Skip to content
BoostSecurity
Empty SBOM
Initializing search
Introduction to BoostSecurity
Tutorials
How-to Guides
Reference
What's new
BoostSecurity
Introduction to BoostSecurity
Introduction to BoostSecurity
About BoostSecurity
About BoostSecurity
User Experiences
Getting Started
Tutorials
Tutorials
Establish Your First Connection
Establish Your First Connection
Azure DevOps
Bitbucket
GitHub
GitLab
AWS CodeCommit
Enable Zero Touch Provisioning
Enable Zero Touch Provisioning
ZTP for Azure DevOps
ZTP for Bitbucket
ZTP for GitHub
ZTP for GitLab
Build First Custom Policy
How-to Guides
How-to Guides
Integrate with Source Code Management
Integrate with Source Code Management
Azure DevOps
Bitbucket
GitHub
GitLab
GitLab
SCA Findings
AWS CodeCommit
Zero Touch Provisioning
Zero Touch Provisioning
Install ZTP for Azure DevOps
Install ZTP for Azure DevOps
Uninstall
Install ZTP for Bitbucket
Install ZTP for Bitbucket
Unistall
Install ZTP for GitHub
Install ZTP for GitHub
Uninstall
Install ZTP for GitLab
Install ZTP for GitLab
Uninstall
Tuning Provisioning
Tuning Provisioning
Incresing Scanner Timeout
Ignoring Failure
Software Bill Of Materials
Software Bill Of Materials
Generating an SBOM
Generating an SBOM
Via AWS ECR
Troubleshooting
Troubleshooting
Empty SBOM
Configure Forbidden Licences
Policy
Policy
Built-in Policies
Create a New Policy
Modify an Existing Policy
Assign Resources
Findings
Findings
Snooze or Suppress Findings
Snooze or Suppress Findings
Suppression By Policy
Via the UI
Boostignore
Create a Drop Everything Policy
API
API
Creating an API Key
Using the GraphQL API
Using the GraphQL API
Integrating BoostSecurity to Power BI
Integrating with Third-Party Notification Services
Integrating with Third-Party Notification Services
Jira
Slack
Teams
Integrating with Third-Party Scanners
Integrating with Third-Party Scanners
Checkmarx
Snyk
SonarQube
Dependabot
BlackDuck
Removing Data
Removing Data
Remove a Repo
Deprovision ZTP
Reference
Reference
Platform User Interface
Platform User Interface
Dashboard
Scans
Findings
Findings
Filter Options for Findings
Security Events
Projects
Projects
Project
Insights
Scanner Coverage
Scanner Coverage
Provision Scanners
Configure Scanners
Supply Chain Inventory
SBOM
SBOM
Coverage
Vulnerability
Scanners
Scanners
SAST
SCA
SBOM
SBOM
Container
CI Integration
CI Integration
Azure DevOps
Bitbucket
GitHub
GitLab
Configuring Scanner Modules
Terminology
Terminology
BoostSecurity Terminology
Source Code Management Terminology
FAQs
All Rules
All Rules
aws-athena-encryption-off
aws-cloudtrail-all-regions
aws-cloudtrail-validation-off
aws-cloudwatch-log-retention
aws-db-backup-off
aws-db-no-version-upgrade
aws-ec2-public-ip
aws-ecr-scanning-off
aws-ecr-tags-mutable
aws-ecs-container-insights-off
aws-iam-password-policy
aws-iam-policy-lax-full-admin
aws-iam-policy-on-users
aws-iam-wildcard-actions
aws-kms-key-rotation
aws-lb-allow-invalid-headers
aws-legacy-instance-meta
aws-network-https-off
aws-network-insecure-tls
aws-network-public-rdp
aws-network-public-ssh
aws-resource-logging-off
aws-resource-outside-vpc
aws-resource-public-access
aws-resource-public-policy
aws-resource-unencrypted-at-rest
aws-resource-unencrypted-in-transit
aws-s3-public-access
aws-s3-public-policy
aws-s3-unencrypted-at-rest
aws-vpc-assign-public-ip
aws-vpc-endpoint-auto-accept
azure-aks-api-iprange
azure-aks-logging-enable
azure-aks-networkpolicy
azure-aks-private-cluster
azure-aks-rbac-enabled
azure-appsvc-ad-enabled
azure-appsvc-auth-enabled
azure-appsvc-cors-restrictive
azure-appsvc-disable-debug
azure-appsvc-ftp-disabled
azure-appsvc-http-redirect
azure-appsvc-http-tls-version
azure-appsvc-http-version
azure-automn-variable-encrypted
azure-batch-keyvault
azure-dashboard-disable
azure-db-audit-enabled
azure-db-audit-retention
azure-db-public-ingress
azure-funcapp-auth-enabled
azure-funcapp-http-version
azure-funcapp-https-only
azure-machine-scaleset-auth
azure-machine-scaleset-encrypt
azure-machine-sensitive-data
azure-mariadb-public-ingress
azure-mariadb-ssl-enabled
azure-monitor-audit-activities
azure-monitor-log-retention
azure-mssql-audit-retention
azure-mssql-email-service
azure-mssql-send-alerts
azure-mssql-threat-types
azure-mssql-tls-version
azure-mysql-enforce-ssl
azure-mysql-public-ingress
azure-mysql-tls-version
azure-network-log-retention
azure-network-public-rdp
azure-network-public-udp
azure-psql-enforce-ssl
azure-psql-param-conn-throttling
azure-psql-public-ingress
azure-seccntr-email-alerts
azure-storage-public-access
azure-storage-public-ingress
azure-storage-secure-xfer
azure-storage-tls-version
azure-storage-trust-msft
azure-storsync-public-ingress
azure-vault-allow-firewall
azure-vault-key-expiry
azure-vault-purge-protection
azure-vault-secret-expiry
Weak GitHub OIDC Claim Verification
Azure DevOps Project Limit Pipelines Authorization Scope
Azure Pipeline Self-Hosted Agent Pools
Limit Azure Pipeline Variables
Binary Artifacts Stored in SCM
Branch Protection
CircleCI $BASH_ENV Injection
CircleCI Shell Injection
CircleCI Unversionned Orb
GitHub Actions can approve pull requests
GitHub Action evaluates curl's output
All GitHub Actions are allowed to run
GitHub Organization Secret visible from public repositories
GitHub Actions have Read / Write permissions
GitHub Action risky pull_request_target usage
GitHub Action risky workflow_run usgae
GitHub Script Injection
GitHub Action with shell injection
GitHub Action Unsecure Commands
GitHub Action uses inputs
GitHub Action uses write-all permissions
GitLab Environment no approvals required for deployments
Missing Software Composition Analysis (SCA) Scanning
Missing SCM 2FA Enforcement
Elevated GitHub App Permissions
Audit Log - Branch Protection Overriden by Admin
Audit Log - OAuth App Restriction Disabled
GitHub Organization has Outside Collaborators
Privileged Default Member Permissions
Insecure GitHub Webhooks
Invalid Number of GitHub Organization Owners
Invalid Number of GitHub Repository Admins
GitHub Repository with Privileged Outside Collaborators
GitLab On Push Secret File Detection Missing
Inactive SCM Members
CI/CD - SCM Repository Creation Not Restricted
CI/CD - SCM Organization Not Verified
SCM Private Forks
Using unpinned dependencies
bypass-framework-safe-default-output-encoding
cookie-secure-flag-not-set
dangerous-function-buffer-alloc-unsafe
dangerous-function-buffer-noassert
dangerous-function-buffer-non-literal-alloc
dangerous-function-deserialization
dangerous-raw-sql-used-with-orm
debugging-interface-publicly-exposed
dos-via-decompression-bomb
dynamic-code-injection
eval-with-expression
express-detect-no-csrf-before-method-override
insecure-crypto-algorithm
jwt-hardcoded-secret-key
jwt-none-algorithm-usage
missing-reverse-tabnabbing-protection
node-disable-ssl
node-unsafe-property-access
node-vm-runinthiscontext
non-literal-require
os-command-injection
path-traversal
plaintext-client-request
serialize-option-unsafe
server-side-template-injection
ssrf
tls-disabled-cert-validation
tls-insecure-protocol-config
unrestricted-server-socket-binding
unsafe-child-process
wildcard-in-system-call
window-postmessage-unsafe-target-origin
xss-request-parameter-reflected-in-response
gcp-bq-anon-or-public
gcp-gce-default-svcacct
gcp-gce-fw-public-rdp
gcp-gce-fw-public-ssh
gcp-gce-ip-fwd-on
gcp-gce-public-ip
gcp-gce-serialport-on
gcp-gcs-anon-or-public
gcp-gcs-logs-off
gcp-iam-svcacct-admin-role
gcp-iam-svcacct-allo-sudo
gcp-k8s-basic-auth-on
gcp-k8s-legacy-instance-metadata-on
gcp-k8s-legacy-rbac-on
gcp-k8s-metadata-server-off
gcp-k8s-stackdriver-monitor-off
gcp-k8s-strackdriver-logs-off
gcp-kms-bad-key-rotation
gcp-lb-ssl-weak-ciphers
gcp-res-man-default-svcacct
gcp-sql-backup-off
gcp-sql-mysql-local_infile-on
gcp-sql-public-access
gcp-sql-public-ip
gcp-sql-ssl-off
k8s-dashboard-present
k8s-docker-daemon
k8s-host-namespace
k8s-immutable-image
k8s-podsecuritypolicy-defined
k8s-rbac-wildcards
k8s-resources-defined
k8s-securitycontext-capabilities
k8s-securitycontext-defined
k8s-securitycontext-privileged
k8s-serviceaccount-default
k8s-tiller-present
sensitive-data-in-block-attribute
sensitive-data-in-default-variable
sensitive-data-in-local-value
unauthenticated-public-key-exchange
weak-pseudo-random-number-generator
x509-cert-expired
x509-cert-expires-soon
x509-cert-insecure-signing-algorithm
x509-cert-insufficient-key-length
Secrets
Insecure Coding
CI/CD
AWS
GCP
Azure
Kubernetes
X.509 certificates
What's new
How to Empty SBOM
¶
Note
This guide is currently in progress.