Checkmarx · gabriel-cx · Apr 11, 2024 · Apr 11, 2024 · Apr 11, 2024 · Apr 11, 2024
@@ -2,7 +2,7 @@
   "id": "9232306a-f839-40aa-b3ef-b352001da9a5",
   "queryName": "S3 Bucket Without Versioning",
   "severity": "MEDIUM",
-  "category": "Observability",
+  "category": "Backup",
   "descriptionText": "S3 bucket should have versioning enabled",
   "descriptionUrl": "https://docs.ansible.com/ansible/latest/collections/amazon/aws/s3_bucket_module.html#parameter-versioning",
   "platform": "Ansible",

@@ -2,7 +2,7 @@
   "id": "2081c7d6-2851-4cce-bda5-cb49d462da42",
   "queryName": "Standard Price Is Not Selected",
   "severity": "LOW",
-  "category": "Networking and Firewall",
+  "category": "Resource Management",
   "descriptionText": "Azure Security Center provides more features for standard pricing mode, so it must be activated.",
   "descriptionUrl": "https://docs.microsoft.com/en-us/azure/templates/microsoft.security/pricings?tabs=json#pricingproperties-object",
   "platform": "AzureResourceManager",

@@ -2,7 +2,7 @@
   "id": "a58d1a2d-4078-4b80-855b-84cc3f7f4540",
   "queryName": "IAM Group Inline Policies",
   "severity": "MEDIUM",
-  "category": "Encryption",
+  "category": "Access Control",
   "descriptionText": "IAM Groups should not use inline policies and instead use managed policies. If a group is deleted, the inline policy is also deleted",
   "descriptionUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-group.html",
   "platform": "CloudFormation",

@@ -2,7 +2,7 @@
   "id": "06adef8c-c284-4de7-aad2-af43b07a8ca1",
   "queryName": "IAM User LoginProfile Password Is In Plaintext",
   "severity": "HIGH",
-  "category": "Insecure Configurations",
+  "category": "Secret Management",
   "descriptionText": "IAM User LoginProfile Password must not be a plaintext string",
   "descriptionUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-iam-user.html",
   "platform": "CloudFormation",

@@ -2,7 +2,7 @@
   "id": "2b1d4935-9acf-48a7-8466-10d18bf51a69",
   "queryName": "RDS Multi-AZ Deployment Disabled",
   "severity": "MEDIUM",
-  "category": "Backup",
+  "category": "Availability",
   "descriptionText": "AWS RDS Instance should have a multi-az deployment",
   "descriptionUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html",
   "platform": "CloudFormation",

@@ -2,7 +2,7 @@
   "id": "a227ec01-f97a-4084-91a4-47b350c1db54",
   "queryName": "S3 Bucket Without Versioning",
   "severity": "MEDIUM",
-  "category": "Observability",
+  "category": "Backup",
   "descriptionText": "S3 bucket should have versioning enabled",
   "descriptionUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html",
   "platform": "CloudFormation",

@@ -2,7 +2,7 @@
   "id": "9025b2b3-e554-4842-ba87-db7aeec36d35",
   "queryName": "Unscanned ECR Image",
   "severity": "LOW",
-  "category": "Encryption",
+  "category": "Observability",
   "descriptionText": "Checks if the ECR Image has been scanned",
   "descriptionUrl": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration",
   "platform": "CloudFormation",

@@ -2,7 +2,7 @@
   "id": "6c7cfec3-c686-4ed2-bf58-a1ec054b63fc",
   "queryName": "Redis Cache Allows Non SSL Connections",
   "severity": "MEDIUM",
-  "category": "Encryption",
+  "category": "Insecure Configurations",
   "descriptionText": "Redis Cache resource should not allow non-SSL connections.",
   "descriptionUrl": "https://doc.crds.dev/github.com/crossplane/provider-azure/cache.azure.crossplane.io/Redis/v1beta1@v0.19.0#spec-forProvider-enableNonSslPort",
   "platform": "Crossplane",

@@ -2,11 +2,12 @@
   "id": "71bf8cf8-f0a1-42fa-b9d2-d10525e0a38e",
   "queryName": "UNIX Ports Out Of Range",
   "severity": "INFO",
-  "category": "Availability",
+  "category": "Networking and Firewall",
   "descriptionText": "Exposing UNIX ports out of range from 0 to 65535",
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#expose",
   "platform": "Dockerfile",
   "descriptionID": "fed3d812",
   "cwe": "682",
-  "oldSeverity": "HIGH"
+  "oldSeverity": "HIGH",
+  "cloudProvider" : "common"
 }
@@ -2,7 +2,7 @@
   "id": "49e30ac8-f58e-4222-b488-3dcb90158ec1",
   "queryName": "Redis Cache Allows Non SSL Connections",
   "severity": "MEDIUM",
-  "category": "Encryption",
+  "category": "Insecure Configurations",
   "descriptionText": "Redis Cache resource should not allow non-SSL connections.",
   "descriptionUrl": "https://www.pulumi.com/registry/packages/azure-native/api-docs/cache/redis/#enablenonsslport_yaml",
   "platform": "Pulumi",

@@ -2,7 +2,7 @@
   "id": "96ed3526-0179-4c73-b1b2-372fde2e0d13",
   "queryName": "Default VPC Exists",
   "severity": "MEDIUM",
-  "category": "Observability",
+  "category": "Insecure Defaults",
   "descriptionText": "It isn't recommended to use resources in default VPC",
   "descriptionUrl": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/default_vpc",
   "platform": "Terraform",

@@ -2,7 +2,7 @@
   "id": "e542bd46-58c4-4e0f-a52a-1fb4f9548e02",
   "queryName": "RDS Cluster With Backup Disabled",
   "severity": "MEDIUM",
-  "category": "Best Practices",
+  "category": "Backup",
   "descriptionText": "RDS Cluster backup retention period should be specifically defined",
   "descriptionUrl": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster#backup_retention_period",
   "platform": "Terraform",

@@ -2,7 +2,7 @@
   "id": "4bd15dd9-8d5e-4008-8532-27eb0c3706d3",
   "queryName": "Redis Disabled",
   "severity": "LOW",
-  "category": "Encryption",
+  "category": "Insecure Configurations",
   "descriptionText": "ElastiCache should have Redis enabled, since it covers Compliance Certifications such as FedRAMP, HIPAA, and PCI DSS. For more information, take a look at 'https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/SelectEngine.html'",
   "descriptionUrl": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticache_cluster#engine",
   "platform": "Terraform",

@@ -2,7 +2,7 @@
   "id": "568a4d22-3517-44a6-a7ad-6a7eed88722c",
   "queryName": "S3 Bucket Without Versioning",
   "severity": "MEDIUM",
-  "category": "Observability",
+  "category": "Backup",
   "descriptionText": "S3 bucket should have versioning enabled",
   "descriptionUrl": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#versioning",
   "platform": "Terraform",

@@ -2,7 +2,7 @@
   "id": "9630336b-3fed-4096-8173-b9afdfe346a7",
   "queryName": "Unscanned ECR Image",
   "severity": "LOW",
-  "category": "Encryption",
+  "category": "Observability",
   "descriptionText": "Checks if the ECR Image has been scanned",
   "descriptionUrl": "https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_repository#scan_on_push",
   "platform": "Terraform",

@@ -2,7 +2,7 @@
   "id": "704fcc44-a58f-4af5-82e2-93f2a58ef918",
   "queryName": "User with IAM Role",
   "severity": "LOW",
-  "category": "Best Practices",
+  "category": "Access Control",
   "descriptionText": "As a best practice, it is better to assign an IAM Role to a group than to a user",
   "descriptionUrl": "https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/iam_policy#role",
   "platform": "Terraform",

@@ -87,7 +87,7 @@
 			"severity": "MEDIUM",
 			"platform": "CloudFormation",
 			"cloud_provider": "AWS",
-			"category": "Backup",
+			"category": "Availability",
 			"experimental": false,
 			"description": "AWS RDS Instance should have a multi-az deployment",
 			"description_id": "4bdb6677",