Secure Code Analysis #217
ep-93code-scanning.yml
on: schedule
tfsec
32s
checkov
2m 10s
Matrix: tflint
Annotations
10 errors and 1 notice
|
checkov:
terraform/environments/ccms-ebs/ccms-cloudwatch.tf#L15
CKV_AWS_158: "Ensure that CloudWatch Log Group is encrypted by KMS"
|
|
checkov:
terraform/environments/ccms-ebs/ccms-cloudwatch.tf#L28
CKV_AWS_337: "Ensure SSM parameters are using KMS CMK"
|
|
checkov:
terraform/environments/ccms-ebs/ccms-cloudwatch.tf#L54
CKV_AWS_356: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
|
|
checkov:
terraform/environments/ccms-ebs/ccms-dlm.tf#L24
CKV_AWS_290: "Ensure IAM policies does not allow write access without constraints"
|
|
checkov:
terraform/environments/ccms-ebs/ccms-dlm.tf#L24
CKV_AWS_355: "Ensure no IAM policies documents allow "*" as a statement's resource for restrictable actions"
|
|
checkov:
terraform/environments/ccms-ebs/ccms-ec2-ftp.tf#L1
CKV_AWS_135: "Ensure that EC2 is EBS optimized"
|
|
checkov:
terraform/environments/ccms-ebs/ccms-ec2-mailrelay.tf#L2
CKV_AWS_135: "Ensure that EC2 is EBS optimized"
|
|
checkov:
terraform/environments/ccms-ebs/ccms-ec2-oracle_accessgate.tf#L1
CKV_AWS_79: "Ensure Instance Metadata Service Version 1 is not enabled"
|
|
checkov:
terraform/environments/ccms-ebs/ccms-ec2-oracle_accessgate.tf#L1
CKV_AWS_135: "Ensure that EC2 is EBS optimized"
|
|
checkov:
terraform/environments/ccms-ebs/ccms-ec2-oracle_ebs.tf#L1
CKV_AWS_8: "Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted"
|
|
GitHub API token
Consider setting a GITHUB_TOKEN to prevent GitHub api rate limits
|