Update README.md #120

Yoavast · 2023-09-06T07:13:24Z

No description provided.

Yoavast · 2023-09-06T07:15:45Z

Checkmarx One – Scan Summary & Details – 495081fe-288e-4689-a657-4fec0ff10f1d

New Issues

Issue	Source File / Package	Checkmarx Insight
ALB Listening on HTTP	/positive2.tf: 70	AWS Application Load Balancer (alb) should not listen on HTTP
ALB Listening on HTTP	/positive1.tf: 9	AWS Application Load Balancer (alb) should not listen on HTTP
CVE-2017-1000048	Npm-qs-6.0.0	Vulnerable Package
CVE-2019-10744	Npm-lodash-4.17.11	Vulnerable Package
CVE-2020-7212	Python-urllib3-1.25.7	Vulnerable Package
CVE-2020-8203	Npm-lodash-4.17.11	Vulnerable Package
CVE-2021-23337	Npm-lodash-4.17.11	Vulnerable Package
CVE-2021-28235	Go-go.etcd.io/etcd/server/v3-v3.5.0	Vulnerable Package
CVE-2021-33503	Python-urllib3-1.25.7	Vulnerable Package
CVE-2021-4229	Npm-ua-parser-js-0.7.29	Vulnerable Package
CVE-2022-1996	Go-github.com/emicklei/go-restful-v2.9.5	Vulnerable Package
CVE-2022-21698	Go-github.com/prometheus/client_golang-v1.11.0	Vulnerable Package
CVE-2022-24999	Npm-qs-6.0.0	Vulnerable Package
CVE-2022-25927	Npm-ua-parser-js-0.7.29	Vulnerable Package
CVE-2022-27191	Go-golang.org/x/crypto-v0.0.0-20211202192323-5770296d904e	Vulnerable Package
CVE-2022-28948	Go-gopkg.in/yaml.v3-v3.0.0-20210107192922-496545a6307b	Vulnerable Package
CVE-2022-32149	Go-golang.org/x/text-v0.3.7	Vulnerable Package
CVE-2022-34038	Go-go.etcd.io/etcd/pkg/v3-v3.5.0	Vulnerable Package
CVE-2022-41723	Go-golang.org/x/net-v0.0.0-20220225172249-27dd8689420f	Vulnerable Package
CVE-2023-2253	Go-github.com/docker/distribution-v0.0.0-20180920194744-16128bbac47f	Vulnerable Package
CVE-2023-30861	Python-Flask-2.0.2	Vulnerable Package
CVE-2023-37788	Go-github.com/elazarl/goproxy-v0.0.0-20180725130230-947c36da3153	Vulnerable Package
Cx0a21eeca-49b1	Npm-scs-0.0.1	Vulnerable Package
Cx0b414307-5d4b	Npm-lodash-4.17.11	Vulnerable Package
Cx0b915a4a-2d97	Npm-scs-0.0.1	Vulnerable Package
Cx0eb7d3da-c52e	Python-azure-powerbiembedded-6969.99.99	Vulnerable Package
Cx18e041aa-8a63	Npm-node-ipc-9.2.2	Vulnerable Package
Cx21f588f7-f9cb	Npm-ua-parser-js-0.7.29	Vulnerable Package
Cx4ca27ec0-0c96	Npm-scs-0.0.1	Vulnerable Package
Cx4d89cd75-1e27	Python-azure-powerbiembedded-6969.99.99	Vulnerable Package
Cx68e4da20-b53a	Npm-ua-parser-js-0.7.29	Vulnerable Package
Cx6bee2138-4df0	Npm-flow-dev-tools-99.10.9	Vulnerable Package
Cx6eb8ff4e-c9cf	Npm-flow-dev-tools-99.10.9	Vulnerable Package
Cx7401d0a9-2786	Npm-ua-parser-js-0.7.29	Vulnerable Package
Cx8079a3fb-ff1f	Npm-ua-parser-js-0.7.29	Vulnerable Package
Cx8147ddef-ae09	Python-azure-powerbiembedded-6969.99.99	Vulnerable Package
Cx86e7ca06-a018	Python-not-particularly-2.5.0	Vulnerable Package
Cx9f739bef-35bb	Npm-flow-dev-tools-99.10.9	Vulnerable Package
Cxa45b0853-bee2	Npm-momnet-2.29.1	Vulnerable Package
Cxae9d1b09-2adb	Npm-scs-0.0.1	Vulnerable Package
Cxb52dba53-66d2	Python-not-particularly-2.5.0	Vulnerable Package
Cxb667b900-bec1	Python-azure-powerbiembedded-6969.99.99	Vulnerable Package
Cxba94c01e-a95d	Npm-ua-parser-js-0.7.29	Vulnerable Package
Cxbec87a55-fe55	Npm-node-ipc-9.2.2	Vulnerable Package
Cxc73fdf59-ac18	Npm-ua-parser-js-0.7.29	Vulnerable Package
Cxcc09496a-59c8	Npm-js-yaml-3.6.1	Vulnerable Package
Cxccd8b30c-808c	Npm-scs-0.0.1	Vulnerable Package
Cxd55dbf56-4d06	Npm-scs-0.0.1	Vulnerable Package
Cxdca8e59f-8bfe	Npm-inflight-1.0.6	Vulnerable Package
Cxec49316b-56df	Npm-js-yaml-3.6.1	Vulnerable Package
Cxfd197ca1-b64b	Npm-momnet-2.29.1	Vulnerable Package
EC2 Instance Has Public IP	/positive2.tf: 108	EC2 Instance should not have a public IP address.
EC2 Instance Has Public IP	/negative2.tf: 109	EC2 Instance should not have a public IP address.
EC2 Instance Has Public IP	/negative2.tf: 83	EC2 Instance should not have a public IP address.
EC2 Instance Has Public IP	/positive2.tf: 82	EC2 Instance should not have a public IP address.
EC2 Instance Has Public IP	/negative2.tf: 96	EC2 Instance should not have a public IP address.
EC2 Instance Has Public IP	/positive2.tf: 95	EC2 Instance should not have a public IP address.
Missing User Instruction	/Dockerfile: 1	A user should be specified in the dockerfile, otherwise the image will run as root
ALB Not Dropping Invalid Headers	/positive2.tf: 49	It's considered a best practice when using Application Load Balancers to drop invalid header fields
ALB Not Dropping Invalid Headers	/negative2.tf: 49	It's considered a best practice when using Application Load Balancers to drop invalid header fields
ALB Not Dropping Invalid Headers	/negative1.tf: 15	It's considered a best practice when using Application Load Balancers to drop invalid header fields
ALB Not Dropping Invalid Headers	/positive1.tf: 15	It's considered a best practice when using Application Load Balancers to drop invalid header fields
Apt Get Install Pin Version Not Defined	/Dockerfile: 5	When installing a package, its pin version should be defined
CVE-2020-26137	Python-urllib3-1.25.7	Vulnerable Package
CVE-2020-28500	Npm-lodash-4.17.11	Vulnerable Package
CVE-2020-8554	Go-k8s.io/api-v0.23.5	Vulnerable Package
CVE-2022-29526	Go-golang.org/x/sys-v0.0.0-20211216021012-1d35b9e2eb4e	Vulnerable Package
CVE-2022-41717	Go-golang.org/x/net-v0.0.0-20220225172249-27dd8689420f	Vulnerable Package
CVE-2023-32082	Go-go.etcd.io/etcd/server/v3-v3.5.0	Vulnerable Package
Cx3bb8deb1-b4c0	Npm-scs-0.0.1	Vulnerable Package
Cx3cf24ca3-dd23	Npm-ua-parser-js-0.7.29	Vulnerable Package
Cx65afcea4-5e85	Npm-event-pubsub-5.0.3	Vulnerable Package
Cx743605c8-a95e	Npm-momnet-2.29.1	Vulnerable Package
Cxa29f6cb5-3c84	Python-azure-powerbiembedded-6969.99.99	Vulnerable Package
Cxba768ce4-aa4e	Npm-node-ipc-9.2.2	Vulnerable Package
Cxc09edd5e-4a9e	Npm-strong-type-0.1.6	Vulnerable Package
Cxf7a33198-8ff8	Npm-node-ipc-9.2.2	Vulnerable Package
VPC Without Network Firewall	/negative2.tf: 26	VPC should have a Network Firewall associated
VPC Without Network Firewall	/positive2.tf: 26	VPC should have a Network Firewall associated
ALB Deletion Protection Disabled	/negative1.tf: 15	Application Load Balancer should have deletion protection enabled
ALB Deletion Protection Disabled	/positive1.tf: 15	Application Load Balancer should have deletion protection enabled
ALB Deletion Protection Disabled	/positive2.tf: 49	Application Load Balancer should have deletion protection enabled
ALB Deletion Protection Disabled	/negative2.tf: 49	Application Load Balancer should have deletion protection enabled
Cx786c6ee9-1022	Go-github.com/opencontainers/image-spec-v1.0.1	Vulnerable Package
EC2 Instance Using Default Security Group	/negative2.tf: 110	EC2 instances should not use default security group(s)
EC2 Instance Using Default Security Group	/negative2.tf: 84	EC2 instances should not use default security group(s)
EC2 Instance Using Default Security Group	/positive2.tf: 96	EC2 instances should not use default security group(s)
EC2 Instance Using Default Security Group	/positive2.tf: 83	EC2 instances should not use default security group(s)
EC2 Instance Using Default Security Group	/negative2.tf: 97	EC2 instances should not use default security group(s)
EC2 Instance Using Default Security Group	/positive2.tf: 109	EC2 instances should not use default security group(s)
Healthcheck Instruction Missing	/Dockerfile: 1	Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
IAM Access Analyzer Not Enabled	/negative1.tf: 1	IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions
Shield Advanced Not In Use	/negative1.tf: 15	AWS Shield Advanced should be used for Amazon Route 53 hosted zone, AWS Global Accelerator accelerator, Elastic IP Address, Elastic Load Balancing,...
Shield Advanced Not In Use	/negative2.tf: 49	AWS Shield Advanced should be used for Amazon Route 53 hosted zone, AWS Global Accelerator accelerator, Elastic IP Address, Elastic Load Balancing,...
Shield Advanced Not In Use	/positive1.tf: 15	AWS Shield Advanced should be used for Amazon Route 53 hosted zone, AWS Global Accelerator accelerator, Elastic IP Address, Elastic Load Balancing,...
Shield Advanced Not In Use	/positive2.tf: 49	AWS Shield Advanced should be used for Amazon Route 53 hosted zone, AWS Global Accelerator accelerator, Elastic IP Address, Elastic Load Balancing,...
VPC FlowLogs Disabled	/negative2.tf: 26	Every VPC resource should have an associated Flow Log
VPC FlowLogs Disabled	/positive2.tf: 26	Every VPC resource should have an associated Flow Log