Skip to content

Rules Index

BoostSecurity offers robust scanning capabilities to ensure your applications and infrastructure are secure. Our scanners are designed to identify vulnerabilities, misconfigurations, and compliance issues across various stages of your CI/CD pipeline. The rules enforced by these scanners are critical in maintaining the integrity and security of your development processes.

CI/CD - Supply Chain

Name Id Description
CI/CD - Azure DevOps Project Limit Pipelines Authorization Scope cicd-azure-devops-missing-authz-for-project Ensure Azure DevOps projects limit autorization scope of Azure Pipelines.
CI/CD - Azure Pipeline Self-Hosted Agent Pools cicd-azure-devops-using-user-managed-agent-pools Ensure pipelines run using Microsoft-hosted agents
CI/CD - Limit Azure Pipelines Variables cicd-azure-devops-variables-settable-at-queue-time Ensure Azure Pipelines limit variables that can be set a queue time.
CI/CD - Branch Protection - Allows reviewer to self-review their own changes cicd-branch-protection Ensure that default repository branches are protected.
CI/CD - GitHub Actions can approve pull requests cicd-gha-can-create-and-approve-pull-requests Ensure that GitHub Actions cannot approve Pull Requests automatically.
CI/CD - All GitHub Actions are allowed to run cicd-gha-org-allows-all-actions Ensure that not all GitHub Actions are allowed to run.
CI/CD - GitHub Organization Secret visible from public repositories cicd-gha-org-secret-publicly-visible Ensure that GitHub organizations do not have Organization-level secrets that can be accessed by workflows from public repositories.
CI/CD - GitHub Actions have Read / Write permissions cicd-gha-read-write-token-permissions Ensure that GitHub Actions do not have Read / Write permissions token.
CI/CD - GitLab Environment no approvals required for deployments cicd-gl-deployment-approval GitLab Environment does not require approvals for deployments.
CI/CD - Missing Software Composition Analysis (SCA) Scanning cicd-sca-scanning-absent Ensure that Software Composition Analysis (SCA) is performed.
CI/CD - Missing SCM 2FA Enforcement cicd-scm-2fa-enforcement-absent Ensure the SCM is enforcing that all members have 2FA enabled.
CI/CD - Elevated GitHub App Permissions cicd-scm-gh-app-with-elevated-permissions Checks for GitHub organizations with third-party applications that have elevated permissions.
CI/CD - Audit Log - Branch Protection Overriden by Admin cicd-scm-gh-audit-log-branch-protection-overriden Checks for GitHub repositories where an Audit Log event indicates that Branch Protection was overriden using administrator's privilege.
CI/CD - Audit Log - OAuth App Restriction Disabled cicd-scm-gh-audit-log-oauth-app-restriction-disabled Checks for GitHub organizations where an Audit Log event indicates that OAuth App restrictions were disabled.
CI/CD - GitHub Organization has Outside Collaborators cicd-scm-gh-org-has-outside-collaborators Checks for GitHub organizations with outside collaborators.
CI/CD - Privileged Default Member Permissions cicd-scm-gh-org-high-default-member-permissions Checks for GitHub organizations with privileged default member permissions.
CI/CD - Insecure GitHub Webhooks cicd-scm-gh-org-insecure-webhook Checks for GitHub organizations with insecure webhooks.
CI/CD - Invalid Number of GitHub Organization Owners cicd-scm-gh-org-number-of-owners Checks for the number of GitHub Organization owners
CI/CD - Invalid Number of GitHub Repository Admins cicd-scm-gh-repo-number-of-admins Checks for the number of GitHub Repository contributors with administrative privileges.
CI/CD - GitHub Repository with Privileged Outside Collaborators cicd-scm-gh-repo-outside-collaborator-admin-maintainer Checks for GitHub repositories with privileged outside collaborators
CI/CD - GitLab On Push Secret File Detection Missing cicd-scm-gl-on-push-secret-detection GitLab project does not have the push rule for secret file detection enabled.
CI/CD - Inactive SCM Members cicd-scm-inactive-members Checks for SCMs with inactive members.
CI/CD - SCM Repository Creation Not Restricted cicd-scm-limit-repo-creation Checks the creation of repositories is restricted.
CI/CD - SCM Organization Not Verified cicd-scm-org-verified Check the SCM organization has been verified.
CI/CD - SCM Private Forks cicd-scm-private-forks Ensure SCM does not allow private repository forks.

X509 Certficiates

Name Id Description
Cert Expired x509-cert-expired x509 certificate has expired and is no longer valid
Cert Expires Soon x509-cert-expires-soon x509 certificate will expire in the near future
Cert Insecure Signing Algorithm x509-cert-insecure-signing-algorithm x509 certificate uses a weak cryptographic algorithm
Cert Insufficient Key Length x509-cert-insufficient-key-length x509 certificate Public Key length that is considered insecure.

Insecure Coding Practices

Name Id Description