"},"3.2.2":{"mappings":[],"references":[],"title":"Ensure that the audit policy covers key security concerns (Manual)"},"4.1.1":{"mappings":[],"references":[],"title":"Ensure that the kubelet service file permissions are set to 644 or more restrictive (Automated)"},"4.1.10":{"mappings":[],"references":[],"title":"Ensure that the kubelet --config configuration file ownership is set to root:root (Automated)"},"4.1.2":{"mappings":[],"references":[],"title":"Ensure that the kubelet service file ownership is set to root:root (Automated)"},"4.1.3":{"mappings":[],"references":[],"title":"If proxy kubeconfig file exists ensure permissions are set to 644 or more restrictive (Manual)"},"4.1.4":{"mappings":[],"references":[],"title":"If proxy kubeconfig file exists ensure ownership is set to root:root (Manual)"},"4.1.5":{"mappings":[],"references":[],"title":"Ensure that the --kubeconfig kubelet.conf file permissions are set to 644 or more restrictive (Automated)"},"4.1.6":{"mappings":[],"references":[],"title":"Ensure that the --kubeconfig kubelet.conf file ownership is set to root:root (Manual)"},"4.1.7":{"mappings":[],"references":[],"title":"Ensure that the certificate authorities file permissions are set to 644 or more restrictive (Manual)"},"4.1.8":{"mappings":[],"references":[],"title":"Ensure that the client certificate authorities file ownership is set to root:root (Manual)"},"4.1.9":{"mappings":[],"references":[],"title":"Ensure that the kubelet --config configuration file has permissions set to 644 or more restrictive (Automated)"},"4.2.1":{"mappings":[],"references":[],"title":"Ensure that the --anonymous-auth argument is set to false (Automated)"},"4.2.10":{"mappings":[],"references":[],"title":"Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate (Manual)"},"4.2.11":{"mappings":[],"references":[],"title":"Ensure that the --rotate-certificates argument is not set to false (Manual)"},"4.2.12":{"mappings":[],"references":[],"title":"Verify that the RotateKubeletServerCertificate argument is set to true (Manual)"},"4.2.13":{"mappings":[],"references":[],"title":"Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers (Manual)"},"4.2.2":{"mappings":[],"references":[],"title":"Ensure that the --authorization-mode argument is not set to AlwaysAllow (Automated)"},"4.2.3":{"mappings":[],"references":[],"title":"Ensure that the --client-ca-file argument is set as appropriate (Automated)"},"4.2.4":{"mappings":[],"references":[],"title":"Verify that the --read-only-port argument is set to 0 (Manual)"},"4.2.5":{"mappings":[],"references":[],"title":"Ensure that the --streaming-connection-idle-timeout argument is not set to 0 (Manual)"},"4.2.6":{"mappings":[],"references":[],"title":"Ensure that the --protect-kernel-defaults argument is set to true (Automated)"},"4.2.7":{"mappings":[],"references":[],"title":"Ensure that the --make-iptables-util-chains argument is set to true (Automated)"},"4.2.8":{"mappings":[],"references":[],"title":"Ensure that the --hostname-override argument is not set (Manual)"},"4.2.9":{"mappings":[],"references":[],"title":"Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture (Manual)"},"5.1.1":{"mappings":[],"references":[],"title":"Ensure that the cluster-admin role is only used where required (Manual)"},"5.1.2":{"mappings":[],"references":[],"title":"Minimize access to secrets (Manual)"},"5.1.3":{"mappings":[],"references":[],"title":"Minimize wildcard use in Roles and ClusterRoles (Manual)"},"5.1.4":{"mappings":[],"references":[],"title":"Minimize access to create pods (Manual)"},"5.1.5":{"mappings":[],"references":[],"title":"Ensure that default service accounts are not actively used."},"5.1.6":{"mappings":[],"references":[],"title":"Ensure that Service Account Tokens are only mounted where necessary (Manual)"},"5.2":{"mappings":[],"references":[],"title":"Pod Security Policies"},"5.2.1":{"mappings":[],"references":[],"title":"Minimize the admission of privileged containers (Manual)"},"5.2.2":{"mappings":[],"references":[],"title":"Minimize the admission of containers wishing to share the host process ID namespace (Manual)"},"5.2.3":{"mappings":[],"references":[],"title":"Minimize the admission of containers wishing to share the host IPC namespace (Manual)"},"5.2.4":{"mappings":[],"references":[],"title":"Minimize the admission of containers wishing to share the host network namespace (Manual)"},"5.2.5":{"mappings":[],"references":[],"title":"Minimize the admission of containers with allowPrivilegeEscalation (Manual)"},"5.2.6":{"mappings":[],"references":[],"title":"Minimize the admission of root containers (Manual)"},"5.2.7":{"mappings":[],"references":[],"title":"Minimize the admission of containers with the NET_RAW capability (Manual)"},"5.2.8":{"mappings":[],"references":[],"title":"Minimize the admission of containers with added capabilities (Manual)"},"5.2.9":{"mappings":[],"references":[],"title":"Minimize the admission of containers with capabilities assigned (Manual)"},"5.3.1":{"mappings":[],"references":[],"title":"Ensure that the CNI in use supports Network Policies (Manual)"},"5.3.2":{"mappings":[],"references":[],"title":"Ensure that all Namespaces have Network Policies defined (Manual)"},"5.4.1":{"mappings":[],"references":[],"title":"Prefer using secrets as files over secrets as environment variables (Manual)"},"5.4.2":{"mappings":[],"references":[],"title":"Consider external secret storage (Manual)"},"5.5":{"mappings":[],"references":[],"title":"Extensible Admission Control"},"5.5.1":{"mappings":[],"references":[],"title":"Configure Image Provenance using ImagePolicyWebhook admission controller (Manual)"},"5.7.1":{"mappings":[],"references":[],"title":"Create administrative boundaries between resources using namespaces (Manual)"},"5.7.2":{"mappings":[],"references":[],"title":"Ensure that the seccomp profile is set to docker/default in your pod definitions (Manual)"},"5.7.3":{"mappings":[],"references":[],"title":"Apply Security Context to Your Pods and Containers (Manual)"},"5.7.4":{"mappings":[],"references":[],"title":"The default namespace should not be used (Manual)"}},"links":["https://www.cisecurity.org/benchmark/kubernetes/"],"release_date":"2020-07-23"}}},"CSA-CCM":{"category":"CSA-CCM","latest_version":"v4.0.5","name":"Cloud Controls Matrix","versions":{"v4.0.4":{"controls":{"A\u0026A-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain audit and assurance policies and procedures and standards. Review and update the policies and procedures at least annually."},"A\u0026A-02":{"mappings":[],"references":[],"title":"Conduct independent audit and assurance assessments according to relevant standards at least annually."},"A\u0026A-03":{"mappings":[],"references":[],"title":"Perform independent audit and assurance assessments according to risk-based plans and policies."},"A\u0026A-04":{"mappings":[],"references":[],"title":"Verify compliance with all relevant standards, regulations, legal/contractual, and statutory requirements applicable to the audit."},"A\u0026A-05":{"mappings":[],"references":[],"title":"Define and implement an Audit Management process to support audit planning, risk analysis, security control assessment, conclusion, remediation schedules, report generation, and review of past reports and supporting evidence."},"A\u0026A-06":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain a risk-based corrective action plan to remediate audit findings, review and report remediation status to relevant stakeholders."},"AIS-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for application security to provide guidance to the appropriate planning, delivery and support of the organization's application security capabilities. Review and update the policies and procedures at least annually."},"AIS-02":{"mappings":[],"references":[],"title":"Establish, document and maintain baseline requirements for securing different applications."},"AIS-03":{"mappings":[],"references":[],"title":"Define and implement technical and operational metrics in alignment with business objectives, security requirements, and compliance obligations."},"AIS-04":{"mappings":[],"references":[],"title":"Define and implement a SDLC process for application design, development, deployment, and operation in accordance with security requirements defined by the organization."},"AIS-05":{"mappings":[],"references":[],"title":"Implement a testing strategy, including criteria for acceptance of new information systems, upgrades and new versions, which provides application security assurance and maintains compliance while enabling organizational speed of delivery goals. Automate when applicable and possible."},"AIS-06":{"mappings":[],"references":[],"title":"Establish and implement strategies and capabilities for secure, standardized, and compliant application deployment. Automate where possible."},"AIS-07":{"mappings":[],"references":[],"title":"Define and implement a process to remediate application security vulnerabilities, automating remediation when possible."},"BCR-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain business continuity management and operational resilience policies and procedures. Review and update the policies and procedures at least annually."},"BCR-02":{"mappings":[],"references":[],"title":"Determine the impact of business disruptions and risks to establish criteria for developing business continuity and operational resilience strategies and capabilities."},"BCR-03":{"mappings":[],"references":[],"title":"Establish strategies to reduce the impact of, withstand, and recover from business disruptions within risk appetite."},"BCR-04":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain a business continuity plan based on the results of the operational resilience strategies and capabilities."},"BCR-05":{"mappings":[],"references":[],"title":"Develop, identify, and acquire documentation that is relevant to support the business continuity and operational resilience programs. Make the documentation available to authorized stakeholders and review periodically."},"BCR-06":{"mappings":[],"references":[],"title":"Exercise and test business continuity and operational resilience plans at least annually or upon significant changes."},"BCR-07":{"mappings":[],"references":[],"title":"Establish communication with stakeholders and participants in the course of business continuity and resilience procedures."},"BCR-08":{"mappings":[],"references":[],"title":"Periodically backup data stored in the cloud. Ensure the confidentiality, integrity and availability of the backup, and verify data restoration from backup for resiliency."},"BCR-09":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain a disaster response plan to recover from natural and man-made disasters. Update the plan at least annually or upon significant changes."},"BCR-10":{"mappings":[],"references":[],"title":"Exercise the disaster response plan annually or upon significant changes, including if possible local emergency authorities."},"BCR-11":{"mappings":[],"references":[],"title":"Supplement business-critical equipment with redundant equipment independently located at a reasonable minimum distance in accordance with applicable industry standards."},"CCC-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for managing the risks associated with applying changes to organization assets, including application, systems, infrastructure, configuration, etc., regardless of whether the assets are managed internally or externally (i.e., outsourced). Review and update the policies and procedures at least annually."},"CCC-02":{"mappings":[],"references":[],"title":"Follow a defined quality change control, approval and testing process with established baselines, testing, and release standards."},"CCC-03":{"mappings":[],"references":[],"title":"Manage the risks associated with applying changes to organization assets, including application, systems, infrastructure, configuration, etc., regardless of whether the assets are managed internally or externally (i.e., outsourced)."},"CCC-04":{"mappings":[],"references":[],"title":"Restrict the unauthorized addition, removal, update, and management of organization assets."},"CCC-05":{"mappings":[],"references":[],"title":"Include provisions limiting changes directly impacting CSCs owned environments/tenants to explicitly authorized requests within service level agreements between CSPs and CSCs."},"CCC-06":{"mappings":[],"references":[],"title":"Establish change management baselines for all relevant authorized changes on organization assets."},"CCC-07":{"mappings":[],"references":[],"title":"Implement detection measures with proactive notification in case of changes deviating from the established baseline."},"CCC-08":{"mappings":[],"references":[],"title":"Implement a procedure for the management of exceptions, including emergencies, in the change and configuration process. Align the procedure with the requirements of GRC-04: Policy Exception Process."},"CCC-09":{"mappings":[],"references":[],"title":"Define and implement a process to proactively roll back changes to a previous known good state in case of errors or security concerns."},"CEK-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for Cryptography, Encryption and Key Management. Review and update the policies and procedures at least annually."},"CEK-02":{"mappings":[],"references":[],"title":"Define and implement cryptographic, encryption and key management roles and responsibilities."},"CEK-03":{"mappings":[],"references":[],"title":"Provide cryptographic protection to data at-rest and in-transit, using cryptographic libraries certified to approved standards."},"CEK-04":{"mappings":[],"references":[],"title":"Use encryption algorithms that are appropriate for data protection, considering the classification of data, associated risks, and usability of the encryption technology."},"CEK-05":{"mappings":[],"references":[],"title":"Establish a standard change management procedure, to accommodate changes from internal and external sources, for review, approval, implementation and communication of cryptographic, encryption and key management technology changes."},"CEK-06":{"mappings":[],"references":[],"title":"Manage and adopt changes to cryptography-, encryption-, and key management-related systems (including policies and procedures) that fully account for downstream effects of proposed changes, including residual risk, cost, and benefits analysis."},"CEK-07":{"mappings":[],"references":[],"title":"Establish and maintain an encryption and key management risk program that includes provisions for risk assessment, risk treatment, risk context, monitoring, and feedback."},"CEK-08":{"mappings":[],"references":[],"title":"CSPs must provide the capability for CSCs to manage their own data encryption keys."},"CEK-09":{"mappings":[],"references":[],"title":"Audit encryption and key management systems, policies, and processes with a frequency that is proportional to the risk exposure of the system with audit occurring preferably continuously but at least annually and after any security event(s)."},"CEK-10":{"mappings":[],"references":[],"title":"Generate Cryptographic keys using industry accepted cryptographic libraries specifying the algorithm strength and the random number generator used."},"CEK-11":{"mappings":[],"references":[],"title":"Manage cryptographic secret and private keys that are provisioned for a unique purpose."},"CEK-12":{"mappings":[],"references":[],"title":"Rotate cryptographic keys in accordance with the calculated cryptoperiod, which includes provisions for considering the risk of information disclosure and legal and regulatory requirements."},"CEK-13":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to revoke and remove cryptographic keys prior to the end of its established cryptoperiod, when a key is compromised, or an entity is no longer part of the organization, which include provisions for legal and regulatory requirements."},"CEK-14":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to destroy keys stored outside a secure environment and revoke keys stored in Hardware Security Modules (HSMs) when they are no longer needed, which include provisions for legal and regulatory requirements."},"CEK-15":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to create keys in a pre-activated state when they have been generated but not authorized for use, which include provisions for legal and regulatory requirements."},"CEK-16":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to monitor, review and approve key transitions from any state to/from suspension, which include provisions for legal and regulatory requirements."},"CEK-17":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to deactivate keys at the time of their expiration date, which include provisions for legal and regulatory requirements."},"CEK-18":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to manage archived keys in a secure repository requiring least privilege access, which include provisions for legal and regulatory requirements."},"CEK-19":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to use compromised keys to encrypt information only in controlled circumstance, and thereafter exclusively for decrypting data and never for encrypting data, which include provisions for legal and regulatory requirements."},"CEK-20":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to assess the risk to operational continuity versus the risk of the keying material and the information it protects being exposed if control of the keying material is lost, which include provisions for legal and regulatory requirements."},"CEK-21":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures in order for the key management system to track and report all cryptographic materials and changes in status, which include provisions for legal and regulatory requirements."},"DCS-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the secure disposal of equipment used outside the organization's premises. If the equipment is not physically destroyed a data destruction procedure that renders recovery of information impossible must be applied. Review and update the policies and procedures at least annually."},"DCS-02":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the relocation or transfer of hardware, software, or data/information to an offsite or alternate location. The relocation or transfer request requires the written or cryptographically verifiable authorization. Review and update the policies and procedures at least annually."},"DCS-03":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for maintaining a safe and secure working environment in offices, rooms, and facilities. Review and update the policies and procedures at least annually."},"DCS-04":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the secure transportation of physical media. Review and update the policies and procedures at least annually."},"DCS-05":{"mappings":[],"references":[],"title":"Classify and document the physical, and logical assets (e.g., applications) based on the organizational business risk."},"DCS-06":{"mappings":[],"references":[],"title":"Catalogue and track all relevant physical and logical assets located at all of the CSP's sites within a secured system."},"DCS-07":{"mappings":[],"references":[],"title":"Implement physical security perimeters to safeguard personnel, data, and information systems. Establish physical security perimeters between the administrative and business areas and the data storage and processing facilities areas."},"DCS-08":{"mappings":[],"references":[],"title":"Use equipment identification as a method for connection authentication."},"DCS-09":{"mappings":[],"references":[],"title":"Allow only authorized personnel access to secure areas, with all ingress and egress points restricted, documented, and monitored by physical access control mechanisms. Retain access control records on a periodic basis as deemed appropriate by the organization."},"DCS-10":{"mappings":[],"references":[],"title":"Implement, maintain, and operate datacenter surveillance systems at the external perimeter and at all the ingress and egress points to detect unauthorized ingress and egress attempts."},"DCS-11":{"mappings":[],"references":[],"title":"Train datacenter personnel to respond to unauthorized ingress or egress attempts."},"DCS-12":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures that ensure a risk-based protection of power and telecommunication cables from a threat of interception, interference or damage at all facilities, offices and rooms."},"DCS-13":{"mappings":[],"references":[],"title":"Implement and maintain data center environmental control systems that monitor, maintain and test for continual effectiveness the temperature and humidity conditions within accepted industry standards."},"DCS-14":{"mappings":[],"references":[],"title":"Secure, monitor, maintain, and test utilities services for continual effectiveness at planned intervals."},"DCS-15":{"mappings":[],"references":[],"title":"Keep business-critical equipment away from locations subject to high probability for environmental risk events."},"DSP-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the classification, protection and handling of data throughout its lifecycle, and according to all applicable laws and regulations, standards, and risk level. Review and update the policies and procedures at least annually."},"DSP-02":{"mappings":[],"references":[],"title":"Apply industry accepted methods for the secure disposal of data from storage media such that data is not recoverable by any forensic means."},"DSP-03":{"mappings":[],"references":[],"title":"Create and maintain a data inventory, at least for any sensitive data and personal data."},"DSP-04":{"mappings":[],"references":[],"title":"Classify data according to its type and sensitivity level."},"DSP-05":{"mappings":[],"references":[],"title":"Create data flow documentation to identify what data is processed, stored or transmitted where. Review data flow documentation at defined intervals, at least annually, and after any change."},"DSP-06":{"mappings":[],"references":[],"title":"Document ownership and stewardship of all relevant documented personal and sensitive data. Perform review at least annually."},"DSP-07":{"mappings":[],"references":[],"title":"Develop systems, products, and business practices based upon a principle of security by design and industry best practices."},"DSP-08":{"mappings":[],"references":[],"title":"Develop systems, products, and business practices based upon a principle of privacy by design and industry best practices. Ensure that systems' privacy settings are configured by default, according to all applicable laws and regulations."},"DSP-09":{"mappings":[],"references":[],"title":"Conduct a Data Protection Impact Assessment (DPIA) to evaluate the origin, nature, particularity and severity of the risks upon the processing of personal data, according to any applicable laws, regulations and industry best practices."},"DSP-10":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures that ensure any transfer of personal or sensitive data is protected from unauthorized access and only processed within scope as permitted by the respective laws and regulations."},"DSP-11":{"mappings":[],"references":[],"title":"Define and implement, processes, procedures and technical measures to enable data subjects to request access to, modification, or deletion of their personal data, according to any applicable laws and regulations."},"DSP-12":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to ensure that personal data is processed according to any applicable laws and regulations and for the purposes declared to the data subject."},"DSP-13":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the transfer and sub-processing of personal data within the service supply chain, according to any applicable laws and regulations."},"DSP-14":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to disclose the details of any personal or sensitive data access by sub-processors to the data owner prior to initiation of that processing."},"DSP-15":{"mappings":[],"references":[],"title":"Obtain authorization from data owners, and manage associated risk before replicating or using production data in non-production environments."},"DSP-16":{"mappings":[],"references":[],"title":"Data retention, archiving and deletion is managed in accordance with business requirements, applicable laws and regulations."},"DSP-17":{"mappings":[],"references":[],"title":"Define and implement, processes, procedures and technical measures to protect sensitive data throughout it's lifecycle."},"DSP-18":{"mappings":[],"references":[],"title":"The CSP must have in place, and describe to CSCs the procedure to manage and respond to requests for disclosure of Personal Data by Law Enforcement Authorities according to applicable laws and regulations. The CSP must give special attention to the notification procedure to interested CSCs, unless otherwise prohibited, such as a prohibition under criminal law to preserve confidentiality of a law enforcement investigation."},"DSP-19":{"mappings":[],"references":[],"title":"Define and implement, processes, procedures and technical measures to specify and document the physical locations of data, including any locations in which data is processed or backed up."},"GRC-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for an information governance program, which is sponsored by the leadership of the organization. Review and update the policies and procedures at least annually."},"GRC-02":{"mappings":[],"references":[],"title":"Establish a formal, documented, and leadership-sponsored Enterprise Risk Management (ERM) program that includes policies and procedures for identification, evaluation, ownership, treatment, and acceptance of cloud security and privacy risks."},"GRC-03":{"mappings":[],"references":[],"title":"Review all relevant organizational policies and associated procedures at least annually or when a substantial change occurs within the organization."},"GRC-04":{"mappings":[],"references":[],"title":"Establish and follow an approved exception process as mandated by the governance program whenever a deviation from an established policy occurs."},"GRC-05":{"mappings":[],"references":[],"title":"Develop and implement an Information Security Program, which includes programs for all the relevant domains of the CCM."},"GRC-06":{"mappings":[],"references":[],"title":"Define and document roles and responsibilities for planning, implementing, operating, assessing, and improving governance programs."},"GRC-07":{"mappings":[],"references":[],"title":"Identify and document all relevant standards, regulations, legal/contractual, and statutory requirements, which are applicable to your organization."},"GRC-08":{"mappings":[],"references":[],"title":"Establish and maintain contact with cloud-related special interest groups and other relevant entities in line with business context."},"HRS-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for background verification of all new employees (including but not limited to remote employees, contractors, and third parties) according to local laws, regulations, ethics, and contractual constraints and proportional to the data classification to be accessed, the business requirements, and acceptable risk. Review and update the policies and procedures at least annually."},"HRS-02":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for defining allowances and conditions for the acceptable use of organizationally-owned or managed assets. Review and update the policies and procedures at least annually."},"HRS-03":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures that require unattended workspaces to not have openly visible confidential data. Review and update the policies and procedures at least annually."},"HRS-04":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures to protect information accessed, processed or stored at remote sites and locations. Review and update the policies and procedures at least annually."},"HRS-05":{"mappings":[],"references":[],"title":"Establish and document procedures for the return of organization-owned assets by terminated employees."},"HRS-06":{"mappings":[],"references":[],"title":"Establish, document, and communicate to all personnel the procedures outlining the roles and responsibilities concerning changes in employment."},"HRS-07":{"mappings":[],"references":[],"title":"Employees sign the employee agreement prior to being granted access to organizational information systems, resources and assets."},"HRS-08":{"mappings":[],"references":[],"title":"The organization includes within the employment agreements provisions and/or terms for adherence to established information governance and security policies."},"HRS-09":{"mappings":[],"references":[],"title":"Document and communicate roles and responsibilities of employees, as they relate to information assets and security."},"HRS-10":{"mappings":[],"references":[],"title":"Identify, document, and review, at planned intervals, requirements for non-disclosure/confidentiality agreements reflecting the organization's needs for the protection of data and operational details."},"HRS-11":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain a security awareness training program for all employees of the organization and provide regular training updates."},"HRS-12":{"mappings":[],"references":[],"title":"Provide all employees with access to sensitive organizational and personal data with appropriate security awareness training and regular updates in organizational procedures, processes, and policies relating to their professional function relative to the organization."},"HRS-13":{"mappings":[],"references":[],"title":"Make employees aware of their roles and responsibilities for maintaining awareness and compliance with established policies and procedures and applicable legal, statutory, or regulatory compliance obligations."},"IAM-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, implement, apply, evaluate and maintain policies and procedures for identity and access management. Review and update the policies and procedures at least annually."},"IAM-02":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, implement, apply, evaluate and maintain strong password policies and procedures. Review and update the policies and procedures at least annually."},"IAM-03":{"mappings":[],"references":[],"title":"Manage, store, and review the information of system identities, and level of access."},"IAM-04":{"mappings":[],"references":[],"title":"Employ the separation of duties principle when implementing information system access."},"IAM-05":{"mappings":[],"references":[],"title":"Employ the least privilege principle when implementing information system access."},"IAM-06":{"mappings":[],"references":[],"title":"Define and implement a user access provisioning process which authorizes, records, and communicates access changes to data and assets."},"IAM-07":{"mappings":[],"references":[],"title":"De-provision or respectively modify access of movers / leavers or system identity changes in a timely manner in order to effectively adopt and communicate identity and access management policies."},"IAM-08":{"mappings":[],"references":[],"title":"Review and revalidate user access for least privilege and separation of duties with a frequency that is commensurate with organizational risk tolerance."},"IAM-09":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the segregation of privileged access roles such that administrative access to data, encryption and key management capabilities and logging capabilities are distinct and separated."},"IAM-10":{"mappings":[],"references":[],"title":"Define and implement an access process to ensure privileged access roles and rights are granted for a time limited period, and implement procedures to prevent the culmination of segregated privileged access."},"IAM-11":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes and procedures for customers to participate, where applicable, in the granting of access for agreed, high risk (as defined by the organizational risk assessment) privileged access roles."},"IAM-12":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to ensure the logging infrastructure is read-only for all with write access, including privileged access roles, and that the ability to disable it is controlled through a procedure that ensures the segregation of duties and break glass procedures."},"IAM-13":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures that ensure users are identifiable through unique IDs or which can associate individuals to the usage of user IDs."},"IAM-14":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for authenticating access to systems, application and data assets, including multifactor authentication for at least privileged user and sensitive data access. Adopt digital certificates or alternatives which achieve an equivalent level of security for system identities."},"IAM-15":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the secure management of passwords."},"IAM-16":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to verify access to data and system functions is authorized."},"IPY-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for interoperability and portability including requirements for: a. Communications between application interfaces b. Information processing interoperability c. Application development portability d. Information/Data exchange, usage, portability, integrity, and persistence Review and update the policies and procedures at least annually."},"IPY-02":{"mappings":[],"references":[],"title":"Provide application interface(s) to CSCs so that they programmatically retrieve their data to enable interoperability and portability."},"IPY-03":{"mappings":[],"references":[],"title":"Implement cryptographically secure and standardized network protocols for the management, import and export of data."},"IPY-04":{"mappings":[],"references":[],"title":"Agreements must include provisions specifying CSCs access to data upon contract termination and will include: a. Data format b. Length of time the data will be stored c. Scope of the data retained and made available to the CSCs d. Data deletion policy"},"IVS-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for infrastructure and virtualization security. Review and update the policies and procedures at least annually."},"IVS-02":{"mappings":[],"references":[],"title":"Plan and monitor the availability, quality, and adequate capacity of resources in order to deliver the required system performance as determined by the business."},"IVS-03":{"mappings":[],"references":[],"title":"Monitor, encrypt and restrict communications between environments to only authenticated and authorized connections, as justified by the business. Review these configurations at least annually, and support them by a documented justification of all allowed services, protocols, ports, and compensating controls."},"IVS-04":{"mappings":[],"references":[],"title":"Harden host and guest OS, hypervisor or infrastructure control plane according to their respective best practices, and supported by technical controls, as part of a security baseline."},"IVS-05":{"mappings":[],"references":[],"title":"Separate production and non-production environments."},"IVS-06":{"mappings":[],"references":[],"title":"Design, develop, deploy and configure applications and infrastructures such that CSP and CSC (tenant) user access and intra-tenant access is appropriately segmented and segregated, monitored and restricted from other tenants."},"IVS-07":{"mappings":[],"references":[],"title":"Use secure and encrypted communication channels when migrating servers, services, applications, or data to cloud environments. Such channels must include only up-to-date and approved protocols."},"IVS-08":{"mappings":[],"references":[],"title":"Identify and document high-risk environments."},"IVS-09":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and defense-in-depth techniques for protection, detection, and timely response to network-based attacks."},"LOG-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for logging and monitoring. Review and update the policies and procedures at least annually."},"LOG-02":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to ensure the security and retention of audit logs."},"LOG-03":{"mappings":[],"references":[],"title":"Identify and monitor security-related events within applications and the underlying infrastructure. Define and implement a system to generate alerts to responsible stakeholders based on such events and corresponding metrics."},"LOG-04":{"mappings":[],"references":[],"title":"Restrict audit logs access to authorized personnel and maintain records that provide unique access accountability."},"LOG-05":{"mappings":[],"references":[],"title":"Monitor security audit logs to detect activity outside of typical or expected patterns. Establish and follow a defined process to review and take appropriate and timely actions on detected anomalies."},"LOG-06":{"mappings":[],"references":[],"title":"Use a reliable time source across all relevant information processing systems."},"LOG-07":{"mappings":[],"references":[],"title":"Establish, document and implement which information meta/data system events should be logged. Review and update the scope at least annually or whenever there is a change in the threat environment."},"LOG-08":{"mappings":[],"references":[],"title":"Generate audit records containing relevant security information."},"LOG-09":{"mappings":[],"references":[],"title":"The information system protects audit records from unauthorized access, modification, and deletion."},"LOG-10":{"mappings":[],"references":[],"title":"Establish and maintain a monitoring and internal reporting capability over the operations of cryptographic, encryption and key management policies, processes, procedures, and controls."},"LOG-11":{"mappings":[],"references":[],"title":"Log and monitor key lifecycle management events to enable auditing and reporting on usage of cryptographic keys."},"LOG-12":{"mappings":[],"references":[],"title":"Monitor and log physical access using an auditable access control system."},"LOG-13":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the reporting of anomalies and failures of the monitoring system and provide immediate notification to the accountable party."},"SEF-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for Security Incident Management, E-Discovery, and Cloud Forensics. Review and update the policies and procedures at least annually."},"SEF-02":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the timely management of security incidents. Review and update the policies and procedures at least annually."},"SEF-03":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain a security incident response plan, which includes but is not limited to: relevant internal departments, impacted CSCs, and other business critical relationships (such as supply-chain) that may be impacted."},"SEF-04":{"mappings":[],"references":[],"title":"Test and update as necessary incident response plans at planned intervals or upon significant organizational or environmental changes for effectiveness."},"SEF-05":{"mappings":[],"references":[],"title":"Establish and monitor information security incident metrics."},"SEF-06":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures supporting business processes to triage security-related events."},"SEF-07":{"mappings":[],"references":[],"title":"Define and implement, processes, procedures and technical measures for security breach notifications. Report security breaches and assumed security breaches including any relevant supply chain breaches, as per applicable SLAs, laws and regulations."},"SEF-08":{"mappings":[],"references":[],"title":"Maintain points of contact for applicable regulation authorities, national and local law enforcement, and other legal jurisdictional authorities."},"STA-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the application of the Shared Security Responsibility Model (SSRM) within the organization. Review and update the policies and procedures at least annually."},"STA-02":{"mappings":[],"references":[],"title":"Apply, document, implement and manage the SSRM throughout the supply chain for the cloud service offering."},"STA-03":{"mappings":[],"references":[],"title":"Provide SSRM Guidance to the CSC detailing information about the SSRM applicability throughout the supply chain."},"STA-04":{"mappings":[],"references":[],"title":"Delineate the shared ownership and applicability of all CSA CCM controls according to the SSRM for the cloud service offering."},"STA-05":{"mappings":[],"references":[],"title":"Review and validate SSRM documentation for all cloud services offerings the organization uses."},"STA-06":{"mappings":[],"references":[],"title":"Implement, operate, and audit or assess the portions of the SSRM which the organization is responsible for."},"STA-07":{"mappings":[],"references":[],"title":"Develop and maintain an inventory of all supply chain relationships."},"STA-08":{"mappings":[],"references":[],"title":"CSPs periodically review risk factors associated with all organizations within their supply chain."},"STA-09":{"mappings":[],"references":[],"title":"Service agreements between CSPs and CSCs (tenants) must incorporate at least the following mutually-agreed upon provisions and/or terms: - Scope, characteristics and location of business relationship and services offered - Information security requirements (including SSRM) - Change management process - Logging and monitoring capability - Incident management and communication procedures - Right to audit and third party assessment - Service termination - Interoperability and portability requirements - Data privacy"},"STA-10":{"mappings":[],"references":[],"title":"Review supply chain agreements between CSPs and CSCs at least annually."},"STA-11":{"mappings":[],"references":[],"title":"Define and implement a process for conducting internal assessments to confirm conformance and effectiveness of standards, policies, procedures, and service level agreement activities at least annually."},"STA-12":{"mappings":[],"references":[],"title":"Implement policies requiring all CSPs throughout the supply chain to comply with information security, confidentiality, access control, privacy, audit, personnel policy and service level requirements and standards."},"STA-13":{"mappings":[],"references":[],"title":"Periodically review the organization's supply chain partners' IT governance policies and procedures."},"STA-14":{"mappings":[],"references":[],"title":"Define and implement a process for conducting security assessments periodically for all organizations within the supply chain."},"TVM-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures to identify, report and prioritize the remediation of vulnerabilities, in order to protect systems against vulnerability exploitation. Review and update the policies and procedures at least annually."},"TVM-02":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures to protect against malware on managed assets. Review and update the policies and procedures at least annually."},"TVM-03":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to enable both scheduled and emergency responses to vulnerability identifications, based on the identified risk."},"TVM-04":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to update detection tools, threat signatures, and indicators of compromise on a weekly, or more frequent basis."},"TVM-05":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to identify updates for applications which use third party or open source libraries according to the organization's vulnerability management policy."},"TVM-06":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the periodic performance of penetration testing by independent third parties."},"TVM-07":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the detection of vulnerabilities on organizationally managed assets at least monthly."},"TVM-08":{"mappings":[],"references":[],"title":"Use a risk-based model for effective prioritization of vulnerability remediation using an industry recognized framework."},"TVM-09":{"mappings":[],"references":[],"title":"Define and implement a process for tracking and reporting vulnerability identification and remediation activities that includes stakeholder notification."},"TVM-10":{"mappings":[],"references":[],"title":"Establish, monitor and report metrics for vulnerability identification and remediation at defined intervals."},"UEM-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for all endpoints. Review and update the policies and procedures at least annually."},"UEM-02":{"mappings":[],"references":[],"title":"Define, document, apply and evaluate a list of approved services, applications and sources of applications (stores) acceptable for use by endpoints when accessing or storing organization-managed data."},"UEM-03":{"mappings":[],"references":[],"title":"Define and implement a process for the validation of the endpoint device's compatibility with operating systems and applications."},"UEM-04":{"mappings":[],"references":[],"title":"Maintain an inventory of all endpoints used to store and access company data."},"UEM-05":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to enforce policies and controls for all endpoints permitted to access systems and/or store, transmit, or process organizational data."},"UEM-06":{"mappings":[],"references":[],"title":"Configure all relevant interactive-use endpoints to require an automatic lock screen."},"UEM-07":{"mappings":[],"references":[],"title":"Manage changes to endpoint operating systems, patch levels, and/or applications through the company's change management processes."},"UEM-08":{"mappings":[],"references":[],"title":"Protect information from unauthorized disclosure on managed endpoint devices with storage encryption."},"UEM-09":{"mappings":[],"references":[],"title":"Configure managed endpoints with anti-malware detection and prevention technology and services."},"UEM-10":{"mappings":[],"references":[],"title":"Configure managed endpoints with properly configured software firewalls."},"UEM-11":{"mappings":[],"references":[],"title":"Configure managed endpoints with Data Loss Prevention (DLP) technologies and rules in accordance with a risk assessment."},"UEM-12":{"mappings":[],"references":[],"title":"Enable remote geo-location capabilities for all managed mobile endpoints."},"UEM-13":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to enable the deletion of company data remotely on managed endpoint devices."},"UEM-14":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical and/or contractual measures to maintain proper security of third-party endpoints with access to organizational assets."}},"links":["https://cloudsecurityalliance.org/research/cloud-controls-matrix/"],"release_date":"2021-12-08"},"v4.0.5":{"controls":{"A\u0026A-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain audit and assurance policies and procedures and standards. Review and update the policies and procedures at least annually."},"A\u0026A-02":{"mappings":[],"references":[],"title":"Conduct independent audit and assurance assessments according to relevant standards at least annually."},"A\u0026A-03":{"mappings":[],"references":[],"title":"Perform independent audit and assurance assessments according to risk-based plans and policies."},"A\u0026A-04":{"mappings":[],"references":[],"title":"Verify compliance with all relevant standards, regulations, legal/contractual, and statutory requirements applicable to the audit."},"A\u0026A-05":{"mappings":[],"references":[],"title":"Define and implement an Audit Management process to support audit planning, risk analysis, security control assessment, conclusion, remediation schedules, report generation, and review of past reports and supporting evidence."},"A\u0026A-06":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain a risk-based corrective action plan to remediate audit findings, review and report remediation status to relevant stakeholders."},"AIS-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for application security to provide guidance to the appropriate planning, delivery and support of the organization's application security capabilities. Review and update the policies and procedures at least annually."},"AIS-02":{"mappings":[],"references":[],"title":"Establish, document and maintain baseline requirements for securing different applications."},"AIS-03":{"mappings":[],"references":[],"title":"Define and implement technical and operational metrics in alignment with business objectives, security requirements, and compliance obligations."},"AIS-04":{"mappings":[],"references":[],"title":"Define and implement a SDLC process for application design, development, deployment, and operation in accordance with security requirements defined by the organization."},"AIS-05":{"mappings":[],"references":[],"title":"Implement a testing strategy, including criteria for acceptance of new information systems, upgrades and new versions, which provides application security assurance and maintains compliance while enabling organizational speed of delivery goals. Automate when applicable and possible."},"AIS-06":{"mappings":[],"references":[],"title":"Establish and implement strategies and capabilities for secure, standardized, and compliant application deployment. Automate where possible."},"AIS-07":{"mappings":[],"references":[],"title":"Define and implement a process to remediate application security vulnerabilities, automating remediation when possible."},"BCR-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain business continuity management and operational resilience policies and procedures. Review and update the policies and procedures at least annually."},"BCR-02":{"mappings":[],"references":[],"title":"Determine the impact of business disruptions and risks to establish criteria for developing business continuity and operational resilience strategies and capabilities."},"BCR-03":{"mappings":[],"references":[],"title":"Establish strategies to reduce the impact of, withstand, and recover from business disruptions within risk appetite."},"BCR-04":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain a business continuity plan based on the results of the operational resilience strategies and capabilities."},"BCR-05":{"mappings":[],"references":[],"title":"Develop, identify, and acquire documentation that is relevant to support the business continuity and operational resilience programs. Make the documentation available to authorized stakeholders and review periodically."},"BCR-06":{"mappings":[],"references":[],"title":"Exercise and test business continuity and operational resilience plans at least annually or upon significant changes."},"BCR-07":{"mappings":[],"references":[],"title":"Establish communication with stakeholders and participants in the course of business continuity and resilience procedures."},"BCR-08":{"mappings":[],"references":[],"title":"Periodically backup data stored in the cloud. Ensure the confidentiality, integrity and availability of the backup, and verify data restoration from backup for resiliency."},"BCR-09":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain a disaster response plan to recover from natural and man-made disasters. Update the plan at least annually or upon significant changes."},"BCR-10":{"mappings":[],"references":[],"title":"Exercise the disaster response plan annually or upon significant changes, including if possible local emergency authorities."},"BCR-11":{"mappings":[],"references":[],"title":"Supplement business-critical equipment with redundant equipment independently located at a reasonable minimum distance in accordance with applicable industry standards."},"CCC-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for managing the risks associated with applying changes to organization assets, including application, systems, infrastructure, configuration, etc., regardless of whether the assets are managed internally or externally (i.e., outsourced). Review and update the policies and procedures at least annually."},"CCC-02":{"mappings":[],"references":[],"title":"Follow a defined quality change control, approval and testing process with established baselines, testing, and release standards."},"CCC-03":{"mappings":[],"references":[],"title":"Manage the risks associated with applying changes to organization assets, including application, systems, infrastructure, configuration, etc., regardless of whether the assets are managed internally or externally (i.e., outsourced)."},"CCC-04":{"mappings":[],"references":[],"title":"Restrict the unauthorized addition, removal, update, and management of organization assets."},"CCC-05":{"mappings":[],"references":[],"title":"Include provisions limiting changes directly impacting CSCs owned environments/tenants to explicitly authorized requests within service level agreements between CSPs and CSCs."},"CCC-06":{"mappings":[],"references":[],"title":"Establish change management baselines for all relevant authorized changes on organization assets."},"CCC-07":{"mappings":[],"references":[],"title":"Implement detection measures with proactive notification in case of changes deviating from the established baseline."},"CCC-08":{"mappings":[],"references":[],"title":"Implement a procedure for the management of exceptions, including emergencies, in the change and configuration process. Align the procedure with the requirements of GRC-04: Policy Exception Process."},"CCC-09":{"mappings":[],"references":[],"title":"Define and implement a process to proactively roll back changes to a previous known good state in case of errors or security concerns."},"CEK-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for Cryptography, Encryption and Key Management. Review and update the policies and procedures at least annually."},"CEK-02":{"mappings":[],"references":[],"title":"Define and implement cryptographic, encryption and key management roles and responsibilities."},"CEK-03":{"mappings":[],"references":[],"title":"Provide cryptographic protection to data at-rest and in-transit, using cryptographic libraries certified to approved standards."},"CEK-04":{"mappings":[],"references":[],"title":"Use encryption algorithms that are appropriate for data protection, considering the classification of data, associated risks, and usability of the encryption technology."},"CEK-05":{"mappings":[],"references":[],"title":"Establish a standard change management procedure, to accommodate changes from internal and external sources, for review, approval, implementation and communication of cryptographic, encryption and key management technology changes."},"CEK-06":{"mappings":[],"references":[],"title":"Manage and adopt changes to cryptography-, encryption-, and key management-related systems (including policies and procedures) that fully account for downstream effects of proposed changes, including residual risk, cost, and benefits analysis."},"CEK-07":{"mappings":[],"references":[],"title":"Establish and maintain an encryption and key management risk program that includes provisions for risk assessment, risk treatment, risk context, monitoring, and feedback."},"CEK-08":{"mappings":[],"references":[],"title":"CSPs must provide the capability for CSCs to manage their own data encryption keys."},"CEK-09":{"mappings":[],"references":[],"title":"Audit encryption and key management systems, policies, and processes with a frequency that is proportional to the risk exposure of the system with audit occurring preferably continuously but at least annually and after any security event(s)."},"CEK-10":{"mappings":[],"references":[],"title":"Generate Cryptographic keys using industry accepted cryptographic libraries specifying the algorithm strength and the random number generator used."},"CEK-11":{"mappings":[],"references":[],"title":"Manage cryptographic secret and private keys that are provisioned for a unique purpose."},"CEK-12":{"mappings":[],"references":[],"title":"Rotate cryptographic keys in accordance with the calculated cryptoperiod, which includes provisions for considering the risk of information disclosure and legal and regulatory requirements."},"CEK-13":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to revoke and remove cryptographic keys prior to the end of its established cryptoperiod, when a key is compromised, or an entity is no longer part of the organization, which include provisions for legal and regulatory requirements."},"CEK-14":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to destroy keys stored outside a secure environment and revoke keys stored in Hardware Security Modules (HSMs) when they are no longer needed, which include provisions for legal and regulatory requirements."},"CEK-15":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to create keys in a pre-activated state when they have been generated but not authorized for use, which include provisions for legal and regulatory requirements."},"CEK-16":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to monitor, review and approve key transitions from any state to/from suspension, which include provisions for legal and regulatory requirements."},"CEK-17":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to deactivate keys at the time of their expiration date, which include provisions for legal and regulatory requirements."},"CEK-18":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to manage archived keys in a secure repository requiring least privilege access, which include provisions for legal and regulatory requirements."},"CEK-19":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to use compromised keys to encrypt information only in controlled circumstance, and thereafter exclusively for decrypting data and never for encrypting data, which include provisions for legal and regulatory requirements."},"CEK-20":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to assess the risk to operational continuity versus the risk of the keying material and the information it protects being exposed if control of the keying material is lost, which include provisions for legal and regulatory requirements."},"CEK-21":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures in order for the key management system to track and report all cryptographic materials and changes in status, which include provisions for legal and regulatory requirements."},"DCS-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the secure disposal of equipment used outside the organization's premises. If the equipment is not physically destroyed a data destruction procedure that renders recovery of information impossible must be applied. Review and update the policies and procedures at least annually."},"DCS-02":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the relocation or transfer of hardware, software, or data/information to an offsite or alternate location. The relocation or transfer request requires the written or cryptographically verifiable authorization. Review and update the policies and procedures at least annually."},"DCS-03":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for maintaining a safe and secure working environment in offices, rooms, and facilities. Review and update the policies and procedures at least annually."},"DCS-04":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the secure transportation of physical media. Review and update the policies and procedures at least annually."},"DCS-05":{"mappings":[],"references":[],"title":"Classify and document the physical, and logical assets (e.g., applications) based on the organizational business risk."},"DCS-06":{"mappings":[],"references":[],"title":"Catalogue and track all relevant physical and logical assets located at all of the CSP's sites within a secured system."},"DCS-07":{"mappings":[],"references":[],"title":"Implement physical security perimeters to safeguard personnel, data, and information systems. Establish physical security perimeters between the administrative and business areas and the data storage and processing facilities areas."},"DCS-08":{"mappings":[],"references":[],"title":"Use equipment identification as a method for connection authentication."},"DCS-09":{"mappings":[],"references":[],"title":"Allow only authorized personnel access to secure areas, with all ingress and egress points restricted, documented, and monitored by physical access control mechanisms. Retain access control records on a periodic basis as deemed appropriate by the organization."},"DCS-10":{"mappings":[],"references":[],"title":"Implement, maintain, and operate datacenter surveillance systems at the external perimeter and at all the ingress and egress points to detect unauthorized ingress and egress attempts."},"DCS-11":{"mappings":[],"references":[],"title":"Train datacenter personnel to respond to unauthorized ingress or egress attempts."},"DCS-12":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures that ensure a risk-based protection of power and telecommunication cables from a threat of interception, interference or damage at all facilities, offices and rooms."},"DCS-13":{"mappings":[],"references":[],"title":"Implement and maintain data center environmental control systems that monitor, maintain and test for continual effectiveness the temperature and humidity conditions within accepted industry standards."},"DCS-14":{"mappings":[],"references":[],"title":"Secure, monitor, maintain, and test utilities services for continual effectiveness at planned intervals."},"DCS-15":{"mappings":[],"references":[],"title":"Keep business-critical equipment away from locations subject to high probability for environmental risk events."},"DSP-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the classification, protection and handling of data throughout its lifecycle, and according to all applicable laws and regulations, standards, and risk level. Review and update the policies and procedures at least annually."},"DSP-02":{"mappings":[],"references":[],"title":"Apply industry accepted methods for the secure disposal of data from storage media such that data is not recoverable by any forensic means."},"DSP-03":{"mappings":[],"references":[],"title":"Create and maintain a data inventory, at least for any sensitive data and personal data."},"DSP-04":{"mappings":[],"references":[],"title":"Classify data according to its type and sensitivity level."},"DSP-05":{"mappings":[],"references":[],"title":"Create data flow documentation to identify what data is processed, stored or transmitted where. Review data flow documentation at defined intervals, at least annually, and after any change."},"DSP-06":{"mappings":[],"references":[],"title":"Document ownership and stewardship of all relevant documented personal and sensitive data. Perform review at least annually."},"DSP-07":{"mappings":[],"references":[],"title":"Develop systems, products, and business practices based upon a principle of security by design and industry best practices."},"DSP-08":{"mappings":[],"references":[],"title":"Develop systems, products, and business practices based upon a principle of privacy by design and industry best practices. Ensure that systems' privacy settings are configured by default, according to all applicable laws and regulations."},"DSP-09":{"mappings":[],"references":[],"title":"Conduct a Data Protection Impact Assessment (DPIA) to evaluate the origin, nature, particularity and severity of the risks upon the processing of personal data, according to any applicable laws, regulations and industry best practices."},"DSP-10":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures that ensure any transfer of personal or sensitive data is protected from unauthorized access and only processed within scope as permitted by the respective laws and regulations."},"DSP-11":{"mappings":[],"references":[],"title":"Define and implement, processes, procedures and technical measures to enable data subjects to request access to, modification, or deletion of their personal data, according to any applicable laws and regulations."},"DSP-12":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to ensure that personal data is processed according to any applicable laws and regulations and for the purposes declared to the data subject."},"DSP-13":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the transfer and sub-processing of personal data within the service supply chain, according to any applicable laws and regulations."},"DSP-14":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to disclose the details of any personal or sensitive data access by sub-processors to the data owner prior to initiation of that processing."},"DSP-15":{"mappings":[],"references":[],"title":"Obtain authorization from data owners, and manage associated risk before replicating or using production data in non-production environments."},"DSP-16":{"mappings":[],"references":[],"title":"Data retention, archiving and deletion is managed in accordance with business requirements, applicable laws and regulations."},"DSP-17":{"mappings":[],"references":[],"title":"Define and implement, processes, procedures and technical measures to protect sensitive data throughout it's lifecycle."},"DSP-18":{"mappings":[],"references":[],"title":"The CSP must have in place, and describe to CSCs the procedure to manage and respond to requests for disclosure of Personal Data by Law Enforcement Authorities according to applicable laws and regulations. The CSP must give special attention to the notification procedure to interested CSCs, unless otherwise prohibited, such as a prohibition under criminal law to preserve confidentiality of a law enforcement investigation."},"DSP-19":{"mappings":[],"references":[],"title":"Define and implement, processes, procedures and technical measures to specify and document the physical locations of data, including any locations in which data is processed or backed up."},"GRC-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for an information governance program, which is sponsored by the leadership of the organization. Review and update the policies and procedures at least annually."},"GRC-02":{"mappings":[],"references":[],"title":"Establish a formal, documented, and leadership-sponsored Enterprise Risk Management (ERM) program that includes policies and procedures for identification, evaluation, ownership, treatment, and acceptance of cloud security and privacy risks."},"GRC-03":{"mappings":[],"references":[],"title":"Review all relevant organizational policies and associated procedures at least annually or when a substantial change occurs within the organization."},"GRC-04":{"mappings":[],"references":[],"title":"Establish and follow an approved exception process as mandated by the governance program whenever a deviation from an established policy occurs."},"GRC-05":{"mappings":[],"references":[],"title":"Develop and implement an Information Security Program, which includes programs for all the relevant domains of the CCM."},"GRC-06":{"mappings":[],"references":[],"title":"Define and document roles and responsibilities for planning, implementing, operating, assessing, and improving governance programs."},"GRC-07":{"mappings":[],"references":[],"title":"Identify and document all relevant standards, regulations, legal/contractual, and statutory requirements, which are applicable to your organization."},"GRC-08":{"mappings":[],"references":[],"title":"Establish and maintain contact with cloud-related special interest groups and other relevant entities in line with business context."},"HRS-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for background verification of all new employees (including but not limited to remote employees, contractors, and third parties) according to local laws, regulations, ethics, and contractual constraints and proportional to the data classification to be accessed, the business requirements, and acceptable risk. Review and update the policies and procedures at least annually."},"HRS-02":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for defining allowances and conditions for the acceptable use of organizationally-owned or managed assets. Review and update the policies and procedures at least annually."},"HRS-03":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures that require unattended workspaces to not have openly visible confidential data. Review and update the policies and procedures at least annually."},"HRS-04":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures to protect information accessed, processed or stored at remote sites and locations. Review and update the policies and procedures at least annually."},"HRS-05":{"mappings":[],"references":[],"title":"Establish and document procedures for the return of organization-owned assets by terminated employees."},"HRS-06":{"mappings":[],"references":[],"title":"Establish, document, and communicate to all personnel the procedures outlining the roles and responsibilities concerning changes in employment."},"HRS-07":{"mappings":[],"references":[],"title":"Employees sign the employee agreement prior to being granted access to organizational information systems, resources and assets."},"HRS-08":{"mappings":[],"references":[],"title":"The organization includes within the employment agreements provisions and/or terms for adherence to established information governance and security policies."},"HRS-09":{"mappings":[],"references":[],"title":"Document and communicate roles and responsibilities of employees, as they relate to information assets and security."},"HRS-10":{"mappings":[],"references":[],"title":"Identify, document, and review, at planned intervals, requirements for non-disclosure/confidentiality agreements reflecting the organization's needs for the protection of data and operational details."},"HRS-11":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain a security awareness training program for all employees of the organization and provide regular training updates."},"HRS-12":{"mappings":[],"references":[],"title":"Provide all employees with access to sensitive organizational and personal data with appropriate security awareness training and regular updates in organizational procedures, processes, and policies relating to their professional function relative to the organization."},"HRS-13":{"mappings":[],"references":[],"title":"Make employees aware of their roles and responsibilities for maintaining awareness and compliance with established policies and procedures and applicable legal, statutory, or regulatory compliance obligations."},"IAM-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, implement, apply, evaluate and maintain policies and procedures for identity and access management. Review and update the policies and procedures at least annually."},"IAM-02":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, implement, apply, evaluate and maintain strong password policies and procedures. Review and update the policies and procedures at least annually."},"IAM-03":{"mappings":[],"references":[],"title":"Manage, store, and review the information of system identities, and level of access."},"IAM-04":{"mappings":[],"references":[],"title":"Employ the separation of duties principle when implementing information system access."},"IAM-05":{"mappings":[],"references":[],"title":"Employ the least privilege principle when implementing information system access."},"IAM-06":{"mappings":[],"references":[],"title":"Define and implement a user access provisioning process which authorizes, records, and communicates access changes to data and assets."},"IAM-07":{"mappings":[],"references":[],"title":"De-provision or respectively modify access of movers / leavers or system identity changes in a timely manner in order to effectively adopt and communicate identity and access management policies."},"IAM-08":{"mappings":[],"references":[],"title":"Review and revalidate user access for least privilege and separation of duties with a frequency that is commensurate with organizational risk tolerance."},"IAM-09":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the segregation of privileged access roles such that administrative access to data, encryption and key management capabilities and logging capabilities are distinct and separated."},"IAM-10":{"mappings":[],"references":[],"title":"Define and implement an access process to ensure privileged access roles and rights are granted for a time limited period, and implement procedures to prevent the culmination of segregated privileged access."},"IAM-11":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes and procedures for customers to participate, where applicable, in the granting of access for agreed, high risk (as defined by the organizational risk assessment) privileged access roles."},"IAM-12":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to ensure the logging infrastructure is read-only for all with write access, including privileged access roles, and that the ability to disable it is controlled through a procedure that ensures the segregation of duties and break glass procedures."},"IAM-13":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures that ensure users are identifiable through unique IDs or which can associate individuals to the usage of user IDs."},"IAM-14":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for authenticating access to systems, application and data assets, including multifactor authentication for at least privileged user and sensitive data access. Adopt digital certificates or alternatives which achieve an equivalent level of security for system identities."},"IAM-15":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the secure management of passwords."},"IAM-16":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to verify access to data and system functions is authorized."},"IPY-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for interoperability and portability including requirements for: a. Communications between application interfaces b. Information processing interoperability c. Application development portability d. Information/Data exchange, usage, portability, integrity, and persistence Review and update the policies and procedures at least annually."},"IPY-02":{"mappings":[],"references":[],"title":"Provide application interface(s) to CSCs so that they programmatically retrieve their data to enable interoperability and portability."},"IPY-03":{"mappings":[],"references":[],"title":"Implement cryptographically secure and standardized network protocols for the management, import and export of data."},"IPY-04":{"mappings":[],"references":[],"title":"Agreements must include provisions specifying CSCs access to data upon contract termination and will include: a. Data format b. Length of time the data will be stored c. Scope of the data retained and made available to the CSCs d. Data deletion policy"},"IVS-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for infrastructure and virtualization security. Review and update the policies and procedures at least annually."},"IVS-02":{"mappings":[],"references":[],"title":"Plan and monitor the availability, quality, and adequate capacity of resources in order to deliver the required system performance as determined by the business."},"IVS-03":{"mappings":[],"references":[],"title":"Monitor, encrypt and restrict communications between environments to only authenticated and authorized connections, as justified by the business. Review these configurations at least annually, and support them by a documented justification of all allowed services, protocols, ports, and compensating controls."},"IVS-04":{"mappings":[],"references":[],"title":"Harden host and guest OS, hypervisor or infrastructure control plane according to their respective best practices, and supported by technical controls, as part of a security baseline."},"IVS-05":{"mappings":[],"references":[],"title":"Separate production and non-production environments."},"IVS-06":{"mappings":[],"references":[],"title":"Design, develop, deploy and configure applications and infrastructures such that CSP and CSC (tenant) user access and intra-tenant access is appropriately segmented and segregated, monitored and restricted from other tenants."},"IVS-07":{"mappings":[],"references":[],"title":"Use secure and encrypted communication channels when migrating servers, services, applications, or data to cloud environments. Such channels must include only up-to-date and approved protocols."},"IVS-08":{"mappings":[],"references":[],"title":"Identify and document high-risk environments."},"IVS-09":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and defense-in-depth techniques for protection, detection, and timely response to network-based attacks."},"LOG-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for logging and monitoring. Review and update the policies and procedures at least annually."},"LOG-02":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to ensure the security and retention of audit logs."},"LOG-03":{"mappings":[],"references":[],"title":"Identify and monitor security-related events within applications and the underlying infrastructure. Define and implement a system to generate alerts to responsible stakeholders based on such events and corresponding metrics."},"LOG-04":{"mappings":[],"references":[],"title":"Restrict audit logs access to authorized personnel and maintain records that provide unique access accountability."},"LOG-05":{"mappings":[],"references":[],"title":"Monitor security audit logs to detect activity outside of typical or expected patterns. Establish and follow a defined process to review and take appropriate and timely actions on detected anomalies."},"LOG-06":{"mappings":[],"references":[],"title":"Use a reliable time source across all relevant information processing systems."},"LOG-07":{"mappings":[],"references":[],"title":"Establish, document and implement which information meta/data system events should be logged. Review and update the scope at least annually or whenever there is a change in the threat environment."},"LOG-08":{"mappings":[],"references":[],"title":"Generate audit records containing relevant security information."},"LOG-09":{"mappings":[],"references":[],"title":"The information system protects audit records from unauthorized access, modification, and deletion."},"LOG-10":{"mappings":[],"references":[],"title":"Establish and maintain a monitoring and internal reporting capability over the operations of cryptographic, encryption and key management policies, processes, procedures, and controls."},"LOG-11":{"mappings":[],"references":[],"title":"Log and monitor key lifecycle management events to enable auditing and reporting on usage of cryptographic keys."},"LOG-12":{"mappings":[],"references":[],"title":"Monitor and log physical access using an auditable access control system."},"LOG-13":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the reporting of anomalies and failures of the monitoring system and provide immediate notification to the accountable party."},"SEF-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for Security Incident Management, E-Discovery, and Cloud Forensics. Review and update the policies and procedures at least annually."},"SEF-02":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the timely management of security incidents. Review and update the policies and procedures at least annually."},"SEF-03":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain a security incident response plan, which includes but is not limited to: relevant internal departments, impacted CSCs, and other business critical relationships (such as supply-chain) that may be impacted."},"SEF-04":{"mappings":[],"references":[],"title":"Test and update as necessary incident response plans at planned intervals or upon significant organizational or environmental changes for effectiveness."},"SEF-05":{"mappings":[],"references":[],"title":"Establish and monitor information security incident metrics."},"SEF-06":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures supporting business processes to triage security-related events."},"SEF-07":{"mappings":[],"references":[],"title":"Define and implement, processes, procedures and technical measures for security breach notifications. Report security breaches and assumed security breaches including any relevant supply chain breaches, as per applicable SLAs, laws and regulations."},"SEF-08":{"mappings":[],"references":[],"title":"Maintain points of contact for applicable regulation authorities, national and local law enforcement, and other legal jurisdictional authorities."},"STA-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for the application of the Shared Security Responsibility Model (SSRM) within the organization. Review and update the policies and procedures at least annually."},"STA-02":{"mappings":[],"references":[],"title":"Apply, document, implement and manage the SSRM throughout the supply chain for the cloud service offering."},"STA-03":{"mappings":[],"references":[],"title":"Provide SSRM Guidance to the CSC detailing information about the SSRM applicability throughout the supply chain."},"STA-04":{"mappings":[],"references":[],"title":"Delineate the shared ownership and applicability of all CSA CCM controls according to the SSRM for the cloud service offering."},"STA-05":{"mappings":[],"references":[],"title":"Review and validate SSRM documentation for all cloud services offerings the organization uses."},"STA-06":{"mappings":[],"references":[],"title":"Implement, operate, and audit or assess the portions of the SSRM which the organization is responsible for."},"STA-07":{"mappings":[],"references":[],"title":"Develop and maintain an inventory of all supply chain relationships."},"STA-08":{"mappings":[],"references":[],"title":"CSPs periodically review risk factors associated with all organizations within their supply chain."},"STA-09":{"mappings":[],"references":[],"title":"Service agreements between CSPs and CSCs (tenants) must incorporate at least the following mutually-agreed upon provisions and/or terms: - Scope, characteristics and location of business relationship and services offered - Information security requirements (including SSRM) - Change management process - Logging and monitoring capability - Incident management and communication procedures - Right to audit and third party assessment - Service termination - Interoperability and portability requirements - Data privacy"},"STA-10":{"mappings":[],"references":[],"title":"Review supply chain agreements between CSPs and CSCs at least annually."},"STA-11":{"mappings":[],"references":[],"title":"Define and implement a process for conducting internal assessments to confirm conformance and effectiveness of standards, policies, procedures, and service level agreement activities at least annually."},"STA-12":{"mappings":[],"references":[],"title":"Implement policies requiring all CSPs throughout the supply chain to comply with information security, confidentiality, access control, privacy, audit, personnel policy and service level requirements and standards."},"STA-13":{"mappings":[],"references":[],"title":"Periodically review the organization's supply chain partners' IT governance policies and procedures."},"STA-14":{"mappings":[],"references":[],"title":"Define and implement a process for conducting security assessments periodically for all organizations within the supply chain."},"TVM-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures to identify, report and prioritize the remediation of vulnerabilities, in order to protect systems against vulnerability exploitation. Review and update the policies and procedures at least annually."},"TVM-02":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures to protect against malware on managed assets. Review and update the policies and procedures at least annually."},"TVM-03":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to enable both scheduled and emergency responses to vulnerability identifications, based on the identified risk."},"TVM-04":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to update detection tools, threat signatures, and indicators of compromise on a weekly, or more frequent basis."},"TVM-05":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to identify updates for applications which use third party or open source libraries according to the organization's vulnerability management policy."},"TVM-06":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the periodic performance of penetration testing by independent third parties."},"TVM-07":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures for the detection of vulnerabilities on organizationally managed assets at least monthly."},"TVM-08":{"mappings":[],"references":[],"title":"Use a risk-based model for effective prioritization of vulnerability remediation using an industry recognized framework."},"TVM-09":{"mappings":[],"references":[],"title":"Define and implement a process for tracking and reporting vulnerability identification and remediation activities that includes stakeholder notification."},"TVM-10":{"mappings":[],"references":[],"title":"Establish, monitor and report metrics for vulnerability identification and remediation at defined intervals."},"UEM-01":{"mappings":[],"references":[],"title":"Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for all endpoints. Review and update the policies and procedures at least annually."},"UEM-02":{"mappings":[],"references":[],"title":"Define, document, apply and evaluate a list of approved services, applications and sources of applications (stores) acceptable for use by endpoints when accessing or storing organization-managed data."},"UEM-03":{"mappings":[],"references":[],"title":"Define and implement a process for the validation of the endpoint device's compatibility with operating systems and applications."},"UEM-04":{"mappings":[],"references":[],"title":"Maintain an inventory of all endpoints used to store and access company data."},"UEM-05":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to enforce policies and controls for all endpoints permitted to access systems and/or store, transmit, or process organizational data."},"UEM-06":{"mappings":[],"references":[],"title":"Configure all relevant interactive-use endpoints to require an automatic lock screen."},"UEM-07":{"mappings":[],"references":[],"title":"Manage changes to endpoint operating systems, patch levels, and/or applications through the company's change management processes."},"UEM-08":{"mappings":[],"references":[],"title":"Protect information from unauthorized disclosure on managed endpoint devices with storage encryption."},"UEM-09":{"mappings":[],"references":[],"title":"Configure managed endpoints with anti-malware detection and prevention technology and services."},"UEM-10":{"mappings":[],"references":[],"title":"Configure managed endpoints with properly configured software firewalls."},"UEM-11":{"mappings":[],"references":[],"title":"Configure managed endpoints with Data Loss Prevention (DLP) technologies and rules in accordance with a risk assessment."},"UEM-12":{"mappings":[],"references":[],"title":"Enable remote geo-location capabilities for all managed mobile endpoints."},"UEM-13":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical measures to enable the deletion of company data remotely on managed endpoint devices."},"UEM-14":{"mappings":[],"references":[],"title":"Define, implement and evaluate processes, procedures and technical and/or contractual measures to maintain proper security of third-party endpoints with access to organizational assets."}},"links":["https://cloudsecurityalliance.org/research/cloud-controls-matrix/"],"release_date":"2022-02-10"}}},"ISO-IEC-27002":{"category":"ISO IEC 27002:2007","latest_version":"27002/AC:2007","name":"Information technology - Security techniques - Code of practice for information security management","versions":{"27002/AC:2007":{"controls":{},"links":[],"release_date":"2007-09-00"}}},"aws":{"SNYK_CC_AWS_402":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-Controls","v8","11.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"502","impact":"Data stored in the snapshot may be sensitive. Without encryption the data may be accessed without appropriate authorization","issue":"The AMI snapshot is not encrypted","publicId":"SNYK-CC-AWS-402","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html","https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html"],"remediation":{"terraform":"Set `ebs_block_device_rules.encrypted` attribute to `true`"},"severity":"medium","subType":"EC2","title":"AMI snapshot is not encrypted"},"SNYK_CC_AWS_403":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","2.2.1"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"503","impact":"EBS block storage devices will not be encrypted. Each device will have to be explicitly encrypted on creation","issue":"EBS encryption by default is explicitly disabled ","publicId":"SNYK-CC-AWS-403","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html"],"remediation":{"terraform":"Set `enabled` attribute to `true`"},"severity":"medium","subType":"EBS","title":"EBS encryption by default is disabled"},"SNYK_CC_AWS_404":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-Controls","v8","11.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"504","impact":"Data stored in the snapshot may be sensitive. Without encryption the data may be accessed without appropriate authorization","issue":"The AMI snapshot copy is not encrypted","publicId":"SNYK-CC-AWS-404","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html","https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html"],"remediation":{"terraform":"Set `encrypted` attribute to `true`"},"severity":"medium","subType":"EC2","title":"AMI snapshot copy is not encrypted"},"SNYK_CC_AWS_405":{"compliance":[["CIS-Controls","v8","12.2"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"505","impact":"Maliciously crafted headers may be accepted by the load balancer","issue":"The application load balancer is not set to drop invalid headers.","publicId":"SNYK-CC-AWS-405","references":["https://docs.aws.amazon.com/config/latest/developerguide/alb-http-drop-invalid-header-enabled.html"],"remediation":{"cloudformation":"Set `Properties.LoadBalancerAttributes.Key` to `routing.http.drop_invalid_header_fields.enabled` and `Properties.LoadBalancerAttributes.Value` to `true`","terraform":"Set `drop_invalid_header_fields` to `true`"},"severity":"low","subType":"Elastic Load Balancing","title":"ALB does not drop invalid headers"},"SNYK_CC_AWS_406":{"id":"506","impact":"Compliance reports and dashboards may not include all relevant information","issue":"Configuration aggregator does not collect data from all regions","publicId":"SNYK-CC-AWS-406","references":["https://docs.aws.amazon.com/config/latest/developerguide/aggregate-data.html"],"remediation":{"cloudformation":"Set `Properties.AccountAggregationSources.AllAwsRegions` attribute to `true`","terraform":"Set `organization_aggregation_source.all_regions` attribute to `true`"},"severity":"low","subType":"Config","title":"Configuration aggregator does not contain all regions"},"SNYK_CC_AWS_407":{"compliance":[["CIS-Controls","v8","11.2"],["CSA-CCM","v4.0.5","BCR-08"]],"id":"507","impact":"No cluster backups will be saved automatically, rebuilding after disaster may be more difficult","issue":"ElastiCache cluster automatic backup is disabled","publicId":"SNYK-CC-AWS-407","references":["https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_Snapshot.html"],"remediation":{"cloudformation":"Set `Properties.SnapshotRetentionLimit` to `1` or more","terraform":"Set `resource.snapshot_retention_limit` to `1` or more"},"severity":"medium","subType":"ElastiCache","title":"ElastiCache automatic backup is disabled"},"SNYK_CC_AWS_408":{"compliance":[["CIS-Controls","v8","11.2"],["CSA-CCM","v4.0.5","BCR-08"]],"id":"508","impact":"No automatic backups will occur, availability risk if disaster occurs and manual backups have not been set","issue":"Automatic backup of AWS Relational Database is disabled","policyEngineType":"opa","publicId":"SNYK-CC-AWS-408","references":["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html"],"remediation":{"cloudformation":"Set `Properties.BackupRetentionPeriod` to `1` or more","terraform":"Set `resource.backup_retention_period` to `1` or more"},"severity":"medium","subType":"RDS","title":"RDS automatic backup is disabled","type":"terraform"},"SNYK_CC_AWS_409":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","2.1.1"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"disabled":true,"disabledReason":"The tool is not currently able to determine the encryption state of the S3 bucket","id":"509","impact":"Anyone with access to the destination S3 bucket will be able to read the contents of the object","issue":"Objects are not encrypted by default when stored in the S3 bucket","publicId":"SNYK-CC-AWS-409","references":["https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-bucket-encryption.html"],"remediation":{"terraform":"Set `server_side_encryption` attribute to `AES256` or `aws:kms`"},"severity":"medium","subType":"S3","title":"S3 object is not encrypted"},"SNYK_CC_AWS_410":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"510","impact":"Should someone gain unauthorized access to the output location the data may be accessed","issue":"Query results produced by Athena are may not be encrypted","publicId":"SNYK-CC-AWS-410","references":["https://docs.aws.amazon.com/athena/latest/ug/encryption.html","https://docs.aws.amazon.com/athena/latest/ug/encrypting-query-results-stored-in-s3.html"],"remediation":{"cloudformation":"Set `Properties.WorkGroupConfiguration.ResultConfiguration.EncryptionConfiguration.EncryptionOption` to `CSE_KMS`, `SSE_KMS` or `SSE_S3`.","terraform":"Set `configuration.result_configuration.encryption_configuration.encryption_option` to `CSE_KMS`, `SSE_KMS` or `SSE_S3`."},"severity":"medium","subType":"RDS","title":"Athena workgroup result encryption is not enforced"},"SNYK_CC_AWS_411":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"511","impact":"Should someone gain unauthorized access to the device or backup the data may be accessed","issue":"Root volume in WorkSpace is not encrypted","publicId":"SNYK-CC-AWS-411","references":["https://docs.aws.amazon.com/workspaces/latest/adminguide/encrypt-workspaces.html"],"remediation":{"cloudformation":"Set `Properties.RootVolumeEncryptionEnabled` to `true`.","terraform":"Set `root_volume_encryption_enabled` to `true`."},"severity":"medium","subType":"WorkSpace","title":"WorkSpace root device encryption is disabled"},"SNYK_CC_AWS_412":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"512","impact":"Should someone gain unauthorized access to the device or backup they would be able to read the contents","issue":"User volumes in WorkSpace are not encrypted","publicId":"SNYK-CC-AWS-412","references":["https://docs.aws.amazon.com/workspaces/latest/adminguide/encrypt-workspaces.html"],"remediation":{"cloudformation":"Set `Properties.UserVolumeEncryptionEnabled` to `true`","terraform":"Set `user_volume_encryption_enabled` to `true`"},"severity":"medium","subType":"WorkSpace","title":"WorkSpace user volume encryption is disabled"},"SNYK_CC_AWS_413":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"513","impact":"The content could be intercepted and manipulated in transit","issue":"Data between ECS host and EFS server is not encrypted in transit","publicId":"SNYK-CC-AWS-413","references":["https://docs.aws.amazon.com/AmazonECS/latest/developerguide/efs-volumes.html#specify-efs-config"],"remediation":{"cloudformation":"Set `Properties.Volumes.EFSVolumeConfiguration.TransitEncryption` attribute to `ENABLED`.","terraform":"Set `volume.efs_volume_configuration.transit_encryption` attribute to `ENABLED`."},"severity":"medium","subType":"ECS","title":"EFS in task definition does not encrypt data in transit"},"SNYK_CC_AWS_414":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"514","impact":"Users will connect to DB instance with password, which are less secure than temporary tokens which expire","issue":"IAM database authentication is disabled, authentication tokens are not used to connect to DB instance","publicId":"SNYK-CC-AWS-414","references":["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html"],"remediation":{"cloudformation":"Set `Properties.EnableIAMDatabaseAuthentication` to `true`.","terraform":"Set `iam_database_authentication_enabled` to `true`."},"severity":"medium","subType":"RDS","title":"RDS IAM authentication is disabled"},"SNYK_CC_AWS_415":{"compliance":[["CIS-AWS-Foundations","v1.4.0","3.7"]],"id":"515","impact":"Scope of use of the key cannot be controlled via KMS/IAM policies","issue":"Log group is not encrypted with customer managed key","publicId":"SNYK-CC-AWS-415","references":["https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/encrypt-log-data-kms.html","https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and-customer-managed-cmks.html"],"remediation":{"cloudformation":"Set `Properties.KmsKeyId` attribute with customer managed key id","terraform":"Set `kms_key_id` attribute with customer managed key id"},"severity":"low","subType":"CloudWatch","title":"CloudWatch log group not encrypted with managed key"},"SNYK_CC_AWS_416":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"516","impact":"Scope of use of the key cannot be controlled via KMS/IAM policies","issue":"Docdb cluster is not encrypted with customer managed key","publicId":"SNYK-CC-AWS-416","references":["https://docs.aws.amazon.com/documentdb/latest/developerguide/encryption-at-rest.html","https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and-customer-managed-cmks.html"],"remediation":{"cloudformation":"Set `Properties.KmsKeyId` attribute to customer managed key id","terraform":"Set `kms_key_id` attribute to customer managed key id"},"severity":"low","subType":"DocumentDB","title":"Docdb cluster not encrypted with customer managed key"},"SNYK_CC_AWS_417":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"517","impact":"Scope of use of the key cannot be controlled via KMS/IAM policies","issue":"DynamoDB table is not encrypted with customer managed KMS key","publicId":"SNYK-CC-AWS-417","references":["https://docs.aws.amazon.com/kms/latest/developerguide/services-dynamodb.html","https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and-customer-managed-cmks.html"],"remediation":{"cloudformation":"Set `Properties.SSESpecification.SSEType` attribute to `KMS`, and `Properties.SSESpecification.KMSMasterKeyId` attribute to customer managed key ARN","terraform":"Set `server_side_encryption.kms_key_arn` attribute to customer managed key ARN"},"severity":"low","subType":"DynamoDB","title":"DynamoDB not encrypted with customer managed key"},"SNYK_CC_AWS_418":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"518","impact":"Scope of use of the key cannot be controlled via KMS/IAM policies","issue":"ECR repository is not encrypted with customer managed key","publicId":"SNYK-CC-AWS-418","references":["https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html","https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and-customer-managed-cmks.html"],"remediation":{"cloudformation":"Set `Properties.EncryptionConfiguration.KmsKey` attribute to customer managed KMS key","terraform":"Set `encryption_configuration.kms_key` attribute to customer managed KMS key"},"severity":"low","subType":"ECR","title":"ECR repository is not encrypted with customer managed key"},"SNYK_CC_AWS_419":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"419","impact":"If someone gains unauthorized access to the cache storage location the contents will be readable which may disclose sensitive information","issue":"API gateway cache is not encrypted","publicId":"SNYK-CC-AWS-419","references":["https://docs.aws.amazon.com/apigateway/latest/developerguide/data-protection-encryption.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-apigateway-deployment-stagedescription.html"],"remediation":{"cloudformation":"Set `Properties.StageDescription.CacheDataEncrypted` attribute to `true`","terraform":"Set `settings.cache_data_encrypted` attribute to `true`"},"severity":"medium","subType":"API Gateway (REST APIs)","title":"API gateway cached responses are not encrypted"},"SNYK_CC_AWS_420":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"420","impact":"Scope of use of the encryption key cannot be controlled via KMS/IAM policies","issue":"Sagemaker is note encrypted with customer managed key","publicId":"SNYK-CC-AWS-420","references":["https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-notebookinstance.html","https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and-customer-managed-cmks.html"],"remediation":{"cloudformation":"Set `Properties.KmsKeyId` to customer managed key id ","terraform":"Set `kms_key_id` attribute to customer managed key id"},"severity":"low","subType":"Sagemaker","title":"Sagemaker is not encrypted with customer managed key"},"SNYK_CC_AWS_421":{"id":"521","impact":"Scope of use of the encryption key cannot be controlled via KMS/IAM policies","issue":"Secrets Manager is not encrypted with customer managed key","publicId":"SNYK-CC-AWS-421","references":["https://docs.aws.amazon.com/kms/latest/developerguide/services-secrets-manager.html"],"remediation":{"cloudformation":"Set `Properties.KmsKeyId` attribute to customer managed key id","terraform":"Set `kms_key_id` attribute to customer managed key id"},"severity":"low","subType":"Secrets Manager","title":"Secrets Manager is not encrypted with customer managed key"},"SNYK_CC_AWS_422":{"id":"522","impact":"Scope of use of the encryption key cannot be controlled via KMS/IAM policies","issue":"SNS topic is not encrypted with customer managed key","publicId":"SNYK-CC-AWS-422","references":["https://docs.aws.amazon.com/sns/latest/dg/sns-create-topic.html","https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and-customer-managed-cmks.html"],"remediation":{"cloudformation":"Set `Properties.KmsMasterKeyId` attribute to a customer managed key id ","terraform":"Set `kms_master_key_id` attribute to a customer managed key id"},"severity":"low","subType":"SNS","title":"SNS topic is not encrypted with customer managed key"},"SNYK_CC_AWS_423":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"523","impact":"Default VPC is designed to help get started with AWS, however dedicated VPCs are recommended for any production deployments","issue":"Default VPC resources is being maintained","publicId":"SNYK-CC-AWS-423","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_vpc","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc.html","https://github.com/gruntwork-io/cloud-nuke"],"remediation":{"terraform":"Remove `aws_default_vpc` resource"},"severity":"low","subType":"VPC","title":"Default VPC resource detected"},"SNYK_CC_AWS_424":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"524","impact":"Instances should send and receive traffic with own IP address only. Disabling this check allows the instance to spoof other devices on the local network or intercept traffic. Ignore this issue if you are deploying a NAT instance which requires this setting to be disabled","issue":"Address source/destination checking has been disabled","publicId":"SNYK-CC-AWS-424","references":["https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html#EIP_Disable_SrcDestCheck"],"remediation":{"cloudformation":"Set `Properties.SourceDestCheck` attribute to `true`","terraform":"Set `source_dest_check` attribute to `true`"},"severity":"low","subType":"EC2","title":"Address source/destination check disabled on the instance"},"SNYK_CC_AWS_425":{"id":"525","impact":"Availability of the service may be impacted if unhealthy instances are not replaced","issue":"EC2 is unable to replace instances when they are reported as unhealthy","publicId":"SNYK-CC-AWS-425","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/manage-ec2-fleet.html"],"remediation":{"cloudformation":"Set `ReplaceUnhealthyInstances` attribute to `true`","terraform":"Set `replace_unhealthy_instances` attribute to `true`"},"severity":"low","subType":"EC2","title":"EC2 is unable to replace unhealthy instances"},"SNYK_CC_AWS_426":{"compliance":[["CSA-CCM","v4.0.5","CCC-04"]],"id":"526","impact":"Without this setting enabled the instances can be terminated by accident. This setting should only be used for instances with high availability requirements. Enabling this may prevent IaC workflows from updating the instance, for example terraform will not be able to terminate the instance to update instance type","issue":"To prevent instance from being accidentally terminated using Amazon EC2, you can enable termination protection for the instance","publicId":"SNYK-CC-AWS-426","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingDisableAPITermination"],"remediation":{"cloudformation":"Set `DisableApiTermination` attribute with value `true`","terraform":"Set `disable_api_termination` attribute with value `true`"},"severity":"low","subType":"EC2","title":"EC2 API termination protection is not enabled"},"SNYK_CC_AWS_427":{"compliance":[["CIS-Controls","v8","12.2"],["CSA-CCM","v4.0.5","DSP-17"]],"id":"527","impact":"Instances will be potentially accessible over public internet, which may lead to unauthorized access","issue":"Instances launched in this subnet will automatically have public IP assigned","publicId":"SNYK-CC-AWS-427","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html"],"remediation":{"cloudformation":"Set `Properties.MapPublicIpOnLaunch` attribute with value `true`","terraform":"Set `map_public_ip_on_launch` attribute with value `true`"},"severity":"low","subType":"VPC","title":"Public IPs are automatically mapped to instances"},"SNYK_CC_AWS_428":{"compliance":[["CIS-Controls","v8","13.5"],["CSA-CCM","v4.0.5","IAM-16"]],"id":"528","impact":"By default endpoints have no access controls applied which means anyone within account can access them","issue":"Access policy is not attached to the endpoint","publicId":"SNYK-CC-AWS-428","references":["https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html"],"remediation":{"cloudformation":"Set `Properties.PolicyDocument` attribute","terraform":"Set `policy` attribute"},"severity":"medium","subType":"VPC","title":"Access policy is not attached to the endpoint"},"SNYK_CC_AWS_429":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"529","impact":"Traffic mirroring can be abused to obtained unauthorized access to data in transit","issue":"Traffic mirroring session was enabled","publicId":"SNYK-CC-AWS-429","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ec2_traffic_mirror_session","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-trafficmirrorsession.html"],"remediation":{"cloudformation":"Remove traffic mirroring session resource when not actively utilized","terraform":"Remove traffic mirroring session resource when not actively utilized"},"severity":"low","subType":"EC2","title":"Traffic mirroring session enabled"},"SNYK_CC_AWS_430":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"530","impact":"Job will have elevated privileges on the host instance which may allow it to access information about other workloads","issue":"Batch job runs with privileged flag set to true","publicId":"SNYK-CC-AWS-430","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/batch_job_definition","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-batch-jobdefinition.html"],"remediation":{"cloudformation":"Remove `Properties.ContainerProperties.Privileged` attribute or set it to `false`","terraform":"Remove `privileged` attribute or set it to `false`"},"severity":"high","subType":"Batch","title":"Batch job runs in privileged mode"},"SNYK_CC_AWS_431":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"531","impact":"Granting permission to perform any action is against 'least privilege' principle","issue":"Wildcard action has been specified in policy action","publicId":"SNYK-CC-AWS-431","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain_policy","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#cfn-elasticsearch-domain-accesspolicies"],"remediation":{"cloudformation":"Remove `*` values from `Action` in policy document. Add specific permissions only for example `es:ESHttpGet`","terraform":"Remove `*` values from `Action` in policy document. Add specific permissions only for example `es:ESHttpGet`"},"severity":"medium","subType":"ElasticSearch","title":"Wildcard action in ElasticSearch access policy"},"SNYK_CC_AWS_432":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"532","impact":"Using wild card will grant unnecessary access to any user in the account","issue":"Wildcard principal has been specified in access policy","publicId":"SNYK-CC-AWS-432","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain_policy","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html#cfn-elasticsearch-domain-accesspolicies"],"remediation":{"cloudformation":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`","terraform":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`"},"severity":"medium","subType":"ElasticSearch","title":"Wildcard principal in ElasticSearch access policy"},"SNYK_CC_AWS_433":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"533","impact":"Using wild card will grant unnecessary access to any user in the account","issue":"Wildcard principal has been specified in access policy","publicId":"SNYK-CC-AWS-433","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_policy","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-resourcepolicy.html"],"remediation":{"cloudformation":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`","terraform":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`"},"severity":"medium","subType":"Secrets Manager","title":"Wildcard principal in SecretsManager access policy"},"SNYK_CC_AWS_434":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"534","impact":"Wildcard permissions grant broad permissions. The best practice recommends to providing only required permissions explicitly","issue":"Wildcard action has been specified in policy","publicId":"SNYK-CC-AWS-434","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_policy","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-resourcepolicy.html"],"remediation":{"cloudformation":"Remove `*` values from `Action` in policy document. Add specific permissions only for example `secretsmanager:DescribeSecret`","terraform":"Remove `*` values from `Action` in policy document. Add specific permissions only for example `secretsmanager:DescribeSecret`"},"severity":"medium","subType":"Secrets Manager","title":"Wildcard action in SecretsManager access policy"},"SNYK_CC_AWS_435":{"compliance":[["CIS-Controls","v8","8.2"],["CIS-Controls","v8","8.12"],["CSA-CCM","v4.0.5","LOG-08"]],"id":"535","impact":"You will not be able to audit events within your DocDB Cluster, which may hinder ability to detect anomalous behavior","issue":"Events performed within your DocumentDB Cluster will not be logged using Amazon CloudWatch Logs","publicId":"SNYK-CC-AWS-435","references":["https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-docdb-dbclusterparametergroup.html","https://docs.aws.amazon.com/documentdb/latest/developerguide/cluster_parameter_groups-list_of_parameters.html"],"remediation":{"cloudformation":"Set `Properties.Parameters.audit_logs` attribute to `enabled`.","terraform":"Set `parameters.name` attribute to `audit_logs`, and `parameters.value` attribute to `enabled`"},"severity":"medium","subType":"DocumentDB","title":"Audit logging is not enabled in DocDB parameter group"},"SNYK_CC_AWS_436":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"536","impact":"Wildcard permissions grant broad permissions. The best practice recommends to providing only required permissions explicitly","issue":"Unsafe wildcard action in Lambda permission object","publicId":"SNYK-CC-AWS-436","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html","https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege"],"remediation":{"cloudformation":"Remove wildcard `*` from `Properties.Action`","terraform":"Remove wildcard `*` from `Action`"},"severity":"medium","subType":"Lambda","title":"Wildcard action in Lambda permission"},"SNYK_CC_AWS_437":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"537","impact":"Wildcard in principal attribute potentially grants access to everyone in the account. This makes it hard to revoke permissions from specific users","issue":"Unsafe wildcard principal used in Lambda permission object","publicId":"SNYK-CC-AWS-437","references":["https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html"],"remediation":{"cloudformation":"Remove wildcard `*` from `Properties.Principal`","terraform":"Remove wildcard `*` from `Principal`"},"severity":"medium","subType":"Lambda","title":"Wildcard principal in Lambda permission"},"SNYK_CC_AWS_438":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","2.3.1"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"538","impact":"In the event of a data breach, sensitive data stored on the RDS cluster will be accessible","issue":"RDS cluster does not have encryption at rest enabled which means data is stored on cluster in plaintext","publicId":"SNYK-CC-AWS-438","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_global_cluster","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-globalcluster.html","https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html"],"remediation":{"cloudformation":"Set `Properties.StorageEncrypted` attribute to `true`","terraform":"Set `storage_encrypted` attribute to `true`"},"severity":"medium","subType":"RDS","title":"RDS global cluster does not have encryption enabled"},"SNYK_CC_AWS_439":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","2.3.1"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"539","impact":"In the occurrence of a data breach, sensitive data stored on the RDS cluster will be accessible","issue":"RDS cluster does not have encryption enabled which means data is stored on cluster in plaintext","publicId":"SNYK-CC-AWS-439","references":["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-rds-dbcluster.html"],"remediation":{"cloudformation":"Set `Properties.StorageEncrypted` attribute to `true`","terraform":"Set `storage_encrypted` attribute to `true`"},"severity":"medium","subType":"RDS","title":"RDS cluster does not have encryption enabled"},"SNYK_CC_AWS_440":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"540","impact":"Data transferred between client and Redshift is vulnerable to hijacking and information disclosure","issue":"Redshift Cluster does not require SSL connections to be used, which means data may not be encrypted in transit","publicId":"SNYK-CC-AWS-440","references":["https://docs.aws.amazon.com/redshift/latest/mgmt/connecting-ssl-support.html","https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-parameter-groups.html"],"remediation":{"cloudformation":"Set `Properties.Parameters.ParameterName` to `require_ssl` and `Properties.Parameters.ParameterValue` to `true`","terraform":"Set `parameter.name` to `require_ssl` and `parameter.value` to `true`"},"severity":"medium","subType":"Redshift","title":"Redshift cluster does not require SSL connections"},"SNYK_CC_AWS_441":{"compliance":[["CIS-Controls","v8","3.11"]],"id":"541","impact":"Scope of use of the key cannot be controlled via KMS/IAM policies","issue":"Sagemaker is not encrypted with customer managed key","publicId":"SNYK-CC-AWS-441","references":["https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sagemaker-endpointconfig.html","https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and-customer-managed-cmks.html"],"remediation":{"cloudformation":"Set `Properties.KmsKeyId` attribute to a customer managed key id","terraform":"Set `kms_key_id` attribute to a customer managed key id"},"severity":"low","subType":"Sagemaker","title":"Sagemaker is not encrypted with customer managed key"},"SNYK_CC_AWS_442":{"id":"542","impact":"Scope of use of the key cannot be controlled via KMS/IAM policies","issue":"Sagemaker data capture location is not encrypted with customer managed key","publicId":"SNYK-CC-AWS-442","references":["https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html","https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and-customer-managed-cmks.html"],"remediation":{"cloudformation":"Set `Properties.DataCaptureConfig.KmsKeyId` to a customer managed key id","terraform":"Set `data_capture_config.kms_key_id` to a customer managed key id"},"severity":"low","subType":"Sagemaker","title":"Sagemaker data capture location is not encrypted with customer managed key"},"SNYK_CC_AWS_443":{"compliance":[["CSA-CCM","v4.0.5","IAM-15"]],"id":"543","impact":"User will not be forced to rotate the password, which may have been disclosed to the administrator","issue":"Password reset not required in IAM login profile, meaning user is not forced to reset password on resource creation","publicId":"SNYK-CC-AWS-443","references":["https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user_login_profile"],"remediation":{"cloudformation":"Set `Properties.LoginProfile.PasswordResetRequired` attribute to `true`","terraform":"set `password_reset_required` attribute to `true`"},"severity":"medium","subType":"IAM","title":"Password reset not required in IAM login profile"},"SNYK_CC_AWS_444":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"544","impact":"Wildcard permissions grant broad permissions. The best practice recommends to providing only required permissions explicitly","issue":"Glue policy has wildcard action, which should not be used","publicId":"SNYK-CC-AWS-444","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/glue_resource_policy"],"remediation":{"terraform":"Remove `*` from glue policy actions"},"severity":"high","subType":"Glue","title":"Glue policy has wildcard action"},"SNYK_CC_AWS_445":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"545","impact":"Any IAM entity matching the wildcard will be able to make a request for an action or operation on the AWS resource","issue":"Wildcard principal has been specified in glue resource policy","publicId":"SNYK-CC-AWS-445","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/glue_resource_policy","https://docs.aws.amazon.com/glue/latest/dg/glue-resource-policies.html"],"remediation":{"terraform":"Ensure Principal in policy's statement does not contain a wildcard (`*`)"},"severity":"medium","subType":"Glue","title":"Glue policy has wildcard principal"},"SNYK_CC_AWS_446":{"disabled":true,"id":"546","impact":"Scope of use of the key cannot be controlled via KMS/IAM policies","issue":"Secret is not encrypted with customer managed key","publicId":"SNYK-CC-AWS-446","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret","https://docs.aws.amazon.com/whitepapers/latest/kms-best-practices/aws-managed-and-customer-managed-cmks.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html"],"remediation":{"cloudformation":"Set `KmsKeyId` attribute to a valid customer managed key","terraform":"Set `kms_key_id` attribute to a valid customer managed key"},"severity":"medium","subType":"Secrets Manager","title":"Secret not encrypted with a customer managed key"},"SNYK_CC_AWS_447":{"compliance":[["CIS-Controls","v8","4.7"],["CIS-AWS-Foundations","v1.4.0","1.4"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"547","impact":"Account `root` user by default has permission to the entire account. It is best practice to use this user only in break glass procedures","issue":"IAM access key has been generated for account `root` user","publicId":"SNYK-CC-AWS-447","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-accesskey.html"],"remediation":{"cloudformation":"Delete access keys for `root` user","terraform":"Delete access keys for `root` user"},"severity":"high","subType":"IAM","title":"IAM access key generated for `root` user"},"SNYK_CC_AWS_448":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"548","impact":"Anyone accessing data in the CloudWatch logs will be able to read the contents which may contain sensitive information","issue":"CloudWatch logs generated by Glue will not be encrypted","publicId":"SNYK-CC-AWS-448","references":["https://docs.aws.amazon.com/glue/latest/dg/set-up-encryption.html","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/glue_security_configuration","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-securityconfiguration.html"],"remediation":{"cloudformation":"Set `CloudWatchEncryptionMode` attribute value to `SSE-KMS`","terraform":"Set `cloudwatch_encryption_mode` attribute value to `SSE-KMS`"},"severity":"medium","subType":"Glue","title":"Glue CloudWatch log encryption disabled"},"SNYK_CC_AWS_449":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"549","impact":"Anyone with access to the job bookmarks will be able to read the sensitive information","issue":"Job bookmarks generated by Glue are not encrypted","publicId":"SNYK-CC-AWS-449","references":["https://docs.aws.amazon.com/glue/latest/dg/set-up-encryption.html","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/glue_security_configuration","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-securityconfiguration.html"],"remediation":{"cloudformation":"Set `EncryptionConfiguration.JobBookmarksEncryption.JobBookmarksEncryptionMode` to `CSE-KMS`","terraform":" Set `encryption_configuration.job_bookmarks_encryption.job_bookmarks_encryption_mode` to `CSE-KMS`"},"severity":"medium","subType":"Glue","title":"Glue job bookmarks encryption disabled"},"SNYK_CC_AWS_450":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"550","impact":"Sensitive data processed by the stream may be readable in the kinesis storage layer","issue":"Data stream is not encrypted at rest","publicId":"SNYK-CC-AWS-450","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kinesis_firehose_delivery_stream","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kinesisfirehose-deliverystream.html"],"remediation":{"cloudformation":"Set `DeliveryStreamEncryptionConfigurationInput.KeyType` to `AWS_OWNED_CMK` or `CUSTOMER_MANAGED_CMK`","terraform":" Set `server_side_encryption.enabled` attribute to `true`"},"severity":"medium","subType":"Kinesis","title":"Kinesis data stream is not encrypted at rest"},"SNYK_CC_AWS_451":{"compliance":[["CIS-Controls","v8","6.3"],["CSA-CCM","v4.0.5","IAM-14"]],"id":"551","impact":"Single-factor authentication mechanisms such as passwords can be lost or compromised","issue":"Cognito user pool does not require multi-factor authentication method","publicId":"SNYK-CC-AWS-451","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cognito_user_pool","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html"],"remediation":{"cloudformation":"Set `Properties.MfaConfiguration` attribute to `OFF`","terraform":"Set `mfa_configuration` attribute to `OFF`"},"severity":"low","subType":"Cognito","title":"Cognito user pool without MFA"},"SNYK_CC_AWS_452":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"552","impact":"Granting permission to perform any action is against 'least privilege' principle","issue":"Wildcard action has been specified in access policy","publicId":"SNYK-CC-AWS-452","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_rest_api","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-policy"],"remediation":{"cloudformation":"Remove `*` values from `Action` in policy document. Add specific permissions only for example `execute-api:Invoke`","terraform":"Remove `*` values from `Action` in policy document. Add specific permissions only for example `execute-api:Invoke`"},"severity":"medium","subType":"API Gateway (REST APIs)","title":"Wildcard action in api gateway access policy"},"SNYK_CC_AWS_453":{"compliance":[["CSA-CCM","v4.0.5","IAM-05"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"553","impact":"Using wild card will grant unnecessary access to any IAM entity in the account","issue":"Wildcard principal has been specified in rest API access policy","publicId":"SNYK-CC-AWS-453","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_rest_api","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-policy"],"remediation":{"cloudformation":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`","terraform":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`"},"severity":"medium","subType":"API Gateway (REST APIs)","title":"Wildcard principal in rest api access policy"},"SNYK_CC_AWS_454":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"554","impact":"Anyone with access to data catalog will be able to retrieve the connection password","issue":"The Glue connection password stored in metadata is not encrypted","publicId":"SNYK-CC-AWS-454","references":["https://docs.aws.amazon.com/glue/latest/dg/encrypt-connection-passwords.html","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/glue_data_catalog_encryption_settings","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-datacatalogencryptionsettings.html"],"remediation":{"cloudformation":"Set `DataCatalogEncryptionSettings.ConnectionPasswordEncryption.ReturnConnectionPasswordEncrypted` to `SSE-KMS` ","terraform":" Set `data_catalog_encryption_settings.connection_password_encryption.return_connection_password_encrypted` to `true`"},"severity":"medium","subType":"Glue","title":"Glue connection password encryption disabled"},"SNYK_CC_AWS_456":{"compliance":[["CIS-Controls","v8","3.11"]],"id":"556","impact":"Data transferred between client and EC2 instance will use TLS encryption only which may be brokered by proxies. Use KSM to add additional layer of protection","issue":"SSM session is not using KMS to encrypt data between client and EC2 instance","publicId":"SNYK-CC-AWS-456","references":["https://docs.aws.amazon.com/systems-manager/latest/userguide/session-preferences-enable-encryption.html","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_document","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-content","https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-create-preferences-cli.html"],"remediation":{"cloudformation":"Set `Properties.Content.inputs.kmsKeyId` to a valid KMS key","terraform":"Set `content.inputs.kmsKeyId` to a valid KMS key"},"severity":"low","subType":"SSM","title":"SSM session does not use KMS encryption"},"SNYK_CC_AWS_457":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","2.1.1"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"557","impact":"The data generated by Glue and stored in S3 bucket can be read by anyone with access to the S3 bucket. This data may contain sensitive information","issue":"Glue does not encrypt data stored in the S3 bucket","publicId":"SNYK-CC-AWS-457","references":["https://docs.aws.amazon.com/glue/latest/dg/set-up-encryption.html","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/glue_security_configuration","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-glue-securityconfiguration.html"],"remediation":{"cloudformation":"Set `Properties.EncryptionConfiguration.S3Encryptions.S3EncryptionMode` attribute to `SSE-KMS` or `SSE-S3`","terraform":" Set `encryption_configuration.s3_encryption.s3_encryption_mode` attribute to `SSE-KMS` or `SSE-S3`"},"severity":"medium","subType":"Glue","title":"Glue S3 bucket encryption disabled"},"SNYK_CC_AWS_458":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","2.1.1"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"558","impact":"Anyone with access to the S3 bucket and SSM data objects will be able to read potentially sensitive contents","issue":"Data generated by SSM operations and stored in S3 bucket is not encrypted","publicId":"SNYK-CC-AWS-458","references":["https://docs.aws.amazon.com/systems-manager/latest/userguide/data-protection.html","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_document","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-content"],"remediation":{"cloudformation":" Set `s3EncryptionEnabled` to 'true'","terraform":" Set `s3EncryptionEnabled` to 'true'"},"severity":"medium","subType":"SSM","title":"SSM S3 data storage not encrypted"},"SNYK_CC_AWS_700":{"compliance":[["CSA-CCM","v4.0.5","IAM-05"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Using wild card will grant unnecessary access to any user in the account","issue":"Wildcard principal has been specified in access policy","publicId":"SNYK-CC-AWS-700","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_policy","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-resourcepolicy.html"],"remediation":{"terraform":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`"},"severity":"medium","subType":"Glacier","title":"Wildcard principal in Glacier Vault access policy"},"SNYK_CC_AWS_701":{"compliance":[["CSA-CCM","v4.0.5","IAM-16"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Using wild card will grant unnecessary access to any user in the account","issue":"Wildcard principal has been specified in access policy","publicId":"SNYK-CC-AWS-701","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_policy","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-resourcepolicy.html"],"remediation":{"cloudformation":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`","terraform":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`"},"severity":"medium","subType":"SQS","title":"Wildcard principal in SQS access policy"},"SNYK_CC_AWS_702":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-05"]],"impact":"All users with SendCommand API permission can run all PartiQL commands on any table","issue":"QLDB ledger permissions is set to ALLOW_ALL mode","publicId":"SNYK-CC-AWS-702","references":["https://docs.aws.amazon.com/qldb/latest/developerguide/getting-started-standard-mode.html"],"remediation":{"cloudformation":"Set `PermissionsMode` to `STANDARD`","terraform":"Set `permissions_mode` to `STANDARD`"},"severity":"medium","subType":"Quantum Ledger Database","title":"QLDB ledger permissions in ALLOW_ALL mode"},"SNYK_CC_AWS_704":{"compliance":[["CSA-CCM","v4.0.5","IAM-05"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Using wild card will grant unnecessary access to any user in the account","issue":"Wildcard principal has been specified in access policy","publicId":"SNYK-CC-AWS-704","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_policy","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-resourcepolicy.html"],"remediation":{"cloudformation":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`","terraform":"Set `Principal` attribute in the policy to specific entities for example `arn:aws:iam::123456789012:user/JohnDoe`"},"severity":"medium","subType":"SNS","title":"Wildcard principal in SNS topic access policy"},"SNYK_CC_AWS_705":{"compliance":[["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-16"]],"impact":"The compromised instance will be able to exfiltrate data without any restrictions.","issue":"Direct internet access enabled for SageMaker Notebook Instance","publicId":"SNYK-CC-AWS-705","references":["https://docs.aws.amazon.com/sagemaker/latest/dg/infrastructure-connect-to-resources.html","https://aws.amazon.com/blogs/machine-learning/understanding-amazon-sagemaker-notebook-instance-networking-configurations-and-advanced-routing-options/"],"remediation":{"cloudformation":"Set `Properties.DirectInternetAccess` attribute to `Disabled`. Note you will have to configure required VPC configuration to establish any network connectivity to the Internet","terraform":"Set `direct_internet_access` attribute to `Disabled`. Note you will have to configure required VPC configuration to establish any network connectivity to the Internet"},"severity":"medium","subType":"Sagemaker","title":"Direct internet access enabled for SageMaker Notebook Instance"},"SNYK_CC_AWS_706":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"The SFTP server can be accessed from the Internet, which may expose sensitive data to unauthorized users","issue":"Transfer server is publicly accessible","publicId":"SNYK-CC-AWS-706","references":["https://aws.amazon.com/premiumsupport/knowledge-center/aws-sftp-endpoint-type/","https://aws.amazon.com/blogs/storage/update-your-aws-transfer-family-server-endpoint-type-from-vpc_endpoint-to-vpc/"],"remediation":{"cloudformation":"Set `Properties.EndpointType` attribute to `VPC`","terraform":"Set `endpoint_type` attribute to `VPC`"},"severity":"medium","subType":"Transfer","title":"Transfer server is publicly accessible"},"SNYK_CC_AWS_707":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"impact":"Data encryption at rest will not be enforced by EMR. Note the underlying storage backend may have own encryption settings applied already. See referenced encryption options for more details.","issue":"Encryption at rest disabled in EMR security configuration","publicId":"SNYK-CC-AWS-707","references":["https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-create-security-configuration.html","https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-data-encryption-options.html"],"remediation":{"cloudformation":"Set `Properties.SecurityConfiguration` attribute with appropriate security configuration policy. See references for configuration specification.","terraform":"Set `configuration` attribute with appropriate security configuration policy. See references for configuration specification."},"severity":"medium","subType":"Elastic Map Reduce (EMR)","title":"Encryption at rest disabled in EMR security configuration"},"SNYK_CC_AWS_708":{"compliance":[["CIS-Controls","v8","3.10"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"impact":"The data transferred between DocumentDB cluster and clients will not be encrypted","issue":"TLS is disabled on DocumentDB","publicId":"SNYK-CC-AWS-708","references":["https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-docdb-dbclusterparametergroup.html","https://docs.aws.amazon.com/documentdb/latest/developerguide/cluster_parameter_groups-list_of_parameters.html"],"remediation":{"cloudformation":"Set `Properties.Parameters.tls` attribute to `enabled`","terraform":"Set `parameters.name` attribute to `tls`, and `parameters.value` attribute to `enabled`"},"severity":"medium","subType":"DocumentDB","title":"TLS is disabled on DocumentDB"},"SNYK_CC_AWS_709":{"compliance":[["CSA-CCM","v4.0.5","IAM-05"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Using wild card will grant unnecessary access to any user in the account","issue":"Wildcard principal has been specified in access policy","publicId":"SNYK-CC-AWS-709","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_policy","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-resourcepolicy.html"],"remediation":{"cloudformation":"Set `Principal` attribute in the policy to specific entities, for example `arn:aws:iam::123456789012:user/JohnDoe`","terraform":"Set `Principal` attribute in the policy to specific entities, for example `arn:aws:iam::123456789012:user/JohnDoe`"},"severity":"medium","subType":"KMS","title":"Wildcard principal in KMS key access policy"},"SNYK_CC_AWS_710":{"compliance":[["CIS-Controls","v8","5.6"],["CSA-CCM","v4.0.5","IAM-14"]],"impact":"IAM integration allows you to avoid using passwords in favour of short lived tokens.","issue":"IAM authentication for RDS cluster is disabled","publicId":"SNYK-CC-AWS-710","references":["https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html"],"remediation":{"cloudformation":"Set `Properties.EnableIAMDatabaseAuthentication` attribute to `true`","terraform":"Set `iam_database_authentication_enabled` attribute to `true`"},"severity":"medium","subType":"RDS","title":"IAM authentication for RDS cluster is disabled"},"SNYK_CC_AWS_732":{"compliance":[["CIS-Controls","v8","6.8"],["CSA-CCM","v4.0.5","IAM-05"],["CSA-CCM","v4.0.5","IAM-16"]],"description":"The IAM policy allows all IAM actions on resource","id":"832","impact":"Granting permission to perform any IAM action is against 'least privilege' principle","issue":"The IAM policy allows all IAM actions on resource","publicId":"SNYK-CC-AWS-732","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html","https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html"],"remediation":{"cloudformation":"Set `Action` attribute in `Properties.PolicyDocument` to specific actions e.g. `iam:ListUsers`","terraform":"Set `statement.action` attribute to specific actions e.g. `iam:ListUsers`"},"severity":"high","subType":"IAM","title":"Broad IAM permissions in IAM policy"},"SNYK_CC_TF_1":{"compliance":[["CIS-Controls","v8","13.9"],["CIS-AWS-Foundations","v1.4.0","5.2"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"101","impact":"That potentially everyone can access your resource","issue":"That inbound traffic is allowed to a resource from any source instead of a restricted range","publicId":"SNYK-CC-TF-1","references":["https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html"],"remediation":{"cloudformation":"Set `Properties.SecurityGroupIngress.CidrIp` attribute with a more restrictive IP, for example `192.16.0.0/24`","terraform":"Set `cidr_block` attribute with a more restrictive IP, for example `192.16.0.0/24`"},"severity":"medium","subType":"VPC","title":"Security Group allows open ingress"},"SNYK_CC_TF_10":{"compliance":[["CIS-Controls","v8","5.2"],["CSA-CCM","v4.0.5","IAM-02"]],"id":"110","impact":"Your password is not following the recommended security practices and is not as strong as it should be","issue":"Your password does not contain numbers","publicId":"SNYK-CC-TF-10","references":[],"remediation":{"terraform":"Set the `require_numbers` attribute to be `true` to increase the strength of your password"},"severity":"medium","subType":"IAM","title":"IAM password should contain numbers"},"SNYK_CC_TF_106":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"206","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"DynamoDB Acceleration (DAX) is not encrypted","publicId":"SNYK-CC-TF-106","references":["https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dax-cluster.html#cfn-dax-cluster-ssespecification","https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DAXEncryptionAtRest.html"],"remediation":{"cloudformation":"Set `Properties.SSESpecification.SSEEnabled` attribute to `true`","terraform":"Set `server_side_encryption.enable` attribute to `true`"},"severity":"medium","subType":"DynamoDB","title":"Non-encrypted DynamoDB DAX"},"SNYK_CC_TF_107":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"207","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"EKS cluster secrets are not encrypted","publicId":"SNYK-CC-TF-107","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster#encryption_config","https://aws.amazon.com/blogs/containers/using-eks-encryption-provider-support-for-defense-in-depth/"],"remediation":{"cloudformation":"Set the `Properties.EncryptionConfig` object with the relevant `provider` \u0026 `resources`.","terraform":"Set the `encryption_config` object with the relevant `provider` \u0026 `resources`."},"severity":"medium","subType":"EKS","title":"EKS cluster has non-encrypted secrets at rest"},"SNYK_CC_TF_108":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"208","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"Redshift DB is not encrypted","publicId":"SNYK-CC-TF-108","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/redshift_cluster#encrypted","https://docs.aws.amazon.com/redshift/latest/mgmt/security-server-side-encryption.html"],"remediation":{"cloudformation":"Set `Properties.Encrypted` attribute to `true`","terraform":"Set `encrypted` attribute to `true`."},"severity":"medium","subType":"Redshift","title":"Non-encrypted Redshift DB at rest"},"SNYK_CC_TF_109":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"209","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"DocDB is not encrypted","publicId":"SNYK-CC-TF-109","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/docdb_cluster#storage_encrypted","https://docs.aws.amazon.com/documentdb/latest/developerguide/encryption-at-rest.html"],"remediation":{"cloudformation":"Set `Properties.StorageEncrypted` attribute to `true`","terraform":"Set `storage_encrypted` attribute to `true`."},"severity":"medium","subType":"DocumentDB","title":"Non-encrypted DocDB at rest"},"SNYK_CC_TF_11":{"compliance":[["CIS-Controls","v8","5.2"],["CIS-AWS-Foundations","v1.4.0","1.8"],["CSA-CCM","v4.0.5","IAM-02"]],"id":"111","impact":"Your password is not following the recommended security practices and is not as strong as it should be","issue":"Your password does not enforce a minimum length","publicId":"SNYK-CC-TF-11","references":[],"remediation":{"terraform":"Set the `minimum_password_length` attribute to be at least `14` to increase the strength of your password"},"severity":"medium","subType":"IAM","title":"IAM requires minimum password length"},"SNYK_CC_TF_110":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"210","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"Athena DB is not encrypted","publicId":"SNYK-CC-TF-110","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_database#encryption_configuration","https://docs.aws.amazon.com/athena/latest/ug/encryption.html"],"resolve":"Set `encryption_configuration` object.","severity":"medium","subType":"Athena","title":"Non-encrypted Athena DB at rest"},"SNYK_CC_TF_111":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"211","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"CodeBuild project encryption is explicitly disabled","publicId":"SNYK-CC-TF-111","references":["https://docs.aws.amazon.com/codebuild/latest/userguide/security-encryption.html"],"remediation":{"cloudformation":"Set `Properties.Artifacts.EncryptionDisabled` or `Properties.SecondaryArtifacts.EncryptionDisabled` attributes to `false`, or remove the attribute from configuration","terraform":"Set `artifacts.encryption_disabled` or `secondary_artifacts.encryption_disabled` attributes to `false`, or remove the attribute from configuration"},"severity":"medium","subType":"CodeBuild","title":"Non-Encrypted CodeBuild artifacts"},"SNYK_CC_TF_113":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-Controls","v8","4.6"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"213","impact":"Encryption of the results can be disabled by the client, and in an event of unauthorized access to the data they would be able to read the contents","issue":"Athena workgroup settings can be overridden by client","publicId":"SNYK-CC-TF-113","references":["https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html","https://docs.aws.amazon.com/athena/latest/ug/encryption.html","https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings.html"],"remediation":{"cloudformation":"Set `Properties.WorkGroupConfiguration.EnforceWorkGroupConfiguration` attribute to `true`","terraform":"Set `configuration.enforce_workgroup_configuration` attribute to `true`"},"severity":"medium","subType":"Athena","title":"Athena workgroup does not enforce service settings"},"SNYK_CC_TF_116":{"compliance":[["CIS-Controls","v8","6.8"],["CIS-AWS-Foundations","v1.4.0","1.15"],["CSA-CCM","v4.0.5","IAM-16"]],"id":"216","impact":"Increases the security management overhead","issue":"The IAM policy is directly attached to a user","publicId":"SNYK-CC-TF-116","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html","https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#use-groups-for-permissions"],"remediation":{"cloudformation":"Attach policy to a group or role, instead of user. Remove `Properties.Users` attribute","terraform":"Attach policy to a group or role, instead of user. For example, use `aws_iam_group_policy_attachment` resource"},"severity":"low","subType":"IAM","title":"IAM Policy attached to user"},"SNYK_CC_TF_117":{"compliance":[["CIS-Controls","v8","6.8"],["CIS-AWS-Foundations","v1.4.0","1.15"],["CSA-CCM","v4.0.5","IAM-16"]],"id":"217","impact":"Anyone will be allowed to assume the role, and perform actions granted in attached policies","issue":"The IAM role can be assumed by any service or principal","publicId":"SNYK-CC-TF-117","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_permissions-to-switch.html","https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_compare-resource-policies.html"],"remediation":{"cloudformation":"Set `Principal` in `Properties.AssumeRolePolicyDocument` attribute to specific service or account, e.g. `Service: ec2.amazonaws.com`","terraform":"Set `Principal` attribute to specific service or account, e.g. `Service: ec2.amazonaws.com`"},"severity":"high","subType":"IAM","title":"IAM Role can be assumed by anyone"},"SNYK_CC_TF_118":{"compliance":[["CIS-Controls","v8","6.8"],["CIS-AWS-Foundations","v1.4.0","1.15"],["CSA-CCM","v4.0.5","IAM-16"]],"id":"218","impact":"Any principal in the account will be able to use the permissions granted by the attached policies","issue":"The IAM role can be assumed by any principal in the account and is therefore considered too broad. Note the `arn:aws:iam::123456789012:root` arn acts as a wildcard, which allows any principal in the `123456789012` account with the `sts:AssumeRole` permission to assume this role","publicId":"SNYK-CC-TF-118","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_permissions-to-switch.html","https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_compare-resource-policies.html"],"remediation":{"cloudformation":"Set `Principal` in `Properties.AssumeRolePolicyDocument` attribute to specific principal, e.g. `arn:aws:iam::1234:role/role-name`","terraform":"Set `Principal` attribute to specific principal, e.g. `arn:aws:iam::1234:role/role-name`"},"severity":"high","subType":"IAM","title":"IAM Role can be assumed by anyone in the account"},"SNYK_CC_TF_119":{"compliance":[["CIS-Controls","v8","3.3"],["CIS-AWS-Foundations","v1.4.0","1.16"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"219","impact":"Any identity with this policy will have full administrative rights in the account","issue":"The IAM Policy grants all permissions to all resources","publicId":"SNYK-CC-TF-119","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html"],"remediation":{"cloudformation":"Set `Actions` and `Resources` attributes to limited subset, e.g `Actions: ['s3:Create*']`","terraform":"Set `Actions` and `Resources` attributes to limited subset, e.g `Actions: ['s3:Create*']`"},"severity":"medium","subType":"IAM","title":"IAM Policy grants full administrative rights"},"SNYK_CC_TF_12":{"compliance":[["CIS-Controls","v8","5.2"],["CIS-AWS-Foundations","v1.4.0","1.9"],["CSA-CCM","v4.0.5","IAM-02"]],"id":"112","impact":"Your password is not following the recommended security practices and is not as strong as it should be","issue":"Your password could be reused","publicId":"SNYK-CC-TF-12","references":[],"remediation":{"terraform":"Set the `password_reuse_prevention` attribute to be `24` to ensure the previous 24 passwords cannot be reused"},"severity":"medium","subType":"IAM","title":"IAM password reuse prevention is missing"},"SNYK_CC_TF_121":{"compliance":[["CIS-Controls","v8","3.3"],["CIS-AWS-Foundations","v1.4.0","1.16"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"221","impact":"Anyone will be able to read and write to the bucket","issue":"The S3 policy grants all permissions to any principal","publicId":"SNYK-CC-TF-121","references":["https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-access-control.html"],"remediation":{"cloudformation":"Set `Actions` and `Principals` attributes of the policy to limited set, e.g `Principals: {AWS: ['arn:aws:iam::1234:root]}`","terraform":"Set `Actions` and `Principals` attributes of the policy to limited set, e.g `Principals: {AWS: ['arn:aws:iam::1234:root]}`"},"severity":"high","subType":"S3","title":"S3 Policy grants full rights to anyone"},"SNYK_CC_TF_122":{"compliance":[["CIS-Controls","v8","4.6"]],"id":"222","impact":"The secret value will readable to anyone with access to VCS","issue":"Secret value has been declared in environment variable","publicId":"SNYK-CC-TF-122","references":["https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html"],"remediation":{"cloudformation":"Remove secret value from `environment` definition","terraform":"Remove secret value from `environment` definition"},"severity":"high","subType":"Lambda","title":"Potentially sensitive variable in lambda environment"},"SNYK_CC_TF_123":{"compliance":[["CIS-Controls","v8","4.6"],["CSA-CCM","v4.0.5","IAM-15"]],"disabled":true,"id":"223","impact":"Anyone with access to VCS will be able to obtain the secret keys, and access the unauthorized resources","issue":"Secret keys have been hardcoded in user_data script","publicId":"SNYK-CC-TF-123","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html"],"remediation":{"cloudformation":"Remove secret value from `Properties.UserData` attribute","terraform":"Remove secret value from `user_data` attribute"},"severity":"high","subType":"EC2","title":"Hard coded secrets in EC2 metadata"},"SNYK_CC_TF_124":{"compliance":[["CIS-Controls","v8","11.3"],["CSA-CCM","v4.0.5","BCR-08"]],"id":"224","impact":"Changes or deletion of objects will not be reversible","issue":"S3 bucket versioning is disabled","publicId":"SNYK-CC-TF-124","references":["https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html"],"remediation":{"cloudformation":"Set `Properties.VersioningConfiguration.Status` attribute to `Enabled`","terraform":"For AWS provider \u003c v4.0.0, set `versioning.enabled` attribute to `true`. For AWS provider \u003e= v4.0.0, add aws_s3_bucket_versioning resource."},"severity":"low","subType":"S3","title":"S3 bucket versioning disabled"},"SNYK_CC_TF_125":{"compliance":[["CIS-Controls","v8","11.2"],["CSA-CCM","v4.0.5","BCR-08"]],"id":"225","impact":"No automated backups of DynamoDB data","issue":"DynamoDB does not have Point-in-Time Recovery enabled","publicId":"SNYK-CC-TF-125","references":["https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/PointInTimeRecovery_Howitworks.html","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table#point_in_time_recovery"],"remediation":{"cloudformation":"Set `Properties.PointInTimeRecoverySpecification.PointInTimeRecoveryEnabled` attribute to `true`","terraform":"Set `point_in_time_recovery.enabled` attribute to `true`"},"severity":"medium","subType":"DynamoDB","title":"DynamoDB point-in-time recovery disabled"},"SNYK_CC_TF_126":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","CCC-04"]],"id":"226","impact":"Image tags can be modified post deployment","issue":"The AWS ECR registry does not enforce immutable tags","publicId":"SNYK-CC-TF-126","references":["https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-tag-mutability.html"],"remediation":{"cloudformation":"Set `Properties.ImageTagMutability` attribute to `IMMUTABLE`","terraform":"Set `image_tag_mutability` attribute to `IMMUTABLE`"},"severity":"low","subType":"ECR","title":"ECR Registry allows mutable tags"},"SNYK_CC_TF_127":{"compliance":[["CIS-Controls","v8","6.5"],["CIS-AWS-Foundations","v1.4.0","2.1.3"],["CSA-CCM","v4.0.5","IAM-10"]],"impact":"Object could be deleted without stronger MFA authorization","issue":"S3 bucket will not enforce MFA login on delete requests","publicId":"SNYK-CC-TF-127","references":["https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html","https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html","https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMFADelete.html"],"resolve":"Follow instructions in `https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html` to manually configure the MFA setting. For AWS provider \u003c v4.0.0 set `versioning.mfa_delete` attribute to `true` in aws_s3_bucket resource. For AWS provider \u003e= v4.0.0 set 'versioning_configuration.mfa_delete` attribute to `Enabled`. The terraform change is required to reflect the setting in the state file","severity":"low","subType":"S3","title":"S3 bucket MFA delete control disabled"},"SNYK_CC_TF_128":{"id":"228","impact":"Performance log events will not be collected and displayed in CloudWatch","issue":"ECS ContainerInsights will not be enabled on the cluster","publicId":"SNYK-CC-TF-128","references":["https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/ContainerInsights.html"],"remediation":{"cloudformation":"Set `Properties.ClusterSettings.Name` attribute to `containerInsights`, and `Properties.ClusterSettings.Value` to `enabled`","terraform":"Set `settings.name` attribute to `containerInsights`, and `settings.value` to `enabled`"},"severity":"low","subType":"ECS","title":"ECS ContainerInsights disabled"},"SNYK_CC_TF_129":{"compliance":[["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"]],"id":"229","impact":"Traces will not be collected for this api gateway, which can impede incident management","issue":"X-Ray tracing is not enabled for this api gateway stage","publicId":"SNYK-CC-TF-129","references":["https://docs.aws.amazon.com/xray/latest/devguide/xray-services-apigateway.html","https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-enabling-xray.html","https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-understanding-xray-traces.html"],"remediation":{"cloudformation":"Set `Properties.TracingEnabled` attribute to `true`","terraform":"Set `xray_tracing_enabled` attribute to `true`"},"severity":"low","subType":"API Gateway (REST APIs)","title":"API Gateway X-Ray tracing disabled"},"SNYK_CC_TF_13":{"compliance":[["CIS-Controls","v8","5.2"],["CSA-CCM","v4.0.5","IAM-02"]],"id":"113","impact":"That if your password is leaked, your exposure window is much longer","issue":"Your password has a long or no expiry time","publicId":"SNYK-CC-TF-13","references":[],"remediation":{"terraform":"Set the `max_password_age` attribute to be less than `90` therefore reducing your exposure window"},"severity":"medium","subType":"IAM","title":"IAM should have max password age"},"SNYK_CC_TF_130":{"compliance":[["CIS-Controls","v8","12.2"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"230","impact":"Metadata service may be vulnerable to reverse proxy/open firewall misconfigurations and server side request forgery attacks","issue":"Instance Metadata Service v2 is not enforced","publicId":"SNYK-CC-TF-130","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html","https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html","https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html","https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/"],"resolve":"Set `metadata_options.http_tokens` attribute to `required`","severity":"low","subType":"EC2","title":"EC2 instance accepts IMDSv1"},"SNYK_CC_TF_131":{"compliance":[["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"]],"id":"231","impact":"Audit records may not be available during investigation","issue":"Amazon EKS control plane logging is not enabled for all log types","publicId":"SNYK-CC-TF-131","references":["https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html"],"resolve":"Set `enabled_cluster_log_types` attribute to `['api', 'audit', 'authenticator', 'controllerManager', 'scheduler' ]`","severity":"low","subType":"EKS","title":"EKS control plane logging insufficient"},"SNYK_CC_TF_132":{"id":"232","impact":"Audit records may not be available during investigation","issue":"Amazon MQ Broker logging is disabled","publicId":"SNYK-CC-TF-132","references":["https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/security-logging-monitoring-cloudwatch.html"],"remediation":{"cloudformation":"Set `Properties.Logs.General` attribute to `true`","terraform":"Set `logs.general` attribute to `true`"},"severity":"low","subType":"MQ","title":"MQ broker general logs are disabled"},"SNYK_CC_TF_133":{"id":"233","impact":"Trace logs will not be available during investigation","issue":"Amazon X-Ray tracing is not enabled for Lambda function","publicId":"SNYK-CC-TF-133","references":["https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html"],"remediation":{"cloudformation":"Set `Properties.TracingConfig.Mode` attribute to `Active` or `PassThrough`","terraform":"Set `tracing_config.mode` attribute to `Active` or `PassThrough`"},"severity":"low","subType":"Lambda","title":"X-ray tracing is disabled for Lambda function"},"SNYK_CC_TF_134":{"compliance":[["CIS-Controls","v8","8.10"],["CSA-CCM","v4.0.5","LOG-02"]],"id":"234","impact":"Logs will be kept indefinitely and incur AWS costs","issue":"Amazon CloudWatch log group does not specify retention period","publicId":"SNYK-CC-TF-134","references":["https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html"],"remediation":{"cloudformation":"Set `Properties.RetentionInDays` attribute to required value, e.g. set `365`","terraform":"Set `retention_in_days` attribute to required value, e.g. set `365`"},"severity":"low","subType":"CloudWatch","title":"CloudWatch Log group retention period not set"},"SNYK_CC_TF_135":{"compliance":[["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"]],"id":"235","impact":"Logs will not be collected in all the regions","issue":"Amazon CloudTrail is not enabled for all regions","publicId":"SNYK-CC-TF-135","references":["https://docs.aws.amazon.com/awscloudtrail/latest/userguide/receive-cloudtrail-log-files-from-multiple-regions.html"],"remediation":{"cloudformation":"Set `Properties.IsMultiRegionTrail` attribute to `true`","terraform":"Set `is_multi_region_trail` attribute to `true`"},"severity":"low","subType":"CloudTrail","title":"CloudTrail does not include all regions"},"SNYK_CC_TF_136":{"compliance":[["CIS-Controls","v8","8.2"],["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"],["CSA-CCM","v4.0.5","LOG-08"]],"id":"236","impact":"Audit records may not be available during investigation","issue":"Amazon Redshift cluster logging is not enabled","publicId":"SNYK-CC-TF-136","references":["https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html"],"remediation":{"cloudformation":"Set `Properties.LoggingProperties` attribute","terraform":"Set `logging.enable` attribute to `true`"},"severity":"low","subType":"Redshift","title":"Redshift cluster logging disabled"},"SNYK_CC_TF_137":{"compliance":[["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"]],"id":"237","impact":"Audit records may not be available during investigation","issue":"Amazon Global Accelerator flow logs are disabled","publicId":"SNYK-CC-TF-137","references":["https://docs.aws.amazon.com/global-accelerator/latest/dg/monitoring-global-accelerator.flow-logs.html"],"resolve":"Set `attributes.flow_logs_enabled` attribute to `true`","severity":"low","subType":"Global Accelerator","title":"Global Accelerator flow logs disabled"},"SNYK_CC_TF_138":{"compliance":[["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"]],"id":"238","impact":"Audit records may not be available during investigation","issue":"Amazon Api Gateway access logging is not enabled","publicId":"SNYK-CC-TF-138","references":["https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-logging.html"],"remediation":{"cloudformation":"Set `Properties.AccessLogSetting.DestinationArn` attribute","terraform":"Set `access_log_settings` attribute"},"severity":"low","subType":"API Gateway (REST APIs)","title":"API Gateway access logging disabled"},"SNYK_CC_TF_139":{"compliance":[["CIS-Controls","v8","8.2"],["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"],["CSA-CCM","v4.0.5","LOG-08"]],"id":"239","impact":"Audit records may not be available during investigation","issue":"Amazon MSK Cluster logs are not enabled","publicId":"SNYK-CC-TF-139","references":["https://docs.aws.amazon.com/msk/latest/developerguide/msk-logging.html"],"remediation":{"cloudformation":"Set at least one of available `Properties.LoggingInfo.BrokerLogs` attributes to `enabled`","terraform":"Set at least one of available `logging_info.broker_logs` attributes to `enabled`"},"severity":"low","subType":"Managed Streaming for Kafka (MSK)","title":"MSK Cluster logging disabled"},"SNYK_CC_TF_14":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","3.8"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","CEK-12"]],"id":"114","impact":"That data is being encrypted with a key which is valid for a longer period of time, resulting in a greater exposure window should that key be leaked","issue":"That your encryption keys are not being rotated by AWS","publicId":"SNYK-CC-TF-14","references":[],"remediation":{"cloudformation":"Set `Properties.EnableKeyRotation` attribute to `true`","terraform":"Set `enable_key_rotation` attribute to `true`"},"severity":"low","subType":"KMS","title":"KMS key does not have key rotation enabled"},"SNYK_CC_TF_140":{"compliance":[["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"]],"id":"240","impact":"Audit records may not be available during investigation","issue":"Amazon Elasticsearch domain logging is not enabled","publicId":"SNYK-CC-TF-140","references":["https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-createdomain-configure-slow-logs.html"],"remediation":{"cloudformation":"Set `Properties.LogPublishingOptions.AUDIT_LOGS.Enabled` attribute to `true`","terraform":"Set `log_publishing_options` attribute"},"severity":"low","subType":"ElasticSearch","title":"Elasticsearch domain logging disabled"},"SNYK_CC_TF_141":{"compliance":[["CIS-Controls","v8","8.2"],["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"],["CSA-CCM","v4.0.5","LOG-08"]],"id":"241","impact":"Audit records may not be available during investigation","issue":"Amazon DocDB logging is not enabled","publicId":"SNYK-CC-TF-141","references":["https://docs.aws.amazon.com/documentdb/latest/developerguide/logging-and-monitoring.html"],"remediation":{"cloudformation":"Set `Properties.EnableCloudwatchLogsExports` attribute to `['profiler', 'audit']`","terraform":"Set `enabled_cloudwatch_logs_exports` attribute to `['profiler', 'audit']`"},"severity":"low","subType":"DocumentDB","title":"DocDB logging disabled"},"SNYK_CC_TF_142":{"compliance":[["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"]],"id":"242","impact":"Audit records may not be available during investigation","issue":"Amazon CloudFront distribution access logging is not enabled","publicId":"SNYK-CC-TF-142","references":["https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/logging_using_cloudtrail.html"],"remediation":{"cloudformation":"Set `Properties.DistributionConfig.Logging` attribute","terraform":"Set `logging_config` attribute"},"severity":"low","subType":"CloudFront","title":"CloudFront access logging disabled"},"SNYK_CC_TF_15":{"compliance":[["CIS-Controls","v8","8.5"],["CIS-AWS-Foundations","v1.4.0","3.1"],["CSA-CCM","v4.0.5","LOG-08"]],"id":"115","impact":"That you cannot keep a record of all access and events on your account","issue":"Logs are not being kept for your CloudTrail activity","publicId":"SNYK-CC-TF-15","references":[],"remediation":{"cloudformation":"Set the `Properties.IsLogging` attribute to `true`","terraform":"Set the `enable_logging` attribute to `true`"},"severity":"high","subType":"CloudTrail","title":"CloudTrail has logging disabled"},"SNYK_CC_TF_16":{"compliance":[["CIS-Controls","v8","8.3"],["CIS-AWS-Foundations","v1.4.0","3.2"],["CSA-CCM","v4.0.5","LOG-09"]],"id":"116","impact":"You cannot trust the integrity of the log files and determine whether they have been tampered with.","issue":"The CloudTrail logs integrity is not been enforced","publicId":"SNYK-CC-TF-16","references":[],"remediation":{"cloudformation":"Set the `Properties.EnableLogFileValidation` attribute to `true`","terraform":"Set the `enable_log_file_validation` attribute to `true`"},"severity":"medium","subType":"CloudTrail","title":"CloudTrail does not have log file validation enabled"},"SNYK_CC_TF_17":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","3.7"],["CSA-CCM","v4.0.5","LOG-02"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"117","impact":"IAM policies cannot be used to control access to the decryption keys","issue":"The CloudTrail logs are not encrypted with managed key","publicId":"SNYK-CC-TF-17","references":["https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html"],"remediation":{"cloudformation":"Set `KMSKeyId` attribute to valid KMS key id","terraform":"Set `kms_key_id` attribute to valid KMS key id"},"severity":"low","subType":"CloudTrail","title":"CloudTrail logs are not encrypted with managed key"},"SNYK_CC_TF_18":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CIS-AWS-Foundations","v1.4.0","2.1.5"],["CIS-AWS-Foundations","v1.4.0","3.3"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"118","impact":"That you may be leaking sensitive information to members of the public without realizing.","issue":"That this S3 bucket is publicly readable without any authentication or authorization. ","publicId":"SNYK-CC-TF-18","references":["https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl"],"remediation":{"cloudformation":"Set `AccessControl` attribute to `private`, or remove the attribute","terraform":"Set `acl` attribute to `private`, or remove the attribute"},"severity":"medium","subType":"S3","title":"S3 Bucket is publicly readable"},"SNYK_CC_TF_19":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CIS-AWS-Foundations","v1.4.0","2.1.5"],["CIS-AWS-Foundations","v1.4.0","3.3"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"119","impact":"That you may be leaking sensitive information to members of the public and this data could be modified without your knowledge.","issue":"That this S3 bucket is publicly writeable without any authentication or authorization. ","publicId":"SNYK-CC-TF-19","references":["https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl"],"remediation":{"cloudformation":"Set the `Properties.AccessControl` attribute to `private`, or remove the attribute","terraform":"Set the `acl` attribute to `private`, or remove the attribute"},"severity":"high","subType":"S3","title":"S3 Bucket is publicly readable and writable"},"SNYK_CC_TF_2":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-Controls","v8","11.3"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"102","impact":"That should someone gain unauthorized access to the data they would be able to read the contents. ","issue":"That this EBS snapshot is not encrypted. The default behavior is for EBS snapshot to be encrypted. ","publicId":"SNYK-CC-TF-2","references":[],"remediation":{"terraform":"Adding or updating the attribute `encrypted` and setting it to `true` to ensure the snapshots are now encrypted. "},"severity":"medium","subType":"EC2","title":"Non-encrypted EBS snapshot"},"SNYK_CC_TF_201":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","2.3.1"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"201","impact":"Should someone gain unauthorized access to the data they would be able to read the contents.","issue":"The DB instance storage is not encrypted by default","publicId":"SNYK-CC-TF-201","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#storage_encrypted"],"remediation":{"cloudformation":"Set `Properties.StorageEncrypted` attribute to `true`","terraform":"Set `storage_encrypted` attribute to true"},"severity":"medium","subType":"RDS","title":"Non-encrypted RDS instance at rest"},"SNYK_CC_TF_204":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"204","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"EFS system file is not encrypted","publicId":"SNYK-CC-TF-204","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_file_system#encrypted","https://docs.aws.amazon.com/efs/latest/ug/encryption-at-rest.html"],"remediation":{"cloudformation":"Set `Properties.Encrypted` attribute to `true`","terraform":"Set `encrypted` attribute to `true`."},"severity":"medium","subType":"EFS","title":"Non-encrypted EFS at rest"},"SNYK_CC_TF_205":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"205","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"The Neptune Cluster storage encrypted set by default to false","publicId":"SNYK-CC-TF-205","references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/neptune_cluster#storage_encrypted","https://docs.aws.amazon.com/neptune/latest/userguide/encrypt.html"],"remediation":{"cloudformation":"Set `Properties.StorageEncrypted` attribute to `true`","terraform":"Set `storage_encrypted` attribute to `true`"},"severity":"medium","subType":"Neptune","title":"Non-encrypted Neptune cluster at rest"},"SNYK_CC_TF_214":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"214","impact":"The data could be read in transit.","issue":"Data in the Elasticache Replication Group is not securely encrypted in transit","publicId":"SNYK-CC-TF-214","references":["https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html"],"remediation":{"cloudformation":"Set `Properties.TransitEncryptionEnabled` attribute to `true`","terraform":"Set `transit_encryption_enabled` attribute to `true`"},"severity":"medium","subType":"ElastiCache","title":"Non-Encrypted ElastiCache data in transit"},"SNYK_CC_TF_215":{"compliance":[["CSA-CCM","v4.0.5","IAM-14"]],"id":"215","impact":"Anyone with network access to the cluster can read cached data","issue":"Elasticache cluster can be accessed without authentication token","publicId":"SNYK-CC-TF-215","references":["https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html","https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/auth.html"],"remediation":{"cloudformation":"Add an external reference to `AuthToken`. Do not add the secret directly into the file.","terraform":"Add an external reference to `auth_token`. Do not add the secret directly into the file."},"severity":"medium","subType":"ElastiCache","title":"ElastiCache cluster does not require authentication"},"SNYK_CC_TF_256":{"compliance":[["CIS-Controls","v8","8.9"],["CIS-AWS-Foundations","v1.4.0","3.4"]],"id":"356","impact":"Alarms cannot be configured to alert on CloudTrail events","issue":"CloudTrail does not deliver logs to CloudWatch","publicId":"SNYK-CC-TF-256","references":["https://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html"],"remediation":{"cloudformation":"Set `Properties.CloudWatchLogsLogGroupArn` attribute to cloudwatch log group ARN","terraform":"Set `cloud_watch_logs_group_arn` attribute to cloudwatch log group ARN"},"severity":"low","subType":"CloudTrail","title":"CloudTrail not integrated with CloudWatch"},"SNYK_CC_TF_3":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","2.2.1"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"103","impact":"That should someone gain unauthorized access to the data they would be able to read the contents. ","issue":"That this EBS volume is not encrypted. The default behavior is for EBS volumes to be encrypted. ","publicId":"SNYK-CC-TF-3","references":[],"remediation":{"cloudformation":"Set `Properties.Encrypted` attribute to `true`","terraform":"Set `encrypted` attribute to `true`"},"severity":"medium","subType":"EC2","title":"Non-encrypted EBS volume"},"SNYK_CC_TF_37":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"137","impact":"That potentially everyone can access your resource","issue":"That inbound traffic is allowed to a resource from any source instead of a restricted range","publicId":"SNYK-CC-TF-37","references":[],"remediation":{"cloudformation":"Set `CidrIp` attribute to specific IP range only, e.g. `192.168.1.0/24`","terraform":"Set `cidr_blocks` attribute to specific IP range only, e.g. `192.168.1.0/24`"},"severity":"medium","subType":"VPC","title":"AWS Security Group Rule allows public access"},"SNYK_CC_TF_38":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"138","impact":"That potentially everyone can access your resource","issue":"That inbound traffic is allowed to a resource from any source instead of a restricted range","publicId":"SNYK-CC-TF-38","references":["https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-security-groups.html"],"remediation":{"cloudformation":"Set `CIDRIP` attribute to specific IP range only, for example `192.168.1.0/24`","terraform":"Set `cidr` attribute to specific IP range only, for example `192.168.1.0/24`"},"severity":"medium","subType":"Redshift","title":"AWS Redshift Security Group allows public access"},"SNYK_CC_TF_39":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"139","impact":"That potentially everyone can access your resource","issue":"That inbound traffic is allowed to a resource from any source instead of a restricted range","publicId":"SNYK-CC-TF-39","references":["https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_AuthorizeDBSecurityGroupIngress.html"],"remediation":{"cloudformation":"Set `Properties.CIDRIP` attribute to specific IP range only, for example `192.168.1.0/24`","terraform":"Set `cidr` attribute to specific IP range only, for example `192.168.1.0/24`"},"severity":"medium","subType":"RDS","title":"AWS DB Security Group allows public access"},"SNYK_CC_TF_4":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","2.1.1"],["CSA-CCM","v4.0.5","CEK-03"]],"impact":"A non-encrypted S3 bucket increases the likelihood of unintentional data exposure","issue":"Non-encrypted S3 Bucket","publicId":"SNYK-CC-TF-4","references":["https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-bucket-encryption.html"],"remediation":{"cloudformation":"Set `BucketEncryption` attribute","terraform":"For AWS provider \u003c v4.0.0, set `server_side_encryption_configuration` block attribute. For AWS provider \u003e= v4.0.0 add aws_s3_bucket_server_side_encryption_configuration resource."},"severity":"medium","subType":"S3","title":"Non-encrypted S3 Bucket"},"SNYK_CC_TF_40":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"140","impact":"That potentially everyone can access your resource","issue":"That inbound traffic is allowed to a resource from any source instead of a restricted range","publicId":"SNYK-CC-TF-40","references":[],"remediation":{"terraform":"Set cidr_block to specific IP range only, e.g. `192.168.1.0/24`"},"resolve":"Set cidr_block to specific IP range only, e.g. `192.168.1.0/24`","severity":"medium","subType":"VPC","title":"AWS Default Network ACL allows public access"},"SNYK_CC_TF_41":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"141","impact":"That potentially everyone can access your resource","issue":"That inbound traffic is allowed to a resource from any source instead of a restricted range","publicId":"SNYK-CC-TF-41","references":["https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html"],"remediation":{"cloudformation":"Set `Properties.CidrBlock` or `Properties.Ipv6CidrBlock` attribute to specific IP range only, for example `192.168.0.0/24`","terraform":"Set `cidr_block` attribute to specific IP range only, for example `192.168.1.0/24`"},"severity":"medium","subType":"VPC","title":"AWS Network ACL allows public access"},"SNYK_CC_TF_42":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"142","impact":"That potentially everyone can access your resource","issue":"That inbound traffic is allowed to a resource from any source instead of a restricted range","publicId":"SNYK-CC-TF-42","references":[],"remediation":{"cloudformation":"Set `CidrBlock` to specific IP range only, e.g. `192.168.1.0/24`","terraform":"Set cidr_block to specific IP range only, e.g. `192.168.1.0/24`"},"severity":"medium","subType":"VPC","title":"AWS Network ACL Rule allows public access"},"SNYK_CC_TF_45":{"compliance":[["CIS-Controls","v8","3.14"],["CIS-Controls","v8","8.2"],["CIS-Controls","v8","8.12"],["CIS-AWS-Foundations","v1.4.0","3.6"],["CSA-CCM","v4.0.5","LOG-08"]],"impact":"There will be no audit trail of access to s3 objects","issue":"The s3 access logs will not be collected","publicId":"SNYK-CC-TF-45","references":["https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerLogs.html"],"remediation":{"cloudformation":"Set `Properties.LoggingConfiguration` attribute","terraform":"For AWS provider \u003c v4.0.0, add `logging` block attribute. For AWS provider \u003e= v4.0.0, add aws_s3_bucket_logging resource."},"severity":"low","subType":"S3","title":"S3 server access logging is disabled"},"SNYK_CC_TF_46":{"compliance":[["CSA-CCM","v4.0.5","IVS-04"]],"description":"","id":"146","impact":"Increases attack vector reachability","issue":"The EC2-Classic resources run in shared environment","publicId":"SNYK-CC-TF-46","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-classic-platform.html"],"resolve":"Migrate the resource to VPC mode","severity":"low","subType":"EC2","title":"AWS EC2-Classic resource detected"},"SNYK_CC_TF_47":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"147","impact":"The content could be intercepted and manipulated in transit","issue":"Load balancer endpoint does not enforce HTTPS","publicId":"SNYK-CC-TF-47","references":["https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html"],"remediation":{"cloudformation":"Set the `Properties.Protocol` attribute to `HTTPS` or `TLS`","terraform":"Set the `protocol` attribute to `HTTPS` or `TLS`"},"severity":"medium","subType":"Elastic Load Balancing","title":"Load balancer endpoint does not enforce HTTPS"},"SNYK_CC_TF_48":{"compliance":[["CIS-Controls","v8","4.1"],["CSA-CCM","v4.0.5","IVS-03"],["CSA-CCM","v4.0.5","IVS-04"],["CSA-CCM","v4.0.5","CCC-01"]],"id":"148","impact":"Increases attack vector reachability","issue":"Load balancer is internet facing","publicId":"SNYK-CC-TF-48","references":["https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-internet-facing-load-balancers.html"],"remediation":{"cloudformation":"Set `Properties.Scheme` attribute to `internal`","terraform":"Set `internal` attribute to `true`"},"severity":"low","subType":"Elastic Load Balancing","title":"Load balancer is internet facing"},"SNYK_CC_TF_49":{"compliance":[["CIS-Controls","v8","3.10"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"149","impact":"Older cipher suites could be vulnerable to hijacking and information disclosure","issue":"The load balancer will accept older TLS/SSL cipher suits","publicId":"SNYK-CC-TF-49","references":["https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies"],"remediation":{"cloudformation":"Set `Properties.SslPolicy` attribute to latest AWS predefined security policy","terraform":"Set `ssl_policy` attribute to latest AWS predefined security policy"},"severity":"low","subType":"Elastic Load Balancing","title":"ELB does not enforce latest TLS/SSL policy"},"SNYK_CC_TF_5":{"compliance":[["CIS-Controls","v8","13.9"],["CIS-AWS-Foundations","v1.4.0","5.2"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"105","impact":"That potentially everyone can access your resource","issue":"That inbound traffic is allowed to a resource from any source instead of a restricted range","publicId":"SNYK-CC-TF-5","references":[],"remediation":{"terraform":"Updating the `cidr_block` attribute with a more restrictive IP range or a specific IP address to ensure traffic can only come from known sources."},"severity":"medium","subType":"VPC","title":"Default VPC Security Group allows open ingress"},"SNYK_CC_TF_50":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"description":"","id":"150","impact":"Increases attack vector reachability","issue":"AWS resource is publicly accessible","publicId":"SNYK-CC-TF-50","references":["https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html","https://docs.aws.amazon.com/redshift/latest/mgmt/managing-clusters-vpc.html"],"remediation":{"terraform":"Set `publicly_accessible` attribute to `false`"},"severity":"high","subType":"Public Access","title":"Resource is publicly accessible"},"SNYK_CC_TF_51":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"151","impact":"Increases attack vector reachability","issue":"AWS resource could be accessed externally via public IP","publicId":"SNYK-CC-TF-51","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html","https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-in-vpc.html"],"remediation":{"terraform":"Set `associate_public_ip_address` attribute to `false`"},"resolve":"","severity":"low","subType":"EC2","title":"Resource has public IP assigned"},"SNYK_CC_TF_52":{"compliance":[["CIS-Controls","v8","3.12"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"152","impact":"The secret value will readable to anyone with access to VCS","issue":"Secret value has been declared in variable definition","publicId":"SNYK-CC-TF-52","references":["https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html"],"remediation":{"cloudformation":"Remove secret value from `ContainerDefinitions.Environment` map","terraform":"Remove secret value from `environment` map"},"severity":"medium","subType":"ECS","title":"Potentially sensitive variable in task definition"},"SNYK_CC_TF_53":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AWS-Foundations","v1.4.0","2.2.1"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"153","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"The root block device for ec2 instance is not encrypted","publicId":"SNYK-CC-TF-53","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/RootDeviceStorage.html","https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html","https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-root-volume-property/","https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/device_naming.html"],"remediation":{"cloudformation":"Set `BlockDeviceMappings.Encrypted` attribute of root device to `true`","terraform":"Set `root_block_device.encrypted` attribute to `true`"},"severity":"medium","subType":"EC2","title":"Non-Encrypted root block device"},"SNYK_CC_TF_54":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"154","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"The SQS queue is not encrypted at rest","publicId":"SNYK-CC-TF-54","references":["https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html"],"remediation":{"cloudformation":"Set `Properties.KmsMasterKeyId` attribute to KMS key, for example `alias/aws/sqs`, or set `SqsManagedSseEnabled` to `true`","terraform":"Either set `kms_master_key_id` attribute to KMS key or set `sqs_managed_sse_enabled` to `true`"},"severity":"medium","subType":"SQS","title":"Non-Encrypted SQS Queue"},"SNYK_CC_TF_55":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"155","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"The SNS topic is not encrypted at rest","publicId":"SNYK-CC-TF-55","references":["https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html"],"remediation":{"cloudformation":"Set `KmsMasterKeyId` attribute to KMS key for example `alias/aws/sns`","terraform":"Set `kms_master_key_id` attribute to KMS key"},"severity":"medium","subType":"SNS","title":"Non-Encrypted SNS Topic"},"SNYK_CC_TF_56":{"id":"156","impact":"Increases the security management overhead","issue":"The description field is missing in the security group","publicId":"SNYK-CC-TF-56","references":["https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html"],"resolve":"Set `description` attribute to meaningful statement","severity":"low","subType":"VPC","title":"Security group description is missing"},"SNYK_CC_TF_57":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"157","impact":"The content could be intercepted and manipulated in transit","issue":"Cloudfront distribution does not enforce HTTPS","publicId":"SNYK-CC-TF-57","references":["https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesViewerProtocolPolicy","https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-to-cloudfront.html"],"remediation":{"cloudformation":"Set `Properties.DistributionConfig.ViewerProtocolPolicy` attribute to `redirect-to-https` or `https-only`","terraform":"Set `default_cache_behavior.viewer_protocol_policy` attribute to `redirect-to-https` or `https-only`"},"severity":"medium","subType":"CloudFront","title":"Cloudfront distribution does not enforce HTTPS"},"SNYK_CC_TF_58":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"158","impact":"Older cipher suites could be vulnerable to hijacking and information disclosure","issue":"The cloudfront distribution will accept older TLS/SSL cipher suits","publicId":"SNYK-CC-TF-58","references":["https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy","https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html"],"remediation":{"cloudformation":"Set `Properties.DistributionConfig.ViewerCertificate.MinimumProtocolVersion` attribute to `TLSv1.2_2019`","terraform":"Set `viewer_certificate.minimum_protocol_version` attribute to `TLSv1.2_2019`"},"severity":"low","subType":"CloudFront","title":"Distribution does not enforce latest TLS/SSL policy"},"SNYK_CC_TF_59":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"159","impact":"The content could be intercepted and manipulated in transit","issue":"The client traffic will not be encrypted in transit","publicId":"SNYK-CC-TF-59","references":["https://docs.aws.amazon.com/msk/latest/developerguide/msk-encryption.html"],"remediation":{"cloudformation":"Set `Properties.EncryptionInfo.EncryptionInTransit.ClientBroker` attribute to `TLS`","terraform":"Set `encryption_info.encryption_in_transit.client_broker` attribute to `TLS`"},"severity":"medium","subType":"Managed Streaming for Kafka (MSK)","title":"MSK allows client plaintext traffic"},"SNYK_CC_TF_6":{"compliance":[["CIS-Controls","v8","13.9"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"106","impact":"That traffic from a resource could reach any destination, in the event of a breach this means data could be uploaded externally or additional resources targeted","issue":"That outbound traffic is not restricted to a specific range from a resource","publicId":"SNYK-CC-TF-6","references":[],"remediation":{"terraform":"Updating the `cidr_block` attribute with a more restrictive IP range or a specific IP address to ensure traffic can only reach known destinations."},"severity":"medium","subType":"VPC","title":"Default VPC Security Group allows open egress"},"SNYK_CC_TF_60":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"160","impact":"The content could be intercepted and manipulated in transit","issue":"The inter-cluster traffic will not be encrypted in transit","publicId":"SNYK-CC-TF-60","references":["https://docs.aws.amazon.com/msk/latest/developerguide/msk-encryption.html"],"remediation":{"cloudformation":"Set `Properties.EncryptionInfo.EncryptionInTransit.InCluster` attribute to `true`","terraform":"Set `encryption_info.encryption_in_transit.in_cluster` attribute to `true`"},"severity":"medium","subType":"Managed Streaming for Kafka (MSK)","title":"MSK allows in cluster plaintext traffic"},"SNYK_CC_TF_61":{"compliance":[["CIS-Controls","v8","4.1"],["CIS-Controls","v8","7.1"],["CSA-CCM","v4.0.5","TVM-01"],["CSA-CCM","v4.0.5","TVM-07"],["CSA-CCM","v4.0.5","AIS-07"]],"impact":"The known vulnerabilities will not be automatically discovered","issue":"The ECR image scan for known vulnerabilities is disabled","publicId":"SNYK-CC-TF-61","references":["https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html"],"remediation":{"cloudformation":"Set `Properties.ImageScanningConfiguration` attribute to `true`","terraform":"Set `image_scanning_configuration.scan_on_push` attribute to `true`"},"severity":"low","subType":"ECR","title":"ECR image scanning is disabled"},"SNYK_CC_TF_62":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"162","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"The AWS kinesis server-side encryption is disabled","publicId":"SNYK-CC-TF-62","references":["https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.htm://docs.aws.amazon.com/streams/latest/dev/server-side-encryption.html"],"remediation":{"cloudformation":"Set `Properties.StreamEncryption.EncryptionType` attribute to `KMS`","terraform":"Set `encryption_type` attribute to `KMS`"},"severity":"medium","subType":"Kinesis","title":"Non-Encrypted Kinesis Stream"},"SNYK_CC_TF_63":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"163","impact":"Older cipher suites could be vulnerable to hijacking and information disclosure","issue":"The API gateway will accept older TLS cipher suits","publicId":"SNYK-CC-TF-63","references":["https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.html"],"remediation":{"cloudformation":"Set `Properties.SecurityPolicy` attribute to `TLS_1_2`","terraform":"Set `security_policy` attribute to `TLS_1_2`"},"severity":"low","subType":"API Gateway (REST APIs)","title":"API Gateway does not enforce latest TLS/SSL policy"},"SNYK_CC_TF_64":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"164","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"The elasticsearch cluster is not encrypted at rest","publicId":"SNYK-CC-TF-64","references":["https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/encryption-at-rest.html","https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/aes-supported-instance-types.html"],"remediation":{"cloudformation":"Set `Properties.EncryptionAtRestOptions` attribute to `true`","terraform":"Set `encrypt_at_rest.enabled` attribute to `true`"},"severity":"medium","subType":"ElasticSearch","title":"Non-encrypted ElasticSearch cluster"},"SNYK_CC_TF_65":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"165","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"The instance type does not support encryption at rest","publicId":"SNYK-CC-TF-65","references":["https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/encryption-at-rest.html","https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/aes-supported-instance-types.html"],"remediation":{"cloudformation":"Set `Properties.ElasticsearchClusterConfig.InstanceType` attribute to supported instance type e.g. `c5.large.elasticsearch`, and set `EncryptionAtRestOptions.enabled` attribute to `true`","terraform":"Set `cluster_config.instance_type` attribute to supported instance type e.g. `c5.large.elasticsearch`, and set `encrypt_at_rest.enabled` attribute to `true`"},"severity":"medium","subType":"ElasticSearch","title":"Encryption at rest is not supported by instance type"},"SNYK_CC_TF_66":{"compliance":[["CIS-Controls","v8","3.10"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"166","impact":"The content could be intercepted and manipulated in transit","issue":"The inter-cluster traffic will not be encrypted in transit","publicId":"SNYK-CC-TF-66","references":["https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/ntn.html"],"remediation":{"cloudformation":"Set `Properties.NodeToNodeEncryptionOptions` attribute to `true`","terraform":"Set `node_to_node_encryption.enabled` attribute to `true`"},"severity":"medium","subType":"ElasticSearch","title":"Node-to-node encryption is disabled"},"SNYK_CC_TF_67":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"167","impact":"The content could be intercepted and manipulated in transit","issue":"The HTTPS is not enforced for elasticsearch cluster","publicId":"SNYK-CC-TF-67","references":["https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-data-protection.html"],"remediation":{"cloudformation":"Set `Properties.DomainEndpointOptions.EnforceHTTPS` attribute to `true`","terraform":"Set `domain_endpoint_options.enforce_https` attribute to `true`"},"severity":"medium","subType":"ElasticSearch","title":"Cluster does not enforce HTTPS"},"SNYK_CC_TF_68":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"168","impact":"Older cipher suites could be vulnerable to hijacking and information disclosure","issue":"The elasticsearch cluster will accept older TLS/SSL cipher suits","publicId":"SNYK-CC-TF-68","references":["https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-data-protection.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticsearch-domain.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html"],"remediation":{"cloudformation":"Set `Properties.DomainEndpointOptions.TLSSecurityPolicy` attribute to `Policy-Min-TLS-1-2-2019-07`","terraform":"Set `domain_endpoint_options.tls_security_policy` attribute to `Policy-Min-TLS-1-2-2019-07`"},"severity":"medium","subType":"ElasticSearch","title":"Cluster does not enforce latest TLS/SSL policy"},"SNYK_CC_TF_69":{"compliance":[["CIS-Controls","v8","6.8"],["CIS-AWS-Foundations","v1.4.0","1.16"],["CSA-CCM","v4.0.5","IAM-05"],["CSA-CCM","v4.0.5","IAM-16"]],"description":"","id":"169","impact":"Granting permission to perform any action is against 'least privilege' principle","issue":"The IAM policy allows all actions on resource","publicId":"SNYK-CC-TF-69","references":["https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html","https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html"],"remediation":{"cloudformation":"Set `Action` attribute in `Properties.PolicyDocument` to specific actions e.g. `s3:ListBucket`","terraform":"Set `statement.action` attribute to specific actions e.g. `s3:ListBucket`"},"severity":"high","subType":"IAM","title":"Wildcard action in IAM Policy"},"SNYK_CC_TF_7":{"compliance":[["CIS-Controls","v8","5.2"],["CSA-CCM","v4.0.5","IAM-02"]],"id":"107","impact":"Your password is not following the recommended security practices and is not as strong as it should be","issue":"Your password does not contain uppercase characters","publicId":"SNYK-CC-TF-7","references":[],"remediation":{"terraform":"Set the `require_uppercase_characters` attribute to be `true` to increase the strength of your password"},"severity":"medium","subType":"IAM","title":"IAM password should contain uppercase"},"SNYK_CC_TF_70":{"compliance":[["CIS-Controls","v8","6.8"],["CIS-AWS-Foundations","v1.4.0","1.15"],["CIS-AWS-Foundations","v1.4.0","1.16"],["CSA-CCM","v4.0.5","IAM-16"]],"id":"170","impact":"Granting permission to perform any action is against 'least privilege' principle","issue":"The SQS queue policy allows all actions on the resource","publicId":"SNYK-CC-TF-70","references":["https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-authentication-and-access-control.html"],"remediation":{"cloudformation":"Set `Action` in `Properties.PolicyDocument` attribute to specific actions for example `sqs:SendMessage`","terraform":"Set `Action` in policy heredoc to specific actions e.g. `sqs:SendMessage`"},"severity":"high","subType":"SQS","title":"Wildcard action in SQS Policy"},"SNYK_CC_TF_71":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"]],"id":"171","impact":"That should someone gain unauthorized access to the data they would be able to read the contents.","issue":"The ElastiCache replication group is not encrypted at rest","publicId":"SNYK-CC-TF-71","references":["https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/at-rest-encryption.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticache-replicationgroup.html"],"remediation":{"cloudformation":"Set `Properties.AtRestEncryptionEnabled` attribute to `true`","terraform":"Set `at_rest_encryption_enabled` attribute to `true`"},"severity":"medium","subType":"ElastiCache","title":"Non-Encrypted ElastiCache Replication Group"},"SNYK_CC_TF_72":{"compliance":[["CIS-Controls","v8","13.9"],["CSA-CCM","v4.0.5","IVS-03"]],"impact":"Open egress can be used to exfiltrate data to unauthorized destinations, and enable access to potentially malicious resources","issue":"The security group rule allows open egress","publicId":"SNYK-CC-TF-72","references":["https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html","https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-best-practices.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html"],"remediation":{"cloudformation":"Set `Properties.SecurityGroupEgress.CidrIp` attribute to specific ranges e.g. `192.168.1.0/24`","terraform":"Set `cidr_blocks` attribute to specific ranges e.g. `192.168.1.0/24`"},"severity":"low","subType":"VPC","title":"Rule allows open egress"},"SNYK_CC_TF_73":{"compliance":[["CIS-Controls","v8","13.9"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"173","impact":"Open egress can be used to exfiltrate data to unauthorized destinations, and enable access to potentially malicious resources","issue":"The inline security group rule allows open egress","publicId":"SNYK-CC-TF-73","references":["https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html","https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-best-practices.html"],"remediation":{"cloudformation":"Set `Properties.SecurityGroupEgress.CidrIp` attribute to specific ranges e.g. `192.168.1.0/24`","terraform":"Set `egress.cidr_blocks` attribute to specific ranges e.g. `192.168.1.0/24`"},"severity":"low","subType":"VPC","title":"AWS Security Group allows open egress"},"SNYK_CC_TF_74":{"compliance":[["CIS-Controls","v8","4.6"],["CSA-CCM","v4.0.5","IAM-15"]],"id":"174","impact":"Use of provider attributes can lead to accidental disclosure of credentials in configuration files, variable definition files, event logs or console logs","issue":"Credentials are configured via provider attributes","publicId":"SNYK-CC-TF-74","references":["https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html","https://registry.terraform.io/providers/hashicorp/aws/latest/docs"],"resolve":"Set access credentials via environment variables, and remove `access_key` and `secret_key` attributes from the configuration","severity":"high","subType":"Provider","title":"Credentials are configured via provider attributes"},"SNYK_CC_TF_75":{"compliance":[["CIS-Controls","v8","4.4"],["CIS-Controls","v8","12.2"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"175","impact":"The WAF service will not protect the application from common web based attacks such as SQL injections","issue":"The AWS WAF is not in front of cloudfront distribution","publicId":"SNYK-CC-TF-75","references":["https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-awswaf.html","https://docs.aws.amazon.com/waf/latest/developerguide/web-acl.html"],"remediation":{"cloudformation":"Set `Properties.DistributionConfig.WebACLId` attribute to existing AWS WAF acl ARN","terraform":"Set `web_acl_id` attribute to existing AWS WAF acl ARN"},"severity":"low","subType":"CloudFront","title":"Cloudfront distribution without WAF"},"SNYK_CC_TF_8":{"compliance":[["CIS-Controls","v8","5.2"],["CSA-CCM","v4.0.5","IAM-02"]],"id":"108","impact":"Your password is not following the recommended security practices and is not as strong as it should be","issue":"Your password does not contain lowercase characters","publicId":"SNYK-CC-TF-8","references":[],"remediation":{"terraform":"Set the `require_lowercase_characters` attribute to be `true` to increase the strength of your password"},"severity":"medium","subType":"IAM","title":"IAM password should contain lowercase"},"SNYK_CC_TF_9":{"compliance":[["CIS-Controls","v8","5.2"],["CSA-CCM","v4.0.5","IAM-02"]],"id":"109","impact":"Your password is not following the recommended security practices and is not as strong as it should be","issue":"Your password does not contain symbols","publicId":"SNYK-CC-TF-9","references":[],"remediation":{"terraform":"Set the `require_symbols` attribute to be `true` to increase the strength of your password"},"severity":"medium","subType":"IAM","title":"IAM password should contain symbols"},"SNYK_CC_TF_93":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"193","impact":"Any AWS account will be able to perform actions specified in the policy","issue":"The ECR policy allows access to any account","publicId":"SNYK-CC-TF-93","references":["https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policies.html"],"remediation":{"cloudformation":"Set `Statement.Principal` attribute of policy document to specific accounts only e.g. `arn:aws:iam::account-id:root`","terraform":"Set `statement.principal` attribute of policy document to specific accounts only e.g. `arn:aws:iam::account-id:root`"},"severity":"high","subType":"ECR","title":"ECR policy allows public access"},"SNYK_CC_TF_94":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"194","impact":"Anyone may be able to establish network connectivity to the API server","issue":"API endpoint of the EKS cluster is public","publicId":"SNYK-CC-TF-94","references":["https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html"],"resolve":"Set `vpc_config.public_access_cidrs` attribute to specific net address e.g. `192.168.0.0/24`, or set `vpc_config.endpoint_public_access` attribute to `false`","severity":"high","subType":"EKS","title":"EKS cluster allows public access"},"SNYK_CC_TF_95":{"compliance":[["CIS-Controls","v8","3.3"],["CIS-AWS-Foundations","v1.4.0","2.1.5"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"195","impact":"Anyone who can manage bucket's ACLs will be able to grant public access to the bucket","issue":"Bucket does not prevent creation of public ACLs","publicId":"SNYK-CC-TF-95","references":["https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html","https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html","https://docs.aws.amazon.com/AmazonS3/latest/user-guide/block-public-access.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html"],"remediation":{"cloudformation":"Set `Properties.PublicAccessBlockConfiguration.BlockPublicAcls` attribute to `true`","terraform":"Set the `aws_s3_bucket_public_access_block` `block_public_acls` field to true."},"severity":"high","subType":"S3","title":"S3 block public ACLs control is disabled"},"SNYK_CC_TF_96":{"compliance":[["CIS-Controls","v8","3.3"],["CIS-AWS-Foundations","v1.4.0","2.1.5"],["CSA-CCM","v4.0.5","IAM-05"]],"impact":"Anyone who can manage bucket's policies will be able to grant public access to the bucket.","issue":"Bucket does not prevent creation of public policies","publicId":"SNYK-CC-TF-96","references":["https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html","https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html","https://docs.aws.amazon.com/AmazonS3/latest/user-guide/block-public-access.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html"],"remediation":{"cloudformation":"Set `Properties.PublicAccessBlockConfiguration.BlockPublicPolicy` attribute to `true`","terraform":"Set `aws_s3_bucket_public_access_block` `block_public_policy` attribute to `true`"},"severity":"high","subType":"S3","title":"S3 block public policy control is disabled"},"SNYK_CC_TF_97":{"compliance":[["CIS-Controls","v8","3.3"],["CIS-AWS-Foundations","v1.4.0","2.1.5"],["CSA-CCM","v4.0.5","IAM-05"]],"impact":"If public ACL is attached to the bucket, anyone will be able to read and/or write to the bucket.","issue":"Bucket will recognize public ACLs and allow public access","publicId":"SNYK-CC-TF-97","references":["https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html","https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html","https://docs.aws.amazon.com/AmazonS3/latest/user-guide/block-public-access.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-s3-accesspoint.html"],"remediation":{"cloudformation":"Set `Properties.PublicAccessBlockConfiguration.IgnorePublicAcls` attribute to `true`","terraform":"Set `aws_s3_bucket_public_access_block` `ignore_public_acls` attribute to `true`"},"severity":"high","subType":"S3","title":"S3 ignore public ACLs control is disabled"},"SNYK_CC_TF_98":{"compliance":[["CIS-Controls","v8","3.3"],["CIS-AWS-Foundations","v1.4.0","2.1.5"],["CSA-CCM","v4.0.5","IAM-05"]],"impact":"If public policy is attached to the bucket, anyone will be able to read and/or write to the bucket.","issue":"Bucket will recognize public policies and allow public access","publicId":"SNYK-CC-TF-98","references":["https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html","https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html","https://docs.aws.amazon.com/AmazonS3/latest/user-guide/block-public-access.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html"],"remediation":{"cloudformation":"Set `Properties.PublicAccessBlockConfiguration.RestrictPublicBuckets` attribute to `true`","terraform":"Set `aws_s3_bucket_public_access_block` `restrict_public_buckets` attribute to `true`"},"severity":"high","subType":"S3","title":"S3 restrict public bucket control is disabled"},"SNYK_CC_TF_99":{"compliance":[["CIS-Controls","v8","3.3"],["CIS-AWS-Foundations","v1.4.0","5.3"],["CSA-CCM","v4.0.5","IAM-05"]],"id":"199","impact":"Anyone could potentially access resources behind the gateway","issue":"API gateway will accept http methods without authorization header","publicId":"SNYK-CC-TF-99","references":["https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-method-settings-method-request.html","https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-method.html"],"remediation":{"cloudformation":"Set `Properties.AuthorizationType` attribute to value other than `NONE`","terraform":"Set `authorization` attribute to value other than `NONE`"},"severity":"high","subType":"API Gateway (REST APIs)","title":"API Gateway allows anonymous access"}},"azure":{"SNYK_CC_AZURE_468":{"compliance":[["CIS-Controls","v8","8.1"],["CIS-AZURE-Foundations","v1.4.0","4.1.3"],["CSA-CCM","v4.0.5","LOG-02"]],"impact":"Audit records may not be available during investigation","issue":"Azure SQL database audit retention period is below 90 days","publicId":"SNYK-CC-AZURE-468","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_database","https://docs.microsoft.com/en-us/azure/azure-sql/database/auditing-overview"],"remediation":{"arm":"Set `retentionDays` attribute to `90` or greater. Alternatively set the value to `0` to retain records indefinitely","terraform":"Set `retention_in_days` attribute to `90` or greater. Alternatively set the value to `0` to retain records indefinitely"},"severity":"low","subType":"Database","title":"Azure SQL database audit retention period is below 90 days"},"SNYK_CC_AZURE_470":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","BCR-08"]],"impact":"Database contents are not backed up in multiple geographical locations for disaster prevention","issue":"MariaDB geo-redundant backup is disabled","publicId":"SNYK-CC-AZURE-470","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mariadb_server","https://docs.microsoft.com/en-us/azure/mariadb/concepts-backup#backup-redundancy-options"],"remediation":{"arm":"Set `properties.storageProfile.geoRedundantBackup` attribute to `Enabled`","terraform":"Set `geo_redundant_backup_enabled` attribute to `true`"},"severity":"low","subType":"Database","title":"MariaDB geo-redundant backup disabled"},"SNYK_CC_AZURE_471":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"571","impact":"Database service port can be potentially accessed by anyone on the internet. This exposes the service to the authentication brute force attacks","issue":"MariaDB public access is enabled","publicId":"SNYK-CC-AZURE-471","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mariadb_server","https://docs.microsoft.com/en-us/azure/mariadb/howto-deny-public-network-access"],"remediation":{"arm":"Set `properties.publicNetworkAccess` attribute to `Disabled`","terraform":"Set `public_network_access_enabled` attribute to `false`"},"severity":"medium","subType":"Database","title":"MariaDB public access is enabled"},"SNYK_CC_AZURE_472":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","DSP-10"]],"impact":"Data-in-transit in vulnerable to interception and exfiltration","issue":"MariaDB server does not enforce SSL","publicId":"SNYK-CC-AZURE-472","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mariadb_server","https://mariadb.com/kb/en/securing-connections-for-client-and-server/"],"remediation":{"arm":"Set `publicNetworkAccess` attribute to `Disabled`","terraform":"Set `public_network_access_enabled` attribute to `false`"},"severity":"medium","subType":"Database","title":"MariaDB server does not enforce SSL"},"SNYK_CC_AZURE_473":{"compliance":[["CIS-Controls","v8","5.6"],["CIS-Controls","v8","16.10"],["CIS-Controls","v8","6.7"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Alternative certificate based authentication introduced management overhead. Certificates are harder to revoke and rotate than active directory membership","issue":"Service fabric does not use active directory authentication","publicId":"SNYK-CC-AZURE-473","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/service_fabric_cluster","https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-creation-setup-aad"],"remediation":{"arm":"Set an `azureActiveDirectory` attribute","terraform":"Set an `azure_active_directory` block with the following attributes, `tenant_id`, `cluster_application_id`, `client_application_id`"},"severity":"medium","subType":"Service Fabric","title":"Service fabric does not use active directory authentication"},"SNYK_CC_AZURE_474":{"compliance":[["CIS-Controls","v8","13.10"],["CIS-Controls","v8","12.2"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Application will not be protected using a Web Application Firewall","issue":"WAF not enabled on application gateway","publicId":"SNYK-CC-AZURE-474","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_gateway","https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-web-application-firewall-portal"],"remediation":{"arm":"Set `properties.webApplicationFirewallConfiguration.enabled` attribute to `true`","terraform":"Set `enabled` attribute to `true` within the `waf_configuration` block"},"severity":"medium","subType":"Network","title":"WAF not enabled on application gateway"},"SNYK_CC_AZURE_475":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-07"]],"id":"575","impact":"Storage devices attached to the VM will not be encrypted at rest","issue":"Linux VM scale set encryption at host disabled","publicId":"SNYK-CC-AZURE-475","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine_scale_set","https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disks-enable-host-based-encryption-cli"],"remediation":{"arm":"Set `properties.securityProfile.encryptionAtHost` attribute to `true`","terraform":"Set `encryption_at_host_enabled` attribute to `true`"},"severity":"medium","subType":"Compute","title":"Linux VM scale set encryption at host disabled"},"SNYK_CC_AZURE_476":{"compliance":[["CIS-Controls","v8","13.10"],["CIS-Controls","v8","12.2"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Azure Front Door will not apply WAF policy to the linked web applications","issue":"FrontDoor WAF disabled","publicId":"SNYK-CC-AZURE-476","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/frontdoor#web_application_firewall_policy_link_id","https://docs.microsoft.com/en-us/azure/web-application-firewall/afds/afds-overview"],"remediation":{"arm":"Set `properties.webApplicationFirewallPolicyLink` attribute within the `id` of firewall policy","terraform":"Set `web_application_firewall_policy_link_id` attribute within the `frontend_endpoint` block"},"severity":"medium","subType":"Network","title":"FrontDoor WAF disabled"},"SNYK_CC_AZURE_477":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-Controls","v8","3.10"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Data in transit is vulnerable to interception and manipulation","issue":"Redis cache non SSL port enabled","publicId":"SNYK-CC-AZURE-477","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/redis_cache","https://docs.microsoft.com/en-us/azure/azure-cache-for-redis/cache-management-faq"],"remediation":{"arm":"Set `properties.enableNonSslPort` attribute to `false`","terraform":"Set `enable_non_ssl_port` port to `false`"},"severity":"medium","subType":"Redis","title":"Redis cache insecure port enabled"},"SNYK_CC_AZURE_478":{"compliance":[["CIS-Controls","v8","3.11"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Storage devices attached to the VM will not be encrypted at rest","issue":"Windows VM scale set encryption at host disabled","publicId":"SNYK-CC-AZURE-478","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_virtual_machine_scale_set","https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disks-enable-host-based-encryption-cli"],"remediation":{"arm":"Set `properties.securityProfile.encryptionAtHost` attribute to `true`","terraform":"Set `encryption_at_host_enabled` attribute to `true`"},"severity":"medium","subType":"Compute","title":"Windows VM scale set encryption at host disabled"},"SNYK_CC_AZURE_500":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","DSP-10"]],"impact":"The connection and transmitted data could be intercepted and manipulated","issue":"Function App does not enforce use of HTTPS connections, users can access via HTTP","publicId":"SNYK-CC-AZURE-500","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#https_only","https://docs.microsoft.com/en-us/azure/azure-functions/security-concepts#require-https"],"remediation":{"arm":"Set `httpsOnly` attribute to `true`","terraform":"Set `https_only` attribute to `true`"},"severity":"medium","subType":"App Service (Web Apps)","title":" Function App does not enforce HTTPS"},"SNYK_CC_AZURE_501":{"compliance":[["CIS-Controls","v8","5.6"],["CIS-Controls","v8","16.10"],["CIS-Controls","v8","6.7"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Users will not be able to use Azure Active Directory for authentication in their Function App","issue":"Function App built-in authentication disabled","publicId":"SNYK-CC-AZURE-501","references":["https://docs.microsoft.com/en-us/azure/azure-functions/security-concepts#authenticationauthorization","https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization"],"remediation":{"arm":"Set `properties.enabled` to `true`","terraform":"Set `auth_settings.enabled` attribute to `true`"},"severity":"medium","subType":"App Service (Web Apps)","title":"Function App built-in authentication disabled"},"SNYK_CC_AZURE_502":{"compliance":[["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Audit records may not be available during investigation","issue":"Function App logging has been explicitly disabled","publicId":"SNYK-CC-AZURE-502","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#enable_builtin_logging","https://docs.microsoft.com/en-us/azure/azure-functions/functions-monitoring#collecting-telemetry-data"],"remediation":{"arm":"Set `properties.detailedErrorMessages` and `properties.failedRequestsTracing` attributes to `true`","terraform":"Set `enable_builtin_logging` attribute to `true`"},"severity":"low","subType":"App Service (Web Apps)","title":"Function App logging disabled"},"SNYK_CC_AZURE_504":{"compliance":[["CIS-Controls","v8","3.3"],["CSA-CCM","v4.0.5","IAM-05"]],"impact":"Anonymous users can access your API documentation and specifications","issue":"API Management allows anonymous access to developer portal","publicId":"SNYK-CC-AZURE-504","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management#enabled","https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-oauth2"],"remediation":{"arm":"Set `name` to `signin` and `properties.enabled` to `true`","terraform":"Set a `sign_in.enabled` attribute set to `true`"},"severity":"low","subType":"API Management","title":"API Management allows anonymous access to developer portal"},"SNYK_CC_AZURE_505":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","DSP-10"]],"id":"505","impact":"Usage of outdated protocols pose a security risk and a lack of technical support, using these protocols means your APIs are vulnerable to attack","issue":"API Management allows insecure TLS/SSL protocols","publicId":"SNYK-CC-AZURE-505","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management#enable_backend_ssl30","https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-manage-protocols-ciphers"],"remediation":{"arm":"Set `properties.tls11Enabled` and `properties.tls10Enabled` to `false`","terraform":"Set any `security.enable_backend_*` attributes to `false`"},"severity":"low","subType":"API Management","title":"API Management allows insecure TLS/SSL protocols"},"SNYK_CC_AZURE_508":{"compliance":[["CIS-Controls","v8","5.4"],["CSA-CCM","v4.0.5","IAM-05"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-09"]],"id":"608","impact":"Job will have elevated privileges on the host instance which may allow it to access information about other workloads","issue":"Batch job runs in admin mode","publicId":"SNYK-CC-AZURE-508","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/batch_pool#elevation_level","https://docs.microsoft.com/en-us/azure/batch/batch-user-accounts#elevated-access-for-tasks"],"remediation":{"arm":"Set `properties.startTask.userIdentity.autoUser.elevationLevel` to `NonAdmin`","terraform":"Set `start_task.user_identity.auto_user.elevation_level` attribute to `NonAdmin`"},"severity":"high","subType":"Batch","title":"Batch job runs in admin mode"},"SNYK_CC_AZURE_509":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"The content could be intercepted and manipulated in transit","issue":"CDN Endpoint https not enforced","publicId":"SNYK-CC-AZURE-509","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cdn_endpoint#is_http_allowed","https://docs.microsoft.com/en-us/azure/cdn/cdn-custom-ssl?tabs=option-1-default-enable-https-with-a-cdn-managed-certificate"],"remediation":{"arm":"Set `properties.isHttpAllowed` to `false`","terraform":"Set `is_http_allowed` to `false`"},"severity":"medium","subType":"CDN","title":"CDN Endpoint https not enforced"},"SNYK_CC_AZURE_510":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","BCR-03"]],"impact":"Account will experience loss of write availability for all the duration of the write region outage","issue":"CosmosDB Account automatic failover disabled","publicId":"SNYK-CC-AZURE-510","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_account#enable_automatic_failover","https://docs.microsoft.com/en-us/azure/cosmos-db/high-availability"],"remediation":{"arm":"Set `properties.enableAutomaticFailover` to `true`","terraform":"Set `enable_automatic_failover` attribute to `true`"},"severity":"low","subType":"CosmosDB (DocumentDB)","title":"CosmosDB account automatic failover disabled"},"SNYK_CC_AZURE_511":{"compliance":[["CIS-Controls","v8","16.1"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Databases under the account may be accessible by anyone on the Internet","issue":"CosmosDB account public network access enabled","publicId":"SNYK-CC-AZURE-511","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_account#public_network_access_enabled","https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-configure-firewall"],"remediation":{"arm":"`properties.publicNetworkAccess` to `Disabled`","terraform":"Set `public_network_access_enabled` attribute to `false`"},"severity":"medium","subType":"CosmosDB (DocumentDB)","title":"CosmosDB account public network access enabled"},"SNYK_CC_AZURE_512":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","CCC-04"],["CSA-CCM","v4.0.5","IAM-05"]],"impact":"The Azure services will be able to connect to the DB without explicit allow acl","issue":"CosmosDB account acl bypass for trusted services enabled","publicId":"SNYK-CC-AZURE-512","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_account#network_acl_bypass_for_azure_services","https://docs.microsoft.com/en-us/azure/cosmos-db/analytical-store-private-endpoints"],"remediation":{"arm":"Set `properties.networkAclBypass` to `None`","terraform":"Set `network_acl_bypass_for_azure_services` attribute to `false`"},"severity":"low","subType":"CosmosDB (DocumentDB)","title":"CosmosDB account acl bypass for trusted services enabled"},"SNYK_CC_AZURE_513":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"The REST APIs are subject to attacks from the public internet, such as zero-day vulnerabilities and unauthorized access via lost credentials","issue":"The Azure Data Factory REST APIs are accessible from the Internet","publicId":"SNYK-CC-AZURE-513","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_factory#public_network_enabled","https://docs.microsoft.com/en-us/azure/data-factory/data-movement-security-considerations"],"remediation":{"arm":"Set `properties.publicNetworkAccess` to `Disabled`","terraform":"Set `public_network_enabled` to `false`"},"severity":"medium","subType":"Data Factory","title":"Data Factory public access enabled"},"SNYK_CC_AZURE_514":{"id":"614","impact":"Scope of use of the key cannot be controlled via access policies","issue":"Data Factory is not using customer managed key to encrypt data","publicId":"SNYK-CC-AZURE-514","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_factory#customer_managed_key_id","https://docs.microsoft.com/en-us/azure/data-factory/enable-customer-managed-key"],"remediation":{"arm":"Set `properties.encryption.keyName` attribute to customer managed key","terraform":"Set `customer_managed_key_id` attribute"},"severity":"low","subType":"Data Factory","title":"Data Factory not encrypted with customer managed key"},"SNYK_CC_AZURE_515":{"compliance":[["CIS-Controls","v8","4.4"],["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Data Lake Storage will be accessible from the internet which increases the external attack vectors","issue":"Data Lake Storage firewall disabled","publicId":"SNYK-CC-AZURE-515","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_lake_store#firewall_state","https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-best-practices#enable-the-data-lake-storage-gen2-firewall-with-azure-service-access"],"remediation":{"arm":"Set `properties.firewallState` to `Enabled`","terraform":"Set `firewall_state` attribute to `Enabled`"},"severity":"high","subType":"Data Lake","title":"Data Lake Storage firewall disabled"},"SNYK_CC_AZURE_516":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Services deployed in the network will not benefit from advanced DDoS protection features such as attack alerting and analytics","issue":"Virtual Network DDoS protection plan disabled","publicId":"SNYK-CC-AZURE-516","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network#ddos_protection_plan","https://docs.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview"],"remediation":{"arm":"Set `properties.enableDdosProtection` to `true`","terraform":"Set `ddos_protection_plan.enable` attribute to `true`"},"severity":"low","subType":"Network","title":"Virtual Network DDoS protection plan disabled"},"SNYK_CC_AZURE_517":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-14"],["CSA-CCM","v4.0.5","IAM-16"],["CSA-CCM","v4.0.5","IVS-03"]],"id":"617","impact":"Unauthenticated users will be able to access the data stored in the cache","issue":"Redis Cache accessible without authentication","publicId":"SNYK-CC-AZURE-517","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/redis_cache#enable_authentication","https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/azure-cache-for-redis-security-baseline"],"remediation":{"terraform":"Set `redis_configuration.enable_authentication` attribute to `true`"},"severity":"medium","subType":"Redis","title":"Redis Cache accessible without authentication"},"SNYK_CC_AZURE_518":{"compliance":[["CIS-Controls","v8","11.2"],["CSA-CCM","v4.0.5","BCR-08"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"In the event of hardware failure or other disasters, data may be lost. Note this is only available to Premium Service Tier Caches (SKUs)","issue":"Redis Cache backup disabled","publicId":"SNYK-CC-AZURE-518","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/redis_cache#rdb_backup_enabled","https://docs.microsoft.com/en-us/azure/azure-cache-for-redis/cache-how-to-premium-persistence"],"remediation":{"arm":"Set `properties.redisConfiguration.rdb-backup-enabled` to `true`","terraform":"Set `rdb_backup_enabled` to `true`"},"severity":"low","subType":"Redis","title":"Redis Cache backup disabled"},"SNYK_CC_AZURE_519":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","DSP-10"]],"impact":"Usage of outdated protocols pose a security risk and a lack of technical support, using these protocols means your APIs are vulnerable to attack","issue":"API Management frontend allows insecure TLS/SSL protocols","publicId":"SNYK-CC-AZURE-519","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/api_management#enable_frontend_ssl30","https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-manage-protocols-ciphers"],"remediation":{"terraform":"Set `enable_frontend_ssl30` `enable_frontend_tls10` `enable_frontend_tls11` attributes to `false`"},"severity":"low","subType":"API Management","title":"API Management frontend allows insecure TLS/SSL protocols"},"SNYK_CC_AZURE_521":{"compliance":[["CIS-AZURE-Foundations","v1.4.0","2.4"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"SQL servers will not be protected with threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center","issue":"Azure Defender is disabled on SQL servers","publicId":"SNYK-CC-AZURE-521","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing","https://docs.microsoft.com/en-us/azure/security-center/azure-defender","CIS Microsoft Azure Foundations Benchmark v1.3.0 - 2.1 Ensure that Azure Defender is set to On for Servers"],"remediation":{"arm":"Set `name` to `SqlServers` and `properties.pricingTier` to `Standard`","terraform":"Set `tier` to `Standard` and `resource_type` to `SqlServers`"},"severity":"low","subType":"Security Center","title":"Azure Defender is disabled on SQL servers"},"SNYK_CC_AZURE_522":{"compliance":[["CIS-AZURE-Foundations","v1.4.0","2.2"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"App Service might be vulnerable to a broad range of threats","issue":"App Service is not protected by Azure Defender","publicId":"SNYK-CC-AZURE-522","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing","https://docs.microsoft.com/en-us/azure/security-center/azure-defender","CIS Microsoft Azure Foundations Benchmark v1.3.1 - 2.2 Ensure that Azure Defender is set to On for App Service"],"remediation":{"arm":"Set `name` to `AppServices` and `properties.pricingTier` to `Standard`","terraform":"Set `tier` to `Standard` and `resource_type` to `AppServices`"},"severity":"low","subType":"Security Center","title":"App Service is not protected by Azure Defender"},"SNYK_CC_AZURE_524":{"compliance":[["CIS-AZURE-Foundations","v1.4.0","2.4"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"SQL server virtual machines will not be protected with threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center","issue":"Azure Defender is disabled on SQL server virtual machines","publicId":"SNYK-CC-AZURE-524","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing","https://docs.microsoft.com/en-us/azure/security-center/azure-defender","CIS Benchmark - `2.4 Ensure that Azure Defender is set to On for Sql servers on machines`"],"remediation":{"arm":"Set `name` to `SqlServerVirtualMachines` and `properties.pricingTier` to `Standard`","terraform":"Set `tier` to `Standard` and `resource_type` to `SqlServerVirtualMachines`"},"severity":"low","subType":"Security Center","title":"Azure Defender is disabled on SQL server virtual machines"},"SNYK_CC_AZURE_525":{"compliance":[["CIS-AZURE-Foundations","v1.4.0","2.5"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Storage accounts will not be protected with threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center","issue":"Azure Defender is disabled on storage accounts","publicId":"SNYK-CC-AZURE-525","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing","https://docs.microsoft.com/en-us/azure/security-center/azure-defender","https://github.com/Azure/azure-quickstart-templates/blob/master/quickstarts/microsoft.storage/storage-advanced-threat-protection-create/azuredeploy.json#L72","CIS Benchmark - `2.5 Ensure that Azure Defender is set to On for Storage`"],"remediation":{"arm":"Set `name` to `StorageAccounts` and `properties.pricingTier` to `Standard`","terraform":"Set `tier` to `Standard` and `resource_type` to `StorageAccounts`"},"severity":"low","subType":"Security Center","title":"Azure Defender is disabled on storage accounts"},"SNYK_CC_AZURE_526":{"compliance":[["CIS-Controls","v8","10.1"],["CIS-Controls","v8","13.1"],["CIS-Controls","v8","16.10"],["CIS-AZURE-Foundations","v1.4.0","2.6"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Kubernetes services will not be protected with threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center","issue":"Azure Defender is disabled on kubernetes service","publicId":"SNYK-CC-AZURE-526","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing","https://docs.microsoft.com/en-us/azure/security-center/azure-defender","CIS Benchmark - `2.6 Ensure that Azure Defender is set to On for Kubernetes`"],"remediation":{"arm":"Set `name` to `KubernetesService` and `properties.pricingTier` to `Standard`","terraform":"Set `tier` to `Standard` and `resource_type` to `KubernetesService`"},"severity":"low","subType":"Security Center","title":"Azure Defender is disabled on kubernetes service"},"SNYK_CC_AZURE_527":{"compliance":[["CIS-AZURE-Foundations","v1.4.0","2.7"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Container Registry will not be protected with threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center","issue":"Ensure that Azure Defender is set to On for Container Registries","publicId":"SNYK-CC-AZURE-527","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing","https://docs.microsoft.com/en-us/azure/security-center/azure-defender","CIS Microsoft Azure Foundations Benchmark v1.3.0 - 2.7 Ensure that Azure Defender is set to On for Container Registries"],"remediation":{"arm":"Set `name` to `ContainerRegistry` and `properties.pricingTier` to `Standard`","terraform":"Set `tier` to `Standard` and `resource_type` to `ContainerRegistry`"},"severity":"low","subType":"Security Center","title":"Azure Defender is disabled for Container Registries"},"SNYK_CC_AZURE_528":{"compliance":[["CIS-Controls","v8","10.1"],["CIS-Controls","v8","16.10"],["CIS-Controls","v8","13.1"],["CIS-AZURE-Foundations","v1.4.0","2.8"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Key Vault service will not be protected with threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center","issue":"Key Vault is not protected by Azure Defender","publicId":"SNYK-CC-AZURE-528","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing","https://docs.microsoft.com/en-us/azure/security-center/azure-defender","CIS Benchmark - `2.8 Ensure that Azure Defender is set to On for Key Vault`"],"remediation":{"arm":"Set `name` to `KeyVaults` and `properties.pricingTier` to `Standard`","terraform":"Set `tier` to `Standard` and `resource_type` to `KeyVaults`"},"severity":"low","subType":"Security Center","title":"Key Vault is not protected by Azure Defender"},"SNYK_CC_AZURE_529":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AZURE-Foundations","v1.4.0","2.11"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Security Center will not automatically provision Monitoring Agent on all compatible virtual machines, you will not automatically be provided with alerts on security misconfigurations, updates, and vulnerabilities","issue":"Automatic provisioning of monitoring agent is disabled","publicId":"SNYK-CC-AZURE-529","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_auto_provisioning","https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection"],"remediation":{"arm":"Set `autoProvision` to `On`","terraform":"Set `auto_provision` to `On`"},"severity":"low","subType":"Security Center","title":"Automatic provisioning of monitoring agent is disabled"},"SNYK_CC_AZURE_532":{"compliance":[["CIS-AZURE-Foundations","v1.4.0","2.14"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Subscription admins will not receive security alerts for important events, which may affect system security","issue":"High severity security notifications disabled","publicId":"SNYK-CC-AZURE-532","references":["https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details","https://docs.microsoft.com/en-us/rest/api/securitycenter/security-contacts/list","CIS Microsoft Azure Foundations Benchmark v1.3.1 - 2.14 Ensure that 'Notify about alerts with the following severity' is set to 'High'"],"remediation":{"arm":"Set `alertNotifications.state` to `On` and `alertNotifications.minimalSeverity` to `High`"},"severity":"low","subType":"Security Center","title":"High severity security notifications disabled"},"SNYK_CC_AZURE_533":{"compliance":[["CIS-Controls","v8","3.10"],["CIS-Controls","v8","12.3"],["CIS-AZURE-Foundations","v1.4.0","9.10"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-10"]],"impact":"FTP is a plain-text protocol that is vulnerable to manipulation and eavesdropping","issue":"App Service allows FTP deployments","publicId":"SNYK-CC-AZURE-533","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service#ftps_state","https://docs.microsoft.com/en-us/azure/app-service/deploy-ftp?tabs=portal#enforce-ftps","CIS Microsoft Azure Foundations Benchmark v1.3.1 - 9.10 Ensure FTP deployments are disabled"],"remediation":{"arm":"Set `ftpsState` to `FtpsOnly` or `Disabled` if not needed","terraform":"Set `ftps_state` to `FtpsOnly` or `Disabled`"},"severity":"high","subType":"App Service (Web Apps)","title":"App Service allows FTP deployments"},"SNYK_CC_AZURE_534":{"compliance":[["CIS-Controls","v8","8.2"],["CSA-CCM","v4.0.5","LOG-08"]],"id":"634","impact":"Unable to monitor individual requests and to diagnose issues with the Storage Queue service","issue":"Storage Queue service logging is disabled","publicId":"SNYK-CC-AZURE-534","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#queue_properties","https://docs.microsoft.com/en-us/azure/storage/queues/monitor-queue-storage?tabs=azure-portal","CIS Microsoft Azure Foundations Benchmark v1.3.1 - 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests"],"remediation":{"arm":"Add `resource.properties.logs` attribute entry for each of `StorageRead`, `StorageWrite`, and `StorageDelete`","terraform":"Set `delete`,`read` and `write` in the `queue_properties.logging` to `true`"},"severity":"low","subType":"Storage","title":"Storage Queue service logging is disabled"},"SNYK_CC_AZURE_535":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AZURE-Foundations","v1.4.0","3.5"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IAM-16"]],"impact":"Client has unauthorized read access to storage container or blob","issue":"Public access level for storage containers \u0026 blobs is enabled","publicId":"SNYK-CC-AZURE-535","references":["https://docs.microsoft.com/en-us/azure/storage/blobs/anonymous-read-access-configure?tabs=portal","CIS Microsoft Azure Foundations Benchmark v1.3.1 - 3.5 Ensure that 'Public access level' is set to Private for blob containers"],"remediation":{"arm":"Set `properties.PublicAccess` to `None`","terraform":"Set `allow_blob_public_access` to `false`"},"severity":"high","subType":"Storage","title":"Public access level for storage containers \u0026 blobs is enabled"},"SNYK_CC_AZURE_537":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AZURE-Foundations","v1.4.0","4.2.1"],["CSA-CCM","v4.0.5","TVM-07"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Advanced Threat Protection can identify potential SQL injection, access from unusual location or data center, access from unfamiliar principal or potentially harmful application, and brute force SQL credentials","issue":"Advanced Threat Protection is disabled on SQL server","publicId":"SNYK-CC-AZURE-537","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/advanced_threat_protection","https://docs.microsoft.com/en-us/azure/azure-sql/database/threat-detection-configure"],"remediation":{"terraform":"Set `enabled` attribute to `true`"},"severity":"low","subType":"Security Center","title":"Advanced Threat Protection is disabled on SQL server"},"SNYK_CC_AZURE_539":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AZURE-Foundations","v1.4.0","4.2.3"],["CSA-CCM","v4.0.5","TVM-07"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"New vulnerabilities may not be detected in timely manner. This can leave the SQL server vulnerable to potential attack and exploitation","issue":"Periodic vulnerability assessment is not enabled on SQL server","publicId":"SNYK-CC-AZURE-539","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server_vulnerability_assessment","https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment","CIS Benchmark - 4.2.3: Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server"],"remediation":{"arm":"Set `properties.recurringScans.isEnabled` to `true`","terraform":"Set `recurring_scans.enabled` to `true`"},"severity":"low","subType":"Database","title":"Periodic vulnerability assessment is not enabled on SQL server"},"SNYK_CC_AZURE_540":{"compliance":[["CIS-AZURE-Foundations","v1.4.0","4.2.5"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Administrators will not be automatically notified, which can lead to time delay in identifying risks and taking corrective measures","issue":"MSSQL Vulnerability Assessment email notifications are disabled","publicId":"SNYK-CC-AZURE-540","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_server_vulnerability_assessment","https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-vulnerability-assessment","CIS Microsoft Azure Foundations Benchmark v1.3.1 - 4.2.5 Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server"],"remediation":{"arm":"Set `properties.recurringScans.emailSubscriptionAdmins` to `true`","terraform":"Set `recurring_scans.email_subscription_admins` to `true`"},"severity":"low","subType":"Database","title":"MSSQL Vulnerability Assessment email notifications are disabled"},"SNYK_CC_AZURE_542":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-Controls","v8","10.1"],["CIS-Controls","v8","13.1"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Missing Windows Server Endpoint Detection and Response (EDR) capabilities","issue":"Windows Defender ATP (WDATP) integration in Security Center disabled","publicId":"SNYK-CC-AZURE-542","references":["CIS Microsoft Azure Foundations Benchmark: 2.9 - Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected","https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_setting","https://docs.microsoft.com/en-us/azure/security-center/security-center-wdatp?tabs=windows","https://docs.microsoft.com/en-us/azure/templates/microsoft.security/settings?tabs=json"],"remediation":{"arm":"Set `name` to `WDATP` and `properties.enabled` to `true`","terraform":"Set `setting_name` to `WDATP` and `enabled` to `true`"},"severity":"medium","subType":"Security Center","title":"Windows Defender ATP (WDATP) integration in Security Center disabled"},"SNYK_CC_AZURE_543":{"compliance":[["CIS-Controls","v8","16.10"],["CIS-AZURE-Foundations","v1.4.0","2.10"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Missing analysis of Azure Resource Manager records to detect unusual or potentially harmful operations in the Azure subscription environment","issue":"Microsoft Cloud App Security (MCAS) integration in Security Center disabled","publicId":"SNYK-CC-AZURE-543","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_setting","https://docs.microsoft.com/en-us/cloud-app-security/","https://docs.microsoft.com/en-us/azure/templates/microsoft.security/settings?tabs=json","CIS Microsoft Azure Foundations Benchmark: 2.10 - Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected"],"remediation":{"arm":"Set `name` to `MCAS`, and set `properties.enabled` to `true`","terraform":"Set `setting_name` to `MCAS` and `enabled` to `true`"},"severity":"medium","subType":"Security Center","title":"Microsoft Cloud App Security (MCAS) integration in Security Center disabled"},"SNYK_CC_AZURE_552":{"compliance":[["CIS-Controls","v8","8.5"],["CIS-AZURE-Foundations","v1.4.0","5.1.2"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Not capturing the diagnostic setting categories for appropriate management activities leads to missing important alerts","issue":"Ensure Diagnostic Setting captures appropriate categories","publicId":"SNYK-CC-AZURE-552","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting#category","https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/resource-manager-diagnostic-settings ","CIS Benchmark v1.3.1 - 5.1.2 Ensure Diagnostic Setting captures appropriate categories"],"remediation":{"terraform":"Set log blocks for the categories `Administrative`,`Alert`,`Policy`,`Security` with `enabled` set to `true` for each"},"severity":"low","subType":"Monitor","title":"Ensure Diagnostic Setting captures appropriate categories"},"SNYK_CC_AZURE_553":{"compliance":[["CIS-Controls","v8","10.1"],["CIS-Controls","v8","16.10"],["CIS-Controls","v8","13.1"],["CIS-AZURE-Foundations","v1.4.0","2.1"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Virtual machines are not protected against advanced threats","issue":"Azure Defender is disabled for Virtual Machines","publicId":"SNYK-CC-AZURE-553","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing","https://docs.microsoft.com/en-us/azure/security-center/azure-defender"],"remediation":{"arm":"Set `name` to `VirtualMachines` and `properties.pricingTier` to `Standard`","terraform":"Set `tier` to `Standard` and `resource_type` to `VirtualMachines`"},"severity":"medium","subType":"Security Center","title":"Azure Defender is disabled for Virtual Machines"},"SNYK_CC_AZURE_554":{"compliance":[["CIS-Controls","v8","10.1"],["CIS-Controls","v8","16.10"],["CIS-Controls","v8","13.1"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"id":"554","impact":"ARM is not protected against advanced threats","issue":"Azure Defender is disabled for Azure Resource Management (ARM)","publicId":"SNYK-CC-AZURE-554","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing","https://docs.microsoft.com/en-us/azure/security-center/azure-defender"],"remediation":{"arm":"Set `name` to `Arm` and `properties.pricingTier` to `Standard`","terraform":"Set `tier` to `Standard` and `resource_type` to `Arm`"},"severity":"medium","subType":"Security Center","title":"Azure Defender is disabled for Azure Resource Management (ARM)"},"SNYK_CC_AZURE_555":{"compliance":[["CIS-Controls","v8","10.1"],["CIS-Controls","v8","16.10"],["CIS-Controls","v8","13.1"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Azure DNS is not protected against advanced threats","issue":"Azure Defender is disabled for Azure DNS","publicId":"SNYK-CC-AZURE-555","references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing","https://docs.microsoft.com/en-us/azure/security-center/azure-defender"],"remediation":{"arm":"Set `name` to `Dns` and `properties.pricingTier` to `Standard`","terraform":"Set `tier` to `Standard` and `resource_type` to `Dns`"},"severity":"medium","subType":"Security Center","title":"Azure Defender is disabled for Azure DNS"},"SNYK_CC_AZURE_594":{"compliance":[["CIS-Controls","v8","5.6"],["CIS-Controls","v8","6.7"],["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"The admin user account is a technical account that allows depersonalized access and should be replaced by personalized, managed identities.","issue":"Azure Container Registry Admin is enabled","publicId":"SNYK-CC-AZURE-594","references":["https://docs.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli#admin-account","https://docs.microsoft.com/en-us/azure/templates/microsoft.containerregistry/registries?tabs=json"],"remediation":{"arm":"Set `properties.adminUserEnabled` to `false`","terraform":"Set `admin_enabled` to `false`, or remove the property from the resource"},"severity":"medium","subType":"Container","title":"Azure Container Registry Admin is enabled"},"SNYK_CC_AZURE_595":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","BCR-08"]],"impact":"Missing geo replication leads to reduced availability of container images","issue":"Geo replication for Azure Container Images disabled","publicId":"SNYK-CC-AZURE-595","references":["https://docs.microsoft.com/en-us/azure/templates/microsoft.containerregistry/registries/replications?tabs=json","https://azure.microsoft.com/en-gb/blog/azure-container-registry-makes-geo-replication-generally-available-adding-lifecycle-management-capabilities/","https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/container-registry/container-registry-get-started-geo-replication-template.md"],"remediation":{"terraform":"Set a `georeplications` block within the resource, including a valid `location` property"},"severity":"low","subType":"Container","title":"Geo replication for Azure Container Images disabled"},"SNYK_CC_AZURE_597":{"compliance":[["CIS-Controls","v8","10.1"],["CSA-CCM","v4.0.5","UEM-09"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Container images are not scanned for malware","issue":"Container image quarantine disabled","publicId":"SNYK-CC-AZURE-597","references":["https://docs.microsoft.com/en-us/azure/container-registry/container-registry-faq#how-do-i-enable-automatic-image-quarantine-for-a-registry-"],"remediation":{"arm":"Set `properties.policies.quarantinePolicy.status` to `enabled`","terraform":"Set `quarantine_policy_enabled` to `true`, or remove the property from the resource"},"severity":"medium","subType":"Container","title":"Container image quarantine disabled"},"SNYK_CC_AZURE_605":{"compliance":[["CIS-Controls","v8","4.7"],["CSA-CCM","v4.0.5","IAM-05"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"The local Kubernetes accounts can be used to avoid attribution of action on the cluster resources.","issue":"AKS local accounts are enabled","publicId":"SNYK-CC-AZURE-605","references":["https://docs.microsoft.com/en-us/azure/aks/managed-aad#disable-local-accounts","https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.AKS.LocalAccounts/"],"remediation":{"arm":"Set `properties.disableLocalAccounts` attribute to `true`"},"severity":"medium","subType":"Container","title":"AKS local accounts are enabled"},"SNYK_CC_AZURE_606":{"compliance":[["CIS-Controls","v8","5.6"],["CIS-Controls","v8","6.7"],["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"AKS-managed integration provides an easy way to use Azure AD authorization for AKS. Consider configuring AKS-managed Azure AD integration for AKS clusters.","issue":"AKS managed Azure Active Directory integration is disabled","publicId":"SNYK-CC-AZURE-606","references":["https://docs.microsoft.com/en-us/azure/aks/managed-aad"],"remediation":{"arm":"Set `properties.aadProfile.managed` to `true`"},"severity":"low","subType":"Container","title":"AKS managed Azure Active Directory integration is disabled"},"SNYK_CC_AZURE_607":{"compliance":[["CIS-Controls","v8","8.5"],["CSA-CCM","v4.0.5","LOG-03"]],"impact":"Missing insights into workload states of the AKS cluster makes it difficult to detect and remedy performance issues","issue":"AKS cluster does not have platform diagnostic logging enabled","publicId":"SNYK-CC-AZURE-607","references":["https://docs.microsoft.com/en-us/azure/aks/concepts-diagnostics","https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/resource-manager-diagnostic-settings?tabs=json","https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/DataConnectorsAzureKubernetes_Deploy.json","https://docs.microsoft.com/en-us/azure/templates/microsoft.containerservice/managedclusters?tabs=json"],"remediation":{"arm":"Set items of `properties.logs` with `category` as `cluster-autoscaler`, `kube-apiserver`, `kube-scheduler`, and `kube-controller-manager` where `properties.logs[ITEM].enabled` to `true`. In addition, set item of `properties.metrics` with `category` as `AllMetrics` where `properties.metrics[ITEM].enabled` to `true`"},"severity":"low","subType":"Container","title":"AKS cluster does not have platform diagnostic logging enabled"},"SNYK_CC_AZURE_608":{"compliance":[["CIS-Controls","v8","12.2"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IVS-02"]],"impact":"Using the free SKU might negatively impact the availability of the App Configuration","issue":"An SLA should be used for App Configuration","publicId":"SNYK-CC-AZURE-608","references":["https://azure.microsoft.com/en-gb/pricing/details/app-configuration/","https://docs.microsoft.com/en-us/azure/templates/microsoft.appconfiguration/configurationstores?tabs=json"],"remediation":{"arm":"Set `sku.name` to `Standard`","terraform":"Set `sku` to `standard`"},"severity":"medium","subType":"App Service (Web Apps)","title":"An SLA should be used for App Configuration"},"SNYK_CC_AZURE_609":{"compliance":[["CIS-Controls","v8","12.2"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IVS-02"]],"impact":"Application Gateways in version 1 should be deployed with an SKU instance size of medium or large. Running production workloads on small application gateways may overload the processing capacity and lead to service unavailability","issue":"App Gateway should use a production level SKU","publicId":"SNYK-CC-AZURE-609","references":["https://docs.microsoft.com/en-us/azure/application-gateway/quick-create-template"],"remediation":{"arm":"Set `properties.sku.name` to any option other than `Standard_Small`","terraform":"Set `sku.name` to any option other than `Standard_Small`"},"severity":"low","subType":"Network","title":"App Gateway should use a production level SKU"},"SNYK_CC_AZURE_610":{"compliance":[["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Out-of-date OWASP rules might not protect as effectively as more recent rule sets","issue":"App Gateway does not use OWASP 3.x rules","publicId":"SNYK-CC-AZURE-610","references":["https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview","https://docs.microsoft.com/en-us/azure/templates/microsoft.network/applicationgateways?tabs=bicep"],"remediation":{"arm":"Set `properties.webApplicationFirewallConfiguration.ruleSetType` to `OWASP` and `properties.webApplicationFirewallConfiguration.ruleSetVersion` to `3.2`","terraform":"Set `waf_configuration.rule_set_type` to `OWASP` and `waf_configuration.rule_set_version` to `3.1`"},"severity":"medium","subType":"Network","title":"App Gateway does not use OWASP 3.x rules"},"SNYK_CC_AZURE_611":{"compliance":[["CIS-Controls","v8","12.2"],["CIS-Controls","v8","13.10"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Backend resources are not proactively protected by web application firewall","issue":"WAF prevention mode not enabled","publicId":"SNYK-CC-AZURE-611","references":["https://docs.microsoft.com/en-us/azure/templates/microsoft.network/applicationgateways?tabs=json","https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview#waf-modes"],"remediation":{"arm":"Set `properties.webApplicationFirewallConfiguration.firewallMode` to `Prevention`"},"severity":"medium","subType":"Network","title":"WAF prevention mode not enabled"},"SNYK_CC_AZURE_613":{"compliance":[["CIS-Controls","v8","16.8"],["CSA-CCM","v4.0.5","IVS-05"]],"impact":"Missing advanced auto scale and traffic management features can cause stability issues for production workload","issue":"App Service does not use production level SKU","publicId":"SNYK-CC-AZURE-613","references":["https://azure.microsoft.com/en-us/pricing/details/app-service/windows/","https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service_plan","https://docs.microsoft.com/en-us/azure/templates/microsoft.web/2019-08-01/serverfarms?tabs=bicep"],"remediation":{"arm":"Set `sku.tier` to `Standard` or higher","terraform":"Set `sku.tier` to `Standard` or higher"},"severity":"low","subType":"App Service (Web Apps)","title":"App Service does not use production level SKU"},"SNYK_CC_AZURE_618":{"compliance":[["CIS-Controls","v8","12.2"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","IVS-02"]],"impact":"A single App Service Plan instance increases the risk of application unavailability","issue":"Use two or more App Service Plan instances","publicId":"SNYK-CC-AZURE-618","references":["https://docs.microsoft.com/en-us/azure/app-service/overview-hosting-plans","https://docs.microsoft.com/en-us/azure/templates/microsoft.web/serverfarms?tabs=json"],"remediation":{"arm":"Set `sku.capacity` to `2` or more","terraform":"Set `sku.capacity` to `2` or more"},"severity":"medium","subType":"App Service (Web Apps)","title":"Use two or more App Service Plan instances"},"SNYK_CC_AZURE_619":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","DSP-10"]],"impact":"Leaving remote debugging enabled might increase exposure to unnecessary risk","issue":"App Service remote debugging enabled","publicId":"SNYK-CC-AZURE-619","references":["https://devblogs.microsoft.com/premier-developer/remote-debugging-azure-app-services/","https://docs.microsoft.com/en-us/azure/templates/microsoft.web/sites?tabs=bicep"],"remediation":{"arm":"Set `properties.remoteDebuggingEnabled` to `false`","terraform":"Set `site_config.remote_debugging_enabled` to `false`, or remove the `remote_debugging_enabled` property"},"severity":"medium","subType":"App Service (Web Apps)","title":"App Service remote debugging enabled"},"SNYK_CC_AZURE_620":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","CEK-03"]],"impact":"Unencrypted variables might leak sensitive information","issue":"Ensure Automation Variables are encrypted","publicId":"SNYK-CC-AZURE-620","references":["https://docs.microsoft.com/en-us/azure/automation/automation-secure-asset-encryption","https://docs.microsoft.com/en-us/azure/templates/microsoft.automation/automationaccounts/variables?tabs=json"],"remediation":{"arm":"Set `properties.isEncrypted` to `true`","terraform":"In your `azurerm_automation_variable_bool`, `azurerm_automation_variable_datetime`, `azurerm_automation_variable_int`, or `azurerm_automation_variable_string` resources, set `encrypted to `true``"},"severity":"medium","subType":"Automation","title":"Ensure Automation Variables are encrypted"},"SNYK_CC_AZURE_621":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","IAM-05"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Account key-based write access to account data exposes sensitive configuration options to non-administrative accounts","issue":"Restrict user access to data operations in Azure Cosmos DB","publicId":"SNYK-CC-AZURE-621","references":["https://docs.microsoft.com/en-us/azure/cosmos-db/audit-control-plane-logs","https://docs.microsoft.com/en-us/azure/templates/microsoft.documentdb/databaseaccounts?tabs=json"],"remediation":{"arm":"Set `Properties.disableKeyBasedMetadataWriteAccess` to `true`","terraform":"Set `access_key_metadata_writes_enabled` to `false`"},"severity":"medium","subType":"CosmosDB (DocumentDB)","title":"Restrict user access to data operations in Azure Cosmos DB"},"SNYK_CC_AZURE_624":{"compliance":[["CIS-AZURE-Foundations","v1.4.0","8.6"],["CSA-CCM","v4.0.5","DSP-07"]],"impact":"Accidentally purged vaults and vault items are not recoverable and might lead to data loss","issue":"Key Vault purge protection is disabled","publicId":"SNYK-CC-AZURE-624","references":["https://docs.microsoft.com/en-us/azure/key-vault/general/soft-delete-overview#purge-protection","https://docs.microsoft.com/en-us/azure/templates/microsoft.keyvault/vaults?tabs=bicep","CIS Microsoft Azure Foundations Benchmark v1.3.1 - 8.4 Ensure the key vault is recoverable"],"remediation":{"arm":"Set `properties.enablePurgeProtection` to `true`","terraform":"Set `purge_protection_enabled` to `true`"},"severity":"medium","subType":"Security Center","title":"Key Vault purge protection is disabled"},"SNYK_CC_AZURE_625":{"compliance":[["CIS-Controls","v8","3.11"],["CIS-AZURE-Foundations","v1.4.0","8.6"],["CSA-CCM","v4.0.5","BCR-08"]],"impact":"Accidentally deleted vaults and vault items are not recoverable and might lead to data loss","issue":"Key Vault soft deletion not set to 90 days","publicId":"SNYK-CC-AZURE-625","references":["https://docs.microsoft.com/en-us/azure/key-vault/general/soft-delete-overview","https://docs.microsoft.com/en-us/azure/templates/microsoft.keyvault/vaults?tabs=bicep","CIS Microsoft Azure Foundations Benchmark v1.3.1 - 8.4 Ensure the key vault is recoverable"],"remediation":{"arm":"Set `properties.enableSoftDelete` to `true` and `softDeleteRetentionInDays` to `90`, or remove the attributes entirely to use enabled soft delete default with 90 days retention","terraform":"Set `soft_delete_retention_days` to `90`, or remove the attribute entirely to use 90 days default retention"},"severity":"medium","subType":"Key Vault","title":"Key Vault soft deletion not set to 90 days"},"SNYK_CC_AZURE_627":{"compliance":[["CIS-Controls","v8","16.10"],["CSA-CCM","v4.0.5","CEK-03"],["CSA-CCM","v4.0.5","DSP-07"],["CSA-CCM","v4.0.5","DSP-10"]],"impact":"An outdated TLS version might lead to data leakage or manipulation","issue":"MySQL minimum TLS version \ No newline at end of file From f6e9ddf1474a05f835442a4122cbeb2cce40b999 Mon Sep 17 00:00:00 2001 From: Adam La Morre Date: Mon, 2 Jan 2023 08:42:59 -0800 Subject: [PATCH 5/5] Giving up.. for now --- example-next/next.config.js | 6 +++--- src/sockets/MultiChatSocket/childSocket.tsx | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/example-next/next.config.js b/example-next/next.config.js index a843cbe..24f1a90 100644 --- a/example-next/next.config.js +++ b/example-next/next.config.js @@ -1,6 +1,6 @@ /** @type {import('next').NextConfig} */ const nextConfig = { - reactStrictMode: true, -} + reactStrictMode: false, +}; -module.exports = nextConfig +module.exports = nextConfig; diff --git a/src/sockets/MultiChatSocket/childSocket.tsx b/src/sockets/MultiChatSocket/childSocket.tsx index fb02c0e..105abf3 100644 --- a/src/sockets/MultiChatSocket/childSocket.tsx +++ b/src/sockets/MultiChatSocket/childSocket.tsx @@ -2,7 +2,7 @@ import React from 'react'; import { Props } from './props'; -import { WebSocketNext } from 'nextjs-websocket'; +import { WebSocket } from 'nextjs-websocket'; export const ChildSocket: React.FC = (props: Props) => { const { sessionToken } = props; @@ -39,7 +39,7 @@ export const ChildSocket: React.FC = (props: Props) => { const wsUrl = props.wsUrl ? props.wsUrl : 'wss://api.chatengine.io'; return ( -