all resource scans (auto generated)

	Id	Type	Entity	Policy	IaC	Resource Link
0	CKV2_ADO_1	resource	azuredevops_branch_policy_min_reviewers	Ensure at least two approving reviews for PRs	Terraform	ADORepositoryHasMinTwoReviewers.yaml
1	CKV2_ADO_1	resource	azuredevops_git_repository	Ensure at least two approving reviews for PRs	Terraform	ADORepositoryHasMinTwoReviewers.yaml
2	CKV_ALI_1	resource	alicloud_oss_bucket	Alibaba Cloud OSS bucket accessible to public	Terraform	OSSBucketPublic.py
3	CKV_ALI_2	resource	alicloud_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22	Terraform	SecurityGroupUnrestrictedIngress22.py
4	CKV_ALI_3	resource	alicloud_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389	Terraform	SecurityGroupUnrestrictedIngress3389.py
5	CKV_ALI_4	resource	alicloud_actiontrail_trail	Ensure Action Trail Logging for all regions	Terraform	ActionTrailLogAllRegions.py
6	CKV_ALI_5	resource	alicloud_actiontrail_trail	Ensure Action Trail Logging for all events	Terraform	ActionTrailLogAllEvents.py
7	CKV_ALI_6	resource	alicloud_oss_bucket	Ensure OSS bucket is encrypted with Customer Master Key	Terraform	OSSBucketEncryptedWithCMK.py
8	CKV_ALI_7	resource	alicloud_disk	Ensure disk is encrypted	Terraform	DiskIsEncrypted.py
9	CKV_ALI_8	resource	alicloud_disk	Ensure Disk is encrypted with Customer Master Key	Terraform	DiskEncryptedWithCMK.py
10	CKV_ALI_9	resource	alicloud_db_instance	Ensure database instance is not public	Terraform	RDSIsPublic.py
11	CKV_ALI_10	resource	alicloud_oss_bucket	Ensure OSS bucket has versioning enabled	Terraform	OSSBucketVersioning.py
12	CKV_ALI_11	resource	alicloud_oss_bucket	Ensure OSS bucket has transfer Acceleration enabled	Terraform	OSSBucketTransferAcceleration.py
13	CKV_ALI_12	resource	alicloud_oss_bucket	Ensure the OSS bucket has access logging enabled	Terraform	OSSBucketAccessLogs.py
14	CKV_ALI_13	resource	alicloud_ram_account_password_policy	Ensure RAM password policy requires minimum length of 14 or greater	Terraform	RAMPasswordPolicyLength.py
15	CKV_ALI_14	resource	alicloud_ram_account_password_policy	Ensure RAM password policy requires at least one number	Terraform	RAMPasswordPolicyNumber.py
16	CKV_ALI_15	resource	alicloud_ram_account_password_policy	Ensure RAM password policy requires at least one symbol	Terraform	RAMPasswordPolicySymbol.py
17	CKV_ALI_16	resource	alicloud_ram_account_password_policy	Ensure RAM password policy expires passwords within 90 days or less	Terraform	RAMPasswordPolicyExpiration.py
18	CKV_ALI_17	resource	alicloud_ram_account_password_policy	Ensure RAM password policy requires at least one lowercase letter	Terraform	RAMPasswordPolicyLowercaseLetter.py
19	CKV_ALI_18	resource	alicloud_ram_account_password_policy	Ensure RAM password policy prevents password reuse	Terraform	RAMPasswordPolicyReuse.py
20	CKV_ALI_19	resource	alicloud_ram_account_password_policy	Ensure RAM password policy requires at least one uppercase letter	Terraform	RAMPasswordPolicyUppcaseLetter.py
21	CKV_ALI_20	resource	alicloud_db_instance	Ensure RDS instance uses SSL	Terraform	RDSInstanceSSL.py
22	CKV_ALI_21	resource	alicloud_api_gateway_api	Ensure API Gateway API Protocol HTTPS	Terraform	APIGatewayProtocolHTTPS.py
23	CKV_ALI_22	resource	alicloud_db_instance	Ensure Transparent Data Encryption is Enabled on instance	Terraform	RDSTransparentDataEncryptionEnabled.py
24	CKV_ALI_23	resource	alicloud_ram_account_password_policy	Ensure Ram Account Password Policy Max Login Attempts not > 5	Terraform	RAMPasswordPolicyMaxLogin.py
25	CKV_ALI_24	resource	alicloud_ram_security_preference	Ensure RAM enforces MFA	Terraform	RAMSecurityEnforceMFA.py
26	CKV_ALI_25	resource	alicloud_db_instance	Ensure RDS Instance SQL Collector Retention Period should be greater than 180	Terraform	RDSRetention.py
27	CKV_ALI_26	resource	alicloud_cs_kubernetes	Ensure Kubernetes installs plugin Terway or Flannel to support standard policies	Terraform	K8sEnableNetworkPolicies.py
28	CKV_ALI_27	resource	alicloud_kms_key	Ensure KMS Key Rotation is enabled	Terraform	KMSKeyRotationIsEnabled.py
29	CKV_ALI_28	resource	alicloud_kms_key	Ensure KMS Keys are enabled	Terraform	KMSKeyIsEnabled.py
30	CKV_ALI_29	resource	alicloud_alb_acl_entry_attachment	Alibaba ALB ACL does not restrict Access	Terraform	ALBACLIsUnrestricted.py
31	CKV_ALI_30	resource	alicloud_db_instance	Ensure RDS instance auto upgrades for minor versions	Terraform	RDSInstanceAutoUpgrade.py
32	CKV_ALI_31	resource	alicloud_cs_kubernetes_node_pool	Ensure K8s nodepools are set to auto repair	Terraform	K8sNodePoolAutoRepair.py
33	CKV_ALI_32	resource	alicloud_ecs_launch_template	Ensure launch template data disks are encrypted	Terraform	LaunchTemplateDisksAreEncrypted.py
34	CKV_ALI_33	resource	alicloud_slb_tls_cipher_policy	Alibaba Cloud Cypher Policy are secure	Terraform	TLSPoliciesAreSecure.py
35	CKV_ALI_35	resource	alicloud_db_instance	Ensure RDS instance has log_duration enabled	Terraform	RDSInstanceLogsEnabled.py
36	CKV_ALI_36	resource	alicloud_db_instance	Ensure RDS instance has log_disconnections enabled	Terraform	RDSInstanceLogDisconnections.py
37	CKV_ALI_37	resource	alicloud_db_instance	Ensure RDS instance has log_connections enabled	Terraform	RDSInstanceLogConnections.py
38	CKV_ALI_38	resource	alicloud_log_audit	Ensure log audit is enabled for RDS	Terraform	LogAuditRDSEnabled.py
39	CKV_ALI_41	resource	alicloud_mongodb_instance	Ensure MongoDB is deployed inside a VPC	Terraform	MongoDBInsideVPC.py
40	CKV_ALI_42	resource	alicloud_mongodb_instance	Ensure Mongodb instance uses SSL	Terraform	MongoDBInstanceSSL.py
41	CKV_ALI_43	resource	alicloud_mongodb_instance	Ensure MongoDB instance is not public	Terraform	MongoDBIsPublic.py
42	CKV_ALI_44	resource	alicloud_mongodb_instance	Ensure MongoDB has Transparent Data Encryption Enabled	Terraform	MongoDBTransparentDataEncryptionEnabled.py
43	CKV_ANSIBLE_1	resource	[?”ansible.builtin.uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
44	CKV_ANSIBLE_1	resource	[?”uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
45	CKV_ANSIBLE_1	resource	[].block[?”ansible.builtin.uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
46	CKV_ANSIBLE_1	resource	[].block[?”uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
47	CKV_ANSIBLE_1	resource	[].block[].block[?”ansible.builtin.uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
48	CKV_ANSIBLE_1	resource	[].block[].block[?”uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
49	CKV_ANSIBLE_1	resource	[].block[].block[].block[?”ansible.builtin.uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
50	CKV_ANSIBLE_1	resource	[].block[].block[].block[?”uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
51	CKV_ANSIBLE_1	resource	[].tasks[?”ansible.builtin.uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
52	CKV_ANSIBLE_1	resource	[].tasks[?”uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
53	CKV_ANSIBLE_1	resource	[].tasks[].block[?”ansible.builtin.uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
54	CKV_ANSIBLE_1	resource	[].tasks[].block[?”uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
55	CKV_ANSIBLE_1	resource	[].tasks[].block[].block[?”ansible.builtin.uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
56	CKV_ANSIBLE_1	resource	[].tasks[].block[].block[?”uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
57	CKV_ANSIBLE_1	resource	[].tasks[].block[].block[].block[?”ansible.builtin.uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
58	CKV_ANSIBLE_1	resource	[].tasks[].block[].block[].block[?”uri” != null][]	Ensure that certificate validation isn’t disabled with uri	Ansible	UriValidateCerts.py
59	CKV_ANSIBLE_2	resource	[?”ansible.builtin.get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
60	CKV_ANSIBLE_2	resource	[?”get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
61	CKV_ANSIBLE_2	resource	[].block[?”ansible.builtin.get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
62	CKV_ANSIBLE_2	resource	[].block[?”get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
63	CKV_ANSIBLE_2	resource	[].block[].block[?”ansible.builtin.get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
64	CKV_ANSIBLE_2	resource	[].block[].block[?”get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
65	CKV_ANSIBLE_2	resource	[].block[].block[].block[?”ansible.builtin.get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
66	CKV_ANSIBLE_2	resource	[].block[].block[].block[?”get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
67	CKV_ANSIBLE_2	resource	[].tasks[?”ansible.builtin.get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
68	CKV_ANSIBLE_2	resource	[].tasks[?”get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
69	CKV_ANSIBLE_2	resource	[].tasks[].block[?”ansible.builtin.get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
70	CKV_ANSIBLE_2	resource	[].tasks[].block[?”get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
71	CKV_ANSIBLE_2	resource	[].tasks[].block[].block[?”ansible.builtin.get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
72	CKV_ANSIBLE_2	resource	[].tasks[].block[].block[?”get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
73	CKV_ANSIBLE_2	resource	[].tasks[].block[].block[].block[?”ansible.builtin.get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
74	CKV_ANSIBLE_2	resource	[].tasks[].block[].block[].block[?”get_url” != null][]	Ensure that certificate validation isn’t disabled with get_url	Ansible	GetUrlValidateCerts.py
75	CKV_ANSIBLE_3	resource	[?”ansible.builtin.yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
76	CKV_ANSIBLE_3	resource	[?”yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
77	CKV_ANSIBLE_3	resource	[].block[?”ansible.builtin.yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
78	CKV_ANSIBLE_3	resource	[].block[?”yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
79	CKV_ANSIBLE_3	resource	[].block[].block[?”ansible.builtin.yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
80	CKV_ANSIBLE_3	resource	[].block[].block[?”yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
81	CKV_ANSIBLE_3	resource	[].block[].block[].block[?”ansible.builtin.yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
82	CKV_ANSIBLE_3	resource	[].block[].block[].block[?”yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
83	CKV_ANSIBLE_3	resource	[].tasks[?”ansible.builtin.yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
84	CKV_ANSIBLE_3	resource	[].tasks[?”yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
85	CKV_ANSIBLE_3	resource	[].tasks[].block[?”ansible.builtin.yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
86	CKV_ANSIBLE_3	resource	[].tasks[].block[?”yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
87	CKV_ANSIBLE_3	resource	[].tasks[].block[].block[?”ansible.builtin.yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
88	CKV_ANSIBLE_3	resource	[].tasks[].block[].block[?”yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
89	CKV_ANSIBLE_3	resource	[].tasks[].block[].block[].block[?”ansible.builtin.yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
90	CKV_ANSIBLE_3	resource	[].tasks[].block[].block[].block[?”yum” != null][]	Ensure that certificate validation isn’t disabled with yum	Ansible	YumValidateCerts.py
91	CKV_ANSIBLE_4	resource	[?”ansible.builtin.yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
92	CKV_ANSIBLE_4	resource	[?”yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
93	CKV_ANSIBLE_4	resource	[].block[?”ansible.builtin.yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
94	CKV_ANSIBLE_4	resource	[].block[?”yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
95	CKV_ANSIBLE_4	resource	[].block[].block[?”ansible.builtin.yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
96	CKV_ANSIBLE_4	resource	[].block[].block[?”yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
97	CKV_ANSIBLE_4	resource	[].block[].block[].block[?”ansible.builtin.yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
98	CKV_ANSIBLE_4	resource	[].block[].block[].block[?”yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
99	CKV_ANSIBLE_4	resource	[].tasks[?”ansible.builtin.yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
100	CKV_ANSIBLE_4	resource	[].tasks[?”yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
101	CKV_ANSIBLE_4	resource	[].tasks[].block[?”ansible.builtin.yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
102	CKV_ANSIBLE_4	resource	[].tasks[].block[?”yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
103	CKV_ANSIBLE_4	resource	[].tasks[].block[].block[?”ansible.builtin.yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
104	CKV_ANSIBLE_4	resource	[].tasks[].block[].block[?”yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
105	CKV_ANSIBLE_4	resource	[].tasks[].block[].block[].block[?”ansible.builtin.yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
106	CKV_ANSIBLE_4	resource	[].tasks[].block[].block[].block[?”yum” != null][]	Ensure that SSL validation isn’t disabled with yum	Ansible	YumSslVerify.py
107	CKV_ANSIBLE_5	resource	[?”ansible.builtin.apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
108	CKV_ANSIBLE_5	resource	[?”apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
109	CKV_ANSIBLE_5	resource	[].block[?”ansible.builtin.apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
110	CKV_ANSIBLE_5	resource	[].block[?”apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
111	CKV_ANSIBLE_5	resource	[].block[].block[?”ansible.builtin.apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
112	CKV_ANSIBLE_5	resource	[].block[].block[?”apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
113	CKV_ANSIBLE_5	resource	[].block[].block[].block[?”ansible.builtin.apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
114	CKV_ANSIBLE_5	resource	[].block[].block[].block[?”apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
115	CKV_ANSIBLE_5	resource	[].tasks[?”ansible.builtin.apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
116	CKV_ANSIBLE_5	resource	[].tasks[?”apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
117	CKV_ANSIBLE_5	resource	[].tasks[].block[?”ansible.builtin.apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
118	CKV_ANSIBLE_5	resource	[].tasks[].block[?”apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
119	CKV_ANSIBLE_5	resource	[].tasks[].block[].block[?”ansible.builtin.apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
120	CKV_ANSIBLE_5	resource	[].tasks[].block[].block[?”apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
121	CKV_ANSIBLE_5	resource	[].tasks[].block[].block[].block[?”ansible.builtin.apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
122	CKV_ANSIBLE_5	resource	[].tasks[].block[].block[].block[?”apt” != null][]	Ensure that packages with untrusted or missing signatures are not used	Ansible	AptAllowUnauthenticated.py
123	CKV_ANSIBLE_6	resource	[?”ansible.builtin.apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
124	CKV_ANSIBLE_6	resource	[?”apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
125	CKV_ANSIBLE_6	resource	[].block[?”ansible.builtin.apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
126	CKV_ANSIBLE_6	resource	[].block[?”apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
127	CKV_ANSIBLE_6	resource	[].block[].block[?”ansible.builtin.apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
128	CKV_ANSIBLE_6	resource	[].block[].block[?”apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
129	CKV_ANSIBLE_6	resource	[].block[].block[].block[?”ansible.builtin.apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
130	CKV_ANSIBLE_6	resource	[].block[].block[].block[?”apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
131	CKV_ANSIBLE_6	resource	[].tasks[?”ansible.builtin.apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
132	CKV_ANSIBLE_6	resource	[].tasks[?”apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
133	CKV_ANSIBLE_6	resource	[].tasks[].block[?”ansible.builtin.apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
134	CKV_ANSIBLE_6	resource	[].tasks[].block[?”apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
135	CKV_ANSIBLE_6	resource	[].tasks[].block[].block[?”ansible.builtin.apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
136	CKV_ANSIBLE_6	resource	[].tasks[].block[].block[?”apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
137	CKV_ANSIBLE_6	resource	[].tasks[].block[].block[].block[?”ansible.builtin.apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
138	CKV_ANSIBLE_6	resource	[].tasks[].block[].block[].block[?”apt” != null][]	Ensure that the force parameter is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	Ansible	AptForce.py
139	CKV2_ANSIBLE_1	resource	tasks.ansible.builtin.uri	Ensure that HTTPS url is used with uri	Ansible	UriHttpsOnly.yaml
140	CKV2_ANSIBLE_1	resource	tasks.uri	Ensure that HTTPS url is used with uri	Ansible	UriHttpsOnly.yaml
141	CKV2_ANSIBLE_2	resource	tasks.ansible.builtin.get_url	Ensure that HTTPS url is used with get_url	Ansible	GetUrlHttpsOnly.yaml
142	CKV2_ANSIBLE_2	resource	tasks.get_url	Ensure that HTTPS url is used with get_url	Ansible	GetUrlHttpsOnly.yaml
143	CKV2_ANSIBLE_3	resource	block	Ensure block is handling task errors properly	Ansible	BlockErrorHandling.yaml
144	CKV2_ANSIBLE_4	resource	tasks.ansible.builtin.dnf	Ensure that packages with untrusted or missing GPG signatures are not used by dnf	Ansible	DnfDisableGpgCheck.yaml
145	CKV2_ANSIBLE_4	resource	tasks.dnf	Ensure that packages with untrusted or missing GPG signatures are not used by dnf	Ansible	DnfDisableGpgCheck.yaml
146	CKV2_ANSIBLE_5	resource	tasks.ansible.builtin.dnf	Ensure that SSL validation isn’t disabled with dnf	Ansible	DnfSslVerify.yaml
147	CKV2_ANSIBLE_5	resource	tasks.dnf	Ensure that SSL validation isn’t disabled with dnf	Ansible	DnfSslVerify.yaml
148	CKV2_ANSIBLE_6	resource	tasks.ansible.builtin.dnf	Ensure that certificate validation isn’t disabled with dnf	Ansible	DnfValidateCerts.yaml
149	CKV2_ANSIBLE_6	resource	tasks.dnf	Ensure that certificate validation isn’t disabled with dnf	Ansible	DnfValidateCerts.yaml
150	CKV_ARGO_1	argo_workflows	spec	Ensure Workflow pods are not using the default ServiceAccount	Argo Workflows	DefaultServiceAccount.py
151	CKV_ARGO_2	argo_workflows	spec	Ensure Workflow pods are running as non-root user	Argo Workflows	RunAsNonRoot.py
152	CKV_AWS_1	data	aws_iam_policy_document	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	AdminPolicyDocument.py
153	CKV_AWS_1	resource	serverless_aws	Ensure IAM policies that allow full “-” administrative privileges are not created	serverless	AdminPolicyDocument.py
154	CKV_AWS_2	resource	AWS::ElasticLoadBalancingV2::Listener	Ensure ALB protocol is HTTPS	Cloudformation	ALBListenerHTTPS.py
155	CKV_AWS_2	resource	aws_alb_listener	Ensure ALB protocol is HTTPS	Terraform	ALBListenerHTTPS.py
156	CKV_AWS_2	resource	aws_lb_listener	Ensure ALB protocol is HTTPS	Terraform	ALBListenerHTTPS.py
157	CKV_AWS_3	resource	AWS::EC2::Volume	Ensure all data stored in the EBS is securely encrypted	Cloudformation	EBSEncryption.py
158	CKV_AWS_3	resource	aws_ebs_volume	Ensure all data stored in the EBS is securely encrypted	Terraform	EBSEncryption.py
159	CKV_AWS_5	resource	AWS::Elasticsearch::Domain	Ensure all data stored in the Elasticsearch is securely encrypted at rest	Cloudformation	ElasticsearchEncryption.py
160	CKV_AWS_5	resource	aws_elasticsearch_domain	Ensure all data stored in the Elasticsearch is securely encrypted at rest	Terraform	ElasticsearchEncryption.py
161	CKV_AWS_5	resource	aws_opensearch_domain	Ensure all data stored in the Elasticsearch is securely encrypted at rest	Terraform	ElasticsearchEncryption.py
162	CKV_AWS_6	resource	AWS::Elasticsearch::Domain	Ensure all Elasticsearch has node-to-node encryption enabled	Cloudformation	ElasticsearchNodeToNodeEncryption.py
163	CKV_AWS_6	resource	aws_elasticsearch_domain	Ensure all Elasticsearch has node-to-node encryption enabled	Terraform	ElasticsearchNodeToNodeEncryption.py
164	CKV_AWS_6	resource	aws_opensearch_domain	Ensure all Elasticsearch has node-to-node encryption enabled	Terraform	ElasticsearchNodeToNodeEncryption.py
165	CKV_AWS_7	resource	AWS::KMS::Key	Ensure rotation for customer created CMKs is enabled	Cloudformation	KMSRotation.py
166	CKV_AWS_7	resource	aws_kms_key	Ensure rotation for customer created CMKs is enabled	Terraform	KMSRotation.py
167	CKV_AWS_8	resource	AWS::AutoScaling::LaunchConfiguration	Ensure all data stored in the Launch configuration EBS is securely encrypted	Cloudformation	LaunchConfigurationEBSEncryption.py
168	CKV_AWS_8	resource	aws_instance	Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted	Terraform	LaunchConfigurationEBSEncryption.py
169	CKV_AWS_8	resource	aws_launch_configuration	Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted	Terraform	LaunchConfigurationEBSEncryption.py
170	CKV_AWS_9	resource	aws_iam_account_password_policy	Ensure IAM password policy expires passwords within 90 days or less	Terraform	PasswordPolicyExpiration.py
171	CKV_AWS_10	resource	aws_iam_account_password_policy	Ensure IAM password policy requires minimum length of 14 or greater	Terraform	PasswordPolicyLength.py
172	CKV_AWS_11	resource	aws_iam_account_password_policy	Ensure IAM password policy requires at least one lowercase letter	Terraform	PasswordPolicyLowercaseLetter.py
173	CKV_AWS_12	resource	aws_iam_account_password_policy	Ensure IAM password policy requires at least one number	Terraform	PasswordPolicyNumber.py
174	CKV_AWS_13	resource	aws_iam_account_password_policy	Ensure IAM password policy prevents password reuse	Terraform	PasswordPolicyReuse.py
175	CKV_AWS_14	resource	aws_iam_account_password_policy	Ensure IAM password policy requires at least one symbol	Terraform	PasswordPolicySymbol.py
176	CKV_AWS_15	resource	aws_iam_account_password_policy	Ensure IAM password policy requires at least one uppercase letter	Terraform	PasswordPolicyUppercaseLetter.py
177	CKV_AWS_16	resource	AWS::RDS::DBInstance	Ensure all data stored in the RDS is securely encrypted at rest	Cloudformation	RDSEncryption.py
178	CKV_AWS_16	resource	aws_db_instance	Ensure all data stored in the RDS is securely encrypted at rest	Terraform	RDSEncryption.py
179	CKV_AWS_17	resource	AWS::RDS::DBInstance	Ensure all data stored in RDS is not publicly accessible	Cloudformation	RDSPubliclyAccessible.py
180	CKV_AWS_17	resource	aws_db_instance	Ensure all data stored in RDS is not publicly accessible	Terraform	RDSPubliclyAccessible.py
181	CKV_AWS_17	resource	aws_rds_cluster_instance	Ensure all data stored in RDS is not publicly accessible	Terraform	RDSPubliclyAccessible.py
182	CKV_AWS_18	resource	AWS::S3::Bucket	Ensure the S3 bucket has access logging enabled	Cloudformation	S3AccessLogs.py
183	CKV_AWS_18	resource	aws_s3_bucket	Ensure the S3 bucket has access logging enabled	Terraform	S3BucketLogging.yaml
184	CKV_AWS_19	resource	AWS::S3::Bucket	Ensure the S3 bucket has server-side-encryption enabled	Cloudformation	S3Encryption.py
185	CKV_AWS_19	resource	aws_s3_bucket	Ensure all data stored in the S3 bucket is securely encrypted at rest	Terraform	S3BucketEncryption.yaml
186	CKV_AWS_19	resource	aws_s3_bucket_server_side_encryption_configuration	Ensure all data stored in the S3 bucket is securely encrypted at rest	Terraform	S3BucketEncryption.yaml
187	CKV_AWS_20	resource	AWS::S3::Bucket	Ensure the S3 bucket does not allow READ permissions to everyone	Cloudformation	S3PublicACLRead.py
188	CKV_AWS_20	resource	aws_s3_bucket	S3 Bucket has an ACL defined which allows public READ access.	Terraform	S3PublicACLRead.yaml
189	CKV_AWS_20	resource	aws_s3_bucket_acl	S3 Bucket has an ACL defined which allows public READ access.	Terraform	S3PublicACLRead.yaml
190	CKV_AWS_21	resource	AWS::S3::Bucket	Ensure the S3 bucket has versioning enabled	Cloudformation	S3Versioning.py
191	CKV_AWS_21	resource	aws_s3_bucket	Ensure all data stored in the S3 bucket have versioning enabled	Terraform	S3BucketVersioning.yaml
192	CKV_AWS_21	resource	aws_s3_bucket_versioning	Ensure all data stored in the S3 bucket have versioning enabled	Terraform	S3BucketVersioning.yaml
193	CKV_AWS_22	resource	aws_sagemaker_notebook_instance	Ensure SageMaker Notebook is encrypted at rest using KMS CMK	Terraform	SagemakerNotebookEncryption.py
194	CKV_AWS_23	resource	AWS::EC2::SecurityGroup	Ensure every security groups rule has a description	Cloudformation	SecurityGroupRuleDescription.py
195	CKV_AWS_23	resource	AWS::EC2::SecurityGroupEgress	Ensure every security groups rule has a description	Cloudformation	SecurityGroupRuleDescription.py
196	CKV_AWS_23	resource	AWS::EC2::SecurityGroupIngress	Ensure every security groups rule has a description	Cloudformation	SecurityGroupRuleDescription.py
197	CKV_AWS_23	resource	aws_db_security_group	Ensure every security group and rule has a description	Terraform	SecurityGroupRuleDescription.py
198	CKV_AWS_23	resource	aws_elasticache_security_group	Ensure every security group and rule has a description	Terraform	SecurityGroupRuleDescription.py
199	CKV_AWS_23	resource	aws_redshift_security_group	Ensure every security group and rule has a description	Terraform	SecurityGroupRuleDescription.py
200	CKV_AWS_23	resource	aws_security_group	Ensure every security group and rule has a description	Terraform	SecurityGroupRuleDescription.py
201	CKV_AWS_23	resource	aws_security_group_rule	Ensure every security group and rule has a description	Terraform	SecurityGroupRuleDescription.py
202	CKV_AWS_23	resource	aws_vpc_security_group_egress_rule	Ensure every security group and rule has a description	Terraform	SecurityGroupRuleDescription.py
203	CKV_AWS_23	resource	aws_vpc_security_group_ingress_rule	Ensure every security group and rule has a description	Terraform	SecurityGroupRuleDescription.py
204	CKV_AWS_24	resource	AWS::EC2::SecurityGroup	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22	Cloudformation	SecurityGroupUnrestrictedIngress22.py
205	CKV_AWS_24	resource	AWS::EC2::SecurityGroupIngress	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22	Cloudformation	SecurityGroupUnrestrictedIngress22.py
206	CKV_AWS_24	resource	aws_security_group	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22	Terraform	SecurityGroupUnrestrictedIngress22.py
207	CKV_AWS_24	resource	aws_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22	Terraform	SecurityGroupUnrestrictedIngress22.py
208	CKV_AWS_24	resource	aws_vpc_security_group_ingress_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22	Terraform	SecurityGroupUnrestrictedIngress22.py
209	CKV_AWS_25	resource	AWS::EC2::SecurityGroup	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389	Cloudformation	SecurityGroupUnrestrictedIngress3389.py
210	CKV_AWS_25	resource	AWS::EC2::SecurityGroupIngress	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389	Cloudformation	SecurityGroupUnrestrictedIngress3389.py
211	CKV_AWS_25	resource	aws_security_group	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389	Terraform	SecurityGroupUnrestrictedIngress3389.py
212	CKV_AWS_25	resource	aws_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389	Terraform	SecurityGroupUnrestrictedIngress3389.py
213	CKV_AWS_25	resource	aws_vpc_security_group_ingress_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389	Terraform	SecurityGroupUnrestrictedIngress3389.py
214	CKV_AWS_26	resource	AWS::SNS::Topic	Ensure all data stored in the SNS topic is encrypted	Cloudformation	SNSTopicEncryption.py
215	CKV_AWS_26	resource	aws_sns_topic	Ensure all data stored in the SNS topic is encrypted	Terraform	SNSTopicEncryption.py
216	CKV_AWS_27	resource	AWS::SQS::Queue	Ensure all data stored in the SQS queue is encrypted	Cloudformation	SQSQueueEncryption.py
217	CKV_AWS_27	resource	aws_sqs_queue	Ensure all data stored in the SQS queue is encrypted	Terraform	SQSQueueEncryption.py
218	CKV_AWS_28	resource	AWS::DynamoDB::Table	Ensure DynamoDB point in time recovery (backup) is enabled	Cloudformation	DynamodbRecovery.py
219	CKV_AWS_28	resource	aws_dynamodb_table	Ensure DynamoDB point in time recovery (backup) is enabled	Terraform	DynamodbRecovery.py
220	CKV_AWS_29	resource	AWS::ElastiCache::ReplicationGroup	Ensure all data stored in the ElastiCache Replication Group is securely encrypted at rest	Cloudformation	ElasticacheReplicationGroupEncryptionAtRest.py
221	CKV_AWS_29	resource	aws_elasticache_replication_group	Ensure all data stored in the ElastiCache Replication Group is securely encrypted at rest	Terraform	ElasticacheReplicationGroupEncryptionAtRest.py
222	CKV_AWS_30	resource	AWS::ElastiCache::ReplicationGroup	Ensure all data stored in the ElastiCache Replication Group is securely encrypted at transit	Cloudformation	ElasticacheReplicationGroupEncryptionAtTransit.py
223	CKV_AWS_30	resource	aws_elasticache_replication_group	Ensure all data stored in the ElastiCache Replication Group is securely encrypted at transit	Terraform	ElasticacheReplicationGroupEncryptionAtTransit.py
224	CKV_AWS_31	resource	AWS::ElastiCache::ReplicationGroup	Ensure all data stored in the ElastiCache Replication Group is securely encrypted at transit and has auth token	Cloudformation	ElasticacheReplicationGroupEncryptionAtTransitAuthToken.py
225	CKV_AWS_31	resource	aws_elasticache_replication_group	Ensure all data stored in the ElastiCache Replication Group is securely encrypted at transit and has auth token	Terraform	ElasticacheReplicationGroupEncryptionAtTransitAuthToken.py
226	CKV_AWS_32	resource	AWS::ECR::Repository	Ensure ECR policy is not set to public	Cloudformation	ECRPolicy.py
227	CKV_AWS_32	resource	aws_ecr_repository_policy	Ensure ECR policy is not set to public	Terraform	ECRPolicy.py
228	CKV_AWS_33	resource	AWS::KMS::Key	Ensure KMS key policy does not contain wildcard (*) principal	Cloudformation	KMSKeyWildCardPrincipal.py
229	CKV_AWS_33	resource	aws_kms_key	Ensure KMS key policy does not contain wildcard (*) principal	Terraform	KMSKeyWildcardPrincipal.py
230	CKV_AWS_34	resource	AWS::CloudFront::Distribution	Ensure CloudFront Distribution ViewerProtocolPolicy is set to HTTPS	Cloudformation	CloudfrontDistributionEncryption.py
231	CKV_AWS_34	resource	aws_cloudfront_distribution	Ensure CloudFront distribution ViewerProtocolPolicy is set to HTTPS	Terraform	CloudfrontDistributionEncryption.py
232	CKV_AWS_35	resource	AWS::CloudTrail::Trail	Ensure CloudTrail logs are encrypted at rest using KMS CMKs	Cloudformation	CloudtrailEncryption.py
233	CKV_AWS_35	resource	aws_cloudtrail	Ensure CloudTrail logs are encrypted at rest using KMS CMKs	Terraform	CloudtrailEncryptionWithCMK.py
234	CKV_AWS_36	resource	AWS::CloudTrail::Trail	Ensure CloudTrail log file validation is enabled	Cloudformation	CloudtrailLogValidation.py
235	CKV_AWS_36	resource	aws_cloudtrail	Ensure CloudTrail log file validation is enabled	Terraform	CloudtrailLogValidation.py
236	CKV_AWS_37	resource	aws_eks_cluster	Ensure Amazon EKS control plane logging is enabled for all log types	Terraform	EKSControlPlaneLogging.py
237	CKV_AWS_38	resource	aws_eks_cluster	Ensure Amazon EKS public endpoint not accessible to 0.0.0.0/0	Terraform	EKSPublicAccessCIDR.py
238	CKV_AWS_39	resource	aws_eks_cluster	Ensure Amazon EKS public endpoint disabled	Terraform	EKSPublicAccess.py
239	CKV_AWS_40	resource	AWS::IAM::Policy	Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)	Cloudformation	IAMPolicyAttachedToGroupOrRoles.py
240	CKV_AWS_40	resource	aws_iam_policy_attachment	Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)	Terraform	IAMPolicyAttachedToGroupOrRoles.py
241	CKV_AWS_40	resource	aws_iam_user_policy	Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)	Terraform	IAMPolicyAttachedToGroupOrRoles.py
242	CKV_AWS_40	resource	aws_iam_user_policy_attachment	Ensure IAM policies are attached only to groups or roles (Reducing access management complexity may in-turn reduce opportunity for a principal to inadvertently receive or retain excessive privileges.)	Terraform	IAMPolicyAttachedToGroupOrRoles.py
243	CKV_AWS_41	provider	aws	Ensure no hard coded AWS access key and secret key exists in provider	Terraform	credentials.py
244	CKV_AWS_41	resource	serverless_aws	Ensure no hard coded AWS access key and secret key exists in provider	serverless	AWSCredentials.py
245	CKV_AWS_42	resource	AWS::EFS::FileSystem	Ensure EFS is securely encrypted	Cloudformation	EFSEncryptionEnabled.py
246	CKV_AWS_42	resource	aws_efs_file_system	Ensure EFS is securely encrypted	Terraform	EFSEncryptionEnabled.py
247	CKV_AWS_43	resource	AWS::Kinesis::Stream	Ensure Kinesis Stream is securely encrypted	Cloudformation	KinesisStreamEncryptionType.py
248	CKV_AWS_43	resource	aws_kinesis_stream	Ensure Kinesis Stream is securely encrypted	Terraform	KinesisStreamEncryptionType.py
249	CKV_AWS_44	resource	AWS::Neptune::DBCluster	Ensure Neptune storage is securely encrypted	Cloudformation	NeptuneClusterStorageEncrypted.py
250	CKV_AWS_44	resource	aws_neptune_cluster	Ensure Neptune storage is securely encrypted	Terraform	NeptuneClusterStorageEncrypted.py
251	CKV_AWS_45	resource	AWS::Lambda::Function	Ensure no hard-coded secrets exist in Lambda environment	Cloudformation	LambdaEnvironmentCredentials.py
252	CKV_AWS_45	resource	AWS::Serverless::Function	Ensure no hard-coded secrets exist in Lambda environment	Cloudformation	LambdaEnvironmentCredentials.py
253	CKV_AWS_45	resource	aws_lambda_function	Ensure no hard-coded secrets exist in lambda environment	Terraform	LambdaEnvironmentCredentials.py
254	CKV_AWS_46	resource	AWS::EC2::Instance	Ensure no hard-coded secrets exist in EC2 user data	Cloudformation	EC2Credentials.py
255	CKV_AWS_46	resource	aws_instance	Ensure no hard-coded secrets exist in EC2 user data	Terraform	EC2Credentials.py
256	CKV_AWS_46	resource	aws_launch_configuration	Ensure no hard-coded secrets exist in EC2 user data	Terraform	EC2Credentials.py
257	CKV_AWS_46	resource	aws_launch_template	Ensure no hard-coded secrets exist in EC2 user data	Terraform	EC2Credentials.py
258	CKV_AWS_47	resource	AWS::DAX::Cluster	Ensure DAX is encrypted at rest (default is unencrypted)	Cloudformation	DAXEncryption.py
259	CKV_AWS_47	resource	aws_dax_cluster	Ensure DAX is encrypted at rest (default is unencrypted)	Terraform	DAXEncryption.py
260	CKV_AWS_48	resource	aws_mq_broker	Ensure MQ Broker logging is enabled	Terraform	MQBrokerLogging.py
261	CKV_AWS_49	data	aws_iam_policy_document	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	StarActionPolicyDocument.py
262	CKV_AWS_49	resource	serverless_aws	Ensure no IAM policies documents allow “*” as a statement’s actions	serverless	StarActionPolicyDocument.py
263	CKV_AWS_50	resource	aws_lambda_function	X-Ray tracing is enabled for Lambda	Terraform	LambdaXrayEnabled.py
264	CKV_AWS_51	resource	AWS::ECR::Repository	Ensure ECR Image Tags are immutable	Cloudformation	ECRImmutableTags.py
265	CKV_AWS_51	resource	aws_ecr_repository	Ensure ECR Image Tags are immutable	Terraform	ECRImmutableTags.py
266	CKV_AWS_53	resource	AWS::S3::Bucket	Ensure S3 bucket has block public ACLs enabled	Cloudformation	S3BlockPublicACLs.py
267	CKV_AWS_53	resource	aws_s3_bucket_public_access_block	Ensure S3 bucket has block public ACLS enabled	Terraform	S3BlockPublicACLs.py
268	CKV_AWS_54	resource	AWS::S3::Bucket	Ensure S3 bucket has block public policy enabled	Cloudformation	S3BlockPublicPolicy.py
269	CKV_AWS_54	resource	aws_s3_bucket_public_access_block	Ensure S3 bucket has block public policy enabled	Terraform	S3BlockPublicPolicy.py
270	CKV_AWS_55	resource	AWS::S3::Bucket	Ensure S3 bucket has ignore public ACLs enabled	Cloudformation	S3IgnorePublicACLs.py
271	CKV_AWS_55	resource	aws_s3_bucket_public_access_block	Ensure S3 bucket has ignore public ACLs enabled	Terraform	S3IgnorePublicACLs.py
272	CKV_AWS_56	resource	AWS::S3::Bucket	Ensure S3 bucket has RestrictPublicBuckets enabled	Cloudformation	S3RestrictPublicBuckets.py
273	CKV_AWS_56	resource	aws_s3_bucket_public_access_block	Ensure S3 bucket has ‘restrict_public_buckets’ enabled	Terraform	S3RestrictPublicBuckets.py
274	CKV_AWS_57	resource	AWS::S3::Bucket	Ensure the S3 bucket does not allow WRITE permissions to everyone	Cloudformation	S3PublicACLWrite.py
275	CKV_AWS_57	resource	aws_s3_bucket	S3 Bucket has an ACL defined which allows public WRITE access.	Terraform	S3PublicACLWrite.yaml
276	CKV_AWS_57	resource	aws_s3_bucket_acl	S3 Bucket has an ACL defined which allows public WRITE access.	Terraform	S3PublicACLWrite.yaml
277	CKV_AWS_58	resource	AWS::EKS::Cluster	Ensure EKS Cluster has Secrets Encryption Enabled	Cloudformation	EKSSecretsEncryption.py
278	CKV_AWS_58	resource	aws_eks_cluster	Ensure EKS Cluster has Secrets Encryption Enabled	Terraform	EKSSecretsEncryption.py
279	CKV_AWS_59	resource	AWS::ApiGateway::Method	Ensure there is no open access to back-end resources through API	Cloudformation	APIGatewayAuthorization.py
280	CKV_AWS_59	resource	aws_api_gateway_method	Ensure there is no open access to back-end resources through API	Terraform	APIGatewayAuthorization.py
281	CKV_AWS_60	resource	AWS::IAM::Role	Ensure IAM role allows only specific services or principals to assume it	Cloudformation	IAMRoleAllowsPublicAssume.py
282	CKV_AWS_60	resource	aws_iam_role	Ensure IAM role allows only specific services or principals to assume it	Terraform	IAMRoleAllowsPublicAssume.py
283	CKV_AWS_61	resource	AWS::IAM::Role	Ensure AWS IAM policy does not allow assume role permission across all services	Cloudformation	IAMRoleAllowAssumeFromAccount.py
284	CKV_AWS_61	resource	aws_iam_role	Ensure AWS IAM policy does not allow assume role permission across all services	Terraform	IAMRoleAllowAssumeFromAccount.py
285	CKV_AWS_62	resource	AWS::IAM::Group	Ensure no IAM policies that allow full “-” administrative privileges are not created	Cloudformation	IAMAdminPolicyDocument.py
286	CKV_AWS_62	resource	AWS::IAM::Policy	Ensure no IAM policies that allow full “-” administrative privileges are not created	Cloudformation	IAMAdminPolicyDocument.py
287	CKV_AWS_62	resource	AWS::IAM::Role	Ensure no IAM policies that allow full “-” administrative privileges are not created	Cloudformation	IAMAdminPolicyDocument.py
288	CKV_AWS_62	resource	AWS::IAM::User	Ensure no IAM policies that allow full “-” administrative privileges are not created	Cloudformation	IAMAdminPolicyDocument.py
289	CKV_AWS_62	resource	aws_iam_group_policy	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	IAMAdminPolicyDocument.py
290	CKV_AWS_62	resource	aws_iam_policy	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	IAMAdminPolicyDocument.py
291	CKV_AWS_62	resource	aws_iam_role_policy	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	IAMAdminPolicyDocument.py
292	CKV_AWS_62	resource	aws_iam_user_policy	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	IAMAdminPolicyDocument.py
293	CKV_AWS_62	resource	aws_ssoadmin_permission_set_inline_policy	Ensure IAM policies that allow full “-” administrative privileges are not created	Terraform	IAMAdminPolicyDocument.py
294	CKV_AWS_63	resource	AWS::IAM::Group	Ensure no IAM policies documents allow “*” as a statement’s actions	Cloudformation	IAMStarActionPolicyDocument.py
295	CKV_AWS_63	resource	AWS::IAM::Policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Cloudformation	IAMStarActionPolicyDocument.py
296	CKV_AWS_63	resource	AWS::IAM::Role	Ensure no IAM policies documents allow “*” as a statement’s actions	Cloudformation	IAMStarActionPolicyDocument.py
297	CKV_AWS_63	resource	AWS::IAM::User	Ensure no IAM policies documents allow “*” as a statement’s actions	Cloudformation	IAMStarActionPolicyDocument.py
298	CKV_AWS_63	resource	aws_iam_group_policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	IAMStarActionPolicyDocument.py
299	CKV_AWS_63	resource	aws_iam_policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	IAMStarActionPolicyDocument.py
300	CKV_AWS_63	resource	aws_iam_role_policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	IAMStarActionPolicyDocument.py
301	CKV_AWS_63	resource	aws_iam_user_policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	IAMStarActionPolicyDocument.py
302	CKV_AWS_63	resource	aws_ssoadmin_permission_set_inline_policy	Ensure no IAM policies documents allow “*” as a statement’s actions	Terraform	IAMStarActionPolicyDocument.py
303	CKV_AWS_64	resource	AWS::Redshift::Cluster	Ensure all data stored in the Redshift cluster is securely encrypted at rest	Cloudformation	RedshiftClusterEncryption.py
304	CKV_AWS_64	resource	aws_redshift_cluster	Ensure all data stored in the Redshift cluster is securely encrypted at rest	Terraform	RedshiftClusterEncryption.py
305	CKV_AWS_65	resource	AWS::ECS::Cluster	Ensure container insights are enabled on ECS cluster	Cloudformation	ECSClusterContainerInsights.py
306	CKV_AWS_65	resource	aws_ecs_cluster	Ensure container insights are enabled on ECS cluster	Terraform	ECSClusterContainerInsights.py
307	CKV_AWS_66	resource	AWS::Logs::LogGroup	Ensure that CloudWatch Log Group specifies retention days	Cloudformation	CloudWatchLogGroupRetention.py
308	CKV_AWS_66	resource	aws_cloudwatch_log_group	Ensure that CloudWatch Log Group specifies retention days	Terraform	CloudWatchLogGroupRetention.py
309	CKV_AWS_67	resource	AWS::CloudTrail::Trail	Ensure CloudTrail is enabled in all Regions	Cloudformation	CloudtrailMultiRegion.py
310	CKV_AWS_67	resource	aws_cloudtrail	Ensure CloudTrail is enabled in all Regions	Terraform	CloudtrailMultiRegion.py
311	CKV_AWS_68	resource	AWS::CloudFront::Distribution	CloudFront Distribution should have WAF enabled	Cloudformation	WAFEnabled.py
312	CKV_AWS_68	resource	aws_cloudfront_distribution	CloudFront Distribution should have WAF enabled	Terraform	WAFEnabled.py
313	CKV_AWS_69	resource	AWS::AmazonMQ::Broker	Ensure Amazon MQ Broker should not have public access	Cloudformation	AmazonMQBrokerPublicAccess.py
314	CKV_AWS_69	resource	aws_mq_broker	Ensure MQ Broker is not publicly exposed	Terraform	MQBrokerNotPubliclyExposed.py
315	CKV_AWS_70	resource	aws_s3_bucket	Ensure S3 bucket does not allow an action with any Principal	Terraform	S3AllowsAnyPrincipal.py
316	CKV_AWS_70	resource	aws_s3_bucket_policy	Ensure S3 bucket does not allow an action with any Principal	Terraform	S3AllowsAnyPrincipal.py
317	CKV_AWS_71	resource	AWS::Redshift::Cluster	Ensure Redshift Cluster logging is enabled	Cloudformation	RedshiftClusterLogging.py
318	CKV_AWS_71	resource	aws_redshift_cluster	Ensure Redshift Cluster logging is enabled	Terraform	RedshiftClusterLogging.py
319	CKV_AWS_72	resource	aws_sqs_queue_policy	Ensure SQS policy does not allow ALL (*) actions.	Terraform	SQSPolicy.py
320	CKV_AWS_73	resource	AWS::ApiGateway::Stage	Ensure API Gateway has X-Ray Tracing enabled	Cloudformation	APIGatewayXray.py
321	CKV_AWS_73	resource	AWS::Serverless::Api	Ensure API Gateway has X-Ray Tracing enabled	Cloudformation	APIGatewayXray.py
322	CKV_AWS_73	resource	aws_api_gateway_stage	Ensure API Gateway has X-Ray Tracing enabled	Terraform	APIGatewayXray.py
323	CKV_AWS_74	resource	AWS::DocDB::DBCluster	Ensure DocumentDB is encrypted at rest (default is unencrypted)	Cloudformation	DocDBEncryption.py
324	CKV_AWS_74	resource	aws_docdb_cluster	Ensure DocumentDB is encrypted at rest (default is unencrypted)	Terraform	DocDBEncryption.py
325	CKV_AWS_75	resource	aws_globalaccelerator_accelerator	Ensure Global Accelerator accelerator has flow logs enabled	Terraform	GlobalAcceleratorAcceleratorFlowLogs.py
326	CKV_AWS_76	resource	AWS::ApiGateway::Stage	Ensure API Gateway has Access Logging enabled	Cloudformation	APIGatewayAccessLogging.py
327	CKV_AWS_76	resource	AWS::Serverless::Api	Ensure API Gateway has Access Logging enabled	Cloudformation	APIGatewayAccessLogging.py
328	CKV_AWS_76	resource	aws_api_gateway_stage	Ensure API Gateway has Access Logging enabled	Terraform	APIGatewayAccessLogging.py
329	CKV_AWS_76	resource	aws_apigatewayv2_stage	Ensure API Gateway has Access Logging enabled	Terraform	APIGatewayAccessLogging.py
330	CKV_AWS_77	resource	aws_athena_database	Ensure Athena Database is encrypted at rest (default is unencrypted)	Terraform	AthenaDatabaseEncryption.py
331	CKV_AWS_78	resource	AWS::CodeBuild::Project	Ensure that CodeBuild Project encryption is not disabled	Cloudformation	CodeBuildProjectEncryption.py
332	CKV_AWS_78	resource	aws_codebuild_project	Ensure that CodeBuild Project encryption is not disabled	Terraform	CodeBuildProjectEncryption.py
333	CKV_AWS_79	resource	AWS::EC2::LaunchTemplate	Ensure Instance Metadata Service Version 1 is not enabled	Cloudformation	IMDSv1Disabled.py
334	CKV_AWS_79	resource	aws_instance	Ensure Instance Metadata Service Version 1 is not enabled	Terraform	IMDSv1Disabled.py
335	CKV_AWS_79	resource	aws_launch_configuration	Ensure Instance Metadata Service Version 1 is not enabled	Terraform	IMDSv1Disabled.py
336	CKV_AWS_79	resource	aws_launch_template	Ensure Instance Metadata Service Version 1 is not enabled	Terraform	IMDSv1Disabled.py
337	CKV_AWS_80	resource	AWS::MSK::Cluster	Ensure MSK Cluster logging is enabled	Cloudformation	MSKClusterLogging.py
338	CKV_AWS_80	resource	aws_msk_cluster	Ensure MSK Cluster logging is enabled	Terraform	MSKClusterLogging.py
339	CKV_AWS_81	resource	AWS::MSK::Cluster	Ensure MSK Cluster encryption in rest and transit is enabled	Cloudformation	MSKClusterEncryption.py
340	CKV_AWS_81	resource	aws_msk_cluster	Ensure MSK Cluster encryption in rest and transit is enabled	Terraform	MSKClusterEncryption.py
341	CKV_AWS_82	resource	AWS::Athena::WorkGroup	Ensure Athena Workgroup should enforce configuration to prevent client disabling encryption	Cloudformation	AthenaWorkgroupConfiguration.py
342	CKV_AWS_82	resource	aws_athena_workgroup	Ensure Athena Workgroup should enforce configuration to prevent client disabling encryption	Terraform	AthenaWorkgroupConfiguration.py
343	CKV_AWS_83	resource	AWS::Elasticsearch::Domain	Ensure Elasticsearch Domain enforces HTTPS	Cloudformation	ElasticsearchDomainEnforceHTTPS.py
344	CKV_AWS_83	resource	aws_elasticsearch_domain	Ensure Elasticsearch Domain enforces HTTPS	Terraform	ElasticsearchDomainEnforceHTTPS.py
345	CKV_AWS_83	resource	aws_opensearch_domain	Ensure Elasticsearch Domain enforces HTTPS	Terraform	ElasticsearchDomainEnforceHTTPS.py
346	CKV_AWS_84	resource	AWS::Elasticsearch::Domain	Ensure Elasticsearch Domain Logging is enabled	Cloudformation	ElasticsearchDomainLogging.py
347	CKV_AWS_84	resource	AWS::OpenSearchService::Domain	Ensure Elasticsearch Domain Logging is enabled	Cloudformation	ElasticsearchDomainLogging.py
348	CKV_AWS_84	resource	aws_elasticsearch_domain	Ensure Elasticsearch Domain Logging is enabled	Terraform	ElasticsearchDomainLogging.py
349	CKV_AWS_84	resource	aws_opensearch_domain	Ensure Elasticsearch Domain Logging is enabled	Terraform	ElasticsearchDomainLogging.py
350	CKV_AWS_85	resource	AWS::DocDB::DBCluster	Ensure DocumentDB Logging is enabled	Cloudformation	DocDBLogging.py
351	CKV_AWS_85	resource	aws_docdb_cluster	Ensure DocumentDB Logging is enabled	Terraform	DocDBLogging.py
352	CKV_AWS_86	resource	AWS::CloudFront::Distribution	Ensure CloudFront Distribution has Access Logging enabled	Cloudformation	CloudfrontDistributionLogging.py
353	CKV_AWS_86	resource	aws_cloudfront_distribution	Ensure CloudFront distribution has Access Logging enabled	Terraform	CloudfrontDistributionLogging.py
354	CKV_AWS_87	resource	AWS::Redshift::Cluster	Redshift cluster should not be publicly accessible	Cloudformation	RedshiftClusterPubliclyAccessible.py
355	CKV_AWS_87	resource	aws_redshift_cluster	Redshift cluster should not be publicly accessible	Terraform	RedshitClusterPubliclyAvailable.py
356	CKV_AWS_88	resource	AWS::EC2::Instance	EC2 instance should not have public IP.	Cloudformation	EC2PublicIP.py
357	CKV_AWS_88	resource	AWS::EC2::LaunchTemplate	EC2 instance should not have public IP.	Cloudformation	EC2PublicIP.py
358	CKV_AWS_88	resource	[?”amazon.aws.ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
359	CKV_AWS_88	resource	[?”ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
360	CKV_AWS_88	resource	[].block[?”amazon.aws.ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
361	CKV_AWS_88	resource	[].block[?”ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
362	CKV_AWS_88	resource	[].block[].block[?”amazon.aws.ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
363	CKV_AWS_88	resource	[].block[].block[?”ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
364	CKV_AWS_88	resource	[].block[].block[].block[?”amazon.aws.ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
365	CKV_AWS_88	resource	[].block[].block[].block[?”ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
366	CKV_AWS_88	resource	[].tasks[?”amazon.aws.ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
367	CKV_AWS_88	resource	[].tasks[?”ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
368	CKV_AWS_88	resource	[].tasks[].block[?”amazon.aws.ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
369	CKV_AWS_88	resource	[].tasks[].block[?”ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
370	CKV_AWS_88	resource	[].tasks[].block[].block[?”amazon.aws.ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
371	CKV_AWS_88	resource	[].tasks[].block[].block[?”ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
372	CKV_AWS_88	resource	[].tasks[].block[].block[].block[?”amazon.aws.ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
373	CKV_AWS_88	resource	[].tasks[].block[].block[].block[?”ec2_instance” != null][]	EC2 instance should not have public IP.	Ansible	EC2PublicIP.py
374	CKV_AWS_88	resource	aws_instance	EC2 instance should not have public IP.	Terraform	EC2PublicIP.py
375	CKV_AWS_88	resource	aws_launch_template	EC2 instance should not have public IP.	Terraform	EC2PublicIP.py
376	CKV_AWS_89	resource	AWS::DMS::ReplicationInstance	DMS replication instance should not be publicly accessible	Cloudformation	DMSReplicationInstancePubliclyAccessible.py
377	CKV_AWS_89	resource	aws_dms_replication_instance	DMS replication instance should not be publicly accessible	Terraform	DMSReplicationInstancePubliclyAccessible.py
378	CKV_AWS_90	resource	AWS::DocDB::DBClusterParameterGroup	Ensure DocumentDB TLS is not disabled	Cloudformation	DocDBTLS.py
379	CKV_AWS_90	resource	aws_docdb_cluster_parameter_group	Ensure DocumentDB TLS is not disabled	Terraform	DocDBTLS.py
380	CKV_AWS_91	resource	AWS::ElasticLoadBalancingV2::LoadBalancer	Ensure the ELBv2 (Application/Network) has access logging enabled	Cloudformation	ELBv2AccessLogs.py
381	CKV_AWS_91	resource	aws_alb	Ensure the ELBv2 (Application/Network) has access logging enabled	Terraform	ELBv2AccessLogs.py
382	CKV_AWS_91	resource	aws_lb	Ensure the ELBv2 (Application/Network) has access logging enabled	Terraform	ELBv2AccessLogs.py
383	CKV_AWS_92	resource	AWS::ElasticLoadBalancing::LoadBalancer	Ensure the ELB has access logging enabled	Cloudformation	ELBAccessLogs.py
384	CKV_AWS_92	resource	aws_elb	Ensure the ELB has access logging enabled	Terraform	ELBAccessLogs.py
385	CKV_AWS_93	resource	aws_s3_bucket	Ensure S3 bucket policy does not lockout all but root user. (Prevent lockouts needing root account fixes)	Terraform	S3ProtectAgainstPolicyLockout.py
386	CKV_AWS_93	resource	aws_s3_bucket_policy	Ensure S3 bucket policy does not lockout all but root user. (Prevent lockouts needing root account fixes)	Terraform	S3ProtectAgainstPolicyLockout.py
387	CKV_AWS_94	resource	AWS::Glue::DataCatalogEncryptionSettings	Ensure Glue Data Catalog Encryption is enabled	Cloudformation	GlueDataCatalogEncryption.py
388	CKV_AWS_94	resource	aws_glue_data_catalog_encryption_settings	Ensure Glue Data Catalog Encryption is enabled	Terraform	GlueDataCatalogEncryption.py
389	CKV_AWS_95	resource	AWS::ApiGatewayV2::Stage	Ensure API Gateway V2 has Access Logging enabled	Cloudformation	APIGatewayV2AccessLogging.py
390	CKV_AWS_95	resource	AWS::Serverless::HttpApi	Ensure API Gateway V2 has Access Logging enabled	Cloudformation	APIGatewayV2AccessLogging.py
391	CKV_AWS_96	resource	AWS::RDS::DBCluster	Ensure all data stored in Aurora is securely encrypted at rest	Cloudformation	AuroraEncryption.py
392	CKV_AWS_96	resource	aws_rds_cluster	Ensure all data stored in Aurora is securely encrypted at rest	Terraform	AuroraEncryption.py
393	CKV_AWS_97	resource	AWS::ECS::TaskDefinition	Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions	Cloudformation	ECSTaskDefinitionEFSVolumeEncryption.py
394	CKV_AWS_97	resource	aws_ecs_task_definition	Ensure Encryption in transit is enabled for EFS volumes in ECS Task definitions	Terraform	ECSTaskDefinitionEFSVolumeEncryption.py
395	CKV_AWS_98	resource	aws_sagemaker_endpoint_configuration	Ensure all data stored in the Sagemaker Endpoint is securely encrypted at rest	Terraform	SagemakerEndpointConfigurationEncryption.py
396	CKV_AWS_99	resource	AWS::Glue::SecurityConfiguration	Ensure Glue Security Configuration Encryption is enabled	Cloudformation	GlueSecurityConfiguration.py
397	CKV_AWS_99	resource	aws_glue_security_configuration	Ensure Glue Security Configuration Encryption is enabled	Terraform	GlueSecurityConfiguration.py
398	CKV_AWS_100	resource	AWS::EKS::Nodegroup	Ensure AWS EKS node group does not have implicit SSH access from 0.0.0.0/0	Cloudformation	EKSNodeGroupRemoteAccess.py
399	CKV_AWS_100	resource	aws_eks_node_group	Ensure AWS EKS node group does not have implicit SSH access from 0.0.0.0/0	Terraform	EKSNodeGroupRemoteAccess.py
400	CKV_AWS_101	resource	AWS::Neptune::DBCluster	Ensure Neptune logging is enabled	Cloudformation	NeptuneClusterLogging.py
401	CKV_AWS_101	resource	aws_neptune_cluster	Ensure Neptune logging is enabled	Terraform	NeptuneClusterLogging.py
402	CKV_AWS_102	resource	aws_neptune_cluster_instance	Ensure Neptune Cluster instance is not publicly available	Terraform	NeptuneClusterInstancePublic.py
403	CKV_AWS_103	resource	AWS::ElasticLoadBalancingV2::Listener	Ensure that Load Balancer Listener is using at least TLS v1.2	Cloudformation	ALBListenerTLS12.py
404	CKV_AWS_103	resource	aws_alb_listener	Ensure that load balancer is using at least TLS 1.2	Terraform	AppLoadBalancerTLS12.yaml
405	CKV_AWS_103	resource	aws_lb	Ensure that load balancer is using at least TLS 1.2	Terraform	AppLoadBalancerTLS12.yaml
406	CKV_AWS_103	resource	aws_lb_listener	Ensure that load balancer is using at least TLS 1.2	Terraform	AppLoadBalancerTLS12.yaml
407	CKV_AWS_104	resource	AWS::DocDB::DBClusterParameterGroup	Ensure DocumentDB has audit logs enabled	Cloudformation	DocDBAuditLogs.py
408	CKV_AWS_104	resource	aws_docdb_cluster_parameter_group	Ensure DocumentDB has audit logs enabled	Terraform	DocDBAuditLogs.py
409	CKV_AWS_105	resource	AWS::Redshift::ClusterParameterGroup	Ensure Redshift uses SSL	Cloudformation	RedShiftSSL.py
410	CKV_AWS_105	resource	aws_redshift_parameter_group	Ensure Redshift uses SSL	Terraform	RedShiftSSL.py
411	CKV_AWS_106	resource	aws_ebs_encryption_by_default	Ensure EBS default encryption is enabled	Terraform	EBSDefaultEncryption.py
412	CKV_AWS_107	resource	AWS::IAM::Group	Ensure IAM policies does not allow credentials exposure	Cloudformation	IAMCredentialsExposure.py
413	CKV_AWS_107	resource	AWS::IAM::ManagedPolicy	Ensure IAM policies does not allow credentials exposure	Cloudformation	IAMCredentialsExposure.py
414	CKV_AWS_107	resource	AWS::IAM::Policy	Ensure IAM policies does not allow credentials exposure	Cloudformation	IAMCredentialsExposure.py
415	CKV_AWS_107	resource	AWS::IAM::Role	Ensure IAM policies does not allow credentials exposure	Cloudformation	IAMCredentialsExposure.py
416	CKV_AWS_107	resource	AWS::IAM::User	Ensure IAM policies does not allow credentials exposure	Cloudformation	IAMCredentialsExposure.py
417	CKV_AWS_107	data	aws_iam_policy_document	Ensure IAM policies does not allow credentials exposure	Terraform	IAMCredentialsExposure.py
418	CKV_AWS_108	resource	AWS::IAM::Group	Ensure IAM policies does not allow data exfiltration	Cloudformation	IAMDataExfiltration.py
419	CKV_AWS_108	resource	AWS::IAM::ManagedPolicy	Ensure IAM policies does not allow data exfiltration	Cloudformation	IAMDataExfiltration.py
420	CKV_AWS_108	resource	AWS::IAM::Policy	Ensure IAM policies does not allow data exfiltration	Cloudformation	IAMDataExfiltration.py
421	CKV_AWS_108	resource	AWS::IAM::Role	Ensure IAM policies does not allow data exfiltration	Cloudformation	IAMDataExfiltration.py
422	CKV_AWS_108	resource	AWS::IAM::User	Ensure IAM policies does not allow data exfiltration	Cloudformation	IAMDataExfiltration.py
423	CKV_AWS_108	data	aws_iam_policy_document	Ensure IAM policies does not allow data exfiltration	Terraform	IAMDataExfiltration.py
424	CKV_AWS_109	resource	AWS::IAM::Group	Ensure IAM policies does not allow permissions management without constraints	Cloudformation	IAMPermissionsManagement.py
425	CKV_AWS_109	resource	AWS::IAM::ManagedPolicy	Ensure IAM policies does not allow permissions management without constraints	Cloudformation	IAMPermissionsManagement.py
426	CKV_AWS_109	resource	AWS::IAM::Policy	Ensure IAM policies does not allow permissions management without constraints	Cloudformation	IAMPermissionsManagement.py
427	CKV_AWS_109	resource	AWS::IAM::Role	Ensure IAM policies does not allow permissions management without constraints	Cloudformation	IAMPermissionsManagement.py
428	CKV_AWS_109	resource	AWS::IAM::User	Ensure IAM policies does not allow permissions management without constraints	Cloudformation	IAMPermissionsManagement.py
429	CKV_AWS_109	data	aws_iam_policy_document	Ensure IAM policies does not allow permissions management / resource exposure without constraints	Terraform	IAMPermissionsManagement.py
430	CKV_AWS_110	resource	AWS::IAM::Group	Ensure IAM policies does not allow privilege escalation	Cloudformation	IAMPrivilegeEscalation.py
431	CKV_AWS_110	resource	AWS::IAM::ManagedPolicy	Ensure IAM policies does not allow privilege escalation	Cloudformation	IAMPrivilegeEscalation.py
432	CKV_AWS_110	resource	AWS::IAM::Policy	Ensure IAM policies does not allow privilege escalation	Cloudformation	IAMPrivilegeEscalation.py
433	CKV_AWS_110	resource	AWS::IAM::Role	Ensure IAM policies does not allow privilege escalation	Cloudformation	IAMPrivilegeEscalation.py
434	CKV_AWS_110	resource	AWS::IAM::User	Ensure IAM policies does not allow privilege escalation	Cloudformation	IAMPrivilegeEscalation.py
435	CKV_AWS_110	data	aws_iam_policy_document	Ensure IAM policies does not allow privilege escalation	Terraform	IAMPrivilegeEscalation.py
436	CKV_AWS_111	resource	AWS::IAM::Group	Ensure IAM policies does not allow write access without constraints	Cloudformation	IAMWriteAccess.py
437	CKV_AWS_111	resource	AWS::IAM::ManagedPolicy	Ensure IAM policies does not allow write access without constraints	Cloudformation	IAMWriteAccess.py
438	CKV_AWS_111	resource	AWS::IAM::Policy	Ensure IAM policies does not allow write access without constraints	Cloudformation	IAMWriteAccess.py
439	CKV_AWS_111	resource	AWS::IAM::Role	Ensure IAM policies does not allow write access without constraints	Cloudformation	IAMWriteAccess.py
440	CKV_AWS_111	resource	AWS::IAM::User	Ensure IAM policies does not allow write access without constraints	Cloudformation	IAMWriteAccess.py
441	CKV_AWS_111	data	aws_iam_policy_document	Ensure IAM policies does not allow write access without constraints	Terraform	IAMWriteAccess.py
442	CKV_AWS_112	resource	aws_ssm_document	Ensure Session Manager data is encrypted in transit	Terraform	SSMSessionManagerDocumentEncryption.py
443	CKV_AWS_113	resource	aws_ssm_document	Ensure Session Manager logs are enabled and encrypted	Terraform	SSMSessionManagerDocumentLogging.py
444	CKV_AWS_114	resource	aws_emr_cluster	Ensure that EMR clusters with Kerberos have Kerberos Realm set	Terraform	EMRClusterKerberosAttributes.py
445	CKV_AWS_115	resource	AWS::Lambda::Function	Ensure that AWS Lambda function is configured for function-level concurrent execution limit	Cloudformation	LambdaFunctionLevelConcurrentExecutionLimit.py
446	CKV_AWS_115	resource	AWS::Serverless::Function	Ensure that AWS Lambda function is configured for function-level concurrent execution limit	Cloudformation	LambdaFunctionLevelConcurrentExecutionLimit.py
447	CKV_AWS_115	resource	aws_lambda_function	Ensure that AWS Lambda function is configured for function-level concurrent execution limit	Terraform	LambdaFunctionLevelConcurrentExecutionLimit.py
448	CKV_AWS_116	resource	AWS::Lambda::Function	Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)	Cloudformation	LambdaDLQConfigured.py
449	CKV_AWS_116	resource	AWS::Serverless::Function	Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)	Cloudformation	LambdaDLQConfigured.py
450	CKV_AWS_116	resource	aws_lambda_function	Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)	Terraform	LambdaDLQConfigured.py
451	CKV_AWS_117	resource	AWS::Lambda::Function	Ensure that AWS Lambda function is configured inside a VPC	Cloudformation	LambdaInVPC.py
452	CKV_AWS_117	resource	AWS::Serverless::Function	Ensure that AWS Lambda function is configured inside a VPC	Cloudformation	LambdaInVPC.py
453	CKV_AWS_117	resource	aws_lambda_function	Ensure that AWS Lambda function is configured inside a VPC	Terraform	LambdaInVPC.py
454	CKV_AWS_118	resource	AWS::RDS::DBInstance	Ensure that enhanced monitoring is enabled for Amazon RDS instances	Cloudformation	RDSEnhancedMonitorEnabled.py
455	CKV_AWS_118	resource	aws_db_instance	Ensure that enhanced monitoring is enabled for Amazon RDS instances	Terraform	RDSEnhancedMonitorEnabled.py
456	CKV_AWS_118	resource	aws_rds_cluster_instance	Ensure that enhanced monitoring is enabled for Amazon RDS instances	Terraform	RDSEnhancedMonitorEnabled.py
457	CKV_AWS_119	resource	AWS::DynamoDB::Table	Ensure DynamoDB Tables are encrypted using a KMS Customer Managed CMK	Cloudformation	DynamoDBTablesEncrypted.py
458	CKV_AWS_119	resource	aws_dynamodb_table	Ensure DynamoDB Tables are encrypted using a KMS Customer Managed CMK	Terraform	DynamoDBTablesEncrypted.py
459	CKV_AWS_120	resource	AWS::ApiGateway::Stage	Ensure API Gateway caching is enabled	Cloudformation	APIGatewayCacheEnable.py
460	CKV_AWS_120	resource	AWS::Serverless::Api	Ensure API Gateway caching is enabled	Cloudformation	APIGatewayCacheEnable.py
461	CKV_AWS_120	resource	aws_api_gateway_stage	Ensure API Gateway caching is enabled	Terraform	APIGatewayCacheEnable.py
462	CKV_AWS_121	resource	aws_config_configuration_aggregator	Ensure AWS Config is enabled in all regions	Terraform	ConfigConfgurationAggregatorAllRegions.py
463	CKV_AWS_122	resource	aws_sagemaker_notebook_instance	Ensure that direct internet access is disabled for an Amazon SageMaker Notebook Instance	Terraform	SageMakerInternetAccessDisabled.py
464	CKV_AWS_123	resource	AWS::EC2::VPCEndpointService	Ensure that VPC Endpoint Service is configured for Manual Acceptance	Cloudformation	VPCEndpointAcceptanceConfigured.py
465	CKV_AWS_123	resource	aws_vpc_endpoint_service	Ensure that VPC Endpoint Service is configured for Manual Acceptance	Terraform	VPCEndpointAcceptanceConfigured.py
466	CKV_AWS_124	resource	aws_cloudformation_stack	Ensure that CloudFormation stacks are sending event notifications to an SNS topic	Terraform	CloudformationStackNotificationArns.py
467	CKV_AWS_126	resource	aws_instance	Ensure that detailed monitoring is enabled for EC2 instances	Terraform	EC2DetailedMonitoringEnabled.py
468	CKV_AWS_127	resource	aws_elb	Ensure that Elastic Load Balancer(s) uses SSL certificates provided by AWS Certificate Manager	Terraform	ELBUsesSSL.py
469	CKV_AWS_129	resource	aws_db_instance	Ensure that respective logs of Amazon Relational Database Service (Amazon RDS) are enabled	Terraform	DBInstanceLogging.py
470	CKV_AWS_130	resource	aws_subnet	Ensure VPC subnets do not assign public IP by default	Terraform	SubnetPublicIP.py
471	CKV_AWS_131	resource	AWS::ElasticLoadBalancingV2::LoadBalancer	Ensure that ALB drops HTTP headers	Cloudformation	ALBDropHttpHeaders.py
472	CKV_AWS_131	resource	aws_alb	Ensure that ALB drops HTTP headers	Terraform	ALBDropHttpHeaders.py
473	CKV_AWS_131	resource	aws_lb	Ensure that ALB drops HTTP headers	Terraform	ALBDropHttpHeaders.py
474	CKV_AWS_133	resource	aws_db_instance	Ensure that RDS instances has backup policy	Terraform	DBInstanceBackupRetentionPeriod.py
475	CKV_AWS_133	resource	aws_rds_cluster	Ensure that RDS instances has backup policy	Terraform	DBInstanceBackupRetentionPeriod.py
476	CKV_AWS_134	resource	aws_elasticache_cluster	Ensure that Amazon ElastiCache Redis clusters have automatic backup turned on	Terraform	ElasticCacheAutomaticBackup.py
477	CKV_AWS_135	resource	[?”amazon.aws.ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
478	CKV_AWS_135	resource	[?”ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
479	CKV_AWS_135	resource	[].block[?”amazon.aws.ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
480	CKV_AWS_135	resource	[].block[?”ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
481	CKV_AWS_135	resource	[].block[].block[?”amazon.aws.ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
482	CKV_AWS_135	resource	[].block[].block[?”ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
483	CKV_AWS_135	resource	[].block[].block[].block[?”amazon.aws.ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
484	CKV_AWS_135	resource	[].block[].block[].block[?”ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
485	CKV_AWS_135	resource	[].tasks[?”amazon.aws.ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
486	CKV_AWS_135	resource	[].tasks[?”ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
487	CKV_AWS_135	resource	[].tasks[].block[?”amazon.aws.ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
488	CKV_AWS_135	resource	[].tasks[].block[?”ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
489	CKV_AWS_135	resource	[].tasks[].block[].block[?”amazon.aws.ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
490	CKV_AWS_135	resource	[].tasks[].block[].block[?”ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
491	CKV_AWS_135	resource	[].tasks[].block[].block[].block[?”amazon.aws.ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
492	CKV_AWS_135	resource	[].tasks[].block[].block[].block[?”ec2_instance” != null][]	Ensure that EC2 is EBS optimized	Ansible	EC2EBSOptimized.py
493	CKV_AWS_135	resource	aws_instance	Ensure that EC2 is EBS optimized	Terraform	EC2EBSOptimized.py
494	CKV_AWS_136	resource	AWS::ECR::Repository	Ensure that ECR repositories are encrypted using KMS	Cloudformation	ECRRepositoryEncrypted.py
495	CKV_AWS_136	resource	aws_ecr_repository	Ensure that ECR repositories are encrypted using KMS	Terraform	ECRRepositoryEncrypted.py
496	CKV_AWS_137	resource	aws_elasticsearch_domain	Ensure that Elasticsearch is configured inside a VPC	Terraform	ElasticsearchInVPC.py
497	CKV_AWS_137	resource	aws_opensearch_domain	Ensure that Elasticsearch is configured inside a VPC	Terraform	ElasticsearchInVPC.py
498	CKV_AWS_138	resource	aws_elb	Ensure that ELB is cross-zone-load-balancing enabled	Terraform	ELBCrossZoneEnable.py
499	CKV_AWS_139	resource	aws_rds_cluster	Ensure that RDS clusters have deletion protection enabled	Terraform	RDSDeletionProtection.py
500	CKV_AWS_140	resource	aws_rds_global_cluster	Ensure that RDS global clusters are encrypted	Terraform	RDSClusterEncrypted.py
501	CKV_AWS_141	resource	aws_redshift_cluster	Ensured that Redshift cluster allowing version upgrade by default	Terraform	RedshiftClusterAllowVersionUpgrade.py
502	CKV_AWS_142	resource	aws_redshift_cluster	Ensure that Redshift cluster is encrypted by KMS	Terraform	RedshiftClusterKMSKey.py
503	CKV_AWS_143	resource	aws_s3_bucket	Ensure that S3 bucket has lock configuration enabled by default	Terraform	S3BucketObjectLock.py
504	CKV_AWS_144	resource	aws_s3_bucket	Ensure that S3 bucket has cross-region replication enabled	Terraform	S3BucketReplicationConfiguration.yaml
505	CKV_AWS_144	resource	aws_s3_bucket_replication_configuration	Ensure that S3 bucket has cross-region replication enabled	Terraform	S3BucketReplicationConfiguration.yaml
506	CKV_AWS_145	resource	aws_s3_bucket	Ensure that S3 buckets are encrypted with KMS by default	Terraform	S3KMSEncryptedByDefault.yaml
507	CKV_AWS_145	resource	aws_s3_bucket_server_side_encryption_configuration	Ensure that S3 buckets are encrypted with KMS by default	Terraform	S3KMSEncryptedByDefault.yaml
508	CKV_AWS_146	resource	aws_db_cluster_snapshot	Ensure that RDS database cluster snapshot is encrypted	Terraform	RDSClusterSnapshotEncrypted.py
509	CKV_AWS_147	resource	aws_codebuild_project	Ensure that CodeBuild projects are encrypted using CMK	Terraform	CodebuildUsesCMK.py
510	CKV_AWS_148	resource	aws_default_vpc	Ensure no default VPC is planned to be provisioned	Terraform	VPCDefaultNetwork.py
511	CKV_AWS_149	resource	AWS::SecretsManager::Secret	Ensure that Secrets Manager secret is encrypted using KMS CMK	Cloudformation	SecretManagerSecretEncrypted.py
512	CKV_AWS_149	resource	aws_secretsmanager_secret	Ensure that Secrets Manager secret is encrypted using KMS CMK	Terraform	SecretManagerSecretEncrypted.py
513	CKV_AWS_150	resource	aws_alb	Ensure that Load Balancer has deletion protection enabled	Terraform	LBDeletionProtection.py
514	CKV_AWS_150	resource	aws_lb	Ensure that Load Balancer has deletion protection enabled	Terraform	LBDeletionProtection.py
515	CKV_AWS_152	resource	aws_alb	Ensure that Load Balancer (Network/Gateway) has cross-zone load balancing enabled	Terraform	LBCrossZone.py
516	CKV_AWS_152	resource	aws_lb	Ensure that Load Balancer (Network/Gateway) has cross-zone load balancing enabled	Terraform	LBCrossZone.py
517	CKV_AWS_153	resource	aws_autoscaling_group	Autoscaling groups should supply tags to launch configurations	Terraform	AutoScalingTagging.py
518	CKV_AWS_154	resource	AWS::Redshift::Cluster	Ensure Redshift is not deployed outside of a VPC	Cloudformation	RedshiftInEc2ClassicMode.py
519	CKV_AWS_154	resource	aws_redshift_cluster	Ensure Redshift is not deployed outside of a VPC	Terraform	RedshiftInEc2ClassicMode.py
520	CKV_AWS_155	resource	AWS::WorkSpaces::Workspace	Ensure that Workspace user volumes are encrypted	Cloudformation	WorkspaceUserVolumeEncrypted.py
521	CKV_AWS_155	resource	aws_workspaces_workspace	Ensure that Workspace user volumes are encrypted	Terraform	WorkspaceUserVolumeEncrypted.py
522	CKV_AWS_156	resource	AWS::WorkSpaces::Workspace	Ensure that Workspace root volumes are encrypted	Cloudformation	WorkspaceRootVolumeEncrypted.py
523	CKV_AWS_156	resource	aws_workspaces_workspace	Ensure that Workspace root volumes are encrypted	Terraform	WorkspaceRootVolumeEncrypted.py
524	CKV_AWS_157	resource	AWS::RDS::DBInstance	Ensure that RDS instances have Multi-AZ enabled	Cloudformation	RDSMultiAZEnabled.py
525	CKV_AWS_157	resource	aws_db_instance	Ensure that RDS instances have Multi-AZ enabled	Terraform	RDSMultiAZEnabled.py
526	CKV_AWS_158	resource	AWS::Logs::LogGroup	Ensure that CloudWatch Log Group is encrypted by KMS	Cloudformation	CloudWatchLogGroupKMSKey.py
527	CKV_AWS_158	resource	aws_cloudwatch_log_group	Ensure that CloudWatch Log Group is encrypted by KMS	Terraform	CloudWatchLogGroupKMSKey.py
528	CKV_AWS_159	resource	aws_athena_workgroup	Ensure that Athena Workgroup is encrypted	Terraform	AthenaWorkgroupEncryption.py
529	CKV_AWS_160	resource	AWS::Timestream::Database	Ensure that Timestream database is encrypted with KMS CMK	Cloudformation	TimestreamDatabaseKMSKey.py
530	CKV_AWS_160	resource	aws_timestreamwrite_database	Ensure that Timestream database is encrypted with KMS CMK	Terraform	TimestreamDatabaseKMSKey.py
531	CKV_AWS_161	resource	AWS::RDS::DBInstance	Ensure RDS database has IAM authentication enabled	Cloudformation	RDSIAMAuthentication.py
532	CKV_AWS_161	resource	aws_db_instance	Ensure RDS database has IAM authentication enabled	Terraform	RDSIAMAuthentication.py
533	CKV_AWS_162	resource	AWS::RDS::DBCluster	Ensure RDS cluster has IAM authentication enabled	Cloudformation	RDSClusterIAMAuthentication.py
534	CKV_AWS_162	resource	aws_rds_cluster	Ensure RDS cluster has IAM authentication enabled	Terraform	RDSClusterIAMAuthentication.py
535	CKV_AWS_163	resource	AWS::ECR::Repository	Ensure ECR image scanning on push is enabled	Cloudformation	ECRImageScanning.py
536	CKV_AWS_163	resource	aws_ecr_repository	Ensure ECR image scanning on push is enabled	Terraform	ECRImageScanning.py
537	CKV_AWS_164	resource	AWS::Transfer::Server	Ensure Transfer Server is not exposed publicly.	Cloudformation	TransferServerIsPublic.py
538	CKV_AWS_164	resource	aws_transfer_server	Ensure Transfer Server is not exposed publicly.	Terraform	TransferServerIsPublic.py
539	CKV_AWS_165	resource	AWS::DynamoDB::GlobalTable	Ensure DynamoDB global table point in time recovery (backup) is enabled	Cloudformation	DynamodbGlobalTableRecovery.py
540	CKV_AWS_165	resource	aws_dynamodb_global_table	Ensure DynamoDB point in time recovery (backup) is enabled for global tables	Terraform	DynamoDBGlobalTableRecovery.py
541	CKV_AWS_166	resource	AWS::Backup::BackupVault	Ensure Backup Vault is encrypted at rest using KMS CMK	Cloudformation	BackupVaultEncrypted.py
542	CKV_AWS_166	resource	aws_backup_vault	Ensure Backup Vault is encrypted at rest using KMS CMK	Terraform	BackupVaultEncrypted.py
543	CKV_AWS_167	resource	aws_glacier_vault	Ensure Glacier Vault access policy is not public by only allowing specific services or principals to access it	Terraform	GlacierVaultAnyPrincipal.py
544	CKV_AWS_168	resource	aws_sqs_queue	Ensure SQS queue policy is not public by only allowing specific services or principals to access it	Terraform	SQSQueuePolicyAnyPrincipal.py
545	CKV_AWS_168	resource	aws_sqs_queue_policy	Ensure SQS queue policy is not public by only allowing specific services or principals to access it	Terraform	SQSQueuePolicyAnyPrincipal.py
546	CKV_AWS_169	resource	aws_sns_topic_policy	Ensure SNS topic policy is not public by only allowing specific services or principals to access it	Terraform	SNSTopicPolicyAnyPrincipal.py
547	CKV_AWS_170	resource	AWS::QLDB::Ledger	Ensure QLDB ledger permissions mode is set to STANDARD	Cloudformation	QLDBLedgerPermissionsMode.py
548	CKV_AWS_170	resource	aws_qldb_ledger	Ensure QLDB ledger permissions mode is set to STANDARD	Terraform	QLDBLedgerPermissionsMode.py
549	CKV_AWS_171	resource	aws_emr_security_configuration	Ensure EMR Cluster security configuration encryption is using SSE-KMS	Terraform	EMRClusterIsEncryptedKMS.py
550	CKV_AWS_172	resource	AWS::QLDB::Ledger	Ensure QLDB ledger has deletion protection enabled	Cloudformation	QLDBLedgerDeletionProtection.py
551	CKV_AWS_172	resource	aws_qldb_ledger	Ensure QLDB ledger has deletion protection enabled	Terraform	QLDBLedgerDeletionProtection.py
552	CKV_AWS_173	resource	AWS::Lambda::Function	Check encryption settings for Lambda environment variable	Cloudformation	LambdaEnvironmentEncryptionSettings.py
553	CKV_AWS_173	resource	AWS::Serverless::Function	Check encryption settings for Lambda environment variable	Cloudformation	LambdaEnvironmentEncryptionSettings.py
554	CKV_AWS_173	resource	aws_lambda_function	Check encryption settings for Lambda environmental variable	Terraform	LambdaEnvironmentEncryptionSettings.py
555	CKV_AWS_174	resource	AWS::CloudFront::Distribution	Verify CloudFront Distribution Viewer Certificate is using TLS v1.2	Cloudformation	CloudFrontTLS12.py
556	CKV_AWS_174	resource	aws_cloudfront_distribution	Verify CloudFront Distribution Viewer Certificate is using TLS v1.2	Terraform	CloudfrontTLS12.py
557	CKV_AWS_175	resource	aws_waf_web_acl	Ensure WAF has associated rules	Terraform	WAFHasAnyRules.py
558	CKV_AWS_175	resource	aws_wafregional_web_acl	Ensure WAF has associated rules	Terraform	WAFHasAnyRules.py
559	CKV_AWS_175	resource	aws_wafv2_web_acl	Ensure WAF has associated rules	Terraform	WAFHasAnyRules.py
560	CKV_AWS_176	resource	aws_waf_web_acl	Ensure Logging is enabled for WAF Web Access Control Lists	Terraform	WAFHasLogs.py
561	CKV_AWS_176	resource	aws_wafregional_web_acl	Ensure Logging is enabled for WAF Web Access Control Lists	Terraform	WAFHasLogs.py
562	CKV_AWS_177	resource	aws_kinesis_video_stream	Ensure Kinesis Video Stream is encrypted by KMS using a customer managed Key (CMK)	Terraform	KinesisVideoEncryptedWithCMK.py
563	CKV_AWS_178	resource	aws_fsx_ontap_file_system	Ensure fx ontap file system is encrypted by KMS using a customer managed Key (CMK)	Terraform	FSXOntapFSEncryptedWithCMK.py
564	CKV_AWS_179	resource	aws_fsx_windows_file_system	Ensure FSX Windows filesystem is encrypted by KMS using a customer managed Key (CMK)	Terraform	FSXWindowsFSEncryptedWithCMK.py
565	CKV_AWS_180	resource	aws_imagebuilder_component	Ensure Image Builder component is encrypted by KMS using a customer managed Key (CMK)	Terraform	ImagebuilderComponentEncryptedWithCMK.py
566	CKV_AWS_181	resource	aws_s3_object_copy	Ensure S3 Object Copy is encrypted by KMS using a customer managed Key (CMK)	Terraform	S3ObjectCopyEncryptedWithCMK.py
567	CKV_AWS_182	resource	aws_docdb_cluster	Ensure DocumentDB is encrypted by KMS using a customer managed Key (CMK)	Terraform	DocDBEncryptedWithCMK.py
568	CKV_AWS_183	resource	aws_ebs_snapshot_copy	Ensure EBS Snapshot Copy is encrypted by KMS using a customer managed Key (CMK)	Terraform	EBSSnapshotCopyEncryptedWithCMK.py
569	CKV_AWS_184	resource	aws_efs_file_system	Ensure resource is encrypted by KMS using a customer managed Key (CMK)	Terraform	EFSFileSystemEncryptedWithCMK.py
570	CKV_AWS_185	resource	aws_kinesis_stream	Ensure Kinesis Stream is encrypted by KMS using a customer managed Key (CMK)	Terraform	KinesisStreamEncryptedWithCMK.py
571	CKV_AWS_186	resource	aws_s3_bucket_object	Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)	Terraform	S3BucketObjectEncryptedWithCMK.py
572	CKV_AWS_187	resource	AWS::SageMaker::Domain	Ensure Sagemaker domain and notebook instance are encrypted by KMS using a customer managed Key (CMK)	Cloudformation	SagemakerNotebookEncryptedWithCMK.py
573	CKV_AWS_187	resource	AWS::SageMaker::NotebookInstance	Ensure Sagemaker domain and notebook instance are encrypted by KMS using a customer managed Key (CMK)	Cloudformation	SagemakerNotebookEncryptedWithCMK.py
574	CKV_AWS_187	resource	aws_sagemaker_domain	Ensure Sagemaker domain and notebook instance are encrypted by KMS using a customer managed Key (CMK)	Terraform	SagemakerDomainEncryptedWithCMK.py
575	CKV_AWS_187	resource	aws_sagemaker_notebook_instance	Ensure Sagemaker domain and notebook instance are encrypted by KMS using a customer managed Key (CMK)	Terraform	SagemakerDomainEncryptedWithCMK.py
576	CKV_AWS_189	resource	aws_ebs_volume	Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK)	Terraform	EBSVolumeEncryptedWithCMK.py
577	CKV_AWS_190	resource	aws_fsx_lustre_file_system	Ensure lustre file systems is encrypted by KMS using a customer managed Key (CMK)	Terraform	LustreFSEncryptedWithCMK.py
578	CKV_AWS_191	resource	aws_elasticache_replication_group	Ensure ElastiCache replication group is encrypted by KMS using a customer managed Key (CMK)	Terraform	ElasticacheReplicationGroupEncryptedWithCMK.py
579	CKV_AWS_192	resource	AWS::WAFv2::WebACL	Ensure WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	Cloudformation	WAFACLCVE202144228.py
580	CKV_AWS_192	resource	aws_wafv2_web_acl	Ensure WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	Terraform	WAFACLCVE202144228.py
581	CKV_AWS_193	resource	AWS::AppSync::GraphQLApi	Ensure AppSync has Logging enabled	Cloudformation	AppSyncLogging.py
582	CKV_AWS_193	resource	aws_appsync_graphql_api	Ensure AppSync has Logging enabled	Terraform	AppSyncLogging.py
583	CKV_AWS_194	resource	AWS::AppSync::GraphQLApi	Ensure AppSync has Field-Level logs enabled	Cloudformation	AppSyncFieldLevelLogs.py
584	CKV_AWS_194	resource	aws_appsync_graphql_api	Ensure AppSync has Field-Level logs enabled	Terraform	AppSyncFieldLevelLogs.py
585	CKV_AWS_195	resource	AWS::Glue::Crawler	Ensure Glue component has a security configuration associated	Cloudformation	GlueSecurityConfigurationEnabled.py
586	CKV_AWS_195	resource	AWS::Glue::DevEndpoint	Ensure Glue component has a security configuration associated	Cloudformation	GlueSecurityConfigurationEnabled.py
587	CKV_AWS_195	resource	AWS::Glue::Job	Ensure Glue component has a security configuration associated	Cloudformation	GlueSecurityConfigurationEnabled.py
588	CKV_AWS_195	resource	aws_glue_crawler	Ensure Glue component has a security configuration associated	Terraform	GlueSecurityConfigurationEnabled.py
589	CKV_AWS_195	resource	aws_glue_dev_endpoint	Ensure Glue component has a security configuration associated	Terraform	GlueSecurityConfigurationEnabled.py
590	CKV_AWS_195	resource	aws_glue_job	Ensure Glue component has a security configuration associated	Terraform	GlueSecurityConfigurationEnabled.py
591	CKV_AWS_196	resource	aws_elasticache_security_group	Ensure no aws_elasticache_security_group resources exist	Terraform	ElasticacheHasSecurityGroup.py
592	CKV_AWS_197	resource	AWS::AmazonMQ::Broker	Ensure MQ Broker Audit logging is enabled	Cloudformation	MQBrokerAuditLogging.py
593	CKV_AWS_197	resource	aws_mq_broker	Ensure MQ Broker Audit logging is enabled	Terraform	MQBrokerAuditLogging.py
594	CKV_AWS_198	resource	aws_db_security_group	Ensure no aws_db_security_group resources exist	Terraform	RDSHasSecurityGroup.py
595	CKV_AWS_199	resource	aws_imagebuilder_distribution_configuration	Ensure Image Builder Distribution Configuration encrypts AMI’s using KMS - a customer managed Key (CMK)	Terraform	ImagebuilderDistributionConfigurationEncryptedWithCMK.py
596	CKV_AWS_200	resource	aws_imagebuilder_image_recipe	Ensure that Image Recipe EBS Disk are encrypted with CMK	Terraform	ImagebuilderImageRecipeEBSEncrypted.py
597	CKV_AWS_201	resource	aws_memorydb_cluster	Ensure MemoryDB is encrypted at rest using KMS CMKs	Terraform	MemoryDBEncryptionWithCMK.py
598	CKV_AWS_202	resource	aws_memorydb_cluster	Ensure MemoryDB data is encrypted in transit	Terraform	MemoryDBClusterIntransitEncryption.py
599	CKV_AWS_203	resource	aws_fsx_openzfs_file_system	Ensure resource is encrypted by KMS using a customer managed Key (CMK)	Terraform	FSXOpenZFSFileSystemEncryptedWithCMK.py
600	CKV_AWS_204	resource	aws_ami	Ensure AMIs are encrypted using KMS CMKs	Terraform	AMIEncryption.py
601	CKV_AWS_205	resource	aws_ami_launch_permission	Ensure to Limit AMI launch Permissions	Terraform	AMILaunchIsShared.py
602	CKV_AWS_206	resource	aws_api_gateway_domain_name	Ensure API Gateway Domain uses a modern security Policy	Terraform	APIGatewayDomainNameTLS.py
603	CKV_AWS_207	resource	aws_mq_broker	Ensure MQ Broker minor version updates are enabled	Terraform	MQBrokerMinorAutoUpgrade.py
604	CKV_AWS_208	resource	aws_mq_broker	Ensure MQ Broker version is current	Terraform	MQBrokerVersion.py
605	CKV_AWS_208	resource	aws_mq_configuration	Ensure MQ Broker version is current	Terraform	MQBrokerVersion.py
606	CKV_AWS_209	resource	aws_mq_broker	Ensure MQ broker encrypted by KMS using a customer managed Key (CMK)	Terraform	MQBrokerEncryptedWithCMK.py
607	CKV_AWS_210	resource	aws_batch_job_definition	Batch job does not define a privileged container	Terraform	BatchJobIsNotPrivileged.py
608	CKV_AWS_211	resource	aws_db_instance	Ensure RDS uses a modern CaCert	Terraform	RDSCACertIsRecent.py
609	CKV_AWS_212	resource	aws_dms_replication_instance	Ensure DMS replication instance is encrypted by KMS using a customer managed Key (CMK)	Terraform	DMSReplicationInstanceEncryptedWithCMK.py
610	CKV_AWS_213	resource	aws_load_balancer_policy	Ensure ELB Policy uses only secure protocols	Terraform	ELBPolicyUsesSecureProtocols.py
611	CKV_AWS_214	resource	aws_appsync_api_cache	Ensure AppSync API Cache is encrypted at rest	Terraform	AppsyncAPICacheEncryptionAtRest.py
612	CKV_AWS_215	resource	aws_appsync_api_cache	Ensure AppSync API Cache is encrypted in transit	Terraform	AppsyncAPICacheEncryptionInTransit.py
613	CKV_AWS_216	resource	aws_cloudfront_distribution	Ensure CloudFront distribution is enabled	Terraform	CloudfrontDistributionEnabled.py
614	CKV_AWS_217	resource	aws_api_gateway_deployment	Ensure Create before destroy for API deployments	Terraform	APIGatewayDeploymentCreateBeforeDestroy.py
615	CKV_AWS_218	resource	aws_cloudsearch_domain	Ensure that CloudSearch is using latest TLS	Terraform	CloudsearchDomainTLS.py
616	CKV_AWS_219	resource	aws_codepipeline	Ensure CodePipeline Artifact store is using a KMS CMK	Terraform	CodePipelineArtifactsEncrypted.py
617	CKV_AWS_220	resource	aws_cloudsearch_domain	Ensure that CloudSearch is using https	Terraform	CloudsearchDomainEnforceHttps.py
618	CKV_AWS_221	resource	aws_codeartifact_domain	Ensure CodeArtifact Domain is encrypted by KMS using a customer managed Key (CMK)	Terraform	CodeArtifactDomainEncryptedWithCMK.py
619	CKV_AWS_222	resource	aws_dms_replication_instance	Ensure DMS replication instance gets all minor upgrade automatically	Terraform	DMSReplicationInstanceMinorUpgrade.py
620	CKV_AWS_223	resource	aws_ecs_cluster	Ensure ECS Cluster enables logging of ECS Exec	Terraform	ECSClusterLoggingEnabled.py
621	CKV_AWS_224	resource	aws_ecs_cluster	Ensure ECS Cluster logging is enabled and client to container communication uses CMK	Terraform	ECSClusterLoggingEncryptedWithCMK.py
622	CKV_AWS_225	resource	aws_api_gateway_method_settings	Ensure API Gateway method setting caching is enabled	Terraform	APIGatewayMethodSettingsCacheEnabled.py
623	CKV_AWS_226	resource	aws_db_instance	Ensure DB instance gets all minor upgrades automatically	Terraform	DBInstanceMinorUpgrade.py
624	CKV_AWS_226	resource	aws_rds_cluster_instance	Ensure DB instance gets all minor upgrades automatically	Terraform	DBInstanceMinorUpgrade.py
625	CKV_AWS_227	resource	aws_kms_key	Ensure KMS key is enabled	Terraform	KMSKeyIsEnabled.py
626	CKV_AWS_228	resource	aws_elasticsearch_domain	Verify Elasticsearch domain is using an up to date TLS policy	Terraform	ElasticsearchTLSPolicy.py
627	CKV_AWS_228	resource	aws_opensearch_domain	Verify Elasticsearch domain is using an up to date TLS policy	Terraform	ElasticsearchTLSPolicy.py
628	CKV_AWS_229	resource	aws_network_acl	Ensure no NACL allow ingress from 0.0.0.0:0 to port 21	Terraform	NetworkACLUnrestrictedIngress21.py
629	CKV_AWS_229	resource	aws_network_acl_rule	Ensure no NACL allow ingress from 0.0.0.0:0 to port 21	Terraform	NetworkACLUnrestrictedIngress21.py
630	CKV_AWS_230	resource	aws_network_acl	Ensure no NACL allow ingress from 0.0.0.0:0 to port 20	Terraform	NetworkACLUnrestrictedIngress20.py
631	CKV_AWS_230	resource	aws_network_acl_rule	Ensure no NACL allow ingress from 0.0.0.0:0 to port 20	Terraform	NetworkACLUnrestrictedIngress20.py
632	CKV_AWS_231	resource	aws_network_acl	Ensure no NACL allow ingress from 0.0.0.0:0 to port 3389	Terraform	NetworkACLUnrestrictedIngress3389.py
633	CKV_AWS_231	resource	aws_network_acl_rule	Ensure no NACL allow ingress from 0.0.0.0:0 to port 3389	Terraform	NetworkACLUnrestrictedIngress3389.py
634	CKV_AWS_232	resource	aws_network_acl	Ensure no NACL allow ingress from 0.0.0.0:0 to port 22	Terraform	NetworkACLUnrestrictedIngress22.py
635	CKV_AWS_232	resource	aws_network_acl_rule	Ensure no NACL allow ingress from 0.0.0.0:0 to port 22	Terraform	NetworkACLUnrestrictedIngress22.py
636	CKV_AWS_233	resource	aws_acm_certificate	Ensure Create before destroy for ACM certificates	Terraform	ACMCertCreateBeforeDestroy.py
637	CKV_AWS_234	resource	aws_acm_certificate	Verify logging preference for ACM certificates	Terraform	ACMCertSetLoggingPreference.py
638	CKV_AWS_235	resource	aws_ami_copy	Ensure that copied AMIs are encrypted	Terraform	AMICopyIsEncrypted.py
639	CKV_AWS_236	resource	aws_ami_copy	Ensure AMI copying uses a CMK	Terraform	AMICopyUsesCMK.py
640	CKV_AWS_237	resource	aws_api_gateway_rest_api	Ensure Create before destroy for API Gateway	Terraform	APIGatewayCreateBeforeDestroy.py
641	CKV_AWS_238	resource	aws_guardduty_detector	Ensure that GuardDuty detector is enabled	Terraform	GuarddutyDetectorEnabled.py
642	CKV_AWS_239	resource	aws_dax_cluster	Ensure DAX cluster endpoint is using TLS	Terraform	DAXEndpointTLS.py
643	CKV_AWS_240	resource	aws_kinesis_firehose_delivery_stream	Ensure Kinesis Firehose delivery stream is encrypted	Terraform	KinesisFirehoseDeliveryStreamSSE.py
644	CKV_AWS_241	resource	aws_kinesis_firehose_delivery_stream	Ensure that Kinesis Firehose Delivery Streams are encrypted with CMK	Terraform	KinesisFirehoseDeliveryStreamUsesCMK.py
645	CKV_AWS_242	resource	aws_mwaa_environment	Ensure MWAA environment has scheduler logs enabled	Terraform	MWAASchedulerLogsEnabled.py
646	CKV_AWS_243	resource	aws_mwaa_environment	Ensure MWAA environment has worker logs enabled	Terraform	MWAAWorkerLogsEnabled.py
647	CKV_AWS_244	resource	aws_mwaa_environment	Ensure MWAA environment has webserver logs enabled	Terraform	MWAAWebserverLogsEnabled.py
648	CKV_AWS_245	resource	aws_db_instance_automated_backups_replication	Ensure replicated backups are encrypted at rest using KMS CMKs	Terraform	RDSInstanceAutoBackupEncryptionWithCMK.py
649	CKV_AWS_246	resource	aws_rds_cluster_activity_stream	Ensure RDS Cluster activity streams are encrypted using KMS CMKs	Terraform	RDSClusterActivityStreamEncryptedWithCMK.py
650	CKV_AWS_247	resource	aws_elasticsearch_domain	Ensure all data stored in the Elasticsearch is encrypted with a CMK	Terraform	ElasticsearchEncryptionWithCMK.py
651	CKV_AWS_247	resource	aws_opensearch_domain	Ensure all data stored in the Elasticsearch is encrypted with a CMK	Terraform	ElasticsearchEncryptionWithCMK.py
652	CKV_AWS_248	resource	aws_elasticsearch_domain	Ensure that Elasticsearch is not using the default Security Group	Terraform	ElasticsearchDefaultSG.py
653	CKV_AWS_248	resource	aws_opensearch_domain	Ensure that Elasticsearch is not using the default Security Group	Terraform	ElasticsearchDefaultSG.py
654	CKV_AWS_249	resource	aws_ecs_task_definition	Ensure that the Execution Role ARN and the Task Role ARN are different in ECS Task definitions	Terraform	ECSTaskDefinitionRoleCheck.py
655	CKV_AWS_250	resource	aws_db_instance	Ensure that RDS PostgreSQL instances use a non vulnerable version with the log_fdw extension (https://aws.amazon.com/security/security-bulletins/AWS-2022-004/)	Terraform	RDSPostgreSQLLogFDWExtension.py
656	CKV_AWS_250	resource	aws_rds_cluster	Ensure that RDS PostgreSQL instances use a non vulnerable version with the log_fdw extension (https://aws.amazon.com/security/security-bulletins/AWS-2022-004/)	Terraform	RDSPostgreSQLLogFDWExtension.py
657	CKV_AWS_251	resource	aws_cloudtrail	Ensure CloudTrail logging is enabled	Terraform	CloudtrailEnableLogging.py
658	CKV_AWS_252	resource	aws_cloudtrail	Ensure CloudTrail defines an SNS Topic	Terraform	CloudtrailDefinesSNSTopic.py
659	CKV_AWS_253	resource	aws_dlm_lifecycle_policy	Ensure DLM cross region events are encrypted	Terraform	DLMEventsCrossRegionEncryption.py
660	CKV_AWS_254	resource	aws_dlm_lifecycle_policy	Ensure DLM cross region events are encrypted with Customer Managed Key	Terraform	DLMEventsCrossRegionEncryptionWithCMK.py
661	CKV_AWS_255	resource	aws_dlm_lifecycle_policy	Ensure DLM cross region schedules are encrypted	Terraform	DLMScheduleCrossRegionEncryption.py
662	CKV_AWS_256	resource	aws_dlm_lifecycle_policy	Ensure DLM cross region schedules are encrypted using a Customer Managed Key	Terraform	DLMScheduleCrossRegionEncryptionWithCMK.py
663	CKV_AWS_257	resource	aws_codecommit_approval_rule_template	Ensure CodeCommit branch changes have at least 2 approvals	Terraform	CodecommitApprovalsRulesRequireMin2.py
664	CKV_AWS_258	resource	AWS::Lambda::Url	Ensure that Lambda function URLs AuthType is not None	Cloudformation	LambdaFunctionURLAuth.py
665	CKV_AWS_258	resource	aws_lambda_function_url	Ensure that Lambda function URLs AuthType is not None	Terraform	LambdaFunctionURLAuth.py
666	CKV_AWS_259	resource	aws_cloudfront_response_headers_policy	Ensure CloudFront response header policy enforces Strict Transport Security	Terraform	CloudFrontResponseHeaderStrictTransportSecurity.py
667	CKV_AWS_260	resource	AWS::EC2::SecurityGroup	Ensure no security groups allow ingress from 0.0.0.0:0 to port 80	Cloudformation	SecurityGroupUnrestrictedIngress80.py
668	CKV_AWS_260	resource	AWS::EC2::SecurityGroupIngress	Ensure no security groups allow ingress from 0.0.0.0:0 to port 80	Cloudformation	SecurityGroupUnrestrictedIngress80.py
669	CKV_AWS_260	resource	aws_security_group	Ensure no security groups allow ingress from 0.0.0.0:0 to port 80	Terraform	SecurityGroupUnrestrictedIngress80.py
670	CKV_AWS_260	resource	aws_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 80	Terraform	SecurityGroupUnrestrictedIngress80.py
671	CKV_AWS_260	resource	aws_vpc_security_group_ingress_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port 80	Terraform	SecurityGroupUnrestrictedIngress80.py
672	CKV_AWS_261	resource	aws_alb_target_group	Ensure HTTP HTTPS Target group defines Healthcheck	Terraform	LBTargetGroupsDefinesHealthcheck.py
673	CKV_AWS_261	resource	aws_lb_target_group	Ensure HTTP HTTPS Target group defines Healthcheck	Terraform	LBTargetGroupsDefinesHealthcheck.py
674	CKV_AWS_262	resource	aws_kendra_index	Ensure Kendra index Server side encryption uses CMK	Terraform	KendraIndexSSEUsesCMK.py
675	CKV_AWS_263	resource	aws_appflow_flow	Ensure AppFlow flow uses CMK	Terraform	AppFlowUsesCMK.py
676	CKV_AWS_264	resource	aws_appflow_connector_profile	Ensure AppFlow connector profile uses CMK	Terraform	AppFlowConnectorProfileUsesCMK.py
677	CKV_AWS_265	resource	aws_keyspaces_table	Ensure Keyspaces Table uses CMK	Terraform	KeyspacesTableUsesCMK.py
678	CKV_AWS_266	resource	aws_db_snapshot_copy	Ensure DB Snapshot copy uses CMK	Terraform	DBSnapshotCopyUsesCMK.py
679	CKV_AWS_267	resource	aws_comprehend_entity_recognizer	Ensure that Comprehend Entity Recognizer’s model is encrypted by KMS using a customer managed Key (CMK)	Terraform	ComprehendEntityRecognizerModelUsesCMK.py
680	CKV_AWS_268	resource	aws_comprehend_entity_recognizer	Ensure that Comprehend Entity Recognizer’s volume is encrypted by KMS using a customer managed Key (CMK)	Terraform	ComprehendEntityRecognizerVolumeUsesCMK.py
681	CKV_AWS_269	resource	aws_connect_instance_storage_config	Ensure Connect Instance Kinesis Video Stream Storage Config uses CMK	Terraform	ConnectInstanceKinesisVideoStreamStorageConfigUsesCMK.py
682	CKV_AWS_270	resource	aws_connect_instance_storage_config	Ensure Connect Instance S3 Storage Config uses CMK	Terraform	ConnectInstanceS3StorageConfigUsesCMK.py
683	CKV_AWS_271	resource	aws_dynamodb_table_replica	Ensure DynamoDB table replica KMS encryption uses CMK	Terraform	DynamoDBTableReplicaKMSUsesCMK.py
684	CKV_AWS_272	resource	aws_lambda_function	Ensure AWS Lambda function is configured to validate code-signing	Terraform	LambdaCodeSigningConfigured.py
685	CKV_AWS_273	resource	aws_iam_user	Ensure access is controlled through SSO and not AWS IAM defined users	Terraform	IAMUserNotUsedForAccess.py
686	CKV_AWS_274	resource	aws_iam_group_policy_attachment	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	IAMManagedAdminPolicy.py
687	CKV_AWS_274	resource	aws_iam_policy_attachment	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	IAMManagedAdminPolicy.py
688	CKV_AWS_274	resource	aws_iam_role	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	IAMManagedAdminPolicy.py
689	CKV_AWS_274	resource	aws_iam_role_policy_attachment	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	IAMManagedAdminPolicy.py
690	CKV_AWS_274	resource	aws_iam_user_policy_attachment	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	IAMManagedAdminPolicy.py
691	CKV_AWS_274	resource	aws_ssoadmin_managed_policy_attachment	Disallow IAM roles, users, and groups from using the AWS AdministratorAccess policy	Terraform	IAMManagedAdminPolicy.py
692	CKV_AWS_275	data	aws_iam_policy	Disallow policies from using the AWS AdministratorAccess policy	Terraform	IAMManagedAdminPolicy.py
693	CKV_AWS_276	resource	aws_api_gateway_method_settings	Ensure Data Trace is not enabled in API Gateway Method Settings	Terraform	APIGatewayMethodSettingsDataTrace.py
694	CKV_AWS_277	resource	aws_security_group	Ensure no security groups allow ingress from 0.0.0.0:0 to port -1	Terraform	SecurityGroupUnrestrictedIngressAny.py
695	CKV_AWS_277	resource	aws_security_group_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port -1	Terraform	SecurityGroupUnrestrictedIngressAny.py
696	CKV_AWS_277	resource	aws_vpc_security_group_ingress_rule	Ensure no security groups allow ingress from 0.0.0.0:0 to port -1	Terraform	SecurityGroupUnrestrictedIngressAny.py
697	CKV_AWS_278	resource	aws_memorydb_snapshot	Ensure MemoryDB snapshot is encrypted by KMS using a customer managed Key (CMK)	Terraform	MemoryDBSnapshotEncryptionWithCMK.py
698	CKV_AWS_279	resource	aws_neptune_cluster_snapshot	Ensure Neptune snapshot is securely encrypted	Terraform	NeptuneClusterSnapshotEncrypted.py
699	CKV_AWS_280	resource	aws_neptune_cluster_snapshot	Ensure Neptune snapshot is encrypted by KMS using a customer managed Key (CMK)	Terraform	NeptuneClusterSnapshotEncryptedWithCMK.py
700	CKV_AWS_281	resource	aws_redshift_snapshot_copy_grant	Ensure RedShift snapshot copy is encrypted by KMS using a customer managed Key (CMK)	Terraform	RedshiftClusterSnapshotCopyGrantEncryptedWithCMK.py
701	CKV_AWS_282	resource	aws_redshiftserverless_namespace	Ensure that Redshift Serverless namespace is encrypted by KMS using a customer managed key (CMK)	Terraform	RedshiftServerlessNamespaceKMSKey.py
702	CKV_AWS_283	data	aws_iam_policy_document	Ensure no IAM policies documents allow ALL or any AWS principal permissions to the resource	Terraform	IAMPublicActionsPolicy.py
703	CKV_AWS_284	resource	aws_sfn_state_machine	Ensure State Machine has X-Ray tracing enabled	Terraform	StateMachineXray.py
704	CKV_AWS_285	resource	aws_sfn_state_machine	Ensure State Machine has execution history logging enabled	Terraform	StateMachineLoggingExecutionHistory.py
705	CKV_AWS_286	resource	aws_iam_group_policy	Ensure IAM policies does not allow privilege escalation	Terraform	IAMPrivilegeEscalation.py
706	CKV_AWS_286	resource	aws_iam_policy	Ensure IAM policies does not allow privilege escalation	Terraform	IAMPrivilegeEscalation.py
707	CKV_AWS_286	resource	aws_iam_role_policy	Ensure IAM policies does not allow privilege escalation	Terraform	IAMPrivilegeEscalation.py
708	CKV_AWS_286	resource	aws_iam_user_policy	Ensure IAM policies does not allow privilege escalation	Terraform	IAMPrivilegeEscalation.py
709	CKV_AWS_286	resource	aws_ssoadmin_permission_set_inline_policy	Ensure IAM policies does not allow privilege escalation	Terraform	IAMPrivilegeEscalation.py
710	CKV_AWS_287	resource	aws_iam_group_policy	Ensure IAM policies does not allow credentials exposure	Terraform	IAMCredentialsExposure.py
711	CKV_AWS_287	resource	aws_iam_policy	Ensure IAM policies does not allow credentials exposure	Terraform	IAMCredentialsExposure.py
712	CKV_AWS_287	resource	aws_iam_role_policy	Ensure IAM policies does not allow credentials exposure	Terraform	IAMCredentialsExposure.py
713	CKV_AWS_287	resource	aws_iam_user_policy	Ensure IAM policies does not allow credentials exposure	Terraform	IAMCredentialsExposure.py
714	CKV_AWS_287	resource	aws_ssoadmin_permission_set_inline_policy	Ensure IAM policies does not allow credentials exposure	Terraform	IAMCredentialsExposure.py
715	CKV_AWS_288	resource	aws_iam_group_policy	Ensure IAM policies does not allow data exfiltration	Terraform	IAMDataExfiltration.py
716	CKV_AWS_288	resource	aws_iam_policy	Ensure IAM policies does not allow data exfiltration	Terraform	IAMDataExfiltration.py
717	CKV_AWS_288	resource	aws_iam_role_policy	Ensure IAM policies does not allow data exfiltration	Terraform	IAMDataExfiltration.py
718	CKV_AWS_288	resource	aws_iam_user_policy	Ensure IAM policies does not allow data exfiltration	Terraform	IAMDataExfiltration.py
719	CKV_AWS_288	resource	aws_ssoadmin_permission_set_inline_policy	Ensure IAM policies does not allow data exfiltration	Terraform	IAMDataExfiltration.py
720	CKV_AWS_289	resource	aws_iam_group_policy	Ensure IAM policies does not allow permissions management / resource exposure without constraints	Terraform	IAMPermissionsManagement.py
721	CKV_AWS_289	resource	aws_iam_policy	Ensure IAM policies does not allow permissions management / resource exposure without constraints	Terraform	IAMPermissionsManagement.py
722	CKV_AWS_289	resource	aws_iam_role_policy	Ensure IAM policies does not allow permissions management / resource exposure without constraints	Terraform	IAMPermissionsManagement.py
723	CKV_AWS_289	resource	aws_iam_user_policy	Ensure IAM policies does not allow permissions management / resource exposure without constraints	Terraform	IAMPermissionsManagement.py
724	CKV_AWS_289	resource	aws_ssoadmin_permission_set_inline_policy	Ensure IAM policies does not allow permissions management / resource exposure without constraints	Terraform	IAMPermissionsManagement.py
725	CKV_AWS_290	resource	aws_iam_group_policy	Ensure IAM policies does not allow write access without constraints	Terraform	IAMWriteAccess.py
726	CKV_AWS_290	resource	aws_iam_policy	Ensure IAM policies does not allow write access without constraints	Terraform	IAMWriteAccess.py
727	CKV_AWS_290	resource	aws_iam_role_policy	Ensure IAM policies does not allow write access without constraints	Terraform	IAMWriteAccess.py
728	CKV_AWS_290	resource	aws_iam_user_policy	Ensure IAM policies does not allow write access without constraints	Terraform	IAMWriteAccess.py
729	CKV_AWS_290	resource	aws_ssoadmin_permission_set_inline_policy	Ensure IAM policies does not allow write access without constraints	Terraform	IAMWriteAccess.py
730	CKV_AWS_291	resource	AWS::MSK::Cluster	Ensure MSK nodes are private	Cloudformation	MSKClusterNodesArePrivate.py
731	CKV_AWS_291	resource	aws_msk_cluster	Ensure MSK nodes are private	Terraform	MSKClusterNodesArePrivate.py
732	CKV_AWS_292	resource	aws_docdb_global_cluster	Ensure DocumentDB Global Cluster is encrypted at rest (default is unencrypted)	Terraform	DocDBGlobalClusterEncryption.py
733	CKV_AWS_293	resource	aws_db_instance	Ensure that AWS database instances have deletion protection enabled	Terraform	RDSInstanceDeletionProtection.py
734	CKV_AWS_294	resource	aws_cloudtrail_event_data_store	Ensure CloudTrail Event Data Store uses CMK	Terraform	CloudtrailEventDataStoreUsesCMK.py
735	CKV_AWS_295	resource	aws_datasync_location_object_storage	Ensure DataSync Location Object Storage doesn’t expose secrets	Terraform	DatasyncLocationExposesSecrets.py
736	CKV_AWS_296	resource	aws_dms_endpoint	Ensure DMS endpoint uses Customer Managed Key (CMK)	Terraform	DMSEndpointUsesCMK.py
737	CKV_AWS_297	resource	aws_scheduler_schedule	Ensure EventBridge Scheduler Schedule uses Customer Managed Key (CMK)	Terraform	SchedulerScheduleUsesCMK.py
738	CKV_AWS_298	resource	aws_dms_s3_endpoint	Ensure DMS S3 uses Customer Managed Key (CMK)	Terraform	DMSS3UsesCMK.py
739	CKV_AWS_300	resource	aws_s3_bucket_lifecycle_configuration	Ensure S3 lifecycle configuration sets period for aborting failed uploads	Terraform	S3AbortIncompleteUploads.py
740	CKV_AWS_301	resource	aws_lambda_permission	Ensure that AWS Lambda function is not publicly accessible	Terraform	LambdaFunctionIsNotPublic.py
741	CKV_AWS_302	resource	aws_db_snapshot	Ensure DB Snapshots are not Public	Terraform	DBSnapshotsArePrivate.py
742	CKV_AWS_303	resource	aws_ssm_document	Ensure SSM documents are not Public	Terraform	SSMDocumentsArePrivate.py
743	CKV_AWS_304	resource	aws_secretsmanager_secret_rotation	Ensure Secrets Manager secrets should be rotated within 90 days	Terraform	SecretManagerSecret90days.py
744	CKV_AWS_305	resource	aws_cloudfront_distribution	Ensure CloudFront distribution has a default root object configured	Terraform	CloudfrontDistributionDefaultRoot.py
745	CKV_AWS_306	resource	aws_sagemaker_notebook_instance	Ensure SageMaker notebook instances should be launched into a custom VPC	Terraform	SagemakerNotebookInCustomVPC.py
746	CKV_AWS_307	resource	aws_sagemaker_notebook_instance	Ensure SageMaker Users should not have root access to SageMaker notebook instances	Terraform	SagemakerNotebookRoot.py
747	CKV_AWS_308	resource	aws_api_gateway_method_settings	Ensure API Gateway method setting caching is set to encrypted	Terraform	APIGatewayMethodSettingsCacheEncrypted.py
748	CKV_AWS_309	resource	aws_apigatewayv2_route	Ensure API GatewayV2 routes specify an authorization type	Terraform	APIGatewayV2RouteDefinesAuthorizationType.py
749	CKV_AWS_310	resource	aws_cloudfront_distribution	Ensure CloudFront distributions should have origin failover configured	Terraform	CloudfrontDistributionOriginFailover.py
750	CKV_AWS_311	resource	aws_codebuild_project	Ensure that CodeBuild S3 logs are encrypted	Terraform	CodebuildS3LogsEncrypted.py
751	CKV_AWS_312	resource	aws_elastic_beanstalk_environment	Ensure Elastic Beanstalk environments have enhanced health reporting enabled	Terraform	ElasticBeanstalkUseEnhancedHealthChecks.py
752	CKV_AWS_313	resource	aws_rds_cluster	Ensure RDS cluster configured to copy tags to snapshots	Terraform	RDSClusterCopyTags.py
753	CKV_AWS_314	resource	aws_codebuild_project	Ensure CodeBuild project environments have a logging configuration	Terraform	CodebuildHasLogs.py
754	CKV_AWS_315	resource	aws_autoscaling_group	Ensure EC2 Auto Scaling groups use EC2 launch templates	Terraform	AutoScalingLaunchTemplate.py
755	CKV_AWS_316	resource	aws_codebuild_project	Ensure CodeBuild project environments do not have privileged mode enabled	Terraform	CodeBuildPrivilegedMode.py
756	CKV_AWS_317	resource	AWS::Elasticsearch::Domain	Ensure Elasticsearch Domain Audit Logging is enabled	Cloudformation	ElasticsearchDomainAuditLogging.py
757	CKV_AWS_317	resource	AWS::OpenSearchService::Domain	Ensure Elasticsearch Domain Audit Logging is enabled	Cloudformation	ElasticsearchDomainAuditLogging.py
758	CKV_AWS_317	resource	aws_elasticsearch_domain	Ensure Elasticsearch Domain Audit Logging is enabled	Terraform	ElasticsearchDomainAuditLogging.py
759	CKV_AWS_317	resource	aws_opensearch_domain	Ensure Elasticsearch Domain Audit Logging is enabled	Terraform	ElasticsearchDomainAuditLogging.py
760	CKV_AWS_318	resource	aws_elasticsearch_domain	Ensure Elasticsearch domains are configured with at least three dedicated master nodes for HA	Terraform	ElasticsearchDomainHA.py
761	CKV_AWS_318	resource	aws_opensearch_domain	Ensure Elasticsearch domains are configured with at least three dedicated master nodes for HA	Terraform	ElasticsearchDomainHA.py
762	CKV_AWS_319	resource	aws_cloudwatch_metric_alarm	Ensure that CloudWatch alarm actions are enabled	Terraform	CloudWatchAlarmsEnabled.py
763	CKV_AWS_320	resource	aws_redshift_cluster	Ensure Redshift clusters do not use the default database name	Terraform	RedshiftClusterDatabaseName.py
764	CKV_AWS_321	resource	aws_redshift_cluster	Ensure Redshift clusters use enhanced VPC routing	Terraform	RedshiftClusterUseEnhancedVPCRouting.py
765	CKV_AWS_322	resource	aws_elasticache_cluster	Ensure ElastiCache for Redis cache clusters have auto minor version upgrades enabled	Terraform	ElasticCacheAutomaticMinorUpgrades.py
766	CKV_AWS_323	resource	aws_elasticache_cluster	Ensure ElastiCache clusters do not use the default subnet group	Terraform	ElastiCacheHasCustomSubnet.py
767	CKV_AWS_324	resource	aws_rds_cluster	Ensure that RDS Cluster log capture is enabled	Terraform	RDSClusterLogging.py
768	CKV_AWS_325	resource	aws_rds_cluster	Ensure that RDS Cluster audit logging is enabled for MySQL engine	Terraform	RDSClusterAuditLogging.py
769	CKV_AWS_326	resource	aws_rds_cluster	Ensure that RDS Aurora Clusters have backtracking enabled	Terraform	RDSClusterAuroraBacktrack.py
770	CKV_AWS_327	resource	aws_rds_cluster	Ensure RDS Clusters are encrypted using KMS CMKs	Terraform	RDSClusterEncryptedWithCMK.py
771	CKV_AWS_328	resource	aws_alb	Ensure that ALB is configured with defensive or strictest desync mitigation mode	Terraform	ALBDesyncMode.py
772	CKV_AWS_328	resource	aws_elb	Ensure that ALB is configured with defensive or strictest desync mitigation mode	Terraform	ALBDesyncMode.py
773	CKV_AWS_328	resource	aws_lb	Ensure that ALB is configured with defensive or strictest desync mitigation mode	Terraform	ALBDesyncMode.py
774	CKV_AWS_329	resource	aws_efs_access_point	EFS access points should enforce a root directory	Terraform	EFSAccessPointRoot.py
775	CKV_AWS_330	resource	aws_efs_access_point	EFS access points should enforce a user identity	Terraform	EFSAccessUserIdentity.py
776	CKV_AWS_331	resource	aws_ec2_transit_gateway	Ensure Transit Gateways do not automatically accept VPC attachment requests	Terraform	Ec2TransitGatewayAutoAccept.py
777	CKV_AWS_332	resource	aws_ecs_service	Ensure ECS Fargate services run on the latest Fargate platform version	Terraform	ECSServiceFargateLatest.py
778	CKV_AWS_333	resource	aws_ecs_service	Ensure ECS services do not have public IP addresses assigned to them automatically	Terraform	ECSServicePublicIP.py
779	CKV_AWS_334	resource	aws_ecs_task_definition	Ensure ECS containers should run as non-privileged	Terraform	ECSContainerPrivilege.py
780	CKV_AWS_335	resource	aws_ecs_task_definition	Ensure ECS task definitions should not share the host’s process namespace	Terraform	ECSContainerHostProcess.py
781	CKV_AWS_336	resource	aws_ecs_task_definition	Ensure ECS containers are limited to read-only access to root filesystems	Terraform	ECSContainerReadOnlyRoot.py
782	CKV_AWS_337	resource	aws_ssm_parameter	Ensure SSM parameters are using KMS CMK	Terraform	SSMParameterUsesCMK.py
783	CKV_AWS_338	resource	aws_cloudwatch_log_group	Ensure CloudWatch log groups retains logs for at least 1 year	Terraform	CloudWatchLogGroupRetentionYear.py
784	CKV_AWS_339	resource	aws_eks_cluster	Ensure EKS clusters run on a supported Kubernetes version	Terraform	EKSPlatformVersion.py
785	CKV_AWS_340	resource	aws_elastic_beanstalk_environment	Ensure Elastic Beanstalk managed platform updates are enabled	Terraform	ElasticBeanstalkUseManagedUpdates.py
786	CKV_AWS_341	resource	aws_launch_configuration	Ensure Launch template should not have a metadata response hop limit greater than 1	Terraform	LaunchTemplateMetadataHop.py
787	CKV_AWS_341	resource	aws_launch_template	Ensure Launch template should not have a metadata response hop limit greater than 1	Terraform	LaunchTemplateMetadataHop.py
788	CKV_AWS_342	resource	aws_waf_rule_group	Ensure WAF rule has any actions	Terraform	WAFRuleHasAnyActions.py
789	CKV_AWS_342	resource	aws_waf_web_acl	Ensure WAF rule has any actions	Terraform	WAFRuleHasAnyActions.py
790	CKV_AWS_342	resource	aws_wafregional_rule_group	Ensure WAF rule has any actions	Terraform	WAFRuleHasAnyActions.py
791	CKV_AWS_342	resource	aws_wafregional_web_acl	Ensure WAF rule has any actions	Terraform	WAFRuleHasAnyActions.py
792	CKV_AWS_342	resource	aws_wafv2_rule_group	Ensure WAF rule has any actions	Terraform	WAFRuleHasAnyActions.py
793	CKV_AWS_342	resource	aws_wafv2_web_acl	Ensure WAF rule has any actions	Terraform	WAFRuleHasAnyActions.py
794	CKV_AWS_343	resource	aws_redshift_cluster	Ensure Amazon Redshift clusters should have automatic snapshots enabled	Terraform	RedshiftClusterAutoSnap.py
795	CKV_AWS_344	resource	aws_networkfirewall_firewall	Ensure that Network firewalls have deletion protection enabled	Terraform	NetworkFirewallDeletionProtection.py
796	CKV_AWS_345	resource	aws_networkfirewall_firewall	Ensure that Network firewall encryption is via a CMK	Terraform	NetworkFirewallUsesCMK.py
797	CKV_AWS_345	resource	aws_networkfirewall_rule_group	Ensure that Network firewall encryption is via a CMK	Terraform	NetworkFirewallUsesCMK.py
798	CKV_AWS_346	resource	aws_networkfirewall_firewall_policy	Ensure Network Firewall Policy defines an encryption configuration that uses a customer managed Key (CMK)	Terraform	NetworkFirewallPolicyDefinesCMK.py
799	CKV_AWS_347	resource	aws_neptune_cluster	Ensure Neptune is encrypted by KMS using a customer managed Key (CMK)	Terraform	NeptuneClusterEncryptedWithCMK.py
800	CKV_AWS_348	resource	aws_iam_access_key	Ensure IAM root user doesnt have Access keys	Terraform	IAMUserRootAccessKeys.py
801	CKV_AWS_349	resource	aws_emr_security_configuration	Ensure EMR Cluster security configuration encrypts local disks	Terraform	EMRClusterConfEncryptsLocalDisk.py
802	CKV_AWS_350	resource	aws_emr_security_configuration	Ensure EMR Cluster security configuration encrypts EBS disks	Terraform	EMRClusterConfEncryptsEBS.py
803	CKV_AWS_351	resource	aws_emr_security_configuration	Ensure EMR Cluster security configuration encrypts InTransit	Terraform	EMRClusterConfEncryptsInTransit.py
804	CKV_AWS_352	resource	aws_network_acl_rule	Ensure NACL ingress does not allow all Ports	Terraform	NetworkACLUnrestricted.py
805	CKV_AWS_353	resource	aws_db_instance	Ensure that RDS instances have performance insights enabled	Terraform	RDSInstancePerformanceInsights.py
806	CKV_AWS_353	resource	aws_rds_cluster_instance	Ensure that RDS instances have performance insights enabled	Terraform	RDSInstancePerformanceInsights.py
807	CKV_AWS_354	resource	aws_db_instance	Ensure RDS Performance Insights are encrypted using KMS CMKs	Terraform	RDSInstancePerfInsightsEncryptionWithCMK.py
808	CKV_AWS_354	resource	aws_rds_cluster_instance	Ensure RDS Performance Insights are encrypted using KMS CMKs	Terraform	RDSInstancePerfInsightsEncryptionWithCMK.py
809	CKV_AWS_355	resource	aws_iam_group_policy	Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions	Terraform	IAMStarResourcePolicyDocument.py
810	CKV_AWS_355	resource	aws_iam_policy	Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions	Terraform	IAMStarResourcePolicyDocument.py
811	CKV_AWS_355	resource	aws_iam_role_policy	Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions	Terraform	IAMStarResourcePolicyDocument.py
812	CKV_AWS_355	resource	aws_iam_user_policy	Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions	Terraform	IAMStarResourcePolicyDocument.py
813	CKV_AWS_355	resource	aws_ssoadmin_permission_set_inline_policy	Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions	Terraform	IAMStarResourcePolicyDocument.py
814	CKV_AWS_356	data	aws_iam_policy_document	Ensure no IAM policies documents allow “*” as a statement’s resource for restrictable actions	Terraform	ResourcePolicyDocument.py
815	CKV_AWS_357	resource	aws_transfer_server	Ensure Transfer Server allows only secure protocols	Terraform	TransferServerAllowsOnlySecureProtocols.py
816	CKV_AWS_358	data	aws_iam_policy_document	Ensure GitHub Actions OIDC trust policies only allows actions from a specific known organization	Terraform	GithubActionsOIDCTrustPolicy.py
817	CKV_AWS_359	resource	aws_neptune_cluster	Neptune DB clusters should have IAM database authentication enabled	Terraform	NeptuneDBClustersIAMDatabaseAuthenticationEnabled.py
818	CKV_AWS_360	resource	AWS::DocDB::DBCluster	Ensure DocumentDB has an adequate backup retention period	Cloudformation	DocDBBackupRetention.py
819	CKV_AWS_360	resource	aws_docdb_cluster	Ensure DocumentDB has an adequate backup retention period	Terraform	DocDBBackupRetention.py
820	CKV_AWS_361	resource	AWS::Neptune::DBCluster	Ensure that Neptune DB cluster has automated backups enabled with adequate retention	Cloudformation	NeptuneClusterBackupRetention.py
821	CKV_AWS_361	resource	aws_neptune_cluster	Ensure that Neptune DB cluster has automated backups enabled with adequate retention	Terraform	NeptuneClusterBackupRetention.py
822	CKV_AWS_362	resource	aws_neptune_cluster	Neptune DB clusters should be configured to copy tags to snapshots	Terraform	NeptuneDBClustersCopyTagsToSnapshots.py
823	CKV_AWS_363	resource	AWS::Lambda::Function	Ensure Lambda Runtime is not deprecated	Cloudformation	DeprecatedLambdaRuntime.py
824	CKV_AWS_363	resource	AWS::Serverless::Function	Ensure Lambda Runtime is not deprecated	Cloudformation	DeprecatedLambdaRuntime.py
825	CKV_AWS_363	resource	aws_lambda_function	Ensure Lambda Runtime is not deprecated	Terraform	DeprecatedLambdaRuntime.py
826	CKV_AWS_364	resource	AWS::Lambda::Permission	Ensure that AWS Lambda function permissions delegated to AWS services are limited by SourceArn or SourceAccount	Cloudformation	LambdaServicePermission.py
827	CKV_AWS_364	resource	aws_lambda_permission	Ensure that AWS Lambda function permissions delegated to AWS services are limited by SourceArn or SourceAccount	Terraform	LambdaServicePermission.py
828	CKV_AWS_365	resource	aws_ses_configuration_set	Ensure SES Configuration Set enforces TLS usage	Terraform	SesConfigurationSetDefinesTLS.py
829	CKV_AWS_366	resource	AWS::Cognito::IdentityPool	Ensure AWS Cognito identity pool does not allow unauthenticated guest access	Cloudformation	CognitoUnauthenticatedIdentities.py
830	CKV_AWS_366	resource	aws_cognito_identity_pool	Ensure AWS Cognito identity pool does not allow unauthenticated guest access	Terraform	CognitoUnauthenticatedIdentities.py
831	CKV_AWS_367	resource	AWS::SageMaker::DataQualityJobDefinition	Ensure Amazon Sagemaker Data Quality Job uses KMS to encrypt model artifacts	Cloudformation	SagemakerDataQualityJobDefinitionEncryption.py
832	CKV_AWS_367	resource	aws_sagemaker_data_quality_job_definition	Ensure Amazon Sagemaker Data Quality Job uses KMS to encrypt model artifacts	Terraform	SagemakerDataQualityJobDefinitionEncryption.py
833	CKV_AWS_368	resource	AWS::SageMaker::DataQualityJobDefinition	Ensure Amazon Sagemaker Data Quality Job uses KMS to encrypt data on attached storage volume	Cloudformation	SagemakerDataQualityJobDefinitionVolumeEncryption.py
834	CKV_AWS_368	resource	aws_sagemaker_data_quality_job_definition	Ensure Amazon Sagemaker Data Quality Job uses KMS to encrypt data on attached storage volume	Terraform	SagemakerDataQualityJobDefinitionVolumeEncryption.py
835	CKV_AWS_369	resource	AWS::SageMaker::DataQualityJobDefinition	Ensure Amazon Sagemaker Data Quality Job encrypts all communications between instances used for monitoring jobs	Cloudformation	SagemakerDataQualityJobDefinitionTrafficEncryption.py
836	CKV_AWS_369	resource	aws_sagemaker_data_quality_job_definition	Ensure Amazon Sagemaker Data Quality Job encrypts all communications between instances used for monitoring jobs	Terraform	SagemakerDataQualityJobDefinitionTrafficEncryption.py
837	CKV_AWS_370	resource	AWS::SageMaker::Model	Ensure Amazon SageMaker model uses network isolation	Cloudformation	SagemakerModelWithNetworkIsolation.py
838	CKV_AWS_370	resource	aws_sagemaker_model	Ensure Amazon SageMaker model uses network isolation	Terraform	SagemakerModelWithNetworkIsolation.py
839	CKV_AWS_371	resource	AWS::SageMaker::NotebookInstance	Ensure Amazon SageMaker Notebook Instance only allows for IMDSv2	Cloudformation	SagemakerNotebookInstanceAllowsIMDSv2.py
840	CKV_AWS_371	resource	aws_sagemaker_notebook_instance	Ensure Amazon SageMaker Notebook Instance only allows for IMDSv2	Terraform	SagemakerNotebookInstanceAllowsIMDSv2.py
841	CKV_AWS_372	resource	aws_sagemaker_flow_definition	Ensure Amazon SageMaker Flow Definition uses KMS for output configurations	Terraform	SagemakerFlowDefinitionUsesKMS.py
842	CKV_AWS_373	resource	AWS::Bedrock::Agent	Ensure Bedrock Agent is encrypted with a CMK	Cloudformation	BedrockAgentEncrypted.py
843	CKV_AWS_373	resource	aws_bedrockagent_agent	Ensure Bedrock Agent is encrypted with a CMK	Terraform	BedrockAgentEncrypted.py
844	CKV_AWS_374	resource	aws_cloudfront_distribution	Ensure AWS CloudFront web distribution has geo restriction enabled	Terraform	CloudFrontGeoRestrictionDisabled.py
845	CKV_AWS_375	resource	aws_s3_bucket_acl	Ensure AWS S3 bucket does not have global view ACL permissions enabled	Terraform	S3GlobalViewACL.py
846	CKV_AWS_376	resource	aws_elb	Ensure AWS Elastic Load Balancer listener uses TLS/SSL	Terraform	ELBwListenerNotTLSSSL.py
847	CKV_AWS_377	resource	aws_route53domains_registered_domain	Ensure Route 53 domains have transfer lock protection	Terraform	Route53TransferLock.py
848	CKV_AWS_378	resource	aws_alb_target_group	Ensure AWS Load Balancer doesn’t use HTTP protocol	Terraform	LBTargetGroup.py
849	CKV_AWS_378	resource	aws_lb_target_group	Ensure AWS Load Balancer doesn’t use HTTP protocol	Terraform	LBTargetGroup.py
850	CKV_AWS_379	resource	aws_s3_bucket_acl	Ensure AWS S3 bucket is configured with secure data transport policy	Terraform	S3SecureDataTransport.py
851	CKV_AWS_380	resource	aws_transfer_server	Ensure AWS Transfer Server uses latest Security Policy	Terraform	TransferServerLatestPolicy.py
852	CKV_AWS_381	resource	aws_codegurureviewer_repository_association	Make sure that aws_codegurureviewer_repository_association has a CMK	Terraform	AWSCodeGuruHasCMK.py
853	CKV2_AWS_1	resource	aws_network_acl	Ensure that all NACL are attached to subnets	Terraform	SubnetHasACL.yaml
854	CKV2_AWS_1	resource	aws_subnet	Ensure that all NACL are attached to subnets	Terraform	SubnetHasACL.yaml
855	CKV2_AWS_2	resource	aws_ebs_volume	Ensure that only encrypted EBS volumes are attached to EC2 instances	Terraform	EncryptedEBSVolumeOnlyConnectedToEC2s.yaml
856	CKV2_AWS_2	resource	aws_volume_attachment	Ensure that only encrypted EBS volumes are attached to EC2 instances	Terraform	EncryptedEBSVolumeOnlyConnectedToEC2s.yaml
857	CKV2_AWS_3	resource	aws_guardduty_detector	Ensure GuardDuty is enabled to specific org/region	Terraform	GuardDutyIsEnabled.yaml
858	CKV2_AWS_3	resource	aws_guardduty_organization_configuration	Ensure GuardDuty is enabled to specific org/region	Terraform	GuardDutyIsEnabled.yaml
859	CKV2_AWS_4	resource	aws_api_gateway_method_settings	Ensure API Gateway stage have logging level defined as appropriate	Terraform	APIGWLoggingLevelsDefinedProperly.yaml
860	CKV2_AWS_4	resource	aws_api_gateway_stage	Ensure API Gateway stage have logging level defined as appropriate	Terraform	APIGWLoggingLevelsDefinedProperly.yaml
861	CKV2_AWS_5	resource	aws_security_group	Ensure that Security Groups are attached to another resource	Terraform	SGAttachedToResource.yaml
862	CKV2_AWS_6	resource	aws_s3_bucket	Ensure that S3 bucket has a Public Access block	Terraform	S3BucketHasPublicAccessBlock.yaml
863	CKV2_AWS_6	resource	aws_s3_bucket_public_access_block	Ensure that S3 bucket has a Public Access block	Terraform	S3BucketHasPublicAccessBlock.yaml
864	CKV2_AWS_7	resource	aws_emr_cluster	Ensure that Amazon EMR clusters’ security groups are not open to the world	Terraform	AMRClustersNotOpenToInternet.yaml
865	CKV2_AWS_7	resource	aws_security_group	Ensure that Amazon EMR clusters’ security groups are not open to the world	Terraform	AMRClustersNotOpenToInternet.yaml
866	CKV2_AWS_8	resource	aws_rds_cluster	Ensure that RDS clusters has backup plan of AWS Backup	Terraform	RDSClusterHasBackupPlan.yaml
867	CKV2_AWS_9	resource	aws_backup_selection	Ensure that EBS are added in the backup plans of AWS Backup	Terraform	EBSAddedBackup.yaml
868	CKV2_AWS_10	resource	aws_cloudtrail	Ensure CloudTrail trails are integrated with CloudWatch Logs	Terraform	CloudtrailHasCloudwatch.yaml
869	CKV2_AWS_11	resource	aws_vpc	Ensure VPC flow logging is enabled in all VPCs	Terraform	VPCHasFlowLog.yaml
870	CKV2_AWS_12	resource	aws_default_security_group	Ensure the default security group of every VPC restricts all traffic	Terraform	VPCHasRestrictedSG.yaml
871	CKV2_AWS_12	resource	aws_vpc	Ensure the default security group of every VPC restricts all traffic	Terraform	VPCHasRestrictedSG.yaml
872	CKV2_AWS_14	resource	aws_iam_group	Ensure that IAM groups includes at least one IAM user	Terraform	IAMGroupHasAtLeastOneUser.yaml
873	CKV2_AWS_14	resource	aws_iam_group_membership	Ensure that IAM groups includes at least one IAM user	Terraform	IAMGroupHasAtLeastOneUser.yaml
874	CKV2_AWS_15	resource	aws_autoscaling_group	Ensure that auto Scaling groups that are associated with a load balancer are using Elastic Load Balancing health checks.	Terraform	AutoScallingEnabledELB.yaml
875	CKV2_AWS_15	resource	aws_elb	Ensure that auto Scaling groups that are associated with a load balancer are using Elastic Load Balancing health checks.	Terraform	AutoScallingEnabledELB.yaml
876	CKV2_AWS_15	resource	aws_lb_target_group	Ensure that auto Scaling groups that are associated with a load balancer are using Elastic Load Balancing health checks.	Terraform	AutoScallingEnabledELB.yaml
877	CKV2_AWS_16	resource	aws_appautoscaling_target	Ensure that Auto Scaling is enabled on your DynamoDB tables	Terraform	AutoScalingEnableOnDynamoDBTables.yaml
878	CKV2_AWS_16	resource	aws_dynamodb_table	Ensure that Auto Scaling is enabled on your DynamoDB tables	Terraform	AutoScalingEnableOnDynamoDBTables.yaml
879	CKV2_AWS_18	resource	aws_backup_selection	Ensure that Elastic File System (Amazon EFS) file systems are added in the backup plans of AWS Backup	Terraform	EFSAddedBackup.yaml
880	CKV2_AWS_19	resource	aws_eip	Ensure that all EIP addresses allocated to a VPC are attached to EC2 instances	Terraform	EIPAllocatedToVPCAttachedEC2.yaml
881	CKV2_AWS_19	resource	aws_eip_association	Ensure that all EIP addresses allocated to a VPC are attached to EC2 instances	Terraform	EIPAllocatedToVPCAttachedEC2.yaml
882	CKV2_AWS_20	resource	aws_alb	Ensure that ALB redirects HTTP requests into HTTPS ones	Terraform	ALBRedirectsHTTPToHTTPS.yaml
883	CKV2_AWS_20	resource	aws_alb_listener	Ensure that ALB redirects HTTP requests into HTTPS ones	Terraform	ALBRedirectsHTTPToHTTPS.yaml
884	CKV2_AWS_20	resource	aws_lb	Ensure that ALB redirects HTTP requests into HTTPS ones	Terraform	ALBRedirectsHTTPToHTTPS.yaml
885	CKV2_AWS_20	resource	aws_lb_listener	Ensure that ALB redirects HTTP requests into HTTPS ones	Terraform	ALBRedirectsHTTPToHTTPS.yaml
886	CKV2_AWS_21	resource	aws_iam_group_membership	Ensure that all IAM users are members of at least one IAM group.	Terraform	IAMUsersAreMembersAtLeastOneGroup.yaml
887	CKV2_AWS_22	resource	aws_iam_user	Ensure an IAM User does not have access to the console	Terraform	IAMUserHasNoConsoleAccess.yaml
888	CKV2_AWS_23	resource	aws_route53_record	Route53 A Record has Attached Resource	Terraform	Route53ARecordAttachedResource.yaml
889	CKV2_AWS_27	resource	aws_rds_cluster	Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled	Terraform	PostgresRDSHasQueryLoggingEnabled.yaml
890	CKV2_AWS_27	resource	aws_rds_cluster_parameter_group	Ensure Postgres RDS as aws_rds_cluster has Query Logging enabled	Terraform	PostgresRDSHasQueryLoggingEnabled.yaml
891	CKV2_AWS_28	resource	aws_alb	Ensure public facing ALB are protected by WAF	Terraform	ALBProtectedByWAF.yaml
892	CKV2_AWS_28	resource	aws_lb	Ensure public facing ALB are protected by WAF	Terraform	ALBProtectedByWAF.yaml
893	CKV2_AWS_29	resource	aws_api_gateway_rest_api	Ensure public API gateway are protected by WAF	Terraform	APIProtectedByWAF.yaml
894	CKV2_AWS_29	resource	aws_api_gateway_stage	Ensure public API gateway are protected by WAF	Terraform	APIProtectedByWAF.yaml
895	CKV2_AWS_30	resource	aws_db_instance	Ensure Postgres RDS as aws_db_instance has Query Logging enabled	Terraform	PostgresDBHasQueryLoggingEnabled.yaml
896	CKV2_AWS_30	resource	aws_db_parameter_group	Ensure Postgres RDS as aws_db_instance has Query Logging enabled	Terraform	PostgresDBHasQueryLoggingEnabled.yaml
897	CKV2_AWS_31	resource	aws_wafv2_web_acl	Ensure WAF2 has a Logging Configuration	Terraform	WAF2HasLogs.yaml
898	CKV2_AWS_32	resource	aws_cloudfront_distribution	Ensure CloudFront distribution has a response headers policy attached	Terraform	CloudFrontHasResponseHeadersPolicy.yaml
899	CKV2_AWS_33	resource	AWS::AppSync::GraphQLApi	Ensure AppSync is protected by WAF	Cloudformation	AppSyncProtectedByWAF.yaml
900	CKV2_AWS_33	resource	aws_appsync_graphql_api	Ensure AppSync is protected by WAF	Terraform	AppSyncProtectedByWAF.yaml
901	CKV2_AWS_34	resource	aws_ssm_parameter	AWS SSM Parameter should be Encrypted	Terraform	AWSSSMParameterShouldBeEncrypted.yaml
902	CKV2_AWS_35	resource	aws_route	AWS NAT Gateways should be utilized for the default route	Terraform	AWSNATGatewaysshouldbeutilized.yaml
903	CKV2_AWS_35	resource	aws_route_table	AWS NAT Gateways should be utilized for the default route	Terraform	AWSNATGatewaysshouldbeutilized.yaml
904	CKV2_AWS_36	resource	aws_ssm_parameter	Ensure terraform is not sending SSM secrets to untrusted domains over HTTP	Terraform	HTTPNotSendingPasswords.yaml
905	CKV2_AWS_36	resource	data.http	Ensure terraform is not sending SSM secrets to untrusted domains over HTTP	Terraform	HTTPNotSendingPasswords.yaml
906	CKV2_AWS_37	resource	aws	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
907	CKV2_AWS_37	resource	aws_accessanalyzer_analyzer	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
908	CKV2_AWS_37	resource	aws_acm_certificate	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
909	CKV2_AWS_37	resource	aws_acm_certificate_validation	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
910	CKV2_AWS_37	resource	aws_acmpca_certificate_authority	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
911	CKV2_AWS_37	resource	aws_ami	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
912	CKV2_AWS_37	resource	aws_ami_copy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
913	CKV2_AWS_37	resource	aws_ami_from_instance	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
914	CKV2_AWS_37	resource	aws_ami_launch_permission	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
915	CKV2_AWS_37	resource	aws_api_gateway_account	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
916	CKV2_AWS_37	resource	aws_api_gateway_api_key	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
917	CKV2_AWS_37	resource	aws_api_gateway_authorizer	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
918	CKV2_AWS_37	resource	aws_api_gateway_base_path_mapping	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
919	CKV2_AWS_37	resource	aws_api_gateway_client_certificate	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
920	CKV2_AWS_37	resource	aws_api_gateway_deployment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
921	CKV2_AWS_37	resource	aws_api_gateway_documentation_part	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
922	CKV2_AWS_37	resource	aws_api_gateway_documentation_version	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
923	CKV2_AWS_37	resource	aws_api_gateway_domain_name	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
924	CKV2_AWS_37	resource	aws_api_gateway_gateway_response	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
925	CKV2_AWS_37	resource	aws_api_gateway_integration	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
926	CKV2_AWS_37	resource	aws_api_gateway_integration_response	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
927	CKV2_AWS_37	resource	aws_api_gateway_method	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
928	CKV2_AWS_37	resource	aws_api_gateway_method_response	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
929	CKV2_AWS_37	resource	aws_api_gateway_method_settings	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
930	CKV2_AWS_37	resource	aws_api_gateway_model	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
931	CKV2_AWS_37	resource	aws_api_gateway_request_validator	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
932	CKV2_AWS_37	resource	aws_api_gateway_resource	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
933	CKV2_AWS_37	resource	aws_api_gateway_rest_api	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
934	CKV2_AWS_37	resource	aws_api_gateway_stage	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
935	CKV2_AWS_37	resource	aws_api_gateway_usage_plan	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
936	CKV2_AWS_37	resource	aws_api_gateway_usage_plan_key	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
937	CKV2_AWS_37	resource	aws_api_gateway_vpc_link	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
938	CKV2_AWS_37	resource	aws_apigatewayv2_api	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
939	CKV2_AWS_37	resource	aws_apigatewayv2_api_mapping	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
940	CKV2_AWS_37	resource	aws_apigatewayv2_authorizer	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
941	CKV2_AWS_37	resource	aws_apigatewayv2_deployment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
942	CKV2_AWS_37	resource	aws_apigatewayv2_domain_name	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
943	CKV2_AWS_37	resource	aws_apigatewayv2_integration	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
944	CKV2_AWS_37	resource	aws_apigatewayv2_integration_response	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
945	CKV2_AWS_37	resource	aws_apigatewayv2_model	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
946	CKV2_AWS_37	resource	aws_apigatewayv2_route	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
947	CKV2_AWS_37	resource	aws_apigatewayv2_route_response	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
948	CKV2_AWS_37	resource	aws_apigatewayv2_stage	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
949	CKV2_AWS_37	resource	aws_apigatewayv2_vpc_link	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
950	CKV2_AWS_37	resource	aws_app_cookie_stickiness_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
951	CKV2_AWS_37	resource	aws_appautoscaling_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
952	CKV2_AWS_37	resource	aws_appautoscaling_scheduled_action	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
953	CKV2_AWS_37	resource	aws_appautoscaling_target	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
954	CKV2_AWS_37	resource	aws_appmesh_mesh	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
955	CKV2_AWS_37	resource	aws_appmesh_route	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
956	CKV2_AWS_37	resource	aws_appmesh_virtual_node	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
957	CKV2_AWS_37	resource	aws_appmesh_virtual_router	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
958	CKV2_AWS_37	resource	aws_appmesh_virtual_service	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
959	CKV2_AWS_37	resource	aws_appsync_api_key	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
960	CKV2_AWS_37	resource	aws_appsync_datasource	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
961	CKV2_AWS_37	resource	aws_appsync_function	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
962	CKV2_AWS_37	resource	aws_appsync_graphql_api	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
963	CKV2_AWS_37	resource	aws_appsync_resolver	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
964	CKV2_AWS_37	resource	aws_athena_database	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
965	CKV2_AWS_37	resource	aws_athena_named_query	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
966	CKV2_AWS_37	resource	aws_athena_workgroup	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
967	CKV2_AWS_37	resource	aws_autoscaling_attachment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
968	CKV2_AWS_37	resource	aws_autoscaling_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
969	CKV2_AWS_37	resource	aws_autoscaling_lifecycle_hook	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
970	CKV2_AWS_37	resource	aws_autoscaling_notification	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
971	CKV2_AWS_37	resource	aws_autoscaling_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
972	CKV2_AWS_37	resource	aws_autoscaling_schedule	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
973	CKV2_AWS_37	resource	aws_backup_plan	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
974	CKV2_AWS_37	resource	aws_backup_selection	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
975	CKV2_AWS_37	resource	aws_backup_vault	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
976	CKV2_AWS_37	resource	aws_batch_compute_environment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
977	CKV2_AWS_37	resource	aws_batch_job_definition	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
978	CKV2_AWS_37	resource	aws_batch_job_queue	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
979	CKV2_AWS_37	resource	aws_budgets_budget	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
980	CKV2_AWS_37	resource	aws_cloud9_environment_ec2	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
981	CKV2_AWS_37	resource	aws_cloudformation_stack	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
982	CKV2_AWS_37	resource	aws_cloudformation_stack_set	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
983	CKV2_AWS_37	resource	aws_cloudformation_stack_set_instance	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
984	CKV2_AWS_37	resource	aws_cloudfront_distribution	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
985	CKV2_AWS_37	resource	aws_cloudfront_origin_access_identity	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
986	CKV2_AWS_37	resource	aws_cloudfront_public_key	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
987	CKV2_AWS_37	resource	aws_cloudhsm_v2_cluster	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
988	CKV2_AWS_37	resource	aws_cloudhsm_v2_hsm	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
989	CKV2_AWS_37	resource	aws_cloudtrail	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
990	CKV2_AWS_37	resource	aws_cloudwatch_dashboard	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
991	CKV2_AWS_37	resource	aws_cloudwatch_event_permission	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
992	CKV2_AWS_37	resource	aws_cloudwatch_event_rule	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
993	CKV2_AWS_37	resource	aws_cloudwatch_event_target	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
994	CKV2_AWS_37	resource	aws_cloudwatch_log_destination	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
995	CKV2_AWS_37	resource	aws_cloudwatch_log_destination_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
996	CKV2_AWS_37	resource	aws_cloudwatch_log_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
997	CKV2_AWS_37	resource	aws_cloudwatch_log_metric_filter	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
998	CKV2_AWS_37	resource	aws_cloudwatch_log_resource_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
999	CKV2_AWS_37	resource	aws_cloudwatch_log_stream	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1000	CKV2_AWS_37	resource	aws_cloudwatch_log_subscription_filter	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1001	CKV2_AWS_37	resource	aws_cloudwatch_metric_alarm	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1002	CKV2_AWS_37	resource	aws_codebuild_project	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1003	CKV2_AWS_37	resource	aws_codebuild_source_credential	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1004	CKV2_AWS_37	resource	aws_codebuild_webhook	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1005	CKV2_AWS_37	resource	aws_codecommit_repository	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1006	CKV2_AWS_37	resource	aws_codecommit_trigger	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1007	CKV2_AWS_37	resource	aws_codedeploy_app	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1008	CKV2_AWS_37	resource	aws_codedeploy_deployment_config	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1009	CKV2_AWS_37	resource	aws_codedeploy_deployment_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1010	CKV2_AWS_37	resource	aws_codepipeline	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1011	CKV2_AWS_37	resource	aws_codepipeline_webhook	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1012	CKV2_AWS_37	resource	aws_codestarnotifications_notification_rule	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1013	CKV2_AWS_37	resource	aws_cognito_identity_pool	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1014	CKV2_AWS_37	resource	aws_cognito_identity_pool_roles_attachment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1015	CKV2_AWS_37	resource	aws_cognito_identity_provider	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1016	CKV2_AWS_37	resource	aws_cognito_resource_server	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1017	CKV2_AWS_37	resource	aws_cognito_user_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1018	CKV2_AWS_37	resource	aws_cognito_user_pool	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1019	CKV2_AWS_37	resource	aws_cognito_user_pool_client	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1020	CKV2_AWS_37	resource	aws_cognito_user_pool_domain	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1021	CKV2_AWS_37	resource	aws_config_aggregate_authorization	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1022	CKV2_AWS_37	resource	aws_config_config_rule	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1023	CKV2_AWS_37	resource	aws_config_configuration_aggregator	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1024	CKV2_AWS_37	resource	aws_config_configuration_recorder	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1025	CKV2_AWS_37	resource	aws_config_configuration_recorder_status	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1026	CKV2_AWS_37	resource	aws_config_delivery_channel	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1027	CKV2_AWS_37	resource	aws_config_organization_custom_rule	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1028	CKV2_AWS_37	resource	aws_config_organization_managed_rule	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1029	CKV2_AWS_37	resource	aws_cur_report_definition	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1030	CKV2_AWS_37	resource	aws_customer_gateway	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1031	CKV2_AWS_37	resource	aws_datapipeline_pipeline	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1032	CKV2_AWS_37	resource	aws_datasync_agent	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1033	CKV2_AWS_37	resource	aws_datasync_location_efs	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1034	CKV2_AWS_37	resource	aws_datasync_location_nfs	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1035	CKV2_AWS_37	resource	aws_datasync_location_s3	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1036	CKV2_AWS_37	resource	aws_datasync_location_smb	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1037	CKV2_AWS_37	resource	aws_datasync_task	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1038	CKV2_AWS_37	resource	aws_dax_cluster	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1039	CKV2_AWS_37	resource	aws_dax_parameter_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1040	CKV2_AWS_37	resource	aws_dax_subnet_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1041	CKV2_AWS_37	resource	aws_db_cluster_snapshot	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1042	CKV2_AWS_37	resource	aws_db_event_subscription	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1043	CKV2_AWS_37	resource	aws_db_instance	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1044	CKV2_AWS_37	resource	aws_db_instance_role_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1045	CKV2_AWS_37	resource	aws_db_option_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1046	CKV2_AWS_37	resource	aws_db_parameter_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1047	CKV2_AWS_37	resource	aws_db_security_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1048	CKV2_AWS_37	resource	aws_db_snapshot	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1049	CKV2_AWS_37	resource	aws_db_subnet_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1050	CKV2_AWS_37	resource	aws_default_network_acl	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1051	CKV2_AWS_37	resource	aws_default_route_table	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1052	CKV2_AWS_37	resource	aws_default_security_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1053	CKV2_AWS_37	resource	aws_default_subnet	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1054	CKV2_AWS_37	resource	aws_default_vpc	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1055	CKV2_AWS_37	resource	aws_default_vpc_dhcp_options	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1056	CKV2_AWS_37	resource	aws_devicefarm_project	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1057	CKV2_AWS_37	resource	aws_directory_service_conditional_forwarder	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1058	CKV2_AWS_37	resource	aws_directory_service_directory	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1059	CKV2_AWS_37	resource	aws_directory_service_log_subscription	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1060	CKV2_AWS_37	resource	aws_dlm_lifecycle_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1061	CKV2_AWS_37	resource	aws_dms_certificate	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1062	CKV2_AWS_37	resource	aws_dms_endpoint	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1063	CKV2_AWS_37	resource	aws_dms_event_subscription	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1064	CKV2_AWS_37	resource	aws_dms_replication_instance	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1065	CKV2_AWS_37	resource	aws_dms_replication_subnet_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1066	CKV2_AWS_37	resource	aws_dms_replication_task	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1067	CKV2_AWS_37	resource	aws_docdb_cluster	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1068	CKV2_AWS_37	resource	aws_docdb_cluster_instance	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1069	CKV2_AWS_37	resource	aws_docdb_cluster_parameter_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1070	CKV2_AWS_37	resource	aws_docdb_cluster_snapshot	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1071	CKV2_AWS_37	resource	aws_docdb_subnet_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1072	CKV2_AWS_37	resource	aws_dx_bgp_peer	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1073	CKV2_AWS_37	resource	aws_dx_connection	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1074	CKV2_AWS_37	resource	aws_dx_connection_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1075	CKV2_AWS_37	resource	aws_dx_gateway	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1076	CKV2_AWS_37	resource	aws_dx_gateway_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1077	CKV2_AWS_37	resource	aws_dx_gateway_association_proposal	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1078	CKV2_AWS_37	resource	aws_dx_hosted_private_virtual_interface	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1079	CKV2_AWS_37	resource	aws_dx_hosted_private_virtual_interface_accepter	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1080	CKV2_AWS_37	resource	aws_dx_hosted_public_virtual_interface	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1081	CKV2_AWS_37	resource	aws_dx_hosted_public_virtual_interface_accepter	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1082	CKV2_AWS_37	resource	aws_dx_hosted_transit_virtual_interface	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1083	CKV2_AWS_37	resource	aws_dx_hosted_transit_virtual_interface_accepter	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1084	CKV2_AWS_37	resource	aws_dx_lag	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1085	CKV2_AWS_37	resource	aws_dx_private_virtual_interface	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1086	CKV2_AWS_37	resource	aws_dx_public_virtual_interface	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1087	CKV2_AWS_37	resource	aws_dx_transit_virtual_interface	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1088	CKV2_AWS_37	resource	aws_dynamodb_global_table	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1089	CKV2_AWS_37	resource	aws_dynamodb_table	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1090	CKV2_AWS_37	resource	aws_dynamodb_table_item	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1091	CKV2_AWS_37	resource	aws_ebs_default_kms_key	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1092	CKV2_AWS_37	resource	aws_ebs_encryption_by_default	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1093	CKV2_AWS_37	resource	aws_ebs_snapshot	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1094	CKV2_AWS_37	resource	aws_ebs_snapshot_copy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1095	CKV2_AWS_37	resource	aws_ebs_volume	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1096	CKV2_AWS_37	resource	aws_ec2_availability_zone_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1097	CKV2_AWS_37	resource	aws_ec2_capacity_reservation	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1098	CKV2_AWS_37	resource	aws_ec2_client_vpn_authorization_rule	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1099	CKV2_AWS_37	resource	aws_ec2_client_vpn_endpoint	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1100	CKV2_AWS_37	resource	aws_ec2_client_vpn_network_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1101	CKV2_AWS_37	resource	aws_ec2_client_vpn_route	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1102	CKV2_AWS_37	resource	aws_ec2_fleet	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1103	CKV2_AWS_37	resource	aws_ec2_local_gateway_route	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1104	CKV2_AWS_37	resource	aws_ec2_local_gateway_route_table_vpc_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1105	CKV2_AWS_37	resource	aws_ec2_tag	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1106	CKV2_AWS_37	resource	aws_ec2_traffic_mirror_filter	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1107	CKV2_AWS_37	resource	aws_ec2_traffic_mirror_filter_rule	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1108	CKV2_AWS_37	resource	aws_ec2_traffic_mirror_session	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1109	CKV2_AWS_37	resource	aws_ec2_traffic_mirror_target	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1110	CKV2_AWS_37	resource	aws_ec2_transit_gateway	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1111	CKV2_AWS_37	resource	aws_ec2_transit_gateway_peering_attachment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1112	CKV2_AWS_37	resource	aws_ec2_transit_gateway_peering_attachment_accepter	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1113	CKV2_AWS_37	resource	aws_ec2_transit_gateway_route	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1114	CKV2_AWS_37	resource	aws_ec2_transit_gateway_route_table	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1115	CKV2_AWS_37	resource	aws_ec2_transit_gateway_route_table_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1116	CKV2_AWS_37	resource	aws_ec2_transit_gateway_route_table_propagation	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1117	CKV2_AWS_37	resource	aws_ec2_transit_gateway_vpc_attachment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1118	CKV2_AWS_37	resource	aws_ec2_transit_gateway_vpc_attachment_accepter	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1119	CKV2_AWS_37	resource	aws_ecr_lifecycle_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1120	CKV2_AWS_37	resource	aws_ecr_repository	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1121	CKV2_AWS_37	resource	aws_ecr_repository_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1122	CKV2_AWS_37	resource	aws_ecs_capacity_provider	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1123	CKV2_AWS_37	resource	aws_ecs_cluster	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1124	CKV2_AWS_37	resource	aws_ecs_service	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1125	CKV2_AWS_37	resource	aws_ecs_task_definition	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1126	CKV2_AWS_37	resource	aws_efs_access_point	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1127	CKV2_AWS_37	resource	aws_efs_file_system	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1128	CKV2_AWS_37	resource	aws_efs_file_system_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1129	CKV2_AWS_37	resource	aws_efs_mount_target	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1130	CKV2_AWS_37	resource	aws_egress_only_internet_gateway	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1131	CKV2_AWS_37	resource	aws_eip	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1132	CKV2_AWS_37	resource	aws_eip_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1133	CKV2_AWS_37	resource	aws_eks_cluster	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1134	CKV2_AWS_37	resource	aws_eks_fargate_profile	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1135	CKV2_AWS_37	resource	aws_eks_node_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1136	CKV2_AWS_37	resource	aws_elastic_beanstalk_application	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1137	CKV2_AWS_37	resource	aws_elastic_beanstalk_application_version	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1138	CKV2_AWS_37	resource	aws_elastic_beanstalk_configuration_template	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1139	CKV2_AWS_37	resource	aws_elastic_beanstalk_environment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1140	CKV2_AWS_37	resource	aws_elasticache_cluster	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1141	CKV2_AWS_37	resource	aws_elasticache_parameter_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1142	CKV2_AWS_37	resource	aws_elasticache_replication_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1143	CKV2_AWS_37	resource	aws_elasticache_security_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1144	CKV2_AWS_37	resource	aws_elasticache_subnet_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1145	CKV2_AWS_37	resource	aws_elasticsearch_domain	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1146	CKV2_AWS_37	resource	aws_elasticsearch_domain_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1147	CKV2_AWS_37	resource	aws_elastictranscoder_pipeline	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1148	CKV2_AWS_37	resource	aws_elastictranscoder_preset	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1149	CKV2_AWS_37	resource	aws_elb	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1150	CKV2_AWS_37	resource	aws_elb_attachment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1151	CKV2_AWS_37	resource	aws_emr_cluster	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1152	CKV2_AWS_37	resource	aws_emr_instance_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1153	CKV2_AWS_37	resource	aws_emr_security_configuration	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1154	CKV2_AWS_37	resource	aws_flow_log	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1155	CKV2_AWS_37	resource	aws_fms_admin_account	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1156	CKV2_AWS_37	resource	aws_fsx_lustre_file_system	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1157	CKV2_AWS_37	resource	aws_fsx_windows_file_system	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1158	CKV2_AWS_37	resource	aws_gamelift_alias	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1159	CKV2_AWS_37	resource	aws_gamelift_build	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1160	CKV2_AWS_37	resource	aws_gamelift_fleet	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1161	CKV2_AWS_37	resource	aws_gamelift_game_session_queue	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1162	CKV2_AWS_37	resource	aws_glacier_vault	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1163	CKV2_AWS_37	resource	aws_glacier_vault_lock	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1164	CKV2_AWS_37	resource	aws_globalaccelerator_accelerator	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1165	CKV2_AWS_37	resource	aws_globalaccelerator_endpoint_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1166	CKV2_AWS_37	resource	aws_globalaccelerator_listener	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1167	CKV2_AWS_37	resource	aws_glue_catalog_database	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1168	CKV2_AWS_37	resource	aws_glue_catalog_table	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1169	CKV2_AWS_37	resource	aws_glue_classifier	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1170	CKV2_AWS_37	resource	aws_glue_connection	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1171	CKV2_AWS_37	resource	aws_glue_crawler	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1172	CKV2_AWS_37	resource	aws_glue_job	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1173	CKV2_AWS_37	resource	aws_glue_security_configuration	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1174	CKV2_AWS_37	resource	aws_glue_trigger	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1175	CKV2_AWS_37	resource	aws_glue_workflow	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1176	CKV2_AWS_37	resource	aws_guardduty_detector	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1177	CKV2_AWS_37	resource	aws_guardduty_invite_accepter	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1178	CKV2_AWS_37	resource	aws_guardduty_ipset	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1179	CKV2_AWS_37	resource	aws_guardduty_member	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1180	CKV2_AWS_37	resource	aws_guardduty_organization_admin_account	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1181	CKV2_AWS_37	resource	aws_guardduty_organization_configuration	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1182	CKV2_AWS_37	resource	aws_guardduty_threatintelset	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1183	CKV2_AWS_37	resource	aws_iam_access_key	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1184	CKV2_AWS_37	resource	aws_iam_account_alias	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1185	CKV2_AWS_37	resource	aws_iam_account_password_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1186	CKV2_AWS_37	resource	aws_iam_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1187	CKV2_AWS_37	resource	aws_iam_group_membership	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1188	CKV2_AWS_37	resource	aws_iam_group_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1189	CKV2_AWS_37	resource	aws_iam_group_policy_attachment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1190	CKV2_AWS_37	resource	aws_iam_instance_profile	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1191	CKV2_AWS_37	resource	aws_iam_openid_connect_provider	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1192	CKV2_AWS_37	resource	aws_iam_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1193	CKV2_AWS_37	resource	aws_iam_policy_attachment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1194	CKV2_AWS_37	resource	aws_iam_policy_document	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1195	CKV2_AWS_37	resource	aws_iam_role	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1196	CKV2_AWS_37	resource	aws_iam_role_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1197	CKV2_AWS_37	resource	aws_iam_role_policy_attachment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1198	CKV2_AWS_37	resource	aws_iam_saml_provider	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1199	CKV2_AWS_37	resource	aws_iam_server_certificate	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1200	CKV2_AWS_37	resource	aws_iam_service_linked_role	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1201	CKV2_AWS_37	resource	aws_iam_user	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1202	CKV2_AWS_37	resource	aws_iam_user_group_membership	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1203	CKV2_AWS_37	resource	aws_iam_user_login_profile	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1204	CKV2_AWS_37	resource	aws_iam_user_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1205	CKV2_AWS_37	resource	aws_iam_user_policy_attachment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1206	CKV2_AWS_37	resource	aws_iam_user_ssh_key	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1207	CKV2_AWS_37	resource	aws_inspector_assessment_target	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1208	CKV2_AWS_37	resource	aws_inspector_assessment_template	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1209	CKV2_AWS_37	resource	aws_inspector_resource_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1210	CKV2_AWS_37	resource	aws_instance	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1211	CKV2_AWS_37	resource	aws_internet_gateway	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1212	CKV2_AWS_37	resource	aws_iot_certificate	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1213	CKV2_AWS_37	resource	aws_iot_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1214	CKV2_AWS_37	resource	aws_iot_policy_attachment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1215	CKV2_AWS_37	resource	aws_iot_role_alias	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1216	CKV2_AWS_37	resource	aws_iot_thing	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1217	CKV2_AWS_37	resource	aws_iot_thing_principal_attachment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1218	CKV2_AWS_37	resource	aws_iot_thing_type	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1219	CKV2_AWS_37	resource	aws_iot_topic_rule	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1220	CKV2_AWS_37	resource	aws_key_pair	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1221	CKV2_AWS_37	resource	aws_kinesis_analytics_application	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1222	CKV2_AWS_37	resource	aws_kinesis_firehose_delivery_stream	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1223	CKV2_AWS_37	resource	aws_kinesis_stream	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1224	CKV2_AWS_37	resource	aws_kinesis_video_stream	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1225	CKV2_AWS_37	resource	aws_kms_alias	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1226	CKV2_AWS_37	resource	aws_kms_ciphertext	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1227	CKV2_AWS_37	resource	aws_kms_external_key	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1228	CKV2_AWS_37	resource	aws_kms_grant	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1229	CKV2_AWS_37	resource	aws_kms_key	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1230	CKV2_AWS_37	resource	aws_lambda_alias	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1231	CKV2_AWS_37	resource	aws_lambda_event_source_mapping	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1232	CKV2_AWS_37	resource	aws_lambda_function	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1233	CKV2_AWS_37	resource	aws_lambda_function_event_invoke_config	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1234	CKV2_AWS_37	resource	aws_lambda_layer_version	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1235	CKV2_AWS_37	resource	aws_lambda_permission	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1236	CKV2_AWS_37	resource	aws_lambda_provisioned_concurrency_config	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1237	CKV2_AWS_37	resource	aws_launch_configuration	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1238	CKV2_AWS_37	resource	aws_launch_template	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1239	CKV2_AWS_37	resource	aws_lb	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1240	CKV2_AWS_37	resource	aws_lb_cookie_stickiness_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1241	CKV2_AWS_37	resource	aws_lb_listener	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1242	CKV2_AWS_37	resource	aws_lb_listener_certificate	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1243	CKV2_AWS_37	resource	aws_lb_listener_rule	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1244	CKV2_AWS_37	resource	aws_lb_ssl_negotiation_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1245	CKV2_AWS_37	resource	aws_lb_target_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1246	CKV2_AWS_37	resource	aws_lb_target_group_attachment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1247	CKV2_AWS_37	resource	aws_licensemanager_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1248	CKV2_AWS_37	resource	aws_licensemanager_license_configuration	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1249	CKV2_AWS_37	resource	aws_lightsail_domain	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1250	CKV2_AWS_37	resource	aws_lightsail_instance	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1251	CKV2_AWS_37	resource	aws_lightsail_key_pair	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1252	CKV2_AWS_37	resource	aws_lightsail_static_ip	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1253	CKV2_AWS_37	resource	aws_lightsail_static_ip_attachment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1254	CKV2_AWS_37	resource	aws_load_balancer_backend_server_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1255	CKV2_AWS_37	resource	aws_load_balancer_listener_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1256	CKV2_AWS_37	resource	aws_load_balancer_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1257	CKV2_AWS_37	resource	aws_macie_member_account_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1258	CKV2_AWS_37	resource	aws_macie_s3_bucket_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1259	CKV2_AWS_37	resource	aws_main_route_table_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1260	CKV2_AWS_37	resource	aws_media_convert_queue	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1261	CKV2_AWS_37	resource	aws_media_package_channel	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1262	CKV2_AWS_37	resource	aws_media_store_container	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1263	CKV2_AWS_37	resource	aws_media_store_container_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1264	CKV2_AWS_37	resource	aws_mq_broker	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1265	CKV2_AWS_37	resource	aws_mq_configuration	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1266	CKV2_AWS_37	resource	aws_msk_cluster	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1267	CKV2_AWS_37	resource	aws_msk_configuration	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1268	CKV2_AWS_37	resource	aws_nat_gateway	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1269	CKV2_AWS_37	resource	aws_neptune_cluster	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1270	CKV2_AWS_37	resource	aws_neptune_cluster_instance	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1271	CKV2_AWS_37	resource	aws_neptune_cluster_parameter_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1272	CKV2_AWS_37	resource	aws_neptune_cluster_snapshot	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1273	CKV2_AWS_37	resource	aws_neptune_event_subscription	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1274	CKV2_AWS_37	resource	aws_neptune_parameter_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1275	CKV2_AWS_37	resource	aws_neptune_subnet_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1276	CKV2_AWS_37	resource	aws_network_acl	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1277	CKV2_AWS_37	resource	aws_network_acl_rule	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1278	CKV2_AWS_37	resource	aws_network_interface	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1279	CKV2_AWS_37	resource	aws_network_interface_attachment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1280	CKV2_AWS_37	resource	aws_network_interface_sg_attachment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1281	CKV2_AWS_37	resource	aws_opsworks_application	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1282	CKV2_AWS_37	resource	aws_opsworks_custom_layer	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1283	CKV2_AWS_37	resource	aws_opsworks_ganglia_layer	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1284	CKV2_AWS_37	resource	aws_opsworks_haproxy_layer	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1285	CKV2_AWS_37	resource	aws_opsworks_instance	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1286	CKV2_AWS_37	resource	aws_opsworks_java_app_layer	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1287	CKV2_AWS_37	resource	aws_opsworks_memcached_layer	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1288	CKV2_AWS_37	resource	aws_opsworks_mysql_layer	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1289	CKV2_AWS_37	resource	aws_opsworks_nodejs_app_layer	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1290	CKV2_AWS_37	resource	aws_opsworks_permission	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1291	CKV2_AWS_37	resource	aws_opsworks_php_app_layer	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1292	CKV2_AWS_37	resource	aws_opsworks_rails_app_layer	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1293	CKV2_AWS_37	resource	aws_opsworks_rds_db_instance	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1294	CKV2_AWS_37	resource	aws_opsworks_stack	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1295	CKV2_AWS_37	resource	aws_opsworks_static_web_layer	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1296	CKV2_AWS_37	resource	aws_opsworks_user_profile	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1297	CKV2_AWS_37	resource	aws_organizations_account	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1298	CKV2_AWS_37	resource	aws_organizations_organization	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1299	CKV2_AWS_37	resource	aws_organizations_organizational_unit	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1300	CKV2_AWS_37	resource	aws_organizations_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1301	CKV2_AWS_37	resource	aws_organizations_policy_attachment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1302	CKV2_AWS_37	resource	aws_pinpoint_adm_channel	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1303	CKV2_AWS_37	resource	aws_pinpoint_apns_channel	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1304	CKV2_AWS_37	resource	aws_pinpoint_apns_sandbox_channel	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1305	CKV2_AWS_37	resource	aws_pinpoint_apns_voip_channel	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1306	CKV2_AWS_37	resource	aws_pinpoint_apns_voip_sandbox_channel	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1307	CKV2_AWS_37	resource	aws_pinpoint_app	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1308	CKV2_AWS_37	resource	aws_pinpoint_baidu_channel	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1309	CKV2_AWS_37	resource	aws_pinpoint_email_channel	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1310	CKV2_AWS_37	resource	aws_pinpoint_event_stream	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1311	CKV2_AWS_37	resource	aws_pinpoint_gcm_channel	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1312	CKV2_AWS_37	resource	aws_pinpoint_sms_channel	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1313	CKV2_AWS_37	resource	aws_placement_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1314	CKV2_AWS_37	resource	aws_proxy_protocol_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1315	CKV2_AWS_37	resource	aws_qldb_ledger	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1316	CKV2_AWS_37	resource	aws_quicksight_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1317	CKV2_AWS_37	resource	aws_quicksight_user	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1318	CKV2_AWS_37	resource	aws_ram_principal_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1319	CKV2_AWS_37	resource	aws_ram_resource_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1320	CKV2_AWS_37	resource	aws_ram_resource_share	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1321	CKV2_AWS_37	resource	aws_ram_resource_share_accepter	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1322	CKV2_AWS_37	resource	aws_rds_cluster	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1323	CKV2_AWS_37	resource	aws_rds_cluster_endpoint	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1324	CKV2_AWS_37	resource	aws_rds_cluster_instance	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1325	CKV2_AWS_37	resource	aws_rds_cluster_parameter_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1326	CKV2_AWS_37	resource	aws_rds_global_cluster	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1327	CKV2_AWS_37	resource	aws_redshift_cluster	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1328	CKV2_AWS_37	resource	aws_redshift_event_subscription	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1329	CKV2_AWS_37	resource	aws_redshift_parameter_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1330	CKV2_AWS_37	resource	aws_redshift_security_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1331	CKV2_AWS_37	resource	aws_redshift_snapshot_copy_grant	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1332	CKV2_AWS_37	resource	aws_redshift_snapshot_schedule	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1333	CKV2_AWS_37	resource	aws_redshift_snapshot_schedule_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1334	CKV2_AWS_37	resource	aws_redshift_subnet_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1335	CKV2_AWS_37	resource	aws_resourcegroups_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1336	CKV2_AWS_37	resource	aws_root	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1337	CKV2_AWS_37	resource	aws_root_access_key	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1338	CKV2_AWS_37	resource	aws_route	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1339	CKV2_AWS_37	resource	aws_route53_delegation_set	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1340	CKV2_AWS_37	resource	aws_route53_health_check	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1341	CKV2_AWS_37	resource	aws_route53_query_log	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1342	CKV2_AWS_37	resource	aws_route53_record	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1343	CKV2_AWS_37	resource	aws_route53_resolver_endpoint	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1344	CKV2_AWS_37	resource	aws_route53_resolver_rule	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1345	CKV2_AWS_37	resource	aws_route53_resolver_rule_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1346	CKV2_AWS_37	resource	aws_route53_vpc_association_authorization	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1347	CKV2_AWS_37	resource	aws_route53_zone	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1348	CKV2_AWS_37	resource	aws_route53_zone_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1349	CKV2_AWS_37	resource	aws_route_table	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1350	CKV2_AWS_37	resource	aws_route_table_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1351	CKV2_AWS_37	resource	aws_s3_access_point	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1352	CKV2_AWS_37	resource	aws_s3_account_public_access_block	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1353	CKV2_AWS_37	resource	aws_s3_bucket	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1354	CKV2_AWS_37	resource	aws_s3_bucket_analytics_configuration	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1355	CKV2_AWS_37	resource	aws_s3_bucket_inventory	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1356	CKV2_AWS_37	resource	aws_s3_bucket_metric	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1357	CKV2_AWS_37	resource	aws_s3_bucket_notification	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1358	CKV2_AWS_37	resource	aws_s3_bucket_object	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1359	CKV2_AWS_37	resource	aws_s3_bucket_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1360	CKV2_AWS_37	resource	aws_s3_bucket_public_access_block	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1361	CKV2_AWS_37	resource	aws_sagemaker_endpoint	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1362	CKV2_AWS_37	resource	aws_sagemaker_endpoint_configuration	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1363	CKV2_AWS_37	resource	aws_sagemaker_model	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1364	CKV2_AWS_37	resource	aws_sagemaker_notebook_instance	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1365	CKV2_AWS_37	resource	aws_sagemaker_notebook_instance_lifecycle_configuration	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1366	CKV2_AWS_37	resource	aws_secretsmanager_secret	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1367	CKV2_AWS_37	resource	aws_secretsmanager_secret_rotation	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1368	CKV2_AWS_37	resource	aws_secretsmanager_secret_version	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1369	CKV2_AWS_37	resource	aws_security_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1370	CKV2_AWS_37	resource	aws_security_group_rule	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1371	CKV2_AWS_37	resource	aws_securityhub_account	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1372	CKV2_AWS_37	resource	aws_securityhub_member	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1373	CKV2_AWS_37	resource	aws_securityhub_product_subscription	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1374	CKV2_AWS_37	resource	aws_securityhub_standards_subscription	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1375	CKV2_AWS_37	resource	aws_service_discovery_http_namespace	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1376	CKV2_AWS_37	resource	aws_service_discovery_private_dns_namespace	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1377	CKV2_AWS_37	resource	aws_service_discovery_public_dns_namespace	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1378	CKV2_AWS_37	resource	aws_service_discovery_service	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1379	CKV2_AWS_37	resource	aws_servicecatalog_portfolio	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1380	CKV2_AWS_37	resource	aws_servicequotas_service_quota	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1381	CKV2_AWS_37	resource	aws_ses_active_receipt_rule_set	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1382	CKV2_AWS_37	resource	aws_ses_configuration_set	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1383	CKV2_AWS_37	resource	aws_ses_domain_dkim	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1384	CKV2_AWS_37	resource	aws_ses_domain_identity	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1385	CKV2_AWS_37	resource	aws_ses_domain_identity_verification	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1386	CKV2_AWS_37	resource	aws_ses_domain_mail_from	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1387	CKV2_AWS_37	resource	aws_ses_email_identity	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1388	CKV2_AWS_37	resource	aws_ses_event_destination	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1389	CKV2_AWS_37	resource	aws_ses_identity_notification_topic	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1390	CKV2_AWS_37	resource	aws_ses_identity_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1391	CKV2_AWS_37	resource	aws_ses_receipt_filter	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1392	CKV2_AWS_37	resource	aws_ses_receipt_rule	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1393	CKV2_AWS_37	resource	aws_ses_receipt_rule_set	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1394	CKV2_AWS_37	resource	aws_ses_template	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1395	CKV2_AWS_37	resource	aws_sfn_activity	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1396	CKV2_AWS_37	resource	aws_sfn_state_machine	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1397	CKV2_AWS_37	resource	aws_shield_protection	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1398	CKV2_AWS_37	resource	aws_simpledb_domain	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1399	CKV2_AWS_37	resource	aws_snapshot_create_volume_permission	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1400	CKV2_AWS_37	resource	aws_sns_platform_application	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1401	CKV2_AWS_37	resource	aws_sns_sms_preferences	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1402	CKV2_AWS_37	resource	aws_sns_topic	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1403	CKV2_AWS_37	resource	aws_sns_topic_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1404	CKV2_AWS_37	resource	aws_sns_topic_subscription	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1405	CKV2_AWS_37	resource	aws_spot_datafeed_subscription	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1406	CKV2_AWS_37	resource	aws_spot_fleet_request	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1407	CKV2_AWS_37	resource	aws_spot_instance_request	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1408	CKV2_AWS_37	resource	aws_sqs_queue	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1409	CKV2_AWS_37	resource	aws_sqs_queue_policy	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1410	CKV2_AWS_37	resource	aws_ssm_activation	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1411	CKV2_AWS_37	resource	aws_ssm_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1412	CKV2_AWS_37	resource	aws_ssm_document	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1413	CKV2_AWS_37	resource	aws_ssm_maintenance_window	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1414	CKV2_AWS_37	resource	aws_ssm_maintenance_window_target	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1415	CKV2_AWS_37	resource	aws_ssm_maintenance_window_task	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1416	CKV2_AWS_37	resource	aws_ssm_parameter	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1417	CKV2_AWS_37	resource	aws_ssm_patch_baseline	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1418	CKV2_AWS_37	resource	aws_ssm_patch_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1419	CKV2_AWS_37	resource	aws_ssm_resource_data_sync	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1420	CKV2_AWS_37	resource	aws_storagegateway_cache	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1421	CKV2_AWS_37	resource	aws_storagegateway_cached_iscsi_volume	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1422	CKV2_AWS_37	resource	aws_storagegateway_gateway	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1423	CKV2_AWS_37	resource	aws_storagegateway_nfs_file_share	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1424	CKV2_AWS_37	resource	aws_storagegateway_smb_file_share	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1425	CKV2_AWS_37	resource	aws_storagegateway_upload_buffer	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1426	CKV2_AWS_37	resource	aws_storagegateway_working_storage	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1427	CKV2_AWS_37	resource	aws_subnet	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1428	CKV2_AWS_37	resource	aws_swf_domain	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1429	CKV2_AWS_37	resource	aws_transfer_server	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1430	CKV2_AWS_37	resource	aws_transfer_ssh_key	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1431	CKV2_AWS_37	resource	aws_transfer_user	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1432	CKV2_AWS_37	resource	aws_volume_attachment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1433	CKV2_AWS_37	resource	aws_vpc	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1434	CKV2_AWS_37	resource	aws_vpc_dhcp_options	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1435	CKV2_AWS_37	resource	aws_vpc_dhcp_options_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1436	CKV2_AWS_37	resource	aws_vpc_endpoint	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1437	CKV2_AWS_37	resource	aws_vpc_endpoint_connection_notification	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1438	CKV2_AWS_37	resource	aws_vpc_endpoint_route_table_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1439	CKV2_AWS_37	resource	aws_vpc_endpoint_service	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1440	CKV2_AWS_37	resource	aws_vpc_endpoint_service_allowed_principal	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1441	CKV2_AWS_37	resource	aws_vpc_endpoint_subnet_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1442	CKV2_AWS_37	resource	aws_vpc_ipv4_cidr_block_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1443	CKV2_AWS_37	resource	aws_vpc_peering_connection	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1444	CKV2_AWS_37	resource	aws_vpc_peering_connection_accepter	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1445	CKV2_AWS_37	resource	aws_vpc_peering_connection_options	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1446	CKV2_AWS_37	resource	aws_vpn_connection	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1447	CKV2_AWS_37	resource	aws_vpn_connection_route	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1448	CKV2_AWS_37	resource	aws_vpn_gateway	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1449	CKV2_AWS_37	resource	aws_vpn_gateway_attachment	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1450	CKV2_AWS_37	resource	aws_vpn_gateway_route_propagation	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1451	CKV2_AWS_37	resource	aws_waf_byte_match_set	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1452	CKV2_AWS_37	resource	aws_waf_geo_match_set	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1453	CKV2_AWS_37	resource	aws_waf_ipset	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1454	CKV2_AWS_37	resource	aws_waf_rate_based_rule	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1455	CKV2_AWS_37	resource	aws_waf_regex_match_set	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1456	CKV2_AWS_37	resource	aws_waf_regex_pattern_set	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1457	CKV2_AWS_37	resource	aws_waf_rule	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1458	CKV2_AWS_37	resource	aws_waf_rule_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1459	CKV2_AWS_37	resource	aws_waf_size_constraint_set	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1460	CKV2_AWS_37	resource	aws_waf_sql_injection_match_set	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1461	CKV2_AWS_37	resource	aws_waf_web_acl	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1462	CKV2_AWS_37	resource	aws_waf_xss_match_set	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1463	CKV2_AWS_37	resource	aws_wafregional_byte_match_set	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1464	CKV2_AWS_37	resource	aws_wafregional_geo_match_set	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1465	CKV2_AWS_37	resource	aws_wafregional_ipset	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1466	CKV2_AWS_37	resource	aws_wafregional_rate_based_rule	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1467	CKV2_AWS_37	resource	aws_wafregional_regex_match_set	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1468	CKV2_AWS_37	resource	aws_wafregional_regex_pattern_set	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1469	CKV2_AWS_37	resource	aws_wafregional_rule	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1470	CKV2_AWS_37	resource	aws_wafregional_rule_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1471	CKV2_AWS_37	resource	aws_wafregional_size_constraint_set	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1472	CKV2_AWS_37	resource	aws_wafregional_sql_injection_match_set	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1473	CKV2_AWS_37	resource	aws_wafregional_web_acl	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1474	CKV2_AWS_37	resource	aws_wafregional_web_acl_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1475	CKV2_AWS_37	resource	aws_wafregional_xss_match_set	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1476	CKV2_AWS_37	resource	aws_wafv2_ip_set	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1477	CKV2_AWS_37	resource	aws_wafv2_regex_pattern_set	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1478	CKV2_AWS_37	resource	aws_wafv2_rule_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1479	CKV2_AWS_37	resource	aws_wafv2_web_acl	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1480	CKV2_AWS_37	resource	aws_wafv2_web_acl_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1481	CKV2_AWS_37	resource	aws_wafv2_web_acl_logging_configuration	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1482	CKV2_AWS_37	resource	aws_worklink_fleet	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1483	CKV2_AWS_37	resource	aws_worklink_website_certificate_authority_association	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1484	CKV2_AWS_37	resource	aws_workspaces_directory	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1485	CKV2_AWS_37	resource	aws_workspaces_ip_group	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1486	CKV2_AWS_37	resource	aws_workspaces_workspace	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1487	CKV2_AWS_37	resource	aws_xray_sampling_rule	Ensure CodeCommit associates an approval rule	Terraform	CodecommitApprovalRulesAttached.yaml
1488	CKV2_AWS_38	resource	aws_route53_zone	Ensure Domain Name System Security Extensions (DNSSEC) signing is enabled for Amazon Route 53 public hosted zones	Terraform	Route53ZoneEnableDNSSECSigning.yaml
1489	CKV2_AWS_39	resource	aws_route53_zone	Ensure Domain Name System (DNS) query logging is enabled for Amazon Route 53 hosted zones	Terraform	Route53ZoneHasMatchingQueryLog.yaml
1490	CKV2_AWS_40	resource	aws_iam_group_policy	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	IAMPolicyNotAllowFullIAMAccess.yaml
1491	CKV2_AWS_40	resource	aws_iam_policy	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	IAMPolicyNotAllowFullIAMAccess.yaml
1492	CKV2_AWS_40	resource	aws_iam_role_policy	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	IAMPolicyNotAllowFullIAMAccess.yaml
1493	CKV2_AWS_40	resource	aws_iam_user_policy	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	IAMPolicyNotAllowFullIAMAccess.yaml
1494	CKV2_AWS_40	resource	aws_ssoadmin_permission_set_inline_policy	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	IAMPolicyNotAllowFullIAMAccess.yaml
1495	CKV2_AWS_40	resource	data.aws_iam_policy_document	Ensure AWS IAM policy does not allow full IAM privileges	Terraform	IAMPolicyNotAllowFullIAMAccess.yaml
1496	CKV2_AWS_41	resource	aws_instance	Ensure an IAM role is attached to EC2 instance	Terraform	EC2InstanceHasIAMRoleAttached.yaml
1497	CKV2_AWS_42	resource	aws_cloudfront_distribution	Ensure AWS CloudFront distribution uses custom SSL certificate	Terraform	CloudFrontHasCustomSSLCertificate.yaml
1498	CKV2_AWS_43	resource	aws_s3_bucket_acl	Ensure S3 Bucket does not allow access to all Authenticated users	Terraform	S3NotAllowAccessToAllAuthenticatedUsers.yaml
1499	CKV2_AWS_44	resource	aws_route	Ensure AWS route table with VPC peering does not contain routes overly permissive to all traffic	Terraform	VPCPeeringRouteTableOverlyPermissive.yaml
1500	CKV2_AWS_44	resource	aws_route_table	Ensure AWS route table with VPC peering does not contain routes overly permissive to all traffic	Terraform	VPCPeeringRouteTableOverlyPermissive.yaml
1501	CKV2_AWS_45	resource	aws_config_configuration_recorder	Ensure AWS Config recorder is enabled to record all supported resources	Terraform	AWSConfigRecorderEnabled.yaml
1502	CKV2_AWS_45	resource	aws_config_configuration_recorder_status	Ensure AWS Config recorder is enabled to record all supported resources	Terraform	AWSConfigRecorderEnabled.yaml
1503	CKV2_AWS_46	resource	aws_cloudfront_distribution	Ensure AWS CloudFront Distribution with S3 have Origin Access set to enabled	Terraform	CLoudFrontS3OriginConfigWithOAI.yaml
1504	CKV2_AWS_47	resource	aws_cloudfront_distribution	Ensure AWS CloudFront attached WAFv2 WebACL is configured with AMR for Log4j Vulnerability	Terraform	CloudFrontWebACLConfiguredWIthLog4jVulnerability.yaml
1505	CKV2_AWS_47	resource	aws_wafv2_web_acl	Ensure AWS CloudFront attached WAFv2 WebACL is configured with AMR for Log4j Vulnerability	Terraform	CloudFrontWebACLConfiguredWIthLog4jVulnerability.yaml
1506	CKV2_AWS_48	resource	aws_config_configuration_recorder	Ensure AWS Config must record all possible resources	Terraform	ConfigRecorderRecordsAllGlobalResources.yaml
1507	CKV2_AWS_49	resource	aws_dms_endpoint	Ensure AWS Database Migration Service endpoints have SSL configured	Terraform	DMSEndpointHaveSSLConfigured.yaml
1508	CKV2_AWS_50	resource	aws_elasticache_replication_group	Ensure AWS ElastiCache Redis cluster with Multi-AZ Automatic Failover feature set to enabled	Terraform	ElastiCacheRedisConfiguredAutomaticFailOver.yaml
1509	CKV2_AWS_51	resource	aws_api_gateway_stage	Ensure AWS API Gateway endpoints uses client certificate authentication	Terraform	APIGatewayEndpointsUsesCertificateForAuthentication.yaml
1510	CKV2_AWS_51	resource	aws_apigatewayv2_api	Ensure AWS API Gateway endpoints uses client certificate authentication	Terraform	APIGatewayEndpointsUsesCertificateForAuthentication.yaml
1511	CKV2_AWS_51	resource	aws_apigatewayv2_stage	Ensure AWS API Gateway endpoints uses client certificate authentication	Terraform	APIGatewayEndpointsUsesCertificateForAuthentication.yaml
1512	CKV2_AWS_52	resource	aws_elasticsearch_domain	Ensure AWS ElasticSearch/OpenSearch Fine-grained access control is enabled	Terraform	OpenSearchDomainHasFineGrainedControl.yaml
1513	CKV2_AWS_52	resource	aws_opensearch_domain	Ensure AWS ElasticSearch/OpenSearch Fine-grained access control is enabled	Terraform	OpenSearchDomainHasFineGrainedControl.yaml
1514	CKV2_AWS_53	resource	aws_api_gateway_method	Ensure AWS API gateway request is validated	Terraform	APIGatewayRequestParameterValidationEnabled.yaml
1515	CKV2_AWS_54	resource	aws_cloudfront_distribution	Ensure AWS CloudFront distribution is using secure SSL protocols for HTTPS communication	Terraform	CloudFrontUsesSecureProtocolsForHTTPS.yaml
1516	CKV2_AWS_55	resource	aws_emr_cluster	Ensure AWS EMR cluster is configured with security configuration	Terraform	EMRClusterHasSecurityConfiguration.yaml
1517	CKV2_AWS_56	resource	aws_iam_group_policy_attachment	Ensure AWS Managed IAMFullAccess IAM policy is not used.	Terraform	IAMManagedIAMFullAccessPolicy.yaml
1518	CKV2_AWS_56	resource	aws_iam_policy_attachment	Ensure AWS Managed IAMFullAccess IAM policy is not used.	Terraform	IAMManagedIAMFullAccessPolicy.yaml
1519	CKV2_AWS_56	resource	aws_iam_role	Ensure AWS Managed IAMFullAccess IAM policy is not used.	Terraform	IAMManagedIAMFullAccessPolicy.yaml
1520	CKV2_AWS_56	resource	aws_iam_role_policy_attachment	Ensure AWS Managed IAMFullAccess IAM policy is not used.	Terraform	IAMManagedIAMFullAccessPolicy.yaml
1521	CKV2_AWS_56	resource	aws_iam_user_policy_attachment	Ensure AWS Managed IAMFullAccess IAM policy is not used.	Terraform	IAMManagedIAMFullAccessPolicy.yaml
1522	CKV2_AWS_56	resource	aws_ssoadmin_managed_policy_attachment	Ensure AWS Managed IAMFullAccess IAM policy is not used.	Terraform	IAMManagedIAMFullAccessPolicy.yaml
1523	CKV2_AWS_56	resource	data.aws_iam_policy	Ensure AWS Managed IAMFullAccess IAM policy is not used.	Terraform	IAMManagedIAMFullAccessPolicy.yaml
1524	CKV2_AWS_57	resource	aws_secretsmanager_secret	Ensure Secrets Manager secrets should have automatic rotation enabled	Terraform	SecretsAreRotated.yaml
1525	CKV2_AWS_58	resource	aws_neptune_cluster	Ensure AWS Neptune cluster deletion protection is enabled	Terraform	NeptuneDeletionProtectionEnabled.yaml
1526	CKV2_AWS_59	resource	aws_elasticsearch_domain	Ensure ElasticSearch/OpenSearch has dedicated master node enabled	Terraform	ElasticSearchDedicatedMasterEnabled.yaml
1527	CKV2_AWS_59	resource	aws_opensearch_domain	Ensure ElasticSearch/OpenSearch has dedicated master node enabled	Terraform	ElasticSearchDedicatedMasterEnabled.yaml
1528	CKV2_AWS_60	resource	aws_db_instance	Ensure RDS instance with copy tags to snapshots is enabled	Terraform	RDSEnableCopyTagsToSnapshot.yaml
1529	CKV2_AWS_61	resource	aws_s3_bucket	Ensure that an S3 bucket has a lifecycle configuration	Terraform	S3BucketLifecycle.yaml
1530	CKV2_AWS_62	resource	aws_s3_bucket	Ensure S3 buckets should have event notifications enabled	Terraform	S3BucketEventNotifications.yaml
1531	CKV2_AWS_63	resource	aws_networkfirewall_firewall	Ensure Network firewall has logging configuration defined	Terraform	NetworkFirewallHasLogging.yaml
1532	CKV2_AWS_64	resource	aws_kms_key	Ensure KMS key Policy is defined	Terraform	KmsKeyPolicyIsDefined.yaml
1533	CKV2_AWS_65	resource	aws_s3_bucket_ownership_controls	Ensure access control lists for S3 buckets are disabled	Terraform	AWSdisableS3ACL.yaml
1534	CKV2_AWS_66	resource	aws_mwaa_environment	Ensure MWAA environment is not publicly accessible	Terraform	AWS_private_MWAA_environment.yaml
1535	CKV2_AWS_68	resource	AWS::IAM::Role	Ensure SageMaker notebook instance IAM policy is not overly permissive	Cloudformation	SageMakerIAMPolicyOverlyPermissiveToAllTraffic.yaml
1536	CKV2_AWS_68	resource	AWS::SageMaker::NotebookInstance	Ensure SageMaker notebook instance IAM policy is not overly permissive	Cloudformation	SageMakerIAMPolicyOverlyPermissiveToAllTraffic.yaml
1537	CKV2_AWS_68	resource	aws_iam_role	Ensure SageMaker notebook instance IAM policy is not overly permissive	Terraform	SageMakerIAMPolicyOverlyPermissiveToAllTraffic.yaml
1538	CKV2_AWS_68	resource	aws_sagemaker_notebook_instance	Ensure SageMaker notebook instance IAM policy is not overly permissive	Terraform	SageMakerIAMPolicyOverlyPermissiveToAllTraffic.yaml
1539	CKV2_AWS_69	resource	AWS::RDS::DBInstance	Ensure AWS RDS database instance configured with encryption in transit	Cloudformation	RDSEncryptionInTransit.yaml
1540	CKV2_AWS_69	resource	AWS::RDS::DBParameterGroup	Ensure AWS RDS database instance configured with encryption in transit	Cloudformation	RDSEncryptionInTransit.yaml
1541	CKV2_AWS_69	resource	aws_db_instance	Ensure AWS RDS database instance configured with encryption in transit	Terraform	RDSEncryptionInTransit.yaml
1542	CKV2_AWS_69	resource	aws_db_parameter_group	Ensure AWS RDS database instance configured with encryption in transit	Terraform	RDSEncryptionInTransit.yaml
1543	CKV2_AWS_70	resource	aws_api_gateway_method	Ensure API gateway method has authorization or API key set	Terraform	APIGatewayMethodWOAuth.py
1544	CKV2_AWS_71	resource	AWS::CertificateManager::Certificate	Ensure AWS ACM Certificate domain name does not include wildcards	Cloudformation	ACMWildcardDomainName.yaml
1545	CKV2_AWS_71	resource	aws_acm_certificate	Ensure AWS ACM Certificate domain name does not include wildcards	Terraform	ACMWildcardDomainName.yaml
1546	CKV2_AWS_72	resource	AWS::CloudFront::Distribution	Ensure AWS CloudFront origin protocol policy enforces HTTPS-only	Cloudformation	CloudfrontOriginNotHTTPSOnly.yaml
1547	CKV2_AWS_72	resource	aws_cloudfront_distribution	Ensure AWS CloudFront origin protocol policy enforces HTTPS-only	Terraform	CloudfrontOriginNotHTTPSOnly.yaml
1548	CKV2_AWS_73	resource	aws_sqs_queue	Ensure AWS SQS uses CMK not AWS default keys for encryption	Terraform	SQSEncryptionCMK.yaml
1549	CKV_AZURE_1	resource	Microsoft.Compute/virtualMachines	Ensure Azure Instance does not use basic authentication(Use SSH Key Instead)	arm	AzureInstancePassword.py
1550	CKV_AZURE_1	resource	Microsoft.Compute/virtualMachines	Ensure Azure Instance does not use basic authentication(Use SSH Key Instead)	Bicep	AzureInstancePassword.py
1551	CKV_AZURE_1	resource	azurerm_linux_virtual_machine	Ensure Azure Instance does not use basic authentication(Use SSH Key Instead)	Terraform	AzureInstancePassword.py
1552	CKV_AZURE_1	resource	azurerm_virtual_machine	Ensure Azure Instance does not use basic authentication(Use SSH Key Instead)	Terraform	AzureInstancePassword.py
1553	CKV_AZURE_2	resource	Microsoft.Compute/disks	Ensure Azure managed disk have encryption enabled	arm	AzureManagedDiscEncryption.py
1554	CKV_AZURE_2	resource	Microsoft.Compute/disks	Ensure Azure managed disk have encryption enabled	Bicep	AzureManagedDiscEncryption.py
1555	CKV_AZURE_2	resource	azurerm_managed_disk	Ensure Azure managed disk has encryption enabled	Terraform	AzureManagedDiskEncryption.py
1556	CKV_AZURE_3	resource	Microsoft.Storage/storageAccounts	Ensure that ‘supportsHttpsTrafficOnly’ is set to ‘true’	arm	StorageAccountsTransportEncryption.py
1557	CKV_AZURE_3	resource	Microsoft.Storage/storageAccounts	Ensure that ‘supportsHttpsTrafficOnly’ is set to ‘true’	Bicep	StorageAccountsTransportEncryption.py
1558	CKV_AZURE_3	resource	azurerm_storage_account	Ensure that ‘enable_https_traffic_only’ is enabled	Terraform	StorageAccountsTransportEncryption.py
1559	CKV_AZURE_4	resource	Microsoft.ContainerService/managedClusters	Ensure AKS logging to Azure Monitoring is Configured	arm	AKSLoggingEnabled.py
1560	CKV_AZURE_4	resource	Microsoft.ContainerService/managedClusters	Ensure AKS logging to Azure Monitoring is Configured	Bicep	AKSLoggingEnabled.py
1561	CKV_AZURE_4	resource	azurerm_kubernetes_cluster	Ensure AKS logging to Azure Monitoring is Configured	Terraform	AKSLoggingEnabled.py
1562	CKV_AZURE_5	resource	Microsoft.ContainerService/managedClusters	Ensure RBAC is enabled on AKS clusters	arm	AKSRbacEnabled.py
1563	CKV_AZURE_5	resource	Microsoft.ContainerService/managedClusters	Ensure RBAC is enabled on AKS clusters	Bicep	AKSRbacEnabled.py
1564	CKV_AZURE_5	resource	azurerm_kubernetes_cluster	Ensure RBAC is enabled on AKS clusters	Terraform	AKSRbacEnabled.py
1565	CKV_AZURE_6	resource	Microsoft.ContainerService/managedClusters	Ensure AKS has an API Server Authorized IP Ranges enabled	arm	AKSApiServerAuthorizedIpRanges.py
1566	CKV_AZURE_6	resource	Microsoft.ContainerService/managedClusters	Ensure AKS has an API Server Authorized IP Ranges enabled	Bicep	AKSApiServerAuthorizedIpRanges.py
1567	CKV_AZURE_6	resource	azurerm_kubernetes_cluster	Ensure AKS has an API Server Authorized IP Ranges enabled	Terraform	AKSApiServerAuthorizedIpRanges.py
1568	CKV_AZURE_7	resource	Microsoft.ContainerService/managedClusters	Ensure AKS cluster has Network Policy configured	arm	AKSNetworkPolicy.py
1569	CKV_AZURE_7	resource	Microsoft.ContainerService/managedClusters	Ensure AKS cluster has Network Policy configured	Bicep	AKSNetworkPolicy.py
1570	CKV_AZURE_7	resource	azurerm_kubernetes_cluster	Ensure AKS cluster has Network Policy configured	Terraform	AKSNetworkPolicy.py
1571	CKV_AZURE_8	resource	Microsoft.ContainerService/managedClusters	Ensure Kubernetes Dashboard is disabled	arm	AKSDashboardDisabled.py
1572	CKV_AZURE_8	resource	Microsoft.ContainerService/managedClusters	Ensure Kubernetes Dashboard is disabled	Bicep	AKSDashboardDisabled.py
1573	CKV_AZURE_8	resource	azurerm_kubernetes_cluster	Ensure Kubernetes Dashboard is disabled	Terraform	AKSDashboardDisabled.py
1574	CKV_AZURE_9	resource	Microsoft.Network/networkSecurityGroups	Ensure that RDP access is restricted from the internet	arm	NSGRuleRDPAccessRestricted.py
1575	CKV_AZURE_9	resource	Microsoft.Network/networkSecurityGroups	Ensure that RDP access is restricted from the internet	Bicep	NSGRuleRDPAccessRestricted.py
1576	CKV_AZURE_9	resource	Microsoft.Network/networkSecurityGroups/securityRules	Ensure that RDP access is restricted from the internet	arm	NSGRuleRDPAccessRestricted.py
1577	CKV_AZURE_9	resource	Microsoft.Network/networkSecurityGroups/securityRules	Ensure that RDP access is restricted from the internet	Bicep	NSGRuleRDPAccessRestricted.py
1578	CKV_AZURE_9	resource	azurerm_network_security_group	Ensure that RDP access is restricted from the internet	Terraform	NSGRuleRDPAccessRestricted.py
1579	CKV_AZURE_9	resource	azurerm_network_security_rule	Ensure that RDP access is restricted from the internet	Terraform	NSGRuleRDPAccessRestricted.py
1580	CKV_AZURE_10	resource	Microsoft.Network/networkSecurityGroups	Ensure that SSH access is restricted from the internet	arm	NSGRuleSSHAccessRestricted.py
1581	CKV_AZURE_10	resource	Microsoft.Network/networkSecurityGroups	Ensure that SSH access is restricted from the internet	Bicep	NSGRuleSSHAccessRestricted.py
1582	CKV_AZURE_10	resource	Microsoft.Network/networkSecurityGroups/securityRules	Ensure that SSH access is restricted from the internet	arm	NSGRuleSSHAccessRestricted.py
1583	CKV_AZURE_10	resource	Microsoft.Network/networkSecurityGroups/securityRules	Ensure that SSH access is restricted from the internet	Bicep	NSGRuleSSHAccessRestricted.py
1584	CKV_AZURE_10	resource	azurerm_network_security_group	Ensure that SSH access is restricted from the internet	Terraform	NSGRuleSSHAccessRestricted.py
1585	CKV_AZURE_10	resource	azurerm_network_security_rule	Ensure that SSH access is restricted from the internet	Terraform	NSGRuleSSHAccessRestricted.py
1586	CKV_AZURE_11	resource	Microsoft.Sql/servers	Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)	arm	SQLServerNoPublicAccess.py
1587	CKV_AZURE_11	resource	Microsoft.Sql/servers	Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)	Bicep	SQLServerNoPublicAccess.py
1588	CKV_AZURE_11	resource	azurerm_mariadb_firewall_rule	Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)	Terraform	SQLServerNoPublicAccess.py
1589	CKV_AZURE_11	resource	azurerm_mysql_firewall_rule	Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)	Terraform	SQLServerNoPublicAccess.py
1590	CKV_AZURE_11	resource	azurerm_postgresql_firewall_rule	Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)	Terraform	SQLServerNoPublicAccess.py
1591	CKV_AZURE_11	resource	azurerm_sql_firewall_rule	Ensure no SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)	Terraform	SQLServerNoPublicAccess.py
1592	CKV_AZURE_12	resource	Microsoft.Network/networkWatchers/FlowLogs	Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’	arm	NetworkWatcherFlowLogPeriod.py
1593	CKV_AZURE_12	resource	Microsoft.Network/networkWatchers/FlowLogs	Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’	Bicep	NetworkWatcherFlowLogPeriod.py
1594	CKV_AZURE_12	resource	Microsoft.Network/networkWatchers/FlowLogs/	Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’	arm	NetworkWatcherFlowLogPeriod.py
1595	CKV_AZURE_12	resource	Microsoft.Network/networkWatchers/FlowLogs/	Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’	Bicep	NetworkWatcherFlowLogPeriod.py
1596	CKV_AZURE_12	resource	Microsoft.Network/networkWatchers/flowLogs	Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’	arm	NetworkWatcherFlowLogPeriod.py
1597	CKV_AZURE_12	resource	Microsoft.Network/networkWatchers/flowLogs	Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’	Bicep	NetworkWatcherFlowLogPeriod.py
1598	CKV_AZURE_12	resource	Microsoft.Network/networkWatchers/flowLogs/	Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’	arm	NetworkWatcherFlowLogPeriod.py
1599	CKV_AZURE_12	resource	Microsoft.Network/networkWatchers/flowLogs/	Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’	Bicep	NetworkWatcherFlowLogPeriod.py
1600	CKV_AZURE_12	resource	azurerm_network_watcher_flow_log	Ensure that Network Security Group Flow Log retention period is ‘greater than 90 days’	Terraform	NetworkWatcherFlowLogPeriod.py
1601	CKV_AZURE_13	resource	Microsoft.Web/sites/config	Ensure App Service Authentication is set on Azure App Service	arm	AppServiceAuthentication.py
1602	CKV_AZURE_13	resource	Microsoft.Web/sites/config	Ensure App Service Authentication is set on Azure App Service	Bicep	AppServiceAuthentication.py
1603	CKV_AZURE_13	resource	azurerm_app_service	Ensure App Service Authentication is set on Azure App Service	Terraform	AppServiceAuthentication.py
1604	CKV_AZURE_13	resource	azurerm_linux_web_app	Ensure App Service Authentication is set on Azure App Service	Terraform	AppServiceAuthentication.py
1605	CKV_AZURE_13	resource	azurerm_windows_web_app	Ensure App Service Authentication is set on Azure App Service	Terraform	AppServiceAuthentication.py
1606	CKV_AZURE_13	resource	config	Ensure App Service Authentication is set on Azure App Service	arm	AppServiceAuthentication.py
1607	CKV_AZURE_13	resource	config	Ensure App Service Authentication is set on Azure App Service	Bicep	AppServiceAuthentication.py
1608	CKV_AZURE_14	resource	Microsoft.Web/sites	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service	arm	AppServiceHTTPSOnly.py
1609	CKV_AZURE_14	resource	Microsoft.Web/sites	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service	Bicep	AppServiceHTTPSOnly.py
1610	CKV_AZURE_14	resource	azurerm_app_service	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service	Terraform	AppServiceHTTPSOnly.py
1611	CKV_AZURE_14	resource	azurerm_linux_web_app	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service	Terraform	AppServiceHTTPSOnly.py
1612	CKV_AZURE_14	resource	azurerm_windows_web_app	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service	Terraform	AppServiceHTTPSOnly.py
1613	CKV_AZURE_15	resource	Microsoft.Web/sites	Ensure web app is using the latest version of TLS encryption	arm	AppServiceMinTLSVersion.py
1614	CKV_AZURE_15	resource	Microsoft.Web/sites	Ensure web app is using the latest version of TLS encryption	Bicep	AppServiceMinTLSVersion.py
1615	CKV_AZURE_15	resource	azurerm_app_service	Ensure web app is using the latest version of TLS encryption	Terraform	AppServiceMinTLSVersion.py
1616	CKV_AZURE_15	resource	azurerm_linux_web_app	Ensure web app is using the latest version of TLS encryption	Terraform	AppServiceMinTLSVersion.py
1617	CKV_AZURE_15	resource	azurerm_windows_web_app	Ensure web app is using the latest version of TLS encryption	Terraform	AppServiceMinTLSVersion.py
1618	CKV_AZURE_16	resource	Microsoft.Web/sites	Ensure that Register with Azure Active Directory is enabled on App Service	arm	AppServiceIdentity.py
1619	CKV_AZURE_16	resource	Microsoft.Web/sites	Ensure that Register with Azure Active Directory is enabled on App Service	Bicep	AppServiceIdentity.py
1620	CKV_AZURE_16	resource	azurerm_app_service	Ensure that Register with Azure Active Directory is enabled on App Service	Terraform	AppServiceIdentity.py
1621	CKV_AZURE_16	resource	azurerm_linux_web_app	Ensure that Register with Azure Active Directory is enabled on App Service	Terraform	AppServiceIdentity.py
1622	CKV_AZURE_16	resource	azurerm_windows_web_app	Ensure that Register with Azure Active Directory is enabled on App Service	Terraform	AppServiceIdentity.py
1623	CKV_AZURE_17	resource	Microsoft.Web/sites	Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set	arm	AppServiceClientCertificate.py
1624	CKV_AZURE_17	resource	Microsoft.Web/sites	Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set	Bicep	AppServiceClientCertificate.py
1625	CKV_AZURE_17	resource	azurerm_app_service	Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set	Terraform	AppServiceClientCertificate.py
1626	CKV_AZURE_17	resource	azurerm_linux_web_app	Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set	Terraform	AppServiceClientCertificate.py
1627	CKV_AZURE_17	resource	azurerm_windows_web_app	Ensure the web app has ‘Client Certificates (Incoming client certificates)’ set	Terraform	AppServiceClientCertificate.py
1628	CKV_AZURE_18	resource	Microsoft.Web/sites	Ensure that ‘HTTP Version’ is the latest if used to run the web app	arm	AppServiceHttps20Enabled.py
1629	CKV_AZURE_18	resource	Microsoft.Web/sites	Ensure that ‘HTTP Version’ is the latest if used to run the web app	Bicep	AppServiceHttps20Enabled.py
1630	CKV_AZURE_18	resource	azurerm_app_service	Ensure that ‘HTTP Version’ is the latest if used to run the web app	Terraform	AppServiceHttps20Enabled.py
1631	CKV_AZURE_18	resource	azurerm_linux_web_app	Ensure that ‘HTTP Version’ is the latest if used to run the web app	Terraform	AppServiceHttps20Enabled.py
1632	CKV_AZURE_18	resource	azurerm_windows_web_app	Ensure that ‘HTTP Version’ is the latest if used to run the web app	Terraform	AppServiceHttps20Enabled.py
1633	CKV_AZURE_19	resource	Microsoft.Security/pricings	Ensure that standard pricing tier is selected	arm	SecurityCenterStandardPricing.py
1634	CKV_AZURE_19	resource	Microsoft.Security/pricings	Ensure that standard pricing tier is selected	Bicep	SecurityCenterStandardPricing.py
1635	CKV_AZURE_19	resource	azurerm_security_center_subscription_pricing	Ensure that standard pricing tier is selected	Terraform	SecurityCenterStandardPricing.py
1636	CKV_AZURE_20	resource	Microsoft.Security/securityContacts	Ensure that security contact ‘Phone number’ is set	arm	SecurityCenterContactPhone.py
1637	CKV_AZURE_20	resource	Microsoft.Security/securityContacts	Ensure that security contact ‘Phone number’ is set	Bicep	SecurityCenterContactPhone.py
1638	CKV_AZURE_20	resource	azurerm_security_center_contact	Ensure that security contact ‘Phone number’ is set	Terraform	SecurityCenterContactPhone.py
1639	CKV_AZURE_21	resource	Microsoft.Security/securityContacts	Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’	arm	SecurityCenterContactEmailAlert.py
1640	CKV_AZURE_21	resource	Microsoft.Security/securityContacts	Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’	Bicep	SecurityCenterContactEmailAlert.py
1641	CKV_AZURE_21	resource	azurerm_security_center_contact	Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’	Terraform	SecurityCenterContactEmailAlert.py
1642	CKV_AZURE_22	resource	Microsoft.Security/securityContacts	Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’	arm	SecurityCenterContactEmailAlertAdmins.py
1643	CKV_AZURE_22	resource	Microsoft.Security/securityContacts	Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’	Bicep	SecurityCenterContactEmailAlertAdmins.py
1644	CKV_AZURE_22	resource	azurerm_security_center_contact	Ensure that ‘Send email notification for high severity alerts’ is set to ‘On’	Terraform	SecurityCenterContactEmailAlertAdmins.py
1645	CKV_AZURE_23	resource	Microsoft.Sql/servers	Ensure that ‘Auditing’ is set to ‘Enabled’ for SQL servers	arm	SQLServerAuditingEnabled.py
1646	CKV_AZURE_23	resource	Microsoft.Sql/servers	Ensure that ‘Auditing’ is set to ‘On’ for SQL servers	Bicep	SQLServerAuditingEnabled.yaml
1647	CKV_AZURE_23	resource	Microsoft.Sql/servers/auditingSettings	Ensure that ‘Auditing’ is set to ‘On’ for SQL servers	Bicep	SQLServerAuditingEnabled.yaml
1648	CKV_AZURE_23	resource	Microsoft.Sql/servers/databases	Ensure that ‘Auditing’ is set to ‘Enabled’ for SQL servers	arm	SQLServerAuditingEnabled.py
1649	CKV_AZURE_23	resource	Microsoft.Sql/servers/databases	Ensure that ‘Auditing’ is set to ‘On’ for SQL servers	Bicep	SQLServerAuditingEnabled.yaml
1650	CKV_AZURE_23	resource	Microsoft.Sql/servers/databases/auditingSettings	Ensure that ‘Auditing’ is set to ‘On’ for SQL servers	Bicep	SQLServerAuditingEnabled.yaml
1651	CKV_AZURE_23	resource	azurerm_mssql_server	Ensure that ‘Auditing’ is set to ‘On’ for SQL servers	Terraform	SQLServerAuditingEnabled.yaml
1652	CKV_AZURE_23	resource	azurerm_mssql_server_extended_auditing_policy	Ensure that ‘Auditing’ is set to ‘On’ for SQL servers	Terraform	SQLServerAuditingEnabled.yaml
1653	CKV_AZURE_23	resource	azurerm_sql_server	Ensure that ‘Auditing’ is set to ‘On’ for SQL servers	Terraform	SQLServerAuditingEnabled.yaml
1654	CKV_AZURE_24	resource	Microsoft.Sql/servers	Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers	arm	SQLServerAuditingRetention90Days.py
1655	CKV_AZURE_24	resource	Microsoft.Sql/servers	Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers	Bicep	SQLServerAuditingRetention90Days.yaml
1656	CKV_AZURE_24	resource	Microsoft.Sql/servers/auditingSettings	Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers	Bicep	SQLServerAuditingRetention90Days.yaml
1657	CKV_AZURE_24	resource	azurerm_mssql_server	Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers	Terraform	SQLServerAuditingRetention90Days.yaml
1658	CKV_AZURE_24	resource	azurerm_mssql_server_extended_auditing_policy	Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers	Terraform	SQLServerAuditingRetention90Days.yaml
1659	CKV_AZURE_24	resource	azurerm_sql_server	Ensure that ‘Auditing’ Retention is ‘greater than 90 days’ for SQL servers	Terraform	SQLServerAuditingRetention90Days.yaml
1660	CKV_AZURE_25	resource	Microsoft.Sql/servers/databases	Ensure that ‘Threat Detection types’ is set to ‘All’	arm	SQLServerThreatDetectionTypes.py
1661	CKV_AZURE_25	resource	Microsoft.Sql/servers/databases	Ensure that ‘Threat Detection types’ is set to ‘All’	Bicep	SQLServerThreatDetectionTypes.py
1662	CKV_AZURE_25	resource	azurerm_mssql_server_security_alert_policy	Ensure that ‘Threat Detection types’ is set to ‘All’	Terraform	SQLServerThreatDetectionTypes.py
1663	CKV_AZURE_26	resource	Microsoft.Sql/servers/databases	Ensure that ‘Send Alerts To’ is enabled for MSSQL servers	arm	SQLServerEmailAlertsEnabled.py
1664	CKV_AZURE_26	resource	Microsoft.Sql/servers/databases	Ensure that ‘Send Alerts To’ is enabled for MSSQL servers	Bicep	SQLServerEmailAlertsEnabled.py
1665	CKV_AZURE_26	resource	azurerm_mssql_server_security_alert_policy	Ensure that ‘Send Alerts To’ is enabled for MSSQL servers	Terraform	SQLServerEmailAlertsEnabled.py
1666	CKV_AZURE_27	resource	Microsoft.Sql/servers/databases	Ensure that ‘Email service and co-administrators’ is ‘Enabled’ for MSSQL servers	arm	SQLServerEmailAlertsToAdminsEnabled.py
1667	CKV_AZURE_27	resource	Microsoft.Sql/servers/databases	Ensure that ‘Email service and co-administrators’ is ‘Enabled’ for MSSQL servers	Bicep	SQLServerEmailAlertsToAdminsEnabled.py
1668	CKV_AZURE_27	resource	azurerm_mssql_server_security_alert_policy	Ensure that ‘Email service and co-administrators’ is ‘Enabled’ for MSSQL servers	Terraform	SQLServerEmailAlertsToAdminsEnabled.py
1669	CKV_AZURE_28	resource	Microsoft.DBforMySQL/servers	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MySQL Database Server	arm	MySQLServerSSLEnforcementEnabled.py
1670	CKV_AZURE_28	resource	Microsoft.DBforMySQL/servers	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MySQL Database Server	Bicep	MySQLServerSSLEnforcementEnabled.py
1671	CKV_AZURE_28	resource	azurerm_mysql_server	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MySQL Database Server	Terraform	MySQLServerSSLEnforcementEnabled.py
1672	CKV_AZURE_29	resource	Microsoft.DBforPostgreSQL/servers	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for PostgreSQL Database Server	arm	PostgreSQLServerSSLEnforcementEnabled.py
1673	CKV_AZURE_29	resource	Microsoft.DBforPostgreSQL/servers	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for PostgreSQL Database Server	Bicep	PostgreSQLServerSSLEnforcementEnabled.py
1674	CKV_AZURE_29	resource	azurerm_postgresql_server	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for PostgreSQL Database Server	Terraform	PostgreSQLServerSSLEnforcementEnabled.py
1675	CKV_AZURE_30	resource	Microsoft.DBforPostgreSQL/servers/configurations	Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server	arm	PostgreSQLServerLogCheckpointsEnabled.py
1676	CKV_AZURE_30	resource	Microsoft.DBforPostgreSQL/servers/configurations	Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server	Bicep	PostgreSQLServerLogCheckpointsEnabled.py
1677	CKV_AZURE_30	resource	azurerm_postgresql_configuration	Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server	Terraform	PostgreSQLServerLogCheckpointsEnabled.py
1678	CKV_AZURE_30	resource	configurations	Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server	arm	PostgreSQLServerLogCheckpointsEnabled.py
1679	CKV_AZURE_30	resource	configurations	Ensure server parameter ‘log_checkpoints’ is set to ‘ON’ for PostgreSQL Database Server	Bicep	PostgreSQLServerLogCheckpointsEnabled.py
1680	CKV_AZURE_31	resource	Microsoft.DBforPostgreSQL/servers/configurations	Ensure configuration ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server	arm	PostgreSQLServerLogConnectionsEnabled.py
1681	CKV_AZURE_31	resource	Microsoft.DBforPostgreSQL/servers/configurations	Ensure configuration ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server	Bicep	PostgreSQLServerLogConnectionsEnabled.py
1682	CKV_AZURE_31	resource	azurerm_postgresql_configuration	Ensure server parameter ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server	Terraform	PostgreSQLServerLogConnectionsEnabled.py
1683	CKV_AZURE_31	resource	configurations	Ensure configuration ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server	arm	PostgreSQLServerLogConnectionsEnabled.py
1684	CKV_AZURE_31	resource	configurations	Ensure configuration ‘log_connections’ is set to ‘ON’ for PostgreSQL Database Server	Bicep	PostgreSQLServerLogConnectionsEnabled.py
1685	CKV_AZURE_32	resource	Microsoft.DBforPostgreSQL/servers/configurations	Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server	arm	PostgreSQLServerConnectionThrottlingEnabled.py
1686	CKV_AZURE_32	resource	Microsoft.DBforPostgreSQL/servers/configurations	Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server	Bicep	PostgreSQLServerConnectionThrottlingEnabled.py
1687	CKV_AZURE_32	resource	azurerm_postgresql_configuration	Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server	Terraform	PostgreSQLServerConnectionThrottlingEnabled.py
1688	CKV_AZURE_32	resource	configurations	Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server	arm	PostgreSQLServerConnectionThrottlingEnabled.py
1689	CKV_AZURE_32	resource	configurations	Ensure server parameter ‘connection_throttling’ is set to ‘ON’ for PostgreSQL Database Server	Bicep	PostgreSQLServerConnectionThrottlingEnabled.py
1690	CKV_AZURE_33	resource	Microsoft.Storage/storageAccounts/queueServices/providers/diagnosticsettings	Ensure Storage logging is enabled for Queue service for read, write and delete requests	arm	StorageAccountLoggingQueueServiceEnabled.py
1691	CKV_AZURE_33	resource	Microsoft.Storage/storageAccounts/queueServices/providers/diagnosticsettings	Ensure Storage logging is enabled for Queue service for read, write and delete requests	Bicep	StorageAccountLoggingQueueServiceEnabled.py
1692	CKV_AZURE_33	resource	azurerm_storage_account	Ensure Storage logging is enabled for Queue service for read, write and delete requests	Terraform	StorageAccountLoggingQueueServiceEnabled.py
1693	CKV_AZURE_34	resource	Microsoft.Storage/storageAccounts/blobServices/containers	Ensure that ‘Public access level’ is set to Private for blob containers	arm	StorageBlobServiceContainerPrivateAccess.py
1694	CKV_AZURE_34	resource	Microsoft.Storage/storageAccounts/blobServices/containers	Ensure that ‘Public access level’ is set to Private for blob containers	Bicep	StorageBlobServiceContainerPrivateAccess.py
1695	CKV_AZURE_34	resource	azurerm_storage_container	Ensure that ‘Public access level’ is set to Private for blob containers	Terraform	StorageBlobServiceContainerPrivateAccess.py
1696	CKV_AZURE_34	resource	blobServices/containers	Ensure that ‘Public access level’ is set to Private for blob containers	arm	StorageBlobServiceContainerPrivateAccess.py
1697	CKV_AZURE_34	resource	blobServices/containers	Ensure that ‘Public access level’ is set to Private for blob containers	Bicep	StorageBlobServiceContainerPrivateAccess.py
1698	CKV_AZURE_34	resource	containers	Ensure that ‘Public access level’ is set to Private for blob containers	arm	StorageBlobServiceContainerPrivateAccess.py
1699	CKV_AZURE_34	resource	containers	Ensure that ‘Public access level’ is set to Private for blob containers	Bicep	StorageBlobServiceContainerPrivateAccess.py
1700	CKV_AZURE_35	resource	Microsoft.Storage/storageAccounts	Ensure default network access rule for Storage Accounts is set to deny	arm	StorageAccountDefaultNetworkAccessDeny.py
1701	CKV_AZURE_35	resource	Microsoft.Storage/storageAccounts	Ensure default network access rule for Storage Accounts is set to deny	Bicep	StorageAccountDefaultNetworkAccessDeny.py
1702	CKV_AZURE_35	resource	azurerm_storage_account	Ensure default network access rule for Storage Accounts is set to deny	Terraform	StorageAccountDefaultNetworkAccessDeny.py
1703	CKV_AZURE_35	resource	azurerm_storage_account_network_rules	Ensure default network access rule for Storage Accounts is set to deny	Terraform	StorageAccountDefaultNetworkAccessDeny.py
1704	CKV_AZURE_36	resource	Microsoft.Storage/storageAccounts	Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access	arm	StorageAccountAzureServicesAccessEnabled.py
1705	CKV_AZURE_36	resource	Microsoft.Storage/storageAccounts	Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access	Bicep	StorageAccountAzureServicesAccessEnabled.py
1706	CKV_AZURE_36	resource	azurerm_storage_account	Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access	Terraform	StorageAccountAzureServicesAccessEnabled.py
1707	CKV_AZURE_36	resource	azurerm_storage_account_network_rules	Ensure ‘Trusted Microsoft Services’ is enabled for Storage Account access	Terraform	StorageAccountAzureServicesAccessEnabled.py
1708	CKV_AZURE_37	resource	Microsoft.Insights/logprofiles	Ensure that Activity Log Retention is set 365 days or greater	arm	MonitorLogProfileRetentionDays.py
1709	CKV_AZURE_37	resource	Microsoft.Insights/logprofiles	Ensure that Activity Log Retention is set 365 days or greater	Bicep	MonitorLogProfileRetentionDays.py
1710	CKV_AZURE_37	resource	azurerm_monitor_log_profile	Ensure that Activity Log Retention is set 365 days or greater	Terraform	MonitorLogProfileRetentionDays.py
1711	CKV_AZURE_38	resource	Microsoft.Insights/logprofiles	Ensure audit profile captures all the activities	arm	MonitorLogProfileCategories.py
1712	CKV_AZURE_38	resource	Microsoft.Insights/logprofiles	Ensure audit profile captures all the activities	Bicep	MonitorLogProfileCategories.py
1713	CKV_AZURE_38	resource	azurerm_monitor_log_profile	Ensure audit profile captures all the activities	Terraform	MonitorLogProfileCategories.py
1714	CKV_AZURE_39	resource	Microsoft.Authorization/roleDefinitions	Ensure that no custom subscription owner roles are created	arm	CustomRoleDefinitionSubscriptionOwner.py
1715	CKV_AZURE_39	resource	Microsoft.Authorization/roleDefinitions	Ensure that no custom subscription owner roles are created	Bicep	CustomRoleDefinitionSubscriptionOwner.py
1716	CKV_AZURE_39	resource	azurerm_role_definition	Ensure that no custom subscription owner roles are created	Terraform	CutsomRoleDefinitionSubscriptionOwner.py
1717	CKV_AZURE_40	resource	Microsoft.KeyVault/vaults/keys	Ensure that the expiration date is set on all keys	arm	KeyExpirationDate.py
1718	CKV_AZURE_40	resource	Microsoft.KeyVault/vaults/keys	Ensure that the expiration date is set on all keys	Bicep	KeyExpirationDate.py
1719	CKV_AZURE_40	resource	azurerm_key_vault_key	Ensure that the expiration date is set on all keys	Terraform	KeyExpirationDate.py
1720	CKV_AZURE_41	resource	Microsoft.KeyVault/vaults/secrets	Ensure that the expiration date is set on all secrets	arm	SecretExpirationDate.py
1721	CKV_AZURE_41	resource	Microsoft.KeyVault/vaults/secrets	Ensure that the expiration date is set on all secrets	Bicep	SecretExpirationDate.py
1722	CKV_AZURE_41	resource	azurerm_key_vault_secret	Ensure that the expiration date is set on all secrets	Terraform	SecretExpirationDate.py
1723	CKV_AZURE_42	resource	Microsoft.KeyVault/vaults	Ensure the key vault is recoverable	arm	KeyvaultRecoveryEnabled.py
1724	CKV_AZURE_42	resource	Microsoft.KeyVault/vaults	Ensure the key vault is recoverable	Bicep	KeyvaultRecoveryEnabled.py
1725	CKV_AZURE_42	resource	azurerm_key_vault	Ensure the key vault is recoverable	Terraform	KeyvaultRecoveryEnabled.py
1726	CKV_AZURE_43	resource	Microsoft.Storage/storageAccounts	Ensure Storage Accounts adhere to the naming rules	arm	StorageAccountName.py
1727	CKV_AZURE_43	resource	Microsoft.Storage/storageAccounts	Ensure Storage Accounts adhere to the naming rules	Bicep	StorageAccountName.py
1728	CKV_AZURE_43	resource	azurerm_storage_account	Ensure Storage Accounts adhere to the naming rules	Terraform	StorageAccountName.py
1729	CKV_AZURE_44	resource	Microsoft.Storage/storageAccounts	Ensure Storage Account is using the latest version of TLS encryption	arm	StorageAccountMinimumTlsVersion.py
1730	CKV_AZURE_44	resource	Microsoft.Storage/storageAccounts	Ensure Storage Account is using the latest version of TLS encryption	Bicep	StorageAccountMinimumTlsVersion.py
1731	CKV_AZURE_44	resource	azurerm_storage_account	Ensure Storage Account is using the latest version of TLS encryption	Terraform	StorageAccountMinimumTlsVersion.py
1732	CKV_AZURE_45	resource	Microsoft.Compute/virtualMachines	Ensure that no sensitive credentials are exposed in VM custom_data	arm	VMCredsInCustomData.py
1733	CKV_AZURE_45	resource	Microsoft.Compute/virtualMachines	Ensure that no sensitive credentials are exposed in VM custom_data	Bicep	VMCredsInCustomData.py
1734	CKV_AZURE_45	resource	azurerm_virtual_machine	Ensure that no sensitive credentials are exposed in VM custom_data	Terraform	VMCredsInCustomData.py
1735	CKV_AZURE_47	resource	Microsoft.DBforMariaDB/servers	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MariaDB servers	arm	MariaDBSSLEnforcementEnabled.py
1736	CKV_AZURE_47	resource	Microsoft.DBforMariaDB/servers	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MariaDB servers	Bicep	MariaDBSSLEnforcementEnabled.py
1737	CKV_AZURE_47	resource	azurerm_mariadb_server	Ensure ‘Enforce SSL connection’ is set to ‘ENABLED’ for MariaDB servers	Terraform	MariaDBSSLEnforcementEnabled.py
1738	CKV_AZURE_48	resource	Microsoft.DBforMariaDB/servers	Ensure ‘public network access enabled’ is set to ‘False’ for MariaDB servers	arm	MariaDBPublicAccessDisabled.py
1739	CKV_AZURE_48	resource	Microsoft.DBforMariaDB/servers	Ensure ‘public network access enabled’ is set to ‘False’ for MariaDB servers	Bicep	MariaDBPublicAccessDisabled.py
1740	CKV_AZURE_48	resource	azurerm_mariadb_server	Ensure ‘public network access enabled’ is set to ‘False’ for MariaDB servers	Terraform	MariaDBPublicAccessDisabled.py
1741	CKV_AZURE_49	resource	Microsoft.Compute/virtualMachineScaleSets	Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead)	arm	AzureScaleSetPassword.py
1742	CKV_AZURE_49	resource	Microsoft.Compute/virtualMachineScaleSets	Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead)	Bicep	AzureScaleSetPassword.py
1743	CKV_AZURE_49	resource	azurerm_linux_virtual_machine_scale_set	Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead)	Terraform	AzureScaleSetPassword.py
1744	CKV_AZURE_50	resource	Microsoft.Compute/virtualMachines	Ensure Virtual Machine Extensions are not Installed	arm	AzureInstanceExtensions.py
1745	CKV_AZURE_50	resource	Microsoft.Compute/virtualMachines	Ensure Virtual Machine Extensions are not Installed	Bicep	AzureInstanceExtensions.py
1746	CKV_AZURE_50	resource	azurerm_linux_virtual_machine	Ensure Virtual Machine Extensions are not Installed	Terraform	AzureInstanceExtensions.py
1747	CKV_AZURE_50	resource	azurerm_windows_virtual_machine	Ensure Virtual Machine Extensions are not Installed	Terraform	AzureInstanceExtensions.py
1748	CKV_AZURE_52	resource	Microsoft.Sql/servers	Ensure MSSQL is using the latest version of TLS encryption	arm	MSSQLServerMinTLSVersion.py
1749	CKV_AZURE_52	resource	Microsoft.Sql/servers	Ensure MSSQL is using the latest version of TLS encryption	Bicep	MSSQLServerMinTLSVersion.py
1750	CKV_AZURE_52	resource	azurerm_mssql_server	Ensure MSSQL is using the latest version of TLS encryption	Terraform	MSSQLServerMinTLSVersion.py
1751	CKV_AZURE_53	resource	Microsoft.DBforMySQL/servers	Ensure ‘public network access enabled’ is set to ‘False’ for mySQL servers	arm	MySQLPublicAccessDisabled.py
1752	CKV_AZURE_53	resource	Microsoft.DBforMySQL/servers	Ensure ‘public network access enabled’ is set to ‘False’ for mySQL servers	Bicep	MySQLPublicAccessDisabled.py
1753	CKV_AZURE_53	resource	azurerm_mysql_server	Ensure ‘public network access enabled’ is set to ‘False’ for mySQL servers	Terraform	MySQLPublicAccessDisabled.py
1754	CKV_AZURE_54	resource	Microsoft.DBforMySQL/servers	Ensure MySQL is using the latest version of TLS encryption	arm	MySQLServerMinTLSVersion.py
1755	CKV_AZURE_54	resource	Microsoft.DBforMySQL/servers	Ensure MySQL is using the latest version of TLS encryption	Bicep	MySQLServerMinTLSVersion.py
1756	CKV_AZURE_54	resource	azurerm_mysql_server	Ensure MySQL is using the latest version of TLS encryption	Terraform	MySQLServerMinTLSVersion.py
1757	CKV_AZURE_55	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Servers	Terraform	AzureDefenderOnServers.py
1758	CKV_AZURE_56	resource	Microsoft.Web/sites/config	Ensure that function apps enables Authentication	arm	FunctionAppsEnableAuthentication.py
1759	CKV_AZURE_56	resource	Microsoft.Web/sites/config	Ensure that function apps enables Authentication	Bicep	FunctionAppsEnableAuthentication.py
1760	CKV_AZURE_56	resource	azurerm_function_app	Ensure that function apps enables Authentication	Terraform	FunctionAppsEnableAuthentication.py
1761	CKV_AZURE_57	resource	Microsoft.Web/sites	Ensure that CORS disallows every resource to access app services	arm	AppServiceDisallowCORS.py
1762	CKV_AZURE_57	resource	Microsoft.Web/sites	Ensure that CORS disallows every resource to access app services	Bicep	AppServiceDisallowCORS.py
1763	CKV_AZURE_57	resource	azurerm_app_service	Ensure that CORS disallows every resource to access app services	Terraform	AppServiceDisallowCORS.py
1764	CKV_AZURE_57	resource	azurerm_linux_web_app	Ensure that CORS disallows every resource to access app services	Terraform	AppServiceDisallowCORS.py
1765	CKV_AZURE_57	resource	azurerm_windows_web_app	Ensure that CORS disallows every resource to access app services	Terraform	AppServiceDisallowCORS.py
1766	CKV_AZURE_58	resource	Microsoft.Synapse/workspaces	Ensure that Azure Synapse workspaces enables managed virtual networks	arm	SynapseWorkspaceEnablesManagedVirtualNetworks.py
1767	CKV_AZURE_58	resource	Microsoft.Synapse/workspaces	Ensure that Azure Synapse workspaces enables managed virtual networks	Bicep	SynapseWorkspaceEnablesManagedVirtualNetworks.py
1768	CKV_AZURE_58	resource	azurerm_synapse_workspace	Ensure that Azure Synapse workspaces enables managed virtual networks	Terraform	SynapseWorkspaceEnablesManagedVirtualNetworks.py
1769	CKV_AZURE_59	resource	Microsoft.Storage/storageAccounts	Ensure that Storage accounts disallow public access	arm	StorageAccountDisablePublicAccess.py
1770	CKV_AZURE_59	resource	Microsoft.Storage/storageAccounts	Ensure that Storage accounts disallow public access	Bicep	StorageAccountDisablePublicAccess.py
1771	CKV_AZURE_59	resource	azurerm_storage_account	Ensure that Storage accounts disallow public access	Terraform	StorageAccountDisablePublicAccess.py
1772	CKV_AZURE_61	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for App Service	Terraform	AzureDefenderOnAppServices.py
1773	CKV_AZURE_62	resource	Microsoft.Web/sites	Ensure function apps are not accessible from all regions	arm	FunctionAppDisallowCORS.py
1774	CKV_AZURE_62	resource	Microsoft.Web/sites	Ensure function apps are not accessible from all regions	Bicep	FunctionAppDisallowCORS.py
1775	CKV_AZURE_62	resource	azurerm_function_app	Ensure function apps are not accessible from all regions	Terraform	FunctionAppDisallowCORS.py
1776	CKV_AZURE_63	resource	Microsoft.Web/sites/config	Ensure that App service enables HTTP logging	arm	AppServiceHttpLoggingEnabled.py
1777	CKV_AZURE_63	resource	Microsoft.Web/sites/config	Ensure that App service enables HTTP logging	Bicep	AppServiceHttpLoggingEnabled.py
1778	CKV_AZURE_63	resource	azurerm_app_service	Ensure that App service enables HTTP logging	Terraform	AppServiceHttpLoggingEnabled.py
1779	CKV_AZURE_63	resource	azurerm_linux_web_app	Ensure that App service enables HTTP logging	Terraform	AppServiceHttpLoggingEnabled.py
1780	CKV_AZURE_63	resource	azurerm_windows_web_app	Ensure that App service enables HTTP logging	Terraform	AppServiceHttpLoggingEnabled.py
1781	CKV_AZURE_64	resource	Microsoft.StorageSync/storageSyncServices	Ensure that Azure File Sync disables public network access	arm	StorageSyncPublicAccessDisabled.py
1782	CKV_AZURE_64	resource	Microsoft.StorageSync/storageSyncServices	Ensure that Azure File Sync disables public network access	Bicep	StorageSyncPublicAccessDisabled.py
1783	CKV_AZURE_64	resource	azurerm_storage_sync	Ensure that Azure File Sync disables public network access	Terraform	StorageSyncPublicAccessDisabled.py
1784	CKV_AZURE_65	resource	Microsoft.Web/sites/config	Ensure that App service enables detailed error messages	arm	AppServiceDetailedErrorMessagesEnabled.py
1785	CKV_AZURE_65	resource	Microsoft.Web/sites/config	Ensure that App service enables detailed error messages	Bicep	AppServiceDetailedErrorMessagesEnabled.py
1786	CKV_AZURE_65	resource	azurerm_app_service	Ensure that App service enables detailed error messages	Terraform	AppServiceDetailedErrorMessagesEnabled.py
1787	CKV_AZURE_65	resource	azurerm_linux_web_app	Ensure that App service enables detailed error messages	Terraform	AppServiceDetailedErrorMessagesEnabled.py
1788	CKV_AZURE_65	resource	azurerm_windows_web_app	Ensure that App service enables detailed error messages	Terraform	AppServiceDetailedErrorMessagesEnabled.py
1789	CKV_AZURE_66	resource	Microsoft.Web/sites/config	Ensure that App service enables failed request tracing	arm	AppServiceEnableFailedRequest.py
1790	CKV_AZURE_66	resource	Microsoft.Web/sites/config	Ensure that App service enables failed request tracing	Bicep	AppServiceEnableFailedRequest.py
1791	CKV_AZURE_66	resource	azurerm_app_service	Ensure that App service enables failed request tracing	Terraform	AppServiceEnableFailedRequest.py
1792	CKV_AZURE_66	resource	azurerm_linux_web_app	Ensure that App service enables failed request tracing	Terraform	AppServiceEnableFailedRequest.py
1793	CKV_AZURE_66	resource	azurerm_windows_web_app	Ensure that App service enables failed request tracing	Terraform	AppServiceEnableFailedRequest.py
1794	CKV_AZURE_67	resource	Microsoft.Web/sites	Ensure that ‘HTTP Version’ is the latest, if used to run the Function app	arm	FunctionAppHttpVersionLatest.py
1795	CKV_AZURE_67	resource	Microsoft.Web/sites	Ensure that ‘HTTP Version’ is the latest, if used to run the Function app	Bicep	FunctionAppHttpVersionLatest.py
1796	CKV_AZURE_67	resource	Microsoft.Web/sites/slots	Ensure that ‘HTTP Version’ is the latest, if used to run the Function app	arm	FunctionAppHttpVersionLatest.py
1797	CKV_AZURE_67	resource	Microsoft.Web/sites/slots	Ensure that ‘HTTP Version’ is the latest, if used to run the Function app	Bicep	FunctionAppHttpVersionLatest.py
1798	CKV_AZURE_67	resource	azurerm_function_app	Ensure that ‘HTTP Version’ is the latest, if used to run the Function app	Terraform	FunctionAppHttpVersionLatest.py
1799	CKV_AZURE_67	resource	azurerm_function_app_slot	Ensure that ‘HTTP Version’ is the latest, if used to run the Function app	Terraform	FunctionAppHttpVersionLatest.py
1800	CKV_AZURE_68	resource	Microsoft.DBforPostgreSQL/servers	Ensure that PostgreSQL server disables public network access	arm	PostgreSQLServerPublicAccessDisabled.py
1801	CKV_AZURE_68	resource	Microsoft.DBforPostgreSQL/servers	Ensure that PostgreSQL server disables public network access	Bicep	PostgreSQLServerPublicAccessDisabled.py
1802	CKV_AZURE_68	resource	azurerm_postgresql_server	Ensure that PostgreSQL server disables public network access	Terraform	PostgreSQLServerPublicAccessDisabled.py
1803	CKV_AZURE_69	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Azure SQL database servers	Terraform	AzureDefenderOnSqlServers.py
1804	CKV_AZURE_70	resource	Microsoft.Web/sites	Ensure that Function apps is only accessible over HTTPS	arm	FunctionAppsAccessibleOverHttps.py
1805	CKV_AZURE_70	resource	Microsoft.Web/sites	Ensure that Function apps is only accessible over HTTPS	Bicep	FunctionAppsAccessibleOverHttps.py
1806	CKV_AZURE_70	resource	Microsoft.Web/sites/config	Ensure that Function apps is only accessible over HTTPS	arm	FunctionAppsAccessibleOverHttps.py
1807	CKV_AZURE_70	resource	Microsoft.Web/sites/config	Ensure that Function apps is only accessible over HTTPS	Bicep	FunctionAppsAccessibleOverHttps.py
1808	CKV_AZURE_70	resource	Microsoft.Web/sites/slots	Ensure that Function apps is only accessible over HTTPS	arm	FunctionAppsAccessibleOverHttps.py
1809	CKV_AZURE_70	resource	Microsoft.Web/sites/slots	Ensure that Function apps is only accessible over HTTPS	Bicep	FunctionAppsAccessibleOverHttps.py
1810	CKV_AZURE_70	resource	azurerm_function_app	Ensure that Function apps is only accessible over HTTPS	Terraform	FunctionAppsAccessibleOverHttps.py
1811	CKV_AZURE_70	resource	azurerm_function_app_slot	Ensure that Function apps is only accessible over HTTPS	Terraform	FunctionAppsAccessibleOverHttps.py
1812	CKV_AZURE_70	resource	azurerm_linux_function_app	Ensure that Function apps is only accessible over HTTPS	Terraform	FunctionAppsAccessibleOverHttps.py
1813	CKV_AZURE_70	resource	azurerm_linux_function_app_slot	Ensure that Function apps is only accessible over HTTPS	Terraform	FunctionAppsAccessibleOverHttps.py
1814	CKV_AZURE_70	resource	azurerm_windows_function_app	Ensure that Function apps is only accessible over HTTPS	Terraform	FunctionAppsAccessibleOverHttps.py
1815	CKV_AZURE_70	resource	azurerm_windows_function_app_slot	Ensure that Function apps is only accessible over HTTPS	Terraform	FunctionAppsAccessibleOverHttps.py
1816	CKV_AZURE_71	resource	Microsoft.Web/sites	Ensure that Managed identity provider is enabled for web apps	arm	AppServiceIdentityProviderEnabled.py
1817	CKV_AZURE_71	resource	Microsoft.Web/sites	Ensure that Managed identity provider is enabled for web apps	Bicep	AppServiceIdentityProviderEnabled.py
1818	CKV_AZURE_71	resource	azurerm_app_service	Ensure that Managed identity provider is enabled for app services	Terraform	AppServiceIdentityProviderEnabled.py
1819	CKV_AZURE_71	resource	azurerm_linux_web_app	Ensure that Managed identity provider is enabled for app services	Terraform	AppServiceIdentityProviderEnabled.py
1820	CKV_AZURE_71	resource	azurerm_windows_web_app	Ensure that Managed identity provider is enabled for app services	Terraform	AppServiceIdentityProviderEnabled.py
1821	CKV_AZURE_72	resource	Microsoft.Web/sites	Ensure that remote debugging is not enabled for app services	arm	AppServiceRemoteDebuggingNotEnabled.py
1822	CKV_AZURE_72	resource	Microsoft.Web/sites	Ensure that remote debugging is not enabled for app services	Bicep	AppServiceRemoteDebuggingNotEnabled.py
1823	CKV_AZURE_72	resource	azurerm_app_service	Ensure that remote debugging is not enabled for app services	Terraform	AppServiceRemoteDebuggingNotEnabled.py
1824	CKV_AZURE_72	resource	azurerm_linux_function_app	Ensure that remote debugging is not enabled for app services	Terraform	AppServiceRemoteDebuggingNotEnabled.py
1825	CKV_AZURE_72	resource	azurerm_linux_function_app_slot	Ensure that remote debugging is not enabled for app services	Terraform	AppServiceRemoteDebuggingNotEnabled.py
1826	CKV_AZURE_72	resource	azurerm_linux_web_app	Ensure that remote debugging is not enabled for app services	Terraform	AppServiceRemoteDebuggingNotEnabled.py
1827	CKV_AZURE_72	resource	azurerm_linux_web_app_slot	Ensure that remote debugging is not enabled for app services	Terraform	AppServiceRemoteDebuggingNotEnabled.py
1828	CKV_AZURE_72	resource	azurerm_windows_function_app	Ensure that remote debugging is not enabled for app services	Terraform	AppServiceRemoteDebuggingNotEnabled.py
1829	CKV_AZURE_72	resource	azurerm_windows_function_app_slot	Ensure that remote debugging is not enabled for app services	Terraform	AppServiceRemoteDebuggingNotEnabled.py
1830	CKV_AZURE_72	resource	azurerm_windows_web_app	Ensure that remote debugging is not enabled for app services	Terraform	AppServiceRemoteDebuggingNotEnabled.py
1831	CKV_AZURE_72	resource	azurerm_windows_web_app_slot	Ensure that remote debugging is not enabled for app services	Terraform	AppServiceRemoteDebuggingNotEnabled.py
1832	CKV_AZURE_73	resource	Microsoft.Automation/automationAccounts/variables	Ensure that Automation account variables are encrypted	arm	AutomationEncrypted.py
1833	CKV_AZURE_73	resource	Microsoft.Automation/automationAccounts/variables	Ensure that Automation account variables are encrypted	Bicep	AutomationEncrypted.py
1834	CKV_AZURE_73	resource	azurerm_automation_variable_bool	Ensure that Automation account variables are encrypted	Terraform	AutomationEncrypted.py
1835	CKV_AZURE_73	resource	azurerm_automation_variable_datetime	Ensure that Automation account variables are encrypted	Terraform	AutomationEncrypted.py
1836	CKV_AZURE_73	resource	azurerm_automation_variable_int	Ensure that Automation account variables are encrypted	Terraform	AutomationEncrypted.py
1837	CKV_AZURE_73	resource	azurerm_automation_variable_string	Ensure that Automation account variables are encrypted	Terraform	AutomationEncrypted.py
1838	CKV_AZURE_74	resource	Microsoft.Kusto/clusters	Ensure that Azure Data Explorer (Kusto) uses disk encryption	arm	DataExplorerUsesDiskEncryption.py
1839	CKV_AZURE_74	resource	Microsoft.Kusto/clusters	Ensure that Azure Data Explorer (Kusto) uses disk encryption	Bicep	DataExplorerUsesDiskEncryption.py
1840	CKV_AZURE_74	resource	azurerm_kusto_cluster	Ensure that Azure Data Explorer (Kusto) uses disk encryption	Terraform	DataExplorerUsesDiskEncryption.py
1841	CKV_AZURE_75	resource	Microsoft.Kusto/clusters	Ensure that Azure Data Explorer uses double encryption	arm	AzureDataExplorerDoubleEncryptionEnabled.py
1842	CKV_AZURE_75	resource	Microsoft.Kusto/clusters	Ensure that Azure Data Explorer uses double encryption	Bicep	AzureDataExplorerDoubleEncryptionEnabled.py
1843	CKV_AZURE_75	resource	azurerm_kusto_cluster	Ensure that Azure Data Explorer uses double encryption	Terraform	AzureDataExplorerDoubleEncryptionEnabled.py
1844	CKV_AZURE_76	resource	Microsoft.Batch/batchAccounts	Ensure that Azure Batch account uses key vault to encrypt data	arm	AzureBatchAccountUsesKeyVaultEncryption.py
1845	CKV_AZURE_76	resource	Microsoft.Batch/batchAccounts	Ensure that Azure Batch account uses key vault to encrypt data	Bicep	AzureBatchAccountUsesKeyVaultEncryption.py
1846	CKV_AZURE_76	resource	azurerm_batch_account	Ensure that Azure Batch account uses key vault to encrypt data	Terraform	AzureBatchAccountUsesKeyVaultEncryption.py
1847	CKV_AZURE_77	resource	azurerm_network_security_group	Ensure that UDP Services are restricted from the Internet	Terraform	NSGRuleUDPAccessRestricted.py
1848	CKV_AZURE_77	resource	azurerm_network_security_rule	Ensure that UDP Services are restricted from the Internet	Terraform	NSGRuleUDPAccessRestricted.py
1849	CKV_AZURE_78	resource	Microsoft.Web/sites	Ensure FTP deployments are disabled	arm	AppServiceFTPSState.py
1850	CKV_AZURE_78	resource	Microsoft.Web/sites	Ensure FTP deployments are disabled	Bicep	AppServiceFTPSState.py
1851	CKV_AZURE_78	resource	azurerm_app_service	Ensure FTP deployments are disabled	Terraform	AppServiceFTPSState.py
1852	CKV_AZURE_78	resource	azurerm_linux_web_app	Ensure FTP deployments are disabled	Terraform	AppServiceFTPSState.py
1853	CKV_AZURE_78	resource	azurerm_windows_web_app	Ensure FTP deployments are disabled	Terraform	AppServiceFTPSState.py
1854	CKV_AZURE_79	resource	Microsoft.Security/pricings	Ensure that Azure Defender is set to On for SQL servers on machines	arm	AzureDefenderOnSqlServersVMS.py
1855	CKV_AZURE_79	resource	Microsoft.Security/pricings	Ensure that Azure Defender is set to On for SQL servers on machines	Bicep	AzureDefenderOnSqlServersVMS.py
1856	CKV_AZURE_79	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for SQL servers on machines	Terraform	AzureDefenderOnSqlServerVMS.py
1857	CKV_AZURE_80	resource	Microsoft.Web/sites/config	Ensure that ‘Net Framework’ version is the latest, if used as a part of the web app	arm	AppServiceDotnetFrameworkVersion.py
1858	CKV_AZURE_80	resource	Microsoft.Web/sites/config	Ensure that ‘Net Framework’ version is the latest, if used as a part of the web app	Bicep	AppServiceDotnetFrameworkVersion.py
1859	CKV_AZURE_80	resource	azurerm_app_service	Ensure that ‘Net Framework’ version is the latest, if used as a part of the web app	Terraform	AppServiceDotnetFrameworkVersion.py
1860	CKV_AZURE_80	resource	azurerm_windows_web_app	Ensure that ‘Net Framework’ version is the latest, if used as a part of the web app	Terraform	AppServiceDotnetFrameworkVersion.py
1861	CKV_AZURE_81	resource	Microsoft.Web/sites	Ensure that ‘PHP version’ is the latest, if used to run the web app	arm	AppServicePHPVersion.py
1862	CKV_AZURE_81	resource	Microsoft.Web/sites	Ensure that ‘PHP version’ is the latest, if used to run the web app	Bicep	AppServicePHPVersion.py
1863	CKV_AZURE_81	resource	azurerm_app_service	Ensure that ‘PHP version’ is the latest, if used to run the web app	Terraform	AppServicePHPVersion.py
1864	CKV_AZURE_82	resource	Microsoft.Web/sites	Ensure that ‘Python version’ is the latest, if used to run the web app	arm	AppServicePythonVersion.py
1865	CKV_AZURE_82	resource	Microsoft.Web/sites	Ensure that ‘Python version’ is the latest, if used to run the web app	Bicep	AppServicePythonVersion.py
1866	CKV_AZURE_82	resource	azurerm_app_service	Ensure that ‘Python version’ is the latest, if used to run the web app	Terraform	AppServicePythonVersion.py
1867	CKV_AZURE_83	resource	Microsoft.Web/sites	Ensure that ‘Java version’ is the latest, if used to run the web app	arm	AppServiceJavaVersion.py
1868	CKV_AZURE_83	resource	Microsoft.Web/sites	Ensure that ‘Java version’ is the latest, if used to run the web app	Bicep	AppServiceJavaVersion.py
1869	CKV_AZURE_83	resource	azurerm_app_service	Ensure that ‘Java version’ is the latest, if used to run the web app	Terraform	AppServiceJavaVersion.py
1870	CKV_AZURE_84	resource	Microsoft.Security/pricings	Ensure that Azure Defender is set to On for Storage	arm	AzureDefenderOnStorage.py
1871	CKV_AZURE_84	resource	Microsoft.Security/pricings	Ensure that Azure Defender is set to On for Storage	Bicep	AzureDefenderOnStorage.py
1872	CKV_AZURE_84	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Storage	Terraform	AzureDefenderOnStorage.py
1873	CKV_AZURE_85	resource	Microsoft.Security/pricings	Ensure that Azure Defender is set to On for Kubernetes	arm	AzureDefenderOnKubernetes.py
1874	CKV_AZURE_85	resource	Microsoft.Security/pricings	Ensure that Azure Defender is set to On for Kubernetes	Bicep	AzureDefenderOnKubernetes.py
1875	CKV_AZURE_85	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Kubernetes	Terraform	AzureDefenderOnKubernetes.py
1876	CKV_AZURE_86	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Container Registries	Terraform	AzureDefenderOnContainerRegistry.py
1877	CKV_AZURE_87	resource	Microsoft.Security/pricings	Ensure that Azure Defender is set to On for Key Vault	arm	AzureDefenderOnKeyVaults.py
1878	CKV_AZURE_87	resource	Microsoft.Security/pricings	Ensure that Azure Defender is set to On for Key Vault	Bicep	AzureDefenderOnKeyVaults.py
1879	CKV_AZURE_87	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender is set to On for Key Vault	Terraform	AzureDefenderOnKeyVaults.py
1880	CKV_AZURE_88	resource	Microsoft.Web/sites/config	Ensure that app services use Azure Files	arm	AppServiceUsedAzureFiles.py
1881	CKV_AZURE_88	resource	Microsoft.Web/sites/config	Ensure that app services use Azure Files	Bicep	AppServiceUsedAzureFiles.py
1882	CKV_AZURE_88	resource	azurerm_app_service	Ensure that app services use Azure Files	Terraform	AppServiceUsedAzureFiles.py
1883	CKV_AZURE_88	resource	azurerm_linux_web_app	Ensure that app services use Azure Files	Terraform	AppServiceUsedAzureFiles.py
1884	CKV_AZURE_88	resource	azurerm_windows_web_app	Ensure that app services use Azure Files	Terraform	AppServiceUsedAzureFiles.py
1885	CKV_AZURE_89	resource	Microsoft.Cache/redis	Ensure that Azure Cache for Redis disables public network access	arm	RedisCachePublicNetworkAccessEnabled.py
1886	CKV_AZURE_89	resource	Microsoft.Cache/redis	Ensure that Azure Cache for Redis disables public network access	Bicep	RedisCachePublicNetworkAccessEnabled.py
1887	CKV_AZURE_89	resource	azurerm_redis_cache	Ensure that Azure Cache for Redis disables public network access	Terraform	RedisCachePublicNetworkAccessEnabled.py
1888	CKV_AZURE_91	resource	azurerm_redis_cache	Ensure that only SSL are enabled for Cache for Redis	Terraform	RedisCacheEnableNonSSLPort.py
1889	CKV_AZURE_92	resource	Microsoft.Compute/virtualMachines	Ensure that Virtual Machines use managed disks	arm	VMStorageOsDisk.py
1890	CKV_AZURE_92	resource	Microsoft.Compute/virtualMachines	Ensure that Virtual Machines use managed disks	Bicep	VMStorageOsDisk.py
1891	CKV_AZURE_92	resource	azurerm_linux_virtual_machine	Ensure that Virtual Machines use managed disks	Terraform	VMStorageOsDisk.py
1892	CKV_AZURE_92	resource	azurerm_windows_virtual_machine	Ensure that Virtual Machines use managed disks	Terraform	VMStorageOsDisk.py
1893	CKV_AZURE_93	resource	Microsoft.Compute/disks	Ensure that managed disks use a specific set of disk encryption sets for the customer-managed key encryption	arm	AzureManagedDiskEncryptionSet.py
1894	CKV_AZURE_93	resource	Microsoft.Compute/disks	Ensure that managed disks use a specific set of disk encryption sets for the customer-managed key encryption	Bicep	AzureManagedDiskEncryptionSet.py
1895	CKV_AZURE_93	resource	azurerm_managed_disk	Ensure that managed disks use a specific set of disk encryption sets for the customer-managed key encryption	Terraform	AzureManagedDiskEncryptionSet.py
1896	CKV_AZURE_94	resource	Microsoft.DBforMySQL/flexibleServers	Ensure that My SQL server enables geo-redundant backups	arm	MySQLGeoBackupEnabled.py
1897	CKV_AZURE_94	resource	Microsoft.DBforMySQL/flexibleServers	Ensure that My SQL server enables geo-redundant backups	Bicep	MySQLGeoBackupEnabled.py
1898	CKV_AZURE_94	resource	azurerm_mysql_flexible_server	Ensure that My SQL server enables geo-redundant backups	Terraform	MySQLGeoBackupEnabled.py
1899	CKV_AZURE_94	resource	azurerm_mysql_server	Ensure that My SQL server enables geo-redundant backups	Terraform	MySQLGeoBackupEnabled.py
1900	CKV_AZURE_95	resource	Microsoft.Compute/virtualMachineScaleSets	Ensure that automatic OS image patching is enabled for Virtual Machine Scale Sets	arm	VMScaleSetsAutoOSImagePatchingEnabled.py
1901	CKV_AZURE_95	resource	Microsoft.Compute/virtualMachineScaleSets	Ensure that automatic OS image patching is enabled for Virtual Machine Scale Sets	Bicep	VMScaleSetsAutoOSImagePatchingEnabled.py
1902	CKV_AZURE_95	resource	azurerm_virtual_machine_scale_set	Ensure that automatic OS image patching is enabled for Virtual Machine Scale Sets	Terraform	VMScaleSetsAutoOSImagePatchingEnabled.py
1903	CKV_AZURE_96	resource	Microsoft.DBforMySQL/flexibleServers	Ensure that MySQL server enables infrastructure encryption	arm	MySQLEncryptionEnabled.py
1904	CKV_AZURE_96	resource	Microsoft.DBforMySQL/flexibleServers	Ensure that MySQL server enables infrastructure encryption	Bicep	MySQLEncryptionEnabled.py
1905	CKV_AZURE_96	resource	azurerm_mysql_server	Ensure that MySQL server enables infrastructure encryption	Terraform	MySQLEncryptionEnabled.py
1906	CKV_AZURE_97	resource	Microsoft.Compute/virtualMachineScaleSets	Ensure that Virtual machine scale sets have encryption at host enabled	arm	VMEncryptionAtHostEnabled.py
1907	CKV_AZURE_97	resource	Microsoft.Compute/virtualMachineScaleSets	Ensure that Virtual machine scale sets have encryption at host enabled	Bicep	VMEncryptionAtHostEnabled.py
1908	CKV_AZURE_97	resource	Microsoft.Compute/virtualMachines	Ensure that Virtual machine scale sets have encryption at host enabled	arm	VMEncryptionAtHostEnabled.py
1909	CKV_AZURE_97	resource	Microsoft.Compute/virtualMachines	Ensure that Virtual machine scale sets have encryption at host enabled	Bicep	VMEncryptionAtHostEnabled.py
1910	CKV_AZURE_97	resource	azurerm_linux_virtual_machine_scale_set	Ensure that Virtual machine scale sets have encryption at host enabled	Terraform	VMEncryptionAtHostEnabled.py
1911	CKV_AZURE_97	resource	azurerm_windows_virtual_machine_scale_set	Ensure that Virtual machine scale sets have encryption at host enabled	Terraform	VMEncryptionAtHostEnabled.py
1912	CKV_AZURE_98	resource	azurerm_container_group	Ensure that Azure Container group is deployed into virtual network	Terraform	AzureContainerGroupDeployedIntoVirtualNetwork.py
1913	CKV_AZURE_99	resource	Microsoft.DocumentDB/databaseAccounts	Ensure Cosmos DB accounts have restricted access	arm	CosmosDBAccountsRestrictedAccess.py
1914	CKV_AZURE_99	resource	Microsoft.DocumentDB/databaseAccounts	Ensure Cosmos DB accounts have restricted access	Bicep	CosmosDBAccountsRestrictedAccess.py
1915	CKV_AZURE_99	resource	azurerm_cosmosdb_account	Ensure Cosmos DB accounts have restricted access	Terraform	CosmosDBAccountsRestrictedAccess.py
1916	CKV_AZURE_100	resource	Microsoft.DocumentDb/databaseAccounts	Ensure that Cosmos DB accounts have customer-managed keys to encrypt data at rest	arm	CosmosDBHaveCMK.py
1917	CKV_AZURE_100	resource	Microsoft.DocumentDb/databaseAccounts	Ensure that Cosmos DB accounts have customer-managed keys to encrypt data at rest	Bicep	CosmosDBHaveCMK.py
1918	CKV_AZURE_100	resource	azurerm_cosmosdb_account	Ensure that Cosmos DB accounts have customer-managed keys to encrypt data at rest	Terraform	CosmosDBHaveCMK.py
1919	CKV_AZURE_101	resource	Microsoft.DocumentDB/databaseAccounts	Ensure that Azure Cosmos DB disables public network access	arm	CosmosDBDisablesPublicNetwork.py
1920	CKV_AZURE_101	resource	Microsoft.DocumentDB/databaseAccounts	Ensure that Azure Cosmos DB disables public network access	Bicep	CosmosDBDisablesPublicNetwork.py
1921	CKV_AZURE_101	resource	azurerm_cosmosdb_account	Ensure that Azure Cosmos DB disables public network access	Terraform	CosmosDBDisablesPublicNetwork.py
1922	CKV_AZURE_102	resource	Microsoft.DBforPostgreSQL/servers	Ensure that PostgreSQL server enables geo-redundant backups	arm	PostgressSQLGeoBackupEnabled.py
1923	CKV_AZURE_102	resource	Microsoft.DBforPostgreSQL/servers	Ensure that PostgreSQL server enables geo-redundant backups	Bicep	PostgressSQLGeoBackupEnabled.py
1924	CKV_AZURE_102	resource	azurerm_postgresql_server	Ensure that PostgreSQL server enables geo-redundant backups	Terraform	PostgressSQLGeoBackupEnabled.py
1925	CKV_AZURE_103	resource	Microsoft.DataFactory/factories	Ensure that Azure Data Factory uses Git repository for source control	arm	DataFactoryUsesGitRepository.py
1926	CKV_AZURE_103	resource	Microsoft.DataFactory/factories	Ensure that Azure Data Factory uses Git repository for source control	Bicep	DataFactoryUsesGitRepository.py
1927	CKV_AZURE_103	resource	azurerm_data_factory	Ensure that Azure Data Factory uses Git repository for source control	Terraform	DataFactoryUsesGitRepository.py
1928	CKV_AZURE_104	resource	Microsoft.DataFactory/factories	Ensure that Azure Data factory public network access is disabled	arm	DataFactoryNoPublicNetworkAccess.py
1929	CKV_AZURE_104	resource	Microsoft.DataFactory/factories	Ensure that Azure Data factory public network access is disabled	Bicep	DataFactoryNoPublicNetworkAccess.py
1930	CKV_AZURE_104	resource	azurerm_data_factory	Ensure that Azure Data factory public network access is disabled	Terraform	DataFactoryNoPublicNetworkAccess.py
1931	CKV_AZURE_105	resource	Microsoft.DataLakeStore/accounts	Ensure that Data Lake Store accounts enables encryption	arm	DataLakeStoreEncryption.py
1932	CKV_AZURE_105	resource	Microsoft.DataLakeStore/accounts	Ensure that Data Lake Store accounts enables encryption	Bicep	DataLakeStoreEncryption.py
1933	CKV_AZURE_105	resource	azurerm_data_lake_store	Ensure that Data Lake Store accounts enables encryption	Terraform	DataLakeStoreEncryption.py
1934	CKV_AZURE_106	resource	azurerm_eventgrid_domain	Ensure that Azure Event Grid Domain public network access is disabled	Terraform	EventgridDomainNetworkAccess.py
1935	CKV_AZURE_107	resource	Microsoft.ApiManagement/service	Ensure that API management services use virtual networks	arm	APIServicesUseVirtualNetwork.py
1936	CKV_AZURE_107	resource	Microsoft.ApiManagement/service	Ensure that API management services use virtual networks	Bicep	APIServicesUseVirtualNetwork.py
1937	CKV_AZURE_107	resource	azurerm_api_management	Ensure that API management services use virtual networks	Terraform	APIServicesUseVirtualNetwork.py
1938	CKV_AZURE_108	resource	azurerm_iothub	Ensure that Azure IoT Hub disables public network access	Terraform	IoTNoPublicNetworkAccess.py
1939	CKV_AZURE_109	resource	Microsoft.KeyVault/vaults	Ensure that key vault allows firewall rules settings	arm	KeyVaultEnablesFirewallRulesSettings.py
1940	CKV_AZURE_109	resource	Microsoft.KeyVault/vaults	Ensure that key vault allows firewall rules settings	Bicep	KeyVaultEnablesFirewallRulesSettings.py
1941	CKV_AZURE_109	resource	azurerm_key_vault	Ensure that key vault allows firewall rules settings	Terraform	KeyVaultEnablesFirewallRulesSettings.py
1942	CKV_AZURE_110	resource	Microsoft.KeyVault/vaults	Ensure that key vault enables purge protection	arm	KeyVaultEnablesPurgeProtection.py
1943	CKV_AZURE_110	resource	Microsoft.KeyVault/vaults	Ensure that key vault enables purge protection	Bicep	KeyVaultEnablesPurgeProtection.py
1944	CKV_AZURE_110	resource	azurerm_key_vault	Ensure that key vault enables purge protection	Terraform	KeyVaultEnablesPurgeProtection.py
1945	CKV_AZURE_111	resource	Microsoft.KeyVault/vaults	Ensure that key vault enables soft delete	arm	KeyVaultEnablesSoftDelete.py
1946	CKV_AZURE_111	resource	Microsoft.KeyVault/vaults	Ensure that key vault enables soft delete	Bicep	KeyVaultEnablesSoftDelete.py
1947	CKV_AZURE_111	resource	azurerm_key_vault	Ensure that key vault enables soft delete	Terraform	KeyVaultEnablesSoftDelete.py
1948	CKV_AZURE_112	resource	Microsoft.KeyVault/vaults/keys	Ensure that key vault key is backed by HSM	arm	KeyBackedByHSM.py
1949	CKV_AZURE_112	resource	Microsoft.KeyVault/vaults/keys	Ensure that key vault key is backed by HSM	Bicep	KeyBackedByHSM.py
1950	CKV_AZURE_112	resource	azurerm_key_vault_key	Ensure that key vault key is backed by HSM	Terraform	KeyBackedByHSM.py
1951	CKV_AZURE_113	resource	Microsoft.Sql/servers	Ensure that SQL server disables public network access	arm	SQLServerHasPublicAccessDisabled.py
1952	CKV_AZURE_113	resource	Microsoft.Sql/servers	Ensure that SQL server disables public network access	Bicep	SQLServerHasPublicAccessDisabled.py
1953	CKV_AZURE_113	resource	azurerm_mssql_server	Ensure that SQL server disables public network access	Terraform	SQLServerPublicAccessDisabled.py
1954	CKV_AZURE_114	resource	Microsoft.KeyVault/vaults/secrets	Ensure that key vault secrets have “content_type” set	arm	SecretContentType.py
1955	CKV_AZURE_114	resource	Microsoft.KeyVault/vaults/secrets	Ensure that key vault secrets have “content_type” set	Bicep	SecretContentType.py
1956	CKV_AZURE_114	resource	azurerm_key_vault_secret	Ensure that key vault secrets have “content_type” set	Terraform	SecretContentType.py
1957	CKV_AZURE_115	resource	azurerm_kubernetes_cluster	Ensure that AKS enables private clusters	Terraform	AKSEnablesPrivateClusters.py
1958	CKV_AZURE_116	resource	azurerm_kubernetes_cluster	Ensure that AKS uses Azure Policies Add-on	Terraform	AKSUsesAzurePoliciesAddon.py
1959	CKV_AZURE_117	resource	azurerm_kubernetes_cluster	Ensure that AKS uses disk encryption set	Terraform	AKSUsesDiskEncryptionSet.py
1960	CKV_AZURE_118	resource	azurerm_network_interface	Ensure that Network Interfaces disable IP forwarding	Terraform	NetworkInterfaceEnableIPForwarding.py
1961	CKV_AZURE_119	resource	azurerm_network_interface	Ensure that Network Interfaces don’t use public IPs	Terraform	AzureNetworkInterfacePublicIPAddressId.yaml
1962	CKV_AZURE_120	resource	azurerm_application_gateway	Ensure that Application Gateway enables WAF	Terraform	ApplicationGatewayEnablesWAF.yaml
1963	CKV_AZURE_120	resource	azurerm_web_application_firewall_policy	Ensure that Application Gateway enables WAF	Terraform	ApplicationGatewayEnablesWAF.yaml
1964	CKV_AZURE_121	resource	Microsoft.Network/frontDoors	Ensure that Azure Front Door enables WAF	arm	AzureFrontDoorEnablesWAF.py
1965	CKV_AZURE_121	resource	Microsoft.Network/frontDoors	Ensure that Azure Front Door enables WAF	Bicep	AzureFrontDoorEnablesWAF.py
1966	CKV_AZURE_121	resource	azurerm_frontdoor	Ensure that Azure Front Door enables WAF	Terraform	AzureFrontDoorEnablesWAF.py
1967	CKV_AZURE_122	resource	azurerm_web_application_firewall_policy	Ensure that Application Gateway uses WAF in “Detection” or “Prevention” modes	Terraform	AppGWUseWAFMode.py
1968	CKV_AZURE_123	resource	Microsoft.Network/FrontDoorWebApplicationFirewallPolicies	Ensure that Azure Front Door uses WAF in “Detection” or “Prevention” modes	arm	FrontdoorUseWAFMode.py
1969	CKV_AZURE_123	resource	Microsoft.Network/FrontDoorWebApplicationFirewallPolicies	Ensure that Azure Front Door uses WAF in “Detection” or “Prevention” modes	Bicep	FrontdoorUseWAFMode.py
1970	CKV_AZURE_123	resource	azurerm_frontdoor_firewall_policy	Ensure that Azure Front Door uses WAF in “Detection” or “Prevention” modes	Terraform	FrontdoorUseWAFMode.py
1971	CKV_AZURE_124	resource	azurerm_search_service	Ensure that Azure Cognitive Search disables public network access	Terraform	AzureSearchPublicNetworkAccessDisabled.py
1972	CKV_AZURE_125	resource	Microsoft.ServiceFabric/clusters	Ensures that Service Fabric use three levels of protection available	arm	AzureServiceFabricClusterProtectionLevel.py
1973	CKV_AZURE_125	resource	Microsoft.ServiceFabric/clusters	Ensures that Service Fabric use three levels of protection available	Bicep	AzureServiceFabricClusterProtectionLevel.py
1974	CKV_AZURE_125	resource	azurerm_service_fabric_cluster	Ensures that Service Fabric use three levels of protection available	Terraform	AzureServiceFabricClusterProtectionLevel.py
1975	CKV_AZURE_126	resource	azurerm_service_fabric_cluster	Ensures that Active Directory is used for authentication for Service Fabric	Terraform	ActiveDirectoryUsedAuthenticationServiceFabric.py
1976	CKV_AZURE_127	resource	azurerm_mysql_server	Ensure that My SQL server enables Threat detection policy	Terraform	MySQLTreatDetectionEnabled.py
1977	CKV_AZURE_128	resource	azurerm_postgresql_server	Ensure that PostgreSQL server enables Threat detection policy	Terraform	PostgresSQLTreatDetectionEnabled.py
1978	CKV_AZURE_129	resource	Microsoft.DBforMariaDB/servers	Ensure that MariaDB server enables geo-redundant backups	arm	MariaDBGeoBackupEnabled.py
1979	CKV_AZURE_129	resource	Microsoft.DBforMariaDB/servers	Ensure that MariaDB server enables geo-redundant backups	Bicep	MariaDBGeoBackupEnabled.py
1980	CKV_AZURE_129	resource	azurerm_mariadb_server	Ensure that MariaDB server enables geo-redundant backups	Terraform	MariaDBGeoBackupEnabled.py
1981	CKV_AZURE_130	resource	Microsoft.DBforPostgreSQL/servers	Ensure that PostgreSQL server enables infrastructure encryption	arm	PostgreSQLEncryptionEnabled.py
1982	CKV_AZURE_130	resource	Microsoft.DBforPostgreSQL/servers	Ensure that PostgreSQL server enables infrastructure encryption	Bicep	PostgreSQLEncryptionEnabled.py
1983	CKV_AZURE_130	resource	azurerm_postgresql_server	Ensure that PostgreSQL server enables infrastructure encryption	Terraform	PostgreSQLEncryptionEnabled.py
1984	CKV_AZURE_131	resource	azurerm_security_center_contact	Ensure that ‘Security contact emails’ is set	Terraform	SecurityCenterContactEmails.py
1985	CKV_AZURE_131	parameter	secureString	SecureString parameter should not have hardcoded default values	arm	SecureStringParameterNoHardcodedValue.py
1986	CKV_AZURE_131	parameter	string	SecureString parameter should not have hardcoded default values	Bicep	SecureStringParameterNoHardcodedValue.py
1987	CKV_AZURE_132	resource	Microsoft.DocumentDB/databaseAccounts	Ensure cosmosdb does not allow privileged escalation by restricting management plane changes	arm	CosmosDBDisableAccessKeyWrite.py
1988	CKV_AZURE_132	resource	Microsoft.DocumentDB/databaseAccounts	Ensure cosmosdb does not allow privileged escalation by restricting management plane changes	Bicep	CosmosDBDisableAccessKeyWrite.py
1989	CKV_AZURE_132	resource	azurerm_cosmosdb_account	Ensure cosmosdb does not allow privileged escalation by restricting management plane changes	Terraform	CosmosDBDisableAccessKeyWrite.py
1990	CKV_AZURE_133	resource	Microsoft.Network/frontdoorWebApplicationFirewallPolicies	Ensure Front Door WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	arm	FrontDoorWAFACLCVE202144228.py
1991	CKV_AZURE_133	resource	Microsoft.Network/frontdoorWebApplicationFirewallPolicies	Ensure Front Door WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	Bicep	FrontDoorWAFACLCVE202144228.py
1992	CKV_AZURE_133	resource	azurerm_frontdoor_firewall_policy	Ensure Front Door WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	Terraform	FrontDoorWAFACLCVE202144228.py
1993	CKV_AZURE_134	resource	Microsoft.CognitiveServices/accounts	Ensure that Cognitive Services accounts disable public network access	arm	CognitiveServicesDisablesPublicNetwork.py
1994	CKV_AZURE_134	resource	Microsoft.CognitiveServices/accounts	Ensure that Cognitive Services accounts disable public network access	Bicep	CognitiveServicesDisablesPublicNetwork.py
1995	CKV_AZURE_134	resource	azurerm_cognitive_account	Ensure that Cognitive Services accounts disable public network access	Terraform	CognitiveServicesDisablesPublicNetwork.py
1996	CKV_AZURE_135	resource	Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies	Ensure Application Gateway WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	arm	AppGatewayWAFACLCVE202144228.py
1997	CKV_AZURE_135	resource	Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies	Ensure Application Gateway WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	Bicep	AppGatewayWAFACLCVE202144228.py
1998	CKV_AZURE_135	resource	azurerm_web_application_firewall_policy	Ensure Application Gateway WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	Terraform	AppGatewayWAFACLCVE202144228.py
1999	CKV_AZURE_136	resource	azurerm_postgresql_flexible_server	Ensure that PostgreSQL Flexible server enables geo-redundant backups	Terraform	PostgreSQLFlexiServerGeoBackupEnabled.py
2000	CKV_AZURE_137	resource	Microsoft.ContainerRegistry/registries	Ensure ACR admin account is disabled	arm	ACRAdminAccountDisabled.py
2001	CKV_AZURE_137	resource	Microsoft.ContainerRegistry/registries	Ensure ACR admin account is disabled	Bicep	ACRAdminAccountDisabled.py
2002	CKV_AZURE_137	resource	azurerm_container_registry	Ensure ACR admin account is disabled	Terraform	ACRAdminAccountDisabled.py
2003	CKV_AZURE_138	resource	Microsoft.ContainerRegistry/registries	Ensures that ACR disables anonymous pulling of images	arm	ACRAnonymousPullDisabled.py
2004	CKV_AZURE_138	resource	Microsoft.ContainerRegistry/registries	Ensures that ACR disables anonymous pulling of images	Bicep	ACRAnonymousPullDisabled.py
2005	CKV_AZURE_138	resource	azurerm_container_registry	Ensures that ACR disables anonymous pulling of images	Terraform	ACRAnonymousPullDisabled.py
2006	CKV_AZURE_139	resource	Microsoft.ContainerRegistry/registries	Ensure ACR set to disable public networking	arm	ACRPublicNetworkAccessDisabled.py
2007	CKV_AZURE_139	resource	Microsoft.ContainerRegistry/registries	Ensure ACR set to disable public networking	Bicep	ACRPublicNetworkAccessDisabled.py
2008	CKV_AZURE_139	resource	azurerm_container_registry	Ensure ACR set to disable public networking	Terraform	ACRPublicNetworkAccessDisabled.py
2009	CKV_AZURE_140	resource	Microsoft.DocumentDB/databaseAccounts	Ensure that Local Authentication is disabled on CosmosDB	arm	CosmosDBLocalAuthDisabled.py
2010	CKV_AZURE_140	resource	Microsoft.DocumentDB/databaseAccounts	Ensure that Local Authentication is disabled on CosmosDB	Bicep	CosmosDBLocalAuthDisabled.py
2011	CKV_AZURE_140	resource	azurerm_cosmosdb_account	Ensure that Local Authentication is disabled on CosmosDB	Terraform	CosmosDBLocalAuthDisabled.py
2012	CKV_AZURE_141	resource	Microsoft.ContainerService/managedClusters	Ensure AKS local admin account is disabled	arm	AKSLocalAdminDisabled.py
2013	CKV_AZURE_141	resource	Microsoft.ContainerService/managedClusters	Ensure AKS local admin account is disabled	Bicep	AKSLocalAdminDisabled.py
2014	CKV_AZURE_141	resource	azurerm_kubernetes_cluster	Ensure AKS local admin account is disabled	Terraform	AKSLocalAdminDisabled.py
2015	CKV_AZURE_142	resource	azurerm_machine_learning_compute_cluster	Ensure Machine Learning Compute Cluster Local Authentication is disabled	Terraform	MLCCLADisabled.py
2016	CKV_AZURE_143	resource	azurerm_kubernetes_cluster	Ensure AKS cluster nodes do not have public IP addresses	Terraform	AKSNodePublicIpDisabled.py
2017	CKV_AZURE_144	resource	azurerm_machine_learning_workspace	Ensure that Public Access is disabled for Machine Learning Workspace	Terraform	MLPublicAccess.py
2018	CKV_AZURE_145	resource	Microsoft.Web/sites	Ensure Function app is using the latest version of TLS encryption	arm	FunctionAppMinTLSVersion.py
2019	CKV_AZURE_145	resource	Microsoft.Web/sites	Ensure Function app is using the latest version of TLS encryption	Bicep	FunctionAppMinTLSVersion.py
2020	CKV_AZURE_145	resource	Microsoft.Web/sites/slots	Ensure Function app is using the latest version of TLS encryption	arm	FunctionAppMinTLSVersion.py
2021	CKV_AZURE_145	resource	Microsoft.Web/sites/slots	Ensure Function app is using the latest version of TLS encryption	Bicep	FunctionAppMinTLSVersion.py
2022	CKV_AZURE_145	resource	azurerm_function_app	Ensure Function app is using the latest version of TLS encryption	Terraform	FunctionAppMinTLSVersion.py
2023	CKV_AZURE_145	resource	azurerm_function_app_slot	Ensure Function app is using the latest version of TLS encryption	Terraform	FunctionAppMinTLSVersion.py
2024	CKV_AZURE_145	resource	azurerm_linux_function_app	Ensure Function app is using the latest version of TLS encryption	Terraform	FunctionAppMinTLSVersion.py
2025	CKV_AZURE_145	resource	azurerm_linux_function_app_slot	Ensure Function app is using the latest version of TLS encryption	Terraform	FunctionAppMinTLSVersion.py
2026	CKV_AZURE_145	resource	azurerm_windows_function_app	Ensure Function app is using the latest version of TLS encryption	Terraform	FunctionAppMinTLSVersion.py
2027	CKV_AZURE_145	resource	azurerm_windows_function_app_slot	Ensure Function app is using the latest version of TLS encryption	Terraform	FunctionAppMinTLSVersion.py
2028	CKV_AZURE_146	resource	azurerm_postgresql_configuration	Ensure server parameter ‘log_retention’ is set to ‘ON’ for PostgreSQL Database Server	Terraform	PostgreSQLServerLogRetentionEnabled.py
2029	CKV_AZURE_147	resource	azurerm_postgresql_server	Ensure PostgreSQL is using the latest version of TLS encryption	Terraform	PostgreSQLMinTLSVersion.py
2030	CKV_AZURE_148	resource	azurerm_redis_cache	Ensure Redis Cache is using the latest version of TLS encryption	Terraform	RedisCacheMinTLSVersion.py
2031	CKV_AZURE_149	resource	Microsoft.Compute/virtualMachineScaleSets	Ensure that Virtual machine does not enable password authentication	arm	VMDisablePasswordAuthentication.py
2032	CKV_AZURE_149	resource	Microsoft.Compute/virtualMachineScaleSets	Ensure that Virtual machine does not enable password authentication	Bicep	VMDisablePasswordAuthentication.py
2033	CKV_AZURE_149	resource	Microsoft.Compute/virtualMachines	Ensure that Virtual machine does not enable password authentication	arm	VMDisablePasswordAuthentication.py
2034	CKV_AZURE_149	resource	Microsoft.Compute/virtualMachines	Ensure that Virtual machine does not enable password authentication	Bicep	VMDisablePasswordAuthentication.py
2035	CKV_AZURE_149	resource	azurerm_linux_virtual_machine	Ensure that Virtual machine does not enable password authentication	Terraform	VMDisablePasswordAuthentication.py
2036	CKV_AZURE_149	resource	azurerm_linux_virtual_machine_scale_set	Ensure that Virtual machine does not enable password authentication	Terraform	VMDisablePasswordAuthentication.py
2037	CKV_AZURE_150	resource	azurerm_machine_learning_compute_cluster	Ensure Machine Learning Compute Cluster Minimum Nodes Set To 0	Terraform	MLComputeClusterMinNodes.py
2038	CKV_AZURE_151	resource	Microsoft.Compute/virtualMachines	Ensure Windows VM enables encryption	arm	WinVMEncryptionAtHost.py
2039	CKV_AZURE_151	resource	Microsoft.Compute/virtualMachines	Ensure Windows VM enables encryption	Bicep	WinVMEncryptionAtHost.py
2040	CKV_AZURE_151	resource	azurerm_windows_virtual_machine	Ensure Windows VM enables encryption	Terraform	WinVMEncryptionAtHost.py
2041	CKV_AZURE_152	resource	azurerm_api_management	Ensure Client Certificates are enforced for API management	Terraform	APIManagementCertsEnforced.py
2042	CKV_AZURE_153	resource	Microsoft.Web/sites	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot	arm	AppServiceSlotHTTPSOnly.py
2043	CKV_AZURE_153	resource	Microsoft.Web/sites	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot	Bicep	AppServiceSlotHTTPSOnly.py
2044	CKV_AZURE_153	resource	Microsoft.Web/sites/slots	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot	arm	AppServiceSlotHTTPSOnly.py
2045	CKV_AZURE_153	resource	Microsoft.Web/sites/slots	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot	Bicep	AppServiceSlotHTTPSOnly.py
2046	CKV_AZURE_153	resource	azurerm_app_service_slot	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot	Terraform	AppServiceSlotHTTPSOnly.py
2047	CKV_AZURE_153	resource	azurerm_linux_web_app_slot	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot	Terraform	AppServiceSlotHTTPSOnly.py
2048	CKV_AZURE_153	resource	azurerm_windows_web_app_slot	Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot	Terraform	AppServiceSlotHTTPSOnly.py
2049	CKV_AZURE_154	resource	azurerm_app_service_slot	Ensure the App service slot is using the latest version of TLS encryption	Terraform	AppServiceSlotMinTLS.py
2050	CKV_AZURE_155	resource	Microsoft.Web/sites	Ensure debugging is disabled for the App service slot	arm	AppServiceSlotDebugDisabled.py
2051	CKV_AZURE_155	resource	Microsoft.Web/sites	Ensure debugging is disabled for the App service slot	Bicep	AppServiceSlotDebugDisabled.py
2052	CKV_AZURE_155	resource	Microsoft.Web/sites/slots	Ensure debugging is disabled for the App service slot	arm	AppServiceSlotDebugDisabled.py
2053	CKV_AZURE_155	resource	Microsoft.Web/sites/slots	Ensure debugging is disabled for the App service slot	Bicep	AppServiceSlotDebugDisabled.py
2054	CKV_AZURE_155	resource	azurerm_app_service_slot	Ensure debugging is disabled for the App service slot	Terraform	AppServiceSlotDebugDisabled.py
2055	CKV_AZURE_156	resource	azurerm_mssql_database_extended_auditing_policy	Ensure default Auditing policy for a SQL Server is configured to capture and retain the activity logs	Terraform	MSSQLServerAuditPolicyLogMonitor.py
2056	CKV_AZURE_157	resource	Microsoft.Synapse/workspaces	Ensure that Synapse workspace has data_exfiltration_protection_enabled	arm	SynapseWorkspaceEnablesDataExfilProtection.py
2057	CKV_AZURE_157	resource	Microsoft.Synapse/workspaces	Ensure that Synapse workspace has data_exfiltration_protection_enabled	Bicep	SynapseWorkspaceEnablesDataExfilProtection.py
2058	CKV_AZURE_157	resource	azurerm_synapse_workspace	Ensure that Synapse workspace has data_exfiltration_protection_enabled	Terraform	SynapseWorkspaceEnablesDataExfilProtection.py
2059	CKV_AZURE_158	resource	Microsoft.Databricks/workspaces	Ensure Databricks Workspace data plane to control plane communication happens over private link	arm	DatabricksWorkspaceIsNotPublic.py
2060	CKV_AZURE_158	resource	Microsoft.Databricks/workspaces	Ensure Databricks Workspace data plane to control plane communication happens over private link	Bicep	DatabricksWorkspaceIsNotPublic.py
2061	CKV_AZURE_158	resource	azurerm_databricks_workspace	Ensure Databricks Workspace data plane to control plane communication happens over private link	Terraform	DatabricksWorkspaceIsNotPublic.py
2062	CKV_AZURE_159	resource	azurerm_function_app	Ensure function app builtin logging is enabled	Terraform	FunctionAppEnableLogging.py
2063	CKV_AZURE_159	resource	azurerm_function_app_slot	Ensure function app builtin logging is enabled	Terraform	FunctionAppEnableLogging.py
2064	CKV_AZURE_160	resource	Microsoft.Network/networkSecurityGroups	Ensure that HTTP (port 80) access is restricted from the internet	arm	NSGRuleHTTPAccessRestricted.py
2065	CKV_AZURE_160	resource	Microsoft.Network/networkSecurityGroups	Ensure that HTTP (port 80) access is restricted from the internet	Bicep	NSGRuleHTTPAccessRestricted.py
2066	CKV_AZURE_160	resource	Microsoft.Network/networkSecurityGroups/securityRules	Ensure that HTTP (port 80) access is restricted from the internet	arm	NSGRuleHTTPAccessRestricted.py
2067	CKV_AZURE_160	resource	Microsoft.Network/networkSecurityGroups/securityRules	Ensure that HTTP (port 80) access is restricted from the internet	Bicep	NSGRuleHTTPAccessRestricted.py
2068	CKV_AZURE_160	resource	azurerm_network_security_group	Ensure that HTTP (port 80) access is restricted from the internet	Terraform	NSGRuleHTTPAccessRestricted.py
2069	CKV_AZURE_160	resource	azurerm_network_security_rule	Ensure that HTTP (port 80) access is restricted from the internet	Terraform	NSGRuleHTTPAccessRestricted.py
2070	CKV_AZURE_161	resource	azurerm_spring_cloud_api_portal	Ensures Spring Cloud API Portal is enabled on for HTTPS	Terraform	SpringCloudAPIPortalHTTPSOnly.py
2071	CKV_AZURE_162	resource	azurerm_spring_cloud_api_portal	Ensures Spring Cloud API Portal Public Access Is Disabled	Terraform	SpringCloudAPIPortalPublicAccessIsDisabled.py
2072	CKV_AZURE_163	resource	Microsoft.ContainerRegistry/registries	Enable vulnerability scanning for container images.	arm	ACRContainerScanEnabled.py
2073	CKV_AZURE_163	resource	Microsoft.ContainerRegistry/registries	Enable vulnerability scanning for container images.	Bicep	ACRContainerScanEnabled.py
2074	CKV_AZURE_163	resource	azurerm_container_registry	Enable vulnerability scanning for container images.	Terraform	ACRContainerScanEnabled.py
2075	CKV_AZURE_164	resource	azurerm_container_registry	Ensures that ACR uses signed/trusted images	Terraform	ACRUseSignedImages.py
2076	CKV_AZURE_165	resource	azurerm_container_registry	Ensure geo-replicated container registries to match multi-region container deployments.	Terraform	ACRGeoreplicated.py
2077	CKV_AZURE_166	resource	Microsoft.ContainerRegistry/registries	Ensure container image quarantine, scan, and mark images verified	arm	ACREnableImageQuarantine.py
2078	CKV_AZURE_166	resource	Microsoft.ContainerRegistry/registries	Ensure container image quarantine, scan, and mark images verified	Bicep	ACREnableImageQuarantine.py
2079	CKV_AZURE_166	resource	azurerm_container_registry	Ensure container image quarantine, scan, and mark images verified	Terraform	ACREnableImageQuarantine.py
2080	CKV_AZURE_167	resource	azurerm_container_registry	Ensure a retention policy is set to cleanup untagged manifests.	Terraform	ACREnableRetentionPolicy.py
2081	CKV_AZURE_168	resource	Microsoft.ContainerService/managedClusters	Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods.	arm	AKSMaxPodsMinimum.py
2082	CKV_AZURE_168	resource	Microsoft.ContainerService/managedClusters	Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods.	Bicep	AKSMaxPodsMinimum.py
2083	CKV_AZURE_168	resource	Microsoft.ContainerService/managedClusters/agentPools	Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods.	arm	AKSMaxPodsMinimum.py
2084	CKV_AZURE_168	resource	Microsoft.ContainerService/managedClusters/agentPools	Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods.	Bicep	AKSMaxPodsMinimum.py
2085	CKV_AZURE_168	resource	azurerm_kubernetes_cluster	Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods.	Terraform	AKSMaxPodsMinimum.py
2086	CKV_AZURE_168	resource	azurerm_kubernetes_cluster_node_pool	Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods.	Terraform	AKSMaxPodsMinimum.py
2087	CKV_AZURE_169	resource	Microsoft.ContainerService/managedClusters	Ensure Azure Kubernetes Cluster (AKS) nodes use scale sets	arm	AKSPoolTypeIsScaleSet.py
2088	CKV_AZURE_169	resource	Microsoft.ContainerService/managedClusters	Ensure Azure Kubernetes Cluster (AKS) nodes use scale sets	Bicep	AKSPoolTypeIsScaleSet.py
2089	CKV_AZURE_169	resource	azurerm_kubernetes_cluster	Ensure Azure Kubernetes Cluster (AKS) nodes use scale sets	Terraform	AKSPoolTypeIsScaleSet.py
2090	CKV_AZURE_170	resource	azurerm_kubernetes_cluster	Ensure that AKS use the Paid Sku for its SLA	Terraform	AKSIsPaidSku.py
2091	CKV_AZURE_171	resource	Microsoft.ContainerService/managedClusters	Ensure AKS cluster upgrade channel is chosen	arm	AKSUpgradeChannel.py
2092	CKV_AZURE_171	resource	Microsoft.ContainerService/managedClusters	Ensure AKS cluster upgrade channel is chosen	Bicep	AKSUpgradeChannel.py
2093	CKV_AZURE_171	resource	azurerm_kubernetes_cluster	Ensure AKS cluster upgrade channel is chosen	Terraform	AKSUpgradeChannel.py
2094	CKV_AZURE_172	resource	Microsoft.ContainerService/managedClusters	Ensure autorotation of Secrets Store CSI Driver secrets for AKS clusters	arm	AkSSecretStoreRotation.py
2095	CKV_AZURE_172	resource	Microsoft.ContainerService/managedClusters	Ensure autorotation of Secrets Store CSI Driver secrets for AKS clusters	Bicep	AkSSecretStoreRotation.py
2096	CKV_AZURE_172	resource	azurerm_kubernetes_cluster	Ensure autorotation of Secrets Store CSI Driver secrets for AKS clusters	Terraform	AKSSecretStoreRotation.py
2097	CKV_AZURE_173	resource	Microsoft.ApiManagement/service	Ensure API management uses at least TLS 1.2	arm	APIManagementMinTLS12.py
2098	CKV_AZURE_173	resource	Microsoft.ApiManagement/service	Ensure API management uses at least TLS 1.2	Bicep	APIManagementMinTLS12.py
2099	CKV_AZURE_173	resource	azurerm_api_management	Ensure API management uses at least TLS 1.2	Terraform	APIManagementMinTLS12.py
2100	CKV_AZURE_174	resource	Microsoft.ApiManagement/service	Ensure API management public access is disabled	arm	APIManagementPublicAccess.py
2101	CKV_AZURE_174	resource	Microsoft.ApiManagement/service	Ensure API management public access is disabled	Bicep	APIManagementPublicAccess.py
2102	CKV_AZURE_174	resource	azurerm_api_management	Ensure API management public access is disabled	Terraform	APIManagementPublicAccess.py
2103	CKV_AZURE_175	resource	Microsoft.SignalRService/webPubSub	Ensure Web PubSub uses a SKU with an SLA	arm	PubsubSKUSLA.py
2104	CKV_AZURE_175	resource	Microsoft.SignalRService/webPubSub	Ensure Web PubSub uses a SKU with an SLA	Bicep	PubsubSKUSLA.py
2105	CKV_AZURE_175	resource	azurerm_web_pubsub	Ensure Web PubSub uses a SKU with an SLA	Terraform	PubsubSKUSLA.py
2106	CKV_AZURE_176	resource	Microsoft.SignalRService/webPubSub	Ensure Web PubSub uses managed identities to access Azure resources	arm	PubsubSpecifyIdentity.py
2107	CKV_AZURE_176	resource	Microsoft.SignalRService/webPubSub	Ensure Web PubSub uses managed identities to access Azure resources	Bicep	PubsubSpecifyIdentity.py
2108	CKV_AZURE_176	resource	azurerm_web_pubsub	Ensure Web PubSub uses managed identities to access Azure resources	Terraform	PubsubSpecifyIdentity.py
2109	CKV_AZURE_177	resource	Microsoft.Compute/virtualMachineScaleSets	Ensure Windows VM enables automatic updates	arm	WinVMAutomaticUpdates.py
2110	CKV_AZURE_177	resource	Microsoft.Compute/virtualMachineScaleSets	Ensure Windows VM enables automatic updates	Bicep	WinVMAutomaticUpdates.py
2111	CKV_AZURE_177	resource	Microsoft.Compute/virtualMachines	Ensure Windows VM enables automatic updates	arm	WinVMAutomaticUpdates.py
2112	CKV_AZURE_177	resource	Microsoft.Compute/virtualMachines	Ensure Windows VM enables automatic updates	Bicep	WinVMAutomaticUpdates.py
2113	CKV_AZURE_177	resource	azurerm_windows_virtual_machine	Ensure Windows VM enables automatic updates	Terraform	WinVMAutomaticUpdates.py
2114	CKV_AZURE_177	resource	azurerm_windows_virtual_machine_scale_set	Ensure Windows VM enables automatic updates	Terraform	WinVMAutomaticUpdates.py
2115	CKV_AZURE_178	resource	Microsoft.Compute/virtualMachineScaleSets	Ensure linux VM enables SSH with keys for secure communication	arm	LinuxVMUsesSSH.py
2116	CKV_AZURE_178	resource	Microsoft.Compute/virtualMachineScaleSets	Ensure linux VM enables SSH with keys for secure communication	Bicep	LinuxVMUsesSSH.py
2117	CKV_AZURE_178	resource	Microsoft.Compute/virtualMachines	Ensure linux VM enables SSH with keys for secure communication	arm	LinuxVMUsesSSH.py
2118	CKV_AZURE_178	resource	Microsoft.Compute/virtualMachines	Ensure linux VM enables SSH with keys for secure communication	Bicep	LinuxVMUsesSSH.py
2119	CKV_AZURE_178	resource	azurerm_linux_virtual_machine	Ensure linux VM enables SSH with keys for secure communication	Terraform	LinuxVMUsesSSH.py
2120	CKV_AZURE_178	resource	azurerm_linux_virtual_machine_scale_set	Ensure linux VM enables SSH with keys for secure communication	Terraform	LinuxVMUsesSSH.py
2121	CKV_AZURE_179	resource	azurerm_linux_virtual_machine	Ensure VM agent is installed	Terraform	VMAgentIsInstalled.py
2122	CKV_AZURE_179	resource	azurerm_linux_virtual_machine_scale_set	Ensure VM agent is installed	Terraform	VMAgentIsInstalled.py
2123	CKV_AZURE_179	resource	azurerm_windows_virtual_machine	Ensure VM agent is installed	Terraform	VMAgentIsInstalled.py
2124	CKV_AZURE_179	resource	azurerm_windows_virtual_machine_scale_set	Ensure VM agent is installed	Terraform	VMAgentIsInstalled.py
2125	CKV_AZURE_180	resource	azurerm_kusto_cluster	Ensure that data explorer uses Sku with an SLA	Terraform	DataExplorerSKUHasSLA.py
2126	CKV_AZURE_181	resource	azurerm_kusto_cluster	Ensure that data explorer/Kusto uses managed identities to access Azure resources securely.	Terraform	DataExplorerServiceIdentity.py
2127	CKV_AZURE_182	resource	Microsoft.Network/networkInterfaces	Ensure that VNET has at least 2 connected DNS Endpoints	arm	VnetSingleDNSServer.py
2128	CKV_AZURE_182	resource	Microsoft.Network/networkInterfaces	Ensure that VNET has at least 2 connected DNS Endpoints	Bicep	VnetSingleDNSServer.py
2129	CKV_AZURE_182	resource	Microsoft.Network/virtualNetworks	Ensure that VNET has at least 2 connected DNS Endpoints	arm	VnetSingleDNSServer.py
2130	CKV_AZURE_182	resource	Microsoft.Network/virtualNetworks	Ensure that VNET has at least 2 connected DNS Endpoints	Bicep	VnetSingleDNSServer.py
2131	CKV_AZURE_182	resource	azurerm_virtual_network	Ensure that VNET has at least 2 connected DNS Endpoints	Terraform	VnetSingleDNSServer.py
2132	CKV_AZURE_182	resource	azurerm_virtual_network_dns_servers	Ensure that VNET has at least 2 connected DNS Endpoints	Terraform	VnetSingleDNSServer.py
2133	CKV_AZURE_183	resource	Microsoft.Network/virtualNetworks	Ensure that VNET uses local DNS addresses	arm	VnetLocalDNS.py
2134	CKV_AZURE_183	resource	Microsoft.Network/virtualNetworks	Ensure that VNET uses local DNS addresses	Bicep	VnetLocalDNS.py
2135	CKV_AZURE_183	resource	azurerm_virtual_network	Ensure that VNET uses local DNS addresses	Terraform	VnetLocalDNS.py
2136	CKV_AZURE_184	resource	azurerm_app_configuration	Ensure ‘local_auth_enabled’ is set to ‘False’	Terraform	AppConfigLocalAuth.py
2137	CKV_AZURE_185	resource	azurerm_app_configuration	Ensure ‘Public Access’ is not Enabled for App configuration	Terraform	AppConfigPublicAccess.py
2138	CKV_AZURE_186	resource	azurerm_app_configuration	Ensure App configuration encryption block is set.	Terraform	AppConfigEncryption.py
2139	CKV_AZURE_187	resource	azurerm_app_configuration	Ensure App configuration purge protection is enabled	Terraform	AppConfigPurgeProtection.py
2140	CKV_AZURE_188	resource	azurerm_app_configuration	Ensure App configuration Sku is standard	Terraform	AppConfigSku.py
2141	CKV_AZURE_189	resource	Microsoft.KeyVault/vaults	Ensure that Azure Key Vault disables public network access	arm	KeyVaultDisablesPublicNetworkAccess.py
2142	CKV_AZURE_189	resource	Microsoft.KeyVault/vaults	Ensure that Azure Key Vault disables public network access	Bicep	KeyVaultDisablesPublicNetworkAccess.py
2143	CKV_AZURE_189	resource	azurerm_key_vault	Ensure that Azure Key Vault disables public network access	Terraform	KeyVaultDisablesPublicNetworkAccess.py
2144	CKV_AZURE_190	resource	azurerm_storage_account	Ensure that Storage blobs restrict public access	Terraform	StorageBlobRestrictPublicAccess.py
2145	CKV_AZURE_191	resource	Microsoft.EventGrid/topics	Ensure that Managed identity provider is enabled for Azure Event Grid Topic	arm	EventgridTopicIdentityProviderEnabled.py
2146	CKV_AZURE_191	resource	Microsoft.EventGrid/topics	Ensure that Managed identity provider is enabled for Azure Event Grid Topic	Bicep	EventgridTopicIdentityProviderEnabled.py
2147	CKV_AZURE_191	resource	azurerm_eventgrid_topic	Ensure that Managed identity provider is enabled for Azure Event Grid Topic	Terraform	EventgridTopicIdentityProviderEnabled.py
2148	CKV_AZURE_192	resource	Microsoft.EventGrid/topics	Ensure that Azure Event Grid Topic local Authentication is disabled	arm	EventgridTopicLocalAuthentication.py
2149	CKV_AZURE_192	resource	Microsoft.EventGrid/topics	Ensure that Azure Event Grid Topic local Authentication is disabled	Bicep	EventgridTopicLocalAuthentication.py
2150	CKV_AZURE_192	resource	azurerm_eventgrid_topic	Ensure that Azure Event Grid Topic local Authentication is disabled	Terraform	EventgridTopicLocalAuthentication.py
2151	CKV_AZURE_193	resource	Microsoft.EventGrid/topics	Ensure public network access is disabled for Azure Event Grid Topic	arm	EventgridTopicNetworkAccess.py
2152	CKV_AZURE_193	resource	Microsoft.EventGrid/topics	Ensure public network access is disabled for Azure Event Grid Topic	Bicep	EventgridTopicNetworkAccess.py
2153	CKV_AZURE_193	resource	azurerm_eventgrid_topic	Ensure public network access is disabled for Azure Event Grid Topic	Terraform	EventgridTopicNetworkAccess.py
2154	CKV_AZURE_194	resource	azurerm_eventgrid_domain	Ensure that Managed identity provider is enabled for Azure Event Grid Domain	Terraform	EventgridDomainIdentityProviderEnabled.py
2155	CKV_AZURE_195	resource	azurerm_eventgrid_domain	Ensure that Azure Event Grid Domain local Authentication is disabled	Terraform	EventgridDomainLocalAuthentication.py
2156	CKV_AZURE_196	resource	azurerm_signalr_service	Ensure that SignalR uses a Paid Sku for its SLA	Terraform	SignalRSKUSLA.py
2157	CKV_AZURE_197	resource	azurerm_cdn_endpoint	Ensure the Azure CDN disables the HTTP endpoint	Terraform	CDNDisableHttpEndpoints.py
2158	CKV_AZURE_198	resource	azurerm_cdn_endpoint	Ensure the Azure CDN enables the HTTPS endpoint	Terraform	CDNEnableHttpsEndpoints.py
2159	CKV_AZURE_199	resource	azurerm_servicebus_namespace	Ensure that Azure Service Bus uses double encryption	Terraform	AzureServicebusDoubleEncryptionEnabled.py
2160	CKV_AZURE_200	resource	azurerm_cdn_endpoint_custom_domain	Ensure the Azure CDN endpoint is using the latest version of TLS encryption	Terraform	CDNTLSProtocol12.py
2161	CKV_AZURE_201	resource	azurerm_servicebus_namespace	Ensure that Azure Service Bus uses a customer-managed key to encrypt data	Terraform	AzureServicebusHasCMK.py
2162	CKV_AZURE_202	resource	azurerm_servicebus_namespace	Ensure that Managed identity provider is enabled for Azure Service Bus	Terraform	AzureServicebusIdentityProviderEnabled.py
2163	CKV_AZURE_203	resource	azurerm_servicebus_namespace	Ensure Azure Service Bus Local Authentication is disabled	Terraform	AzureServicebusLocalAuthDisabled.py
2164	CKV_AZURE_204	resource	azurerm_servicebus_namespace	Ensure ‘public network access enabled’ is set to ‘False’ for Azure Service Bus	Terraform	AzureServicebusPublicAccessDisabled.py
2165	CKV_AZURE_205	resource	azurerm_servicebus_namespace	Ensure Azure Service Bus is using the latest version of TLS encryption	Terraform	AzureServicebusMinTLSVersion.py
2166	CKV_AZURE_206	resource	Microsoft.Storage/storageAccounts	Ensure that Storage Accounts use replication	arm	StorageAccountsUseReplication.py
2167	CKV_AZURE_206	resource	Microsoft.Storage/storageAccounts	Ensure that Storage Accounts use replication	Bicep	StorageAccountsUseReplication.py
2168	CKV_AZURE_206	resource	azurerm_storage_account	Ensure that Storage Accounts use replication	Terraform	StorageAccountsUseReplication.py
2169	CKV_AZURE_207	resource	azurerm_search_service	Ensure Azure Cognitive Search service uses managed identities to access Azure resources	Terraform	AzureSearchManagedIdentity.py
2170	CKV_AZURE_208	resource	Microsoft.Search/searchServices	Ensure that Azure Cognitive Search maintains SLA for index updates	arm	AzureSearchSLAIndex.py
2171	CKV_AZURE_208	resource	Microsoft.Search/searchServices	Ensure that Azure Cognitive Search maintains SLA for index updates	Bicep	AzureSearchSLAIndex.py
2172	CKV_AZURE_208	resource	azurerm_search_service	Ensure that Azure Cognitive Search maintains SLA for index updates	Terraform	AzureSearchSLAIndex.py
2173	CKV_AZURE_209	resource	Microsoft.Search/searchServices	Ensure that Azure Cognitive Search maintains SLA for search index queries	arm	AzureSearchSLAQueryUpdates.py
2174	CKV_AZURE_209	resource	Microsoft.Search/searchServices	Ensure that Azure Cognitive Search maintains SLA for search index queries	Bicep	AzureSearchSLAQueryUpdates.py
2175	CKV_AZURE_209	resource	azurerm_search_service	Ensure that Azure Cognitive Search maintains SLA for search index queries	Terraform	AzureSearchSLAQueryUpdates.py
2176	CKV_AZURE_210	resource	azurerm_search_service	Ensure Azure Cognitive Search service allowed IPS does not give public Access	Terraform	AzureSearchAllowedIPsNotGlobal.py
2177	CKV_AZURE_211	resource	azurerm_service_plan	Ensure App Service plan suitable for production use	Terraform	AppServiceSkuMinimum.py
2178	CKV_AZURE_212	resource	Microsoft.Web/sites	Ensure App Service has a minimum number of instances for failover	arm	AppServiceInstanceMinimum.py
2179	CKV_AZURE_212	resource	Microsoft.Web/sites	Ensure App Service has a minimum number of instances for failover	Bicep	AppServiceInstanceMinimum.py
2180	CKV_AZURE_212	resource	Microsoft.Web/sites/slots	Ensure App Service has a minimum number of instances for failover	arm	AppServiceInstanceMinimum.py
2181	CKV_AZURE_212	resource	Microsoft.Web/sites/slots	Ensure App Service has a minimum number of instances for failover	Bicep	AppServiceInstanceMinimum.py
2182	CKV_AZURE_212	resource	azurerm_service_plan	Ensure App Service has a minimum number of instances for failover	Terraform	AppServiceInstanceMinimum.py
2183	CKV_AZURE_213	resource	Microsoft.Web/sites	Ensure that App Service configures health check	arm	AppServiceSetHealthCheck.py
2184	CKV_AZURE_213	resource	Microsoft.Web/sites	Ensure that App Service configures health check	Bicep	AppServiceSetHealthCheck.py
2185	CKV_AZURE_213	resource	Microsoft.Web/sites/slots	Ensure that App Service configures health check	arm	AppServiceSetHealthCheck.py
2186	CKV_AZURE_213	resource	Microsoft.Web/sites/slots	Ensure that App Service configures health check	Bicep	AppServiceSetHealthCheck.py
2187	CKV_AZURE_213	resource	azurerm_app_service	Ensure that App Service configures health check	Terraform	AppServiceSetHealthCheck.py
2188	CKV_AZURE_213	resource	azurerm_linux_web_app	Ensure that App Service configures health check	Terraform	AppServiceSetHealthCheck.py
2189	CKV_AZURE_213	resource	azurerm_windows_web_app	Ensure that App Service configures health check	Terraform	AppServiceSetHealthCheck.py
2190	CKV_AZURE_214	resource	azurerm_linux_web_app	Ensure App Service is set to be always on	Terraform	AppServiceAlwaysOn.py
2191	CKV_AZURE_214	resource	azurerm_windows_web_app	Ensure App Service is set to be always on	Terraform	AppServiceAlwaysOn.py
2192	CKV_AZURE_215	resource	azurerm_api_management_backend	Ensure API management backend uses https	Terraform	APIManagementBackendHTTPS.py
2193	CKV_AZURE_216	resource	Microsoft.Network/azureFirewalls	Ensure DenyIntelMode is set to Deny for Azure Firewalls	arm	AzureFirewallDenyThreatIntelMode.py
2194	CKV_AZURE_216	resource	Microsoft.Network/azureFirewalls	Ensure DenyIntelMode is set to Deny for Azure Firewalls	Bicep	AzureFirewallDenyThreatIntelMode.py
2195	CKV_AZURE_216	resource	azurerm_firewall	Ensure DenyIntelMode is set to Deny for Azure Firewalls	Terraform	AzureFirewallDenyThreatIntelMode.py
2196	CKV_AZURE_217	resource	azurerm_application_gateway	Ensure Azure Application gateways listener that allow connection requests over HTTP	Terraform	AppGWUsesHttps.py
2197	CKV_AZURE_218	resource	Microsoft.Network/applicationGateways	Ensure Application Gateway defines secure protocols for in transit communication	arm	AppGWDefinesSecureProtocols.py
2198	CKV_AZURE_218	resource	Microsoft.Network/applicationGateways	Ensure Application Gateway defines secure protocols for in transit communication	Bicep	AppGWDefinesSecureProtocols.py
2199	CKV_AZURE_218	resource	azurerm_application_gateway	Ensure Application Gateway defines secure protocols for in transit communication	Terraform	AppGWDefinesSecureProtocols.py
2200	CKV_AZURE_219	resource	azurerm_firewall	Ensure Firewall defines a firewall policy	Terraform	AzureFirewallDefinesPolicy.py
2201	CKV_AZURE_220	resource	azurerm_firewall_policy	Ensure Firewall policy has IDPS mode as deny	Terraform	AzureFirewallPolicyIDPSDeny.py
2202	CKV_AZURE_221	resource	azurerm_linux_function_app	Ensure that Azure Function App public network access is disabled	Terraform	FunctionAppPublicAccessDisabled.py
2203	CKV_AZURE_221	resource	azurerm_linux_function_app_slot	Ensure that Azure Function App public network access is disabled	Terraform	FunctionAppPublicAccessDisabled.py
2204	CKV_AZURE_221	resource	azurerm_windows_function_app	Ensure that Azure Function App public network access is disabled	Terraform	FunctionAppPublicAccessDisabled.py
2205	CKV_AZURE_221	resource	azurerm_windows_function_app_slot	Ensure that Azure Function App public network access is disabled	Terraform	FunctionAppPublicAccessDisabled.py
2206	CKV_AZURE_222	resource	Microsoft.Web/sites	Ensure that Azure Web App public network access is disabled	arm	AppServicePublicAccessDisabled.py
2207	CKV_AZURE_222	resource	Microsoft.Web/sites	Ensure that Azure Web App public network access is disabled	Bicep	AppServicePublicAccessDisabled.py
2208	CKV_AZURE_222	resource	Microsoft.Web/sites/config	Ensure that Azure Web App public network access is disabled	arm	AppServicePublicAccessDisabled.py
2209	CKV_AZURE_222	resource	Microsoft.Web/sites/config	Ensure that Azure Web App public network access is disabled	Bicep	AppServicePublicAccessDisabled.py
2210	CKV_AZURE_222	resource	Microsoft.Web/sites/slots	Ensure that Azure Web App public network access is disabled	arm	AppServicePublicAccessDisabled.py
2211	CKV_AZURE_222	resource	Microsoft.Web/sites/slots	Ensure that Azure Web App public network access is disabled	Bicep	AppServicePublicAccessDisabled.py
2212	CKV_AZURE_222	resource	azurerm_linux_web_app	Ensure that Azure Web App public network access is disabled	Terraform	AppServicePublicAccessDisabled.py
2213	CKV_AZURE_222	resource	azurerm_windows_web_app	Ensure that Azure Web App public network access is disabled	Terraform	AppServicePublicAccessDisabled.py
2214	CKV_AZURE_223	resource	Microsoft.EventHub/namespaces	Ensure Event Hub Namespace uses at least TLS 1.2	arm	EventHubNamespaceMinTLS12.py
2215	CKV_AZURE_223	resource	Microsoft.EventHub/namespaces	Ensure Event Hub Namespace uses at least TLS 1.2	Bicep	EventHubNamespaceMinTLS12.py
2216	CKV_AZURE_223	resource	azurerm_eventhub_namespace	Ensure Event Hub Namespace uses at least TLS 1.2	Terraform	EventHubNamespaceMinTLS12.py
2217	CKV_AZURE_224	resource	azurerm_mssql_database	Ensure that the Ledger feature is enabled on database that requires cryptographic proof and nonrepudiation of data integrity	Terraform	SQLDatabaseLedgerEnabled.py
2218	CKV_AZURE_225	resource	Microsoft.Web/serverfarms	Ensure the App Service Plan is zone redundant	arm	AppServicePlanZoneRedundant.py
2219	CKV_AZURE_225	resource	Microsoft.Web/serverfarms	Ensure the App Service Plan is zone redundant	Bicep	AppServicePlanZoneRedundant.py
2220	CKV_AZURE_225	resource	azurerm_service_plan	Ensure the App Service Plan is zone redundant	Terraform	AppServicePlanZoneRedundant.py
2221	CKV_AZURE_226	resource	Microsoft.ContainerService/managedClusters	Ensure ephemeral disks are used for OS disks	arm	AKSEphemeralOSDisks.py
2222	CKV_AZURE_226	resource	Microsoft.ContainerService/managedClusters	Ensure ephemeral disks are used for OS disks	Bicep	AKSEphemeralOSDisks.py
2223	CKV_AZURE_226	resource	azurerm_kubernetes_cluster	Ensure ephemeral disks are used for OS disks	Terraform	AKSEphemeralOSDisks.py
2224	CKV_AZURE_227	resource	Microsoft.ContainerService/managedClusters	Ensure that the AKS cluster encrypt temp disks, caches, and data flows between Compute and Storage resources	arm	AKSEncryptionAtHostEnabled.py
2225	CKV_AZURE_227	resource	Microsoft.ContainerService/managedClusters	Ensure that the AKS cluster encrypt temp disks, caches, and data flows between Compute and Storage resources	Bicep	AKSEncryptionAtHostEnabled.py
2226	CKV_AZURE_227	resource	Microsoft.ContainerService/managedClusters/agentPools	Ensure that the AKS cluster encrypt temp disks, caches, and data flows between Compute and Storage resources	arm	AKSEncryptionAtHostEnabled.py
2227	CKV_AZURE_227	resource	Microsoft.ContainerService/managedClusters/agentPools	Ensure that the AKS cluster encrypt temp disks, caches, and data flows between Compute and Storage resources	Bicep	AKSEncryptionAtHostEnabled.py
2228	CKV_AZURE_227	resource	azurerm_kubernetes_cluster	Ensure that the AKS cluster encrypt temp disks, caches, and data flows between Compute and Storage resources	Terraform	AKSEncryptionAtHostEnabled.py
2229	CKV_AZURE_227	resource	azurerm_kubernetes_cluster_node_pool	Ensure that the AKS cluster encrypt temp disks, caches, and data flows between Compute and Storage resources	Terraform	AKSEncryptionAtHostEnabled.py
2230	CKV_AZURE_228	resource	azurerm_eventhub_namespace	Ensure the Azure Event Hub Namespace is zone redundant	Terraform	EventHubNamespaceZoneRedundant.py
2231	CKV_AZURE_229	resource	Microsoft.Sql/servers/databases	Ensure the Azure SQL Database Namespace is zone redundant	arm	SQLDatabaseZoneRedundant.py
2232	CKV_AZURE_229	resource	Microsoft.Sql/servers/databases	Ensure the Azure SQL Database Namespace is zone redundant	Bicep	SQLDatabaseZoneRedundant.py
2233	CKV_AZURE_229	resource	azurerm_mssql_database	Ensure the Azure SQL Database Namespace is zone redundant	Terraform	SQLDatabaseZoneRedundant.py
2234	CKV_AZURE_230	resource	azurerm_redis_cache	Standard Replication should be enabled	Terraform	RedisCacheStandardReplicationEnabled.py
2235	CKV_AZURE_231	resource	azurerm_app_service_environment_v3	Ensure App Service Environment is zone redundant	Terraform	AppServiceEnvironmentZoneRedundant.py
2236	CKV_AZURE_232	resource	azurerm_kubernetes_cluster	Ensure that only critical system pods run on system nodes	Terraform	AKSOnlyCriticalPodsOnSystemNodes.py
2237	CKV_AZURE_233	resource	Microsoft.ContainerRegistry/registries	Ensure Azure Container Registry (ACR) is zone redundant	arm	ACREnableZoneRedundancy.py
2238	CKV_AZURE_233	resource	Microsoft.ContainerRegistry/registries	Ensure Azure Container Registry (ACR) is zone redundant	Bicep	ACREnableZoneRedundancy.py
2239	CKV_AZURE_233	resource	Microsoft.ContainerRegistry/registries/replications	Ensure Azure Container Registry (ACR) is zone redundant	arm	ACREnableZoneRedundancy.py
2240	CKV_AZURE_233	resource	Microsoft.ContainerRegistry/registries/replications	Ensure Azure Container Registry (ACR) is zone redundant	Bicep	ACREnableZoneRedundancy.py
2241	CKV_AZURE_233	resource	azurerm_container_registry	Ensure Azure Container Registry (ACR) is zone redundant	Terraform	ACREnableZoneRedundancy.py
2242	CKV_AZURE_234	resource	azurerm_security_center_subscription_pricing	Ensure that Azure Defender for cloud is set to On for Resource Manager	Terraform	AzureDefenderDisabledForResManager.py
2243	CKV_AZURE_235	resource	azurerm_container_group	Ensure that Azure container environment variables are configured with secure values only	Terraform	AzureContainerInstanceEnvVarSecureValueType.py
2244	CKV_AZURE_236	resource	Microsoft.CognitiveServices/accounts	Ensure that Cognitive Services accounts disable local authentication	arm	CognitiveServicesEnableLocalAuth.py
2245	CKV_AZURE_236	resource	Microsoft.CognitiveServices/accounts	Ensure that Cognitive Services accounts disable local authentication	Bicep	CognitiveServicesEnableLocalAuth.py
2246	CKV_AZURE_236	resource	azurerm_cognitive_account	Ensure that Cognitive Services accounts disable local authentication	Terraform	CognitiveServicesEnableLocalAuth.py
2247	CKV_AZURE_237	resource	azurerm_container_registry	Ensure dedicated data endpoints are enabled.	Terraform	ACRDedicatedDataEndpointEnabled.py
2248	CKV_AZURE_238	resource	Microsoft.CognitiveServices/accounts	Ensure that all Azure Cognitive Services accounts are configured with a managed identity	arm	CognitiveServicesConfigureIdentity.py
2249	CKV_AZURE_238	resource	Microsoft.CognitiveServices/accounts	Ensure that all Azure Cognitive Services accounts are configured with a managed identity	Bicep	CognitiveServicesConfigureIdentity.py
2250	CKV_AZURE_238	resource	azurerm_cognitive_account	Ensure that all Azure Cognitive Services accounts are configured with a managed identity	Terraform	CognitiveServicesConfigureIdentity.py
2251	CKV_AZURE_239	resource	Microsoft.Synapse/workspaces	Ensure Azure Synapse Workspace administrator login password is not exposed	arm	SynapseWorkspaceAdministratorLoginPasswordHidden.py
2252	CKV_AZURE_239	resource	Microsoft.Synapse/workspaces	Ensure Azure Synapse Workspace administrator login password is not exposed	Bicep	SynapseWorkspaceAdministratorLoginPasswordHidden.py
2253	CKV_AZURE_239	resource	azurerm_synapse_workspace	Ensure Azure Synapse Workspace administrator login password is not exposed	Terraform	SynapseWorkspaceAdministratorLoginPasswordHidden.py
2254	CKV_AZURE_240	resource	Microsoft.Synapse/workspaces	Ensure Azure Synapse Workspace is encrypted with a CMK	arm	SynapseWorkspaceCMKEncryption.py
2255	CKV_AZURE_240	resource	Microsoft.Synapse/workspaces	Ensure Azure Synapse Workspace is encrypted with a CMK	Bicep	SynapseWorkspaceCMKEncryption.py
2256	CKV_AZURE_240	resource	azurerm_synapse_workspace	Ensure Azure Synapse Workspace is encrypted with a CMK	Terraform	SynapseWorkspaceCMKEncryption.py
2257	CKV_AZURE_241	resource	azurerm_synapse_sql_pool	Ensure Synapse SQL pools are encrypted	Terraform	SynapseSQLPoolDataEncryption.py
2258	CKV_AZURE_242	resource	Microsoft.Synapse/workspaces/bigDataPools	Ensure isolated compute is enabled for Synapse Spark pools	arm	AzureSparkPoolIsolatedComputeEnabled.py
2259	CKV_AZURE_242	resource	Microsoft.Synapse/workspaces/bigDataPools	Ensure isolated compute is enabled for Synapse Spark pools	Bicep	AzureSparkPoolIsolatedComputeEnabled.py
2260	CKV_AZURE_242	resource	azurerm_synapse_spark_pool	Ensure isolated compute is enabled for Synapse Spark pools	Terraform	AzureSparkPoolIsolatedComputeEnabled.py
2261	CKV_AZURE_243	resource	Microsoft.MachineLearningServices/workspaces	Ensure Azure Machine learning workspace is configured with private endpoint	arm	AzureMLWorkspacePrivateEndpoint.py
2262	CKV_AZURE_243	resource	Microsoft.MachineLearningServices/workspaces	Ensure Azure Machine learning workspace is configured with private endpoint	Bicep	AzureMLWorkspacePrivateEndpoint.py
2263	CKV_AZURE_244	resource	azurerm_storage_account	Avoid the use of local users for Azure Storage unless necessary	Terraform	StorageLocalUsers.py
2264	CKV2_AZURE_1	resource	azurerm_storage_account	Ensure storage for critical data are encrypted with Customer Managed Key	Terraform	StorageCriticalDataEncryptedCMK.yaml
2265	CKV2_AZURE_2	resource	azurerm_mssql_server_security_alert_policy	Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account	Terraform	VAisEnabledInStorageAccount.yaml
2266	CKV2_AZURE_2	resource	azurerm_sql_server	Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account	Terraform	VAisEnabledInStorageAccount.yaml
2267	CKV2_AZURE_3	resource	azurerm_mssql_server	Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server	Terraform	VAsetPeriodicScansOnSQL.yaml
2268	CKV2_AZURE_3	resource	azurerm_mssql_server_security_alert_policy	Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server	Terraform	VAsetPeriodicScansOnSQL.yaml
2269	CKV2_AZURE_3	resource	azurerm_mssql_server_vulnerability_assessment	Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server	Terraform	VAsetPeriodicScansOnSQL.yaml
2270	CKV2_AZURE_3	resource	azurerm_sql_server	Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server	Terraform	VAsetPeriodicScansOnSQL.yaml
2271	CKV2_AZURE_4	resource	azurerm_mssql_server	Ensure Azure SQL server ADS VA Send scan reports to is configured	Terraform	VAconfiguredToSendReports.yaml
2272	CKV2_AZURE_4	resource	azurerm_mssql_server_security_alert_policy	Ensure Azure SQL server ADS VA Send scan reports to is configured	Terraform	VAconfiguredToSendReports.yaml
2273	CKV2_AZURE_4	resource	azurerm_mssql_server_vulnerability_assessment	Ensure Azure SQL server ADS VA Send scan reports to is configured	Terraform	VAconfiguredToSendReports.yaml
2274	CKV2_AZURE_4	resource	azurerm_sql_server	Ensure Azure SQL server ADS VA Send scan reports to is configured	Terraform	VAconfiguredToSendReports.yaml
2275	CKV2_AZURE_5	resource	azurerm_mssql_server	Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server	Terraform	VAconfiguredToSendReportsToAdmins.yaml
2276	CKV2_AZURE_5	resource	azurerm_mssql_server_security_alert_policy	Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server	Terraform	VAconfiguredToSendReportsToAdmins.yaml
2277	CKV2_AZURE_5	resource	azurerm_mssql_server_vulnerability_assessment	Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server	Terraform	VAconfiguredToSendReportsToAdmins.yaml
2278	CKV2_AZURE_5	resource	azurerm_sql_server	Ensure that VA setting ‘Also send email notifications to admins and subscription owners’ is set for a SQL server	Terraform	VAconfiguredToSendReportsToAdmins.yaml
2279	CKV2_AZURE_6	resource	azurerm_sql_firewall_rule	Ensure ‘Allow access to Azure services’ for PostgreSQL Database Server is disabled	Terraform	AccessToPostgreSQLFromAzureServicesIsDisabled.yaml
2280	CKV2_AZURE_6	resource	azurerm_sql_server	Ensure ‘Allow access to Azure services’ for PostgreSQL Database Server is disabled	Terraform	AccessToPostgreSQLFromAzureServicesIsDisabled.yaml
2281	CKV2_AZURE_7	resource	azurerm_sql_server	Ensure that Azure Active Directory Admin is configured	Terraform	AzureActiveDirectoryAdminIsConfigured.yaml
2282	CKV2_AZURE_8	resource	azurerm_monitor_activity_log_alert	Ensure the storage container storing the activity logs is not publicly accessible	Terraform	StorageContainerActivityLogsNotPublic.yaml
2283	CKV2_AZURE_8	resource	azurerm_storage_account	Ensure the storage container storing the activity logs is not publicly accessible	Terraform	StorageContainerActivityLogsNotPublic.yaml
2284	CKV2_AZURE_8	resource	azurerm_storage_container	Ensure the storage container storing the activity logs is not publicly accessible	Terraform	StorageContainerActivityLogsNotPublic.yaml
2285	CKV2_AZURE_9	resource	azurerm_virtual_machine	Ensure Virtual Machines are utilizing Managed Disks	Terraform	VirtualMachinesUtilizingManagedDisks.yaml
2286	CKV2_AZURE_10	resource	azurerm_virtual_machine	Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines	Terraform	AzureAntimalwareIsConfiguredWithAutoUpdatesForVMs.yaml
2287	CKV2_AZURE_10	resource	azurerm_virtual_machine_extension	Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines	Terraform	AzureAntimalwareIsConfiguredWithAutoUpdatesForVMs.yaml
2288	CKV2_AZURE_11	resource	azurerm_kusto_cluster	Ensure that Azure Data Explorer encryption at rest uses a customer-managed key	Terraform	DataExplorerEncryptionUsesCustomKey.yaml
2289	CKV2_AZURE_12	resource	azurerm_virtual_machine	Ensure that virtual machines are backed up using Azure Backup	Terraform	VMHasBackUpMachine.yaml
2290	CKV2_AZURE_13	resource	azurerm_mssql_server_security_alert_policy	Ensure that sql servers enables data security policy	Terraform	AzureMSSQLServerHasSecurityAlertPolicy.yaml
2291	CKV2_AZURE_13	resource	azurerm_sql_server	Ensure that sql servers enables data security policy	Terraform	AzureMSSQLServerHasSecurityAlertPolicy.yaml
2292	CKV2_AZURE_14	resource	azurerm_managed_disk	Ensure that Unattached disks are encrypted	Terraform	AzureUnattachedDisksAreEncrypted.yaml
2293	CKV2_AZURE_14	resource	azurerm_virtual_machine	Ensure that Unattached disks are encrypted	Terraform	AzureUnattachedDisksAreEncrypted.yaml
2294	CKV2_AZURE_15	resource	azurerm_data_factory	Ensure that Azure data factories are encrypted with a customer-managed key	Terraform	AzureDataFactoriesEncryptedWithCustomerManagedKey.yaml
2295	CKV2_AZURE_16	resource	azurerm_mysql_server	Ensure that MySQL server enables customer-managed key for encryption	Terraform	MSQLenablesCustomerManagedKey.yaml
2296	CKV2_AZURE_16	resource	azurerm_mysql_server_key	Ensure that MySQL server enables customer-managed key for encryption	Terraform	MSQLenablesCustomerManagedKey.yaml
2297	CKV2_AZURE_17	resource	azurerm_postgresql_server	Ensure that PostgreSQL server enables customer-managed key for encryption	Terraform	PGSQLenablesCustomerManagedKey.yaml
2298	CKV2_AZURE_17	resource	azurerm_postgresql_server_key	Ensure that PostgreSQL server enables customer-managed key for encryption	Terraform	PGSQLenablesCustomerManagedKey.yaml
2299	CKV2_AZURE_19	resource	Microsoft.Synapse/workspaces	Ensure that Azure Synapse workspaces have no IP firewall rules attached	arm	AzureSynapseWorkspacesHaveNoIPFirewallRulesAttached.py
2300	CKV2_AZURE_19	resource	Microsoft.Synapse/workspaces	Ensure that Azure Synapse workspaces have no IP firewall rules attached	Bicep	AzureSynapseWorkspacesHaveNoIPFirewallRulesAttached.py
2301	CKV2_AZURE_19	resource	azurerm_synapse_workspace	Ensure that Azure Synapse workspaces have no IP firewall rules attached	Terraform	AzureSynapseWorkspacesHaveNoIPFirewallRulesAttached.yaml
2302	CKV2_AZURE_20	resource	azurerm_log_analytics_storage_insights	Ensure Storage logging is enabled for Table service for read requests	Terraform	StorageLoggingIsEnabledForTableService.yaml
2303	CKV2_AZURE_20	resource	azurerm_storage_account	Ensure Storage logging is enabled for Table service for read requests	Terraform	StorageLoggingIsEnabledForTableService.yaml
2304	CKV2_AZURE_20	resource	azurerm_storage_table	Ensure Storage logging is enabled for Table service for read requests	Terraform	StorageLoggingIsEnabledForTableService.yaml
2305	CKV2_AZURE_21	resource	azurerm_log_analytics_storage_insights	Ensure Storage logging is enabled for Blob service for read requests	Terraform	StorageLoggingIsEnabledForBlobService.yaml
2306	CKV2_AZURE_21	resource	azurerm_storage_account	Ensure Storage logging is enabled for Blob service for read requests	Terraform	StorageLoggingIsEnabledForBlobService.yaml
2307	CKV2_AZURE_21	resource	azurerm_storage_container	Ensure Storage logging is enabled for Blob service for read requests	Terraform	StorageLoggingIsEnabledForBlobService.yaml
2308	CKV2_AZURE_22	resource	azurerm_cognitive_account	Ensure that Cognitive Services enables customer-managed key for encryption	Terraform	CognitiveServicesCustomerManagedKey.yaml
2309	CKV2_AZURE_22	resource	azurerm_cognitive_account_customer_managed_key	Ensure that Cognitive Services enables customer-managed key for encryption	Terraform	CognitiveServicesCustomerManagedKey.yaml
2310	CKV2_AZURE_23	resource	Microsoft.AppPlatform/Spring	Ensure Azure spring cloud is configured with Virtual network (Vnet)	arm	AzureSpringCloudConfigWithVnet.yaml
2311	CKV2_AZURE_23	resource	azurerm_spring_cloud_service	Ensure Azure spring cloud is configured with Virtual network (Vnet)	Terraform	AzureSpringCloudConfigWithVnet.yaml
2312	CKV2_AZURE_24	resource	azurerm_automation_account	Ensure Azure automation account does NOT have overly permissive network access	Terraform	AzureAutomationAccNotOverlyPermissiveNetAccess.yaml
2313	CKV2_AZURE_25	resource	azurerm_mssql_database	Ensure Azure SQL database Transparent Data Encryption (TDE) is enabled	Terraform	AzureSqlDbEnableTransparentDataEncryption.yaml
2314	CKV2_AZURE_26	resource	azurerm_postgresql_flexible_server_firewall_rule	Ensure Azure PostgreSQL Flexible server is not configured with overly permissive network access	Terraform	AzurePostgreSQLFlexServerNotOverlyPermissive.yaml
2315	CKV2_AZURE_27	resource	Microsoft.Sql/servers	Ensure Azure AD authentication is enabled for Azure SQL (MSSQL)	arm	SQLServerUsesADAuth.py
2316	CKV2_AZURE_27	resource	Microsoft.Sql/servers	Ensure Azure AD authentication is enabled for Azure SQL (MSSQL)	Bicep	SQLServerUsesADAuth.py
2317	CKV2_AZURE_27	resource	azurerm_mssql_server	Ensure Azure AD authentication is enabled for Azure SQL (MSSQL)	Terraform	AzureConfigMSSQLwithAD.yaml
2318	CKV2_AZURE_28	resource	azurerm_container_group	Ensure Container Instance is configured with managed identity	Terraform	AzureContainerInstanceconfigManagedIdentity.yaml
2319	CKV2_AZURE_29	resource	azurerm_kubernetes_cluster	Ensure AKS cluster has Azure CNI networking enabled	Terraform	AzureAKSclusterAzureCNIEnabled.yaml
2320	CKV2_AZURE_30	resource	azurerm_container_registry_webhook	Ensure Azure Container Registry (ACR) has HTTPS enabled for webhook	Terraform	AzureACR_HTTPSwebhook.yaml
2321	CKV2_AZURE_31	resource	azurerm_subnet	Ensure VNET subnet is configured with a Network Security Group (NSG)	Terraform	AzureSubnetConfigWithNSG.yaml
2322	CKV2_AZURE_32	resource	azurerm_key_vault	Ensure private endpoint is configured to key vault	Terraform	AzureKeyVaultConfigPrivateEndpoint.yaml
2323	CKV2_AZURE_33	resource	azurerm_storage_account	Ensure storage account is configured with private endpoint	Terraform	AzureStorageAccConfigWithPrivateEndpoint.yaml
2324	CKV2_AZURE_34	resource	azurerm_sql_firewall_rule	Ensure Azure SQL server firewall is not overly permissive	Terraform	AzureSQLserverNotOverlyPermissive.yaml
2325	CKV2_AZURE_35	resource	azurerm_recovery_services_vault	Ensure Azure recovery services vault is configured with managed identity	Terraform	AzureRecoveryServicesvaultConfigManagedIdentity.yaml
2326	CKV2_AZURE_36	resource	azurerm_automation_account	Ensure Azure automation account is configured with managed identity	Terraform	AzureAutomationAccConfigManagedIdentity.yaml
2327	CKV2_AZURE_37	resource	azurerm_mariadb_server	Ensure Azure MariaDB server is using latest TLS (1.2)	Terraform	AzureMariaDBserverUsingTLS_1_2.yaml
2328	CKV2_AZURE_38	resource	azurerm_storage_account	Ensure soft-delete is enabled on Azure storage account	Terraform	AzureStorageAccountEnableSoftDelete.yaml
2329	CKV2_AZURE_39	resource	azurerm_linux_virtual_machine	Ensure Azure VM is not configured with public IP and serial console access	Terraform	AzureVMconfigPublicIP_SerialConsoleAccess.yaml
2330	CKV2_AZURE_39	resource	azurerm_network_interface	Ensure Azure VM is not configured with public IP and serial console access	Terraform	AzureVMconfigPublicIP_SerialConsoleAccess.yaml
2331	CKV2_AZURE_39	resource	azurerm_virtual_machine	Ensure Azure VM is not configured with public IP and serial console access	Terraform	AzureVMconfigPublicIP_SerialConsoleAccess.yaml
2332	CKV2_AZURE_39	resource	azurerm_windows_virtual_machine	Ensure Azure VM is not configured with public IP and serial console access	Terraform	AzureVMconfigPublicIP_SerialConsoleAccess.yaml
2333	CKV2_AZURE_40	resource	azurerm_storage_account	Ensure storage account is not configured with Shared Key authorization	Terraform	AzureStorageAccConfigSharedKeyAuth.yaml
2334	CKV2_AZURE_41	resource	azurerm_storage_account	Ensure storage account is configured with SAS expiration policy	Terraform	AzureStorageAccConfig_SAS_expirePolicy.yaml
2335	CKV2_AZURE_42	resource	azurerm_postgresql_server	Ensure Azure PostgreSQL server is configured with private endpoint	Terraform	AzurePostgreSQLserverConfigPrivEndpt.yaml
2336	CKV2_AZURE_43	resource	azurerm_mariadb_server	Ensure Azure MariaDB server is configured with private endpoint	Terraform	AzureMariaDBserverConfigPrivEndpt.yaml
2337	CKV2_AZURE_44	resource	azurerm_mysql_server	Ensure Azure MySQL server is configured with private endpoint	Terraform	AzureMySQLserverConfigPrivEndpt.yaml
2338	CKV2_AZURE_45	resource	azurerm_mssql_server	Ensure Microsoft SQL server is configured with private endpoint	Terraform	AzureMSSQLserverConfigPrivEndpt.yaml
2339	CKV2_AZURE_46	resource	Microsoft.Synapse/workspaces/vulnerabilityAssessments	Ensure that Azure Synapse Workspace vulnerability assessment is enabled	arm	AzureSynapseWorkspaceVAisEnabled.py
2340	CKV2_AZURE_46	resource	Microsoft.Synapse/workspaces/vulnerabilityAssessments	Ensure that Azure Synapse Workspace vulnerability assessment is enabled	Bicep	AzureSynapseWorkspaceVAisEnabled.py
2341	CKV2_AZURE_46	resource	azurerm_synapse_workspace_security_alert_policy	Ensure that Azure Synapse Workspace vulnerability assessment is enabled	Terraform	AzureSynapseWorkspaceVAisEnabled.yaml
2342	CKV2_AZURE_46	resource	azurerm_synapse_workspace_vulnerability_assessment	Ensure that Azure Synapse Workspace vulnerability assessment is enabled	Terraform	AzureSynapseWorkspaceVAisEnabled.yaml
2343	CKV2_AZURE_47	resource	azurerm_storage_account	Ensure storage account is configured without blob anonymous access	Terraform	AzureStorageAccConfigWithoutBlobAnonymousAccess.yaml
2344	CKV2_AZURE_48	resource	Microsoft.Databricks/workspaces	Ensure that Databricks Workspaces enables customer-managed key for root DBFS encryption	arm	DatabricksWorkspaceDBFSRootEncryptedWithCustomerManagedKey.py
2345	CKV2_AZURE_48	resource	Microsoft.Databricks/workspaces	Ensure that Databricks Workspaces enables customer-managed key for root DBFS encryption	Bicep	DatabricksWorkspaceDBFSRootEncryptedWithCustomerManagedKey.py
2346	CKV2_AZURE_48	resource	azurerm_databricks_workspace	Ensure that Databricks Workspaces enables customer-managed key for root DBFS encryption	Terraform	DatabricksWorkspaceDBFSRootEncryptedWithCustomerManagedKey.yaml
2347	CKV2_AZURE_49	resource	Microsoft.MachineLearningServices/workspaces	Ensure that Azure Machine learning workspace is not configured with overly permissive network access	arm	AzureMLWorkspacePublicNetwork.yaml
2348	CKV2_AZURE_49	resource	azurerm_machine_learning_workspace	Ensure that Azure Machine learning workspace is not configured with overly permissive network access	Terraform	AzureMLWorkspacePublicNetwork.yaml
2349	CKV2_AZURE_50	resource	azurerm_machine_learning_workspace	Ensure Azure Storage Account storing Machine Learning workspace high business impact data is not publicly accessible	Terraform	AzureMLWorkspaceHBIPublicNetwork.yaml
2350	CKV2_AZURE_50	resource	azurerm_storage_account	Ensure Azure Storage Account storing Machine Learning workspace high business impact data is not publicly accessible	Terraform	AzureMLWorkspaceHBIPublicNetwork.yaml
2351	CKV2_AZURE_51	resource	Microsoft.Sql/servers/securityAlertPolicies	Ensure Synapse SQL Pool has a security alert policy	arm	SynapseSQLPoolHasSecurityAlertPolicy.yaml
2352	CKV2_AZURE_51	resource	Microsoft.Synapse/workspaces/sqlPools	Ensure Synapse SQL Pool has a security alert policy	arm	SynapseSQLPoolHasSecurityAlertPolicy.yaml
2353	CKV2_AZURE_51	resource	azurerm_synapse_sql_pool	Ensure Synapse SQL Pool has a security alert policy	Terraform	SynapseSQLPoolHasSecurityAlertPolicy.yaml
2354	CKV2_AZURE_51	resource	azurerm_synapse_sql_pool_security_alert_policy	Ensure Synapse SQL Pool has a security alert policy	Terraform	SynapseSQLPoolHasSecurityAlertPolicy.yaml
2355	CKV2_AZURE_52	resource	Microsoft.Sql/servers/securityAlertPolicies	Ensure Synapse SQL Pool has vulnerability assessment attached	arm	SynapseSQLPoolHasVulnerabilityAssessment.yaml
2356	CKV2_AZURE_52	resource	Microsoft.Sql/servers/vulnerabilityAssessments	Ensure Synapse SQL Pool has vulnerability assessment attached	arm	SynapseSQLPoolHasVulnerabilityAssessment.yaml
2357	CKV2_AZURE_52	resource	Microsoft.Synapse/workspaces/sqlPools	Ensure Synapse SQL Pool has vulnerability assessment attached	arm	SynapseSQLPoolHasVulnerabilityAssessment.yaml
2358	CKV2_AZURE_52	resource	azurerm_synapse_sql_pool	Ensure Synapse SQL Pool has vulnerability assessment attached	Terraform	SynapseSQLPoolHasVulnerabilityAssessment.yaml
2359	CKV2_AZURE_52	resource	azurerm_synapse_sql_pool_security_alert_policy	Ensure Synapse SQL Pool has vulnerability assessment attached	Terraform	SynapseSQLPoolHasVulnerabilityAssessment.yaml
2360	CKV2_AZURE_52	resource	azurerm_synapse_sql_pool_vulnerability_assessment	Ensure Synapse SQL Pool has vulnerability assessment attached	Terraform	SynapseSQLPoolHasVulnerabilityAssessment.yaml
2361	CKV2_AZURE_53	resource	Microsoft.Synapse/workspaces	Ensure Azure Synapse Workspace has extended audit logs	arm	SynapseWorkspaceHasExtendedAuditLogs.yaml
2362	CKV2_AZURE_53	resource	Microsoft.Synapse/workspaces/extendedAuditingPolicies	Ensure Azure Synapse Workspace has extended audit logs	arm	SynapseWorkspaceHasExtendedAuditLogs.yaml
2363	CKV2_AZURE_53	resource	azurerm_synapse_workspace	Ensure Azure Synapse Workspace has extended audit logs	Terraform	SynapseWorkspaceHasExtendedAuditLogs.yaml
2364	CKV2_AZURE_54	resource	Microsoft.Synapse/workspaces/sqlPools	Ensure log monitoring is enabled for Synapse SQL Pool	arm	SynapseLogMonitoringEnabledForSQLPool.yaml
2365	CKV2_AZURE_54	resource	Microsoft.Synapse/workspaces/sqlPools/auditingSettings	Ensure log monitoring is enabled for Synapse SQL Pool	arm	SynapseLogMonitoringEnabledForSQLPool.yaml
2366	CKV2_AZURE_54	resource	azurerm_synapse_sql_pool	Ensure log monitoring is enabled for Synapse SQL Pool	Terraform	SynapseLogMonitoringEnabledForSQLPool.yaml
2367	CKV2_AZURE_54	resource	azurerm_synapse_sql_pool_extended_auditing_policy	Ensure log monitoring is enabled for Synapse SQL Pool	Terraform	SynapseLogMonitoringEnabledForSQLPool.yaml
2368	CKV_AZUREPIPELINES_1	azure_pipelines	jobs	Ensure container job uses a non latest version tag	Azure Pipelines	ContainerLatestTag.py
2369	CKV_AZUREPIPELINES_1	azure_pipelines	stages[].jobs[]	Ensure container job uses a non latest version tag	Azure Pipelines	ContainerLatestTag.py
2370	CKV_AZUREPIPELINES_2	azure_pipelines	jobs	Ensure container job uses a version digest	Azure Pipelines	ContainerDigest.py
2371	CKV_AZUREPIPELINES_2	azure_pipelines	stages[].jobs[]	Ensure container job uses a version digest	Azure Pipelines	ContainerDigest.py
2372	CKV_AZUREPIPELINES_3	azure_pipelines	jobs[].steps[]	Ensure set variable is not marked as a secret	Azure Pipelines	SetSecretVariable.py
2373	CKV_AZUREPIPELINES_3	azure_pipelines	stages[].jobs[].steps[]	Ensure set variable is not marked as a secret	Azure Pipelines	SetSecretVariable.py
2374	CKV_AZUREPIPELINES_5	azure_pipelines	*.container[]	Detecting image usages in azure pipelines workflows	Azure Pipelines	DetectImagesUsage.py
2375	CKV_AZUREPIPELINES_5	azure_pipelines	jobs[]	Detecting image usages in azure pipelines workflows	Azure Pipelines	DetectImagesUsage.py
2376	CKV_AZUREPIPELINES_5	azure_pipelines	stages[].jobs[]	Detecting image usages in azure pipelines workflows	Azure Pipelines	DetectImagesUsage.py
2377	CKV_BCW_1	provider	bridgecrew	Ensure no hard coded API token exist in the provider	Terraform	credentials.py
2378	CKV_BITBUCKET_1	bitbucket_configuration	*	Merge requests should require at least 2 approvals	bitbucket_configuration	merge_requests_approvals.py
2379	CKV_BITBUCKETPIPELINES_1	bitbucket_pipelines	[{image:image,startline:startline,endline:endline}]	Ensure the pipeline image uses a non latest version tag	bitbucket_pipelines	latest_image.py
2380	CKV_BITBUCKETPIPELINES_1	bitbucket_pipelines	pipelines..[][][][].step.{image: image, startline: startline, endline:endline}	Ensure the pipeline image uses a non latest version tag	bitbucket_pipelines	latest_image.py
2381	CKV_BITBUCKETPIPELINES_1	bitbucket_pipelines	pipelines.default[].step.{image: image, startline: startline, endline:endline}	Ensure the pipeline image uses a non latest version tag	bitbucket_pipelines	latest_image.py
2382	CKV_CIRCLECIPIPELINES_1	circleci_pipelines	jobs.*.docker[].{image: image, startline: startline, endline:endline}	Ensure the pipeline image uses a non latest version tag	circleci_pipelines	latest_image.py
2383	CKV_CIRCLECIPIPELINES_2	circleci_pipelines	jobs.*.docker[].{image: image, startline: startline, endline:endline}	Ensure the pipeline image version is referenced via hash not arbitrary tag.	circleci_pipelines	image_version_not_hash.py
2384	CKV_CIRCLECIPIPELINES_3	circleci_pipelines	orbs.{orbs: @}	Ensure mutable development orbs are not used.	circleci_pipelines	prevent_development_orbs.py
2385	CKV_CIRCLECIPIPELINES_4	circleci_pipelines	orbs.{orbs: @}	Ensure unversioned volatile orbs are not used.	circleci_pipelines	prevent_volatile_orbs.py
2386	CKV_CIRCLECIPIPELINES_5	circleci_pipelines	jobs.*.steps[]	Suspicious use of netcat with IP address	circleci_pipelines	ReverseShellNetcat.py
2387	CKV_CIRCLECIPIPELINES_6	circleci_pipelines	jobs.*.steps[]	Ensure run commands are not vulnerable to shell injection	circleci_pipelines	ShellInjection.py
2388	CKV_CIRCLECIPIPELINES_7	circleci_pipelines	jobs.*.steps[]	Suspicious use of curl in run task	circleci_pipelines	SuspectCurlInScript.py
2389	CKV_CIRCLECIPIPELINES_8	circleci_pipelines	executors.*.docker[].{image: image, startline: startline, endline:endline}	Detecting image usages in circleci pipelines	circleci_pipelines	DetectImagesUsage.py
2390	CKV_CIRCLECIPIPELINES_8	circleci_pipelines	jobs.*.docker[].{image: image, startline: startline, endline:endline}	Detecting image usages in circleci pipelines	circleci_pipelines	DetectImagesUsage.py
2391	CKV_DIO_1	resource	digitalocean_spaces_bucket	Ensure the Spaces bucket has versioning enabled	Terraform	SpacesBucketVersioning.py
2392	CKV_DIO_2	resource	digitalocean_droplet	Ensure the droplet specifies an SSH key	Terraform	DropletSSHKeys.py
2393	CKV_DIO_3	resource	digitalocean_spaces_bucket	Ensure the Spaces bucket is private	Terraform	SpacesBucketPublicRead.py
2394	CKV_DIO_4	resource	digitalocean_firewall	Ensure the firewall ingress is not wide open	Terraform	FirewallIngressOpen.py
2395	CKV_DOCKER_1	dockerfile	EXPOSE	Ensure port 22 is not exposed	dockerfile	ExposePort22.py
2396	CKV_DOCKER_2	dockerfile	*	Ensure that HEALTHCHECK instructions have been added to container images	dockerfile	HealthcheckExists.py
2397	CKV_DOCKER_3	dockerfile	*	Ensure that a user for the container has been created	dockerfile	UserExists.py
2398	CKV_DOCKER_4	dockerfile	ADD	Ensure that COPY is used instead of ADD in Dockerfiles	dockerfile	AddExists.py
2399	CKV_DOCKER_5	dockerfile	RUN	Ensure update instructions are not use alone in the Dockerfile	dockerfile	UpdateNotAlone.py
2400	CKV_DOCKER_6	dockerfile	MAINTAINER	Ensure that LABEL maintainer is used instead of MAINTAINER (deprecated)	dockerfile	MaintainerExists.py
2401	CKV_DOCKER_7	dockerfile	FROM	Ensure the base image uses a non latest version tag	dockerfile	ReferenceLatestTag.py
2402	CKV_DOCKER_8	dockerfile	USER	Ensure the last USER is not root	dockerfile	RootUser.py
2403	CKV_DOCKER_9	dockerfile	RUN	Ensure that APT isn’t used	dockerfile	RunUsingAPT.py
2404	CKV_DOCKER_10	dockerfile	WORKDIR	Ensure that WORKDIR values are absolute paths	dockerfile	WorkdirIsAbsolute.py
2405	CKV_DOCKER_11	dockerfile	FROM	Ensure From Alias are unique for multistage builds.	dockerfile	AliasIsUnique.py
2406	CKV2_DOCKER_1	resource	RUN	Ensure that sudo isn’t used	dockerfile	RunUsingSudo.yaml
2407	CKV2_DOCKER_2	resource	RUN	Ensure that certificate validation isn’t disabled with curl	dockerfile	RunUnsafeCurl.yaml
2408	CKV2_DOCKER_3	resource	RUN	Ensure that certificate validation isn’t disabled with wget	dockerfile	RunUnsafeWget.yaml
2409	CKV2_DOCKER_4	resource	RUN	Ensure that certificate validation isn’t disabled with the pip ‘–trusted-host’ option	dockerfile	RunPipTrustedHost.yaml
2410	CKV2_DOCKER_5	resource	ARG	Ensure that certificate validation isn’t disabled with the PYTHONHTTPSVERIFY environmnet variable	dockerfile	EnvPythonHttpsVerify.yaml
2411	CKV2_DOCKER_5	resource	ENV	Ensure that certificate validation isn’t disabled with the PYTHONHTTPSVERIFY environmnet variable	dockerfile	EnvPythonHttpsVerify.yaml
2412	CKV2_DOCKER_5	resource	RUN	Ensure that certificate validation isn’t disabled with the PYTHONHTTPSVERIFY environmnet variable	dockerfile	EnvPythonHttpsVerify.yaml
2413	CKV2_DOCKER_6	resource	ARG	Ensure that certificate validation isn’t disabled with the NODE_TLS_REJECT_UNAUTHORIZED environmnet variable	dockerfile	EnvNodeTlsRejectUnauthorized.yaml
2414	CKV2_DOCKER_6	resource	ENV	Ensure that certificate validation isn’t disabled with the NODE_TLS_REJECT_UNAUTHORIZED environmnet variable	dockerfile	EnvNodeTlsRejectUnauthorized.yaml
2415	CKV2_DOCKER_6	resource	RUN	Ensure that certificate validation isn’t disabled with the NODE_TLS_REJECT_UNAUTHORIZED environmnet variable	dockerfile	EnvNodeTlsRejectUnauthorized.yaml
2416	CKV2_DOCKER_7	resource	RUN	Ensure that packages with untrusted or missing signatures are not used by apk via the ‘–allow-untrusted’ option	dockerfile	RunApkAllowUntrusted.yaml
2417	CKV2_DOCKER_8	resource	RUN	Ensure that packages with untrusted or missing signatures are not used by apt-get via the ‘–allow-unauthenticated’ option	dockerfile	RunAptGetAllowUnauthenticated.yaml
2418	CKV2_DOCKER_9	resource	RUN	Ensure that packages with untrusted or missing GPG signatures are not used by dnf, tdnf, or yum via the ‘–nogpgcheck’ option	dockerfile	RunYumNoGpgCheck.yaml
2419	CKV2_DOCKER_10	resource	RUN	Ensure that packages with untrusted or missing signatures are not used by rpm via the ‘–nodigest’, ‘–nosignature’, ‘–noverify’, or ‘–nofiledigest’ options	dockerfile	RunRpmNoSignature.yaml
2420	CKV2_DOCKER_11	resource	RUN	Ensure that the ‘–force-yes’ option is not used, as it disables signature validation and allows packages to be downgraded which can leave the system in a broken or inconsistent state	dockerfile	RunAptGetForceYes.yaml
2421	CKV2_DOCKER_12	resource	ARG	Ensure that certificate validation isn’t disabled for npm via the ‘NPM_CONFIG_STRICT_SSL’ environmnet variable	dockerfile	EnvNpmConfigStrictSsl.yaml
2422	CKV2_DOCKER_12	resource	ENV	Ensure that certificate validation isn’t disabled for npm via the ‘NPM_CONFIG_STRICT_SSL’ environmnet variable	dockerfile	EnvNpmConfigStrictSsl.yaml
2423	CKV2_DOCKER_12	resource	RUN	Ensure that certificate validation isn’t disabled for npm via the ‘NPM_CONFIG_STRICT_SSL’ environmnet variable	dockerfile	EnvNpmConfigStrictSsl.yaml
2424	CKV2_DOCKER_13	resource	RUN	Ensure that certificate validation isn’t disabled for npm or yarn by setting the option strict-ssl to false	dockerfile	RunNpmConfigSetStrictSsl.yaml
2425	CKV2_DOCKER_14	resource	ARG	Ensure that certificate validation isn’t disabled for git by setting the environment variable ‘GIT_SSL_NO_VERIFY’ to any value	dockerfile	EnvGitSslNoVerify.yaml
2426	CKV2_DOCKER_14	resource	ENV	Ensure that certificate validation isn’t disabled for git by setting the environment variable ‘GIT_SSL_NO_VERIFY’ to any value	dockerfile	EnvGitSslNoVerify.yaml
2427	CKV2_DOCKER_14	resource	RUN	Ensure that certificate validation isn’t disabled for git by setting the environment variable ‘GIT_SSL_NO_VERIFY’ to any value	dockerfile	EnvGitSslNoVerify.yaml
2428	CKV2_DOCKER_15	resource	RUN	Ensure that the yum and dnf package managers are not configured to disable SSL certificate validation via the ‘sslverify’ configuration option	dockerfile	RunYumConfigManagerSslVerify.yaml
2429	CKV2_DOCKER_16	resource	ARG	Ensure that certificate validation isn’t disabled with pip via the ‘PIP_TRUSTED_HOST’ environment variable	dockerfile	EnvPipTrustedHost.yaml
2430	CKV2_DOCKER_16	resource	ENV	Ensure that certificate validation isn’t disabled with pip via the ‘PIP_TRUSTED_HOST’ environment variable	dockerfile	EnvPipTrustedHost.yaml
2431	CKV2_DOCKER_16	resource	RUN	Ensure that certificate validation isn’t disabled with pip via the ‘PIP_TRUSTED_HOST’ environment variable	dockerfile	EnvPipTrustedHost.yaml
2432	CKV2_DOCKER_17	resource	RUN	Ensure that ‘chpasswd’ is not used to set or remove passwords	dockerfile	RunChpasswd.yaml
2433	CKV_GCP_1	resource	google_container_cluster	Ensure Stackdriver Logging is set to Enabled on Kubernetes Engine Clusters	Terraform	GKEClusterLogging.py
2434	CKV_GCP_2	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow unrestricted ssh access	Terraform	GoogleComputeFirewallUnrestrictedIngress22.py
2435	CKV_GCP_3	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow unrestricted rdp access	Terraform	GoogleComputeFirewallUnrestrictedIngress3389.py
2436	CKV_GCP_4	resource	google_compute_ssl_policy	Ensure no HTTPS or SSL proxy load balancers permit SSL policies with weak cipher suites	Terraform	GoogleComputeSSLPolicy.py
2437	CKV_GCP_6	resource	google_sql_database_instance	Ensure all Cloud SQL database instance requires all incoming connections to use SSL	Terraform	GoogleCloudSqlDatabaseRequireSsl.py
2438	CKV_GCP_7	resource	google_container_cluster	Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters	Terraform	GKEDisableLegacyAuth.py
2439	CKV_GCP_8	resource	google_container_cluster	Ensure Stackdriver Monitoring is set to Enabled on Kubernetes Engine Clusters	Terraform	GKEMonitoringEnabled.py
2440	CKV_GCP_9	resource	google_container_node_pool	Ensure ‘Automatic node repair’ is enabled for Kubernetes Clusters	Terraform	GKENodePoolAutoRepairEnabled.py
2441	CKV_GCP_10	resource	google_container_node_pool	Ensure ‘Automatic node upgrade’ is enabled for Kubernetes Clusters	Terraform	GKENodePoolAutoUpgradeEnabled.py
2442	CKV_GCP_11	resource	google_sql_database_instance	Ensure that Cloud SQL database Instances are not open to the world	Terraform	GoogleCloudSqlDatabasePubliclyAccessible.py
2443	CKV_GCP_12	resource	google_container_cluster	Ensure Network Policy is enabled on Kubernetes Engine Clusters	Terraform	GKENetworkPolicyEnabled.py
2444	CKV_GCP_13	resource	google_container_cluster	Ensure client certificate authentication to Kubernetes Engine Clusters is disabled	Terraform	GKEClientCertificateDisabled.py
2445	CKV_GCP_14	resource	google_sql_database_instance	Ensure all Cloud SQL database instance have backup configuration enabled	Terraform	GoogleCloudSqlBackupConfiguration.py
2446	CKV_GCP_15	resource	google_bigquery_dataset	Ensure that BigQuery datasets are not anonymously or publicly accessible	Terraform	GoogleBigQueryDatasetPublicACL.py
2447	CKV_GCP_16	resource	google_dns_managed_zone	Ensure that DNSSEC is enabled for Cloud DNS	Terraform	GoogleCloudDNSSECEnabled.py
2448	CKV_GCP_17	resource	google_dns_managed_zone	Ensure that RSASHA1 is not used for the zone-signing and key-signing keys in Cloud DNS DNSSEC	Terraform	GoogleCloudDNSKeySpecsRSASHA1.py
2449	CKV_GCP_18	resource	google_container_cluster	Ensure GKE Control Plane is not public	Terraform	GKEPublicControlPlane.py
2450	CKV_GCP_20	resource	google_container_cluster	Ensure master authorized networks is set to enabled in GKE clusters	Terraform	GKEMasterAuthorizedNetworksEnabled.py
2451	CKV_GCP_21	resource	google_container_cluster	Ensure Kubernetes Clusters are configured with Labels	Terraform	GKEHasLabels.py
2452	CKV_GCP_22	resource	google_container_node_pool	Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image	Terraform	GKEUseCosImage.py
2453	CKV_GCP_23	resource	google_container_cluster	Ensure Kubernetes Cluster is created with Alias IP ranges enabled	Terraform	GKEAliasIpEnabled.py
2454	CKV_GCP_24	resource	google_container_cluster	Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters	Terraform	GKEPodSecurityPolicyEnabled.py
2455	CKV_GCP_25	resource	google_container_cluster	Ensure Kubernetes Cluster is created with Private cluster enabled	Terraform	GKEPrivateClusterConfig.py
2456	CKV_GCP_26	resource	google_compute_subnetwork	Ensure that VPC Flow Logs is enabled for every subnet in a VPC Network	Terraform	GoogleSubnetworkLoggingEnabled.py
2457	CKV_GCP_27	resource	google_project	Ensure that the default network does not exist in a project	Terraform	GoogleProjectDefaultNetwork.py
2458	CKV_GCP_28	resource	google_storage_bucket_iam_binding	Ensure that Cloud Storage bucket is not anonymously or publicly accessible	Terraform	GoogleStorageBucketNotPublic.py
2459	CKV_GCP_28	resource	google_storage_bucket_iam_member	Ensure that Cloud Storage bucket is not anonymously or publicly accessible	Terraform	GoogleStorageBucketNotPublic.py
2460	CKV_GCP_29	resource	google_storage_bucket	Ensure that Cloud Storage buckets have uniform bucket-level access enabled	Terraform	GoogleStorageBucketUniformAccess.py
2461	CKV_GCP_30	resource	google_compute_instance	Ensure that instances are not configured to use the default service account	Terraform	GoogleComputeDefaultServiceAccount.py
2462	CKV_GCP_30	resource	google_compute_instance_from_template	Ensure that instances are not configured to use the default service account	Terraform	GoogleComputeDefaultServiceAccount.py
2463	CKV_GCP_30	resource	google_compute_instance_template	Ensure that instances are not configured to use the default service account	Terraform	GoogleComputeDefaultServiceAccount.py
2464	CKV_GCP_31	resource	google_compute_instance	Ensure that instances are not configured to use the default service account with full access to all Cloud APIs	Terraform	GoogleComputeDefaultServiceAccountFullAccess.py
2465	CKV_GCP_31	resource	google_compute_instance_from_template	Ensure that instances are not configured to use the default service account with full access to all Cloud APIs	Terraform	GoogleComputeDefaultServiceAccountFullAccess.py
2466	CKV_GCP_31	resource	google_compute_instance_template	Ensure that instances are not configured to use the default service account with full access to all Cloud APIs	Terraform	GoogleComputeDefaultServiceAccountFullAccess.py
2467	CKV_GCP_32	resource	google_compute_instance	Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances	Terraform	GoogleComputeBlockProjectSSH.py
2468	CKV_GCP_32	resource	google_compute_instance_from_template	Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances	Terraform	GoogleComputeBlockProjectSSH.py
2469	CKV_GCP_32	resource	google_compute_instance_template	Ensure ‘Block Project-wide SSH keys’ is enabled for VM instances	Terraform	GoogleComputeBlockProjectSSH.py
2470	CKV_GCP_33	resource	google_compute_project_metadata	Ensure oslogin is enabled for a Project	Terraform	GoogleComputeProjectOSLogin.py
2471	CKV_GCP_34	resource	google_compute_instance	Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances)	Terraform	GoogleComputeInstanceOSLogin.py
2472	CKV_GCP_34	resource	google_compute_instance_from_template	Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances)	Terraform	GoogleComputeInstanceOSLogin.py
2473	CKV_GCP_34	resource	google_compute_instance_template	Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in project metadata for all instances)	Terraform	GoogleComputeInstanceOSLogin.py
2474	CKV_GCP_35	resource	google_compute_instance	Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance	Terraform	GoogleComputeSerialPorts.py
2475	CKV_GCP_35	resource	google_compute_instance_from_template	Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance	Terraform	GoogleComputeSerialPorts.py
2476	CKV_GCP_35	resource	google_compute_instance_template	Ensure ‘Enable connecting to serial ports’ is not enabled for VM Instance	Terraform	GoogleComputeSerialPorts.py
2477	CKV_GCP_36	resource	google_compute_instance	Ensure that IP forwarding is not enabled on Instances	Terraform	GoogleComputeIPForward.py
2478	CKV_GCP_36	resource	google_compute_instance_from_template	Ensure that IP forwarding is not enabled on Instances	Terraform	GoogleComputeIPForward.py
2479	CKV_GCP_36	resource	google_compute_instance_template	Ensure that IP forwarding is not enabled on Instances	Terraform	GoogleComputeIPForward.py
2480	CKV_GCP_37	resource	google_compute_disk	Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	GoogleComputeDiskEncryption.py
2481	CKV_GCP_38	resource	google_compute_instance	Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	GoogleComputeBootDiskEncryption.py
2482	CKV_GCP_39	resource	google_compute_instance	Ensure Compute instances are launched with Shielded VM enabled	Terraform	GoogleComputeShieldedVM.py
2483	CKV_GCP_39	resource	google_compute_instance_from_template	Ensure Compute instances are launched with Shielded VM enabled	Terraform	GoogleComputeShieldedVM.py
2484	CKV_GCP_39	resource	google_compute_instance_template	Ensure Compute instances are launched with Shielded VM enabled	Terraform	GoogleComputeShieldedVM.py
2485	CKV_GCP_40	resource	google_compute_instance	Ensure that Compute instances do not have public IP addresses	Terraform	GoogleComputeExternalIP.py
2486	CKV_GCP_40	resource	google_compute_instance_from_template	Ensure that Compute instances do not have public IP addresses	Terraform	GoogleComputeExternalIP.py
2487	CKV_GCP_40	resource	google_compute_instance_template	Ensure that Compute instances do not have public IP addresses	Terraform	GoogleComputeExternalIP.py
2488	CKV_GCP_41	resource	google_project_iam_binding	Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level	Terraform	GoogleRoleServiceAccountUser.py
2489	CKV_GCP_41	resource	google_project_iam_member	Ensure that IAM users are not assigned the Service Account User or Service Account Token Creator roles at project level	Terraform	GoogleRoleServiceAccountUser.py
2490	CKV_GCP_42	resource	google_project_iam_member	Ensure that Service Account has no Admin privileges	Terraform	GoogleProjectAdminServiceAccount.py
2491	CKV_GCP_43	resource	google_kms_crypto_key	Ensure KMS encryption keys are rotated within a period of 90 days	Terraform	GoogleKMSRotationPeriod.py
2492	CKV_GCP_44	resource	google_folder_iam_binding	Ensure no roles that enable to impersonate and manage all service accounts are used at a folder level	Terraform	GoogleFolderImpersonationRole.py
2493	CKV_GCP_44	resource	google_folder_iam_member	Ensure no roles that enable to impersonate and manage all service accounts are used at a folder level	Terraform	GoogleFolderImpersonationRole.py
2494	CKV_GCP_45	resource	google_organization_iam_binding	Ensure no roles that enable to impersonate and manage all service accounts are used at an organization level	Terraform	GoogleOrgImpersonationRole.py
2495	CKV_GCP_45	resource	google_organization_iam_member	Ensure no roles that enable to impersonate and manage all service accounts are used at an organization level	Terraform	GoogleOrgImpersonationRole.py
2496	CKV_GCP_46	resource	google_project_iam_binding	Ensure Default Service account is not used at a project level	Terraform	GoogleProjectMemberDefaultServiceAccount.py
2497	CKV_GCP_46	resource	google_project_iam_member	Ensure Default Service account is not used at a project level	Terraform	GoogleProjectMemberDefaultServiceAccount.py
2498	CKV_GCP_47	resource	google_organization_iam_binding	Ensure default service account is not used at an organization level	Terraform	GoogleOrgMemberDefaultServiceAccount.py
2499	CKV_GCP_47	resource	google_organization_iam_member	Ensure default service account is not used at an organization level	Terraform	GoogleOrgMemberDefaultServiceAccount.py
2500	CKV_GCP_48	resource	google_folder_iam_binding	Ensure Default Service account is not used at a folder level	Terraform	GoogleFolderMemberDefaultServiceAccount.py
2501	CKV_GCP_48	resource	google_folder_iam_member	Ensure Default Service account is not used at a folder level	Terraform	GoogleFolderMemberDefaultServiceAccount.py
2502	CKV_GCP_49	resource	google_project_iam_binding	Ensure roles do not impersonate or manage Service Accounts used at project level	Terraform	GoogleProjectImpersonationRole.py
2503	CKV_GCP_49	resource	google_project_iam_member	Ensure roles do not impersonate or manage Service Accounts used at project level	Terraform	GoogleProjectImpersonationRole.py
2504	CKV_GCP_50	resource	google_sql_database_instance	Ensure MySQL database ‘local_infile’ flag is set to ‘off’	Terraform	GoogleCloudMySqlLocalInfileOff.py
2505	CKV_GCP_51	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_checkpoints’ flag is set to ‘on’	Terraform	GoogleCloudPostgreSqlLogCheckpoints.py
2506	CKV_GCP_52	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_connections’ flag is set to ‘on’	Terraform	GoogleCloudPostgreSqlLogConnection.py
2507	CKV_GCP_53	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_disconnections’ flag is set to ‘on’	Terraform	GoogleCloudPostgreSqlLogDisconnection.py
2508	CKV_GCP_54	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_lock_waits’ flag is set to ‘on’	Terraform	GoogleCloudPostgreSqlLogLockWaits.py
2509	CKV_GCP_55	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_min_messages’ flag is set to a valid value	Terraform	GoogleCloudPostgreSqlLogMinMessage.py
2510	CKV_GCP_56	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_temp_files flag is set to ‘0’	Terraform	GoogleCloudPostgreSqlLogTemp.py
2511	CKV_GCP_57	resource	google_sql_database_instance	Ensure PostgreSQL database ‘log_min_duration_statement’ flag is set to ‘-1’	Terraform	GoogleCloudPostgreSqlLogMinDuration.py
2512	CKV_GCP_58	resource	google_sql_database_instance	Ensure SQL database ‘cross db ownership chaining’ flag is set to ‘off’	Terraform	GoogleCloudSqlServerCrossDBOwnershipChaining.py
2513	CKV_GCP_59	resource	google_sql_database_instance	Ensure SQL database ‘contained database authentication’ flag is set to ‘off’	Terraform	GoogleCloudSqlServerContainedDBAuthentication.py
2514	CKV_GCP_60	resource	google_sql_database_instance	Ensure Cloud SQL database does not have public IP	Terraform	GoogleCloudSqlServerNoPublicIP.py
2515	CKV_GCP_61	resource	google_container_cluster	Enable VPC Flow Logs and Intranode Visibility	Terraform	GKEEnableVPCFlowLogs.py
2516	CKV_GCP_62	resource	google_storage_bucket	Bucket should log access	Terraform	CloudStorageLogging.py
2517	CKV_GCP_63	resource	google_storage_bucket	Bucket should not log to itself	Terraform	CloudStorageSelfLogging.py
2518	CKV_GCP_64	resource	google_container_cluster	Ensure clusters are created with Private Nodes	Terraform	GKEPrivateNodes.py
2519	CKV_GCP_65	resource	google_container_cluster	Manage Kubernetes RBAC users with Google Groups for GKE	Terraform	GKEKubernetesRBACGoogleGroups.py
2520	CKV_GCP_66	resource	google_container_cluster	Ensure use of Binary Authorization	Terraform	GKEBinaryAuthorization.py
2521	CKV_GCP_68	resource	google_container_cluster	Ensure Secure Boot for Shielded GKE Nodes is Enabled	Terraform	GKESecureBootforShieldedNodes.py
2522	CKV_GCP_68	resource	google_container_node_pool	Ensure Secure Boot for Shielded GKE Nodes is Enabled	Terraform	GKESecureBootforShieldedNodes.py
2523	CKV_GCP_69	resource	google_container_cluster	Ensure the GKE Metadata Server is Enabled	Terraform	GKEMetadataServerIsEnabled.py
2524	CKV_GCP_69	resource	google_container_node_pool	Ensure the GKE Metadata Server is Enabled	Terraform	GKEMetadataServerIsEnabled.py
2525	CKV_GCP_70	resource	google_container_cluster	Ensure the GKE Release Channel is set	Terraform	GKEReleaseChannel.py
2526	CKV_GCP_71	resource	google_container_cluster	Ensure Shielded GKE Nodes are Enabled	Terraform	GKEEnableShieldedNodes.py
2527	CKV_GCP_72	resource	google_container_cluster	Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled	Terraform	GKEEnsureIntegrityMonitoring.py
2528	CKV_GCP_72	resource	google_container_node_pool	Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled	Terraform	GKEEnsureIntegrityMonitoring.py
2529	CKV_GCP_73	resource	google_compute_security_policy	Ensure Cloud Armor prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell	Terraform	CloudArmorWAFACLCVE202144228.py
2530	CKV_GCP_74	resource	google_compute_subnetwork	Ensure that private_ip_google_access is enabled for Subnet	Terraform	GoogleSubnetworkPrivateGoogleEnabled.py
2531	CKV_GCP_75	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow unrestricted FTP access	Terraform	GoogleComputeFirewallUnrestrictedIngress21.py
2532	CKV_GCP_76	resource	google_compute_subnetwork	Ensure that Private google access is enabled for IPV6	Terraform	GoogleSubnetworkIPV6PrivateGoogleEnabled.py
2533	CKV_GCP_77	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow on ftp port	Terraform	GoogleComputeFirewallUnrestrictedIngress20.py
2534	CKV_GCP_78	resource	google_storage_bucket	Ensure Cloud storage has versioning enabled	Terraform	CloudStorageVersioningEnabled.py
2535	CKV_GCP_79	resource	google_sql_database_instance	Ensure SQL database is using latest Major version	Terraform	CloudSqlMajorVersion.py
2536	CKV_GCP_80	resource	google_bigquery_table	Ensure Big Query Tables are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	BigQueryTableEncryptedWithCMK.py
2537	CKV_GCP_81	resource	google_bigquery_dataset	Ensure Big Query Datasets are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	BigQueryDatasetEncryptedWithCMK.py
2538	CKV_GCP_82	resource	google_kms_crypto_key	Ensure KMS keys are protected from deletion	Terraform	GoogleKMSPreventDestroy.py
2539	CKV_GCP_83	resource	google_pubsub_topic	Ensure PubSub Topics are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	CloudPubSubEncryptedWithCMK.py
2540	CKV_GCP_84	resource	google_artifact_registry_repository	Ensure Artifact Registry Repositories are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	ArtifactRegsitryEncryptedWithCMK.py
2541	CKV_GCP_85	resource	google_bigtable_instance	Ensure Big Table Instances are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	BigTableInstanceEncryptedWithCMK.py
2542	CKV_GCP_86	resource	google_cloudbuild_worker_pool	Ensure Cloud build workers are private	Terraform	CloudBuildWorkersArePrivate.py
2543	CKV_GCP_87	resource	google_data_fusion_instance	Ensure Data fusion instances are private	Terraform	DataFusionPrivateInstance.py
2544	CKV_GCP_88	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow unrestricted mysql access	Terraform	GoogleComputeFirewallUnrestrictedIngress3306.py
2545	CKV_GCP_89	resource	google_notebooks_instance	Ensure Vertex AI instances are private	Terraform	VertexAIPrivateInstance.py
2546	CKV_GCP_90	resource	google_dataflow_job	Ensure data flow jobs are encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	DataflowJobEncryptedWithCMK.py
2547	CKV_GCP_91	resource	google_dataproc_cluster	Ensure Dataproc cluster is encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	DataprocClusterEncryptedWithCMK.py
2548	CKV_GCP_92	resource	google_vertex_ai_dataset	Ensure Vertex AI datasets uses a CMK (Customer Managed Key)	Terraform	VertexAIDatasetEncryptedWithCMK.py
2549	CKV_GCP_93	resource	google_spanner_database	Ensure Spanner Database is encrypted with Customer Supplied Encryption Keys (CSEK)	Terraform	SpannerDatabaseEncryptedWithCMK.py
2550	CKV_GCP_94	resource	google_dataflow_job	Ensure Dataflow jobs are private	Terraform	DataflowPrivateJob.py
2551	CKV_GCP_95	resource	google_redis_instance	Ensure Memorystore for Redis has AUTH enabled	Terraform	MemorystoreForRedisAuthEnabled.py
2552	CKV_GCP_96	resource	google_vertex_ai_metadata_store	Ensure Vertex AI Metadata Store uses a CMK (Customer Managed Key)	Terraform	VertexAIMetadataStoreEncryptedWithCMK.py
2553	CKV_GCP_97	resource	google_redis_instance	Ensure Memorystore for Redis uses intransit encryption	Terraform	MemorystoreForRedisInTransitEncryption.py
2554	CKV_GCP_98	resource	google_dataproc_cluster_iam_binding	Ensure that Dataproc clusters are not anonymously or publicly accessible	Terraform	DataprocPrivateCluster.py
2555	CKV_GCP_98	resource	google_dataproc_cluster_iam_member	Ensure that Dataproc clusters are not anonymously or publicly accessible	Terraform	DataprocPrivateCluster.py
2556	CKV_GCP_99	resource	google_pubsub_topic_iam_binding	Ensure that Pub/Sub Topics are not anonymously or publicly accessible	Terraform	PubSubPrivateTopic.py
2557	CKV_GCP_99	resource	google_pubsub_topic_iam_member	Ensure that Pub/Sub Topics are not anonymously or publicly accessible	Terraform	PubSubPrivateTopic.py
2558	CKV_GCP_100	resource	google_bigquery_table_iam_binding	Ensure that BigQuery Tables are not anonymously or publicly accessible	Terraform	BigQueryPrivateTable.py
2559	CKV_GCP_100	resource	google_bigquery_table_iam_member	Ensure that BigQuery Tables are not anonymously or publicly accessible	Terraform	BigQueryPrivateTable.py
2560	CKV_GCP_101	resource	google_artifact_registry_repository_iam_binding	Ensure that Artifact Registry repositories are not anonymously or publicly accessible	Terraform	ArtifactRegistryPrivateRepo.py
2561	CKV_GCP_101	resource	google_artifact_registry_repository_iam_member	Ensure that Artifact Registry repositories are not anonymously or publicly accessible	Terraform	ArtifactRegistryPrivateRepo.py
2562	CKV_GCP_102	resource	google_cloud_run_service_iam_binding	Ensure that GCP Cloud Run services are not anonymously or publicly accessible	Terraform	GCPCloudRunPrivateService.py
2563	CKV_GCP_102	resource	google_cloud_run_service_iam_member	Ensure that GCP Cloud Run services are not anonymously or publicly accessible	Terraform	GCPCloudRunPrivateService.py
2564	CKV_GCP_103	resource	google_dataproc_cluster	Ensure Dataproc Clusters do not have public IPs	Terraform	DataprocPublicIpCluster.py
2565	CKV_GCP_104	resource	google_data_fusion_instance	Ensure Datafusion has stack driver logging enabled	Terraform	DataFusionStackdriverLogs.py
2566	CKV_GCP_105	resource	google_data_fusion_instance	Ensure Datafusion has stack driver monitoring enabled	Terraform	DataFusionStackdriverMonitoring.py
2567	CKV_GCP_106	resource	google_compute_firewall	Ensure Google compute firewall ingress does not allow unrestricted http port 80 access	Terraform	GoogleComputeFirewallUnrestrictedIngress80.py
2568	CKV_GCP_107	resource	google_cloudfunctions2_function_iam_binding	Cloud functions should not be public	Terraform	CloudFunctionsShouldNotBePublic.py
2569	CKV_GCP_107	resource	google_cloudfunctions2_function_iam_member	Cloud functions should not be public	Terraform	CloudFunctionsShouldNotBePublic.py
2570	CKV_GCP_107	resource	google_cloudfunctions_function_iam_binding	Cloud functions should not be public	Terraform	CloudFunctionsShouldNotBePublic.py
2571	CKV_GCP_107	resource	google_cloudfunctions_function_iam_member	Cloud functions should not be public	Terraform	CloudFunctionsShouldNotBePublic.py
2572	CKV_GCP_108	resource	google_sql_database_instance	Ensure hostnames are logged for GCP PostgreSQL databases	Terraform	GoogleCloudPostgreSqlLogHostname.py
2573	CKV_GCP_109	resource	google_sql_database_instance	Ensure the GCP PostgreSQL database log levels are set to ERROR or lower	Terraform	GoogleCloudPostgreSqlLogMinErrorStatement.py
2574	CKV_GCP_110	resource	google_sql_database_instance	Ensure pgAudit is enabled for your GCP PostgreSQL database	Terraform	GoogleCloudPostgreSqlEnablePgaudit.py
2575	CKV_GCP_111	resource	google_sql_database_instance	Ensure GCP PostgreSQL logs SQL statements	Terraform	GoogleCloudPostgreSqlLogStatement.py
2576	CKV_GCP_112	resource	google_kms_crypto_key_iam_binding	Esnure KMS policy should not allow public access	Terraform	GoogleKMSKeyIsPublic.py
2577	CKV_GCP_112	resource	google_kms_crypto_key_iam_member	Esnure KMS policy should not allow public access	Terraform	GoogleKMSKeyIsPublic.py
2578	CKV_GCP_112	resource	google_kms_crypto_key_iam_policy	Esnure KMS policy should not allow public access	Terraform	GoogleKMSKeyIsPublic.py
2579	CKV_GCP_113	data	google_iam_policy	Ensure IAM policy should not define public access	Terraform	GooglePolicyIsPrivate.py
2580	CKV_GCP_114	resource	google_storage_bucket	Ensure public access prevention is enforced on Cloud Storage bucket	Terraform	GoogleStoragePublicAccessPrevention.py
2581	CKV_GCP_115	resource	google_organization_iam_binding	Ensure basic roles are not used at organization level.	Terraform	GoogleOrgBasicRole.py
2582	CKV_GCP_115	resource	google_organization_iam_member	Ensure basic roles are not used at organization level.	Terraform	GoogleOrgBasicRole.py
2583	CKV_GCP_116	resource	google_folder_iam_binding	Ensure basic roles are not used at folder level.	Terraform	GoogleFolderBasicRole.py
2584	CKV_GCP_116	resource	google_folder_iam_member	Ensure basic roles are not used at folder level.	Terraform	GoogleFolderBasicRole.py
2585	CKV_GCP_117	resource	google_project_iam_binding	Ensure basic roles are not used at project level.	Terraform	GoogleProjectBasicRole.py
2586	CKV_GCP_117	resource	google_project_iam_member	Ensure basic roles are not used at project level.	Terraform	GoogleProjectBasicRole.py
2587	CKV_GCP_118	resource	google_iam_workload_identity_pool_provider	Ensure IAM workload identity pool provider is restricted	Terraform	GoogleIAMWorkloadIdentityConditional.py
2588	CKV_GCP_119	resource	google_spanner_database	Ensure Spanner Database has deletion protection enabled	Terraform	SpannerDatabaseDeletionProtection.py
2589	CKV_GCP_120	resource	google_spanner_database	Ensure Spanner Database has drop protection enabled	Terraform	SpannerDatabaseDropProtection.py
2590	CKV_GCP_121	resource	google_bigquery_table	Ensure BigQuery tables have deletion protection enabled	Terraform	BigQueryTableDeletionProtection.py
2591	CKV_GCP_122	resource	google_bigtable_instance	Ensure Big Table Instances have deletion protection enabled	Terraform	BigTableInstanceDeletionProtection.py
2592	CKV_GCP_123	resource	google_container_cluster	GKE Don’t Use NodePools in the Cluster configuration	Terraform	GKEDontUseNodePools.py
2593	CKV_GCP_124	resource	google_cloudfunctions2_function	Ensure GCP Cloud Function is not configured with overly permissive Ingress setting	Terraform	CloudFunctionPermissiveIngress.py
2594	CKV_GCP_124	resource	google_cloudfunctions_function	Ensure GCP Cloud Function is not configured with overly permissive Ingress setting	Terraform	CloudFunctionPermissiveIngress.py
2595	CKV2_GCP_1	resource	google_project_default_service_accounts	Ensure GKE clusters are not running using the Compute Engine default service account	Terraform	GKEClustersAreNotUsingDefaultServiceAccount.yaml
2596	CKV2_GCP_2	resource	google_compute_network	Ensure legacy networks do not exist for a project	Terraform	GCPProjectHasNoLegacyNetworks.yaml
2597	CKV2_GCP_3	resource	google_service_account_key	Ensure that there are only GCP-managed service account keys for each service account	Terraform	ServiceAccountHasGCPmanagedKey.yaml
2598	CKV2_GCP_4	resource	google_logging_folder_sink	Ensure that retention policies on log buckets are configured using Bucket Lock	Terraform	GCPLogBucketsConfiguredUsingLock.yaml
2599	CKV2_GCP_4	resource	google_logging_organization_sink	Ensure that retention policies on log buckets are configured using Bucket Lock	Terraform	GCPLogBucketsConfiguredUsingLock.yaml
2600	CKV2_GCP_4	resource	google_logging_project_sink	Ensure that retention policies on log buckets are configured using Bucket Lock	Terraform	GCPLogBucketsConfiguredUsingLock.yaml
2601	CKV2_GCP_4	resource	google_storage_bucket	Ensure that retention policies on log buckets are configured using Bucket Lock	Terraform	GCPLogBucketsConfiguredUsingLock.yaml
2602	CKV2_GCP_5	resource	google_project	Ensure that Cloud Audit Logging is configured properly across all services and all users from a project	Terraform	GCPAuditLogsConfiguredForAllServicesAndUsers.yaml
2603	CKV2_GCP_5	resource	google_project_iam_audit_config	Ensure that Cloud Audit Logging is configured properly across all services and all users from a project	Terraform	GCPAuditLogsConfiguredForAllServicesAndUsers.yaml
2604	CKV2_GCP_6	resource	google_kms_crypto_key	Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible	Terraform	GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml
2605	CKV2_GCP_6	resource	google_kms_crypto_key_iam_binding	Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible	Terraform	GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml
2606	CKV2_GCP_6	resource	google_kms_crypto_key_iam_member	Ensure that Cloud KMS cryptokeys are not anonymously or publicly accessible	Terraform	GCPKMSCryptoKeysAreNotPubliclyAccessible.yaml
2607	CKV2_GCP_7	resource	google_sql_database_instance	Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges	Terraform	DisableAccessToSqlDBInstanceForRootUsersWithoutPassword.yaml
2608	CKV2_GCP_7	resource	google_sql_user	Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges	Terraform	DisableAccessToSqlDBInstanceForRootUsersWithoutPassword.yaml
2609	CKV2_GCP_8	resource	google_kms_key_ring	Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible	Terraform	GCPKMSKeyRingsAreNotPubliclyAccessible.yaml
2610	CKV2_GCP_8	resource	google_kms_key_ring_iam_binding	Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible	Terraform	GCPKMSKeyRingsAreNotPubliclyAccessible.yaml
2611	CKV2_GCP_8	resource	google_kms_key_ring_iam_member	Ensure that Cloud KMS Key Rings are not anonymously or publicly accessible	Terraform	GCPKMSKeyRingsAreNotPubliclyAccessible.yaml
2612	CKV2_GCP_9	resource	google_container_registry	Ensure that Container Registry repositories are not anonymously or publicly accessible	Terraform	GCPContainerRegistryReposAreNotPubliclyAccessible.yaml
2613	CKV2_GCP_9	resource	google_storage_bucket_iam_binding	Ensure that Container Registry repositories are not anonymously or publicly accessible	Terraform	GCPContainerRegistryReposAreNotPubliclyAccessible.yaml
2614	CKV2_GCP_9	resource	google_storage_bucket_iam_member	Ensure that Container Registry repositories are not anonymously or publicly accessible	Terraform	GCPContainerRegistryReposAreNotPubliclyAccessible.yaml
2615	CKV2_GCP_10	resource	google_cloudfunctions_function	Ensure GCP Cloud Function HTTP trigger is secured	Terraform	CloudFunctionSecureHTTPTrigger.yaml
2616	CKV2_GCP_11	resource	google_project_services	Ensure GCP GCR Container Vulnerability Scanning is enabled	Terraform	GCRContainerVulnerabilityScanningEnabled.yaml
2617	CKV2_GCP_12	resource	google_compute_firewall	Ensure GCP compute firewall ingress does not allow unrestricted access to all ports	Terraform	GCPComputeFirewallOverlyPermissiveToAllTraffic.yaml
2618	CKV2_GCP_13	resource	google_sql_database_instance	Ensure PostgreSQL database flag ‘log_duration’ is set to ‘on’	Terraform	GCPPostgreSQLDatabaseFlaglog_durationIsSetToON.yaml
2619	CKV2_GCP_14	resource	google_sql_database_instance	Ensure PostgreSQL database flag ‘log_executor_stats’ is set to ‘off’	Terraform	GCPPostgreSQLDatabaseFlaglog_executor_statsIsSetToOFF.yaml
2620	CKV2_GCP_15	resource	google_sql_database_instance	Ensure PostgreSQL database flag ‘log_parser_stats’ is set to ‘off’	Terraform	GCPPostgreSQLDatabaseFlaglog_parser_statsIsSetToOFF.yaml
2621	CKV2_GCP_16	resource	google_sql_database_instance	Ensure PostgreSQL database flag ‘log_planner_stats’ is set to ‘off’	Terraform	GCPPostgreSQLDatabaseFlaglog_planner_statsIsSetToOFF.yaml
2622	CKV2_GCP_17	resource	google_sql_database_instance	Ensure PostgreSQL database flag ‘log_statement_stats’ is set to ‘off’	Terraform	GCPPostgreSQLDatabaseFlaglog_statement_statsIsSetToOFF.yaml
2623	CKV2_GCP_18	resource	google_compute_network	Ensure GCP network defines a firewall and does not use the default firewall	Terraform	GCPNetworkDoesNotUseDefaultFirewall.yaml
2624	CKV2_GCP_19	resource	google_container_cluster	Ensure GCP Kubernetes engine clusters have ‘alpha cluster’ feature disabled	Terraform	GCPdisableAlphaClusterFeatureInKubernetesEngineClusters.yaml
2625	CKV2_GCP_20	resource	google_sql_database_instance	Ensure MySQL DB instance has point-in-time recovery backup configured	Terraform	GCPMySQLdbInstancePoint_In_TimeRecoveryBackupIsEnabled.yaml
2626	CKV2_GCP_21	resource	google_notebooks_instance	Ensure Vertex AI instance disks are encrypted with a Customer Managed Key (CMK)	Terraform	GCPVertexInstanceEncryptedWithCMK.yaml
2627	CKV2_GCP_22	resource	google_document_ai_processor	Ensure Document AI Processors are encrypted with a Customer Managed Key (CMK)	Terraform	GCPDocumentAIProcessorEncryptedWithCMK.yaml
2628	CKV2_GCP_23	resource	google_document_ai_warehouse_location	Ensure Document AI Warehouse Location is configured to use a Customer Managed Key (CMK)	Terraform	GCPDocumentAIWarehouseLocationEncryptedWithCMK.yaml
2629	CKV2_GCP_24	resource	google_vertex_ai_endpoint	Ensure Vertex AI endpoint uses a Customer Managed Key (CMK)	Terraform	GCPVertexAIEndpointEncryptedWithCMK.yaml
2630	CKV2_GCP_25	resource	google_vertex_ai_featurestore	Ensure Vertex AI featurestore uses a Customer Managed Key (CMK)	Terraform	GCPVertexAIFeaturestoreEncryptedWithCMK.yaml
2631	CKV2_GCP_26	resource	google_vertex_ai_tensorboard	Ensure Vertex AI tensorboard uses a Customer Managed Key (CMK)	Terraform	GCPVertexAITensorboardEncryptedWithCMK.yaml
2632	CKV2_GCP_27	resource	google_workbench_instance	Ensure Vertex AI workbench instance disks are encrypted with a Customer Managed Key (CMK)	Terraform	GCPVertexWorkbenchInstanceEncryptedWithCMK.yaml
2633	CKV2_GCP_28	resource	google_workbench_instance	Ensure Vertex AI workbench instances are private	Terraform	GCPVertexWorkbenchInstanceNoPublicIp.yaml
2634	CKV2_GCP_29	resource	google_dialogflow_agent	Ensure logging is enabled for Dialogflow agents	Terraform	GCPDialogFlowAgentLoggingEnabled.yaml
2635	CKV2_GCP_30	resource	google_dialogflow_cx_agent	Ensure logging is enabled for Dialogflow CX agents	Terraform	GCPDialogFlowCxAgentLoggingEnabled.yaml
2636	CKV2_GCP_31	resource	google_dialogflow_cx_webhook	Ensure logging is enabled for Dialogflow CX webhooks	Terraform	GCPDialogFlowCxWebhookLoggingEnabled.yaml
2637	CKV2_GCP_32	resource	google_tpu_v2_vm	Ensure TPU v2 is private	Terraform	GCPTpuV2VmPrivateEndpoint.yaml
2638	CKV2_GCP_33	resource	google_vertex_ai_endpoint	Ensure Vertex AI endpoint is private	Terraform	GCPVertexAIPrivateEndpoint.yaml
2639	CKV2_GCP_34	resource	google_vertex_ai_index_endpoint	Ensure Vertex AI index endpoint is private	Terraform	GCPVertexAIPrivateIndexEndpoint.yaml
2640	CKV2_GCP_35	resource	google_notebooks_runtime	Ensure Vertex AI runtime is encrypted with a Customer Managed Key (CMK)	Terraform	GCPVertexRuntimeEncryptedWithCMK.yaml
2641	CKV2_GCP_36	resource	google_notebooks_runtime	Ensure Vertex AI runtime is private	Terraform	GCPVertexRuntimePrivate.yaml
2642	CKV_GHA_1	jobs	jobs	Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn’t true on environment variables	github_actions	AllowUnsecureCommandsOnJob.py
2643	CKV_GHA_1	jobs	jobs.*.steps[]	Ensure ACTIONS_ALLOW_UNSECURE_COMMANDS isn’t true on environment variables	github_actions	AllowUnsecureCommandsOnJob.py
2644	CKV_GHA_2	jobs	jobs	Ensure run commands are not vulnerable to shell injection	github_actions	ShellInjection.py
2645	CKV_GHA_2	jobs	jobs.*.steps[]	Ensure run commands are not vulnerable to shell injection	github_actions	ShellInjection.py
2646	CKV_GHA_3	jobs	jobs	Suspicious use of curl with secrets	github_actions	SuspectCurlInScript.py
2647	CKV_GHA_3	jobs	jobs.*.steps[]	Suspicious use of curl with secrets	github_actions	SuspectCurlInScript.py
2648	CKV_GHA_4	jobs	jobs	Suspicious use of netcat with IP address	github_actions	ReverseShellNetcat.py
2649	CKV_GHA_4	jobs	jobs.*.steps[]	Suspicious use of netcat with IP address	github_actions	ReverseShellNetcat.py
2650	CKV_GHA_5	jobs	jobs	Found artifact build without evidence of cosign sign execution in pipeline	github_actions	CosignArtifacts.py
2651	CKV_GHA_6	jobs	jobs	Found artifact build without evidence of cosign sbom attestation in pipeline	github_actions	CosignSBOM.py
2652	CKV_GHA_7	jobs	on	The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty.	github_actions	EmptyWorkflowDispatch.py
2653	CKV2_GHA_1	resource	permissions	Ensure top-level permissions are not set to write-all	github_actions	ReadOnlyTopLevelPermissions.yaml
2654	CKV_GIT_1	resource	github_repository	Ensure GitHub repository is Private	Terraform	PrivateRepo.py
2655	CKV_GIT_2	resource	github_repository_webhook	Ensure GitHub repository webhooks are using HTTPS	Terraform	WebhookInsecureSsl.py
2656	CKV_GIT_3	resource	github_repository	Ensure GitHub repository has vulnerability alerts enabled	Terraform	RepositoryEnableVulnerabilityAlerts.py
2657	CKV_GIT_4	resource	github_actions_environment_secret	Ensure GitHub Actions secrets are encrypted	Terraform	SecretsEncrypted.py
2658	CKV_GIT_4	resource	github_actions_organization_secret	Ensure GitHub Actions secrets are encrypted	Terraform	SecretsEncrypted.py
2659	CKV_GIT_4	resource	github_actions_secret	Ensure GitHub Actions secrets are encrypted	Terraform	SecretsEncrypted.py
2660	CKV_GIT_5	resource	github_branch_protection	GitHub pull requests should require at least 2 approvals	Terraform	BranchProtectionReviewNumTwo.py
2661	CKV_GIT_5	resource	github_branch_protection_v3	GitHub pull requests should require at least 2 approvals	Terraform	BranchProtectionReviewNumTwo.py
2662	CKV_GIT_6	resource	github_branch_protection	Ensure GitHub branch protection rules requires signed commits	Terraform	BranchProtectionRequireSignedCommits.py
2663	CKV_GIT_6	resource	github_branch_protection_v3	Ensure GitHub branch protection rules requires signed commits	Terraform	BranchProtectionRequireSignedCommits.py
2664	CKV2_GIT_1	resource	github_repository	Ensure each Repository has branch protection associated	Terraform	RepositoryHasBranchProtection.yaml
2665	CKV_GITHUB_1	github_configuration	*	Ensure GitHub organization security settings require 2FA	github_configuration	2fa.py
2666	CKV_GITHUB_2	github_configuration	*	Ensure GitHub organization security settings require SSO	github_configuration	sso.py
2667	CKV_GITHUB_3	github_configuration	*	Ensure GitHub organization security settings has IP allow list enabled	github_configuration	ipallowlist.py
2668	CKV_GITHUB_4	github_configuration	*	Ensure GitHub branch protection rules requires signed commits	github_configuration	require_signatures.py
2669	CKV_GITHUB_5	github_configuration	*	Ensure GitHub branch protection rules does not allow force pushes	github_configuration	disallow_force_pushes.py
2670	CKV_GITHUB_6	github_configuration	*	Ensure GitHub organization webhooks are using HTTPS	github_configuration	webhooks_https_orgs.py
2671	CKV_GITHUB_7	github_configuration	*	Ensure GitHub repository webhooks are using HTTPS	github_configuration	webhooks_https_repos.py
2672	CKV_GITHUB_8	github_configuration	*	Ensure GitHub branch protection rules requires linear history	github_configuration	require_linear_history.py
2673	CKV_GITHUB_9	github_configuration	*	Ensure 2 admins are set for each repository	github_configuration	repository_collaborators.py
2674	CKV_GITHUB_10	github_configuration	*	Ensure branch protection rules are enforced on administrators	github_configuration	enforce_branch_protection_admins.py
2675	CKV_GITHUB_11	github_configuration	*	Ensure GitHub branch protection dismisses stale review on new commit	github_configuration	dismiss_stale_reviews.py
2676	CKV_GITHUB_12	github_configuration	*	Ensure GitHub branch protection restricts who can dismiss PR reviews	github_configuration	restrict_pr_review_dismissal.py
2677	CKV_GITHUB_13	github_configuration	*	Ensure GitHub branch protection requires CODEOWNER reviews	github_configuration	require_code_owner_reviews.py
2678	CKV_GITHUB_14	github_configuration	*	Ensure all checks have passed before the merge of new code	github_configuration	require_status_checks_pr.py
2679	CKV_GITHUB_15	github_configuration	*	Ensure inactive branches are reviewed and removed periodically	github_configuration	disallow_inactive_branch_60days.py
2680	CKV_GITHUB_16	github_configuration	*	Ensure GitHub branch protection requires conversation resolution	github_configuration	require_conversation_resolution.py
2681	CKV_GITHUB_17	github_configuration	*	Ensure GitHub branch protection requires push restrictions	github_configuration	require_push_restrictions.py
2682	CKV_GITHUB_18	github_configuration	*	Ensure GitHub branch protection rules does not allow deletions	github_configuration	disallow_branch_deletions.py
2683	CKV_GITHUB_19	github_configuration	*	Ensure any change to code receives approval of two strongly authenticated users	github_configuration	require_2approvals.py
2684	CKV_GITHUB_20	github_configuration	*	Ensure open git branches are up to date before they can be merged into codebase	github_configuration	require_updated_branch_pr.py
2685	CKV_GITHUB_21	github_configuration	*	Ensure public repository creation is limited to specific members	github_configuration	public_repository_creation_is_limited.py
2686	CKV_GITHUB_22	github_configuration	*	Ensure private repository creation is limited to specific members	github_configuration	private_repository_creation_is_limited.py
2687	CKV_GITHUB_23	github_configuration	*	Ensure internal repository creation is limited to specific members	github_configuration	internal_repository_creation_is_limited.py
2688	CKV_GITHUB_26	github_configuration	*	Ensure minimum admins are set for the organization	github_configuration	minimum_admins_in_org.py
2689	CKV_GITHUB_27	github_configuration	*	Ensure strict base permissions are set for repositories	github_configuration	require_strict_base_permissions_repository.py
2690	CKV_GITHUB_28	github_configuration	*	Ensure an organization’s identity is confirmed with a Verified badge Passed	github_configuration	require_verified_organization.py
2691	CKV_GITLAB_1	gitlab_configuration	*	Merge requests should require at least 2 approvals	gitlab_configuration	merge_requests_approvals.py
2692	CKV_GITLAB_2	gitlab_configuration	*	Ensure all Gitlab groups require two factor authentication	gitlab_configuration	two_factor_authentication.py
2693	CKV_GITLABCI_1	jobs	*.script[]	Suspicious use of curl with CI environment variables in script	gitlab_ci	SuspectCurlInScript.py
2694	CKV_GITLABCI_2	jobs	*.rules	Avoid creating rules that generate double pipelines	gitlab_ci	AvoidDoublePipelines.py
2695	CKV_GITLABCI_3	jobs	*.image[]	Detecting image usages in gitlab workflows	gitlab_ci	DetectImagesUsage.py
2696	CKV_GITLABCI_3	jobs	*.services[]	Detecting image usages in gitlab workflows	gitlab_ci	DetectImagesUsage.py
2697	CKV_GLB_1	resource	gitlab_project	Ensure at least two approving reviews are required to merge a GitLab MR	Terraform	RequireTwoApprovalsToMerge.py
2698	CKV_GLB_2	resource	gitlab_branch_protection	Ensure GitLab branch protection rules does not allow force pushes	Terraform	ForcePushDisabled.py
2699	CKV_GLB_3	resource	gitlab_project	Ensure GitLab prevent secrets is enabled	Terraform	PreventSecretsEnabled.py
2700	CKV_GLB_4	resource	gitlab_project	Ensure GitLab commits are signed	Terraform	RejectUnsignedCommits.py
2701	CKV2_IBM_1	resource	ibm_is_lb	Ensure load balancer for VPC is private (disable public access)	Terraform	IBM_LoadBalancerforVPCisPrivate.yaml
2702	CKV2_IBM_2	resource	ibm_is_vpc	Ensure VPC classic access is disabled	Terraform	IBM_VPCclassicAccessIsDisabled.yaml
2703	CKV2_IBM_3	resource	ibm_iam_account_settings	Ensure API key creation is restricted in account settings	Terraform	IBM_RestrictAPIkeyCreationInAccountSettings.yaml
2704	CKV2_IBM_4	resource	ibm_iam_account_settings	Ensure Multi-Factor Authentication (MFA) is enabled at the account level	Terraform	IBM_EnableMFAatAccountLevel.yaml
2705	CKV2_IBM_5	resource	ibm_iam_account_settings	Ensure Service ID creation is restricted in account settings	Terraform	IBM_RestrictServiceIDCreationInAccountSettings.yaml
2706	CKV2_IBM_7	resource	ibm_container_cluster	Ensure Kubernetes clusters are accessible by using private endpoint and NOT public endpoint	Terraform	IBM_K8sClustersAccessibleViaPrivateEndPt.yaml
2707	CKV_K8S_1	resource	PodSecurityPolicy	Do not admit containers wishing to share the host process ID namespace	Kubernetes	ShareHostPIDPSP.py
2708	CKV_K8S_1	resource	kubernetes_pod_security_policy	Do not admit containers wishing to share the host process ID namespace	Terraform	ShareHostPIDPSP.py
2709	CKV_K8S_2	resource	PodSecurityPolicy	Do not admit privileged containers	Kubernetes	PrivilegedContainersPSP.py
2710	CKV_K8S_2	resource	kubernetes_pod_security_policy	Do not admit privileged containers	Terraform	PrivilegedContainerPSP.py
2711	CKV_K8S_3	resource	PodSecurityPolicy	Do not admit containers wishing to share the host IPC namespace	Kubernetes	ShareHostIPCPSP.py
2712	CKV_K8S_3	resource	kubernetes_pod_security_policy	Do not admit containers wishing to share the host IPC namespace	Terraform	ShareHostIPCPSP.py
2713	CKV_K8S_4	resource	PodSecurityPolicy	Do not admit containers wishing to share the host network namespace	Kubernetes	SharedHostNetworkNamespacePSP.py
2714	CKV_K8S_4	resource	kubernetes_pod_security_policy	Do not admit containers wishing to share the host network namespace	Terraform	SharedHostNetworkNamespacePSP.py
2715	CKV_K8S_5	resource	PodSecurityPolicy	Containers should not run with allowPrivilegeEscalation	Kubernetes	AllowPrivilegeEscalationPSP.py
2716	CKV_K8S_5	resource	kubernetes_pod_security_policy	Containers should not run with allowPrivilegeEscalation	Terraform	AllowPrivilegeEscalationPSP.py
2717	CKV_K8S_6	resource	PodSecurityPolicy	Do not admit root containers	Kubernetes	RootContainersPSP.py
2718	CKV_K8S_6	resource	kubernetes_pod_security_policy	Do not admit root containers	Terraform	RootContainerPSP.py
2719	CKV_K8S_7	resource	PodSecurityPolicy	Do not admit containers with the NET_RAW capability	Kubernetes	DropCapabilitiesPSP.py
2720	CKV_K8S_7	resource	kubernetes_pod_security_policy	Do not admit containers with the NET_RAW capability	Terraform	DropCapabilitiesPSP.py
2721	CKV_K8S_8	resource	DaemonSet	Liveness Probe Should be Configured	Kubernetes	LivenessProbe.py
2722	CKV_K8S_8	resource	Deployment	Liveness Probe Should be Configured	Kubernetes	LivenessProbe.py
2723	CKV_K8S_8	resource	DeploymentConfig	Liveness Probe Should be Configured	Kubernetes	LivenessProbe.py
2724	CKV_K8S_8	resource	Pod	Liveness Probe Should be Configured	Kubernetes	LivenessProbe.py
2725	CKV_K8S_8	resource	PodTemplate	Liveness Probe Should be Configured	Kubernetes	LivenessProbe.py
2726	CKV_K8S_8	resource	ReplicaSet	Liveness Probe Should be Configured	Kubernetes	LivenessProbe.py
2727	CKV_K8S_8	resource	ReplicationController	Liveness Probe Should be Configured	Kubernetes	LivenessProbe.py
2728	CKV_K8S_8	resource	StatefulSet	Liveness Probe Should be Configured	Kubernetes	LivenessProbe.py
2729	CKV_K8S_8	resource	kubernetes_deployment	Liveness Probe Should be Configured	Terraform	LivenessProbe.py
2730	CKV_K8S_8	resource	kubernetes_deployment_v1	Liveness Probe Should be Configured	Terraform	LivenessProbe.py
2731	CKV_K8S_8	resource	kubernetes_pod	Liveness Probe Should be Configured	Terraform	LivenessProbe.py
2732	CKV_K8S_8	resource	kubernetes_pod_v1	Liveness Probe Should be Configured	Terraform	LivenessProbe.py
2733	CKV_K8S_9	resource	DaemonSet	Readiness Probe Should be Configured	Kubernetes	ReadinessProbe.py
2734	CKV_K8S_9	resource	Deployment	Readiness Probe Should be Configured	Kubernetes	ReadinessProbe.py
2735	CKV_K8S_9	resource	DeploymentConfig	Readiness Probe Should be Configured	Kubernetes	ReadinessProbe.py
2736	CKV_K8S_9	resource	Pod	Readiness Probe Should be Configured	Kubernetes	ReadinessProbe.py
2737	CKV_K8S_9	resource	PodTemplate	Readiness Probe Should be Configured	Kubernetes	ReadinessProbe.py
2738	CKV_K8S_9	resource	ReplicaSet	Readiness Probe Should be Configured	Kubernetes	ReadinessProbe.py
2739	CKV_K8S_9	resource	ReplicationController	Readiness Probe Should be Configured	Kubernetes	ReadinessProbe.py
2740	CKV_K8S_9	resource	StatefulSet	Readiness Probe Should be Configured	Kubernetes	ReadinessProbe.py
2741	CKV_K8S_9	resource	kubernetes_deployment	Readiness Probe Should be Configured	Terraform	ReadinessProbe.py
2742	CKV_K8S_9	resource	kubernetes_deployment_v1	Readiness Probe Should be Configured	Terraform	ReadinessProbe.py
2743	CKV_K8S_9	resource	kubernetes_pod	Readiness Probe Should be Configured	Terraform	ReadinessProbe.py
2744	CKV_K8S_9	resource	kubernetes_pod_v1	Readiness Probe Should be Configured	Terraform	ReadinessProbe.py
2745	CKV_K8S_10	resource	CronJob	CPU requests should be set	Kubernetes	CPURequests.py
2746	CKV_K8S_10	resource	DaemonSet	CPU requests should be set	Kubernetes	CPURequests.py
2747	CKV_K8S_10	resource	Deployment	CPU requests should be set	Kubernetes	CPURequests.py
2748	CKV_K8S_10	resource	DeploymentConfig	CPU requests should be set	Kubernetes	CPURequests.py
2749	CKV_K8S_10	resource	Job	CPU requests should be set	Kubernetes	CPURequests.py
2750	CKV_K8S_10	resource	Pod	CPU requests should be set	Kubernetes	CPURequests.py
2751	CKV_K8S_10	resource	PodTemplate	CPU requests should be set	Kubernetes	CPURequests.py
2752	CKV_K8S_10	resource	ReplicaSet	CPU requests should be set	Kubernetes	CPURequests.py
2753	CKV_K8S_10	resource	ReplicationController	CPU requests should be set	Kubernetes	CPURequests.py
2754	CKV_K8S_10	resource	StatefulSet	CPU requests should be set	Kubernetes	CPURequests.py
2755	CKV_K8S_10	resource	kubernetes_deployment	CPU requests should be set	Terraform	CPURequests.py
2756	CKV_K8S_10	resource	kubernetes_deployment_v1	CPU requests should be set	Terraform	CPURequests.py
2757	CKV_K8S_10	resource	kubernetes_pod	CPU requests should be set	Terraform	CPURequests.py
2758	CKV_K8S_10	resource	kubernetes_pod_v1	CPU requests should be set	Terraform	CPURequests.py
2759	CKV_K8S_11	resource	CronJob	CPU limits should be set	Kubernetes	CPULimits.py
2760	CKV_K8S_11	resource	DaemonSet	CPU limits should be set	Kubernetes	CPULimits.py
2761	CKV_K8S_11	resource	Deployment	CPU limits should be set	Kubernetes	CPULimits.py
2762	CKV_K8S_11	resource	DeploymentConfig	CPU limits should be set	Kubernetes	CPULimits.py
2763	CKV_K8S_11	resource	Job	CPU limits should be set	Kubernetes	CPULimits.py
2764	CKV_K8S_11	resource	Pod	CPU limits should be set	Kubernetes	CPULimits.py
2765	CKV_K8S_11	resource	PodTemplate	CPU limits should be set	Kubernetes	CPULimits.py
2766	CKV_K8S_11	resource	ReplicaSet	CPU limits should be set	Kubernetes	CPULimits.py
2767	CKV_K8S_11	resource	ReplicationController	CPU limits should be set	Kubernetes	CPULimits.py
2768	CKV_K8S_11	resource	StatefulSet	CPU limits should be set	Kubernetes	CPULimits.py
2769	CKV_K8S_11	resource	kubernetes_deployment	CPU Limits should be set	Terraform	CPULimits.py
2770	CKV_K8S_11	resource	kubernetes_deployment_v1	CPU Limits should be set	Terraform	CPULimits.py
2771	CKV_K8S_11	resource	kubernetes_pod	CPU Limits should be set	Terraform	CPULimits.py
2772	CKV_K8S_11	resource	kubernetes_pod_v1	CPU Limits should be set	Terraform	CPULimits.py
2773	CKV_K8S_12	resource	CronJob	Memory requests should be set	Kubernetes	MemoryRequests.py
2774	CKV_K8S_12	resource	DaemonSet	Memory requests should be set	Kubernetes	MemoryRequests.py
2775	CKV_K8S_12	resource	Deployment	Memory requests should be set	Kubernetes	MemoryRequests.py
2776	CKV_K8S_12	resource	DeploymentConfig	Memory requests should be set	Kubernetes	MemoryRequests.py
2777	CKV_K8S_12	resource	Job	Memory requests should be set	Kubernetes	MemoryRequests.py
2778	CKV_K8S_12	resource	Pod	Memory requests should be set	Kubernetes	MemoryRequests.py
2779	CKV_K8S_12	resource	PodTemplate	Memory requests should be set	Kubernetes	MemoryRequests.py
2780	CKV_K8S_12	resource	ReplicaSet	Memory requests should be set	Kubernetes	MemoryRequests.py
2781	CKV_K8S_12	resource	ReplicationController	Memory requests should be set	Kubernetes	MemoryRequests.py
2782	CKV_K8S_12	resource	StatefulSet	Memory requests should be set	Kubernetes	MemoryRequests.py
2783	CKV_K8S_12	resource	kubernetes_deployment	Memory Limits should be set	Terraform	MemoryLimits.py
2784	CKV_K8S_12	resource	kubernetes_deployment_v1	Memory Limits should be set	Terraform	MemoryLimits.py
2785	CKV_K8S_12	resource	kubernetes_pod	Memory Limits should be set	Terraform	MemoryLimits.py
2786	CKV_K8S_12	resource	kubernetes_pod_v1	Memory Limits should be set	Terraform	MemoryLimits.py
2787	CKV_K8S_13	resource	CronJob	Memory limits should be set	Kubernetes	MemoryLimits.py
2788	CKV_K8S_13	resource	DaemonSet	Memory limits should be set	Kubernetes	MemoryLimits.py
2789	CKV_K8S_13	resource	Deployment	Memory limits should be set	Kubernetes	MemoryLimits.py
2790	CKV_K8S_13	resource	DeploymentConfig	Memory limits should be set	Kubernetes	MemoryLimits.py
2791	CKV_K8S_13	resource	Job	Memory limits should be set	Kubernetes	MemoryLimits.py
2792	CKV_K8S_13	resource	Pod	Memory limits should be set	Kubernetes	MemoryLimits.py
2793	CKV_K8S_13	resource	PodTemplate	Memory limits should be set	Kubernetes	MemoryLimits.py
2794	CKV_K8S_13	resource	ReplicaSet	Memory limits should be set	Kubernetes	MemoryLimits.py
2795	CKV_K8S_13	resource	ReplicationController	Memory limits should be set	Kubernetes	MemoryLimits.py
2796	CKV_K8S_13	resource	StatefulSet	Memory limits should be set	Kubernetes	MemoryLimits.py
2797	CKV_K8S_13	resource	kubernetes_deployment	Memory requests should be set	Terraform	MemoryRequests.py
2798	CKV_K8S_13	resource	kubernetes_deployment_v1	Memory requests should be set	Terraform	MemoryRequests.py
2799	CKV_K8S_13	resource	kubernetes_pod	Memory requests should be set	Terraform	MemoryRequests.py
2800	CKV_K8S_13	resource	kubernetes_pod_v1	Memory requests should be set	Terraform	MemoryRequests.py
2801	CKV_K8S_14	resource	CronJob	Image Tag should be fixed - not latest or blank	Kubernetes	ImageTagFixed.py
2802	CKV_K8S_14	resource	DaemonSet	Image Tag should be fixed - not latest or blank	Kubernetes	ImageTagFixed.py
2803	CKV_K8S_14	resource	Deployment	Image Tag should be fixed - not latest or blank	Kubernetes	ImageTagFixed.py
2804	CKV_K8S_14	resource	DeploymentConfig	Image Tag should be fixed - not latest or blank	Kubernetes	ImageTagFixed.py
2805	CKV_K8S_14	resource	Job	Image Tag should be fixed - not latest or blank	Kubernetes	ImageTagFixed.py
2806	CKV_K8S_14	resource	Pod	Image Tag should be fixed - not latest or blank	Kubernetes	ImageTagFixed.py
2807	CKV_K8S_14	resource	PodTemplate	Image Tag should be fixed - not latest or blank	Kubernetes	ImageTagFixed.py
2808	CKV_K8S_14	resource	ReplicaSet	Image Tag should be fixed - not latest or blank	Kubernetes	ImageTagFixed.py
2809	CKV_K8S_14	resource	ReplicationController	Image Tag should be fixed - not latest or blank	Kubernetes	ImageTagFixed.py
2810	CKV_K8S_14	resource	StatefulSet	Image Tag should be fixed - not latest or blank	Kubernetes	ImageTagFixed.py
2811	CKV_K8S_14	resource	kubernetes_deployment	Image Tag should be fixed - not latest or blank	Terraform	ImageTagFixed.py
2812	CKV_K8S_14	resource	kubernetes_deployment_v1	Image Tag should be fixed - not latest or blank	Terraform	ImageTagFixed.py
2813	CKV_K8S_14	resource	kubernetes_pod	Image Tag should be fixed - not latest or blank	Terraform	ImageTagFixed.py
2814	CKV_K8S_14	resource	kubernetes_pod_v1	Image Tag should be fixed - not latest or blank	Terraform	ImageTagFixed.py
2815	CKV_K8S_15	resource	CronJob	Image Pull Policy should be Always	Kubernetes	ImagePullPolicyAlways.py
2816	CKV_K8S_15	resource	DaemonSet	Image Pull Policy should be Always	Kubernetes	ImagePullPolicyAlways.py
2817	CKV_K8S_15	resource	Deployment	Image Pull Policy should be Always	Kubernetes	ImagePullPolicyAlways.py
2818	CKV_K8S_15	resource	DeploymentConfig	Image Pull Policy should be Always	Kubernetes	ImagePullPolicyAlways.py
2819	CKV_K8S_15	resource	Job	Image Pull Policy should be Always	Kubernetes	ImagePullPolicyAlways.py
2820	CKV_K8S_15	resource	Pod	Image Pull Policy should be Always	Kubernetes	ImagePullPolicyAlways.py
2821	CKV_K8S_15	resource	PodTemplate	Image Pull Policy should be Always	Kubernetes	ImagePullPolicyAlways.py
2822	CKV_K8S_15	resource	ReplicaSet	Image Pull Policy should be Always	Kubernetes	ImagePullPolicyAlways.py
2823	CKV_K8S_15	resource	ReplicationController	Image Pull Policy should be Always	Kubernetes	ImagePullPolicyAlways.py
2824	CKV_K8S_15	resource	StatefulSet	Image Pull Policy should be Always	Kubernetes	ImagePullPolicyAlways.py
2825	CKV_K8S_15	resource	kubernetes_deployment	Image Pull Policy should be Always	Terraform	ImagePullPolicyAlways.py
2826	CKV_K8S_15	resource	kubernetes_deployment_v1	Image Pull Policy should be Always	Terraform	ImagePullPolicyAlways.py
2827	CKV_K8S_15	resource	kubernetes_pod	Image Pull Policy should be Always	Terraform	ImagePullPolicyAlways.py
2828	CKV_K8S_15	resource	kubernetes_pod_v1	Image Pull Policy should be Always	Terraform	ImagePullPolicyAlways.py
2829	CKV_K8S_16	resource	CronJob	Container should not be privileged	Kubernetes	PrivilegedContainers.py
2830	CKV_K8S_16	resource	DaemonSet	Container should not be privileged	Kubernetes	PrivilegedContainers.py
2831	CKV_K8S_16	resource	Deployment	Container should not be privileged	Kubernetes	PrivilegedContainers.py
2832	CKV_K8S_16	resource	DeploymentConfig	Container should not be privileged	Kubernetes	PrivilegedContainers.py
2833	CKV_K8S_16	resource	Job	Container should not be privileged	Kubernetes	PrivilegedContainers.py
2834	CKV_K8S_16	resource	Pod	Container should not be privileged	Kubernetes	PrivilegedContainers.py
2835	CKV_K8S_16	resource	PodTemplate	Container should not be privileged	Kubernetes	PrivilegedContainers.py
2836	CKV_K8S_16	resource	ReplicaSet	Container should not be privileged	Kubernetes	PrivilegedContainers.py
2837	CKV_K8S_16	resource	ReplicationController	Container should not be privileged	Kubernetes	PrivilegedContainers.py
2838	CKV_K8S_16	resource	StatefulSet	Container should not be privileged	Kubernetes	PrivilegedContainers.py
2839	CKV_K8S_16	resource	kubernetes_deployment	Do not admit privileged containers	Terraform	PrivilegedContainer.py
2840	CKV_K8S_16	resource	kubernetes_deployment_v1	Do not admit privileged containers	Terraform	PrivilegedContainer.py
2841	CKV_K8S_16	resource	kubernetes_pod	Do not admit privileged containers	Terraform	PrivilegedContainer.py
2842	CKV_K8S_16	resource	kubernetes_pod_v1	Do not admit privileged containers	Terraform	PrivilegedContainer.py
2843	CKV_K8S_17	resource	CronJob	Containers should not share the host process ID namespace	Kubernetes	ShareHostPID.py
2844	CKV_K8S_17	resource	DaemonSet	Containers should not share the host process ID namespace	Kubernetes	ShareHostPID.py
2845	CKV_K8S_17	resource	Deployment	Containers should not share the host process ID namespace	Kubernetes	ShareHostPID.py
2846	CKV_K8S_17	resource	Job	Containers should not share the host process ID namespace	Kubernetes	ShareHostPID.py
2847	CKV_K8S_17	resource	Pod	Containers should not share the host process ID namespace	Kubernetes	ShareHostPID.py
2848	CKV_K8S_17	resource	ReplicaSet	Containers should not share the host process ID namespace	Kubernetes	ShareHostPID.py
2849	CKV_K8S_17	resource	ReplicationController	Containers should not share the host process ID namespace	Kubernetes	ShareHostPID.py
2850	CKV_K8S_17	resource	StatefulSet	Containers should not share the host process ID namespace	Kubernetes	ShareHostPID.py
2851	CKV_K8S_17	resource	kubernetes_deployment	Do not admit containers wishing to share the host process ID namespace	Terraform	ShareHostPID.py
2852	CKV_K8S_17	resource	kubernetes_deployment_v1	Do not admit containers wishing to share the host process ID namespace	Terraform	ShareHostPID.py
2853	CKV_K8S_17	resource	kubernetes_pod	Do not admit containers wishing to share the host process ID namespace	Terraform	ShareHostPID.py
2854	CKV_K8S_17	resource	kubernetes_pod_v1	Do not admit containers wishing to share the host process ID namespace	Terraform	ShareHostPID.py
2855	CKV_K8S_18	resource	CronJob	Containers should not share the host IPC namespace	Kubernetes	ShareHostIPC.py
2856	CKV_K8S_18	resource	DaemonSet	Containers should not share the host IPC namespace	Kubernetes	ShareHostIPC.py
2857	CKV_K8S_18	resource	Deployment	Containers should not share the host IPC namespace	Kubernetes	ShareHostIPC.py
2858	CKV_K8S_18	resource	Job	Containers should not share the host IPC namespace	Kubernetes	ShareHostIPC.py
2859	CKV_K8S_18	resource	Pod	Containers should not share the host IPC namespace	Kubernetes	ShareHostIPC.py
2860	CKV_K8S_18	resource	ReplicaSet	Containers should not share the host IPC namespace	Kubernetes	ShareHostIPC.py
2861	CKV_K8S_18	resource	ReplicationController	Containers should not share the host IPC namespace	Kubernetes	ShareHostIPC.py
2862	CKV_K8S_18	resource	StatefulSet	Containers should not share the host IPC namespace	Kubernetes	ShareHostIPC.py
2863	CKV_K8S_18	resource	kubernetes_deployment	Do not admit containers wishing to share the host IPC namespace	Terraform	ShareHostIPC.py
2864	CKV_K8S_18	resource	kubernetes_deployment_v1	Do not admit containers wishing to share the host IPC namespace	Terraform	ShareHostIPC.py
2865	CKV_K8S_18	resource	kubernetes_pod	Do not admit containers wishing to share the host IPC namespace	Terraform	ShareHostIPC.py
2866	CKV_K8S_18	resource	kubernetes_pod_v1	Do not admit containers wishing to share the host IPC namespace	Terraform	ShareHostIPC.py
2867	CKV_K8S_19	resource	CronJob	Containers should not share the host network namespace	Kubernetes	SharedHostNetworkNamespace.py
2868	CKV_K8S_19	resource	DaemonSet	Containers should not share the host network namespace	Kubernetes	SharedHostNetworkNamespace.py
2869	CKV_K8S_19	resource	Deployment	Containers should not share the host network namespace	Kubernetes	SharedHostNetworkNamespace.py
2870	CKV_K8S_19	resource	Job	Containers should not share the host network namespace	Kubernetes	SharedHostNetworkNamespace.py
2871	CKV_K8S_19	resource	Pod	Containers should not share the host network namespace	Kubernetes	SharedHostNetworkNamespace.py
2872	CKV_K8S_19	resource	ReplicaSet	Containers should not share the host network namespace	Kubernetes	SharedHostNetworkNamespace.py
2873	CKV_K8S_19	resource	ReplicationController	Containers should not share the host network namespace	Kubernetes	SharedHostNetworkNamespace.py
2874	CKV_K8S_19	resource	StatefulSet	Containers should not share the host network namespace	Kubernetes	SharedHostNetworkNamespace.py
2875	CKV_K8S_19	resource	kubernetes_deployment	Do not admit containers wishing to share the host network namespace	Terraform	SharedHostNetworkNamespace.py
2876	CKV_K8S_19	resource	kubernetes_deployment_v1	Do not admit containers wishing to share the host network namespace	Terraform	SharedHostNetworkNamespace.py
2877	CKV_K8S_19	resource	kubernetes_pod	Do not admit containers wishing to share the host network namespace	Terraform	SharedHostNetworkNamespace.py
2878	CKV_K8S_19	resource	kubernetes_pod_v1	Do not admit containers wishing to share the host network namespace	Terraform	SharedHostNetworkNamespace.py
2879	CKV_K8S_20	resource	CronJob	Containers should not run with allowPrivilegeEscalation	Kubernetes	AllowPrivilegeEscalation.py
2880	CKV_K8S_20	resource	DaemonSet	Containers should not run with allowPrivilegeEscalation	Kubernetes	AllowPrivilegeEscalation.py
2881	CKV_K8S_20	resource	Deployment	Containers should not run with allowPrivilegeEscalation	Kubernetes	AllowPrivilegeEscalation.py
2882	CKV_K8S_20	resource	DeploymentConfig	Containers should not run with allowPrivilegeEscalation	Kubernetes	AllowPrivilegeEscalation.py
2883	CKV_K8S_20	resource	Job	Containers should not run with allowPrivilegeEscalation	Kubernetes	AllowPrivilegeEscalation.py
2884	CKV_K8S_20	resource	Pod	Containers should not run with allowPrivilegeEscalation	Kubernetes	AllowPrivilegeEscalation.py
2885	CKV_K8S_20	resource	PodTemplate	Containers should not run with allowPrivilegeEscalation	Kubernetes	AllowPrivilegeEscalation.py
2886	CKV_K8S_20	resource	ReplicaSet	Containers should not run with allowPrivilegeEscalation	Kubernetes	AllowPrivilegeEscalation.py
2887	CKV_K8S_20	resource	ReplicationController	Containers should not run with allowPrivilegeEscalation	Kubernetes	AllowPrivilegeEscalation.py
2888	CKV_K8S_20	resource	StatefulSet	Containers should not run with allowPrivilegeEscalation	Kubernetes	AllowPrivilegeEscalation.py
2889	CKV_K8S_20	resource	kubernetes_deployment	Containers should not run with allowPrivilegeEscalation	Terraform	AllowPrivilegeEscalation.py
2890	CKV_K8S_20	resource	kubernetes_deployment_v1	Containers should not run with allowPrivilegeEscalation	Terraform	AllowPrivilegeEscalation.py
2891	CKV_K8S_20	resource	kubernetes_pod	Containers should not run with allowPrivilegeEscalation	Terraform	AllowPrivilegeEscalation.py
2892	CKV_K8S_20	resource	kubernetes_pod_v1	Containers should not run with allowPrivilegeEscalation	Terraform	AllowPrivilegeEscalation.py
2893	CKV_K8S_21	resource	ConfigMap	The default namespace should not be used	Kubernetes	DefaultNamespace.py
2894	CKV_K8S_21	resource	CronJob	The default namespace should not be used	Kubernetes	DefaultNamespace.py
2895	CKV_K8S_21	resource	DaemonSet	The default namespace should not be used	Kubernetes	DefaultNamespace.py
2896	CKV_K8S_21	resource	Deployment	The default namespace should not be used	Kubernetes	DefaultNamespace.py
2897	CKV_K8S_21	resource	Ingress	The default namespace should not be used	Kubernetes	DefaultNamespace.py
2898	CKV_K8S_21	resource	Job	The default namespace should not be used	Kubernetes	DefaultNamespace.py
2899	CKV_K8S_21	resource	Pod	The default namespace should not be used	Kubernetes	DefaultNamespace.py
2900	CKV_K8S_21	resource	ReplicaSet	The default namespace should not be used	Kubernetes	DefaultNamespace.py
2901	CKV_K8S_21	resource	ReplicationController	The default namespace should not be used	Kubernetes	DefaultNamespace.py
2902	CKV_K8S_21	resource	Role	The default namespace should not be used	Kubernetes	DefaultNamespace.py
2903	CKV_K8S_21	resource	RoleBinding	The default namespace should not be used	Kubernetes	DefaultNamespace.py
2904	CKV_K8S_21	resource	Secret	The default namespace should not be used	Kubernetes	DefaultNamespace.py
2905	CKV_K8S_21	resource	Service	The default namespace should not be used	Kubernetes	DefaultNamespace.py
2906	CKV_K8S_21	resource	ServiceAccount	The default namespace should not be used	Kubernetes	DefaultNamespace.py
2907	CKV_K8S_21	resource	StatefulSet	The default namespace should not be used	Kubernetes	DefaultNamespace.py
2908	CKV_K8S_21	resource	kubernetes_config_map	The default namespace should not be used	Terraform	DefaultNamespace.py
2909	CKV_K8S_21	resource	kubernetes_config_map_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
2910	CKV_K8S_21	resource	kubernetes_cron_job	The default namespace should not be used	Terraform	DefaultNamespace.py
2911	CKV_K8S_21	resource	kubernetes_cron_job_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
2912	CKV_K8S_21	resource	kubernetes_daemon_set_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
2913	CKV_K8S_21	resource	kubernetes_daemonset	The default namespace should not be used	Terraform	DefaultNamespace.py
2914	CKV_K8S_21	resource	kubernetes_deployment	The default namespace should not be used	Terraform	DefaultNamespace.py
2915	CKV_K8S_21	resource	kubernetes_deployment_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
2916	CKV_K8S_21	resource	kubernetes_ingress	The default namespace should not be used	Terraform	DefaultNamespace.py
2917	CKV_K8S_21	resource	kubernetes_ingress_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
2918	CKV_K8S_21	resource	kubernetes_job	The default namespace should not be used	Terraform	DefaultNamespace.py
2919	CKV_K8S_21	resource	kubernetes_job_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
2920	CKV_K8S_21	resource	kubernetes_pod	The default namespace should not be used	Terraform	DefaultNamespace.py
2921	CKV_K8S_21	resource	kubernetes_pod_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
2922	CKV_K8S_21	resource	kubernetes_replication_controller	The default namespace should not be used	Terraform	DefaultNamespace.py
2923	CKV_K8S_21	resource	kubernetes_replication_controller_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
2924	CKV_K8S_21	resource	kubernetes_role_binding	The default namespace should not be used	Terraform	DefaultNamespace.py
2925	CKV_K8S_21	resource	kubernetes_role_binding_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
2926	CKV_K8S_21	resource	kubernetes_secret	The default namespace should not be used	Terraform	DefaultNamespace.py
2927	CKV_K8S_21	resource	kubernetes_secret_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
2928	CKV_K8S_21	resource	kubernetes_service	The default namespace should not be used	Terraform	DefaultNamespace.py
2929	CKV_K8S_21	resource	kubernetes_service_account	The default namespace should not be used	Terraform	DefaultNamespace.py
2930	CKV_K8S_21	resource	kubernetes_service_account_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
2931	CKV_K8S_21	resource	kubernetes_service_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
2932	CKV_K8S_21	resource	kubernetes_stateful_set	The default namespace should not be used	Terraform	DefaultNamespace.py
2933	CKV_K8S_21	resource	kubernetes_stateful_set_v1	The default namespace should not be used	Terraform	DefaultNamespace.py
2934	CKV_K8S_22	resource	CronJob	Use read-only filesystem for containers where possible	Kubernetes	ReadOnlyFilesystem.py
2935	CKV_K8S_22	resource	DaemonSet	Use read-only filesystem for containers where possible	Kubernetes	ReadOnlyFilesystem.py
2936	CKV_K8S_22	resource	Deployment	Use read-only filesystem for containers where possible	Kubernetes	ReadOnlyFilesystem.py
2937	CKV_K8S_22	resource	DeploymentConfig	Use read-only filesystem for containers where possible	Kubernetes	ReadOnlyFilesystem.py
2938	CKV_K8S_22	resource	Job	Use read-only filesystem for containers where possible	Kubernetes	ReadOnlyFilesystem.py
2939	CKV_K8S_22	resource	Pod	Use read-only filesystem for containers where possible	Kubernetes	ReadOnlyFilesystem.py
2940	CKV_K8S_22	resource	PodTemplate	Use read-only filesystem for containers where possible	Kubernetes	ReadOnlyFilesystem.py
2941	CKV_K8S_22	resource	ReplicaSet	Use read-only filesystem for containers where possible	Kubernetes	ReadOnlyFilesystem.py
2942	CKV_K8S_22	resource	ReplicationController	Use read-only filesystem for containers where possible	Kubernetes	ReadOnlyFilesystem.py
2943	CKV_K8S_22	resource	StatefulSet	Use read-only filesystem for containers where possible	Kubernetes	ReadOnlyFilesystem.py
2944	CKV_K8S_22	resource	kubernetes_deployment	Use read-only filesystem for containers where possible	Terraform	ReadonlyRootFilesystem.py
2945	CKV_K8S_22	resource	kubernetes_deployment_v1	Use read-only filesystem for containers where possible	Terraform	ReadonlyRootFilesystem.py
2946	CKV_K8S_22	resource	kubernetes_pod	Use read-only filesystem for containers where possible	Terraform	ReadonlyRootFilesystem.py
2947	CKV_K8S_22	resource	kubernetes_pod_v1	Use read-only filesystem for containers where possible	Terraform	ReadonlyRootFilesystem.py
2948	CKV_K8S_23	resource	CronJob	Minimize the admission of root containers	Kubernetes	RootContainers.py
2949	CKV_K8S_23	resource	DaemonSet	Minimize the admission of root containers	Kubernetes	RootContainers.py
2950	CKV_K8S_23	resource	Deployment	Minimize the admission of root containers	Kubernetes	RootContainers.py
2951	CKV_K8S_23	resource	Job	Minimize the admission of root containers	Kubernetes	RootContainers.py
2952	CKV_K8S_23	resource	Pod	Minimize the admission of root containers	Kubernetes	RootContainers.py
2953	CKV_K8S_23	resource	ReplicaSet	Minimize the admission of root containers	Kubernetes	RootContainers.py
2954	CKV_K8S_23	resource	ReplicationController	Minimize the admission of root containers	Kubernetes	RootContainers.py
2955	CKV_K8S_23	resource	StatefulSet	Minimize the admission of root containers	Kubernetes	RootContainers.py
2956	CKV_K8S_24	resource	PodSecurityPolicy	Do not allow containers with added capability	Kubernetes	AllowedCapabilitiesPSP.py
2957	CKV_K8S_24	resource	kubernetes_pod_security_policy	Do not allow containers with added capability	Terraform	AllowedCapabilitiesPSP.py
2958	CKV_K8S_25	resource	CronJob	Minimize the admission of containers with added capability	Kubernetes	AllowedCapabilities.py
2959	CKV_K8S_25	resource	DaemonSet	Minimize the admission of containers with added capability	Kubernetes	AllowedCapabilities.py
2960	CKV_K8S_25	resource	Deployment	Minimize the admission of containers with added capability	Kubernetes	AllowedCapabilities.py
2961	CKV_K8S_25	resource	DeploymentConfig	Minimize the admission of containers with added capability	Kubernetes	AllowedCapabilities.py
2962	CKV_K8S_25	resource	Job	Minimize the admission of containers with added capability	Kubernetes	AllowedCapabilities.py
2963	CKV_K8S_25	resource	Pod	Minimize the admission of containers with added capability	Kubernetes	AllowedCapabilities.py
2964	CKV_K8S_25	resource	PodTemplate	Minimize the admission of containers with added capability	Kubernetes	AllowedCapabilities.py
2965	CKV_K8S_25	resource	ReplicaSet	Minimize the admission of containers with added capability	Kubernetes	AllowedCapabilities.py
2966	CKV_K8S_25	resource	ReplicationController	Minimize the admission of containers with added capability	Kubernetes	AllowedCapabilities.py
2967	CKV_K8S_25	resource	StatefulSet	Minimize the admission of containers with added capability	Kubernetes	AllowedCapabilities.py
2968	CKV_K8S_25	resource	kubernetes_deployment	Minimize the admission of containers with added capability	Terraform	AllowedCapabilities.py
2969	CKV_K8S_25	resource	kubernetes_deployment_v1	Minimize the admission of containers with added capability	Terraform	AllowedCapabilities.py
2970	CKV_K8S_25	resource	kubernetes_pod	Minimize the admission of containers with added capability	Terraform	AllowedCapabilities.py
2971	CKV_K8S_25	resource	kubernetes_pod_v1	Minimize the admission of containers with added capability	Terraform	AllowedCapabilities.py
2972	CKV_K8S_26	resource	CronJob	Do not specify hostPort unless absolutely necessary	Kubernetes	HostPort.py
2973	CKV_K8S_26	resource	DaemonSet	Do not specify hostPort unless absolutely necessary	Kubernetes	HostPort.py
2974	CKV_K8S_26	resource	Deployment	Do not specify hostPort unless absolutely necessary	Kubernetes	HostPort.py
2975	CKV_K8S_26	resource	DeploymentConfig	Do not specify hostPort unless absolutely necessary	Kubernetes	HostPort.py
2976	CKV_K8S_26	resource	Job	Do not specify hostPort unless absolutely necessary	Kubernetes	HostPort.py
2977	CKV_K8S_26	resource	Pod	Do not specify hostPort unless absolutely necessary	Kubernetes	HostPort.py
2978	CKV_K8S_26	resource	PodTemplate	Do not specify hostPort unless absolutely necessary	Kubernetes	HostPort.py
2979	CKV_K8S_26	resource	ReplicaSet	Do not specify hostPort unless absolutely necessary	Kubernetes	HostPort.py
2980	CKV_K8S_26	resource	ReplicationController	Do not specify hostPort unless absolutely necessary	Kubernetes	HostPort.py
2981	CKV_K8S_26	resource	StatefulSet	Do not specify hostPort unless absolutely necessary	Kubernetes	HostPort.py
2982	CKV_K8S_26	resource	kubernetes_deployment	Do not specify hostPort unless absolutely necessary	Terraform	HostPort.py
2983	CKV_K8S_26	resource	kubernetes_deployment_v1	Do not specify hostPort unless absolutely necessary	Terraform	HostPort.py
2984	CKV_K8S_26	resource	kubernetes_pod	Do not specify hostPort unless absolutely necessary	Terraform	HostPort.py
2985	CKV_K8S_26	resource	kubernetes_pod_v1	Do not specify hostPort unless absolutely necessary	Terraform	HostPort.py
2986	CKV_K8S_27	resource	CronJob	Do not expose the docker daemon socket to containers	Kubernetes	DockerSocketVolume.py
2987	CKV_K8S_27	resource	DaemonSet	Do not expose the docker daemon socket to containers	Kubernetes	DockerSocketVolume.py
2988	CKV_K8S_27	resource	Deployment	Do not expose the docker daemon socket to containers	Kubernetes	DockerSocketVolume.py
2989	CKV_K8S_27	resource	Job	Do not expose the docker daemon socket to containers	Kubernetes	DockerSocketVolume.py
2990	CKV_K8S_27	resource	Pod	Do not expose the docker daemon socket to containers	Kubernetes	DockerSocketVolume.py
2991	CKV_K8S_27	resource	ReplicaSet	Do not expose the docker daemon socket to containers	Kubernetes	DockerSocketVolume.py
2992	CKV_K8S_27	resource	ReplicationController	Do not expose the docker daemon socket to containers	Kubernetes	DockerSocketVolume.py
2993	CKV_K8S_27	resource	StatefulSet	Do not expose the docker daemon socket to containers	Kubernetes	DockerSocketVolume.py
2994	CKV_K8S_27	resource	kubernetes_daemon_set_v1	Do not expose the docker daemon socket to containers	Terraform	DockerSocketVolume.py
2995	CKV_K8S_27	resource	kubernetes_daemonset	Do not expose the docker daemon socket to containers	Terraform	DockerSocketVolume.py
2996	CKV_K8S_27	resource	kubernetes_deployment	Do not expose the docker daemon socket to containers	Terraform	DockerSocketVolume.py
2997	CKV_K8S_27	resource	kubernetes_deployment_v1	Do not expose the docker daemon socket to containers	Terraform	DockerSocketVolume.py
2998	CKV_K8S_27	resource	kubernetes_pod	Do not expose the docker daemon socket to containers	Terraform	DockerSocketVolume.py
2999	CKV_K8S_27	resource	kubernetes_pod_v1	Do not expose the docker daemon socket to containers	Terraform	DockerSocketVolume.py
3000	CKV_K8S_28	resource	CronJob	Minimize the admission of containers with the NET_RAW capability	Kubernetes	DropCapabilities.py
3001	CKV_K8S_28	resource	DaemonSet	Minimize the admission of containers with the NET_RAW capability	Kubernetes	DropCapabilities.py
3002	CKV_K8S_28	resource	Deployment	Minimize the admission of containers with the NET_RAW capability	Kubernetes	DropCapabilities.py
3003	CKV_K8S_28	resource	DeploymentConfig	Minimize the admission of containers with the NET_RAW capability	Kubernetes	DropCapabilities.py
3004	CKV_K8S_28	resource	Job	Minimize the admission of containers with the NET_RAW capability	Kubernetes	DropCapabilities.py
3005	CKV_K8S_28	resource	Pod	Minimize the admission of containers with the NET_RAW capability	Kubernetes	DropCapabilities.py
3006	CKV_K8S_28	resource	PodTemplate	Minimize the admission of containers with the NET_RAW capability	Kubernetes	DropCapabilities.py
3007	CKV_K8S_28	resource	ReplicaSet	Minimize the admission of containers with the NET_RAW capability	Kubernetes	DropCapabilities.py
3008	CKV_K8S_28	resource	ReplicationController	Minimize the admission of containers with the NET_RAW capability	Kubernetes	DropCapabilities.py
3009	CKV_K8S_28	resource	StatefulSet	Minimize the admission of containers with the NET_RAW capability	Kubernetes	DropCapabilities.py
3010	CKV_K8S_28	resource	kubernetes_deployment	Minimize the admission of containers with the NET_RAW capability	Terraform	DropCapabilities.py
3011	CKV_K8S_28	resource	kubernetes_deployment_v1	Minimize the admission of containers with the NET_RAW capability	Terraform	DropCapabilities.py
3012	CKV_K8S_28	resource	kubernetes_pod	Minimize the admission of containers with the NET_RAW capability	Terraform	DropCapabilities.py
3013	CKV_K8S_28	resource	kubernetes_pod_v1	Minimize the admission of containers with the NET_RAW capability	Terraform	DropCapabilities.py
3014	CKV_K8S_29	resource	CronJob	Apply security context to your pods and containers	Kubernetes	PodSecurityContext.py
3015	CKV_K8S_29	resource	DaemonSet	Apply security context to your pods and containers	Kubernetes	PodSecurityContext.py
3016	CKV_K8S_29	resource	Deployment	Apply security context to your pods and containers	Kubernetes	PodSecurityContext.py
3017	CKV_K8S_29	resource	Job	Apply security context to your pods and containers	Kubernetes	PodSecurityContext.py
3018	CKV_K8S_29	resource	Pod	Apply security context to your pods and containers	Kubernetes	PodSecurityContext.py
3019	CKV_K8S_29	resource	ReplicaSet	Apply security context to your pods and containers	Kubernetes	PodSecurityContext.py
3020	CKV_K8S_29	resource	ReplicationController	Apply security context to your pods and containers	Kubernetes	PodSecurityContext.py
3021	CKV_K8S_29	resource	StatefulSet	Apply security context to your pods and containers	Kubernetes	PodSecurityContext.py
3022	CKV_K8S_29	resource	kubernetes_daemon_set_v1	Apply security context to your pods, deployments and daemon_sets	Terraform	PodSecurityContext.py
3023	CKV_K8S_29	resource	kubernetes_daemonset	Apply security context to your pods, deployments and daemon_sets	Terraform	PodSecurityContext.py
3024	CKV_K8S_29	resource	kubernetes_deployment	Apply security context to your pods, deployments and daemon_sets	Terraform	PodSecurityContext.py
3025	CKV_K8S_29	resource	kubernetes_deployment_v1	Apply security context to your pods, deployments and daemon_sets	Terraform	PodSecurityContext.py
3026	CKV_K8S_29	resource	kubernetes_pod	Apply security context to your pods, deployments and daemon_sets	Terraform	PodSecurityContext.py
3027	CKV_K8S_29	resource	kubernetes_pod_v1	Apply security context to your pods, deployments and daemon_sets	Terraform	PodSecurityContext.py
3028	CKV_K8S_30	resource	CronJob	Apply security context to your containers	Kubernetes	ContainerSecurityContext.py
3029	CKV_K8S_30	resource	DaemonSet	Apply security context to your containers	Kubernetes	ContainerSecurityContext.py
3030	CKV_K8S_30	resource	Deployment	Apply security context to your containers	Kubernetes	ContainerSecurityContext.py
3031	CKV_K8S_30	resource	DeploymentConfig	Apply security context to your containers	Kubernetes	ContainerSecurityContext.py
3032	CKV_K8S_30	resource	Job	Apply security context to your containers	Kubernetes	ContainerSecurityContext.py
3033	CKV_K8S_30	resource	Pod	Apply security context to your containers	Kubernetes	ContainerSecurityContext.py
3034	CKV_K8S_30	resource	PodTemplate	Apply security context to your containers	Kubernetes	ContainerSecurityContext.py
3035	CKV_K8S_30	resource	ReplicaSet	Apply security context to your containers	Kubernetes	ContainerSecurityContext.py
3036	CKV_K8S_30	resource	ReplicationController	Apply security context to your containers	Kubernetes	ContainerSecurityContext.py
3037	CKV_K8S_30	resource	StatefulSet	Apply security context to your containers	Kubernetes	ContainerSecurityContext.py
3038	CKV_K8S_30	resource	kubernetes_deployment	Apply security context to your pods and containers	Terraform	ContainerSecurityContext.py
3039	CKV_K8S_30	resource	kubernetes_deployment_v1	Apply security context to your pods and containers	Terraform	ContainerSecurityContext.py
3040	CKV_K8S_30	resource	kubernetes_pod	Apply security context to your pods and containers	Terraform	ContainerSecurityContext.py
3041	CKV_K8S_30	resource	kubernetes_pod_v1	Apply security context to your pods and containers	Terraform	ContainerSecurityContext.py
3042	CKV_K8S_31	resource	CronJob	Ensure that the seccomp profile is set to docker/default or runtime/default	Kubernetes	Seccomp.py
3043	CKV_K8S_31	resource	DaemonSet	Ensure that the seccomp profile is set to docker/default or runtime/default	Kubernetes	Seccomp.py
3044	CKV_K8S_31	resource	Deployment	Ensure that the seccomp profile is set to docker/default or runtime/default	Kubernetes	Seccomp.py
3045	CKV_K8S_31	resource	Job	Ensure that the seccomp profile is set to docker/default or runtime/default	Kubernetes	Seccomp.py
3046	CKV_K8S_31	resource	Pod	Ensure that the seccomp profile is set to docker/default or runtime/default	Kubernetes	Seccomp.py
3047	CKV_K8S_31	resource	ReplicaSet	Ensure that the seccomp profile is set to docker/default or runtime/default	Kubernetes	Seccomp.py
3048	CKV_K8S_31	resource	ReplicationController	Ensure that the seccomp profile is set to docker/default or runtime/default	Kubernetes	Seccomp.py
3049	CKV_K8S_31	resource	StatefulSet	Ensure that the seccomp profile is set to docker/default or runtime/default	Kubernetes	Seccomp.py
3050	CKV_K8S_32	resource	PodSecurityPolicy	Ensure default seccomp profile set to docker/default or runtime/default	Kubernetes	SeccompPSP.py
3051	CKV_K8S_32	resource	kubernetes_pod_security_policy	Ensure default seccomp profile set to docker/default or runtime/default	Terraform	SeccompPSP.py
3052	CKV_K8S_33	resource	CronJob	Ensure the Kubernetes dashboard is not deployed	Kubernetes	KubernetesDashboard.py
3053	CKV_K8S_33	resource	DaemonSet	Ensure the Kubernetes dashboard is not deployed	Kubernetes	KubernetesDashboard.py
3054	CKV_K8S_33	resource	Deployment	Ensure the Kubernetes dashboard is not deployed	Kubernetes	KubernetesDashboard.py
3055	CKV_K8S_33	resource	DeploymentConfig	Ensure the Kubernetes dashboard is not deployed	Kubernetes	KubernetesDashboard.py
3056	CKV_K8S_33	resource	Job	Ensure the Kubernetes dashboard is not deployed	Kubernetes	KubernetesDashboard.py
3057	CKV_K8S_33	resource	Pod	Ensure the Kubernetes dashboard is not deployed	Kubernetes	KubernetesDashboard.py
3058	CKV_K8S_33	resource	PodTemplate	Ensure the Kubernetes dashboard is not deployed	Kubernetes	KubernetesDashboard.py
3059	CKV_K8S_33	resource	ReplicaSet	Ensure the Kubernetes dashboard is not deployed	Kubernetes	KubernetesDashboard.py
3060	CKV_K8S_33	resource	ReplicationController	Ensure the Kubernetes dashboard is not deployed	Kubernetes	KubernetesDashboard.py
3061	CKV_K8S_33	resource	StatefulSet	Ensure the Kubernetes dashboard is not deployed	Kubernetes	KubernetesDashboard.py
3062	CKV_K8S_34	resource	CronJob	Ensure that Tiller (Helm v2) is not deployed	Kubernetes	Tiller.py
3063	CKV_K8S_34	resource	DaemonSet	Ensure that Tiller (Helm v2) is not deployed	Kubernetes	Tiller.py
3064	CKV_K8S_34	resource	Deployment	Ensure that Tiller (Helm v2) is not deployed	Kubernetes	Tiller.py
3065	CKV_K8S_34	resource	DeploymentConfig	Ensure that Tiller (Helm v2) is not deployed	Kubernetes	Tiller.py
3066	CKV_K8S_34	resource	Job	Ensure that Tiller (Helm v2) is not deployed	Kubernetes	Tiller.py
3067	CKV_K8S_34	resource	Pod	Ensure that Tiller (Helm v2) is not deployed	Kubernetes	Tiller.py
3068	CKV_K8S_34	resource	PodTemplate	Ensure that Tiller (Helm v2) is not deployed	Kubernetes	Tiller.py
3069	CKV_K8S_34	resource	ReplicaSet	Ensure that Tiller (Helm v2) is not deployed	Kubernetes	Tiller.py
3070	CKV_K8S_34	resource	ReplicationController	Ensure that Tiller (Helm v2) is not deployed	Kubernetes	Tiller.py
3071	CKV_K8S_34	resource	StatefulSet	Ensure that Tiller (Helm v2) is not deployed	Kubernetes	Tiller.py
3072	CKV_K8S_34	resource	kubernetes_deployment	Ensure that Tiller (Helm v2) is not deployed	Terraform	Tiller.py
3073	CKV_K8S_34	resource	kubernetes_deployment_v1	Ensure that Tiller (Helm v2) is not deployed	Terraform	Tiller.py
3074	CKV_K8S_34	resource	kubernetes_pod	Ensure that Tiller (Helm v2) is not deployed	Terraform	Tiller.py
3075	CKV_K8S_34	resource	kubernetes_pod_v1	Ensure that Tiller (Helm v2) is not deployed	Terraform	Tiller.py
3076	CKV_K8S_35	resource	CronJob	Prefer using secrets as files over secrets as environment variables	Kubernetes	Secrets.py
3077	CKV_K8S_35	resource	DaemonSet	Prefer using secrets as files over secrets as environment variables	Kubernetes	Secrets.py
3078	CKV_K8S_35	resource	Deployment	Prefer using secrets as files over secrets as environment variables	Kubernetes	Secrets.py
3079	CKV_K8S_35	resource	DeploymentConfig	Prefer using secrets as files over secrets as environment variables	Kubernetes	Secrets.py
3080	CKV_K8S_35	resource	Job	Prefer using secrets as files over secrets as environment variables	Kubernetes	Secrets.py
3081	CKV_K8S_35	resource	Pod	Prefer using secrets as files over secrets as environment variables	Kubernetes	Secrets.py
3082	CKV_K8S_35	resource	PodTemplate	Prefer using secrets as files over secrets as environment variables	Kubernetes	Secrets.py
3083	CKV_K8S_35	resource	ReplicaSet	Prefer using secrets as files over secrets as environment variables	Kubernetes	Secrets.py
3084	CKV_K8S_35	resource	ReplicationController	Prefer using secrets as files over secrets as environment variables	Kubernetes	Secrets.py
3085	CKV_K8S_35	resource	StatefulSet	Prefer using secrets as files over secrets as environment variables	Kubernetes	Secrets.py
3086	CKV_K8S_35	resource	kubernetes_deployment	Prefer using secrets as files over secrets as environment variables	Terraform	Secrets.py
3087	CKV_K8S_35	resource	kubernetes_deployment_v1	Prefer using secrets as files over secrets as environment variables	Terraform	Secrets.py
3088	CKV_K8S_35	resource	kubernetes_pod	Prefer using secrets as files over secrets as environment variables	Terraform	Secrets.py
3089	CKV_K8S_35	resource	kubernetes_pod_v1	Prefer using secrets as files over secrets as environment variables	Terraform	Secrets.py
3090	CKV_K8S_36	resource	PodSecurityPolicy	Minimize the admission of containers with capabilities assigned	Kubernetes	MinimizeCapabilitiesPSP.py
3091	CKV_K8S_36	resource	kubernetes_pod_security_policy	Minimise the admission of containers with capabilities assigned	Terraform	MinimiseCapabilitiesPSP.py
3092	CKV_K8S_37	resource	CronJob	Minimize the admission of containers with capabilities assigned	Kubernetes	MinimizeCapabilities.py
3093	CKV_K8S_37	resource	DaemonSet	Minimize the admission of containers with capabilities assigned	Kubernetes	MinimizeCapabilities.py
3094	CKV_K8S_37	resource	Deployment	Minimize the admission of containers with capabilities assigned	Kubernetes	MinimizeCapabilities.py
3095	CKV_K8S_37	resource	DeploymentConfig	Minimize the admission of containers with capabilities assigned	Kubernetes	MinimizeCapabilities.py
3096	CKV_K8S_37	resource	Job	Minimize the admission of containers with capabilities assigned	Kubernetes	MinimizeCapabilities.py
3097	CKV_K8S_37	resource	Pod	Minimize the admission of containers with capabilities assigned	Kubernetes	MinimizeCapabilities.py
3098	CKV_K8S_37	resource	PodTemplate	Minimize the admission of containers with capabilities assigned	Kubernetes	MinimizeCapabilities.py
3099	CKV_K8S_37	resource	ReplicaSet	Minimize the admission of containers with capabilities assigned	Kubernetes	MinimizeCapabilities.py
3100	CKV_K8S_37	resource	ReplicationController	Minimize the admission of containers with capabilities assigned	Kubernetes	MinimizeCapabilities.py
3101	CKV_K8S_37	resource	StatefulSet	Minimize the admission of containers with capabilities assigned	Kubernetes	MinimizeCapabilities.py
3102	CKV_K8S_37	resource	kubernetes_deployment	Minimise the admission of containers with capabilities assigned	Terraform	MinimiseCapabilities.py
3103	CKV_K8S_37	resource	kubernetes_deployment_v1	Minimise the admission of containers with capabilities assigned	Terraform	MinimiseCapabilities.py
3104	CKV_K8S_37	resource	kubernetes_pod	Minimise the admission of containers with capabilities assigned	Terraform	MinimiseCapabilities.py
3105	CKV_K8S_37	resource	kubernetes_pod_v1	Minimise the admission of containers with capabilities assigned	Terraform	MinimiseCapabilities.py
3106	CKV_K8S_38	resource	CronJob	Ensure that Service Account Tokens are only mounted where necessary	Kubernetes	ServiceAccountTokens.py
3107	CKV_K8S_38	resource	DaemonSet	Ensure that Service Account Tokens are only mounted where necessary	Kubernetes	ServiceAccountTokens.py
3108	CKV_K8S_38	resource	Deployment	Ensure that Service Account Tokens are only mounted where necessary	Kubernetes	ServiceAccountTokens.py
3109	CKV_K8S_38	resource	Job	Ensure that Service Account Tokens are only mounted where necessary	Kubernetes	ServiceAccountTokens.py
3110	CKV_K8S_38	resource	Pod	Ensure that Service Account Tokens are only mounted where necessary	Kubernetes	ServiceAccountTokens.py
3111	CKV_K8S_38	resource	ReplicaSet	Ensure that Service Account Tokens are only mounted where necessary	Kubernetes	ServiceAccountTokens.py
3112	CKV_K8S_38	resource	ReplicationController	Ensure that Service Account Tokens are only mounted where necessary	Kubernetes	ServiceAccountTokens.py
3113	CKV_K8S_38	resource	StatefulSet	Ensure that Service Account Tokens are only mounted where necessary	Kubernetes	ServiceAccountTokens.py
3114	CKV_K8S_39	resource	CronJob	Do not use the CAP_SYS_ADMIN linux capability	Kubernetes	AllowedCapabilitiesSysAdmin.py
3115	CKV_K8S_39	resource	DaemonSet	Do not use the CAP_SYS_ADMIN linux capability	Kubernetes	AllowedCapabilitiesSysAdmin.py
3116	CKV_K8S_39	resource	Deployment	Do not use the CAP_SYS_ADMIN linux capability	Kubernetes	AllowedCapabilitiesSysAdmin.py
3117	CKV_K8S_39	resource	DeploymentConfig	Do not use the CAP_SYS_ADMIN linux capability	Kubernetes	AllowedCapabilitiesSysAdmin.py
3118	CKV_K8S_39	resource	Job	Do not use the CAP_SYS_ADMIN linux capability	Kubernetes	AllowedCapabilitiesSysAdmin.py
3119	CKV_K8S_39	resource	Pod	Do not use the CAP_SYS_ADMIN linux capability	Kubernetes	AllowedCapabilitiesSysAdmin.py
3120	CKV_K8S_39	resource	PodTemplate	Do not use the CAP_SYS_ADMIN linux capability	Kubernetes	AllowedCapabilitiesSysAdmin.py
3121	CKV_K8S_39	resource	ReplicaSet	Do not use the CAP_SYS_ADMIN linux capability	Kubernetes	AllowedCapabilitiesSysAdmin.py
3122	CKV_K8S_39	resource	ReplicationController	Do not use the CAP_SYS_ADMIN linux capability	Kubernetes	AllowedCapabilitiesSysAdmin.py
3123	CKV_K8S_39	resource	StatefulSet	Do not use the CAP_SYS_ADMIN linux capability	Kubernetes	AllowedCapabilitiesSysAdmin.py
3124	CKV_K8S_39	resource	kubernetes_deployment	Do not use the CAP_SYS_ADMIN linux capability	Terraform	AllowedCapabilitiesSysAdmin.py
3125	CKV_K8S_39	resource	kubernetes_deployment_v1	Do not use the CAP_SYS_ADMIN linux capability	Terraform	AllowedCapabilitiesSysAdmin.py
3126	CKV_K8S_39	resource	kubernetes_pod	Do not use the CAP_SYS_ADMIN linux capability	Terraform	AllowedCapabilitiesSysAdmin.py
3127	CKV_K8S_39	resource	kubernetes_pod_v1	Do not use the CAP_SYS_ADMIN linux capability	Terraform	AllowedCapabilitiesSysAdmin.py
3128	CKV_K8S_40	resource	CronJob	Containers should run as a high UID to avoid host conflict	Kubernetes	RootContainersHighUID.py
3129	CKV_K8S_40	resource	DaemonSet	Containers should run as a high UID to avoid host conflict	Kubernetes	RootContainersHighUID.py
3130	CKV_K8S_40	resource	Deployment	Containers should run as a high UID to avoid host conflict	Kubernetes	RootContainersHighUID.py
3131	CKV_K8S_40	resource	Job	Containers should run as a high UID to avoid host conflict	Kubernetes	RootContainersHighUID.py
3132	CKV_K8S_40	resource	Pod	Containers should run as a high UID to avoid host conflict	Kubernetes	RootContainersHighUID.py
3133	CKV_K8S_40	resource	ReplicaSet	Containers should run as a high UID to avoid host conflict	Kubernetes	RootContainersHighUID.py
3134	CKV_K8S_40	resource	ReplicationController	Containers should run as a high UID to avoid host conflict	Kubernetes	RootContainersHighUID.py
3135	CKV_K8S_40	resource	StatefulSet	Containers should run as a high UID to avoid host conflict	Kubernetes	RootContainersHighUID.py
3136	CKV_K8S_41	resource	ServiceAccount	Ensure that default service accounts are not actively used	Kubernetes	DefaultServiceAccount.py
3137	CKV_K8S_41	resource	kubernetes_service_account	Ensure that default service accounts are not actively used	Terraform	DefaultServiceAccount.py
3138	CKV_K8S_41	resource	kubernetes_service_account_v1	Ensure that default service accounts are not actively used	Terraform	DefaultServiceAccount.py
3139	CKV_K8S_42	resource	ClusterRoleBinding	Ensure that default service accounts are not actively used	Kubernetes	DefaultServiceAccountBinding.py
3140	CKV_K8S_42	resource	RoleBinding	Ensure that default service accounts are not actively used	Kubernetes	DefaultServiceAccountBinding.py
3141	CKV_K8S_42	resource	kubernetes_cluster_role_binding	Ensure that default service accounts are not actively used	Terraform	DefaultServiceAccountBinding.py
3142	CKV_K8S_42	resource	kubernetes_cluster_role_binding_v1	Ensure that default service accounts are not actively used	Terraform	DefaultServiceAccountBinding.py
3143	CKV_K8S_42	resource	kubernetes_role_binding	Ensure that default service accounts are not actively used	Terraform	DefaultServiceAccountBinding.py
3144	CKV_K8S_42	resource	kubernetes_role_binding_v1	Ensure that default service accounts are not actively used	Terraform	DefaultServiceAccountBinding.py
3145	CKV_K8S_43	resource	CronJob	Image should use digest	Kubernetes	ImageDigest.py
3146	CKV_K8S_43	resource	DaemonSet	Image should use digest	Kubernetes	ImageDigest.py
3147	CKV_K8S_43	resource	Deployment	Image should use digest	Kubernetes	ImageDigest.py
3148	CKV_K8S_43	resource	DeploymentConfig	Image should use digest	Kubernetes	ImageDigest.py
3149	CKV_K8S_43	resource	Job	Image should use digest	Kubernetes	ImageDigest.py
3150	CKV_K8S_43	resource	Pod	Image should use digest	Kubernetes	ImageDigest.py
3151	CKV_K8S_43	resource	PodTemplate	Image should use digest	Kubernetes	ImageDigest.py
3152	CKV_K8S_43	resource	ReplicaSet	Image should use digest	Kubernetes	ImageDigest.py
3153	CKV_K8S_43	resource	ReplicationController	Image should use digest	Kubernetes	ImageDigest.py
3154	CKV_K8S_43	resource	StatefulSet	Image should use digest	Kubernetes	ImageDigest.py
3155	CKV_K8S_43	resource	kubernetes_deployment	Image should use digest	Terraform	ImageDigest.py
3156	CKV_K8S_43	resource	kubernetes_deployment_v1	Image should use digest	Terraform	ImageDigest.py
3157	CKV_K8S_43	resource	kubernetes_pod	Image should use digest	Terraform	ImageDigest.py
3158	CKV_K8S_43	resource	kubernetes_pod_v1	Image should use digest	Terraform	ImageDigest.py
3159	CKV_K8S_44	resource	Service	Ensure that the Tiller Service (Helm v2) is deleted	Kubernetes	TillerService.py
3160	CKV_K8S_44	resource	kubernetes_service	Ensure that the Tiller Service (Helm v2) is deleted	Terraform	TillerService.py
3161	CKV_K8S_44	resource	kubernetes_service_v1	Ensure that the Tiller Service (Helm v2) is deleted	Terraform	TillerService.py
3162	CKV_K8S_45	resource	CronJob	Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster	Kubernetes	TillerDeploymentListener.py
3163	CKV_K8S_45	resource	DaemonSet	Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster	Kubernetes	TillerDeploymentListener.py
3164	CKV_K8S_45	resource	Deployment	Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster	Kubernetes	TillerDeploymentListener.py
3165	CKV_K8S_45	resource	DeploymentConfig	Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster	Kubernetes	TillerDeploymentListener.py
3166	CKV_K8S_45	resource	Job	Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster	Kubernetes	TillerDeploymentListener.py
3167	CKV_K8S_45	resource	Pod	Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster	Kubernetes	TillerDeploymentListener.py
3168	CKV_K8S_45	resource	PodTemplate	Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster	Kubernetes	TillerDeploymentListener.py
3169	CKV_K8S_45	resource	ReplicaSet	Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster	Kubernetes	TillerDeploymentListener.py
3170	CKV_K8S_45	resource	ReplicationController	Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster	Kubernetes	TillerDeploymentListener.py
3171	CKV_K8S_45	resource	StatefulSet	Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster	Kubernetes	TillerDeploymentListener.py
3172	CKV_K8S_49	resource	ClusterRole	Minimize wildcard use in Roles and ClusterRoles	Kubernetes	WildcardRoles.py
3173	CKV_K8S_49	resource	Role	Minimize wildcard use in Roles and ClusterRoles	Kubernetes	WildcardRoles.py
3174	CKV_K8S_49	resource	kubernetes_cluster_role	Minimize wildcard use in Roles and ClusterRoles	Terraform	WildcardRoles.py
3175	CKV_K8S_49	resource	kubernetes_cluster_role_v1	Minimize wildcard use in Roles and ClusterRoles	Terraform	WildcardRoles.py
3176	CKV_K8S_49	resource	kubernetes_role	Minimize wildcard use in Roles and ClusterRoles	Terraform	WildcardRoles.py
3177	CKV_K8S_49	resource	kubernetes_role_v1	Minimize wildcard use in Roles and ClusterRoles	Terraform	WildcardRoles.py
3178	CKV_K8S_68	resource	CronJob	Ensure that the –anonymous-auth argument is set to false	Kubernetes	ApiServerAnonymousAuth.py
3179	CKV_K8S_68	resource	DaemonSet	Ensure that the –anonymous-auth argument is set to false	Kubernetes	ApiServerAnonymousAuth.py
3180	CKV_K8S_68	resource	Deployment	Ensure that the –anonymous-auth argument is set to false	Kubernetes	ApiServerAnonymousAuth.py
3181	CKV_K8S_68	resource	DeploymentConfig	Ensure that the –anonymous-auth argument is set to false	Kubernetes	ApiServerAnonymousAuth.py
3182	CKV_K8S_68	resource	Job	Ensure that the –anonymous-auth argument is set to false	Kubernetes	ApiServerAnonymousAuth.py
3183	CKV_K8S_68	resource	Pod	Ensure that the –anonymous-auth argument is set to false	Kubernetes	ApiServerAnonymousAuth.py
3184	CKV_K8S_68	resource	PodTemplate	Ensure that the –anonymous-auth argument is set to false	Kubernetes	ApiServerAnonymousAuth.py
3185	CKV_K8S_68	resource	ReplicaSet	Ensure that the –anonymous-auth argument is set to false	Kubernetes	ApiServerAnonymousAuth.py
3186	CKV_K8S_68	resource	ReplicationController	Ensure that the –anonymous-auth argument is set to false	Kubernetes	ApiServerAnonymousAuth.py
3187	CKV_K8S_68	resource	StatefulSet	Ensure that the –anonymous-auth argument is set to false	Kubernetes	ApiServerAnonymousAuth.py
3188	CKV_K8S_69	resource	CronJob	Ensure that the –basic-auth-file argument is not set	Kubernetes	ApiServerBasicAuthFile.py
3189	CKV_K8S_69	resource	DaemonSet	Ensure that the –basic-auth-file argument is not set	Kubernetes	ApiServerBasicAuthFile.py
3190	CKV_K8S_69	resource	Deployment	Ensure that the –basic-auth-file argument is not set	Kubernetes	ApiServerBasicAuthFile.py
3191	CKV_K8S_69	resource	DeploymentConfig	Ensure that the –basic-auth-file argument is not set	Kubernetes	ApiServerBasicAuthFile.py
3192	CKV_K8S_69	resource	Job	Ensure that the –basic-auth-file argument is not set	Kubernetes	ApiServerBasicAuthFile.py
3193	CKV_K8S_69	resource	Pod	Ensure that the –basic-auth-file argument is not set	Kubernetes	ApiServerBasicAuthFile.py
3194	CKV_K8S_69	resource	PodTemplate	Ensure that the –basic-auth-file argument is not set	Kubernetes	ApiServerBasicAuthFile.py
3195	CKV_K8S_69	resource	ReplicaSet	Ensure that the –basic-auth-file argument is not set	Kubernetes	ApiServerBasicAuthFile.py
3196	CKV_K8S_69	resource	ReplicationController	Ensure that the –basic-auth-file argument is not set	Kubernetes	ApiServerBasicAuthFile.py
3197	CKV_K8S_69	resource	StatefulSet	Ensure that the –basic-auth-file argument is not set	Kubernetes	ApiServerBasicAuthFile.py
3198	CKV_K8S_70	resource	CronJob	Ensure that the –token-auth-file argument is not set	Kubernetes	ApiServerTokenAuthFile.py
3199	CKV_K8S_70	resource	DaemonSet	Ensure that the –token-auth-file argument is not set	Kubernetes	ApiServerTokenAuthFile.py
3200	CKV_K8S_70	resource	Deployment	Ensure that the –token-auth-file argument is not set	Kubernetes	ApiServerTokenAuthFile.py
3201	CKV_K8S_70	resource	DeploymentConfig	Ensure that the –token-auth-file argument is not set	Kubernetes	ApiServerTokenAuthFile.py
3202	CKV_K8S_70	resource	Job	Ensure that the –token-auth-file argument is not set	Kubernetes	ApiServerTokenAuthFile.py
3203	CKV_K8S_70	resource	Pod	Ensure that the –token-auth-file argument is not set	Kubernetes	ApiServerTokenAuthFile.py
3204	CKV_K8S_70	resource	PodTemplate	Ensure that the –token-auth-file argument is not set	Kubernetes	ApiServerTokenAuthFile.py
3205	CKV_K8S_70	resource	ReplicaSet	Ensure that the –token-auth-file argument is not set	Kubernetes	ApiServerTokenAuthFile.py
3206	CKV_K8S_70	resource	ReplicationController	Ensure that the –token-auth-file argument is not set	Kubernetes	ApiServerTokenAuthFile.py
3207	CKV_K8S_70	resource	StatefulSet	Ensure that the –token-auth-file argument is not set	Kubernetes	ApiServerTokenAuthFile.py
3208	CKV_K8S_71	resource	CronJob	Ensure that the –kubelet-https argument is set to true	Kubernetes	ApiServerKubeletHttps.py
3209	CKV_K8S_71	resource	DaemonSet	Ensure that the –kubelet-https argument is set to true	Kubernetes	ApiServerKubeletHttps.py
3210	CKV_K8S_71	resource	Deployment	Ensure that the –kubelet-https argument is set to true	Kubernetes	ApiServerKubeletHttps.py
3211	CKV_K8S_71	resource	DeploymentConfig	Ensure that the –kubelet-https argument is set to true	Kubernetes	ApiServerKubeletHttps.py
3212	CKV_K8S_71	resource	Job	Ensure that the –kubelet-https argument is set to true	Kubernetes	ApiServerKubeletHttps.py
3213	CKV_K8S_71	resource	Pod	Ensure that the –kubelet-https argument is set to true	Kubernetes	ApiServerKubeletHttps.py
3214	CKV_K8S_71	resource	PodTemplate	Ensure that the –kubelet-https argument is set to true	Kubernetes	ApiServerKubeletHttps.py
3215	CKV_K8S_71	resource	ReplicaSet	Ensure that the –kubelet-https argument is set to true	Kubernetes	ApiServerKubeletHttps.py
3216	CKV_K8S_71	resource	ReplicationController	Ensure that the –kubelet-https argument is set to true	Kubernetes	ApiServerKubeletHttps.py
3217	CKV_K8S_71	resource	StatefulSet	Ensure that the –kubelet-https argument is set to true	Kubernetes	ApiServerKubeletHttps.py
3218	CKV_K8S_72	resource	CronJob	Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate	Kubernetes	ApiServerKubeletClientCertAndKey.py
3219	CKV_K8S_72	resource	DaemonSet	Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate	Kubernetes	ApiServerKubeletClientCertAndKey.py
3220	CKV_K8S_72	resource	Deployment	Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate	Kubernetes	ApiServerKubeletClientCertAndKey.py
3221	CKV_K8S_72	resource	DeploymentConfig	Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate	Kubernetes	ApiServerKubeletClientCertAndKey.py
3222	CKV_K8S_72	resource	Job	Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate	Kubernetes	ApiServerKubeletClientCertAndKey.py
3223	CKV_K8S_72	resource	Pod	Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate	Kubernetes	ApiServerKubeletClientCertAndKey.py
3224	CKV_K8S_72	resource	PodTemplate	Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate	Kubernetes	ApiServerKubeletClientCertAndKey.py
3225	CKV_K8S_72	resource	ReplicaSet	Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate	Kubernetes	ApiServerKubeletClientCertAndKey.py
3226	CKV_K8S_72	resource	ReplicationController	Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate	Kubernetes	ApiServerKubeletClientCertAndKey.py
3227	CKV_K8S_72	resource	StatefulSet	Ensure that the –kubelet-client-certificate and –kubelet-client-key arguments are set as appropriate	Kubernetes	ApiServerKubeletClientCertAndKey.py
3228	CKV_K8S_73	resource	CronJob	Ensure that the –kubelet-certificate-authority argument is set as appropriate	Kubernetes	ApiServerkubeletCertificateAuthority.py
3229	CKV_K8S_73	resource	DaemonSet	Ensure that the –kubelet-certificate-authority argument is set as appropriate	Kubernetes	ApiServerkubeletCertificateAuthority.py
3230	CKV_K8S_73	resource	Deployment	Ensure that the –kubelet-certificate-authority argument is set as appropriate	Kubernetes	ApiServerkubeletCertificateAuthority.py
3231	CKV_K8S_73	resource	DeploymentConfig	Ensure that the –kubelet-certificate-authority argument is set as appropriate	Kubernetes	ApiServerkubeletCertificateAuthority.py
3232	CKV_K8S_73	resource	Job	Ensure that the –kubelet-certificate-authority argument is set as appropriate	Kubernetes	ApiServerkubeletCertificateAuthority.py
3233	CKV_K8S_73	resource	Pod	Ensure that the –kubelet-certificate-authority argument is set as appropriate	Kubernetes	ApiServerkubeletCertificateAuthority.py
3234	CKV_K8S_73	resource	PodTemplate	Ensure that the –kubelet-certificate-authority argument is set as appropriate	Kubernetes	ApiServerkubeletCertificateAuthority.py
3235	CKV_K8S_73	resource	ReplicaSet	Ensure that the –kubelet-certificate-authority argument is set as appropriate	Kubernetes	ApiServerkubeletCertificateAuthority.py
3236	CKV_K8S_73	resource	ReplicationController	Ensure that the –kubelet-certificate-authority argument is set as appropriate	Kubernetes	ApiServerkubeletCertificateAuthority.py
3237	CKV_K8S_73	resource	StatefulSet	Ensure that the –kubelet-certificate-authority argument is set as appropriate	Kubernetes	ApiServerkubeletCertificateAuthority.py
3238	CKV_K8S_74	resource	CronJob	Ensure that the –authorization-mode argument is not set to AlwaysAllow	Kubernetes	ApiServerAuthorizationModeNotAlwaysAllow.py
3239	CKV_K8S_74	resource	DaemonSet	Ensure that the –authorization-mode argument is not set to AlwaysAllow	Kubernetes	ApiServerAuthorizationModeNotAlwaysAllow.py
3240	CKV_K8S_74	resource	Deployment	Ensure that the –authorization-mode argument is not set to AlwaysAllow	Kubernetes	ApiServerAuthorizationModeNotAlwaysAllow.py
3241	CKV_K8S_74	resource	DeploymentConfig	Ensure that the –authorization-mode argument is not set to AlwaysAllow	Kubernetes	ApiServerAuthorizationModeNotAlwaysAllow.py
3242	CKV_K8S_74	resource	Job	Ensure that the –authorization-mode argument is not set to AlwaysAllow	Kubernetes	ApiServerAuthorizationModeNotAlwaysAllow.py
3243	CKV_K8S_74	resource	Pod	Ensure that the –authorization-mode argument is not set to AlwaysAllow	Kubernetes	ApiServerAuthorizationModeNotAlwaysAllow.py
3244	CKV_K8S_74	resource	PodTemplate	Ensure that the –authorization-mode argument is not set to AlwaysAllow	Kubernetes	ApiServerAuthorizationModeNotAlwaysAllow.py
3245	CKV_K8S_74	resource	ReplicaSet	Ensure that the –authorization-mode argument is not set to AlwaysAllow	Kubernetes	ApiServerAuthorizationModeNotAlwaysAllow.py
3246	CKV_K8S_74	resource	ReplicationController	Ensure that the –authorization-mode argument is not set to AlwaysAllow	Kubernetes	ApiServerAuthorizationModeNotAlwaysAllow.py
3247	CKV_K8S_74	resource	StatefulSet	Ensure that the –authorization-mode argument is not set to AlwaysAllow	Kubernetes	ApiServerAuthorizationModeNotAlwaysAllow.py
3248	CKV_K8S_75	resource	CronJob	Ensure that the –authorization-mode argument includes Node	Kubernetes	ApiServerAuthorizationModeNode.py
3249	CKV_K8S_75	resource	DaemonSet	Ensure that the –authorization-mode argument includes Node	Kubernetes	ApiServerAuthorizationModeNode.py
3250	CKV_K8S_75	resource	Deployment	Ensure that the –authorization-mode argument includes Node	Kubernetes	ApiServerAuthorizationModeNode.py
3251	CKV_K8S_75	resource	DeploymentConfig	Ensure that the –authorization-mode argument includes Node	Kubernetes	ApiServerAuthorizationModeNode.py
3252	CKV_K8S_75	resource	Job	Ensure that the –authorization-mode argument includes Node	Kubernetes	ApiServerAuthorizationModeNode.py
3253	CKV_K8S_75	resource	Pod	Ensure that the –authorization-mode argument includes Node	Kubernetes	ApiServerAuthorizationModeNode.py
3254	CKV_K8S_75	resource	PodTemplate	Ensure that the –authorization-mode argument includes Node	Kubernetes	ApiServerAuthorizationModeNode.py
3255	CKV_K8S_75	resource	ReplicaSet	Ensure that the –authorization-mode argument includes Node	Kubernetes	ApiServerAuthorizationModeNode.py
3256	CKV_K8S_75	resource	ReplicationController	Ensure that the –authorization-mode argument includes Node	Kubernetes	ApiServerAuthorizationModeNode.py
3257	CKV_K8S_75	resource	StatefulSet	Ensure that the –authorization-mode argument includes Node	Kubernetes	ApiServerAuthorizationModeNode.py
3258	CKV_K8S_77	resource	CronJob	Ensure that the –authorization-mode argument includes RBAC	Kubernetes	ApiServerAuthorizationModeRBAC.py
3259	CKV_K8S_77	resource	DaemonSet	Ensure that the –authorization-mode argument includes RBAC	Kubernetes	ApiServerAuthorizationModeRBAC.py
3260	CKV_K8S_77	resource	Deployment	Ensure that the –authorization-mode argument includes RBAC	Kubernetes	ApiServerAuthorizationModeRBAC.py
3261	CKV_K8S_77	resource	DeploymentConfig	Ensure that the –authorization-mode argument includes RBAC	Kubernetes	ApiServerAuthorizationModeRBAC.py
3262	CKV_K8S_77	resource	Job	Ensure that the –authorization-mode argument includes RBAC	Kubernetes	ApiServerAuthorizationModeRBAC.py
3263	CKV_K8S_77	resource	Pod	Ensure that the –authorization-mode argument includes RBAC	Kubernetes	ApiServerAuthorizationModeRBAC.py
3264	CKV_K8S_77	resource	PodTemplate	Ensure that the –authorization-mode argument includes RBAC	Kubernetes	ApiServerAuthorizationModeRBAC.py
3265	CKV_K8S_77	resource	ReplicaSet	Ensure that the –authorization-mode argument includes RBAC	Kubernetes	ApiServerAuthorizationModeRBAC.py
3266	CKV_K8S_77	resource	ReplicationController	Ensure that the –authorization-mode argument includes RBAC	Kubernetes	ApiServerAuthorizationModeRBAC.py
3267	CKV_K8S_77	resource	StatefulSet	Ensure that the –authorization-mode argument includes RBAC	Kubernetes	ApiServerAuthorizationModeRBAC.py
3268	CKV_K8S_78	resource	AdmissionConfiguration	Ensure that the admission control plugin EventRateLimit is set	Kubernetes	ApiServerAdmissionControlEventRateLimit.py
3269	CKV_K8S_79	resource	CronJob	Ensure that the admission control plugin AlwaysAdmit is not set	Kubernetes	ApiServerAdmissionControlAlwaysAdmit.py
3270	CKV_K8S_79	resource	DaemonSet	Ensure that the admission control plugin AlwaysAdmit is not set	Kubernetes	ApiServerAdmissionControlAlwaysAdmit.py
3271	CKV_K8S_79	resource	Deployment	Ensure that the admission control plugin AlwaysAdmit is not set	Kubernetes	ApiServerAdmissionControlAlwaysAdmit.py
3272	CKV_K8S_79	resource	DeploymentConfig	Ensure that the admission control plugin AlwaysAdmit is not set	Kubernetes	ApiServerAdmissionControlAlwaysAdmit.py
3273	CKV_K8S_79	resource	Job	Ensure that the admission control plugin AlwaysAdmit is not set	Kubernetes	ApiServerAdmissionControlAlwaysAdmit.py
3274	CKV_K8S_79	resource	Pod	Ensure that the admission control plugin AlwaysAdmit is not set	Kubernetes	ApiServerAdmissionControlAlwaysAdmit.py
3275	CKV_K8S_79	resource	PodTemplate	Ensure that the admission control plugin AlwaysAdmit is not set	Kubernetes	ApiServerAdmissionControlAlwaysAdmit.py
3276	CKV_K8S_79	resource	ReplicaSet	Ensure that the admission control plugin AlwaysAdmit is not set	Kubernetes	ApiServerAdmissionControlAlwaysAdmit.py
3277	CKV_K8S_79	resource	ReplicationController	Ensure that the admission control plugin AlwaysAdmit is not set	Kubernetes	ApiServerAdmissionControlAlwaysAdmit.py
3278	CKV_K8S_79	resource	StatefulSet	Ensure that the admission control plugin AlwaysAdmit is not set	Kubernetes	ApiServerAdmissionControlAlwaysAdmit.py
3279	CKV_K8S_80	resource	CronJob	Ensure that the admission control plugin AlwaysPullImages is set	Kubernetes	ApiServerAlwaysPullImagesPlugin.py
3280	CKV_K8S_80	resource	DaemonSet	Ensure that the admission control plugin AlwaysPullImages is set	Kubernetes	ApiServerAlwaysPullImagesPlugin.py
3281	CKV_K8S_80	resource	Deployment	Ensure that the admission control plugin AlwaysPullImages is set	Kubernetes	ApiServerAlwaysPullImagesPlugin.py
3282	CKV_K8S_80	resource	DeploymentConfig	Ensure that the admission control plugin AlwaysPullImages is set	Kubernetes	ApiServerAlwaysPullImagesPlugin.py
3283	CKV_K8S_80	resource	Job	Ensure that the admission control plugin AlwaysPullImages is set	Kubernetes	ApiServerAlwaysPullImagesPlugin.py
3284	CKV_K8S_80	resource	Pod	Ensure that the admission control plugin AlwaysPullImages is set	Kubernetes	ApiServerAlwaysPullImagesPlugin.py
3285	CKV_K8S_80	resource	PodTemplate	Ensure that the admission control plugin AlwaysPullImages is set	Kubernetes	ApiServerAlwaysPullImagesPlugin.py
3286	CKV_K8S_80	resource	ReplicaSet	Ensure that the admission control plugin AlwaysPullImages is set	Kubernetes	ApiServerAlwaysPullImagesPlugin.py
3287	CKV_K8S_80	resource	ReplicationController	Ensure that the admission control plugin AlwaysPullImages is set	Kubernetes	ApiServerAlwaysPullImagesPlugin.py
3288	CKV_K8S_80	resource	StatefulSet	Ensure that the admission control plugin AlwaysPullImages is set	Kubernetes	ApiServerAlwaysPullImagesPlugin.py
3289	CKV_K8S_81	resource	CronJob	Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used	Kubernetes	ApiServerSecurityContextDenyPlugin.py
3290	CKV_K8S_81	resource	DaemonSet	Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used	Kubernetes	ApiServerSecurityContextDenyPlugin.py
3291	CKV_K8S_81	resource	Deployment	Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used	Kubernetes	ApiServerSecurityContextDenyPlugin.py
3292	CKV_K8S_81	resource	DeploymentConfig	Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used	Kubernetes	ApiServerSecurityContextDenyPlugin.py
3293	CKV_K8S_81	resource	Job	Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used	Kubernetes	ApiServerSecurityContextDenyPlugin.py
3294	CKV_K8S_81	resource	Pod	Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used	Kubernetes	ApiServerSecurityContextDenyPlugin.py
3295	CKV_K8S_81	resource	PodTemplate	Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used	Kubernetes	ApiServerSecurityContextDenyPlugin.py
3296	CKV_K8S_81	resource	ReplicaSet	Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used	Kubernetes	ApiServerSecurityContextDenyPlugin.py
3297	CKV_K8S_81	resource	ReplicationController	Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used	Kubernetes	ApiServerSecurityContextDenyPlugin.py
3298	CKV_K8S_81	resource	StatefulSet	Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used	Kubernetes	ApiServerSecurityContextDenyPlugin.py
3299	CKV_K8S_82	resource	CronJob	Ensure that the admission control plugin ServiceAccount is set	Kubernetes	ApiServerServiceAccountPlugin.py
3300	CKV_K8S_82	resource	DaemonSet	Ensure that the admission control plugin ServiceAccount is set	Kubernetes	ApiServerServiceAccountPlugin.py
3301	CKV_K8S_82	resource	Deployment	Ensure that the admission control plugin ServiceAccount is set	Kubernetes	ApiServerServiceAccountPlugin.py
3302	CKV_K8S_82	resource	DeploymentConfig	Ensure that the admission control plugin ServiceAccount is set	Kubernetes	ApiServerServiceAccountPlugin.py
3303	CKV_K8S_82	resource	Job	Ensure that the admission control plugin ServiceAccount is set	Kubernetes	ApiServerServiceAccountPlugin.py
3304	CKV_K8S_82	resource	Pod	Ensure that the admission control plugin ServiceAccount is set	Kubernetes	ApiServerServiceAccountPlugin.py
3305	CKV_K8S_82	resource	PodTemplate	Ensure that the admission control plugin ServiceAccount is set	Kubernetes	ApiServerServiceAccountPlugin.py
3306	CKV_K8S_82	resource	ReplicaSet	Ensure that the admission control plugin ServiceAccount is set	Kubernetes	ApiServerServiceAccountPlugin.py
3307	CKV_K8S_82	resource	ReplicationController	Ensure that the admission control plugin ServiceAccount is set	Kubernetes	ApiServerServiceAccountPlugin.py
3308	CKV_K8S_82	resource	StatefulSet	Ensure that the admission control plugin ServiceAccount is set	Kubernetes	ApiServerServiceAccountPlugin.py
3309	CKV_K8S_83	resource	CronJob	Ensure that the admission control plugin NamespaceLifecycle is set	Kubernetes	ApiServerNamespaceLifecyclePlugin.py
3310	CKV_K8S_83	resource	DaemonSet	Ensure that the admission control plugin NamespaceLifecycle is set	Kubernetes	ApiServerNamespaceLifecyclePlugin.py
3311	CKV_K8S_83	resource	Deployment	Ensure that the admission control plugin NamespaceLifecycle is set	Kubernetes	ApiServerNamespaceLifecyclePlugin.py
3312	CKV_K8S_83	resource	DeploymentConfig	Ensure that the admission control plugin NamespaceLifecycle is set	Kubernetes	ApiServerNamespaceLifecyclePlugin.py
3313	CKV_K8S_83	resource	Job	Ensure that the admission control plugin NamespaceLifecycle is set	Kubernetes	ApiServerNamespaceLifecyclePlugin.py
3314	CKV_K8S_83	resource	Pod	Ensure that the admission control plugin NamespaceLifecycle is set	Kubernetes	ApiServerNamespaceLifecyclePlugin.py
3315	CKV_K8S_83	resource	PodTemplate	Ensure that the admission control plugin NamespaceLifecycle is set	Kubernetes	ApiServerNamespaceLifecyclePlugin.py
3316	CKV_K8S_83	resource	ReplicaSet	Ensure that the admission control plugin NamespaceLifecycle is set	Kubernetes	ApiServerNamespaceLifecyclePlugin.py
3317	CKV_K8S_83	resource	ReplicationController	Ensure that the admission control plugin NamespaceLifecycle is set	Kubernetes	ApiServerNamespaceLifecyclePlugin.py
3318	CKV_K8S_83	resource	StatefulSet	Ensure that the admission control plugin NamespaceLifecycle is set	Kubernetes	ApiServerNamespaceLifecyclePlugin.py
3319	CKV_K8S_84	resource	CronJob	Ensure that the admission control plugin PodSecurityPolicy is set	Kubernetes	ApiServerPodSecurityPolicyPlugin.py
3320	CKV_K8S_84	resource	DaemonSet	Ensure that the admission control plugin PodSecurityPolicy is set	Kubernetes	ApiServerPodSecurityPolicyPlugin.py
3321	CKV_K8S_84	resource	Deployment	Ensure that the admission control plugin PodSecurityPolicy is set	Kubernetes	ApiServerPodSecurityPolicyPlugin.py
3322	CKV_K8S_84	resource	DeploymentConfig	Ensure that the admission control plugin PodSecurityPolicy is set	Kubernetes	ApiServerPodSecurityPolicyPlugin.py
3323	CKV_K8S_84	resource	Job	Ensure that the admission control plugin PodSecurityPolicy is set	Kubernetes	ApiServerPodSecurityPolicyPlugin.py
3324	CKV_K8S_84	resource	Pod	Ensure that the admission control plugin PodSecurityPolicy is set	Kubernetes	ApiServerPodSecurityPolicyPlugin.py
3325	CKV_K8S_84	resource	PodTemplate	Ensure that the admission control plugin PodSecurityPolicy is set	Kubernetes	ApiServerPodSecurityPolicyPlugin.py
3326	CKV_K8S_84	resource	ReplicaSet	Ensure that the admission control plugin PodSecurityPolicy is set	Kubernetes	ApiServerPodSecurityPolicyPlugin.py
3327	CKV_K8S_84	resource	ReplicationController	Ensure that the admission control plugin PodSecurityPolicy is set	Kubernetes	ApiServerPodSecurityPolicyPlugin.py
3328	CKV_K8S_84	resource	StatefulSet	Ensure that the admission control plugin PodSecurityPolicy is set	Kubernetes	ApiServerPodSecurityPolicyPlugin.py
3329	CKV_K8S_85	resource	CronJob	Ensure that the admission control plugin NodeRestriction is set	Kubernetes	ApiServerNodeRestrictionPlugin.py
3330	CKV_K8S_85	resource	DaemonSet	Ensure that the admission control plugin NodeRestriction is set	Kubernetes	ApiServerNodeRestrictionPlugin.py
3331	CKV_K8S_85	resource	Deployment	Ensure that the admission control plugin NodeRestriction is set	Kubernetes	ApiServerNodeRestrictionPlugin.py
3332	CKV_K8S_85	resource	DeploymentConfig	Ensure that the admission control plugin NodeRestriction is set	Kubernetes	ApiServerNodeRestrictionPlugin.py
3333	CKV_K8S_85	resource	Job	Ensure that the admission control plugin NodeRestriction is set	Kubernetes	ApiServerNodeRestrictionPlugin.py
3334	CKV_K8S_85	resource	Pod	Ensure that the admission control plugin NodeRestriction is set	Kubernetes	ApiServerNodeRestrictionPlugin.py
3335	CKV_K8S_85	resource	PodTemplate	Ensure that the admission control plugin NodeRestriction is set	Kubernetes	ApiServerNodeRestrictionPlugin.py
3336	CKV_K8S_85	resource	ReplicaSet	Ensure that the admission control plugin NodeRestriction is set	Kubernetes	ApiServerNodeRestrictionPlugin.py
3337	CKV_K8S_85	resource	ReplicationController	Ensure that the admission control plugin NodeRestriction is set	Kubernetes	ApiServerNodeRestrictionPlugin.py
3338	CKV_K8S_85	resource	StatefulSet	Ensure that the admission control plugin NodeRestriction is set	Kubernetes	ApiServerNodeRestrictionPlugin.py
3339	CKV_K8S_86	resource	CronJob	Ensure that the –insecure-bind-address argument is not set	Kubernetes	ApiServerInsecureBindAddress.py
3340	CKV_K8S_86	resource	DaemonSet	Ensure that the –insecure-bind-address argument is not set	Kubernetes	ApiServerInsecureBindAddress.py
3341	CKV_K8S_86	resource	Deployment	Ensure that the –insecure-bind-address argument is not set	Kubernetes	ApiServerInsecureBindAddress.py
3342	CKV_K8S_86	resource	DeploymentConfig	Ensure that the –insecure-bind-address argument is not set	Kubernetes	ApiServerInsecureBindAddress.py
3343	CKV_K8S_86	resource	Job	Ensure that the –insecure-bind-address argument is not set	Kubernetes	ApiServerInsecureBindAddress.py
3344	CKV_K8S_86	resource	Pod	Ensure that the –insecure-bind-address argument is not set	Kubernetes	ApiServerInsecureBindAddress.py
3345	CKV_K8S_86	resource	PodTemplate	Ensure that the –insecure-bind-address argument is not set	Kubernetes	ApiServerInsecureBindAddress.py
3346	CKV_K8S_86	resource	ReplicaSet	Ensure that the –insecure-bind-address argument is not set	Kubernetes	ApiServerInsecureBindAddress.py
3347	CKV_K8S_86	resource	ReplicationController	Ensure that the –insecure-bind-address argument is not set	Kubernetes	ApiServerInsecureBindAddress.py
3348	CKV_K8S_86	resource	StatefulSet	Ensure that the –insecure-bind-address argument is not set	Kubernetes	ApiServerInsecureBindAddress.py
3349	CKV_K8S_88	resource	CronJob	Ensure that the –insecure-port argument is set to 0	Kubernetes	ApiServerInsecurePort.py
3350	CKV_K8S_88	resource	DaemonSet	Ensure that the –insecure-port argument is set to 0	Kubernetes	ApiServerInsecurePort.py
3351	CKV_K8S_88	resource	Deployment	Ensure that the –insecure-port argument is set to 0	Kubernetes	ApiServerInsecurePort.py
3352	CKV_K8S_88	resource	DeploymentConfig	Ensure that the –insecure-port argument is set to 0	Kubernetes	ApiServerInsecurePort.py
3353	CKV_K8S_88	resource	Job	Ensure that the –insecure-port argument is set to 0	Kubernetes	ApiServerInsecurePort.py
3354	CKV_K8S_88	resource	Pod	Ensure that the –insecure-port argument is set to 0	Kubernetes	ApiServerInsecurePort.py
3355	CKV_K8S_88	resource	PodTemplate	Ensure that the –insecure-port argument is set to 0	Kubernetes	ApiServerInsecurePort.py
3356	CKV_K8S_88	resource	ReplicaSet	Ensure that the –insecure-port argument is set to 0	Kubernetes	ApiServerInsecurePort.py
3357	CKV_K8S_88	resource	ReplicationController	Ensure that the –insecure-port argument is set to 0	Kubernetes	ApiServerInsecurePort.py
3358	CKV_K8S_88	resource	StatefulSet	Ensure that the –insecure-port argument is set to 0	Kubernetes	ApiServerInsecurePort.py
3359	CKV_K8S_89	resource	CronJob	Ensure that the –secure-port argument is not set to 0	Kubernetes	ApiServerSecurePort.py
3360	CKV_K8S_89	resource	DaemonSet	Ensure that the –secure-port argument is not set to 0	Kubernetes	ApiServerSecurePort.py
3361	CKV_K8S_89	resource	Deployment	Ensure that the –secure-port argument is not set to 0	Kubernetes	ApiServerSecurePort.py
3362	CKV_K8S_89	resource	DeploymentConfig	Ensure that the –secure-port argument is not set to 0	Kubernetes	ApiServerSecurePort.py
3363	CKV_K8S_89	resource	Job	Ensure that the –secure-port argument is not set to 0	Kubernetes	ApiServerSecurePort.py
3364	CKV_K8S_89	resource	Pod	Ensure that the –secure-port argument is not set to 0	Kubernetes	ApiServerSecurePort.py
3365	CKV_K8S_89	resource	PodTemplate	Ensure that the –secure-port argument is not set to 0	Kubernetes	ApiServerSecurePort.py
3366	CKV_K8S_89	resource	ReplicaSet	Ensure that the –secure-port argument is not set to 0	Kubernetes	ApiServerSecurePort.py
3367	CKV_K8S_89	resource	ReplicationController	Ensure that the –secure-port argument is not set to 0	Kubernetes	ApiServerSecurePort.py
3368	CKV_K8S_89	resource	StatefulSet	Ensure that the –secure-port argument is not set to 0	Kubernetes	ApiServerSecurePort.py
3369	CKV_K8S_90	resource	CronJob	Ensure that the –profiling argument is set to false	Kubernetes	ApiServerProfiling.py
3370	CKV_K8S_90	resource	DaemonSet	Ensure that the –profiling argument is set to false	Kubernetes	ApiServerProfiling.py
3371	CKV_K8S_90	resource	Deployment	Ensure that the –profiling argument is set to false	Kubernetes	ApiServerProfiling.py
3372	CKV_K8S_90	resource	DeploymentConfig	Ensure that the –profiling argument is set to false	Kubernetes	ApiServerProfiling.py
3373	CKV_K8S_90	resource	Job	Ensure that the –profiling argument is set to false	Kubernetes	ApiServerProfiling.py
3374	CKV_K8S_90	resource	Pod	Ensure that the –profiling argument is set to false	Kubernetes	ApiServerProfiling.py
3375	CKV_K8S_90	resource	PodTemplate	Ensure that the –profiling argument is set to false	Kubernetes	ApiServerProfiling.py
3376	CKV_K8S_90	resource	ReplicaSet	Ensure that the –profiling argument is set to false	Kubernetes	ApiServerProfiling.py
3377	CKV_K8S_90	resource	ReplicationController	Ensure that the –profiling argument is set to false	Kubernetes	ApiServerProfiling.py
3378	CKV_K8S_90	resource	StatefulSet	Ensure that the –profiling argument is set to false	Kubernetes	ApiServerProfiling.py
3379	CKV_K8S_91	resource	CronJob	Ensure that the –audit-log-path argument is set	Kubernetes	ApiServerAuditLog.py
3380	CKV_K8S_91	resource	DaemonSet	Ensure that the –audit-log-path argument is set	Kubernetes	ApiServerAuditLog.py
3381	CKV_K8S_91	resource	Deployment	Ensure that the –audit-log-path argument is set	Kubernetes	ApiServerAuditLog.py
3382	CKV_K8S_91	resource	DeploymentConfig	Ensure that the –audit-log-path argument is set	Kubernetes	ApiServerAuditLog.py
3383	CKV_K8S_91	resource	Job	Ensure that the –audit-log-path argument is set	Kubernetes	ApiServerAuditLog.py
3384	CKV_K8S_91	resource	Pod	Ensure that the –audit-log-path argument is set	Kubernetes	ApiServerAuditLog.py
3385	CKV_K8S_91	resource	PodTemplate	Ensure that the –audit-log-path argument is set	Kubernetes	ApiServerAuditLog.py
3386	CKV_K8S_91	resource	ReplicaSet	Ensure that the –audit-log-path argument is set	Kubernetes	ApiServerAuditLog.py
3387	CKV_K8S_91	resource	ReplicationController	Ensure that the –audit-log-path argument is set	Kubernetes	ApiServerAuditLog.py
3388	CKV_K8S_91	resource	StatefulSet	Ensure that the –audit-log-path argument is set	Kubernetes	ApiServerAuditLog.py
3389	CKV_K8S_92	resource	CronJob	Ensure that the –audit-log-maxage argument is set to 30 or as appropriate	Kubernetes	ApiServerAuditLogMaxAge.py
3390	CKV_K8S_92	resource	DaemonSet	Ensure that the –audit-log-maxage argument is set to 30 or as appropriate	Kubernetes	ApiServerAuditLogMaxAge.py
3391	CKV_K8S_92	resource	Deployment	Ensure that the –audit-log-maxage argument is set to 30 or as appropriate	Kubernetes	ApiServerAuditLogMaxAge.py
3392	CKV_K8S_92	resource	DeploymentConfig	Ensure that the –audit-log-maxage argument is set to 30 or as appropriate	Kubernetes	ApiServerAuditLogMaxAge.py
3393	CKV_K8S_92	resource	Job	Ensure that the –audit-log-maxage argument is set to 30 or as appropriate	Kubernetes	ApiServerAuditLogMaxAge.py
3394	CKV_K8S_92	resource	Pod	Ensure that the –audit-log-maxage argument is set to 30 or as appropriate	Kubernetes	ApiServerAuditLogMaxAge.py
3395	CKV_K8S_92	resource	PodTemplate	Ensure that the –audit-log-maxage argument is set to 30 or as appropriate	Kubernetes	ApiServerAuditLogMaxAge.py
3396	CKV_K8S_92	resource	ReplicaSet	Ensure that the –audit-log-maxage argument is set to 30 or as appropriate	Kubernetes	ApiServerAuditLogMaxAge.py
3397	CKV_K8S_92	resource	ReplicationController	Ensure that the –audit-log-maxage argument is set to 30 or as appropriate	Kubernetes	ApiServerAuditLogMaxAge.py
3398	CKV_K8S_92	resource	StatefulSet	Ensure that the –audit-log-maxage argument is set to 30 or as appropriate	Kubernetes	ApiServerAuditLogMaxAge.py
3399	CKV_K8S_93	resource	CronJob	Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate	Kubernetes	ApiServerAuditLogMaxBackup.py
3400	CKV_K8S_93	resource	DaemonSet	Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate	Kubernetes	ApiServerAuditLogMaxBackup.py
3401	CKV_K8S_93	resource	Deployment	Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate	Kubernetes	ApiServerAuditLogMaxBackup.py
3402	CKV_K8S_93	resource	DeploymentConfig	Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate	Kubernetes	ApiServerAuditLogMaxBackup.py
3403	CKV_K8S_93	resource	Job	Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate	Kubernetes	ApiServerAuditLogMaxBackup.py
3404	CKV_K8S_93	resource	Pod	Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate	Kubernetes	ApiServerAuditLogMaxBackup.py
3405	CKV_K8S_93	resource	PodTemplate	Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate	Kubernetes	ApiServerAuditLogMaxBackup.py
3406	CKV_K8S_93	resource	ReplicaSet	Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate	Kubernetes	ApiServerAuditLogMaxBackup.py
3407	CKV_K8S_93	resource	ReplicationController	Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate	Kubernetes	ApiServerAuditLogMaxBackup.py
3408	CKV_K8S_93	resource	StatefulSet	Ensure that the –audit-log-maxbackup argument is set to 10 or as appropriate	Kubernetes	ApiServerAuditLogMaxBackup.py
3409	CKV_K8S_94	resource	CronJob	Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate	Kubernetes	ApiServerAuditLogMaxSize.py
3410	CKV_K8S_94	resource	DaemonSet	Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate	Kubernetes	ApiServerAuditLogMaxSize.py
3411	CKV_K8S_94	resource	Deployment	Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate	Kubernetes	ApiServerAuditLogMaxSize.py
3412	CKV_K8S_94	resource	DeploymentConfig	Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate	Kubernetes	ApiServerAuditLogMaxSize.py
3413	CKV_K8S_94	resource	Job	Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate	Kubernetes	ApiServerAuditLogMaxSize.py
3414	CKV_K8S_94	resource	Pod	Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate	Kubernetes	ApiServerAuditLogMaxSize.py
3415	CKV_K8S_94	resource	PodTemplate	Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate	Kubernetes	ApiServerAuditLogMaxSize.py
3416	CKV_K8S_94	resource	ReplicaSet	Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate	Kubernetes	ApiServerAuditLogMaxSize.py
3417	CKV_K8S_94	resource	ReplicationController	Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate	Kubernetes	ApiServerAuditLogMaxSize.py
3418	CKV_K8S_94	resource	StatefulSet	Ensure that the –audit-log-maxsize argument is set to 100 or as appropriate	Kubernetes	ApiServerAuditLogMaxSize.py
3419	CKV_K8S_95	resource	CronJob	Ensure that the –request-timeout argument is set as appropriate	Kubernetes	ApiServerRequestTimeout.py
3420	CKV_K8S_95	resource	DaemonSet	Ensure that the –request-timeout argument is set as appropriate	Kubernetes	ApiServerRequestTimeout.py
3421	CKV_K8S_95	resource	Deployment	Ensure that the –request-timeout argument is set as appropriate	Kubernetes	ApiServerRequestTimeout.py
3422	CKV_K8S_95	resource	DeploymentConfig	Ensure that the –request-timeout argument is set as appropriate	Kubernetes	ApiServerRequestTimeout.py
3423	CKV_K8S_95	resource	Job	Ensure that the –request-timeout argument is set as appropriate	Kubernetes	ApiServerRequestTimeout.py
3424	CKV_K8S_95	resource	Pod	Ensure that the –request-timeout argument is set as appropriate	Kubernetes	ApiServerRequestTimeout.py
3425	CKV_K8S_95	resource	PodTemplate	Ensure that the –request-timeout argument is set as appropriate	Kubernetes	ApiServerRequestTimeout.py
3426	CKV_K8S_95	resource	ReplicaSet	Ensure that the –request-timeout argument is set as appropriate	Kubernetes	ApiServerRequestTimeout.py
3427	CKV_K8S_95	resource	ReplicationController	Ensure that the –request-timeout argument is set as appropriate	Kubernetes	ApiServerRequestTimeout.py
3428	CKV_K8S_95	resource	StatefulSet	Ensure that the –request-timeout argument is set as appropriate	Kubernetes	ApiServerRequestTimeout.py
3429	CKV_K8S_96	resource	CronJob	Ensure that the –service-account-lookup argument is set to true	Kubernetes	ApiServerServiceAccountLookup.py
3430	CKV_K8S_96	resource	DaemonSet	Ensure that the –service-account-lookup argument is set to true	Kubernetes	ApiServerServiceAccountLookup.py
3431	CKV_K8S_96	resource	Deployment	Ensure that the –service-account-lookup argument is set to true	Kubernetes	ApiServerServiceAccountLookup.py
3432	CKV_K8S_96	resource	DeploymentConfig	Ensure that the –service-account-lookup argument is set to true	Kubernetes	ApiServerServiceAccountLookup.py
3433	CKV_K8S_96	resource	Job	Ensure that the –service-account-lookup argument is set to true	Kubernetes	ApiServerServiceAccountLookup.py
3434	CKV_K8S_96	resource	Pod	Ensure that the –service-account-lookup argument is set to true	Kubernetes	ApiServerServiceAccountLookup.py
3435	CKV_K8S_96	resource	PodTemplate	Ensure that the –service-account-lookup argument is set to true	Kubernetes	ApiServerServiceAccountLookup.py
3436	CKV_K8S_96	resource	ReplicaSet	Ensure that the –service-account-lookup argument is set to true	Kubernetes	ApiServerServiceAccountLookup.py
3437	CKV_K8S_96	resource	ReplicationController	Ensure that the –service-account-lookup argument is set to true	Kubernetes	ApiServerServiceAccountLookup.py
3438	CKV_K8S_96	resource	StatefulSet	Ensure that the –service-account-lookup argument is set to true	Kubernetes	ApiServerServiceAccountLookup.py
3439	CKV_K8S_97	resource	CronJob	Ensure that the –service-account-key-file argument is set as appropriate	Kubernetes	ApiServerServiceAccountKeyFile.py
3440	CKV_K8S_97	resource	DaemonSet	Ensure that the –service-account-key-file argument is set as appropriate	Kubernetes	ApiServerServiceAccountKeyFile.py
3441	CKV_K8S_97	resource	Deployment	Ensure that the –service-account-key-file argument is set as appropriate	Kubernetes	ApiServerServiceAccountKeyFile.py
3442	CKV_K8S_97	resource	DeploymentConfig	Ensure that the –service-account-key-file argument is set as appropriate	Kubernetes	ApiServerServiceAccountKeyFile.py
3443	CKV_K8S_97	resource	Job	Ensure that the –service-account-key-file argument is set as appropriate	Kubernetes	ApiServerServiceAccountKeyFile.py
3444	CKV_K8S_97	resource	Pod	Ensure that the –service-account-key-file argument is set as appropriate	Kubernetes	ApiServerServiceAccountKeyFile.py
3445	CKV_K8S_97	resource	PodTemplate	Ensure that the –service-account-key-file argument is set as appropriate	Kubernetes	ApiServerServiceAccountKeyFile.py
3446	CKV_K8S_97	resource	ReplicaSet	Ensure that the –service-account-key-file argument is set as appropriate	Kubernetes	ApiServerServiceAccountKeyFile.py
3447	CKV_K8S_97	resource	ReplicationController	Ensure that the –service-account-key-file argument is set as appropriate	Kubernetes	ApiServerServiceAccountKeyFile.py
3448	CKV_K8S_97	resource	StatefulSet	Ensure that the –service-account-key-file argument is set as appropriate	Kubernetes	ApiServerServiceAccountKeyFile.py
3449	CKV_K8S_99	resource	CronJob	Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate	Kubernetes	ApiServerEtcdCertAndKey.py
3450	CKV_K8S_99	resource	DaemonSet	Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate	Kubernetes	ApiServerEtcdCertAndKey.py
3451	CKV_K8S_99	resource	Deployment	Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate	Kubernetes	ApiServerEtcdCertAndKey.py
3452	CKV_K8S_99	resource	DeploymentConfig	Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate	Kubernetes	ApiServerEtcdCertAndKey.py
3453	CKV_K8S_99	resource	Job	Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate	Kubernetes	ApiServerEtcdCertAndKey.py
3454	CKV_K8S_99	resource	Pod	Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate	Kubernetes	ApiServerEtcdCertAndKey.py
3455	CKV_K8S_99	resource	PodTemplate	Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate	Kubernetes	ApiServerEtcdCertAndKey.py
3456	CKV_K8S_99	resource	ReplicaSet	Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate	Kubernetes	ApiServerEtcdCertAndKey.py
3457	CKV_K8S_99	resource	ReplicationController	Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate	Kubernetes	ApiServerEtcdCertAndKey.py
3458	CKV_K8S_99	resource	StatefulSet	Ensure that the –etcd-certfile and –etcd-keyfile arguments are set as appropriate	Kubernetes	ApiServerEtcdCertAndKey.py
3459	CKV_K8S_100	resource	CronJob	Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate	Kubernetes	ApiServerTlsCertAndKey.py
3460	CKV_K8S_100	resource	DaemonSet	Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate	Kubernetes	ApiServerTlsCertAndKey.py
3461	CKV_K8S_100	resource	Deployment	Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate	Kubernetes	ApiServerTlsCertAndKey.py
3462	CKV_K8S_100	resource	DeploymentConfig	Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate	Kubernetes	ApiServerTlsCertAndKey.py
3463	CKV_K8S_100	resource	Job	Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate	Kubernetes	ApiServerTlsCertAndKey.py
3464	CKV_K8S_100	resource	Pod	Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate	Kubernetes	ApiServerTlsCertAndKey.py
3465	CKV_K8S_100	resource	PodTemplate	Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate	Kubernetes	ApiServerTlsCertAndKey.py
3466	CKV_K8S_100	resource	ReplicaSet	Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate	Kubernetes	ApiServerTlsCertAndKey.py
3467	CKV_K8S_100	resource	ReplicationController	Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate	Kubernetes	ApiServerTlsCertAndKey.py
3468	CKV_K8S_100	resource	StatefulSet	Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate	Kubernetes	ApiServerTlsCertAndKey.py
3469	CKV_K8S_102	resource	CronJob	Ensure that the –etcd-cafile argument is set as appropriate	Kubernetes	ApiServerEtcdCaFile.py
3470	CKV_K8S_102	resource	DaemonSet	Ensure that the –etcd-cafile argument is set as appropriate	Kubernetes	ApiServerEtcdCaFile.py
3471	CKV_K8S_102	resource	Deployment	Ensure that the –etcd-cafile argument is set as appropriate	Kubernetes	ApiServerEtcdCaFile.py
3472	CKV_K8S_102	resource	DeploymentConfig	Ensure that the –etcd-cafile argument is set as appropriate	Kubernetes	ApiServerEtcdCaFile.py
3473	CKV_K8S_102	resource	Job	Ensure that the –etcd-cafile argument is set as appropriate	Kubernetes	ApiServerEtcdCaFile.py
3474	CKV_K8S_102	resource	Pod	Ensure that the –etcd-cafile argument is set as appropriate	Kubernetes	ApiServerEtcdCaFile.py
3475	CKV_K8S_102	resource	PodTemplate	Ensure that the –etcd-cafile argument is set as appropriate	Kubernetes	ApiServerEtcdCaFile.py
3476	CKV_K8S_102	resource	ReplicaSet	Ensure that the –etcd-cafile argument is set as appropriate	Kubernetes	ApiServerEtcdCaFile.py
3477	CKV_K8S_102	resource	ReplicationController	Ensure that the –etcd-cafile argument is set as appropriate	Kubernetes	ApiServerEtcdCaFile.py
3478	CKV_K8S_102	resource	StatefulSet	Ensure that the –etcd-cafile argument is set as appropriate	Kubernetes	ApiServerEtcdCaFile.py
3479	CKV_K8S_104	resource	CronJob	Ensure that encryption providers are appropriately configured	Kubernetes	ApiServerEncryptionProviders.py
3480	CKV_K8S_104	resource	DaemonSet	Ensure that encryption providers are appropriately configured	Kubernetes	ApiServerEncryptionProviders.py
3481	CKV_K8S_104	resource	Deployment	Ensure that encryption providers are appropriately configured	Kubernetes	ApiServerEncryptionProviders.py
3482	CKV_K8S_104	resource	DeploymentConfig	Ensure that encryption providers are appropriately configured	Kubernetes	ApiServerEncryptionProviders.py
3483	CKV_K8S_104	resource	Job	Ensure that encryption providers are appropriately configured	Kubernetes	ApiServerEncryptionProviders.py
3484	CKV_K8S_104	resource	Pod	Ensure that encryption providers are appropriately configured	Kubernetes	ApiServerEncryptionProviders.py
3485	CKV_K8S_104	resource	PodTemplate	Ensure that encryption providers are appropriately configured	Kubernetes	ApiServerEncryptionProviders.py
3486	CKV_K8S_104	resource	ReplicaSet	Ensure that encryption providers are appropriately configured	Kubernetes	ApiServerEncryptionProviders.py
3487	CKV_K8S_104	resource	ReplicationController	Ensure that encryption providers are appropriately configured	Kubernetes	ApiServerEncryptionProviders.py
3488	CKV_K8S_104	resource	StatefulSet	Ensure that encryption providers are appropriately configured	Kubernetes	ApiServerEncryptionProviders.py
3489	CKV_K8S_105	resource	CronJob	Ensure that the API Server only makes use of Strong Cryptographic Ciphers	Kubernetes	ApiServerStrongCryptographicCiphers.py
3490	CKV_K8S_105	resource	DaemonSet	Ensure that the API Server only makes use of Strong Cryptographic Ciphers	Kubernetes	ApiServerStrongCryptographicCiphers.py
3491	CKV_K8S_105	resource	Deployment	Ensure that the API Server only makes use of Strong Cryptographic Ciphers	Kubernetes	ApiServerStrongCryptographicCiphers.py
3492	CKV_K8S_105	resource	DeploymentConfig	Ensure that the API Server only makes use of Strong Cryptographic Ciphers	Kubernetes	ApiServerStrongCryptographicCiphers.py
3493	CKV_K8S_105	resource	Job	Ensure that the API Server only makes use of Strong Cryptographic Ciphers	Kubernetes	ApiServerStrongCryptographicCiphers.py
3494	CKV_K8S_105	resource	Pod	Ensure that the API Server only makes use of Strong Cryptographic Ciphers	Kubernetes	ApiServerStrongCryptographicCiphers.py
3495	CKV_K8S_105	resource	PodTemplate	Ensure that the API Server only makes use of Strong Cryptographic Ciphers	Kubernetes	ApiServerStrongCryptographicCiphers.py
3496	CKV_K8S_105	resource	ReplicaSet	Ensure that the API Server only makes use of Strong Cryptographic Ciphers	Kubernetes	ApiServerStrongCryptographicCiphers.py
3497	CKV_K8S_105	resource	ReplicationController	Ensure that the API Server only makes use of Strong Cryptographic Ciphers	Kubernetes	ApiServerStrongCryptographicCiphers.py
3498	CKV_K8S_105	resource	StatefulSet	Ensure that the API Server only makes use of Strong Cryptographic Ciphers	Kubernetes	ApiServerStrongCryptographicCiphers.py
3499	CKV_K8S_106	resource	CronJob	Ensure that the –terminated-pod-gc-threshold argument is set as appropriate	Kubernetes	KubeControllerManagerTerminatedPods.py
3500	CKV_K8S_106	resource	DaemonSet	Ensure that the –terminated-pod-gc-threshold argument is set as appropriate	Kubernetes	KubeControllerManagerTerminatedPods.py
3501	CKV_K8S_106	resource	Deployment	Ensure that the –terminated-pod-gc-threshold argument is set as appropriate	Kubernetes	KubeControllerManagerTerminatedPods.py
3502	CKV_K8S_106	resource	DeploymentConfig	Ensure that the –terminated-pod-gc-threshold argument is set as appropriate	Kubernetes	KubeControllerManagerTerminatedPods.py
3503	CKV_K8S_106	resource	Job	Ensure that the –terminated-pod-gc-threshold argument is set as appropriate	Kubernetes	KubeControllerManagerTerminatedPods.py
3504	CKV_K8S_106	resource	Pod	Ensure that the –terminated-pod-gc-threshold argument is set as appropriate	Kubernetes	KubeControllerManagerTerminatedPods.py
3505	CKV_K8S_106	resource	PodTemplate	Ensure that the –terminated-pod-gc-threshold argument is set as appropriate	Kubernetes	KubeControllerManagerTerminatedPods.py
3506	CKV_K8S_106	resource	ReplicaSet	Ensure that the –terminated-pod-gc-threshold argument is set as appropriate	Kubernetes	KubeControllerManagerTerminatedPods.py
3507	CKV_K8S_106	resource	ReplicationController	Ensure that the –terminated-pod-gc-threshold argument is set as appropriate	Kubernetes	KubeControllerManagerTerminatedPods.py
3508	CKV_K8S_106	resource	StatefulSet	Ensure that the –terminated-pod-gc-threshold argument is set as appropriate	Kubernetes	KubeControllerManagerTerminatedPods.py
3509	CKV_K8S_107	resource	CronJob	Ensure that the –profiling argument is set to false	Kubernetes	KubeControllerManagerBlockProfiles.py
3510	CKV_K8S_107	resource	DaemonSet	Ensure that the –profiling argument is set to false	Kubernetes	KubeControllerManagerBlockProfiles.py
3511	CKV_K8S_107	resource	Deployment	Ensure that the –profiling argument is set to false	Kubernetes	KubeControllerManagerBlockProfiles.py
3512	CKV_K8S_107	resource	DeploymentConfig	Ensure that the –profiling argument is set to false	Kubernetes	KubeControllerManagerBlockProfiles.py
3513	CKV_K8S_107	resource	Job	Ensure that the –profiling argument is set to false	Kubernetes	KubeControllerManagerBlockProfiles.py
3514	CKV_K8S_107	resource	Pod	Ensure that the –profiling argument is set to false	Kubernetes	KubeControllerManagerBlockProfiles.py
3515	CKV_K8S_107	resource	PodTemplate	Ensure that the –profiling argument is set to false	Kubernetes	KubeControllerManagerBlockProfiles.py
3516	CKV_K8S_107	resource	ReplicaSet	Ensure that the –profiling argument is set to false	Kubernetes	KubeControllerManagerBlockProfiles.py
3517	CKV_K8S_107	resource	ReplicationController	Ensure that the –profiling argument is set to false	Kubernetes	KubeControllerManagerBlockProfiles.py
3518	CKV_K8S_107	resource	StatefulSet	Ensure that the –profiling argument is set to false	Kubernetes	KubeControllerManagerBlockProfiles.py
3519	CKV_K8S_108	resource	CronJob	Ensure that the –use-service-account-credentials argument is set to true	Kubernetes	KubeControllerManagerServiceAccountCredentials.py
3520	CKV_K8S_108	resource	DaemonSet	Ensure that the –use-service-account-credentials argument is set to true	Kubernetes	KubeControllerManagerServiceAccountCredentials.py
3521	CKV_K8S_108	resource	Deployment	Ensure that the –use-service-account-credentials argument is set to true	Kubernetes	KubeControllerManagerServiceAccountCredentials.py
3522	CKV_K8S_108	resource	DeploymentConfig	Ensure that the –use-service-account-credentials argument is set to true	Kubernetes	KubeControllerManagerServiceAccountCredentials.py
3523	CKV_K8S_108	resource	Job	Ensure that the –use-service-account-credentials argument is set to true	Kubernetes	KubeControllerManagerServiceAccountCredentials.py
3524	CKV_K8S_108	resource	Pod	Ensure that the –use-service-account-credentials argument is set to true	Kubernetes	KubeControllerManagerServiceAccountCredentials.py
3525	CKV_K8S_108	resource	PodTemplate	Ensure that the –use-service-account-credentials argument is set to true	Kubernetes	KubeControllerManagerServiceAccountCredentials.py
3526	CKV_K8S_108	resource	ReplicaSet	Ensure that the –use-service-account-credentials argument is set to true	Kubernetes	KubeControllerManagerServiceAccountCredentials.py
3527	CKV_K8S_108	resource	ReplicationController	Ensure that the –use-service-account-credentials argument is set to true	Kubernetes	KubeControllerManagerServiceAccountCredentials.py
3528	CKV_K8S_108	resource	StatefulSet	Ensure that the –use-service-account-credentials argument is set to true	Kubernetes	KubeControllerManagerServiceAccountCredentials.py
3529	CKV_K8S_110	resource	CronJob	Ensure that the –service-account-private-key-file argument is set as appropriate	Kubernetes	KubeControllerManagerServiceAccountPrivateKeyFile.py
3530	CKV_K8S_110	resource	DaemonSet	Ensure that the –service-account-private-key-file argument is set as appropriate	Kubernetes	KubeControllerManagerServiceAccountPrivateKeyFile.py
3531	CKV_K8S_110	resource	Deployment	Ensure that the –service-account-private-key-file argument is set as appropriate	Kubernetes	KubeControllerManagerServiceAccountPrivateKeyFile.py
3532	CKV_K8S_110	resource	DeploymentConfig	Ensure that the –service-account-private-key-file argument is set as appropriate	Kubernetes	KubeControllerManagerServiceAccountPrivateKeyFile.py
3533	CKV_K8S_110	resource	Job	Ensure that the –service-account-private-key-file argument is set as appropriate	Kubernetes	KubeControllerManagerServiceAccountPrivateKeyFile.py
3534	CKV_K8S_110	resource	Pod	Ensure that the –service-account-private-key-file argument is set as appropriate	Kubernetes	KubeControllerManagerServiceAccountPrivateKeyFile.py
3535	CKV_K8S_110	resource	PodTemplate	Ensure that the –service-account-private-key-file argument is set as appropriate	Kubernetes	KubeControllerManagerServiceAccountPrivateKeyFile.py
3536	CKV_K8S_110	resource	ReplicaSet	Ensure that the –service-account-private-key-file argument is set as appropriate	Kubernetes	KubeControllerManagerServiceAccountPrivateKeyFile.py
3537	CKV_K8S_110	resource	ReplicationController	Ensure that the –service-account-private-key-file argument is set as appropriate	Kubernetes	KubeControllerManagerServiceAccountPrivateKeyFile.py
3538	CKV_K8S_110	resource	StatefulSet	Ensure that the –service-account-private-key-file argument is set as appropriate	Kubernetes	KubeControllerManagerServiceAccountPrivateKeyFile.py
3539	CKV_K8S_111	resource	CronJob	Ensure that the –root-ca-file argument is set as appropriate	Kubernetes	KubeControllerManagerRootCAFile.py
3540	CKV_K8S_111	resource	DaemonSet	Ensure that the –root-ca-file argument is set as appropriate	Kubernetes	KubeControllerManagerRootCAFile.py
3541	CKV_K8S_111	resource	Deployment	Ensure that the –root-ca-file argument is set as appropriate	Kubernetes	KubeControllerManagerRootCAFile.py
3542	CKV_K8S_111	resource	DeploymentConfig	Ensure that the –root-ca-file argument is set as appropriate	Kubernetes	KubeControllerManagerRootCAFile.py
3543	CKV_K8S_111	resource	Job	Ensure that the –root-ca-file argument is set as appropriate	Kubernetes	KubeControllerManagerRootCAFile.py
3544	CKV_K8S_111	resource	Pod	Ensure that the –root-ca-file argument is set as appropriate	Kubernetes	KubeControllerManagerRootCAFile.py
3545	CKV_K8S_111	resource	PodTemplate	Ensure that the –root-ca-file argument is set as appropriate	Kubernetes	KubeControllerManagerRootCAFile.py
3546	CKV_K8S_111	resource	ReplicaSet	Ensure that the –root-ca-file argument is set as appropriate	Kubernetes	KubeControllerManagerRootCAFile.py
3547	CKV_K8S_111	resource	ReplicationController	Ensure that the –root-ca-file argument is set as appropriate	Kubernetes	KubeControllerManagerRootCAFile.py
3548	CKV_K8S_111	resource	StatefulSet	Ensure that the –root-ca-file argument is set as appropriate	Kubernetes	KubeControllerManagerRootCAFile.py
3549	CKV_K8S_112	resource	CronJob	Ensure that the RotateKubeletServerCertificate argument is set to true	Kubernetes	RotateKubeletServerCertificate.py
3550	CKV_K8S_112	resource	DaemonSet	Ensure that the RotateKubeletServerCertificate argument is set to true	Kubernetes	RotateKubeletServerCertificate.py
3551	CKV_K8S_112	resource	Deployment	Ensure that the RotateKubeletServerCertificate argument is set to true	Kubernetes	RotateKubeletServerCertificate.py
3552	CKV_K8S_112	resource	DeploymentConfig	Ensure that the RotateKubeletServerCertificate argument is set to true	Kubernetes	RotateKubeletServerCertificate.py
3553	CKV_K8S_112	resource	Job	Ensure that the RotateKubeletServerCertificate argument is set to true	Kubernetes	RotateKubeletServerCertificate.py
3554	CKV_K8S_112	resource	Pod	Ensure that the RotateKubeletServerCertificate argument is set to true	Kubernetes	RotateKubeletServerCertificate.py
3555	CKV_K8S_112	resource	PodTemplate	Ensure that the RotateKubeletServerCertificate argument is set to true	Kubernetes	RotateKubeletServerCertificate.py
3556	CKV_K8S_112	resource	ReplicaSet	Ensure that the RotateKubeletServerCertificate argument is set to true	Kubernetes	RotateKubeletServerCertificate.py
3557	CKV_K8S_112	resource	ReplicationController	Ensure that the RotateKubeletServerCertificate argument is set to true	Kubernetes	RotateKubeletServerCertificate.py
3558	CKV_K8S_112	resource	StatefulSet	Ensure that the RotateKubeletServerCertificate argument is set to true	Kubernetes	RotateKubeletServerCertificate.py
3559	CKV_K8S_113	resource	CronJob	Ensure that the –bind-address argument is set to 127.0.0.1	Kubernetes	ControllerManagerBindAddress.py
3560	CKV_K8S_113	resource	DaemonSet	Ensure that the –bind-address argument is set to 127.0.0.1	Kubernetes	ControllerManagerBindAddress.py
3561	CKV_K8S_113	resource	Deployment	Ensure that the –bind-address argument is set to 127.0.0.1	Kubernetes	ControllerManagerBindAddress.py
3562	CKV_K8S_113	resource	DeploymentConfig	Ensure that the –bind-address argument is set to 127.0.0.1	Kubernetes	ControllerManagerBindAddress.py
3563	CKV_K8S_113	resource	Job	Ensure that the –bind-address argument is set to 127.0.0.1	Kubernetes	ControllerManagerBindAddress.py
3564	CKV_K8S_113	resource	Pod	Ensure that the –bind-address argument is set to 127.0.0.1	Kubernetes	ControllerManagerBindAddress.py
3565	CKV_K8S_113	resource	PodTemplate	Ensure that the –bind-address argument is set to 127.0.0.1	Kubernetes	ControllerManagerBindAddress.py
3566	CKV_K8S_113	resource	ReplicaSet	Ensure that the –bind-address argument is set to 127.0.0.1	Kubernetes	ControllerManagerBindAddress.py
3567	CKV_K8S_113	resource	ReplicationController	Ensure that the –bind-address argument is set to 127.0.0.1	Kubernetes	ControllerManagerBindAddress.py
3568	CKV_K8S_113	resource	StatefulSet	Ensure that the –bind-address argument is set to 127.0.0.1	Kubernetes	ControllerManagerBindAddress.py
3569	CKV_K8S_114	resource	CronJob	Ensure that the –profiling argument is set to false	Kubernetes	SchedulerProfiling.py
3570	CKV_K8S_114	resource	DaemonSet	Ensure that the –profiling argument is set to false	Kubernetes	SchedulerProfiling.py
3571	CKV_K8S_114	resource	Deployment	Ensure that the –profiling argument is set to false	Kubernetes	SchedulerProfiling.py
3572	CKV_K8S_114	resource	DeploymentConfig	Ensure that the –profiling argument is set to false	Kubernetes	SchedulerProfiling.py
3573	CKV_K8S_114	resource	Job	Ensure that the –profiling argument is set to false	Kubernetes	SchedulerProfiling.py
3574	CKV_K8S_114	resource	Pod	Ensure that the –profiling argument is set to false	Kubernetes	SchedulerProfiling.py
3575	CKV_K8S_114	resource	PodTemplate	Ensure that the –profiling argument is set to false	Kubernetes	SchedulerProfiling.py
3576	CKV_K8S_114	resource	ReplicaSet	Ensure that the –profiling argument is set to false	Kubernetes	SchedulerProfiling.py
3577	CKV_K8S_114	resource	ReplicationController	Ensure that the –profiling argument is set to false	Kubernetes	SchedulerProfiling.py
3578	CKV_K8S_114	resource	StatefulSet	Ensure that the –profiling argument is set to false	Kubernetes	SchedulerProfiling.py
3579	CKV_K8S_115	resource	CronJob	Ensure that the –bind-address argument is set to 127.0.0.1	Kubernetes	SchedulerBindAddress.py
3580	CKV_K8S_115	resource	DaemonSet	Ensure that the –bind-address argument is set to 127.0.0.1	Kubernetes	SchedulerBindAddress.py
3581	CKV_K8S_115	resource	Deployment	Ensure that the –bind-address argument is set to 127.0.0.1	Kubernetes	SchedulerBindAddress.py
3582	CKV_K8S_115	resource	DeploymentConfig	Ensure that the –bind-address argument is set to 127.0.0.1	Kubernetes	SchedulerBindAddress.py
3583	CKV_K8S_115	resource	Job	Ensure that the –bind-address argument is set to 127.0.0.1	Kubernetes	SchedulerBindAddress.py
3584	CKV_K8S_115	resource	Pod	Ensure that the –bind-address argument is set to 127.0.0.1	Kubernetes	SchedulerBindAddress.py
3585	CKV_K8S_115	resource	PodTemplate	Ensure that the –bind-address argument is set to 127.0.0.1	Kubernetes	SchedulerBindAddress.py
3586	CKV_K8S_115	resource	ReplicaSet	Ensure that the –bind-address argument is set to 127.0.0.1	Kubernetes	SchedulerBindAddress.py
3587	CKV_K8S_115	resource	ReplicationController	Ensure that the –bind-address argument is set to 127.0.0.1	Kubernetes	SchedulerBindAddress.py
3588	CKV_K8S_115	resource	StatefulSet	Ensure that the –bind-address argument is set to 127.0.0.1	Kubernetes	SchedulerBindAddress.py
3589	CKV_K8S_116	resource	CronJob	Ensure that the –cert-file and –key-file arguments are set as appropriate	Kubernetes	EtcdCertAndKey.py
3590	CKV_K8S_116	resource	DaemonSet	Ensure that the –cert-file and –key-file arguments are set as appropriate	Kubernetes	EtcdCertAndKey.py
3591	CKV_K8S_116	resource	Deployment	Ensure that the –cert-file and –key-file arguments are set as appropriate	Kubernetes	EtcdCertAndKey.py
3592	CKV_K8S_116	resource	DeploymentConfig	Ensure that the –cert-file and –key-file arguments are set as appropriate	Kubernetes	EtcdCertAndKey.py
3593	CKV_K8S_116	resource	Job	Ensure that the –cert-file and –key-file arguments are set as appropriate	Kubernetes	EtcdCertAndKey.py
3594	CKV_K8S_116	resource	Pod	Ensure that the –cert-file and –key-file arguments are set as appropriate	Kubernetes	EtcdCertAndKey.py
3595	CKV_K8S_116	resource	PodTemplate	Ensure that the –cert-file and –key-file arguments are set as appropriate	Kubernetes	EtcdCertAndKey.py
3596	CKV_K8S_116	resource	ReplicaSet	Ensure that the –cert-file and –key-file arguments are set as appropriate	Kubernetes	EtcdCertAndKey.py
3597	CKV_K8S_116	resource	ReplicationController	Ensure that the –cert-file and –key-file arguments are set as appropriate	Kubernetes	EtcdCertAndKey.py
3598	CKV_K8S_116	resource	StatefulSet	Ensure that the –cert-file and –key-file arguments are set as appropriate	Kubernetes	EtcdCertAndKey.py
3599	CKV_K8S_117	resource	CronJob	Ensure that the –client-cert-auth argument is set to true	Kubernetes	EtcdClientCertAuth.py
3600	CKV_K8S_117	resource	DaemonSet	Ensure that the –client-cert-auth argument is set to true	Kubernetes	EtcdClientCertAuth.py
3601	CKV_K8S_117	resource	Deployment	Ensure that the –client-cert-auth argument is set to true	Kubernetes	EtcdClientCertAuth.py
3602	CKV_K8S_117	resource	DeploymentConfig	Ensure that the –client-cert-auth argument is set to true	Kubernetes	EtcdClientCertAuth.py
3603	CKV_K8S_117	resource	Job	Ensure that the –client-cert-auth argument is set to true	Kubernetes	EtcdClientCertAuth.py
3604	CKV_K8S_117	resource	Pod	Ensure that the –client-cert-auth argument is set to true	Kubernetes	EtcdClientCertAuth.py
3605	CKV_K8S_117	resource	PodTemplate	Ensure that the –client-cert-auth argument is set to true	Kubernetes	EtcdClientCertAuth.py
3606	CKV_K8S_117	resource	ReplicaSet	Ensure that the –client-cert-auth argument is set to true	Kubernetes	EtcdClientCertAuth.py
3607	CKV_K8S_117	resource	ReplicationController	Ensure that the –client-cert-auth argument is set to true	Kubernetes	EtcdClientCertAuth.py
3608	CKV_K8S_117	resource	StatefulSet	Ensure that the –client-cert-auth argument is set to true	Kubernetes	EtcdClientCertAuth.py
3609	CKV_K8S_118	resource	CronJob	Ensure that the –auto-tls argument is not set to true	Kubernetes	EtcdAutoTls.py
3610	CKV_K8S_118	resource	DaemonSet	Ensure that the –auto-tls argument is not set to true	Kubernetes	EtcdAutoTls.py
3611	CKV_K8S_118	resource	Deployment	Ensure that the –auto-tls argument is not set to true	Kubernetes	EtcdAutoTls.py
3612	CKV_K8S_118	resource	DeploymentConfig	Ensure that the –auto-tls argument is not set to true	Kubernetes	EtcdAutoTls.py
3613	CKV_K8S_118	resource	Job	Ensure that the –auto-tls argument is not set to true	Kubernetes	EtcdAutoTls.py
3614	CKV_K8S_118	resource	Pod	Ensure that the –auto-tls argument is not set to true	Kubernetes	EtcdAutoTls.py
3615	CKV_K8S_118	resource	PodTemplate	Ensure that the –auto-tls argument is not set to true	Kubernetes	EtcdAutoTls.py
3616	CKV_K8S_118	resource	ReplicaSet	Ensure that the –auto-tls argument is not set to true	Kubernetes	EtcdAutoTls.py
3617	CKV_K8S_118	resource	ReplicationController	Ensure that the –auto-tls argument is not set to true	Kubernetes	EtcdAutoTls.py
3618	CKV_K8S_118	resource	StatefulSet	Ensure that the –auto-tls argument is not set to true	Kubernetes	EtcdAutoTls.py
3619	CKV_K8S_119	resource	CronJob	Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate	Kubernetes	EtcdPeerFiles.py
3620	CKV_K8S_119	resource	DaemonSet	Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate	Kubernetes	EtcdPeerFiles.py
3621	CKV_K8S_119	resource	Deployment	Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate	Kubernetes	EtcdPeerFiles.py
3622	CKV_K8S_119	resource	DeploymentConfig	Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate	Kubernetes	EtcdPeerFiles.py
3623	CKV_K8S_119	resource	Job	Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate	Kubernetes	EtcdPeerFiles.py
3624	CKV_K8S_119	resource	Pod	Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate	Kubernetes	EtcdPeerFiles.py
3625	CKV_K8S_119	resource	PodTemplate	Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate	Kubernetes	EtcdPeerFiles.py
3626	CKV_K8S_119	resource	ReplicaSet	Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate	Kubernetes	EtcdPeerFiles.py
3627	CKV_K8S_119	resource	ReplicationController	Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate	Kubernetes	EtcdPeerFiles.py
3628	CKV_K8S_119	resource	StatefulSet	Ensure that the –peer-cert-file and –peer-key-file arguments are set as appropriate	Kubernetes	EtcdPeerFiles.py
3629	CKV_K8S_121	resource	Pod	Ensure that the –peer-client-cert-auth argument is set to true	Kubernetes	PeerClientCertAuthTrue.py
3630	CKV_K8S_138	resource	CronJob	Ensure that the –anonymous-auth argument is set to false	Kubernetes	KubeletAnonymousAuth.py
3631	CKV_K8S_138	resource	DaemonSet	Ensure that the –anonymous-auth argument is set to false	Kubernetes	KubeletAnonymousAuth.py
3632	CKV_K8S_138	resource	Deployment	Ensure that the –anonymous-auth argument is set to false	Kubernetes	KubeletAnonymousAuth.py
3633	CKV_K8S_138	resource	DeploymentConfig	Ensure that the –anonymous-auth argument is set to false	Kubernetes	KubeletAnonymousAuth.py
3634	CKV_K8S_138	resource	Job	Ensure that the –anonymous-auth argument is set to false	Kubernetes	KubeletAnonymousAuth.py
3635	CKV_K8S_138	resource	Pod	Ensure that the –anonymous-auth argument is set to false	Kubernetes	KubeletAnonymousAuth.py
3636	CKV_K8S_138	resource	PodTemplate	Ensure that the –anonymous-auth argument is set to false	Kubernetes	KubeletAnonymousAuth.py
3637	CKV_K8S_138	resource	ReplicaSet	Ensure that the –anonymous-auth argument is set to false	Kubernetes	KubeletAnonymousAuth.py
3638	CKV_K8S_138	resource	ReplicationController	Ensure that the –anonymous-auth argument is set to false	Kubernetes	KubeletAnonymousAuth.py
3639	CKV_K8S_138	resource	StatefulSet	Ensure that the –anonymous-auth argument is set to false	Kubernetes	KubeletAnonymousAuth.py
3640	CKV_K8S_139	resource	CronJob	Ensure that the –authorization-mode argument is not set to AlwaysAllow	Kubernetes	KubeletAuthorizationModeNotAlwaysAllow.py
3641	CKV_K8S_139	resource	DaemonSet	Ensure that the –authorization-mode argument is not set to AlwaysAllow	Kubernetes	KubeletAuthorizationModeNotAlwaysAllow.py
3642	CKV_K8S_139	resource	Deployment	Ensure that the –authorization-mode argument is not set to AlwaysAllow	Kubernetes	KubeletAuthorizationModeNotAlwaysAllow.py
3643	CKV_K8S_139	resource	DeploymentConfig	Ensure that the –authorization-mode argument is not set to AlwaysAllow	Kubernetes	KubeletAuthorizationModeNotAlwaysAllow.py
3644	CKV_K8S_139	resource	Job	Ensure that the –authorization-mode argument is not set to AlwaysAllow	Kubernetes	KubeletAuthorizationModeNotAlwaysAllow.py
3645	CKV_K8S_139	resource	Pod	Ensure that the –authorization-mode argument is not set to AlwaysAllow	Kubernetes	KubeletAuthorizationModeNotAlwaysAllow.py
3646	CKV_K8S_139	resource	PodTemplate	Ensure that the –authorization-mode argument is not set to AlwaysAllow	Kubernetes	KubeletAuthorizationModeNotAlwaysAllow.py
3647	CKV_K8S_139	resource	ReplicaSet	Ensure that the –authorization-mode argument is not set to AlwaysAllow	Kubernetes	KubeletAuthorizationModeNotAlwaysAllow.py
3648	CKV_K8S_139	resource	ReplicationController	Ensure that the –authorization-mode argument is not set to AlwaysAllow	Kubernetes	KubeletAuthorizationModeNotAlwaysAllow.py
3649	CKV_K8S_139	resource	StatefulSet	Ensure that the –authorization-mode argument is not set to AlwaysAllow	Kubernetes	KubeletAuthorizationModeNotAlwaysAllow.py
3650	CKV_K8S_140	resource	CronJob	Ensure that the –client-ca-file argument is set as appropriate	Kubernetes	KubeletClientCa.py
3651	CKV_K8S_140	resource	DaemonSet	Ensure that the –client-ca-file argument is set as appropriate	Kubernetes	KubeletClientCa.py
3652	CKV_K8S_140	resource	Deployment	Ensure that the –client-ca-file argument is set as appropriate	Kubernetes	KubeletClientCa.py
3653	CKV_K8S_140	resource	DeploymentConfig	Ensure that the –client-ca-file argument is set as appropriate	Kubernetes	KubeletClientCa.py
3654	CKV_K8S_140	resource	Job	Ensure that the –client-ca-file argument is set as appropriate	Kubernetes	KubeletClientCa.py
3655	CKV_K8S_140	resource	Pod	Ensure that the –client-ca-file argument is set as appropriate	Kubernetes	KubeletClientCa.py
3656	CKV_K8S_140	resource	PodTemplate	Ensure that the –client-ca-file argument is set as appropriate	Kubernetes	KubeletClientCa.py
3657	CKV_K8S_140	resource	ReplicaSet	Ensure that the –client-ca-file argument is set as appropriate	Kubernetes	KubeletClientCa.py
3658	CKV_K8S_140	resource	ReplicationController	Ensure that the –client-ca-file argument is set as appropriate	Kubernetes	KubeletClientCa.py
3659	CKV_K8S_140	resource	StatefulSet	Ensure that the –client-ca-file argument is set as appropriate	Kubernetes	KubeletClientCa.py
3660	CKV_K8S_141	resource	CronJob	Ensure that the –read-only-port argument is set to 0	Kubernetes	KubeletReadOnlyPort.py
3661	CKV_K8S_141	resource	DaemonSet	Ensure that the –read-only-port argument is set to 0	Kubernetes	KubeletReadOnlyPort.py
3662	CKV_K8S_141	resource	Deployment	Ensure that the –read-only-port argument is set to 0	Kubernetes	KubeletReadOnlyPort.py
3663	CKV_K8S_141	resource	DeploymentConfig	Ensure that the –read-only-port argument is set to 0	Kubernetes	KubeletReadOnlyPort.py
3664	CKV_K8S_141	resource	Job	Ensure that the –read-only-port argument is set to 0	Kubernetes	KubeletReadOnlyPort.py
3665	CKV_K8S_141	resource	Pod	Ensure that the –read-only-port argument is set to 0	Kubernetes	KubeletReadOnlyPort.py
3666	CKV_K8S_141	resource	PodTemplate	Ensure that the –read-only-port argument is set to 0	Kubernetes	KubeletReadOnlyPort.py
3667	CKV_K8S_141	resource	ReplicaSet	Ensure that the –read-only-port argument is set to 0	Kubernetes	KubeletReadOnlyPort.py
3668	CKV_K8S_141	resource	ReplicationController	Ensure that the –read-only-port argument is set to 0	Kubernetes	KubeletReadOnlyPort.py
3669	CKV_K8S_141	resource	StatefulSet	Ensure that the –read-only-port argument is set to 0	Kubernetes	KubeletReadOnlyPort.py
3670	CKV_K8S_143	resource	CronJob	Ensure that the –streaming-connection-idle-timeout argument is not set to 0	Kubernetes	KubeletStreamingConnectionIdleTimeout.py
3671	CKV_K8S_143	resource	DaemonSet	Ensure that the –streaming-connection-idle-timeout argument is not set to 0	Kubernetes	KubeletStreamingConnectionIdleTimeout.py
3672	CKV_K8S_143	resource	Deployment	Ensure that the –streaming-connection-idle-timeout argument is not set to 0	Kubernetes	KubeletStreamingConnectionIdleTimeout.py
3673	CKV_K8S_143	resource	DeploymentConfig	Ensure that the –streaming-connection-idle-timeout argument is not set to 0	Kubernetes	KubeletStreamingConnectionIdleTimeout.py
3674	CKV_K8S_143	resource	Job	Ensure that the –streaming-connection-idle-timeout argument is not set to 0	Kubernetes	KubeletStreamingConnectionIdleTimeout.py
3675	CKV_K8S_143	resource	Pod	Ensure that the –streaming-connection-idle-timeout argument is not set to 0	Kubernetes	KubeletStreamingConnectionIdleTimeout.py
3676	CKV_K8S_143	resource	PodTemplate	Ensure that the –streaming-connection-idle-timeout argument is not set to 0	Kubernetes	KubeletStreamingConnectionIdleTimeout.py
3677	CKV_K8S_143	resource	ReplicaSet	Ensure that the –streaming-connection-idle-timeout argument is not set to 0	Kubernetes	KubeletStreamingConnectionIdleTimeout.py
3678	CKV_K8S_143	resource	ReplicationController	Ensure that the –streaming-connection-idle-timeout argument is not set to 0	Kubernetes	KubeletStreamingConnectionIdleTimeout.py
3679	CKV_K8S_143	resource	StatefulSet	Ensure that the –streaming-connection-idle-timeout argument is not set to 0	Kubernetes	KubeletStreamingConnectionIdleTimeout.py
3680	CKV_K8S_144	resource	CronJob	Ensure that the –protect-kernel-defaults argument is set to true	Kubernetes	KubeletProtectKernelDefaults.py
3681	CKV_K8S_144	resource	DaemonSet	Ensure that the –protect-kernel-defaults argument is set to true	Kubernetes	KubeletProtectKernelDefaults.py
3682	CKV_K8S_144	resource	Deployment	Ensure that the –protect-kernel-defaults argument is set to true	Kubernetes	KubeletProtectKernelDefaults.py
3683	CKV_K8S_144	resource	DeploymentConfig	Ensure that the –protect-kernel-defaults argument is set to true	Kubernetes	KubeletProtectKernelDefaults.py
3684	CKV_K8S_144	resource	Job	Ensure that the –protect-kernel-defaults argument is set to true	Kubernetes	KubeletProtectKernelDefaults.py
3685	CKV_K8S_144	resource	Pod	Ensure that the –protect-kernel-defaults argument is set to true	Kubernetes	KubeletProtectKernelDefaults.py
3686	CKV_K8S_144	resource	PodTemplate	Ensure that the –protect-kernel-defaults argument is set to true	Kubernetes	KubeletProtectKernelDefaults.py
3687	CKV_K8S_144	resource	ReplicaSet	Ensure that the –protect-kernel-defaults argument is set to true	Kubernetes	KubeletProtectKernelDefaults.py
3688	CKV_K8S_144	resource	ReplicationController	Ensure that the –protect-kernel-defaults argument is set to true	Kubernetes	KubeletProtectKernelDefaults.py
3689	CKV_K8S_144	resource	StatefulSet	Ensure that the –protect-kernel-defaults argument is set to true	Kubernetes	KubeletProtectKernelDefaults.py
3690	CKV_K8S_145	resource	CronJob	Ensure that the –make-iptables-util-chains argument is set to true	Kubernetes	KubeletMakeIptablesUtilChains.py
3691	CKV_K8S_145	resource	DaemonSet	Ensure that the –make-iptables-util-chains argument is set to true	Kubernetes	KubeletMakeIptablesUtilChains.py
3692	CKV_K8S_145	resource	Deployment	Ensure that the –make-iptables-util-chains argument is set to true	Kubernetes	KubeletMakeIptablesUtilChains.py
3693	CKV_K8S_145	resource	DeploymentConfig	Ensure that the –make-iptables-util-chains argument is set to true	Kubernetes	KubeletMakeIptablesUtilChains.py
3694	CKV_K8S_145	resource	Job	Ensure that the –make-iptables-util-chains argument is set to true	Kubernetes	KubeletMakeIptablesUtilChains.py
3695	CKV_K8S_145	resource	Pod	Ensure that the –make-iptables-util-chains argument is set to true	Kubernetes	KubeletMakeIptablesUtilChains.py
3696	CKV_K8S_145	resource	PodTemplate	Ensure that the –make-iptables-util-chains argument is set to true	Kubernetes	KubeletMakeIptablesUtilChains.py
3697	CKV_K8S_145	resource	ReplicaSet	Ensure that the –make-iptables-util-chains argument is set to true	Kubernetes	KubeletMakeIptablesUtilChains.py
3698	CKV_K8S_145	resource	ReplicationController	Ensure that the –make-iptables-util-chains argument is set to true	Kubernetes	KubeletMakeIptablesUtilChains.py
3699	CKV_K8S_145	resource	StatefulSet	Ensure that the –make-iptables-util-chains argument is set to true	Kubernetes	KubeletMakeIptablesUtilChains.py
3700	CKV_K8S_146	resource	CronJob	Ensure that the –hostname-override argument is not set	Kubernetes	KubeletHostnameOverride.py
3701	CKV_K8S_146	resource	DaemonSet	Ensure that the –hostname-override argument is not set	Kubernetes	KubeletHostnameOverride.py
3702	CKV_K8S_146	resource	Deployment	Ensure that the –hostname-override argument is not set	Kubernetes	KubeletHostnameOverride.py
3703	CKV_K8S_146	resource	DeploymentConfig	Ensure that the –hostname-override argument is not set	Kubernetes	KubeletHostnameOverride.py
3704	CKV_K8S_146	resource	Job	Ensure that the –hostname-override argument is not set	Kubernetes	KubeletHostnameOverride.py
3705	CKV_K8S_146	resource	Pod	Ensure that the –hostname-override argument is not set	Kubernetes	KubeletHostnameOverride.py
3706	CKV_K8S_146	resource	PodTemplate	Ensure that the –hostname-override argument is not set	Kubernetes	KubeletHostnameOverride.py
3707	CKV_K8S_146	resource	ReplicaSet	Ensure that the –hostname-override argument is not set	Kubernetes	KubeletHostnameOverride.py
3708	CKV_K8S_146	resource	ReplicationController	Ensure that the –hostname-override argument is not set	Kubernetes	KubeletHostnameOverride.py
3709	CKV_K8S_146	resource	StatefulSet	Ensure that the –hostname-override argument is not set	Kubernetes	KubeletHostnameOverride.py
3710	CKV_K8S_147	resource	CronJob	Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture	Kubernetes	KubletEventCapture.py
3711	CKV_K8S_147	resource	DaemonSet	Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture	Kubernetes	KubletEventCapture.py
3712	CKV_K8S_147	resource	Deployment	Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture	Kubernetes	KubletEventCapture.py
3713	CKV_K8S_147	resource	DeploymentConfig	Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture	Kubernetes	KubletEventCapture.py
3714	CKV_K8S_147	resource	Job	Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture	Kubernetes	KubletEventCapture.py
3715	CKV_K8S_147	resource	Pod	Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture	Kubernetes	KubletEventCapture.py
3716	CKV_K8S_147	resource	PodTemplate	Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture	Kubernetes	KubletEventCapture.py
3717	CKV_K8S_147	resource	ReplicaSet	Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture	Kubernetes	KubletEventCapture.py
3718	CKV_K8S_147	resource	ReplicationController	Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture	Kubernetes	KubletEventCapture.py
3719	CKV_K8S_147	resource	StatefulSet	Ensure that the –event-qps argument is set to 0 or a level which ensures appropriate event capture	Kubernetes	KubletEventCapture.py
3720	CKV_K8S_148	resource	CronJob	Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate	Kubernetes	KubeletKeyFilesSetAppropriate.py
3721	CKV_K8S_148	resource	DaemonSet	Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate	Kubernetes	KubeletKeyFilesSetAppropriate.py
3722	CKV_K8S_148	resource	Deployment	Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate	Kubernetes	KubeletKeyFilesSetAppropriate.py
3723	CKV_K8S_148	resource	DeploymentConfig	Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate	Kubernetes	KubeletKeyFilesSetAppropriate.py
3724	CKV_K8S_148	resource	Job	Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate	Kubernetes	KubeletKeyFilesSetAppropriate.py
3725	CKV_K8S_148	resource	Pod	Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate	Kubernetes	KubeletKeyFilesSetAppropriate.py
3726	CKV_K8S_148	resource	PodTemplate	Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate	Kubernetes	KubeletKeyFilesSetAppropriate.py
3727	CKV_K8S_148	resource	ReplicaSet	Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate	Kubernetes	KubeletKeyFilesSetAppropriate.py
3728	CKV_K8S_148	resource	ReplicationController	Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate	Kubernetes	KubeletKeyFilesSetAppropriate.py
3729	CKV_K8S_148	resource	StatefulSet	Ensure that the –tls-cert-file and –tls-private-key-file arguments are set as appropriate	Kubernetes	KubeletKeyFilesSetAppropriate.py
3730	CKV_K8S_149	resource	CronJob	Ensure that the –rotate-certificates argument is not set to false	Kubernetes	KubletRotateCertificates.py
3731	CKV_K8S_149	resource	DaemonSet	Ensure that the –rotate-certificates argument is not set to false	Kubernetes	KubletRotateCertificates.py
3732	CKV_K8S_149	resource	Deployment	Ensure that the –rotate-certificates argument is not set to false	Kubernetes	KubletRotateCertificates.py
3733	CKV_K8S_149	resource	DeploymentConfig	Ensure that the –rotate-certificates argument is not set to false	Kubernetes	KubletRotateCertificates.py
3734	CKV_K8S_149	resource	Job	Ensure that the –rotate-certificates argument is not set to false	Kubernetes	KubletRotateCertificates.py
3735	CKV_K8S_149	resource	Pod	Ensure that the –rotate-certificates argument is not set to false	Kubernetes	KubletRotateCertificates.py
3736	CKV_K8S_149	resource	PodTemplate	Ensure that the –rotate-certificates argument is not set to false	Kubernetes	KubletRotateCertificates.py
3737	CKV_K8S_149	resource	ReplicaSet	Ensure that the –rotate-certificates argument is not set to false	Kubernetes	KubletRotateCertificates.py
3738	CKV_K8S_149	resource	ReplicationController	Ensure that the –rotate-certificates argument is not set to false	Kubernetes	KubletRotateCertificates.py
3739	CKV_K8S_149	resource	StatefulSet	Ensure that the –rotate-certificates argument is not set to false	Kubernetes	KubletRotateCertificates.py
3740	CKV_K8S_151	resource	CronJob	Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers	Kubernetes	KubeletCryptographicCiphers.py
3741	CKV_K8S_151	resource	DaemonSet	Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers	Kubernetes	KubeletCryptographicCiphers.py
3742	CKV_K8S_151	resource	Deployment	Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers	Kubernetes	KubeletCryptographicCiphers.py
3743	CKV_K8S_151	resource	DeploymentConfig	Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers	Kubernetes	KubeletCryptographicCiphers.py
3744	CKV_K8S_151	resource	Job	Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers	Kubernetes	KubeletCryptographicCiphers.py
3745	CKV_K8S_151	resource	Pod	Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers	Kubernetes	KubeletCryptographicCiphers.py
3746	CKV_K8S_151	resource	PodTemplate	Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers	Kubernetes	KubeletCryptographicCiphers.py
3747	CKV_K8S_151	resource	ReplicaSet	Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers	Kubernetes	KubeletCryptographicCiphers.py
3748	CKV_K8S_151	resource	ReplicationController	Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers	Kubernetes	KubeletCryptographicCiphers.py
3749	CKV_K8S_151	resource	StatefulSet	Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers	Kubernetes	KubeletCryptographicCiphers.py
3750	CKV_K8S_152	resource	Ingress	Prevent NGINX Ingress annotation snippets which contain LUA code execution. See CVE-2021-25742	Kubernetes	NginxIngressCVE202125742Lua.py
3751	CKV_K8S_153	resource	Ingress	Prevent All NGINX Ingress annotation snippets. See CVE-2021-25742	Kubernetes	NginxIngressCVE202125742AllSnippets.py
3752	CKV_K8S_154	resource	Ingress	Prevent NGINX Ingress annotation snippets which contain alias statements See CVE-2021-25742	Kubernetes	NginxIngressCVE202125742Alias.py
3753	CKV_K8S_155	resource	ClusterRole	Minimize ClusterRoles that grant control over validating or mutating admission webhook configurations	Kubernetes	RbacControlWebhooks.py
3754	CKV_K8S_156	resource	ClusterRole	Minimize ClusterRoles that grant permissions to approve CertificateSigningRequests	Kubernetes	RbacApproveCertificateSigningRequests.py
3755	CKV_K8S_157	resource	ClusterRole	Minimize Roles and ClusterRoles that grant permissions to bind RoleBindings or ClusterRoleBindings	Kubernetes	RbacBindRoleBindings.py
3756	CKV_K8S_157	resource	Role	Minimize Roles and ClusterRoles that grant permissions to bind RoleBindings or ClusterRoleBindings	Kubernetes	RbacBindRoleBindings.py
3757	CKV_K8S_158	resource	ClusterRole	Minimize Roles and ClusterRoles that grant permissions to escalate Roles or ClusterRoles	Kubernetes	RbacEscalateRoles.py
3758	CKV_K8S_158	resource	Role	Minimize Roles and ClusterRoles that grant permissions to escalate Roles or ClusterRoles	Kubernetes	RbacEscalateRoles.py
3759	CKV_K8S_159	resource	CronJob	Limit the use of git-sync to prevent code injection	Kubernetes	DangerousGitSync.py
3760	CKV_K8S_159	resource	DaemonSet	Limit the use of git-sync to prevent code injection	Kubernetes	DangerousGitSync.py
3761	CKV_K8S_159	resource	Deployment	Limit the use of git-sync to prevent code injection	Kubernetes	DangerousGitSync.py
3762	CKV_K8S_159	resource	DeploymentConfig	Limit the use of git-sync to prevent code injection	Kubernetes	DangerousGitSync.py
3763	CKV_K8S_159	resource	Job	Limit the use of git-sync to prevent code injection	Kubernetes	DangerousGitSync.py
3764	CKV_K8S_159	resource	Pod	Limit the use of git-sync to prevent code injection	Kubernetes	DangerousGitSync.py
3765	CKV_K8S_159	resource	PodTemplate	Limit the use of git-sync to prevent code injection	Kubernetes	DangerousGitSync.py
3766	CKV_K8S_159	resource	ReplicaSet	Limit the use of git-sync to prevent code injection	Kubernetes	DangerousGitSync.py
3767	CKV_K8S_159	resource	ReplicationController	Limit the use of git-sync to prevent code injection	Kubernetes	DangerousGitSync.py
3768	CKV_K8S_159	resource	StatefulSet	Limit the use of git-sync to prevent code injection	Kubernetes	DangerousGitSync.py
3769	CKV_K8S_159	resource	kubernetes_deployment	Do not admit privileged containers	Terraform	DangerousGitSync.py
3770	CKV_K8S_159	resource	kubernetes_deployment_v1	Do not admit privileged containers	Terraform	DangerousGitSync.py
3771	CKV_K8S_159	resource	kubernetes_pod	Do not admit privileged containers	Terraform	DangerousGitSync.py
3772	CKV_K8S_159	resource	kubernetes_pod_v1	Do not admit privileged containers	Terraform	DangerousGitSync.py
3773	CKV2_K8S_1	resource	ClusterRole	RoleBinding should not allow privilege escalation to a ServiceAccount or Node on other RoleBinding	Kubernetes	RoleBindingPE.yaml
3774	CKV2_K8S_1	resource	ClusterRoleBinding	RoleBinding should not allow privilege escalation to a ServiceAccount or Node on other RoleBinding	Kubernetes	RoleBindingPE.yaml
3775	CKV2_K8S_1	resource	Role	RoleBinding should not allow privilege escalation to a ServiceAccount or Node on other RoleBinding	Kubernetes	RoleBindingPE.yaml
3776	CKV2_K8S_1	resource	RoleBinding	RoleBinding should not allow privilege escalation to a ServiceAccount or Node on other RoleBinding	Kubernetes	RoleBindingPE.yaml
3777	CKV2_K8S_2	resource	ClusterRole	Granting create permissions to nodes/proxy or pods/exec sub resources allows potential privilege escalation	Kubernetes	NoCreateNodesProxyOrPodsExec.yaml
3778	CKV2_K8S_2	resource	ClusterRoleBinding	Granting create permissions to nodes/proxy or pods/exec sub resources allows potential privilege escalation	Kubernetes	NoCreateNodesProxyOrPodsExec.yaml
3779	CKV2_K8S_2	resource	Role	Granting create permissions to nodes/proxy or pods/exec sub resources allows potential privilege escalation	Kubernetes	NoCreateNodesProxyOrPodsExec.yaml
3780	CKV2_K8S_2	resource	RoleBinding	Granting create permissions to nodes/proxy or pods/exec sub resources allows potential privilege escalation	Kubernetes	NoCreateNodesProxyOrPodsExec.yaml
3781	CKV2_K8S_3	resource	ClusterRole	No ServiceAccount/Node should have impersonate permissions for groups/users/service-accounts	Kubernetes	ImpersonatePermissions.yaml
3782	CKV2_K8S_3	resource	ClusterRoleBinding	No ServiceAccount/Node should have impersonate permissions for groups/users/service-accounts	Kubernetes	ImpersonatePermissions.yaml
3783	CKV2_K8S_3	resource	Role	No ServiceAccount/Node should have impersonate permissions for groups/users/service-accounts	Kubernetes	ImpersonatePermissions.yaml
3784	CKV2_K8S_3	resource	RoleBinding	No ServiceAccount/Node should have impersonate permissions for groups/users/service-accounts	Kubernetes	ImpersonatePermissions.yaml
3785	CKV2_K8S_4	resource	ClusterRole	ServiceAccounts and nodes that can modify services/status may set the status.loadBalancer.ingress.ip field to exploit the unfixed CVE-2020-8554 and launch MiTM attacks against the cluster.	Kubernetes	ModifyServicesStatus.yaml
3786	CKV2_K8S_4	resource	ClusterRoleBinding	ServiceAccounts and nodes that can modify services/status may set the status.loadBalancer.ingress.ip field to exploit the unfixed CVE-2020-8554 and launch MiTM attacks against the cluster.	Kubernetes	ModifyServicesStatus.yaml
3787	CKV2_K8S_4	resource	Role	ServiceAccounts and nodes that can modify services/status may set the status.loadBalancer.ingress.ip field to exploit the unfixed CVE-2020-8554 and launch MiTM attacks against the cluster.	Kubernetes	ModifyServicesStatus.yaml
3788	CKV2_K8S_4	resource	RoleBinding	ServiceAccounts and nodes that can modify services/status may set the status.loadBalancer.ingress.ip field to exploit the unfixed CVE-2020-8554 and launch MiTM attacks against the cluster.	Kubernetes	ModifyServicesStatus.yaml
3789	CKV2_K8S_5	resource	ClusterRole	No ServiceAccount/Node should be able to read all secrets	Kubernetes	ReadAllSecrets.yaml
3790	CKV2_K8S_5	resource	ClusterRoleBinding	No ServiceAccount/Node should be able to read all secrets	Kubernetes	ReadAllSecrets.yaml
3791	CKV2_K8S_5	resource	Role	No ServiceAccount/Node should be able to read all secrets	Kubernetes	ReadAllSecrets.yaml
3792	CKV2_K8S_5	resource	RoleBinding	No ServiceAccount/Node should be able to read all secrets	Kubernetes	ReadAllSecrets.yaml
3793	CKV2_K8S_6	resource	Deployment	Minimize the admission of pods which lack an associated NetworkPolicy	Kubernetes	RequireAllPodsToHaveNetworkPolicy.yaml
3794	CKV2_K8S_6	resource	Pod	Minimize the admission of pods which lack an associated NetworkPolicy	Kubernetes	RequireAllPodsToHaveNetworkPolicy.yaml
3795	CKV_LIN_1	provider	linode	Ensure no hard coded Linode tokens exist in provider	Terraform	credentials.py
3796	CKV_LIN_2	resource	linode_instance	Ensure SSH key set in authorized_keys	Terraform	authorized_keys.py
3797	CKV_LIN_3	resource	linode_user	Ensure email is set	Terraform	user_email_set.py
3798	CKV_LIN_4	resource	linode_user	Ensure username is set	Terraform	user_username_set.py
3799	CKV_LIN_5	resource	linode_firewall	Ensure Inbound Firewall Policy is not set to ACCEPT	Terraform	firewall_inbound_policy.py
3800	CKV_LIN_6	resource	linode_firewall	Ensure Outbound Firewall Policy is not set to ACCEPT	Terraform	firewall_outbound_policy.py
3801	CKV_NCP_1	resource	ncloud_lb_target_group	Ensure HTTP HTTPS Target group defines Healthcheck	Terraform	LBTargetGroupDefinesHealthCheck.py
3802	CKV_NCP_2	resource	ncloud_access_control_group	Ensure every access control groups rule has a description	Terraform	AccessControlGroupRuleDescription.py
3803	CKV_NCP_2	resource	ncloud_access_control_group_rule	Ensure every access control groups rule has a description	Terraform	AccessControlGroupRuleDescription.py
3804	CKV_NCP_3	resource	ncloud_access_control_group_rule	Ensure no security group rules allow outbound traffic to 0.0.0.0/0	Terraform	AccessControlGroupOutboundRule.py
3805	CKV_NCP_4	resource	ncloud_access_control_group_rule	Ensure no access control groups allow inbound from 0.0.0.0:0 to port 22	Terraform	AccessControlGroupInboundRulePort22.py
3806	CKV_NCP_5	resource	ncloud_access_control_group_rule	Ensure no access control groups allow inbound from 0.0.0.0:0 to port 3389	Terraform	AccessControlGroupInboundRulePort3389.py
3807	CKV_NCP_6	resource	ncloud_server	Ensure Server instance is encrypted.	Terraform	ServerEncryptionVPC.py
3808	CKV_NCP_7	resource	ncloud_launch_configuration	Ensure Basic Block storage is encrypted.	Terraform	LaunchConfigurationEncryptionVPC.py
3809	CKV_NCP_8	resource	ncloud_network_acl_rule	Ensure no NACL allow inbound from 0.0.0.0:0 to port 20	Terraform	NACLInbound20.py
3810	CKV_NCP_9	resource	ncloud_network_acl_rule	Ensure no NACL allow inbound from 0.0.0.0:0 to port 21	Terraform	NACLInbound21.py
3811	CKV_NCP_10	resource	ncloud_network_acl_rule	Ensure no NACL allow inbound from 0.0.0.0:0 to port 22	Terraform	NACLInbound22.py
3812	CKV_NCP_11	resource	ncloud_network_acl_rule	Ensure no NACL allow inbound from 0.0.0.0:0 to port 3389	Terraform	NACLInbound3389.py
3813	CKV_NCP_12	resource	ncloud_network_acl_rule	An inbound Network ACL rule should not allow ALL ports.	Terraform	NACLPortCheck.py
3814	CKV_NCP_13	resource	ncloud_lb_listener	Ensure LB Listener uses only secure protocols	Terraform	LBListenerUsesSecureProtocols.py
3815	CKV_NCP_14	resource	ncloud_nas_volume	Ensure NAS is securely encrypted	Terraform	NASEncryptionEnabled.py
3816	CKV_NCP_15	resource	ncloud_lb_target_group	Ensure Load Balancer Target Group is not using HTTP	Terraform	LBTargetGroupUsingHTTPS.py
3817	CKV_NCP_16	resource	ncloud_lb	Ensure Load Balancer isn’t exposed to the internet	Terraform	LBNetworkPrivate.py
3818	CKV_NCP_18	resource	ncloud_auto_scaling_group	Ensure that auto Scaling groups that are associated with a load balancer, are using Load Balancing health checks.	Terraform	AutoScalingEnabledLB.yaml
3819	CKV_NCP_18	resource	ncloud_lb_target_group	Ensure that auto Scaling groups that are associated with a load balancer, are using Load Balancing health checks.	Terraform	AutoScalingEnabledLB.yaml
3820	CKV_NCP_19	resource	ncloud_nks_cluster	Ensure Naver Kubernetes Service public endpoint disabled	Terraform	NKSPublicAccess.py
3821	CKV_NCP_20	resource	ncloud_route	Ensure Routing Table associated with Web tier subnet have the default route (0.0.0.0/0) defined to allow connectivity	Terraform	RouteTableNATGatewayDefault.py
3822	CKV_NCP_22	resource	ncloud_nks_cluster	Ensure NKS control plane logging enabled for all log types	Terraform	NKSControlPlaneLogging.py
3823	CKV_NCP_22	resource	ncloud_route_table	Ensure a route table for the public subnets is created.	Terraform	RouteTablePublicSubnetConnection.yaml
3824	CKV_NCP_22	resource	ncloud_subnet	Ensure a route table for the public subnets is created.	Terraform	RouteTablePublicSubnetConnection.yaml
3825	CKV_NCP_23	resource	ncloud_public_ip	Ensure Server instance should not have public IP.	Terraform	ServerPublicIP.py
3826	CKV_NCP_24	resource	ncloud_lb_listener	Ensure Load Balancer Listener Using HTTPS	Terraform	LBListenerUsingHTTPS.py
3827	CKV_NCP_25	resource	ncloud_access_control_group_rule	Ensure no access control groups allow inbound from 0.0.0.0:0 to port 80	Terraform	AccessControlGroupInboundRulePort80.py
3828	CKV_NCP_26	resource	ncloud_access_control_group	Ensure Access Control Group has Access Control Group Rule attached	Terraform	AccessControlGroupRuleDefine.yaml
3829	CKV_OCI_1	provider	oci	Ensure no hard coded OCI private key in provider	Terraform	credentials.py
3830	CKV_OCI_2	resource	oci_core_volume	Ensure OCI Block Storage Block Volume has backup enabled	Terraform	StorageBlockBackupEnabled.py
3831	CKV_OCI_3	resource	oci_core_volume	OCI Block Storage Block Volumes are not encrypted with a Customer Managed Key (CMK)	Terraform	StorageBlockEncryption.py
3832	CKV_OCI_4	resource	oci_core_instance	Ensure OCI Compute Instance boot volume has in-transit data encryption enabled	Terraform	InstanceBootVolumeIntransitEncryption.py
3833	CKV_OCI_5	resource	oci_core_instance	Ensure OCI Compute Instance has Legacy MetaData service endpoint disabled	Terraform	InstanceMetadataServiceEnabled.py
3834	CKV_OCI_6	resource	oci_core_instance	Ensure OCI Compute Instance has monitoring enabled	Terraform	InstanceMonitoringEnabled.py
3835	CKV_OCI_7	resource	oci_objectstorage_bucket	Ensure OCI Object Storage bucket can emit object events	Terraform	ObjectStorageEmitEvents.py
3836	CKV_OCI_8	resource	oci_objectstorage_bucket	Ensure OCI Object Storage has versioning enabled	Terraform	ObjectStorageVersioning.py
3837	CKV_OCI_9	resource	oci_objectstorage_bucket	Ensure OCI Object Storage is encrypted with Customer Managed Key	Terraform	ObjectStorageEncryption.py
3838	CKV_OCI_10	resource	oci_objectstorage_bucket	Ensure OCI Object Storage is not Public	Terraform	ObjectStoragePublic.py
3839	CKV_OCI_11	resource	oci_identity_authentication_policy	OCI IAM password policy - must contain lower case	Terraform	IAMPasswordPolicyLowerCase.py
3840	CKV_OCI_12	resource	oci_identity_authentication_policy	OCI IAM password policy - must contain Numeric characters	Terraform	IAMPasswordPolicyNumeric.py
3841	CKV_OCI_13	resource	oci_identity_authentication_policy	OCI IAM password policy - must contain Special characters	Terraform	IAMPasswordPolicySpecialCharacters.py
3842	CKV_OCI_14	resource	oci_identity_authentication_policy	OCI IAM password policy - must contain Uppercase characters	Terraform	IAMPasswordPolicyUpperCase.py
3843	CKV_OCI_15	resource	oci_file_storage_file_system	Ensure OCI File System is Encrypted with a customer Managed Key	Terraform	FileSystemEncryption.py
3844	CKV_OCI_16	resource	oci_core_security_list	Ensure VCN has an inbound security list	Terraform	SecurityListIngress.py
3845	CKV_OCI_17	resource	oci_core_security_list	Ensure VCN inbound security lists are stateless	Terraform	SecurityListIngressStateless.py
3846	CKV_OCI_18	resource	oci_identity_authentication_policy	OCI IAM password policy for local (non-federated) users has a minimum length of 14 characters	Terraform	IAMPasswordLength.py
3847	CKV_OCI_19	resource	oci_core_security_list	Ensure no security list allow ingress from 0.0.0.0:0 to port 22.	Terraform	SecurityListUnrestrictedIngress22.py
3848	CKV_OCI_20	resource	oci_core_security_list	Ensure no security list allow ingress from 0.0.0.0:0 to port 3389.	Terraform	SecurityListUnrestrictedIngress3389.py
3849	CKV_OCI_21	resource	oci_core_network_security_group_security_rule	Ensure security group has stateless ingress security rules	Terraform	SecurityGroupsIngressStatelessSecurityRules.py
3850	CKV_OCI_22	resource	oci_core_network_security_group_security_rule	Ensure no security groups rules allow ingress from 0.0.0.0/0 to port 22	Terraform	AbsSecurityGroupUnrestrictedIngress.py
3851	CKV2_OCI_1	resource	oci_identity_group	Ensure administrator users are not associated with API keys	Terraform	AdministratorUserNotAssociatedWithAPIKey.yaml
3852	CKV2_OCI_1	resource	oci_identity_user	Ensure administrator users are not associated with API keys	Terraform	AdministratorUserNotAssociatedWithAPIKey.yaml
3853	CKV2_OCI_1	resource	oci_identity_user_group_membership	Ensure administrator users are not associated with API keys	Terraform	AdministratorUserNotAssociatedWithAPIKey.yaml
3854	CKV2_OCI_2	resource	oci_core_network_security_group_security_rule	Ensure NSG does not allow all traffic on RDP port (3389)	Terraform	OCI_NSGNotAllowRDP.yaml
3855	CKV2_OCI_3	resource	oci_containerengine_cluster	Ensure Kubernetes engine cluster is configured with NSG(s)	Terraform	OCI_KubernetesEngineClusterEndpointConfigWithNSG.yaml
3856	CKV2_OCI_4	resource	oci_file_storage_export	Ensure File Storage File System access is restricted to root users	Terraform	OCI_NFSaccessRestrictedToRootUsers.yaml
3857	CKV2_OCI_5	resource	oci_containerengine_node_pool	Ensure Kubernetes Engine Cluster boot volume is configured with in-transit data encryption	Terraform	OCI_K8EngineClusterBootVolConfigInTransitEncryption.yaml
3858	CKV2_OCI_6	resource	oci_containerengine_cluster	Ensure Kubernetes Engine Cluster pod security policy is enforced	Terraform	OCI_K8EngineClusterPodSecPolicyEnforced.yaml
3859	CKV_OPENAPI_1	resource	securityDefinitions	Ensure that securityDefinitions is defined and not empty - version 2.0 files	OpenAPI	SecurityDefinitions.py
3860	CKV_OPENAPI_2	resource	security	Ensure that if the security scheme is not of type ‘oauth2’, the array value must be empty - version 2.0 files	OpenAPI	Oauth2SecurityRequirement.py
3861	CKV_OPENAPI_3	resource	components	Ensure that security schemes don’t allow cleartext credentials over unencrypted channel - version 3.x.y files	OpenAPI	CleartextOverUnencryptedChannel.py
3862	CKV_OPENAPI_4	resource	security	Ensure that the global security field has rules defined	OpenAPI	GlobalSecurityFieldIsEmpty.py
3863	CKV_OPENAPI_5	resource	security	Ensure that security operations is not empty.	OpenAPI	SecurityOperations.py
3864	CKV_OPENAPI_6	resource	security	Ensure that security requirement defined in securityDefinitions - version 2.0 files	OpenAPI	SecurityRequirement.py
3865	CKV_OPENAPI_7	resource	security	Ensure that the path scheme does not support unencrypted HTTP connection where all transmissions are open to interception- version 2.0 files	OpenAPI	PathSchemeDefineHTTP.py
3866	CKV_OPENAPI_8	resource	security	Ensure that security is not using ‘password’ flow in OAuth2 authentication - version 2.0 files	OpenAPI	Oauth2SecurityPasswordFlow.py
3867	CKV_OPENAPI_9	resource	paths	Ensure that security scopes of operations are defined in securityDefinitions - version 2.0 files	OpenAPI	OperationObjectSecurityScopeUndefined.py
3868	CKV_OPENAPI_10	resource	paths	Ensure that operation object does not use ‘password’ flow in OAuth2 authentication - version 2.0 files	OpenAPI	Oauth2OperationObjectPasswordFlow.py
3869	CKV_OPENAPI_11	resource	securityDefinitions	Ensure that operation object does not use ‘password’ flow in OAuth2 authentication - version 2.0 files	OpenAPI	Oauth2SecurityDefinitionPasswordFlow.py
3870	CKV_OPENAPI_12	resource	securityDefinitions	Ensure no security definition is using implicit flow on OAuth2, which is deprecated - version 2.0 files	OpenAPI	Oauth2SecurityDefinitionImplicitFlow.py
3871	CKV_OPENAPI_13	resource	securityDefinitions	Ensure security definitions do not use basic auth - version 2.0 files	OpenAPI	SecurityDefinitionBasicAuth.py
3872	CKV_OPENAPI_14	resource	paths	Ensure that operation objects do not use ‘implicit’ flow, which is deprecated - version 2.0 files	OpenAPI	OperationObjectImplicitFlow.py
3873	CKV_OPENAPI_15	resource	paths	Ensure that operation objects do not use basic auth - version 2.0 files	OpenAPI	OperationObjectBasicAuth.py
3874	CKV_OPENAPI_16	resource	paths	Ensure that operation objects have ‘produces’ field defined for GET operations - version 2.0 files	OpenAPI	OperationObjectProducesUndefined.py
3875	CKV_OPENAPI_17	resource	paths	Ensure that operation objects have ‘consumes’ field defined for PUT, POST and PATCH operations - version 2.0 files	OpenAPI	OperationObjectConsumesUndefined.py
3876	CKV_OPENAPI_18	resource	schemes	Ensure that global schemes use ‘https’ protocol instead of ‘http’- version 2.0 files	OpenAPI	GlobalSchemeDefineHTTP.py
3877	CKV_OPENAPI_19	resource	security	Ensure that global security scope is defined in securityDefinitions - version 2.0 files	OpenAPI	GlobalSecurityScopeUndefined.py
3878	CKV_OPENAPI_20	resource	paths	Ensure that API keys are not sent over cleartext	OpenAPI	ClearTextAPIKey.py
3879	CKV_OPENAPI_21	resource	paths	Ensure that arrays have a maximum number of items	OpenAPI	NoMaximumNumberItems.py
3880	CKV_OPENSTACK_1	provider	openstack	Ensure no hard coded OpenStack password, token, or application_credential_secret exists in provider	Terraform	credentials.py
3881	CKV_OPENSTACK_2	resource	openstack_compute_secgroup_v2	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp)	Terraform	SecurityGroupUnrestrictedIngress22.py
3882	CKV_OPENSTACK_2	resource	openstack_networking_secgroup_rule_v2	Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp)	Terraform	SecurityGroupUnrestrictedIngress22.py
3883	CKV_OPENSTACK_3	resource	openstack_compute_secgroup_v2	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp)	Terraform	SecurityGroupUnrestrictedIngress3389.py
3884	CKV_OPENSTACK_3	resource	openstack_networking_secgroup_rule_v2	Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp)	Terraform	SecurityGroupUnrestrictedIngress3389.py
3885	CKV_OPENSTACK_4	resource	openstack_compute_instance_v2	Ensure that instance does not use basic credentials	Terraform	ComputeInstanceAdminPassword.py
3886	CKV_OPENSTACK_5	resource	openstack_fw_rule_v1	Ensure firewall rule set a destination IP	Terraform	FirewallRuleSetDestinationIP.py
3887	CKV_PAN_1	provider	panos	Ensure no hard coded PAN-OS credentials exist in provider	Terraform	credentials.py
3888	CKV_PAN_2	resource	panos_management_profile	Ensure plain-text management HTTP is not enabled for an Interface Management Profile	Terraform	InterfaceMgmtProfileNoHTTP.py
3889	CKV_PAN_2	resource	tasks.paloaltonetworks.panos.panos_management_profile	Ensure plain-text management HTTP is not enabled for an Interface Management Profile	Ansible	PanosInterfaceMgmtProfileNoHTTP.yaml
3890	CKV_PAN_3	resource	panos_management_profile	Ensure plain-text management Telnet is not enabled for an Interface Management Profile	Terraform	InterfaceMgmtProfileNoTelnet.py
3891	CKV_PAN_3	resource	tasks.paloaltonetworks.panos.panos_management_profile	Ensure plain-text management Telnet is not enabled for an Interface Management Profile	Ansible	PanosInterfaceMgmtProfileNoTelnet.yaml
3892	CKV_PAN_4	resource	panos_security_policy	Ensure DSRI is not enabled within security policies	Terraform	PolicyNoDSRI.py
3893	CKV_PAN_4	resource	panos_security_rule_group	Ensure DSRI is not enabled within security policies	Terraform	PolicyNoDSRI.py
3894	CKV_PAN_4	resource	tasks.paloaltonetworks.panos.panos_security_rule	Ensure DSRI is not enabled within security policies	Ansible	PanosPolicyNoDSRI.yaml
3895	CKV_PAN_5	resource	panos_security_policy	Ensure security rules do not have ‘applications’ set to ‘any’	Terraform	PolicyNoApplicationAny.py
3896	CKV_PAN_5	resource	panos_security_rule_group	Ensure security rules do not have ‘applications’ set to ‘any’	Terraform	PolicyNoApplicationAny.py
3897	CKV_PAN_5	resource	tasks.paloaltonetworks.panos.panos_security_rule	Ensure security rules do not have ‘application’ set to ‘any’	Ansible	PanosPolicyNoApplicationAny.yaml
3898	CKV_PAN_6	resource	panos_security_policy	Ensure security rules do not have ‘services’ set to ‘any’	Terraform	PolicyNoServiceAny.py
3899	CKV_PAN_6	resource	panos_security_rule_group	Ensure security rules do not have ‘services’ set to ‘any’	Terraform	PolicyNoServiceAny.py
3900	CKV_PAN_6	resource	tasks.paloaltonetworks.panos.panos_security_rule	Ensure security rules do not have ‘service’ set to ‘any’	Ansible	PanosPolicyNoServiceAny.yaml
3901	CKV_PAN_7	resource	panos_security_policy	Ensure security rules do not have ‘source_addresses’ and ‘destination_addresses’ both containing values of ‘any’	Terraform	PolicyNoSrcAnyDstAny.py
3902	CKV_PAN_7	resource	panos_security_rule_group	Ensure security rules do not have ‘source_addresses’ and ‘destination_addresses’ both containing values of ‘any’	Terraform	PolicyNoSrcAnyDstAny.py
3903	CKV_PAN_7	resource	tasks.paloaltonetworks.panos.panos_security_rule	Ensure security rules do not have ‘source_ip’ and ‘destination_ip’ both containing values of ‘any’	Ansible	PanosPolicyNoSrcAnyDstAny.yaml
3904	CKV_PAN_8	resource	panos_security_policy	Ensure description is populated within security policies	Terraform	PolicyDescription.py
3905	CKV_PAN_8	resource	panos_security_rule_group	Ensure description is populated within security policies	Terraform	PolicyDescription.py
3906	CKV_PAN_8	resource	tasks.paloaltonetworks.panos.panos_security_rule	Ensure description is populated within security policies	Ansible	PanosPolicyDescription.yaml
3907	CKV_PAN_9	resource	panos_security_policy	Ensure a Log Forwarding Profile is selected for each security policy rule	Terraform	PolicyLogForwarding.py
3908	CKV_PAN_9	resource	panos_security_rule_group	Ensure a Log Forwarding Profile is selected for each security policy rule	Terraform	PolicyLogForwarding.py
3909	CKV_PAN_9	resource	tasks.paloaltonetworks.panos.panos_security_rule	Ensure a Log Forwarding Profile is selected for each security policy rule	Ansible	PanosPolicyLogForwarding.yaml
3910	CKV_PAN_10	resource	panos_security_policy	Ensure logging at session end is enabled within security policies	Terraform	PolicyLoggingEnabled.py
3911	CKV_PAN_10	resource	panos_security_rule_group	Ensure logging at session end is enabled within security policies	Terraform	PolicyLoggingEnabled.py
3912	CKV_PAN_10	resource	tasks.paloaltonetworks.panos.panos_security_rule	Ensure logging at session end is enabled within security policies	Ansible	PanosPolicyLoggingEnabled.yaml
3913	CKV_PAN_11	resource	panos_ipsec_crypto_profile	Ensure IPsec profiles do not specify use of insecure encryption algorithms	Terraform	NetworkIPsecAlgorithms.py
3914	CKV_PAN_11	resource	panos_panorama_ipsec_crypto_profile	Ensure IPsec profiles do not specify use of insecure encryption algorithms	Terraform	NetworkIPsecAlgorithms.py
3915	CKV_PAN_12	resource	panos_ipsec_crypto_profile	Ensure IPsec profiles do not specify use of insecure authentication algorithms	Terraform	NetworkIPsecAuthAlgorithms.py
3916	CKV_PAN_12	resource	panos_panorama_ipsec_crypto_profile	Ensure IPsec profiles do not specify use of insecure authentication algorithms	Terraform	NetworkIPsecAuthAlgorithms.py
3917	CKV_PAN_12	resource	tasks.paloaltonetworks.panos.panos_ipsec_profile	Ensure IPsec profiles do not specify use of insecure authentication algorithms	Ansible	PanosIPsecAuthenticationAlgorithms.yaml
3918	CKV_PAN_13	resource	panos_ipsec_crypto_profile	Ensure IPsec profiles do not specify use of insecure protocols	Terraform	NetworkIPsecProtocols.py
3919	CKV_PAN_13	resource	panos_panorama_ipsec_crypto_profile	Ensure IPsec profiles do not specify use of insecure protocols	Terraform	NetworkIPsecProtocols.py
3920	CKV_PAN_13	resource	tasks.paloaltonetworks.panos.panos_ipsec_profile	Ensure IPsec profiles do not specify use of insecure protocols	Ansible	PanosIPsecProtocols.yaml
3921	CKV_PAN_14	resource	panos_panorama_zone	Ensure a Zone Protection Profile is defined within Security Zones	Terraform	ZoneProtectionProfile.py
3922	CKV_PAN_14	resource	panos_zone	Ensure a Zone Protection Profile is defined within Security Zones	Terraform	ZoneProtectionProfile.py
3923	CKV_PAN_14	resource	panos_zone_entry	Ensure a Zone Protection Profile is defined within Security Zones	Terraform	ZoneProtectionProfile.py
3924	CKV_PAN_14	resource	tasks.paloaltonetworks.panos.panos_zone	Ensure a Zone Protection Profile is defined within Security Zones	Ansible	PanosZoneProtectionProfile.yaml
3925	CKV_PAN_15	resource	panos_panorama_zone	Ensure an Include ACL is defined for a Zone when User-ID is enabled	Terraform	ZoneUserIDIncludeACL.py
3926	CKV_PAN_15	resource	panos_zone	Ensure an Include ACL is defined for a Zone when User-ID is enabled	Terraform	ZoneUserIDIncludeACL.py
3927	CKV_PAN_15	resource	tasks.paloaltonetworks.panos.panos_zone	Ensure an Include ACL is defined for a Zone when User-ID is enabled	Ansible	PanosZoneUserIDIncludeACL.yaml
3928	CKV_PAN_16	resource	tasks.paloaltonetworks.panos.panos_security_rule	Ensure logging at session start is disabled within security policies except for troubleshooting and long lived GRE tunnels	Ansible	PanosPolicyLogSessionStart.yaml
3929	CKV_PAN_17	resource	tasks.paloaltonetworks.panos.panos_security_rule	Ensure security rules do not have ‘source_zone’ and ‘destination_zone’ both containing values of ‘any’	Ansible	PanosPolicyNoSrcZoneAnyNoDstZoneAny.yaml
3930	CKV_SECRET_1	Artifactory Credentials	secrets	Artifactory Credentials	secrets	policy_metadata_integration.py
3931	CKV_SECRET_2	AWS Access Key	secrets	AWS Access Key	secrets	policy_metadata_integration.py
3932	CKV_SECRET_3	Azure Storage Account access key	secrets	Azure Storage Account access key	secrets	policy_metadata_integration.py
3933	CKV_SECRET_4	Basic Auth Credentials	secrets	Basic Auth Credentials	secrets	policy_metadata_integration.py
3934	CKV_SECRET_5	Cloudant Credentials	secrets	Cloudant Credentials	secrets	policy_metadata_integration.py
3935	CKV_SECRET_6	Base64 High Entropy String	secrets	Base64 High Entropy String	secrets	policy_metadata_integration.py
3936	CKV_SECRET_7	IBM Cloud IAM Key	secrets	IBM Cloud IAM Key	secrets	policy_metadata_integration.py
3937	CKV_SECRET_8	IBM COS HMAC Credentials	secrets	IBM COS HMAC Credentials	secrets	policy_metadata_integration.py
3938	CKV_SECRET_9	JSON Web Token	secrets	JSON Web Token	secrets	policy_metadata_integration.py
3939	CKV_SECRET_11	Mailchimp Access Key	secrets	Mailchimp Access Key	secrets	policy_metadata_integration.py
3940	CKV_SECRET_12	NPM tokens	secrets	NPM tokens	secrets	policy_metadata_integration.py
3941	CKV_SECRET_13	Private Key	secrets	Private Key	secrets	policy_metadata_integration.py
3942	CKV_SECRET_14	Slack Token	secrets	Slack Token	secrets	policy_metadata_integration.py
3943	CKV_SECRET_15	SoftLayer Credentials	secrets	SoftLayer Credentials	secrets	policy_metadata_integration.py
3944	CKV_SECRET_16	Square OAuth Secret	secrets	Square OAuth Secret	secrets	policy_metadata_integration.py
3945	CKV_SECRET_17	Stripe Access Key	secrets	Stripe Access Key	secrets	policy_metadata_integration.py
3946	CKV_SECRET_18	Twilio API Key	secrets	Twilio API Key	secrets	policy_metadata_integration.py
3947	CKV_SECRET_19	Hex High Entropy String	secrets	Hex High Entropy String	secrets	policy_metadata_integration.py
3948	CKV_TC_1	resource	tencentcloud_cbs_storage	Ensure Tencent Cloud CBS is encrypted	Terraform	CBSEncryption.py
3949	CKV_TC_2	resource	tencentcloud_instance	Ensure Tencent Cloud CVM instance does not allocate a public IP	Terraform	CVMAllocatePublicIp.py
3950	CKV_TC_3	resource	tencentcloud_instance	Ensure Tencent Cloud CVM monitor service is enabled	Terraform	CVMDisableMonitorService.py
3951	CKV_TC_4	resource	tencentcloud_instance	Ensure Tencent Cloud CVM instances do not use the default security group	Terraform	CVMUseDefaultSecurityGroup.py
3952	CKV_TC_5	resource	tencentcloud_instance	Ensure Tencent Cloud CVM instances do not use the default VPC	Terraform	CVMUseDefaultVPC.py
3953	CKV_TC_6	resource	tencentcloud_kubernetes_cluster	Ensure Tencent Cloud TKE clusters enable log agent	Terraform	TKELogAgentEnabled.py
3954	CKV_TC_7	resource	tencentcloud_kubernetes_cluster	Ensure Tencent Cloud TKE cluster is not assigned a public IP address	Terraform	TKEPublicIpAssigned.py
3955	CKV_TC_8	resource	tencentcloud_security_group_rule_set	Ensure Tencent Cloud VPC security group rules do not accept all traffic	Terraform	VPCSecurityGroupRuleSet.py
3956	CKV_TC_9	resource	tencentcloud_mysql_instance	Ensure Tencent Cloud mysql instances do not enable access from public networks	Terraform	CDBInternetService.py
3957	CKV_TC_10	resource	tencentcloud_mysql_instance	Ensure Tencent Cloud MySQL instances intranet ports are not set to the default 3306	Terraform	CDBIntranetPort.py
3958	CKV_TC_11	resource	tencentcloud_clb_instance	Ensure Tencent Cloud CLB has a logging ID and topic	Terraform	CLBInstanceLog.py
3959	CKV_TC_12	resource	tencentcloud_clb_listener	Ensure Tencent Cloud CLBs use modern, encrypted protocols	Terraform	CLBListenerProtocol.py
3960	CKV_TC_13	resource	tencentcloud_instance	Ensure Tencent Cloud CVM user data does not contain sensitive information	Terraform	CVMUserData.py
3961	CKV_TC_14	resource	tencentcloud_vpc_flow_log_config	Ensure Tencent Cloud VPC flow logs are enabled	Terraform	VPCFlowLogConfigEnable.py
3962	CKV_TF_1	module	module	Ensure Terraform module sources use a commit hash	Terraform	RevisionHash.py
3963	CKV_TF_2	module	module	Ensure Terraform module sources use a tag with a version number	Terraform	RevisionVersionTag.py
3964	CKV_YC_1	resource	yandex_mdb_clickhouse_cluster	Ensure security group is assigned to database cluster.	Terraform	MDBSecurityGroup.py
3965	CKV_YC_1	resource	yandex_mdb_elasticsearch_cluster	Ensure security group is assigned to database cluster.	Terraform	MDBSecurityGroup.py
3966	CKV_YC_1	resource	yandex_mdb_greenplum_cluster	Ensure security group is assigned to database cluster.	Terraform	MDBSecurityGroup.py
3967	CKV_YC_1	resource	yandex_mdb_kafka_cluster	Ensure security group is assigned to database cluster.	Terraform	MDBSecurityGroup.py
3968	CKV_YC_1	resource	yandex_mdb_mongodb_cluster	Ensure security group is assigned to database cluster.	Terraform	MDBSecurityGroup.py
3969	CKV_YC_1	resource	yandex_mdb_mysql_cluster	Ensure security group is assigned to database cluster.	Terraform	MDBSecurityGroup.py
3970	CKV_YC_1	resource	yandex_mdb_postgresql_cluster	Ensure security group is assigned to database cluster.	Terraform	MDBSecurityGroup.py
3971	CKV_YC_1	resource	yandex_mdb_redis_cluster	Ensure security group is assigned to database cluster.	Terraform	MDBSecurityGroup.py
3972	CKV_YC_1	resource	yandex_mdb_sqlserver_cluster	Ensure security group is assigned to database cluster.	Terraform	MDBSecurityGroup.py
3973	CKV_YC_2	resource	yandex_compute_instance	Ensure compute instance does not have public IP.	Terraform	ComputeVMPublicIP.py
3974	CKV_YC_3	resource	yandex_storage_bucket	Ensure storage bucket is encrypted.	Terraform	ObjectStorageBucketEncryption.py
3975	CKV_YC_4	resource	yandex_compute_instance	Ensure compute instance does not have serial console enabled.	Terraform	ComputeVMSerialConsole.py
3976	CKV_YC_5	resource	yandex_kubernetes_cluster	Ensure Kubernetes cluster does not have public IP address.	Terraform	K8SPublicIP.py
3977	CKV_YC_6	resource	yandex_kubernetes_node_group	Ensure Kubernetes cluster node group does not have public IP addresses.	Terraform	K8SNodeGroupPublicIP.py
3978	CKV_YC_7	resource	yandex_kubernetes_cluster	Ensure Kubernetes cluster auto-upgrade is enabled.	Terraform	K8SAutoUpgrade.py
3979	CKV_YC_8	resource	yandex_kubernetes_node_group	Ensure Kubernetes node group auto-upgrade is enabled.	Terraform	K8SNodeGroupAutoUpgrade.py
3980	CKV_YC_9	resource	yandex_kms_symmetric_key	Ensure KMS symmetric key is rotated.	Terraform	KMSSymmetricKeyRotation.py
3981	CKV_YC_10	resource	yandex_kubernetes_cluster	Ensure etcd database is encrypted with KMS key.	Terraform	K8SEtcdKMSEncryption.py
3982	CKV_YC_11	resource	yandex_compute_instance	Ensure security group is assigned to network interface.	Terraform	ComputeVMSecurityGroup.py
3983	CKV_YC_12	resource	yandex_mdb_clickhouse_cluster	Ensure public IP is not assigned to database cluster.	Terraform	MDBPublicIP.py
3984	CKV_YC_12	resource	yandex_mdb_elasticsearch_cluster	Ensure public IP is not assigned to database cluster.	Terraform	MDBPublicIP.py
3985	CKV_YC_12	resource	yandex_mdb_greenplum_cluster	Ensure public IP is not assigned to database cluster.	Terraform	MDBPublicIP.py
3986	CKV_YC_12	resource	yandex_mdb_kafka_cluster	Ensure public IP is not assigned to database cluster.	Terraform	MDBPublicIP.py
3987	CKV_YC_12	resource	yandex_mdb_mongodb_cluster	Ensure public IP is not assigned to database cluster.	Terraform	MDBPublicIP.py
3988	CKV_YC_12	resource	yandex_mdb_mysql_cluster	Ensure public IP is not assigned to database cluster.	Terraform	MDBPublicIP.py
3989	CKV_YC_12	resource	yandex_mdb_postgresql_cluster	Ensure public IP is not assigned to database cluster.	Terraform	MDBPublicIP.py
3990	CKV_YC_12	resource	yandex_mdb_sqlserver_cluster	Ensure public IP is not assigned to database cluster.	Terraform	MDBPublicIP.py
3991	CKV_YC_13	resource	yandex_resourcemanager_cloud_iam_binding	Ensure cloud member does not have elevated access.	Terraform	IAMCloudElevatedMembers.py
3992	CKV_YC_13	resource	yandex_resourcemanager_cloud_iam_member	Ensure cloud member does not have elevated access.	Terraform	IAMCloudElevatedMembers.py
3993	CKV_YC_14	resource	yandex_kubernetes_cluster	Ensure security group is assigned to Kubernetes cluster.	Terraform	K8SSecurityGroup.py
3994	CKV_YC_15	resource	yandex_kubernetes_node_group	Ensure security group is assigned to Kubernetes node group.	Terraform	K8SNodeGroupSecurityGroup.py
3995	CKV_YC_16	resource	yandex_kubernetes_cluster	Ensure network policy is assigned to Kubernetes cluster.	Terraform	K8SNetworkPolicy.py
3996	CKV_YC_17	resource	yandex_storage_bucket	Ensure storage bucket does not have public access permissions.	Terraform	ObjectStorageBucketPublicAccess.py
3997	CKV_YC_18	resource	yandex_compute_instance_group	Ensure compute instance group does not have public IP.	Terraform	ComputeInstanceGroupPublicIP.py
3998	CKV_YC_19	resource	yandex_vpc_security_group	Ensure security group does not contain allow-all rules.	Terraform	VPCSecurityGroupAllowAll.py
3999	CKV_YC_20	resource	yandex_vpc_security_group_rule	Ensure security group rule is not allow-all.	Terraform	VPCSecurityGroupRuleAllowAll.py
4000	CKV_YC_21	resource	yandex_organizationmanager_organization_iam_binding	Ensure organization member does not have elevated access.	Terraform	IAMOrganizationElevatedMembers.py
4001	CKV_YC_21	resource	yandex_organizationmanager_organization_iam_member	Ensure organization member does not have elevated access.	Terraform	IAMOrganizationElevatedMembers.py
4002	CKV_YC_22	resource	yandex_compute_instance_group	Ensure compute instance group has security group assigned.	Terraform	ComputeInstanceGroupSecurityGroup.py
4003	CKV_YC_23	resource	yandex_resourcemanager_folder_iam_binding	Ensure folder member does not have elevated access.	Terraform	IAMFolderElevatedMembers.py
4004	CKV_YC_23	resource	yandex_resourcemanager_folder_iam_member	Ensure folder member does not have elevated access.	Terraform	IAMFolderElevatedMembers.py
4005	CKV_YC_24	resource	yandex_organizationmanager_organization_iam_binding	Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible.	Terraform	IAMPassportAccountUsage.py
4006	CKV_YC_24	resource	yandex_organizationmanager_organization_iam_member	Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible.	Terraform	IAMPassportAccountUsage.py
4007	CKV_YC_24	resource	yandex_resourcemanager_cloud_iam_binding	Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible.	Terraform	IAMPassportAccountUsage.py
4008	CKV_YC_24	resource	yandex_resourcemanager_cloud_iam_member	Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible.	Terraform	IAMPassportAccountUsage.py
4009	CKV_YC_24	resource	yandex_resourcemanager_folder_iam_binding	Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible.	Terraform	IAMPassportAccountUsage.py
4010	CKV_YC_24	resource	yandex_resourcemanager_folder_iam_member	Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible.	Terraform	IAMPassportAccountUsage.py

---