Skip to content

Commit

Permalink
test iacbot
Browse files Browse the repository at this point in the history 
Signed-off-by: Hemanth Gokavarapu <[email protected]>
  • Loading branch information
@hemanthgk10
hemanthgk10 committed Apr 13, 2021
1 parent 23d2480 commit 5c76762
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,5 @@

![Sad Cloud](.images/sad-cloud.png)


Repository containing a variety of misconfigured Terraform, CloudFormation, and Kubernetes resources
for AWS, GCP and Azure.

3 comments on commit 5c76762

@iacbot-demo
Copy link

@iacbot-demo iacbot-demo bot commented on 5c76762 Apr 14, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ We found 43 few issues in your pull request.

Summary: 43 Issues Found
  • Critical : 1
  • High : 1
  • Info : 0
  • Low : 2
  • Medium : 22
  • Warn : 0
Details
Title Severity File Remediation
Provider 'provider.aws' has an access key specified High provider.tf VIEW
Resource 'google_container_cluster.primary' defines a cluster with no Pod Security Policy config defined High kubernetes.tf VIEW
Resource 'google_container_cluster.primary' defines a cluster using basic auth with static passwords for client authentication High kubernetes.tf VIEW
Resource 'google_container_cluster.primary' defines a cluster with shielded nodes disabled High kubernetes.tf VIEW
Resource 'google_container_cluster.primary' does not override the default service account High kubernetes.tf VIEW
Resource 'aws_security_group.web' defines a fully open ingress security group Medium security.tf VIEW
Resource 'aws_security_group.nat' defines a fully open ingress security group Medium security.tf VIEW
Variable 'variable.adminPassword' includes a potentially sensitive default value Medium variables.tf VIEW
Variable 'variable.password' includes a potentially sensitive default value Medium variables.tf VIEW
Block 'provider.aws' includes a potentially sensitive attribute which is defined within the project Medium provider.tf VIEW
Resource 'aws_security_group.nat' defines a fully open ingress security group Medium security.tf VIEW
Resource 'aws_security_group.nat' defines a fully open egress security group Medium security.tf VIEW
Resource 'aws_security_group.nat' defines a fully open egress security group Medium security.tf VIEW
Variable 'variable.aws_secret_key' includes a potentially sensitive default value Medium variables.tf VIEW
Block 'provider.azurerm' includes a potentially sensitive attribute which is defined within the project Medium provider.tf VIEW
Resource 'aws_security_group.web' defines a fully open ingress security group Medium security.tf VIEW
Variable 'variable.client_secret' includes a potentially sensitive default value Medium variables.tf VIEW
Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Critical security.tf VIEW
Ensure master authorized networks is set to enabled in GKE clusters High kubernetes.tf VIEW
Ensure VPC subnets do not assign public IP by default Medium infrastructure.tf VIEW
Ensure that detailed monitoring is enabled for EC2 instances Medium nat-server.tf VIEW
Ensure that EC2 is EBS optimized Medium nat-server.tf VIEW
Ensure all data stored in the Launch configuration EBS is securely encrypted Medium nat-server.tf VIEW
Ensure that Network Interfaces don't use public IPs Medium vmdeploy.tf VIEW
Ensure Kubernetes Cluster is created with Alias IP ranges enabled Medium kubernetes.tf VIEW
Ensure GKE basic auth is disabled Medium kubernetes.tf VIEW
Ensure use of Binary Authorization Medium kubernetes.tf VIEW
Ensure a client certificate is used by clients to authenticate to Kubernetes Engine Clusters Medium kubernetes.tf VIEW
Ensure Shielded GKE Nodes are Enabled Medium kubernetes.tf VIEW
Enable VPC Flow Logs and Intranode Visibility Medium kubernetes.tf VIEW
Manage Kubernetes RBAC users with Google Groups for GKE Medium kubernetes.tf VIEW
Ensure legacy Compute Engine instance metadata APIs are Disabled Medium kubernetes.tf VIEW
Ensure the GKE Metadata Server is Enabled Medium kubernetes.tf VIEW
Ensure Network Policy is enabled on Kubernetes Engine Clusters Medium kubernetes.tf VIEW
Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters Medium kubernetes.tf VIEW
Ensure Kubernetes Cluster is created with Private cluster enabled Medium kubernetes.tf VIEW
Ensure clusters are created with Private Nodes Medium kubernetes.tf VIEW
Ensure the GKE Release Channel is set Medium kubernetes.tf VIEW
Ensure Secure Boot for Shielded GKE Nodes is Enabled Medium kubernetes.tf VIEW
Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK) Medium gce-volumes.tf VIEW
Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK) Medium gce-volumes.tf VIEW
Ensure Instance Metadata Service Version 1 is not enabled Low nat-server.tf VIEW
Ensure Kubernetes Clusters are configured with Labels Low kubernetes.tf VIEW

💻 Please visit the Assessment for more information.

📊 To view the diff summary.

⚙️ Modify the PR settings of Soluble.

💬 Share your feedback with us.

@iacbot-demo
Copy link

@iacbot-demo iacbot-demo bot commented on 5c76762 Apr 14, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ We found 43 few issues in your pull request.

Summary: 43 Issues Found
  • Critical : 1
  • High : 1
  • Medium : 22
  • Warn : 0
  • Low : 2
  • Info : 0
Details
Title Severity File Remediation
Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 Critical security.tf VIEW
Resource 'google_container_cluster.primary' defines a cluster with no Pod Security Policy config defined High kubernetes.tf VIEW
Resource 'google_container_cluster.primary' does not override the default service account High kubernetes.tf VIEW
Resource 'google_container_cluster.primary' defines a cluster using basic auth with static passwords for client authentication High kubernetes.tf VIEW
Resource 'google_container_cluster.primary' defines a cluster with shielded nodes disabled High kubernetes.tf VIEW
Provider 'provider.aws' has an access key specified High provider.tf VIEW
Ensure master authorized networks is set to enabled in GKE clusters High kubernetes.tf VIEW
Ensure Instance Metadata Service Version 1 is not enabled Low nat-server.tf VIEW
Ensure Kubernetes Clusters are configured with Labels Low kubernetes.tf VIEW
Variable 'variable.aws_secret_key' includes a potentially sensitive default value Medium variables.tf VIEW
Resource 'aws_security_group.nat' defines a fully open egress security group Medium security.tf VIEW
Block 'provider.azurerm' includes a potentially sensitive attribute which is defined within the project Medium provider.tf VIEW
Resource 'aws_security_group.web' defines a fully open ingress security group Medium security.tf VIEW
Variable 'variable.client_secret' includes a potentially sensitive default value Medium variables.tf VIEW
Resource 'aws_security_group.nat' defines a fully open ingress security group Medium security.tf VIEW
Variable 'variable.adminPassword' includes a potentially sensitive default value Medium variables.tf VIEW
Resource 'aws_security_group.web' defines a fully open ingress security group Medium security.tf VIEW
Block 'provider.aws' includes a potentially sensitive attribute which is defined within the project Medium provider.tf VIEW
Resource 'aws_security_group.nat' defines a fully open egress security group Medium security.tf VIEW
Variable 'variable.password' includes a potentially sensitive default value Medium variables.tf VIEW
Resource 'aws_security_group.nat' defines a fully open ingress security group Medium security.tf VIEW
Ensure VPC subnets do not assign public IP by default Medium infrastructure.tf VIEW
Ensure that detailed monitoring is enabled for EC2 instances Medium nat-server.tf VIEW
Ensure that EC2 is EBS optimized Medium nat-server.tf VIEW
Ensure all data stored in the Launch configuration EBS is securely encrypted Medium nat-server.tf VIEW
Ensure that Network Interfaces don't use public IPs Medium vmdeploy.tf VIEW
Ensure Kubernetes Cluster is created with Alias IP ranges enabled Medium kubernetes.tf VIEW
Ensure GKE basic auth is disabled Medium kubernetes.tf VIEW
Ensure use of Binary Authorization Medium kubernetes.tf VIEW
Ensure a client certificate is used by clients to authenticate to Kubernetes Engine Clusters Medium kubernetes.tf VIEW
Ensure Shielded GKE Nodes are Enabled Medium kubernetes.tf VIEW
Enable VPC Flow Logs and Intranode Visibility Medium kubernetes.tf VIEW
Manage Kubernetes RBAC users with Google Groups for GKE Medium kubernetes.tf VIEW
Ensure legacy Compute Engine instance metadata APIs are Disabled Medium kubernetes.tf VIEW
Ensure the GKE Metadata Server is Enabled Medium kubernetes.tf VIEW
Ensure Network Policy is enabled on Kubernetes Engine Clusters Medium kubernetes.tf VIEW
Ensure PodSecurityPolicy controller is enabled on the Kubernetes Engine Clusters Medium kubernetes.tf VIEW
Ensure Kubernetes Cluster is created with Private cluster enabled Medium kubernetes.tf VIEW
Ensure clusters are created with Private Nodes Medium kubernetes.tf VIEW
Ensure the GKE Release Channel is set Medium kubernetes.tf VIEW
Ensure Secure Boot for Shielded GKE Nodes is Enabled Medium kubernetes.tf VIEW
Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK) Medium gce-volumes.tf VIEW
Ensure VM disks for critical VMs are encrypted with Customer Supplied Encryption Keys (CSEK) Medium gce-volumes.tf VIEW

💻 Please visit the Assessment for more information.

📊 To view the diff summary.

⚙️ Modify the PR settings of Soluble.

💬 Share your feedback with us.

@iacbot-demo
Copy link

@iacbot-demo iacbot-demo bot commented on 5c76762 Apr 16, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

com.amazonaws.SdkClientException: Unable to execute HTTP request: Read timed out

Please sign in to comment.