docs(queries): update queries catalog (#5869)

Co-authored-by: rafaela-soares <rafaela-soares@users.noreply.github.com>

docs/queries/all-queries.md

@@ -754,7 +754,7 @@ This page contains all queries.
 |COS Node Image Not Used<br/><sup><sub>be41f891-96b1-4b9d-b74f-b922a918c778</sub></sup>|Ansible|<span style="color:#C60">Medium</span>|Resource Management|The node image should be Container-Optimized OS(COS)|<a href="https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_container_node_pool_module.html#parameter-config/image_type">Documentation</a><br/>|
 |Project-wide SSH Keys Are Enabled In VM Instances<br/><sup><sub>099b4411-d11e-4537-a0fc-146b19762a79</sub></sup>|Ansible|<span style="color:#C60">Medium</span>|Secret Management|VM Instance should block project-wide SSH keys|<a href="https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_compute_instance_module.html">Documentation</a><br/>|
 |High KMS Rotation Period<br/><sup><sub>79f45008-60b3-4a0a-a302-8311fd3701b4</sub></sup>|Ansible|<span style="color:#C60">Medium</span>|Secret Management|KMS Rotation Period should be greater than 365 days.|<a href="https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_kms_crypto_key_module.html">Documentation</a><br/>|
-|High Google KMS Crypto Key Rotation Period<br/><sup><sub>f9b7086b-deb8-4034-9330-d7fd38f1b8de</sub></sup>|Ansible|<span style="color:#C60">Medium</span>|Secret Management|Encryption keys should be changed after 90 days|<a href="https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_kms_crypto_key_module.html">Documentation</a><br/>|
+|High Google KMS Crypto Key Rotation Period<br/><sup><sub>f9b7086b-deb8-4034-9330-d7fd38f1b8de</sub></sup>|Ansible|<span style="color:#C60">Medium</span>|Secret Management|KMS encryption keys should be rotated every 90 days or less. A short lifetime of encryption keys reduces the potential blast radius in case of compromise.|<a href="https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_kms_crypto_key_module.html">Documentation</a><br/>|
 |Google Compute Network Using Firewall Rule that Allows Port Range<br/><sup><sub>7289eebd-a477-4064-8ad4-3c044bd70b00</sub></sup>|Ansible|<span style="color:#CC0">Low</span>|Networking and Firewall|Google Compute Network should not use a firewall rule that allows port range|<a href="https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_compute_firewall_module.html#parameter-allowed">Documentation</a><br/>|
 |Google Compute Subnetwork with Private Google Access Disabled<br/><sup><sub>6a4080ae-79bd-42f6-a924-8f534c1c018b</sub></sup>|Ansible|<span style="color:#CC0">Low</span>|Networking and Firewall|Google Compute Subnetwork should have Private Google Access enabled, which means 'private_ip_google_access' should be set to yes|<a href="https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_compute_subnetwork_module.html#parameter-private_ip_google_access">Documentation</a><br/>|
 |Run Using apt<br/><sup><sub>a1bc27c6-7115-48d8-bf9d-5a7e836845ba</sub></sup>|Buildah|<span style="color:#C60">Medium</span>|Supply-Chain|apt is discouraged by the linux distributions as an unattended tool as its interface may suffer changes between versions. Better use the more stable apt-get and apt-cache|<a href="https://github.com/containers/buildah/blob/main/docs/buildah-run.1.md">Documentation</a><br/>|
@@ -1652,7 +1652,7 @@ This page contains all queries.
 |Service Account with Improper Privileges<br/><sup><sub>cefdad16-0dd5-4ac5-8ed2-a37502c78672</sub></sup>|Terraform|<span style="color:#C60">Medium</span>|Resource Management|Service account should not have improper privileges like admin, editor, owner, or write roles|<a href="https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/iam_policy#role">Documentation</a><br/>|
 |Project-wide SSH Keys Are Enabled In VM Instances<br/><sup><sub>3e4d5ce6-3280-4027-8010-c26eeea1ec01</sub></sup>|Terraform|<span style="color:#C60">Medium</span>|Secret Management|VM Instance should block project-wide SSH keys|<a href="https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance">Documentation</a><br/>|
 |High KMS Rotation Period<br/><sup><sub>352271ca-842f-408a-8b24-f6f2b76eb027</sub></sup>|Terraform|<span style="color:#C60">Medium</span>|Secret Management|KMS Rotation Period should be greater than 365 days.|<a href="https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/kms_crypto_key">Documentation</a><br/>|
-|High Google KMS Crypto Key Rotation Period<br/><sup><sub>d8c57c4e-bf6f-4e32-a2bf-8643532de77b</sub></sup>|Terraform|<span style="color:#C60">Medium</span>|Secret Management|Encryption keys should be changed after 90 days|<a href="https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/kms_crypto_key">Documentation</a><br/>|
+|High Google KMS Crypto Key Rotation Period<br/><sup><sub>d8c57c4e-bf6f-4e32-a2bf-8643532de77b</sub></sup>|Terraform|<span style="color:#C60">Medium</span>|Secret Management|KMS encryption keys should be rotated every 90 days or less. A short lifetime of encryption keys reduces the potential blast radius in case of compromise.|<a href="https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/kms_crypto_key">Documentation</a><br/>|
 |User with IAM Role<br/><sup><sub>704fcc44-a58f-4af5-82e2-93f2a58ef918</sub></sup>|Terraform|<span style="color:#CC0">Low</span>|Best Practices|As a best practice, it is better to assign an IAM Role to a group than to a user|<a href="https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/iam_policy#role">Documentation</a><br/>|
 |Google Compute Network Using Firewall Rule that Allows Port Range<br/><sup><sub>e6f61c37-106b-449f-a5bb-81bfcaceb8b4</sub></sup>|Terraform|<span style="color:#CC0">Low</span>|Networking and Firewall|Google Compute Network should not use a firewall rule that allows port range|<a href="https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall#allow">Documentation</a><br/>|
 |Google Compute Subnetwork with Private Google Access Disabled<br/><sup><sub>ee7b93c1-b3f8-4a3b-9588-146d481814f5</sub></sup>|Terraform|<span style="color:#CC0">Low</span>|Networking and Firewall|Google Compute Subnetwork should have Private Google Access enabled, which means 'private_ip_google_access' should be set to true|<a href="https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork#private_ip_google_access">Documentation</a><br/>|

docs/queries/ansible-queries.md

@@ -237,6 +237,6 @@ Bellow are listed queries related with Ansible GCP:
 |COS Node Image Not Used<br/><sup><sub>be41f891-96b1-4b9d-b74f-b922a918c778</sub></sup>|<span style="color:#C60">Medium</span>|Resource Management|The node image should be Container-Optimized OS(COS)|<a href="https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_container_node_pool_module.html#parameter-config/image_type">Documentation</a><br/>|
 |Project-wide SSH Keys Are Enabled In VM Instances<br/><sup><sub>099b4411-d11e-4537-a0fc-146b19762a79</sub></sup>|<span style="color:#C60">Medium</span>|Secret Management|VM Instance should block project-wide SSH keys|<a href="https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_compute_instance_module.html">Documentation</a><br/>|
 |High KMS Rotation Period<br/><sup><sub>79f45008-60b3-4a0a-a302-8311fd3701b4</sub></sup>|<span style="color:#C60">Medium</span>|Secret Management|KMS Rotation Period should be greater than 365 days.|<a href="https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_kms_crypto_key_module.html">Documentation</a><br/>|
-|High Google KMS Crypto Key Rotation Period<br/><sup><sub>f9b7086b-deb8-4034-9330-d7fd38f1b8de</sub></sup>|<span style="color:#C60">Medium</span>|Secret Management|Encryption keys should be changed after 90 days|<a href="https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_kms_crypto_key_module.html">Documentation</a><br/>|
+|High Google KMS Crypto Key Rotation Period<br/><sup><sub>f9b7086b-deb8-4034-9330-d7fd38f1b8de</sub></sup>|<span style="color:#C60">Medium</span>|Secret Management|KMS encryption keys should be rotated every 90 days or less. A short lifetime of encryption keys reduces the potential blast radius in case of compromise.|<a href="https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_kms_crypto_key_module.html">Documentation</a><br/>|
 |Google Compute Network Using Firewall Rule that Allows Port Range<br/><sup><sub>7289eebd-a477-4064-8ad4-3c044bd70b00</sub></sup>|<span style="color:#CC0">Low</span>|Networking and Firewall|Google Compute Network should not use a firewall rule that allows port range|<a href="https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_compute_firewall_module.html#parameter-allowed">Documentation</a><br/>|
 |Google Compute Subnetwork with Private Google Access Disabled<br/><sup><sub>6a4080ae-79bd-42f6-a924-8f534c1c018b</sub></sup>|<span style="color:#CC0">Low</span>|Networking and Firewall|Google Compute Subnetwork should have Private Google Access enabled, which means 'private_ip_google_access' should be set to yes|<a href="https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_compute_subnetwork_module.html#parameter-private_ip_google_access">Documentation</a><br/>|

docs/queries/terraform-queries.md

@@ -655,7 +655,7 @@ Bellow are listed queries related with Terraform GCP:
 |Service Account with Improper Privileges<br/><sup><sub>cefdad16-0dd5-4ac5-8ed2-a37502c78672</sub></sup>|<span style="color:#C60">Medium</span>|Resource Management|Service account should not have improper privileges like admin, editor, owner, or write roles|<a href="https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/iam_policy#role">Documentation</a><br/>|
 |Project-wide SSH Keys Are Enabled In VM Instances<br/><sup><sub>3e4d5ce6-3280-4027-8010-c26eeea1ec01</sub></sup>|<span style="color:#C60">Medium</span>|Secret Management|VM Instance should block project-wide SSH keys|<a href="https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance">Documentation</a><br/>|
 |High KMS Rotation Period<br/><sup><sub>352271ca-842f-408a-8b24-f6f2b76eb027</sub></sup>|<span style="color:#C60">Medium</span>|Secret Management|KMS Rotation Period should be greater than 365 days.|<a href="https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/kms_crypto_key">Documentation</a><br/>|
-|High Google KMS Crypto Key Rotation Period<br/><sup><sub>d8c57c4e-bf6f-4e32-a2bf-8643532de77b</sub></sup>|<span style="color:#C60">Medium</span>|Secret Management|Encryption keys should be changed after 90 days|<a href="https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/kms_crypto_key">Documentation</a><br/>|
+|High Google KMS Crypto Key Rotation Period<br/><sup><sub>d8c57c4e-bf6f-4e32-a2bf-8643532de77b</sub></sup>|<span style="color:#C60">Medium</span>|Secret Management|KMS encryption keys should be rotated every 90 days or less. A short lifetime of encryption keys reduces the potential blast radius in case of compromise.|<a href="https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/kms_crypto_key">Documentation</a><br/>|
 |User with IAM Role<br/><sup><sub>704fcc44-a58f-4af5-82e2-93f2a58ef918</sub></sup>|<span style="color:#CC0">Low</span>|Best Practices|As a best practice, it is better to assign an IAM Role to a group than to a user|<a href="https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/iam_policy#role">Documentation</a><br/>|
 |Google Compute Network Using Firewall Rule that Allows Port Range<br/><sup><sub>e6f61c37-106b-449f-a5bb-81bfcaceb8b4</sub></sup>|<span style="color:#CC0">Low</span>|Networking and Firewall|Google Compute Network should not use a firewall rule that allows port range|<a href="https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall#allow">Documentation</a><br/>|
 |Google Compute Subnetwork with Private Google Access Disabled<br/><sup><sub>ee7b93c1-b3f8-4a3b-9588-146d481814f5</sub></sup>|<span style="color:#CC0">Low</span>|Networking and Firewall|Google Compute Subnetwork should have Private Google Access enabled, which means 'private_ip_google_access' should be set to true|<a href="https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork#private_ip_google_access">Documentation</a><br/>|