mourya-33
mourya-33
…front permissions ### Feature or Bugfix - Bugfix ### Relates [- ](https://github.com/data-dot-all/dataall/issues/877) ### Security Please answer the questions below briefly where applicable, or write `N/A`. Based on [OWASP 10](https://owasp.org/Top10/en/). -...
### Feature or Bugfix - Bugfix ### Detail - Currently the ecr repository created do not have encryption and tag immutability enabled which is identified by checkov scans. This fix...
### Describe the bug Currently when a share is created for the consumer role, dataall automatically adds s3* permissions on the share. This must be restricted to read permissions only....
### Describe the bug Currently, the ECR repository created as part of the ECR stack is not encrypted. This is flagged by checkov as the following failure. CheckID : CKV_AWS_136...
### Describe the bug Pivot Role (auto created and custom) has the following unrestricted permissions on KMS and RAM shares. This role needs to be added as an exception until...
### Describe the bug CDK automatically creates an IAM Role - AssetsFileRole for managing the Assets stage in the main cicd code pipeline. However, this role has a default policy...
### Describe the bug The auto created pivot role has the following unrestricted IAM permissions for Glue that are flagged by checkov scans. The permissions need to be restricted to...
### Describe the bug Glue crawlers do not have any security configuration attached which is flagged by checkov as FAILURE with the error message below. CheckID : CKV_AWS_195 CheckName :...
### Describe the bug The IAM role SecretsManagerRDSPostgreSQLRotationSingleUserRole has overly permissive permissions that is flagged by checkov scan (scan result below) CheckID : CKV_AWS_111 CheckName : Ensure IAM policies does...
### Describe the bug The lambda environment variables are not encrypted. This is flagged by checkov as failures Check: CKV_AWS_173: "Check encryption settings for Lambda environmental variable" FAILED for resource:...