Conversation
…s-action into test-pr-comment
Rulesc5b31ab9-0f26-4a49-b8aa-4cc064392f4d (severity: ****)
Details{
"driver": {
"name": "KICS",
"version": "nightly-",
"fullName": "Keeping Infrastructure as Code Secure",
"informationUri": "https://www.kics.io/",
"rules": [
{
"id": "c5b31ab9-0f26-4a49-b8aa-4cc064392f4d",
"name": "S3 Bucket Without Enabled MFA Delete",
"shortDescription": {
"text": "S3 Bucket Without Enabled MFA Delete"
},
"fullDescription": {
"text": "S3 bucket without enabled MFA Delete"
},
"defaultConfiguration": {
"level": "error"
},
"helpUri": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#mfa_delete",
"relationships": [
{
"target": {
"id": "CAT007",
"index": 5,
"toolComponent": {
"name": "Categories",
"guid": "58cdcc6f-fe41-4724-bfb3-131a93df4c3f",
"index": 0
}
}
}
]
},
{
"id": "568a4d22-3517-44a6-a7ad-6a7eed88722c",
"name": "S3 Bucket Without Versioning",
"shortDescription": {
"text": "S3 Bucket Without Versioning"
},
"fullDescription": {
"text": "S3 bucket without versioning"
},
"defaultConfiguration": {
"level": "error"
},
"helpUri": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#versioning",
"relationships": [
{
"target": {
"id": "CAT007",
"index": 5,
"toolComponent": {
"name": "Categories",
"guid": "58cdcc6f-fe41-4724-bfb3-131a93df4c3f",
"index": 0
}
}
}
]
},
{
"id": "575a2155-6af1-4026-b1af-d5bc8fe2a904",
"name": "IAM Policy Allows All ('*') In Policy Statement",
"shortDescription": {
"text": "IAM Policy Allows All ('*') In Policy Statement"
},
"fullDescription": {
"text": "IAM policies allow all ('*') in a statement action"
},
"defaultConfiguration": {
"level": "warning"
},
"helpUri": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy",
"relationships": [
{
"target": {
"id": "CAT001",
"index": 3,
"toolComponent": {
"name": "Categories",
"guid": "58cdcc6f-fe41-4724-bfb3-131a93df4c3f",
"index": 0
}
}
}
]
},
{
"id": "1dc73fb4-5b51-430c-8c5f-25dcf9090b02",
"name": "RDS Without Backup",
"shortDescription": {
"text": "RDS Without Backup"
},
"fullDescription": {
"text": "RDS configured without backup"
},
"defaultConfiguration": {
"level": "warning"
},
"helpUri": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance",
"relationships": [
{
"target": {
"id": "CAT003",
"index": 10,
"toolComponent": {
"name": "Categories",
"guid": "58cdcc6f-fe41-4724-bfb3-131a93df4c3f",
"index": 0
}
}
}
]
},
{
"id": "88fd05e0-ac0e-43d2-ba6d-fc0ba60ae1a6",
"name": "IAM Database Auth Not Enabled",
"shortDescription": {
"text": "IAM Database Auth Not Enabled"
},
"fullDescription": {
"text": "IAM Database Auth Enabled must be configured to true"
},
"defaultConfiguration": {
"level": "error"
},
"helpUri": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#iam_database_authentication_enabled",
"relationships": [
{
"target": {
"id": "CAT006",
"index": 13,
"toolComponent": {
"name": "Categories",
"guid": "58cdcc6f-fe41-4724-bfb3-131a93df4c3f",
"index": 0
}
}
}
]
},
{
"id": "ad03cb46-f174-4674-bf8e-2880a7000edd",
"name": "S3 Bucket Rules With Master Key Id Null",
"shortDescription": {
"text": "S3 Bucket Rules With Master Key Id Null"
},
"fullDescription": {
"text": "If algorithm is AES256 then the master key is null, empty or undefined, otherwise the master key is required"
},
"defaultConfiguration": {
"level": "error"
},
"helpUri": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#sse_algorithm",
"relationships": [
{
"target": {
"id": "CAT012",
"index": 8,
"toolComponent": {
"name": "Categories",
"guid": "58cdcc6f-fe41-4724-bfb3-131a93df4c3f",
"index": 0
}
}
}
]
},
{
"id": "fd54f200-402c-4333-a5a4-36ef6709af2f",
"name": "Missing User Instruction",
"shortDescription": {
"text": "Missing User Instruction"
},
"fullDescription": {
"text": "A user should be specified in the dockerfile, otherwise the image will run as root"
},
"defaultConfiguration": {
"level": "error"
},
"helpUri": "https://docs.docker.com/engine/reference/builder/#user",
"relationships": [
{
"target": {
"id": "CAT005",
"index": 12,
"toolComponent": {
"name": "Categories",
"guid": "58cdcc6f-fe41-4724-bfb3-131a93df4c3f",
"index": 0
}
}
}
]
},
{
"id": "08bd0760-8752-44e1-9779-7bb369b2b4e4",
"name": "DB Instance Storage Not Encrypted",
"shortDescription": {
"text": "DB Instance Storage Not Encrypted"
},
"fullDescription": {
"text": "The parameter storage_encrypted in aws_db_instance must be true (the default is false)"
},
"defaultConfiguration": {
"level": "error"
},
"helpUri": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#storage_encrypted",
"relationships": [
{
"target": {
"id": "CAT006",
"index": 13,
"toolComponent": {
"name": "Categories",
"guid": "58cdcc6f-fe41-4724-bfb3-131a93df4c3f",
"index": 0
}
}
}
]
},
{
"id": "35113e6f-2c6b-414d-beec-7a9482d3b2d1",
"name": "DB Instance Publicly Accessible",
"shortDescription": {
"text": "DB Instance Publicly Accessible"
},
"fullDescription": {
"text": "The feature Publicly Accessible must be false"
},
"defaultConfiguration": {
"level": "error"
},
"helpUri": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#publicly_accessible",
"relationships": [
{
"target": {
"id": "CAT007",
"index": 5,
"toolComponent": {
"name": "Categories",
"guid": "58cdcc6f-fe41-4724-bfb3-131a93df4c3f",
"index": 0
}
}
}
]
},
{
"id": "6726dcc0-5ff5-459d-b473-a780bef7665c",
"name": "S3 Bucket Without Encryption",
"shortDescription": {
"text": "S3 Bucket Without Encryption"
},
"fullDescription": {
"text": "S3 bucket should have encryption defined"
},
"defaultConfiguration": {
"level": "error"
},
"helpUri": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket",
"relationships": [
{
"target": {
"id": "CAT007",
"index": 5,
"toolComponent": {
"name": "Categories",
"guid": "58cdcc6f-fe41-4724-bfb3-131a93df4c3f",
"index": 0
}
}
}
]
},
{
"id": "f861041c-8c9f-4156-acfc-5e6e524f5884",
"name": "S3 Bucket Without Logging",
"shortDescription": {
"text": "S3 Bucket Without Logging"
},
"fullDescription": {
"text": "S3 bucket without logging"
},
"defaultConfiguration": {
"level": "note"
},
"helpUri": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket",
"relationships": [
{
"target": {
"id": "CAT010",
"index": 1,
"toolComponent": {
"name": "Categories",
"guid": "58cdcc6f-fe41-4724-bfb3-131a93df4c3f",
"index": 0
}
}
}
]
},
{
"id": "b03a748a-542d-44f4-bb86-9199ab4fd2d5",
"name": "Healthcheck Instruction Missing",
"shortDescription": {
"text": "Healthcheck Instruction Missing"
},
"fullDescription": {
"text": "Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working"
},
"defaultConfiguration": {
"level": "note"
},
"helpUri": "https://docs.docker.com/engine/reference/builder/#healthcheck",
"relationships": [
{
"target": {
"id": "CAT007",
"index": 5,
"toolComponent": {
"name": "Categories",
"guid": "58cdcc6f-fe41-4724-bfb3-131a93df4c3f",
"index": 0
}
}
}
]
},
{
"id": "38c5ee0d-7f22-4260-ab72-5073048df100",
"name": "S3 Bucket With Public RW Access",
"shortDescription": {
"text": "S3 Bucket With Public RW Access"
},
"fullDescription": {
"text": "S3 bucket with public READ/WRITE access"
},
"defaultConfiguration": {
"level": "none"
},
"helpUri": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#mfa_delete",
"relationships": [
{
"target": {
"id": "CAT001",
"index": 3,
"toolComponent": {
"name": "Categories",
"guid": "58cdcc6f-fe41-4724-bfb3-131a93df4c3f",
"index": 0
}
}
}
]
}
]
}
}Results
https://github.com/elit-cx/test-kics-action/blob/test-pr-comment/terraform/aws/s3.tf#L44
https://github.com/elit-cx/test-kics-action/blob/test-pr-comment/terraform/aws/s3.tf#L59
https://github.com/elit-cx/test-kics-action/blob/test-pr-comment/terraform/aws/s3.tf#L72
https://github.com/elit-cx/test-kics-action/blob/test-pr-comment/terraform/aws/s3.tf#L1
https://github.com/elit-cx/test-kics-action/blob/test-pr-comment/terraform/aws/s3.tf#L25
https://github.com/elit-cx/test-kics-action/blob/test-pr-comment/terraform/aws/db-app.tf#L156
https://github.com/elit-cx/test-kics-action/blob/test-pr-comment/terraform/aws/db-app.tf#L17
https://github.com/elit-cx/test-kics-action/blob/test-pr-comment/terraform/aws/db-app.tf#L1
https://github.com/elit-cx/test-kics-action/blob/test-pr-comment/terraform/aws/s3.tf#L79
https://github.com/elit-cx/test-kics-action/blob/test-pr-comment/terraform/aws/db-app.tf#L18
https://github.com/elit-cx/test-kics-action/blob/test-pr-comment/terraform/aws/db-app.tf#L21
https://github.com/elit-cx/test-kics-action/blob/test-pr-comment/terraform/aws/s3.tf#L55
https://github.com/elit-cx/test-kics-action/blob/test-pr-comment/terraform/aws/s3.tf#L1
https://github.com/elit-cx/test-kics-action/blob/test-pr-comment/terraform/aws/s3.tf#L25
https://github.com/elit-cx/test-kics-action/blob/test-pr-comment/terraform/aws/s3.tf#L39
https://github.com/elit-cx/test-kics-action/blob/test-pr-comment/terraform/aws/s3.tf#L62
https://github.com/elit-cx/test-kics-action/blob/test-pr-comment/terraform/aws/s3.tf#L62
https://github.com/elit-cx/test-kics-action/blob/test-pr-comment/terraform/aws/s3.tf#L69
https://github.com/elit-cx/test-kics-action/blob/test-pr-comment/terraform/aws/s3.tf#L62
https://github.com/elit-cx/test-kics-action/blob/test-pr-comment/terraform/aws/s3.tf#L7 |
1 participant
No description provided.