You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
What is the outcome that you are trying to reach?
Provide an accurate solution for customer using TFSec with EKS Blueprints dealing with HIGH or CRITICAL security reports, regarding to:
Usage of wildcards on IAM Policies.
Ingress rule for Security Groups with excessive access, either regarding to Ports or CIDR blocks.
Public access to EKS Cluster.
Kubernetes Secrets Encryption.
Describe the solution you would like
Describe alternatives you have considered
Create a good practices guidance for customers using TFSec, so they can address their specific issues using that.
Additional context
There are some specific situations that can create a false positive behavior and others that at may require a more open policy but can be improved as well like some states from Karpenter and regarding EBS CSI Driver.
Today we have a wide set of global rules to workaround some scenarios, that we can improve narrowing to targeted rules.
The text was updated successfully, but these errors were encountered:
Community Note
What is the outcome that you are trying to reach?
Describe the solution you would like
Describe alternatives you have considered
Create a good practices guidance for customers using TFSec, so they can address their specific issues using that.
Additional context
There are some specific situations that can create a false positive behavior and others that at may require a more open policy but can be improved as well like some states from Karpenter and regarding EBS CSI Driver.
Today we have a wide set of global rules to workaround some scenarios, that we can improve narrowing to targeted rules.
The text was updated successfully, but these errors were encountered: