Skip to content

Enhance openapi.yaml by adding error response schemas for various endpoints#11

Merged
cx-ryan-wakeham merged 1 commit intomainfrom
restore-error-schemas
Jan 26, 2026
Merged

Enhance openapi.yaml by adding error response schemas for various endpoints#11
cx-ryan-wakeham merged 1 commit intomainfrom
restore-error-schemas

Conversation

@cx-ryan-wakeham
Copy link
Owner

@cx-ryan-wakeham cx-ryan-wakeham commented Jan 26, 2026

  • Included error response content sections for multiple endpoints to standardize error handling.
  • Each error response now references the Error schema, improving clarity and consistency in API documentation.

@cx-ryan-wakeham
Enhance openapi.yaml by adding error response schemas for various end…
a72047c 
…points

- Included error response content sections for multiple endpoints to standardize error handling.
- Each error response now references the Error schema, improving clarity and consistency in API documentation.
@cx-ryan-wakeham cx-ryan-wakeham merged commit 3c57147 into main Jan 26, 2026
1 check was pending
@cx-ryan-wakeham cx-ryan-wakeham deleted the restore-error-schemas branch January 26, 2026 16:40
@cx-ryan-wakeham
Copy link
Owner Author

cx-ryan-wakeham commented Jan 26, 2026

Logo
Checkmarx One – Scan Summary & Detailsaa8f245b-abe0-4900-9e19-ae4ec496b358

New Issues (155)

Checkmarx found the following issues in this Pull Request

# Severity Issue Source File / Package Checkmarx Insight
1 CRITICAL RDS DB Instance Publicly Accessible /main.tf: 74
detailsRDS must not be defined with public interface, which means the field 'publicly_accessible' should not be set to 'true' (default is 'false').
2 CRITICAL S3 Bucket Access to Any Principal /s3.tf: 22
detailsS3 Buckets must not allow Actions From All Principals, as to prevent leaking private information to the entire internet or allow unauthorized data ...
3 CRITICAL S3 Bucket Allows Delete Action From All Principals /s3.tf: 22
detailsS3 Buckets must not allow Delete Action From All Principals, as to prevent leaking private information to the entire internet or allow unauthorized...
4 CRITICAL S3 Bucket Allows Put Action From All Principals /s3.tf: 22
detailsS3 Buckets must not allow Put Action From All Principals, as to prevent leaking private information to the entire internet or allow unauthorized da...
5 HIGH DB Instance Storage Not Encrypted /main.tf: 76
detailsAWS DB Instance should have its storage encrypted by setting the parameter to 'true'. The storage_encrypted default value is 'false'.
6 HIGH Hardcoded AWS Access Key /main.tf: 25
detailsAWS Access Key should not be hardcoded
7 HIGH IAM Policy Grants Full Permissions /iam.tf: 22
detailsIAM policy should not grant full permissions to resources from the get-go, instead of granting permissions gradually as necessary.
8 HIGH IAM Policy Grants Full Permissions /iam.tf: 55
detailsIAM policy should not grant full permissions to resources from the get-go, instead of granting permissions gradually as necessary.
9 HIGH Missing User Instruction /Dockerfile: 1
detailsAlways set a user in the runtime stage of your Dockerfile. Without it, the container defaults to root, even if earlier build stages define a user.
10 HIGH Missing User Instruction /Dockerfile: 1
detailsAlways set a user in the runtime stage of your Dockerfile. Without it, the container defaults to root, even if earlier build stages define a user.
11 HIGH Passwords And Secrets - AWS Access Key /Dockerfile: 6
detailsQuery to find passwords and secrets in infrastructure code.
12 HIGH Passwords And Secrets - AWS Access Key /docker-compose.yml: 23
detailsQuery to find passwords and secrets in infrastructure code.
13 HIGH Passwords And Secrets - AWS Access Key /variables.tf: 8
detailsQuery to find passwords and secrets in infrastructure code.
14 HIGH Passwords And Secrets - AWS Access Key /ci.yml: 12
detailsQuery to find passwords and secrets in infrastructure code.
15 HIGH Passwords And Secrets - AWS Secret Key /ci.yml: 13
detailsQuery to find passwords and secrets in infrastructure code.
16 HIGH Passwords And Secrets - AWS Secret Key /Dockerfile: 7
detailsQuery to find passwords and secrets in infrastructure code.
17 HIGH Passwords And Secrets - AWS Secret Key /docker-compose.yml: 24
detailsQuery to find passwords and secrets in infrastructure code.
18 HIGH Passwords And Secrets - Generic Password /ci.yml: 17
detailsQuery to find passwords and secrets in infrastructure code.
19 HIGH Passwords And Secrets - Generic Password /docker-compose.yml: 6
detailsQuery to find passwords and secrets in infrastructure code.
20 HIGH Passwords And Secrets - Generic Secret /Dockerfile: 5
detailsQuery to find passwords and secrets in infrastructure code.
21 HIGH Passwords And Secrets - Generic Secret /ci.yml: 15
detailsQuery to find passwords and secrets in infrastructure code.
22 HIGH Passwords And Secrets - Generic Secret /docker-compose.yml: 22
detailsQuery to find passwords and secrets in infrastructure code.
23 HIGH Passwords And Secrets - Password in URL /Dockerfile: 4
detailsQuery to find passwords and secrets in infrastructure code.
24 HIGH Passwords And Secrets - Password in URL /ci.yml: 14
detailsQuery to find passwords and secrets in infrastructure code.
25 HIGH Passwords And Secrets - Password in URL /docker-compose.yml: 20
detailsQuery to find passwords and secrets in infrastructure code.
26 HIGH Remote Desktop Port Open To Internet /main.tf: 43
detailsThe Remote Desktop port is open to the internet in a Security Group
27 HIGH S3 Bucket Allows Get Action From All Principals /s3.tf: 29
detailsS3 Buckets must not allow Get Action From All Principals, as to prevent leaking private information to the entire internet or allow unauthorized da...
28 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
29 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
30 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
31 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
32 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
33 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
34 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
35 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
36 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
37 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
38 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
39 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
40 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
41 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
42 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
43 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
44 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
45 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
46 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
47 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
48 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
49 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
50 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
51 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
52 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
53 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
54 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
55 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
56 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
57 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
58 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
59 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
60 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
61 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
62 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
63 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
64 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
65 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
66 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
67 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
68 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
69 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
70 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
71 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
72 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
73 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
74 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
75 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
76 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
77 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
78 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
79 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
80 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
81 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
82 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
83 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
84 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
85 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
86 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
87 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
88 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
89 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
90 HIGH Sensitive Port Is Exposed To Entire Network /main.tf: 43
detailsA sensitive port, such as port 23 or port 110, is open for the whole network in either TCP or UDP protocol
91 HIGH Unknown Port Exposed To Internet /main.tf: 43
detailsAWS Security Group should not have an unknown port exposed to the entire Internet
92 HIGH Unrestricted Security Group Ingress /main.tf: 47
detailsSecurity groups allow ingress from 0.0.0.0:0 and/or ::/0
93 MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 12
detailsWhen installing a package, its pin version should be defined
94 MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 12
detailsWhen installing a package, its pin version should be defined
95 MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 12
detailsWhen installing a package, its pin version should be defined
96 MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 12
detailsWhen installing a package, its pin version should be defined
97 MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 12
detailsWhen installing a package, its pin version should be defined
98 MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 12
detailsWhen installing a package, its pin version should be defined
99 MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 12
detailsWhen installing a package, its pin version should be defined
100 MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 12
detailsWhen installing a package, its pin version should be defined
101 MEDIUM Apt Get Install Pin Version Not Defined /Dockerfile: 12
detailsWhen installing a package, its pin version should be defined
102 MEDIUM Container Capabilities Unrestricted /docker-compose.yml: 15
detailsSome capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec...
103 MEDIUM Container Capabilities Unrestricted /docker-compose.yml: 64
detailsSome capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec...
104 MEDIUM Container Capabilities Unrestricted /docker-compose.yml: 2
detailsSome capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec...
105 MEDIUM Container Capabilities Unrestricted /docker-compose.yml: 39
detailsSome capabilities are not needed in certain (or any) containers. Make sure that you only add capabilities that your container needs. Drop unnec...
106 MEDIUM Container Traffic Not Bound To Host Interface /docker-compose.yml: 10
detailsIncoming container traffic should be bound to a specific host interface
107 MEDIUM Container Traffic Not Bound To Host Interface /docker-compose.yml: 66
detailsIncoming container traffic should be bound to a specific host interface
108 MEDIUM EC2 Instance Has Public IP /main.tf: 17
detailsEC2 Instance should not have a public IP address.
109 MEDIUM EC2 Instance Monitoring Disabled /main.tf: 17
detailsEC2 Instance should have detailed monitoring enabled. With detailed monitoring enabled data is available in 1-minute periods
110 MEDIUM HTTP Port Open To Internet /main.tf: 43
detailsThe HTTP port is open to the internet in a Security Group
111 MEDIUM Healthcheck Not Set /docker-compose.yml: 64
detailsCheck containers periodically to see if they are running properly.
112 MEDIUM Healthcheck Not Set /docker-compose.yml: 2
detailsCheck containers periodically to see if they are running properly.
113 MEDIUM Healthcheck Not Set /docker-compose.yml: 15
detailsCheck containers periodically to see if they are running properly.
114 MEDIUM IAM Database Auth Not Enabled /main.tf: 62
detailsIAM Database Auth Enabled should be configured to true when using compatible engine and version
115 MEDIUM IAM Policies Attached To User /iam.tf: 53
detailsIAM policies should be attached only to groups or roles
116 MEDIUM IAM Policies With Full Privileges /iam.tf: 22
detailsIAM policies shouldn't allow full administrative privileges (for all resources)
117 MEDIUM IAM Policies With Full Privileges /iam.tf: 55
detailsIAM policies shouldn't allow full administrative privileges (for all resources)
118 MEDIUM IAM policy allows for data exfiltration /iam.tf: 22
detailsThis policy contains actions that can retrieve information unrestricted and could lead to data exfiltration
119 MEDIUM IAM policy allows for data exfiltration /iam.tf: 55
detailsThis policy contains actions that can retrieve information unrestricted and could lead to data exfiltration
120 MEDIUM Privileged Ports Mapped In Container /docker-compose.yml: 66
detailsPrivileged ports (1 to 1023) should not be mapped. Also you should drop net_bind_service linux capability from the container unless you absolu...
121 MEDIUM RDS With Backup Disabled /main.tf: 78
detailsMake sure the AWS RDS configuration has automatic backup configured. If the retention period is equal to 0 there is no backup
122 MEDIUM RDS Without Logging /main.tf: 62
detailsRDS does not have any kind of logger
123 MEDIUM S3 Bucket Allows Public ACL /s3.tf: 13
detailsS3 bucket allows public ACL
124 MEDIUM S3 Bucket Allows Public Policy /s3.tf: 14
detailsS3 bucket allows public policy
125 MEDIUM S3 Bucket Logging Disabled /s3.tf: 40
detailsServer Access Logging should be enabled on S3 Buckets so that all changes are logged and trackable
126 MEDIUM S3 Bucket Logging Disabled /s3.tf: 1
detailsServer Access Logging should be enabled on S3 Buckets so that all changes are logged and trackable
127 MEDIUM S3 Bucket Policy Accepts HTTP Requests /s3.tf: 22
detailsS3 Bucket policy should not accept HTTP Requests
128 MEDIUM S3 Bucket Without Ignore Public ACL /s3.tf: 15
detailsS3 bucket without ignore public ACL
129 MEDIUM S3 Bucket Without Versioning /s3.tf: 1
detailsS3 bucket should have versioning enabled
130 MEDIUM S3 Bucket Without Versioning /s3.tf: 40
detailsS3 bucket should have versioning enabled
131 MEDIUM S3 Bucket with Unsecured CORS Rule /s3.tf: 51
detailsIf the CORS (Cross-Origin Resource Sharing) rule is defined in an S3 bucket, it should be secure
132 MEDIUM SQL Analysis Services Port 2383 (TCP) Is Publicly Accessible /main.tf: 43
detailsCheck if port 2383 on TCP is publicly accessible by checking the CIDR block range that can access it.
133 MEDIUM Security Group With Unrestricted Access To SSH /main.tf: 43
details'SSH' (TCP:22) should not be public in AWS Security Group
134 MEDIUM Security Opt Not Set /docker-compose.yml: 64
detailsAttribute 'security_opt' should be defined.
135 MEDIUM Security Opt Not Set /docker-compose.yml: 2
detailsAttribute 'security_opt' should be defined.
136 MEDIUM Security Opt Not Set /docker-compose.yml: 15
detailsAttribute 'security_opt' should be defined.
137 MEDIUM Security Opt Not Set /docker-compose.yml: 39
detailsAttribute 'security_opt' should be defined.
138 MEDIUM Unpinned Package Version in Pip Install /Dockerfile: 31
detailsPackage version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
139 LOW Authentication Without MFA /iam.tf: 55
detailsUsers should authenticate with MFA (Multi-factor Authentication) to ensure an extra layer of protection when authenticating
140 LOW EC2 Instance Using API Keys /main.tf: 17
detailsEC2 instances should use roles to be granted access to other AWS services
141 LOW Healthcheck Instruction Missing /Dockerfile: 1
detailsEnsure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
142 LOW Healthcheck Instruction Missing /Dockerfile: 1
detailsEnsure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
143 LOW IAM Access Analyzer Not Enabled /s3.tf: 1
detailsIAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
144 LOW IAM Access Analyzer Not Enabled /iam.tf: 1
detailsIAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
145 LOW IAM Access Analyzer Not Enabled /main.tf: 17
detailsIAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
146 LOW Instance Uses Metadata Service IMDSv1 /main.tf: 17
detailsInstance metadata can be accessed with both IMDSv1 or IMDSv2. Although, IMDSv2 service is a session-oriented service, granting additional protect...
147 LOW Instance With No VPC /main.tf: 17
detailsEC2 Instances should be configured under a VPC network. AWS VPCs provide the controls to facilitate a formal process for approving and testing all...

More results are available on the CxOne platform

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cx-ryan-wakeham