PyPI - checkmate5 - Versions diffs - 5.1.0.dev1__py3-none-any.whl → 5.1.0.dev2__py3-none-any.whl - Mend

checkmate5 5.1.0.dev1py3-none-any.whl → 5.1.0.dev2py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (56) hide show

checkmate/contrib/plugins/iac/tfsec/issues_data.py DELETED Viewed

@@ -1,1917 +0,0 @@
-issues_data = {
-    "AVD-KSV-0001": {
-		"title": "kubernetes: Process can elevate its own privileges",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0024": {
-		"title": "kubernetes: Access to host ports",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0011": {
-		"title": "dockerfile: COPY with more than two arguments not ending with slash",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0017": {
-		"title": "dockerfile: 'RUN <package-manager> update' instruction alone",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0005": {
-		"title": "dockerfile: ADD instead of COPY",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0010": {
-		"title": "kubernetes: Access to host PID",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0104": {
-		"title": "kubernetes: Seccomp profile unconfined",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0024": {
-		"title": "dockerfile: 'apt-get dist-upgrade' used",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0018": {
-		"title": "kubernetes: Memory not limited",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0008": {
-		"title": "kubernetes: Access to host IPC namespace",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0016": {
-		"title": "dockerfile: Multiple CMD instructions listed",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0102": {
-		"title": "kubernetes: Tiller Is Deployed",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0037": {
-		"title": "kubernetes: User Pods should not be placed in kube-system namespace",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0023": {
-		"title": "kubernetes: hostPath volumes mounted",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0025": {
-		"title": "kubernetes: SELinux custom options set",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0022": {
-		"title": "dockerfile: Deprecated MAINTAINER used",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0006": {
-		"title": "dockerfile: COPY '--from' referring to the current image",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0012": {
-		"title": "dockerfile: Duplicate aliases defined in different FROMs",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0028": {
-		"title": "kubernetes: Non-ephemeral volume types used",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0022": {
-		"title": "kubernetes: Non-default capabilities added",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0105": {
-		"title": "kubernetes: Containers must not set runAsUser to 0",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0002": {
-		"title": "dockerfile: Image user should not be 'root'",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0001": {
-		"title": "dockerfile: ':latest' tag used",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0027": {
-		"title": "kubernetes: Non-default /proc masks set",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0014": {
-		"title": "dockerfile: RUN using 'wget' and 'curl'",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0019": {
-		"title": "dockerfile: 'dnf clean all' missing",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0023": {
-		"title": "dockerfile: Multiple HEALTHCHECK defined",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0106": {
-		"title": "kubernetes: Container capabilities must only include NET_BIND_SERVICE",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0014": {
-		"title": "kubernetes: Root file system is not read-only",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0020": {
-		"title": "kubernetes: Runs with low user ID",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0002": {
-		"title": "kubernetes: Default AppArmor profile not set",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0013": {
-		"title": "dockerfile: 'RUN cd ...' to change directory",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0008": {
-		"title": "dockerfile: Exposed port out of range",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0009": {
-		"title": "kubernetes: Access to host network",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0017": {
-		"title": "kubernetes: Privileged container",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0038": {
-		"title": "kubernetes: Selector usage in network policies",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0005": {
-		"title": "kubernetes: SYS_ADMIN capability added",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0016": {
-		"title": "kubernetes: Memory requests not specified",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0006": {
-		"title": "kubernetes: hostPath volume mounted with docker.sock",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0021": {
-		"title": "kubernetes: Runs with low group ID",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0036": {
-		"title": "kubernetes: Protecting Pod service account tokens",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0013": {
-		"title": "kubernetes: Image tag ':latest' used",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0011": {
-		"title": "kubernetes: CPU not limited",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0026": {
-		"title": "kubernetes: Unsafe sysctl options set",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0103": {
-		"title": "kubernetes: HostProcess container defined",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0009": {
-		"title": "dockerfile: WORKDIR path not absolute",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0010": {
-		"title": "dockerfile: RUN using 'sudo'",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0030": {
-		"title": "kubernetes: Default Seccomp profile not set",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0004": {
-		"title": "dockerfile: Port 22 exposed",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0020": {
-		"title": "dockerfile: 'zypper clean' missing",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0015": {
-		"title": "kubernetes: CPU requests not specified",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0015": {
-		"title": "dockerfile: 'yum clean all' missing",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0007": {
-		"title": "dockerfile: Multiple ENTRYPOINT instructions listed",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DS-0021": {
-		"title": "dockerfile: 'apt-get' missing '-y' to avoid manual input",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0012": {
-		"title": "kubernetes: Runs as root user",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KSV-0003": {
-		"title": "kubernetes: Default capabilities not dropped",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0001": {
-		"title": "aws: API Gateway stages for V1 and V2 should have access logging enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0002": {
-		"title": "aws: API Gateway must have cache enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0003": {
-		"title": "aws: API Gateway must have X-Ray tracing enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0004": {
-		"title": "aws: No unauthorized access to API Gateway methods",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0005": {
-		"title": "aws: API Gateway domain name uses outdated SSL/TLS protocols.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0006": {
-		"title": "aws: Athena databases and workgroup configurations are created unencrypted at rest by default, they should be encrypted",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0007": {
-		"title": "aws: Athena workgroups should enforce configuration to prevent client disabling encryption",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0008": {
-		"title": "aws: Launch configuration with unencrypted block device.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0130": {
-		"title": "aws: aws_instance should activate session tokens for Instance Metadata Service.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0009": {
-		"title": "aws: Launch configuration should not have a public IP address.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0129": {
-		"title": "aws: User data for EC2 instances must not contain sensitive AWS keys",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0122": {
-		"title": "aws: Ensure all data stored in the launch configuration EBS is securely encrypted",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0010": {
-		"title": "aws: Cloudfront distribution should have Access Logging configured",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0011": {
-		"title": "aws: CloudFront distribution does not have a WAF in front.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0012": {
-		"title": "aws: CloudFront distribution allows unencrypted (HTTP) communications.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0013": {
-		"title": "aws: CloudFront distribution uses outdated SSL/TLS protocols.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0014": {
-		"title": "aws: Cloudtrail should be enabled in all regions regardless of where your AWS resources are generally homed",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0015": {
-		"title": "aws: Cloudtrail should be encrypted at rest to secure access to sensitive trail data",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0016": {
-		"title": "aws: Cloudtrail log validation should be enabled to prevent tampering of log data",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0017": {
-		"title": "aws: CloudWatch log groups should be encrypted using CMK",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0018": {
-		"title": "aws: CodeBuild Project artifacts encryption should not be disabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0019": {
-		"title": "aws: Config configuration aggregator should be using all regions for source",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0020": {
-		"title": "aws: DocumentDB logs export should be enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0021": {
-		"title": "aws: DocumentDB storage must be encrypted",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0022": {
-		"title": "aws: DocumentDB encryption should use Customer Managed Keys",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0023": {
-		"title": "aws: DAX Cluster and tables should always encrypt data at rest",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0024": {
-		"title": "aws: Point in time recovery should be enabled to protect DynamoDB table",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0025": {
-		"title": "aws: DynamoDB tables should use at rest encryption with a Customer Managed Key",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0026": {
-		"title": "aws: EBS volumes must be encrypted",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0027": {
-		"title": "aws: EBS volume encryption should use Customer Managed Keys",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0131": {
-		"title": "aws: Instance with unencrypted block device.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0028": {
-		"title": "aws: aws_instance should activate session tokens for Instance Metadata Service.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0029": {
-		"title": "aws: User data for EC2 instances must not contain sensitive AWS keys",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0030": {
-		"title": "aws: ECR repository has image scans disabled.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0031": {
-		"title": "aws: ECR images tags shouldn't be mutable.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0032": {
-		"title": "aws: ECR repository policy must block public access",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0033": {
-		"title": "aws: ECR Repository should use customer managed keys to allow more control",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0034": {
-		"title": "aws: ECS clusters should have container insights enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0035": {
-		"title": "aws: ECS Task Definitions with EFS volumes should use in-transit encryption",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0036": {
-		"title": "aws: Task definition defines sensitive environment variable(s).",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0037": {
-		"title": "aws: EFS Encryption has not been enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0038": {
-		"title": "aws: EKS Clusters should have cluster control plane logging turned on",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0039": {
-		"title": "aws: EKS should have the encryption of secrets enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0040": {
-		"title": "aws: EKS Clusters should have the public access disabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0041": {
-		"title": "aws: EKS cluster should not have open CIDR range for public access",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0049": {
-		"title": "aws: Missing description for security group/security group rule.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0045": {
-		"title": "aws: Elasticache Replication Group stores unencrypted data at-rest.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0050": {
-		"title": "aws: Redis cluster should have backup retention turned on",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0051": {
-		"title": "aws: Elasticache Replication Group uses unencrypted traffic.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0048": {
-		"title": "aws: Elasticsearch domain isn't encrypted at rest.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0042": {
-		"title": "aws: Domain logging should be enabled for Elastic Search domains",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0043": {
-		"title": "aws: Elasticsearch domain uses plaintext traffic for node to node communication.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0046": {
-		"title": "aws: Elasticsearch doesn't enforce HTTPS traffic.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0126": {
-		"title": "aws: Elasticsearch domain endpoint is using outdated TLS policy.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0053": {
-		"title": "aws: Load balancer is exposed to the internet.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0052": {
-		"title": "aws: Load balancers should drop invalid headers",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0054": {
-		"title": "aws: Use of plain HTTP.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0047": {
-		"title": "aws: An outdated SSL policy is in use by a load balancer.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0137": {
-		"title": "aws: Enable at-rest encryption for EMR clusters.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0138": {
-		"title": "aws: Enable in-transit encryption for EMR clusters.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0139": {
-		"title": "aws: Enable local-disk encryption for EMR clusters.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0123": {
-		"title": "aws: IAM Groups should have MFA enforcement activated.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0056": {
-		"title": "aws: IAM Password policy should prevent password reuse.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0057": {
-		"title": "aws: IAM policy should avoid use of wildcards and instead apply the principle of least privilege",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0058": {
-		"title": "aws: IAM Password policy should have requirement for at least one lowercase character.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0059": {
-		"title": "aws: IAM Password policy should have requirement for at least one number in the password.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0060": {
-		"title": "aws: IAM Password policy should have requirement for at least one symbol in the password.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0061": {
-		"title": "aws: IAM Password policy should have requirement for at least one uppercase character.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0062": {
-		"title": "aws: IAM Password policy should have expiry less than or equal to 90 days.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0063": {
-		"title": "aws: IAM Password policy should have minimum password length of 14 or more characters.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0064": {
-		"title": "aws: Kinesis stream is unencrypted.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0065": {
-		"title": "aws: A KMS key is not configured to auto-rotate.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0066": {
-		"title": "aws: Lambda functions should have X-Ray tracing enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0067": {
-		"title": "aws: Ensure that lambda function permission has a source arn specified",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0070": {
-		"title": "aws: MQ Broker should have audit logging enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0071": {
-		"title": "aws: MQ Broker should have general logging enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0072": {
-		"title": "aws: Ensure MQ Broker is not publicly exposed",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0073": {
-		"title": "aws: A MSK cluster allows unencrypted data in transit.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0074": {
-		"title": "aws: Ensure MSK Cluster logging is enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0075": {
-		"title": "aws: Neptune logs export should be enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0076": {
-		"title": "aws: Neptune storage must be encrypted at rest",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0128": {
-		"title": "aws: Neptune encryption should use Customer Managed Keys",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0133": {
-		"title": "aws: Enable Performance Insights to detect potential problems",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0078": {
-		"title": "aws: Encryption for RDS Performance Insights should be enabled.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0079": {
-		"title": "aws: There is no encryption specified or encryption is disabled on the RDS Cluster.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0080": {
-		"title": "aws: RDS encryption has not been enabled at a DB Instance level.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0081": {
-		"title": "aws: AWS Classic resource usage.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0082": {
-		"title": "aws: A database resource is marked as publicly accessible.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0077": {
-		"title": "aws: RDS Cluster and RDS instance should have backup retention longer than default 1 day",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0083": {
-		"title": "aws: Missing description for security group/security group rule.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0084": {
-		"title": "aws: Redshift clusters should use at rest encryption",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0085": {
-		"title": "aws: AWS Classic resource usage.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0127": {
-		"title": "aws: Redshift cluster should be deployed into a specific VPC",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0086": {
-		"title": "aws: S3 Access block should block public ACL",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0087": {
-		"title": "aws: S3 Access block should block public policy",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0088": {
-		"title": "aws: Unencrypted S3 bucket.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0089": {
-		"title": "aws: S3 Bucket does not have logging enabled.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0090": {
-		"title": "aws: S3 Data should be versioned",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0132": {
-		"title": "aws: S3 encryption should use Customer Managed Keys",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0091": {
-		"title": "aws: S3 Access Block should Ignore Public Acl",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0092": {
-		"title": "aws: S3 Buckets not publicly accessible through ACL.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0093": {
-		"title": "aws: S3 Access block should restrict public bucket to limit access",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0094": {
-		"title": "aws: S3 buckets should each define an aws_s3_bucket_public_access_block",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0112": {
-		"title": "aws: SAM API domain name uses outdated SSL/TLS protocols.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0113": {
-		"title": "aws: SAM API stages for V1 and V2 should have access logging enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0110": {
-		"title": "aws: SAM API must have data cache enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0111": {
-		"title": "aws: SAM API must have X-Ray tracing enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0125": {
-		"title": "aws: SAM Function must have X-Ray tracing enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0116": {
-		"title": "aws: SAM HTTP API stages for V1 and V2 should have access logging enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0119": {
-		"title": "aws: SAM State machine must have logging enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0117": {
-		"title": "aws: SAM State machine must have X-Ray tracing enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0121": {
-		"title": "aws: SAM Simple table must have server side encryption enabled.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0114": {
-		"title": "aws: Function policies should avoid use of wildcards and instead apply the principle of least privilege",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0120": {
-		"title": "aws: State machine policies should avoid use of wildcards and instead apply the principle of least privilege",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0095": {
-		"title": "aws: Unencrypted SNS topic.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0136": {
-		"title": "aws: SNS topic not encrypted with CMK.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0096": {
-		"title": "aws: Unencrypted SQS queue.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0097": {
-		"title": "aws: AWS SQS policy document has wildcard action statement.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0135": {
-		"title": "aws: SQS queue should be encrypted with a CMK.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0134": {
-		"title": "aws: Secrets should not be exfiltrated using Terraform HTTP data blocks",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0098": {
-		"title": "aws: Secrets Manager should use customer managed keys",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0099": {
-		"title": "aws: Missing description for security group.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0124": {
-		"title": "aws: Missing description for security group rule.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0101": {
-		"title": "aws: AWS best practice to not use the default VPC for workflows",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0102": {
-		"title": "aws: An ingress Network ACL rule allows ALL ports.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0104": {
-		"title": "aws: An egress security group rule allows traffic to /0.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0105": {
-		"title": "aws: An ingress Network ACL rule allows specific ports from /0.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0107": {
-		"title": "aws: An ingress security group rule allows traffic from /0.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AWS-0109": {
-		"title": "aws: Root and user volumes on Workspaces should be encrypted",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0002": {
-		"title": "azure: Web App has registration with AD enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0003": {
-		"title": "azure: App Service authentication is activated",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0005": {
-		"title": "azure: Web App uses the latest HTTP version",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0004": {
-		"title": "azure: Ensure the Function App can only be accessed via HTTPS. The default is false.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0001": {
-		"title": "azure: Web App accepts incoming client certificate",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0006": {
-		"title": "azure: Web App uses latest TLS version",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0030": {
-		"title": "azure: Roles limited to the required actions",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0039": {
-		"title": "azure: Password authentication should be disabled on Azure virtual machines",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0038": {
-		"title": "azure: Enable disk encryption on managed disk",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0037": {
-		"title": "azure: Ensure that no sensitive credentials are exposed in VM custom_data",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0043": {
-		"title": "azure: Ensure AKS cluster has Network Policy configured",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0041": {
-		"title": "azure: Ensure AKS has an API Server Authorized IP Ranges enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0040": {
-		"title": "azure: Ensure AKS logging to Azure Monitoring is Configured",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0042": {
-		"title": "azure: Ensure RBAC is enabled on AKS clusters",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0028": {
-		"title": "azure: No threat detections are set",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0027": {
-		"title": "azure: Auditing should be enabled on Azure SQL Databases",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0020": {
-		"title": "azure: SSL should be enforced on database connections where applicable",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0022": {
-		"title": "azure: Ensure databases are not publicly accessible",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0029": {
-		"title": "azure: Ensure database firewalls do not permit public access",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0021": {
-		"title": "azure: Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0024": {
-		"title": "azure: Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0019": {
-		"title": "azure: Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0025": {
-		"title": "azure: Database auditing rentention period should be longer than 90 days",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0026": {
-		"title": "azure: Databases should have the minimum TLS set for connections",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0018": {
-		"title": "azure: At least one email address is set for threat alerts",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0023": {
-		"title": "azure: Security threat alerts go to subcription owners and co-administrators",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0035": {
-		"title": "azure: Data Factory should have public access disabled, the default is enabled.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0036": {
-		"title": "azure: Unencrypted data lake storage.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0015": {
-		"title": "azure: Key vault Secret should have a content type set",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0014": {
-		"title": "azure: Ensure that the expiration date is set on all keys",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0017": {
-		"title": "azure: Key Vault Secret should have an expiration date set",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0016": {
-		"title": "azure: Key vault should have purge protection enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0013": {
-		"title": "azure: Key vault should have the network acl block specified",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0031": {
-		"title": "azure: Ensure the activity retention log is set to at least a year",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0033": {
-		"title": "azure: Ensure log profile captures all activities",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0032": {
-		"title": "azure: Ensure activitys are captured for all locations",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0048": {
-		"title": "azure: RDP access should not be accessible from the Internet, should be blocked on port 3389",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0051": {
-		"title": "azure: An outbound network security rule allows traffic to /0.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0047": {
-		"title": "azure: An inbound network security rule allows traffic from /0.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0049": {
-		"title": "azure: Retention policy for flow logs should be enabled and set to greater than 90 days",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0050": {
-		"title": "azure: SSH access should not be accessible from the Internet, should be blocked on port 22",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0044": {
-		"title": "azure: Send notification emails for high severity alerts",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0045": {
-		"title": "azure: Enable the standard security center subscription tier",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0046": {
-		"title": "azure: The required contact details should be set for security center",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0010": {
-		"title": "azure: Trusted Microsoft Services should have bypass access to Storage accounts",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0012": {
-		"title": "azure: The default action on Storage account network rules should be set to deny",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0008": {
-		"title": "azure: Storage accounts should be configured to only accept transfers that are over secure connections",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0007": {
-		"title": "azure: Storage containers in blob storage mode should not have public access",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0009": {
-		"title": "azure: When using Queue Services for a storage account, logging should be enabled.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0011": {
-		"title": "azure: The minimum TLS version for Storage Accounts should be TLS1_2",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-AZU-0034": {
-		"title": "azure: Synapse Workspace should have managed virtual network enabled, the default is disabled.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-CLDSTK-0001": {
-		"title": "cloudstack: No sensitive data stored in user_data",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DIG-0008": {
-		"title": "digitalocean: Kubernetes clusters should be auto-upgraded to ensure that they always contain the latest security patches.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DIG-0002": {
-		"title": "digitalocean: The load balancer forwarding rule is using an insecure protocol as an entrypoint",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DIG-0005": {
-		"title": "digitalocean: The Kubernetes cluster does not enable surge upgrades",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DIG-0003": {
-		"title": "digitalocean: The firewall has an outbound rule with open access",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DIG-0001": {
-		"title": "digitalocean: The firewall has an inbound rule with open access",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DIG-0004": {
-		"title": "digitalocean: SSH Keys are the preferred way to connect to your droplet, no keys are supplied",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DIG-0006": {
-		"title": "digitalocean: Spaces bucket or bucket object has public read acl set",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DIG-0009": {
-		"title": "digitalocean: Force destroy is enabled on Spaces bucket which is dangerous",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-DIG-0007": {
-		"title": "digitalocean: Spaces buckets should have versioning enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GIT-0002": {
-		"title": "github: Ensure plaintext value is not used for GitHub Action Environment Secret.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GIT-0003": {
-		"title": "github: GitHub repository has vulnerability alerts disabled.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GIT-0001": {
-		"title": "github: Github repository shouldn't be public.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0046": {
-		"title": "google: BigQuery datasets should only be accessible within the organisation",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0034": {
-		"title": "google: Disks should be encrypted with customer managed encryption keys",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0037": {
-		"title": "google: The encryption key used to encrypt a compute disk has been specified in plaintext.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0045": {
-		"title": "google: Instances should have Shielded VM integrity monitoring enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0041": {
-		"title": "google: Instances should have Shielded VM VTPM enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0029": {
-		"title": "google: VPC flow logs should be enabled for all subnetworks",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0044": {
-		"title": "google: Instances should not use the default service account",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0043": {
-		"title": "google: Instances should not have IP forwarding enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0036": {
-		"title": "google: Instances should not override the project setting for OS Login",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0030": {
-		"title": "google: Disable project-wide SSH keys for all instances",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0035": {
-		"title": "google: An outbound firewall rule allows traffic to /0.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0027": {
-		"title": "google: An inbound firewall rule allows traffic from /0.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0031": {
-		"title": "google: Instances should not have public IP addresses",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0032": {
-		"title": "google: Disable serial port connectivity for all instances",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0042": {
-		"title": "google: OS Login should be enabled at project level",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0039": {
-		"title": "google: SSL policies should enforce secure versions of TLS",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0033": {
-		"title": "google: VM disks should be encrypted with Customer Supplied Encryption Keys",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0013": {
-		"title": "google: Cloud DNS should use DNSSEC",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0012": {
-		"title": "google: Zone signing should not use RSA SHA1",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0063": {
-		"title": "google: Kubernetes should have 'Automatic repair' enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0058": {
-		"title": "google: Kubernetes should have 'Automatic upgrade' enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0049": {
-		"title": "google: Clusters should have IP aliasing enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0061": {
-		"title": "google: Master authorized networks should be configured on GKE clusters",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0056": {
-		"title": "google: Network Policy should be enabled on GKE clusters",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0059": {
-		"title": "google: Clusters should be set to private",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0060": {
-		"title": "google: Stackdriver Logging should be enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0052": {
-		"title": "google: Stackdriver Monitoring should be enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0047": {
-		"title": "google: Pod security policy enforcement not defined.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0048": {
-		"title": "google: Legacy metadata endpoints enabled.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0064": {
-		"title": "google: Legacy client authentication methods utilized.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0053": {
-		"title": "google: GKE Control Plane should not be publicly accessible",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0057": {
-		"title": "google: Node metadata value disables metadata concealment.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0054": {
-		"title": "google: Ensure Container-Optimized OS (cos) is used for Kubernetes Engine Clusters Node image",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0055": {
-		"title": "google: Shielded GKE nodes not enabled.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0051": {
-		"title": "google: Clusters should be configured with Labels",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0062": {
-		"title": "google: Legacy ABAC permissions are enabled.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0050": {
-		"title": "google: Checks for service account defined for GKE nodes",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0010": {
-		"title": "google: Default network should not be created at project level",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0004": {
-		"title": "google: Roles should not be assigned to default service accounts",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0005": {
-		"title": "google: Users should not be granted service account access at the folder level",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0008": {
-		"title": "google: Roles should not be assigned to default service accounts",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0009": {
-		"title": "google: Users should not be granted service account access at the organization level",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0007": {
-		"title": "google: Service accounts should not have roles assigned with excessive privileges",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0006": {
-		"title": "google: Roles should not be assigned to default service accounts",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0011": {
-		"title": "google: Users should not be granted service account access at the project level",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0003": {
-		"title": "google: IAM granted directly to user.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0065": {
-		"title": "google: KMS keys should be rotated at least every 90 days",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0024": {
-		"title": "google: Enable automated backups to recover from data-loss",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0014": {
-		"title": "google: Temporary file logging should be enabled for all temporary files.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0015": {
-		"title": "google: SSL connections to a SQL database instance should be enforced.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0026": {
-		"title": "google: Disable local_infile setting in MySQL",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0023": {
-		"title": "google: Contained database authentication should be disabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0019": {
-		"title": "google: Cross-database ownership chaining should be disabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0017": {
-		"title": "google: Ensure that Cloud SQL Database Instances are not publicly exposed",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0025": {
-		"title": "google: Ensure that logging of checkpoints is enabled.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0016": {
-		"title": "google: Ensure that logging of connections is enabled.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0022": {
-		"title": "google: Ensure that logging of disconnections is enabled.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0018": {
-		"title": "google: Ensure that Postgres errors are logged",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0020": {
-		"title": "google: Ensure that logging of lock waits is enabled.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0021": {
-		"title": "google: Ensure that logging of long statements is disabled.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0002": {
-		"title": "google: Ensure that Cloud Storage buckets have uniform bucket-level access enabled",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-GCP-0001": {
-		"title": "google: Ensure that Cloud Storage bucket is not anonymously or publicly accessible.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KUBE-0002": {
-		"title": "kubernetes: Public egress should not be allowed via network policies",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-KUBE-0001": {
-		"title": "kubernetes: Public ingress should not be allowed via network policies",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-OPNSTK-0001": {
-		"title": "openstack: No plaintext password for compute instance",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-OPNSTK-0002": {
-		"title": "openstack: A firewall rule allows traffic from/to the public internet",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-OPNSTK-0005": {
-		"title": "openstack: Missing description for security group.",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-OPNSTK-0004": {
-		"title": "openstack: A security group rule allows egress traffic to multiple public addresses",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-OPNSTK-0003": {
-		"title": "openstack: A security group rule allows ingress traffic from multiple public addresses",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	},
-	"AVD-OCI-0001": {
-		"title": "oracle: Compute instance requests an IP reservation from a public pool",
-		"description": "%(issue.data)s",
-		"severity": 3,
-		"categories": []
-	}
-}

checkmate5 5.1.0.dev1__py3-none-any.whl → 5.1.0.dev2__py3-none-any.whl

checkmate5 5.1.0.dev1py3-none-any.whl → 5.1.0.dev2py3-none-any.whl