Owen Rumney

When an ignore rule is removed from a resource block, it would be good to include the resulting tfsec failures in the PR. At the moment, the comment will only...

Initial stage for supporting multi mode - add root controller and support switching between views

Allow switching modes to run aws scans from trivy

**Provider** **Severity** **Short Code** **Description** Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. It is recommended...

**Provider** aws **Severity** LOW **Short Code** ensure-default-sg-restricts-everything **Description** A VPC comes with a default security group whose initial settings deny all inbound traffic, allow all outbound traffic, and allow all...

These checks amount to the automatable components for satisfying AWS CIS 1.4 For each issue below, the following steps are required; - Abstraction Object - If there is no object...

Resolves #866 This is an example PR to show the process of converting the CloudSploit check - https://github.com/aquasecurity/cloudsploit/blob/master/plugins/aws/ec2/flowLogsEnabled.js to defsec Signed-off-by: Owen Rumney

**Provider** aws **Severity** MEDIUM **Short Code** require-vpc-flow-logs-for-all-vpcs **Description** VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces...