Andre Pereira
Andre Pereira
The documentation in this section refers to "client_cert_enabled" instead of "client_certificate_enabled": https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_web_app#client_certificate_mode-1 This seems to be the name of the legacy resource's equivalent field and the issue is only present...
Closes # **Reason for Proposed Changes** - **Proposed Changes** - - - I submit this contribution under the Apache-2.0 license.
**Reason for Proposed Changes** - This fix applies to 7 recently added "Beta" queries: - "Beta - SQL DB Instance With Exposed Show Privileges" #7776 - "Beta - SQL DB...
**Reason for Proposed Changes** - Currently there is no query to ensure that resources of type "[azurerm_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine)", "[azurerm_linux_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_virtual_machine)", "[azurerm_windows_virtual_machine](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_virtual_machine)" and "[azurerm_virtual_machine_scale_set](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_machine_scale_set)" are utilizing [Managed Disks](https://learn.microsoft.com/en-us/azure/virtual-machines/managed-disks-overview). - Quoting CIS_Microsoft_Azure_Compute_Services_Benchmark_v2.0.0 page 307:...
**Reason for Proposed Changes** - The "[Vault Auditing Disabled](https://github.com/Checkmarx/kics/blob/master/assets/queries/terraform/azure/vault_auditing_disabled/query.rego)" Terraform/azure query is not up to the standard of the related CIS_Microsoft_Azure_Foundations_Benchmark_v5.0.0 entry (```6.1.1.4 Ensure that logging for Azure Key Vault...
**Reason for Proposed Changes** - Currently there is no query to ensure that a "[google_container_cluster](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_cluster)" resource allows support for a [network policy](https://kubernetes.io/docs/concepts/services-networking/network-policies/). - Quoting CIS_Google_Kubernetes_Engine_(GKE)_Benchmark_v1.9.0 page 64: "```There are a...
**Reason for Proposed Changes** - INITIAL NOTE - the "resource reference" (terraform), whenever mentioned, refers to something like this : - ```data.aws_kms_secrets.sci_app_kms_secrets.plaintext["ayreshirerarran_password"]``` - Where an "element" would be each individual...
**Reason for Proposed Changes** - Currently the implementation for the query "[Security Group Not Used](https://github.com/Checkmarx/kics/tree/master/assets/queries/terraform/aws/security_groups_not_used)" does not account for "[counted resources](https://developer.hashicorp.com/terraform/language/meta-arguments/count)". - With this feature terraform allows a single resource...
**Reason for Proposed Changes** - The target query "SQL Server Database Without Auditing"(ARM) is meant to ensure that database type resources "[Microsoft.Sql/servers/databases](https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/servers/databases?pivots=deployment-language-bicep)" and "[Microsoft.Sql/servers](https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/servers?pivots=deployment-language-bicep)" have auditing enabled through the "[Microsoft.Sql/servers/databases/auditingSettings](https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/servers/databases/auditingsettings?pivots=deployment-language-bicep)"...
**Reason for Proposed Changes** - The current implementation of the "[Azure Instance Using Basic Authentication](https://github.com/Checkmarx/kics/tree/master/assets/queries/terraform/azure/azure_instance_using_basic_authentication)" has a few issues: - Incorrect "[IssueType](https://github.com/Checkmarx/kics/pull/7868/files)" - Incorrect "[searchKey](https://github.com/Checkmarx/kics/pull/7868/files)" values - Excessive amount of...