View Code? Open in Web Editor
NEW
This project forked from bridgecrewio /terragoat
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
Home Page: https://www.bridgecrew.io/
License: Apache License 2.0
HCL 99.97%
Dockerfile 0.03%
terragoat's People
terragoat's Issues
gke.tf - Ensure legacy Compute Engine instance metadata APIs are Disabled
Violation detected in /terraform/gcp/gke.tf:[6-22]
๐ File Type:
terraform
โ Details - Ensure legacy Compute Engine instance metadata APIs are Disabled
aks.tf - Ensure that AKS enables private clusters
Violation detected in /terraform/azure/aks.tf:[1-35]
๐ File Type:
terraform
โ Details - Ensure that AKS enables private clusters
application_gateway.tf - Ensure that Application Gateway enables WAF
Violation detected in /terraform/azure/application_gateway.tf:[1-66]
๐ File Type:
terraform
โ Details - Ensure that Application Gateway enables WAF
gke.tf - Ensure the GKE Metadata Server is Enabled
Violation detected in /terraform/gcp/gke.tf:[24-31]
๐ File Type:
terraform
โ Details - Ensure the GKE Metadata Server is Enabled
es.tf - Ensure all data stored in the Elasticsearch is encrypted with a CMK
Violation detected in /terraform/aws/es.tf:[1-27]
๐ File Type:
terraform
โ Details - Ensure all data stored in the Elasticsearch is encrypted with a CMK
gcs.tf - Ensure Cloud storage has versioning enabled
Violation detected in /terraform/gcp/gcs.tf:[1-14]
๐ File Type:
terraform
โ Details - Ensure Cloud storage has versioning enabled
networking.tf - Ensure that RDP access is restricted from the internet
Violation detected in /terraform/azure/networking.tf:[69-107]
๐ File Type:
terraform
โ Details - Ensure that RDP access is restricted from the internet
aks.tf - Ensure Kubernetes Dashboard is disabled
Violation detected in /terraform/azure/aks.tf:[1-35]
๐ File Type:
terraform
โ Details - Ensure Kubernetes Dashboard is disabled
s3.tf - Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)
Violation detected in /terraform/aws/s3.tf:[24-41]
๐ File Type:
terraform
โ Details - Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)
gke.tf - Ensure use of Binary Authorization
Violation detected in /terraform/gcp/gke.tf:[6-22]
๐ File Type:
terraform
โ Details - Ensure use of Binary Authorization
storage.tf - Ensure that 'Secure transfer required' is set to 'Enabled'
Violation detected in /terraform/azure/storage.tf:[23-60]
๐ File Type:
terraform
โ Details - Ensure that 'Secure transfer required' is set to 'Enabled'
gke.tf - Ensure Stackdriver Monitoring is set to Enabled on Kubernetes Engine Clusters
Violation detected in /terraform/gcp/gke.tf:[6-22]
๐ File Type:
terraform
โ Details - Ensure Stackdriver Monitoring is set to Enabled on Kubernetes Engine Clusters
storage.tf - Ensure that Storage Accounts use customer-managed key for encryption
Violation detected in /terraform/azure/storage.tf:[23-60]
๐ File Type:
terraform
โ Details - Ensure that Storage Accounts use customer-managed key for encryption
lambda.tf - Ensure that AWS Lambda function is configured for function-level concurrent execution limit
Violation detected in /terraform/aws/lambda.tf:[31-58]
๐ File Type:
terraform
โ Details - Ensure that AWS Lambda function is configured for function-level concurrent execution limit
key_vault.tf - Ensure that key vault enables purge protection
Violation detected in /terraform/azure/key_vault.tf:[1-31]
๐ File Type:
terraform
โ Details - Ensure that key vault enables purge protection
key_vault.tf - Ensure that key vault key is backed by HSM
Violation detected in /terraform/azure/key_vault.tf:[33-56]
๐ File Type:
terraform
โ Details - Ensure that key vault key is backed by HSM
sql.tf - Ensure that PostgreSQL server disables public network access
Violation detected in /terraform/azure/sql.tf:[73-96]
๐ File Type:
terraform
โ Details - Ensure that PostgreSQL server disables public network access
db-app.tf - Ensure Instance Metadata Service Version 1 is not enabled
Violation detected in /terraform/aws/db-app.tf:[242-412]
๐ File Type:
terraform
โ Details - Ensure Instance Metadata Service Version 1 is not enabled
es.tf - Verify Elasticsearch domain is using an up to date TLS policy
Violation detected in /terraform/aws/es.tf:[1-27]
๐ File Type:
terraform
โ Details - Verify Elasticsearch domain is using an up to date TLS policy
lambda.tf - X-ray tracing is enabled for Lambda
Violation detected in /terraform/aws/lambda.tf:[31-58]
๐ File Type:
terraform
โ Details - X-ray tracing is enabled for Lambda
aks.tf - Ensure AKS cluster has Network Policy configured
Violation detected in /terraform/azure/aks.tf:[1-35]
๐ File Type:
terraform
โ Details - Ensure AKS cluster has Network Policy configured
security_center.tf - Ensure that 'Send email notification for high severity alerts' is set to 'On'
Violation detected in /terraform/azure/security_center.tf:[5-9]
๐ File Type:
terraform
โ Details - Ensure that 'Send email notification for high severity alerts' is set to 'On'
gke.tf - Ensure GKE Control Plane is not public
Violation detected in /terraform/gcp/gke.tf:[6-22]
๐ File Type:
terraform
โ Details - Ensure GKE Control Plane is not public
ec2.tf - Ensure all data stored in the S3 bucket have versioning enabled
Violation detected in /terraform/aws/ec2.tf:[271-288]
๐ File Type:
terraform
โ Details - Ensure all data stored in the S3 bucket have versioning enabled
gcs.tf - Ensure that Cloud Storage bucket is not anonymously or publicly accessible
Violation detected in /terraform/gcp/gcs.tf:[16-20]
๐ File Type:
terraform
โ Details - Ensure that Cloud Storage bucket is not anonymously or publicly accessible
instance.tf - Ensure Azure Instance does not use basic authentication(Use SSH Key Instead)
Violation detected in /terraform/azure/instance.tf:[9-42]
๐ File Type:
terraform
โ Details - Ensure Azure Instance does not use basic authentication(Use SSH Key Instead)
sql.tf - Ensure that My SQL server enables geo-redundant backups
Violation detected in /terraform/azure/sql.tf:[44-71]
๐ File Type:
terraform
โ Details - Ensure that My SQL server enables geo-redundant backups
ec2.tf - Ensure that only encrypted EBS volumes are attached to EC2 instances
Violation detected in /terraform/aws/ec2.tf:[34-51]
๐ File Type:
terraform
โ Details - Ensure that only encrypted EBS volumes are attached to EC2 instances
ec2.tf - Ensure no hard-coded secrets exist in EC2 user data
Violation detected in /terraform/aws/ec2.tf:[1-32]
๐ File Type:
terraform
โ Details - Ensure no hard-coded secrets exist in EC2 user data
gke.tf - Ensure Network Policy is enabled on Kubernetes Engine Clusters
Violation detected in /terraform/gcp/gke.tf:[6-22]
๐ File Type:
terraform
โ Details - Ensure Network Policy is enabled on Kubernetes Engine Clusters
big_data.tf - Ensure all Cloud SQL database instance have backup configuration enabled
Violation detected in /terraform/gcp/big_data.tf:[1-19]
๐ File Type:
terraform
โ Details - Ensure all Cloud SQL database instance have backup configuration enabled
es.tf - Ensure all data stored in the Elasticsearch is securely encrypted at rest
Violation detected in /terraform/aws/es.tf:[1-27]
๐ File Type:
terraform
โ Details - Ensure all data stored in the Elasticsearch is securely encrypted at rest
elb.tf - Ensure the ELB has access logging enabled
Violation detected in /terraform/aws/elb.tf:[2-40]
๐ File Type:
terraform
โ Details - Ensure the ELB has access logging enabled
gke.tf - Ensure the GKE Release Channel is set
Violation detected in /terraform/gcp/gke.tf:[6-22]
๐ File Type:
terraform
โ Details - Ensure the GKE Release Channel is set
db-app.tf - Ensure that RDS instances has backup policy
Violation detected in /terraform/aws/db-app.tf:[1-41]
๐ File Type:
terraform
โ Details - Ensure that RDS instances has backup policy
instance.tf - Ensure Windows VM enables encryption
Violation detected in /terraform/azure/instance.tf:[44-77]
๐ File Type:
terraform
โ Details - Ensure Windows VM enables encryption
sql.tf - Ensure that My SQL server enables Threat detection policy
Violation detected in /terraform/azure/sql.tf:[44-71]
๐ File Type:
terraform
โ Details - Ensure that My SQL server enables Threat detection policy
lambda.tf - Check encryption settings for Lambda environmental variable
Violation detected in /terraform/aws/lambda.tf:[31-58]
๐ File Type:
terraform
โ Details - Check encryption settings for Lambda environmental variable
eks.tf - Ensure EKS Cluster has Secrets Encryption Enabled
Violation detected in /terraform/aws/eks.tf:[117-140]
๐ File Type:
terraform
โ Details - Ensure EKS Cluster has Secrets Encryption Enabled
app_service.tf - Ensure App Service Authentication is set on Azure App Service
Violation detected in /terraform/azure/app_service.tf:[43-63]
๐ File Type:
terraform
โ Details - Ensure App Service Authentication is set on Azure App Service
db-app.tf - Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted
Violation detected in /terraform/aws/db-app.tf:[242-412]
๐ File Type:
terraform
โ Details - Ensure all data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted
ec2.tf - Ensure that S3 buckets are encrypted with KMS by default
Violation detected in /terraform/aws/ec2.tf:[271-288]
๐ File Type:
terraform
โ Details - Ensure that S3 buckets are encrypted with KMS by default
gke.tf - Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters
Violation detected in /terraform/gcp/gke.tf:[6-22]
๐ File Type:
terraform
โ Details - Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters
sql.tf - Ensure PostgreSQL is using the latest version of TLS encryption
Violation detected in /terraform/azure/sql.tf:[73-96]
๐ File Type:
terraform
โ Details - Ensure PostgreSQL is using the latest version of TLS encryption
instances.tf - Ensure that IP forwarding is not enabled on Instances
Violation detected in /terraform/gcp/instances.tf:[3-34]
๐ File Type:
terraform
โ Details - Ensure that IP forwarding is not enabled on Instances
neptune.tf - Ensure Neptune storage is securely encrypted
Violation detected in /terraform/aws/neptune.tf:[1-20]
๐ File Type:
terraform
โ Details - Ensure Neptune storage is securely encrypted
big_data.tf - Ensure Cloud SQL database does not have public IP
Violation detected in /terraform/gcp/big_data.tf:[1-19]
๐ File Type:
terraform
โ Details - Ensure Cloud SQL database does not have public IP
sql.tf - Ensure that 'Send Alerts To' is enabled for MSSQL servers
Violation detected in /terraform/azure/sql.tf:[31-42]
๐ File Type:
terraform
โ Details - Ensure that 'Send Alerts To' is enabled for MSSQL servers
es.tf - Ensure that Elasticsearch is configured inside a VPC
Violation detected in /terraform/aws/es.tf:[1-27]
๐ File Type:
terraform
โ Details - Ensure that Elasticsearch is configured inside a VPC
aks.tf - Ensure AKS has an API Server Authorized IP Ranges enabled
Violation detected in /terraform/azure/aks.tf:[1-35]
๐ File Type:
terraform
โ Details - Ensure AKS has an API Server Authorized IP Ranges enabled