This repository has been archived by the owner on Jun 1, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathmkdocs.yml
180 lines (169 loc) · 7.6 KB
/
mkdocs.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
site_name: cfsec
site_url: https://aquasecurity.github.io/cfsec/
site_description: A static analysis security scanner for your yaml and json CloudFormation
code
docs_dir: docs/
repo_name: aquasecurity/cfsec
repo_url: https://github.com/aquasecurity/cfsec
edit_uri: ''
theme:
favicon: favicon.ico
features:
- navigation.tabs
- navigation.tabs.sticky
- navigation.sections
language: en
logo: imgs/logo.png
name: material
nav:
- HOME: index.md
- Getting Started:
- Installation: getting-started/installation.md
- Quick Start: getting-started/quickstart.md
- Parameters: getting-started/usage.md
- Credits: getting-started/credit.md
- GitHub Actions:
- GitHub Action: getting-started/configuration/github-actions/github-action.md
- Checks:
- api-gateway:
- enable-access-logging: checks/api-gateway/enable-access-logging.md
- athena:
- enable-at-rest-encryption: checks/athena/enable-at-rest-encryption.md
- no-encryption-override: checks/athena/no-encryption-override.md
- autoscaling:
- enable-at-rest-encryption: checks/autoscaling/enable-at-rest-encryption.md
- no-public-ip: checks/autoscaling/no-public-ip.md
- cloudfront:
- enable-logging: checks/cloudfront/enable-logging.md
- enable-waf: checks/cloudfront/enable-waf.md
- enforce-https: checks/cloudfront/enforce-https.md
- use-secure-tls-policy: checks/cloudfront/use-secure-tls-policy.md
- cloudtrail:
- enable-all-regions: checks/cloudtrail/enable-all-regions.md
- enable-at-rest-encryption: checks/cloudtrail/enable-at-rest-encryption.md
- enable-log-validation: checks/cloudtrail/enable-log-validation.md
- cloudwatch:
- log-group-customer-key: checks/cloudwatch/log-group-customer-key.md
- codebuild:
- enable-encryption: checks/codebuild/enable-encryption.md
- config:
- aggregate-all-regions: checks/config/aggregate-all-regions.md
- documentdb:
- enable-log-export: checks/documentdb/enable-log-export.md
- enable-storage-encryption: checks/documentdb/enable-storage-encryption.md
- encryption-customer-key: checks/documentdb/encryption-customer-key.md
- dynamodb:
- enable-at-rest-encryption: checks/dynamodb/enable-at-rest-encryption.md
- ebs:
- enable-volume-encryption: checks/ebs/enable-volume-encryption.md
- encryption-customer-key: checks/ebs/encryption-customer-key.md
- ec2:
- no-secrets-in-user-data: checks/ec2/no-secrets-in-user-data.md
- ecr:
- enable-image-scans: checks/ecr/enable-image-scans.md
- enforce-immutable-repository: checks/ecr/enforce-immutable-repository.md
- no-public-access: checks/ecr/no-public-access.md
- repository-customer-key: checks/ecr/repository-customer-key.md
- ecs:
- enable-container-insight: checks/ecs/enable-container-insight.md
- enable-in-transit-encryption: checks/ecs/enable-in-transit-encryption.md
- no-plaintext-secrets: checks/ecs/no-plaintext-secrets.md
- efs:
- enable-at-rest-encryption: checks/efs/enable-at-rest-encryption.md
- eks:
- encrypt-secrets: checks/eks/encrypt-secrets.md
- elastic-search:
- enable-domain-encryption: checks/elastic-search/enable-domain-encryption.md
- enable-domain-logging: checks/elastic-search/enable-domain-logging.md
- enable-in-transit-encryption: checks/elastic-search/enable-in-transit-encryption.md
- enforce-https: checks/elastic-search/enforce-https.md
- use-secure-tls-policy: checks/elastic-search/use-secure-tls-policy.md
- elasticache:
- add-description-for-security-group: checks/elasticache/add-description-for-security-group.md
- enable-backup-retention: checks/elasticache/enable-backup-retention.md
- enable-in-transit-encryption: checks/elasticache/enable-in-transit-encryption.md
- iam:
- no-policy-wildcards: checks/iam/no-policy-wildcards.md
- kinesis:
- enable-in-transit-encryption: checks/kinesis/enable-in-transit-encryption.md
- lambda:
- enable-tracing: checks/lambda/enable-tracing.md
- restrict-source-arn: checks/lambda/restrict-source-arn.md
- mq:
- enable-audit-logging: checks/mq/enable-audit-logging.md
- enable-general-logging: checks/mq/enable-general-logging.md
- no-public-access: checks/mq/no-public-access.md
- msk:
- enable-in-transit-encryption: checks/msk/enable-in-transit-encryption.md
- enable-logging: checks/msk/enable-logging.md
- neptune:
- enable-log-export: checks/neptune/enable-log-export.md
- enable-storage-encryption: checks/neptune/enable-storage-encryption.md
- rds:
- enable-performance-insights: checks/rds/enable-performance-insights.md
- encrypt-cluster-storage-data: checks/rds/encrypt-cluster-storage-data.md
- encrypt-instance-storage-data: checks/rds/encrypt-instance-storage-data.md
- no-classic-resources: checks/rds/no-classic-resources.md
- no-public-db-access: checks/rds/no-public-db-access.md
- specify-backup-retention: checks/rds/specify-backup-retention.md
- redshift:
- add-description-to-security-group: checks/redshift/add-description-to-security-group.md
- encryption-customer-key: checks/redshift/encryption-customer-key.md
- no-classic-resources: checks/redshift/no-classic-resources.md
- use-vpc: checks/redshift/use-vpc.md
- s3:
- block-public-acls: checks/s3/block-public-acls.md
- block-public-policy: checks/s3/block-public-policy.md
- enable-bucket-encryption: checks/s3/enable-bucket-encryption.md
- enable-bucket-logging: checks/s3/enable-bucket-logging.md
- enable-versioning: checks/s3/enable-versioning.md
- ignore-public-acls: checks/s3/ignore-public-acls.md
- no-public-access-with-acl: checks/s3/no-public-access-with-acl.md
- no-public-buckets: checks/s3/no-public-buckets.md
- specify-public-access-block: checks/s3/specify-public-access-block.md
- sam:
- api-use-secure-tls-policy: checks/sam/api-use-secure-tls-policy.md
- enable-api-access-logging: checks/sam/enable-api-access-logging.md
- enable-api-cache-encryption: checks/sam/enable-api-cache-encryption.md
- enable-api-tracing: checks/sam/enable-api-tracing.md
- enable-function-tracing: checks/sam/enable-function-tracing.md
- enable-http-api-access-logging: checks/sam/enable-http-api-access-logging.md
- enable-state-machine-tracing: checks/sam/enable-state-machine-tracing.md
- enable-table-encryption: checks/sam/enable-table-encryption.md
- no-function-policy-wildcards: checks/sam/no-function-policy-wildcards.md
- no-state-machine-policy-wildcards: checks/sam/no-state-machine-policy-wildcards.md
- sns:
- enable-topic-encryption: checks/sns/enable-topic-encryption.md
- sqs:
- enable-queue-encryption: checks/sqs/enable-queue-encryption.md
- no-wildcards-in-policy-documents: checks/sqs/no-wildcards-in-policy-documents.md
- ssm:
- secret-use-customer-key: checks/ssm/secret-use-customer-key.md
- vpc:
- add-description-to-security-group-rule: checks/vpc/add-description-to-security-group-rule.md
- add-description-to-security-group: checks/vpc/add-description-to-security-group.md
- no-excessive-port-access: checks/vpc/no-excessive-port-access.md
- no-public-egress-sgr: checks/vpc/no-public-egress-sgr.md
- no-public-ingress-acl: checks/vpc/no-public-ingress-acl.md
- no-public-ingress-sgr: checks/vpc/no-public-ingress-sgr.md
- workspaces:
- enable-disk-encryption: checks/workspaces/enable-disk-encryption.md
plugins:
- search
- macros
- include-markdown
extra:
generator: false
version:
method: mike
provider: mike
markdown_extensions:
- pymdownx.highlight
- pymdownx.superfences
- admonition
- footnotes
- attr_list
- pymdownx.tabbed
- def_list
- pymdownx.details
- tables