packetcraft / prismacloudappintegrationforgithub-cft Goto Github PK

1.0 1.0 1.0 31 KB

This Prisma Cloud app for GitHub enables you to scan IaC templates to check them against security policies when you open a pull request.

prismacloudappintegrationforgithub-cft's People

Contributors

Stargazers

Watchers

Forkers

fsuleman77

prismacloudappintegrationforgithub-cft's Issues

Prisma Cloud IaC Scan Failed - 8 Issues found in scan

Prisma Cloud Security Issues for pull request : #16

Severity	Policy Name	Files
High	AWS S3 Object Versioning is disabled	./CFT/cft_aws_json_with_issues.json:[5]
High	AWS S3 buckets are accessible to public	./CFT/cft_aws_json_with_issues.json:[8]
High	Adela AWS S3 buckets do not have server side encryption	./CFT/cft_aws_json_with_issues.json:[7]
High	Ivan-Avoid-Publicly-Exposed-S3	./CFT/cft_aws_json_with_issues.json:[8]
High	TMX - AWS S3 buckets are accessible to public	./CFT/cft_aws_json_with_issues.json:[8]
Medium	AWS Access logging not enabled on S3 buckets	./CFT/cft_aws_json_with_issues.json:[7]
Medium	S3 bucket not encrypted	./CFT/cft_aws_json_with_issues.json:[7]
Low	AWS S3 buckets do not have server side encryption	./CFT/cft_aws_json_with_issues.json:[7]

Errors

Error Status	Error Message
BAD_REQUEST	The variable file is not found

Prisma Cloud IaC Scan Failed - 25 Issues found in scan

Prisma Cloud Security Issues for pull request : #6

Severity	Policy Name	Files
High	AWS ECS task definition elevated privileges enabled	./CFT/cft_aws_json_all_issues.json:[76,101]
High	AWS ECS task definition readonlyRootFilesystem not enabled	./CFT/cft_aws_json_all_issues.json:[84]
High	AWS ECS task definition resource limits not set	./CFT/cft_aws_json_all_issues.json:[76,78]
High	AWS Redshift instances are not encrypted	./CFT/cft_aws_json_all_issues.json:[268,272]
High	AWS S3 buckets are accessible to public	./CFT/cft_aws_json_all_issues.json:[8] parameter:[0] ./CFT/cft_aws_json_with_issues.json:[8]
Medium	AWS CloudTrail is not enabled in all regions	./CFT/cft_aws_json_all_issues.json:[50,57]
Medium	AWS CloudTrail logs are not encrypted using Customer Master Keys (CMKs)	./CFT/cft_aws_json_all_issues.json:[50,56]
Medium	AWS Customer Master Key (CMK) rotation is not enabled	./CFT/cft_aws_json_all_issues.json:[70,73]
Medium	AWS ECS task definition logging not enabled	./CFT/cft_aws_json_all_issues.json:[84]
Medium	AWS ElasticSearch cluster not in a VPC	./CFT/cft_aws_json_all_issues.json:[162]
Medium	AWS RDS event subscription disabled for DB security groups	./CFT/cft_aws_json_all_issues.json:[229,265]
Medium	AWS RDS instance is not encrypted	./CFT/cft_aws_json_all_issues.json:[254]
Medium	AWS RDS instance with Multi-Availability Zone disabled	./CFT/cft_aws_json_all_issues.json:[229,232]
Medium	AWS Redshift clusters should not be publicly accessible	./CFT/cft_aws_json_all_issues.json:[271]
Medium	AWS Redshift database does not have audit logging enabled	./CFT/cft_aws_json_all_issues.json:[270]
Medium	AWS SNS subscription is not configured with HTTPS	./CFT/cft_aws_json_all_issues.json:[199]
Medium	AWS SQS queue encryption using default KMS key instead of CMK	./CFT/cft_aws_json_all_issues.json:[205]
Medium	AWS VPC subnets should not allow automatic public IP assignment	./CFT/cft_aws_json_all_issues.json:[211]
Medium	AWS security groups allow ingress traffic from blocked ports - 21,22,135,137-139,445,69	./CFT/cft_aws_json_all_issues.json:[220]
Medium	AWS Access logging not enabled on S3 buckets	./CFT/cft_aws_json_all_issues.json:[7] ./CFT/cft_aws_json_with_issues.json:[7]
Medium	AWS S3 Object Versioning is disabled	./CFT/cft_aws_json_all_issues.json:[5] ./CFT/cft_aws_json_with_issues.json:[5]
Low	AWS IAM policy attached to users	./CFT/cft_aws_json_all_issues.json:[189,190]
Low	AWS RDS instance with copy tags to snapshots disabled	./CFT/cft_aws_json_all_issues.json:[233]
Low	AWS RDS instance without Automatic Backup setting	./CFT/cft_aws_json_all_issues.json:[257]
Low	AWS S3 buckets do not have server side encryption	./CFT/cft_aws_json_all_issues.json:[7] ./CFT/cft_aws_json_with_issues.json:[7]

Errors

Error Status	Error Message
BAD_REQUEST	The variable file is not found

Prisma Cloud IaC Scan Failed - 25 Issues found in scan

Prisma Cloud Security Issues for pull request : #10

Severity	Policy Name	Files
High	AWS ECS task definition elevated privileges enabled	./CFT/cft_aws_json_all_issues.json:[76,101]
High	AWS ECS task definition readonlyRootFilesystem not enabled	./CFT/cft_aws_json_all_issues.json:[84]
High	AWS ECS task definition resource limits not set	./CFT/cft_aws_json_all_issues.json:[76,78]
High	AWS Redshift instances are not encrypted	./CFT/cft_aws_json_all_issues.json:[268,272]
High	AWS S3 buckets are accessible to public	./CFT/cft_aws_json_all_issues.json:[8] parameter:[0] ./CFT/cft_aws_json_with_issues.json:[8]
Medium	AWS CloudTrail is not enabled in all regions	./CFT/cft_aws_json_all_issues.json:[50,57]
Medium	AWS CloudTrail logs are not encrypted using Customer Master Keys (CMKs)	./CFT/cft_aws_json_all_issues.json:[50,56]
Medium	AWS Customer Master Key (CMK) rotation is not enabled	./CFT/cft_aws_json_all_issues.json:[70,73]
Medium	AWS ECS task definition logging not enabled	./CFT/cft_aws_json_all_issues.json:[84]
Medium	AWS ElasticSearch cluster not in a VPC	./CFT/cft_aws_json_all_issues.json:[162]
Medium	AWS RDS event subscription disabled for DB security groups	./CFT/cft_aws_json_all_issues.json:[229,265]
Medium	AWS RDS instance is not encrypted	./CFT/cft_aws_json_all_issues.json:[254]
Medium	AWS RDS instance with Multi-Availability Zone disabled	./CFT/cft_aws_json_all_issues.json:[229,232]
Medium	AWS Redshift clusters should not be publicly accessible	./CFT/cft_aws_json_all_issues.json:[271]
Medium	AWS Redshift database does not have audit logging enabled	./CFT/cft_aws_json_all_issues.json:[270]
Medium	AWS SNS subscription is not configured with HTTPS	./CFT/cft_aws_json_all_issues.json:[199]
Medium	AWS SQS queue encryption using default KMS key instead of CMK	./CFT/cft_aws_json_all_issues.json:[205]
Medium	AWS VPC subnets should not allow automatic public IP assignment	./CFT/cft_aws_json_all_issues.json:[211]
Medium	AWS security groups allow ingress traffic from blocked ports - 21,22,135,137-139,445,69	./CFT/cft_aws_json_all_issues.json:[220]
Medium	AWS Access logging not enabled on S3 buckets	./CFT/cft_aws_json_all_issues.json:[7] ./CFT/cft_aws_json_with_issues.json:[7]
Medium	AWS S3 Object Versioning is disabled	./CFT/cft_aws_json_all_issues.json:[5] ./CFT/cft_aws_json_with_issues.json:[5]
Low	AWS IAM policy attached to users	./CFT/cft_aws_json_all_issues.json:[189,190]
Low	AWS RDS instance with copy tags to snapshots disabled	./CFT/cft_aws_json_all_issues.json:[233]
Low	AWS RDS instance without Automatic Backup setting	./CFT/cft_aws_json_all_issues.json:[257]
Low	AWS S3 buckets do not have server side encryption	./CFT/cft_aws_json_all_issues.json:[7] ./CFT/cft_aws_json_with_issues.json:[7]

Errors

Error Status	Error Message
BAD_REQUEST	The variable file is not found

Prisma Cloud IaC Scan Failed - 31 Issues found in scan

Prisma Cloud Security Issues for pull request : #19

Severity	Policy Name	Files
High	AWS ECS task definition elevated privileges enabled	./CFT/cft_aws_json_all_issues.json:[76,101]
High	AWS ECS task definition readonlyRootFilesystem not enabled	./CFT/cft_aws_json_all_issues.json:[84]
High	AWS ECS task definition resource limits not set	./CFT/cft_aws_json_all_issues.json:[76,78]
High	AWS Redshift instances are not encrypted	./CFT/cft_aws_json_all_issues.json:[268,272]
High	Copy of AWS ECS task definition resource limits not set - Solal	./CFT/cft_aws_json_all_issues.json:[76,78]
High	bbambaConfigBuild-policy	./CFT/cft_aws_json_all_issues.json:[220]
High	AWS S3 Object Versioning is disabled	./CFT/cft_aws_json_with_issues.json:[5] ./CFT/cft_aws_json_all_issues.json:[5]
High	Adela AWS S3 buckets do not have server side encryption	./CFT/cft_aws_json_with_issues.json:[7] ./CFT/cft_aws_json_all_issues.json:[7]
High	AWS S3 buckets are accessible to public	parameter:[0] ./CFT/cft_aws_json_with_issues.json:[8] ./CFT/cft_aws_json_all_issues.json:[8]
High	Ivan-Avoid-Publicly-Exposed-S3	parameter:[0] ./CFT/cft_aws_json_with_issues.json:[8] ./CFT/cft_aws_json_all_issues.json:[8]
High	TMX - AWS S3 buckets are accessible to public	parameter:[0] ./CFT/cft_aws_json_with_issues.json:[8] ./CFT/cft_aws_json_all_issues.json:[8]
Medium	AWS CloudTrail is not enabled in all regions	./CFT/cft_aws_json_all_issues.json:[50,57]
Medium	AWS CloudTrail logs are not encrypted using Customer Master Keys (CMKs)	./CFT/cft_aws_json_all_issues.json:[50,56]
Medium	AWS Customer Master Key (CMK) rotation is not enabled	./CFT/cft_aws_json_all_issues.json:[70,73]
Medium	AWS ECS task definition logging not enabled	./CFT/cft_aws_json_all_issues.json:[84]
Medium	AWS RDS event subscription disabled for DB security groups	./CFT/cft_aws_json_all_issues.json:[229,265]
Medium	AWS RDS instance is not encrypted	./CFT/cft_aws_json_all_issues.json:[254]
Medium	AWS RDS instance with Multi-Availability Zone disabled	./CFT/cft_aws_json_all_issues.json:[229,232]
Medium	AWS Redshift clusters should not be publicly accessible	./CFT/cft_aws_json_all_issues.json:[271]
Medium	AWS Redshift database does not have audit logging enabled	./CFT/cft_aws_json_all_issues.json:[270]
Medium	AWS SNS subscription is not configured with HTTPS	./CFT/cft_aws_json_all_issues.json:[199]
Medium	AWS SQS queue encryption using default KMS key instead of CMK	./CFT/cft_aws_json_all_issues.json:[205]
Medium	AWS VPC subnets should not allow automatic public IP assignment	./CFT/cft_aws_json_all_issues.json:[211]
Medium	AWS security groups allow ingress traffic from blocked ports - 21,22,135,137-139,445,69	./CFT/cft_aws_json_all_issues.json:[220]
Medium	Fahd CBA - AWS RDS instance is not encrypted	./CFT/cft_aws_json_all_issues.json:[254]
Medium	AWS Access logging not enabled on S3 buckets	./CFT/cft_aws_json_with_issues.json:[7] ./CFT/cft_aws_json_all_issues.json:[7]
Medium	S3 bucket not encrypted	./CFT/cft_aws_json_with_issues.json:[7] ./CFT/cft_aws_json_all_issues.json:[7]
Low	AWS IAM policy attached to users	./CFT/cft_aws_json_all_issues.json:[189,190]
Low	AWS RDS instance with copy tags to snapshots disabled	./CFT/cft_aws_json_all_issues.json:[233]
Low	AWS RDS instance without Automatic Backup setting	./CFT/cft_aws_json_all_issues.json:[257]
Low	AWS S3 buckets do not have server side encryption	./CFT/cft_aws_json_with_issues.json:[7] ./CFT/cft_aws_json_all_issues.json:[7]

Errors

Error Status	Error Message
BAD_REQUEST	The variable file is not found

Prisma Cloud IaC Scan Failed - 25 Issues found in scan

Prisma Cloud Security Issues for pull request : #12

Severity	Policy Name	Files
High	AWS ECS task definition elevated privileges enabled	./CFT/cft_aws_json_all_issues.json:[76,101]
High	AWS ECS task definition readonlyRootFilesystem not enabled	./CFT/cft_aws_json_all_issues.json:[84]
High	AWS ECS task definition resource limits not set	./CFT/cft_aws_json_all_issues.json:[76,78]
High	AWS Redshift instances are not encrypted	./CFT/cft_aws_json_all_issues.json:[268,272]
High	AWS S3 buckets are accessible to public	./CFT/cft_aws_json_all_issues.json:[8] ./CFT/cft_aws_json_with_issues.json:[8] parameter:[0]
Medium	AWS CloudTrail is not enabled in all regions	./CFT/cft_aws_json_all_issues.json:[50,57]
Medium	AWS CloudTrail logs are not encrypted using Customer Master Keys (CMKs)	./CFT/cft_aws_json_all_issues.json:[50,56]
Medium	AWS Customer Master Key (CMK) rotation is not enabled	./CFT/cft_aws_json_all_issues.json:[70,73]
Medium	AWS ECS task definition logging not enabled	./CFT/cft_aws_json_all_issues.json:[84]
Medium	AWS ElasticSearch cluster not in a VPC	./CFT/cft_aws_json_all_issues.json:[162]
Medium	AWS RDS event subscription disabled for DB security groups	./CFT/cft_aws_json_all_issues.json:[229,265]
Medium	AWS RDS instance is not encrypted	./CFT/cft_aws_json_all_issues.json:[254]
Medium	AWS RDS instance with Multi-Availability Zone disabled	./CFT/cft_aws_json_all_issues.json:[229,232]
Medium	AWS Redshift clusters should not be publicly accessible	./CFT/cft_aws_json_all_issues.json:[271]
Medium	AWS Redshift database does not have audit logging enabled	./CFT/cft_aws_json_all_issues.json:[270]
Medium	AWS SNS subscription is not configured with HTTPS	./CFT/cft_aws_json_all_issues.json:[199]
Medium	AWS SQS queue encryption using default KMS key instead of CMK	./CFT/cft_aws_json_all_issues.json:[205]
Medium	AWS VPC subnets should not allow automatic public IP assignment	./CFT/cft_aws_json_all_issues.json:[211]
Medium	AWS security groups allow ingress traffic from blocked ports - 21,22,135,137-139,445,69	./CFT/cft_aws_json_all_issues.json:[220]
Medium	AWS Access logging not enabled on S3 buckets	./CFT/cft_aws_json_all_issues.json:[7] ./CFT/cft_aws_json_with_issues.json:[7]
Medium	AWS S3 Object Versioning is disabled	./CFT/cft_aws_json_all_issues.json:[5] ./CFT/cft_aws_json_with_issues.json:[5]
Low	AWS IAM policy attached to users	./CFT/cft_aws_json_all_issues.json:[189,190]
Low	AWS RDS instance with copy tags to snapshots disabled	./CFT/cft_aws_json_all_issues.json:[233]
Low	AWS RDS instance without Automatic Backup setting	./CFT/cft_aws_json_all_issues.json:[257]
Low	AWS S3 buckets do not have server side encryption	./CFT/cft_aws_json_all_issues.json:[7] ./CFT/cft_aws_json_with_issues.json:[7]

Errors

Error Status	Error Message
BAD_REQUEST	The variable file is not found

Prisma Cloud IaC Scan Failed - 29 Issues found in scan

Prisma Cloud Security Issues for pull request : #14

Severity	Policy Name	Files
High	AWS ECS task definition elevated privileges enabled	./CFT/cft_aws_json_all_issues.json:[76,101]
High	AWS ECS task definition readonlyRootFilesystem not enabled	./CFT/cft_aws_json_all_issues.json:[84]
High	AWS ECS task definition resource limits not set	./CFT/cft_aws_json_all_issues.json:[76,78]
High	AWS Redshift instances are not encrypted	./CFT/cft_aws_json_all_issues.json:[268,272]
High	AWS S3 buckets are accessible to public	./CFT/cft_aws_json_all_issues.json:[8]
High	Adela AWS S3 buckets do not have server side encryption	./CFT/cft_aws_json_all_issues.json:[7]
High	Copy of AWS ECS task definition resource limits not set - Solal	./CFT/cft_aws_json_all_issues.json:[76,78]
High	Ivan-Avoid-Publicly-Exposed-S3	./CFT/cft_aws_json_all_issues.json:[8]
High	TMX - AWS S3 buckets are accessible to public	./CFT/cft_aws_json_all_issues.json:[8]
Medium	AWS CloudTrail is not enabled in all regions	./CFT/cft_aws_json_all_issues.json:[50,57]
Medium	AWS CloudTrail logs are not encrypted using Customer Master Keys (CMKs)	./CFT/cft_aws_json_all_issues.json:[50,56]
Medium	AWS Customer Master Key (CMK) rotation is not enabled	./CFT/cft_aws_json_all_issues.json:[70,73]
Medium	AWS ECS task definition logging not enabled	./CFT/cft_aws_json_all_issues.json:[84]
Medium	AWS ElasticSearch cluster not in a VPC	./CFT/cft_aws_json_all_issues.json:[162]
Medium	AWS RDS event subscription disabled for DB security groups	./CFT/cft_aws_json_all_issues.json:[229,265]
Medium	AWS RDS instance is not encrypted	./CFT/cft_aws_json_all_issues.json:[254]
Medium	AWS RDS instance with Multi-Availability Zone disabled	./CFT/cft_aws_json_all_issues.json:[229,232]
Medium	AWS Redshift clusters should not be publicly accessible	./CFT/cft_aws_json_all_issues.json:[271]
Medium	AWS Redshift database does not have audit logging enabled	./CFT/cft_aws_json_all_issues.json:[270]
Medium	AWS S3 Object Versioning is disabled	./CFT/cft_aws_json_all_issues.json:[5]
Medium	AWS SNS subscription is not configured with HTTPS	./CFT/cft_aws_json_all_issues.json:[199]
Medium	AWS SQS queue encryption using default KMS key instead of CMK	./CFT/cft_aws_json_all_issues.json:[205]
Medium	AWS VPC subnets should not allow automatic public IP assignment	./CFT/cft_aws_json_all_issues.json:[211]
Medium	AWS security groups allow ingress traffic from blocked ports - 21,22,135,137-139,445,69	./CFT/cft_aws_json_all_issues.json:[220]
Medium	S3 bucket not encrypted	./CFT/cft_aws_json_all_issues.json:[7]
Low	AWS IAM policy attached to users	./CFT/cft_aws_json_all_issues.json:[189,190]
Low	AWS RDS instance with copy tags to snapshots disabled	./CFT/cft_aws_json_all_issues.json:[233]
Low	AWS RDS instance without Automatic Backup setting	./CFT/cft_aws_json_all_issues.json:[257]
Low	AWS S3 buckets do not have server side encryption	./CFT/cft_aws_json_all_issues.json:[7]

Errors

Error Status	Error Message
BAD_REQUEST	The variable file is not found

Prisma Cloud IaC Scan Failed - 25 Issues found in scan

Prisma Cloud Security Issues for pull request : #8

Severity	Policy Name	Files
High	AWS ECS task definition elevated privileges enabled	./CFT/cft_aws_json_all_issues.json:[76,101]
High	AWS ECS task definition readonlyRootFilesystem not enabled	./CFT/cft_aws_json_all_issues.json:[84]
High	AWS ECS task definition resource limits not set	./CFT/cft_aws_json_all_issues.json:[76,78]
High	AWS Redshift instances are not encrypted	./CFT/cft_aws_json_all_issues.json:[268,272]
High	AWS S3 buckets are accessible to public	./CFT/cft_aws_json_with_issues.json:[8] ./CFT/cft_aws_json_all_issues.json:[8] parameter:[0]
Medium	AWS CloudTrail is not enabled in all regions	./CFT/cft_aws_json_all_issues.json:[50,57]
Medium	AWS CloudTrail logs are not encrypted using Customer Master Keys (CMKs)	./CFT/cft_aws_json_all_issues.json:[50,56]
Medium	AWS Customer Master Key (CMK) rotation is not enabled	./CFT/cft_aws_json_all_issues.json:[70,73]
Medium	AWS ECS task definition logging not enabled	./CFT/cft_aws_json_all_issues.json:[84]
Medium	AWS ElasticSearch cluster not in a VPC	./CFT/cft_aws_json_all_issues.json:[162]
Medium	AWS RDS event subscription disabled for DB security groups	./CFT/cft_aws_json_all_issues.json:[229,265]
Medium	AWS RDS instance is not encrypted	./CFT/cft_aws_json_all_issues.json:[254]
Medium	AWS RDS instance with Multi-Availability Zone disabled	./CFT/cft_aws_json_all_issues.json:[229,232]
Medium	AWS Redshift clusters should not be publicly accessible	./CFT/cft_aws_json_all_issues.json:[271]
Medium	AWS Redshift database does not have audit logging enabled	./CFT/cft_aws_json_all_issues.json:[270]
Medium	AWS SNS subscription is not configured with HTTPS	./CFT/cft_aws_json_all_issues.json:[199]
Medium	AWS SQS queue encryption using default KMS key instead of CMK	./CFT/cft_aws_json_all_issues.json:[205]
Medium	AWS VPC subnets should not allow automatic public IP assignment	./CFT/cft_aws_json_all_issues.json:[211]
Medium	AWS security groups allow ingress traffic from blocked ports - 21,22,135,137-139,445,69	./CFT/cft_aws_json_all_issues.json:[220]
Medium	AWS Access logging not enabled on S3 buckets	./CFT/cft_aws_json_with_issues.json:[7] ./CFT/cft_aws_json_all_issues.json:[7]
Medium	AWS S3 Object Versioning is disabled	./CFT/cft_aws_json_with_issues.json:[5] ./CFT/cft_aws_json_all_issues.json:[5]
Low	AWS IAM policy attached to users	./CFT/cft_aws_json_all_issues.json:[189,190]
Low	AWS RDS instance with copy tags to snapshots disabled	./CFT/cft_aws_json_all_issues.json:[233]
Low	AWS RDS instance without Automatic Backup setting	./CFT/cft_aws_json_all_issues.json:[257]
Low	AWS S3 buckets do not have server side encryption	./CFT/cft_aws_json_with_issues.json:[7] ./CFT/cft_aws_json_all_issues.json:[7]

Errors

Error Status	Error Message
BAD_REQUEST	The variable file is not found

Prisma Cloud IaC Scan - Error occurred during scan

Prisma credentials not configured properly. Please reinstall and complete the configuration.

packetcraft / prismacloudappintegrationforgithub-cft Goto Github PK

prismacloudappintegrationforgithub-cft's People

Contributors

Stargazers

Watchers

Forkers

prismacloudappintegrationforgithub-cft's Issues

Errors

Errors

Errors

Errors

Errors

Errors

Errors

Recommend Projects

Recommend Topics

Recommend Org