-
Notifications
You must be signed in to change notification settings - Fork 3
/
index.json
executable file
·267 lines (267 loc) · 17.6 KB
/
index.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
{
"aws": {
"AVD-AWS-0001": "aws/api-gateway/enable-access-logging/metadata.json",
"AVD-AWS-0002": "aws/api-gateway/enable-cache-encryption/metadata.json",
"AVD-AWS-0003": "aws/api-gateway/enable-tracing/metadata.json",
"AVD-AWS-0004": "aws/api-gateway/no-public-access/metadata.json",
"AVD-AWS-0005": "aws/api-gateway/use-secure-tls-policy/metadata.json",
"AVD-AWS-0006": "aws/athena/enable-at-rest-encryption/metadata.json",
"AVD-AWS-0007": "aws/athena/no-encryption-override/metadata.json",
"AVD-AWS-0008": "aws/autoscaling/enable-at-rest-encryption/metadata.json",
"AVD-AWS-0009": "aws/autoscaling/no-public-ip/metadata.json",
"AVD-AWS-0010": "aws/cloudfront/enable-logging/metadata.json",
"AVD-AWS-0011": "aws/cloudfront/enable-waf/metadata.json",
"AVD-AWS-0012": "aws/cloudfront/enforce-https/metadata.json",
"AVD-AWS-0013": "aws/cloudfront/use-secure-tls-policy/metadata.json",
"AVD-AWS-0014": "aws/cloudtrail/enable-all-regions/metadata.json",
"AVD-AWS-0015": "aws/cloudtrail/enable-at-rest-encryption/metadata.json",
"AVD-AWS-0016": "aws/cloudtrail/enable-log-validation/metadata.json",
"AVD-AWS-0017": "aws/cloudwatch/log-group-customer-key/metadata.json",
"AVD-AWS-0018": "aws/codebuild/enable-encryption/metadata.json",
"AVD-AWS-0019": "aws/config/aggregate-all-regions/metadata.json",
"AVD-AWS-0020": "aws/documentdb/enable-log-export/metadata.json",
"AVD-AWS-0021": "aws/documentdb/enable-storage-encryption/metadata.json",
"AVD-AWS-0022": "aws/documentdb/encryption-customer-key/metadata.json",
"AVD-AWS-0023": "aws/dynamodb/enable-at-rest-encryption/metadata.json",
"AVD-AWS-0024": "aws/dynamodb/enable-recovery/metadata.json",
"AVD-AWS-0025": "aws/dynamodb/table-customer-key/metadata.json",
"AVD-AWS-0026": "aws/ebs/enable-volume-encryption/metadata.json",
"AVD-AWS-0027": "aws/ebs/encryption-customer-key/metadata.json",
"AVD-AWS-0028": "aws/ec2/enforce-http-token-imds/metadata.json",
"AVD-AWS-0029": "aws/ec2/no-secrets-in-user-data/metadata.json",
"AVD-AWS-0030": "aws/ecr/enable-image-scans/metadata.json",
"AVD-AWS-0031": "aws/ecr/enforce-immutable-repository/metadata.json",
"AVD-AWS-0032": "aws/ecr/no-public-access/metadata.json",
"AVD-AWS-0033": "aws/ecr/repository-customer-key/metadata.json",
"AVD-AWS-0034": "aws/ecs/enable-container-insight/metadata.json",
"AVD-AWS-0035": "aws/ecs/enable-in-transit-encryption/metadata.json",
"AVD-AWS-0036": "aws/ecs/no-plaintext-secrets/metadata.json",
"AVD-AWS-0037": "aws/efs/enable-at-rest-encryption/metadata.json",
"AVD-AWS-0038": "aws/eks/enable-control-plane-logging/metadata.json",
"AVD-AWS-0039": "aws/eks/encrypt-secrets/metadata.json",
"AVD-AWS-0040": "aws/eks/no-public-cluster-access/metadata.json",
"AVD-AWS-0041": "aws/eks/no-public-cluster-access-to-cidr/metadata.json",
"AVD-AWS-0042": "aws/elastic-search/enable-domain-logging/metadata.json",
"AVD-AWS-0043": "aws/elastic-search/enable-in-transit-encryption/metadata.json",
"AVD-AWS-0044": "aws/elastic-search/enable-logging/metadata.json",
"AVD-AWS-0045": "aws/elastic-search/encrypt-replication-group/metadata.json",
"AVD-AWS-0046": "aws/elastic-search/enforce-https/metadata.json",
"AVD-AWS-0047": "aws/elastic-search/use-secure-tls-policy/metadata.json",
"AVD-AWS-0048": "aws/elastic-service/enable-domain-encryption/metadata.json",
"AVD-AWS-0049": "aws/elasticache/add-description-for-security-group/metadata.json",
"AVD-AWS-0050": "aws/elasticache/enable-backup-retention/metadata.json",
"AVD-AWS-0051": "aws/elasticache/enable-in-transit-encryption/metadata.json",
"AVD-AWS-0052": "aws/elb/drop-invalid-headers/metadata.json",
"AVD-AWS-0053": "aws/elbv2/alb-not-public/metadata.json",
"AVD-AWS-0054": "aws/elbv2/http-not-used/metadata.json",
"AVD-AWS-0055": "aws/iam/block-kms-policy-wildcard/metadata.json",
"AVD-AWS-0056": "aws/iam/no-password-reuse/metadata.json",
"AVD-AWS-0057": "aws/iam/no-policy-wildcards/metadata.json",
"AVD-AWS-0058": "aws/iam/require-lowercase-in-passwords/metadata.json",
"AVD-AWS-0059": "aws/iam/require-numbers-in-passwords/metadata.json",
"AVD-AWS-0060": "aws/iam/require-symbols-in-passwords/metadata.json",
"AVD-AWS-0061": "aws/iam/require-uppercase-in-passwords/metadata.json",
"AVD-AWS-0062": "aws/iam/set-max-password-age/metadata.json",
"AVD-AWS-0063": "aws/iam/set-minimum-password-length/metadata.json",
"AVD-AWS-0064": "aws/kinesis/enable-in-transit-encryption/metadata.json",
"AVD-AWS-0065": "aws/kms/auto-rotate-keys/metadata.json",
"AVD-AWS-0066": "aws/lambda/enable-tracing/metadata.json",
"AVD-AWS-0067": "aws/lambda/restrict-source-arn/metadata.json",
"AVD-AWS-0068": "aws/launch/no-sensitive-info/metadata.json",
"AVD-AWS-0069": "aws/misc/no-exposing-plaintext-credentials/metadata.json",
"AVD-AWS-0070": "aws/mq/enable-audit-logging/metadata.json",
"AVD-AWS-0071": "aws/mq/enable-general-logging/metadata.json",
"AVD-AWS-0072": "aws/mq/no-public-access/metadata.json",
"AVD-AWS-0073": "aws/msk/enable-in-transit-encryption/metadata.json",
"AVD-AWS-0074": "aws/msk/enable-logging/metadata.json",
"AVD-AWS-0075": "aws/neptune/enable-log-export/metadata.json",
"AVD-AWS-0076": "aws/neptune/enable-storage-encryption/metadata.json",
"AVD-AWS-0077": "aws/rds/backup-retention-specified/metadata.json",
"AVD-AWS-0078": "aws/rds/enable-performance-insights/metadata.json",
"AVD-AWS-0079": "aws/rds/encrypt-cluster-storage-data/metadata.json",
"AVD-AWS-0080": "aws/rds/encrypt-instance-storage-data/metadata.json",
"AVD-AWS-0081": "aws/rds/no-classic-resources/metadata.json",
"AVD-AWS-0082": "aws/rds/no-public-db-access/metadata.json",
"AVD-AWS-0083": "aws/redshift/add-description-to-security-group/metadata.json",
"AVD-AWS-0084": "aws/redshift/encryption-customer-key/metadata.json",
"AVD-AWS-0085": "aws/redshift/non-default-vpc-deployment/metadata.json",
"AVD-AWS-0086": "aws/s3/block-public-acls/metadata.json",
"AVD-AWS-0087": "aws/s3/block-public-policy/metadata.json",
"AVD-AWS-0088": "aws/s3/enable-bucket-encryption/metadata.json",
"AVD-AWS-0089": "aws/s3/enable-bucket-logging/metadata.json",
"AVD-AWS-0090": "aws/s3/enable-versioning/metadata.json",
"AVD-AWS-0091": "aws/s3/ignore-public-acls/metadata.json",
"AVD-AWS-0092": "aws/s3/no-public-access-with-acl/metadata.json",
"AVD-AWS-0093": "aws/s3/no-public-buckets/metadata.json",
"AVD-AWS-0094": "aws/s3/specify-public-access-block/metadata.json",
"AVD-AWS-0095": "aws/sns/enable-topic-encryption/metadata.json",
"AVD-AWS-0096": "aws/sqs/enable-queue-encryption/metadata.json",
"AVD-AWS-0097": "aws/sqs/no-wildcards-in-policy-documents/metadata.json",
"AVD-AWS-0098": "aws/ssm/secret-use-customer-key/metadata.json",
"AVD-AWS-0099": "aws/vpc/add-description-to-security-group/metadata.json",
"AVD-AWS-0100": "aws/vpc/disallow-mixed-sgr/metadata.json",
"AVD-AWS-0101": "aws/vpc/no-default-vpc/metadata.json",
"AVD-AWS-0102": "aws/vpc/no-excessive-port-access/metadata.json",
"AVD-AWS-0103": "aws/vpc/no-public-egress-sg/metadata.json",
"AVD-AWS-0104": "aws/vpc/no-public-egress-sgr/metadata.json",
"AVD-AWS-0105": "aws/vpc/no-public-ingress/metadata.json",
"AVD-AWS-0106": "aws/vpc/no-public-ingress-sg/metadata.json",
"AVD-AWS-0107": "aws/vpc/no-public-ingress-sgr/metadata.json",
"AVD-AWS-0108": "aws/vpc/use-secure-tls-policy/metadata.json",
"AVD-AWS-0109": "aws/workspace/enable-disk-encryption/metadata.json"
},
"azure": {
"AVD-AZU-0001": "azure/appservice/account-identity-registered/metadata.json",
"AVD-AZU-0002": "azure/appservice/authentication-enabled/metadata.json",
"AVD-AZU-0003": "azure/appservice/enable-http2/metadata.json",
"AVD-AZU-0004": "azure/appservice/enforce-https/metadata.json",
"AVD-AZU-0005": "azure/appservice/require-client-cert/metadata.json",
"AVD-AZU-0006": "azure/appservice/use-secure-tls-policy/metadata.json",
"AVD-AZU-0007": "azure/authorization/limit-role-actions/metadata.json",
"AVD-AZU-0008": "azure/compute/disable-password-authentication/metadata.json",
"AVD-AZU-0009": "azure/compute/enable-disk-encryption/metadata.json",
"AVD-AZU-0010": "azure/compute/no-secrets-in-custom-data/metadata.json",
"AVD-AZU-0011": "azure/compute/ssh-authentication/metadata.json",
"AVD-AZU-0012": "azure/container/configured-network-policy/metadata.json",
"AVD-AZU-0013": "azure/container/limit-authorized-ips/metadata.json",
"AVD-AZU-0014": "azure/container/logging/metadata.json",
"AVD-AZU-0015": "azure/container/use-rbac-permissions/metadata.json",
"AVD-AZU-0016": "azure/database/enable-audit/metadata.json",
"AVD-AZU-0017": "azure/database/enable-ssl-enforcement/metadata.json",
"AVD-AZU-0018": "azure/database/no-public-access/metadata.json",
"AVD-AZU-0019": "azure/database/no-public-firewall-access/metadata.json",
"AVD-AZU-0020": "azure/database/postgres-configuration-log-checkpoints/metadata.json",
"AVD-AZU-0021": "azure/database/postgres-configuration-log-connection-throttling/metadata.json",
"AVD-AZU-0022": "azure/database/postgres-configuration-log-connections/metadata.json",
"AVD-AZU-0023": "azure/database/retention-period-set/metadata.json",
"AVD-AZU-0024": "azure/database/secure-tls-policy/metadata.json",
"AVD-AZU-0025": "azure/datafactory/no-public-access/metadata.json",
"AVD-AZU-0026": "azure/datalake/enable-at-rest-encryption/metadata.json",
"AVD-AZU-0027": "azure/functionapp/authentication-enabled/metadata.json",
"AVD-AZU-0028": "azure/keyvault/content-type-for-secret/metadata.json",
"AVD-AZU-0029": "azure/keyvault/ensure-key-expiry/metadata.json",
"AVD-AZU-0030": "azure/keyvault/ensure-secret-expiry/metadata.json",
"AVD-AZU-0031": "azure/keyvault/no-purge/metadata.json",
"AVD-AZU-0032": "azure/keyvault/specify-network-acl/metadata.json",
"AVD-AZU-0033": "azure/monitor/activity-log-retention-set/metadata.json",
"AVD-AZU-0034": "azure/monitor/capture-all-activities/metadata.json",
"AVD-AZU-0035": "azure/monitor/capture-all-regions/metadata.json",
"AVD-AZU-0036": "azure/mssql/all-threat-alerts-enabled/metadata.json",
"AVD-AZU-0037": "azure/mssql/threat-alert-email-set/metadata.json",
"AVD-AZU-0038": "azure/mssql/threat-alert-email-to-owner/metadata.json",
"AVD-AZU-0039": "azure/network/disable-rdp-from-internet/metadata.json",
"AVD-AZU-0040": "azure/network/no-public-egress/metadata.json",
"AVD-AZU-0041": "azure/network/no-public-ingress/metadata.json",
"AVD-AZU-0042": "azure/network/retention-policy-set/metadata.json",
"AVD-AZU-0043": "azure/network/ssh-blocked-from-internet/metadata.json",
"AVD-AZU-0044": "azure/security-center/alert-on-severe-notifications/metadata.json",
"AVD-AZU-0045": "azure/security-center/enable-standard-subscription/metadata.json",
"AVD-AZU-0046": "azure/security-center/set-required-contact-details/metadata.json",
"AVD-AZU-0047": "azure/storage/allow-microsoft-service-bypass/metadata.json",
"AVD-AZU-0048": "azure/storage/default-action-deny/metadata.json",
"AVD-AZU-0049": "azure/storage/enforce-https/metadata.json",
"AVD-AZU-0050": "azure/storage/no-public-access/metadata.json",
"AVD-AZU-0051": "azure/storage/queue-services-logging-enabled/metadata.json",
"AVD-AZU-0052": "azure/storage/use-secure-tls-policy/metadata.json",
"AVD-AZU-0053": "azure/synapse/virtual-network-enabled/metadata.json"
},
"cloudstack": {
"AVD-CSK-0001": "cloudstack/compute/no-sensitive-info/metadata.json"
},
"digitalocean": {
"AVD-DIG-0001": "digitalocean/compute/no-public-egress/metadata.json",
"AVD-DIG-0002": "digitalocean/compute/no-public-ingress/metadata.json",
"AVD-DIG-0003": "digitalocean/droplet/use-ssh-keys/metadata.json",
"AVD-DIG-0004": "digitalocean/loadbalancing/enforce-https/metadata.json",
"AVD-DIG-0005": "digitalocean/spaces/acl-no-public-read/metadata.json",
"AVD-DIG-0006": "digitalocean/spaces/disable-force-destroy/metadata.json",
"AVD-DIG-0007": "digitalocean/spaces/versioning-enabled/metadata.json"
},
"general": {
"AVD-GEN-0001": "general/secrets/sensitive-in-attribute/metadata.json",
"AVD-GEN-0002": "general/secrets/sensitive-in-attribute-value/metadata.json",
"AVD-GEN-0003": "general/secrets/sensitive-in-local/metadata.json",
"AVD-GEN-0004": "general/secrets/sensitive-in-variable/metadata.json"
},
"github": {
"AVD-GIT-0001": "github/repositories/private/metadata.json"
},
"google": {
"AVD-GCP-0001": "google/bigquery/no-public-access/metadata.json",
"AVD-GCP-0002": "google/compute/disk-encryption-customer-key/metadata.json",
"AVD-GCP-0003": "google/compute/disk-encryption-customer-keys/metadata.json",
"AVD-GCP-0004": "google/compute/disk-encryption-required/metadata.json",
"AVD-GCP-0005": "google/compute/enable-shielded-vm/metadata.json",
"AVD-GCP-0006": "google/compute/enable-vpc-flow-logs/metadata.json",
"AVD-GCP-0007": "google/compute/no-default-service-account/metadata.json",
"AVD-GCP-0008": "google/compute/no-ip-forwarding/metadata.json",
"AVD-GCP-0009": "google/compute/no-oslogin-override/metadata.json",
"AVD-GCP-0010": "google/compute/no-plaintext-disk-keys/metadata.json",
"AVD-GCP-0011": "google/compute/no-plaintext-vm-disk-keys/metadata.json",
"AVD-GCP-0012": "google/compute/no-project-wide-ssh-keys/metadata.json",
"AVD-GCP-0013": "google/compute/no-public-egress/metadata.json",
"AVD-GCP-0014": "google/compute/no-public-ingress/metadata.json",
"AVD-GCP-0015": "google/compute/no-public-ip/metadata.json",
"AVD-GCP-0016": "google/compute/no-serial-port/metadata.json",
"AVD-GCP-0017": "google/compute/project-level-oslogin/metadata.json",
"AVD-GCP-0018": "google/compute/use-secure-tls-policy/metadata.json",
"AVD-GCP-0019": "google/compute/vm-disk-encryption-customer-key/metadata.json",
"AVD-GCP-0020": "google/dns/enable-dnssec/metadata.json",
"AVD-GCP-0021": "google/dns/no-rsa-sha1/metadata.json",
"AVD-GCP-0022": "google/gke/enable-auto-repair/metadata.json",
"AVD-GCP-0023": "google/gke/enable-auto-upgrade/metadata.json",
"AVD-GCP-0024": "google/gke/enable-ip-aliasing/metadata.json",
"AVD-GCP-0025": "google/gke/enable-master-networks/metadata.json",
"AVD-GCP-0026": "google/gke/enable-network-policy/metadata.json",
"AVD-GCP-0027": "google/gke/enable-private-cluster/metadata.json",
"AVD-GCP-0028": "google/gke/enable-stackdriver-logging/metadata.json",
"AVD-GCP-0029": "google/gke/enable-stackdriver-monitoring/metadata.json",
"AVD-GCP-0030": "google/gke/enforce-pod-security-policy/metadata.json",
"AVD-GCP-0031": "google/gke/metadata-endpoints-disabled/metadata.json",
"AVD-GCP-0032": "google/gke/no-legacy-auth/metadata.json",
"AVD-GCP-0033": "google/gke/no-legacy-authentication/metadata.json",
"AVD-GCP-0034": "google/gke/no-public-control-plane/metadata.json",
"AVD-GCP-0035": "google/gke/node-metadata-security/metadata.json",
"AVD-GCP-0036": "google/gke/node-pool-uses-cos/metadata.json",
"AVD-GCP-0037": "google/gke/node-shielding-enabled/metadata.json",
"AVD-GCP-0038": "google/gke/use-cluster-labels/metadata.json",
"AVD-GCP-0039": "google/gke/use-rbac-permissions/metadata.json",
"AVD-GCP-0040": "google/gke/use-service-account/metadata.json",
"AVD-GCP-0041": "google/iam/no-folder-level-default-service-account-assignment/metadata.json",
"AVD-GCP-0042": "google/iam/no-folder-level-service-account-impersonation/metadata.json",
"AVD-GCP-0043": "google/iam/no-org-level-default-service-account-assignment/metadata.json",
"AVD-GCP-0044": "google/iam/no-org-level-service-account-impersonation/metadata.json",
"AVD-GCP-0045": "google/iam/no-privileged-service-accounts/metadata.json",
"AVD-GCP-0046": "google/iam/no-project-level-default-service-account-assignment/metadata.json",
"AVD-GCP-0047": "google/iam/no-project-level-service-account-impersonation/metadata.json",
"AVD-GCP-0048": "google/iam/no-user-granted-permissions/metadata.json",
"AVD-GCP-0049": "google/kms/rotate-kms-keys/metadata.json",
"AVD-GCP-0050": "google/project/no-default-network/metadata.json",
"AVD-GCP-0051": "google/sql/enable-backup/metadata.json",
"AVD-GCP-0052": "google/sql/enable-pg-temp-file-logging/metadata.json",
"AVD-GCP-0053": "google/sql/encrypt-in-transit-data/metadata.json",
"AVD-GCP-0054": "google/sql/mysql-no-local-infile/metadata.json",
"AVD-GCP-0055": "google/sql/no-contained-db-auth/metadata.json",
"AVD-GCP-0056": "google/sql/no-cross-db-ownership-chaining/metadata.json",
"AVD-GCP-0057": "google/sql/no-public-access/metadata.json",
"AVD-GCP-0058": "google/sql/pg-log-checkpoints/metadata.json",
"AVD-GCP-0059": "google/sql/pg-log-connections/metadata.json",
"AVD-GCP-0060": "google/sql/pg-log-disconnections/metadata.json",
"AVD-GCP-0061": "google/sql/pg-log-errors/metadata.json",
"AVD-GCP-0062": "google/sql/pg-log-lock-waits/metadata.json",
"AVD-GCP-0063": "google/sql/pg-no-min-statement-logging/metadata.json",
"AVD-GCP-0064": "google/storage/enable-ubla/metadata.json",
"AVD-GCP-0065": "google/storage/no-public-access/metadata.json"
},
"kubernetes": {
"AVD-K8S-0001": "kubernetes/network/no-public-egress/metadata.json",
"AVD-K8S-0002": "kubernetes/network/no-public-ingress/metadata.json"
},
"openstack": {
"AVD-OSK-0001": "openstack/compute/no-plaintext-password/metadata.json",
"AVD-OSK-0002": "openstack/fw/no-public-access/metadata.json"
},
"oracle": {
"AVD-OCI-0001": "oracle/compute/no-public-ip/metadata.json"
}
}