Skip to content

BoostSecurity Checkov Scanner

The BoostSecurity Checkov scanner supports an extensive set of rules designed to ensure comprehensive security coverage. You can find the complete list of rules in the Scanner Registry.

Name Id Description
Alibaba Cloud OSS bucket accessible to public alibaba-cloud-oss-bucket Check for publicly accessible Alibaba Cloud resources.
Ensure OSS bucket has versioning enabled ensure-oss-bucket-versioning Check for misconfigurations in Alibaba Cloud resources.
Ensure OSS bucket has transfer Acceleration enabled ensure-oss-bucket-transfer-acceleration Check for misconfigurations in Alibaba Cloud resources.
Ensure the OSS bucket has access logging enabled ensure-oss-bucket-logging Check for misconfigurations in Alibaba Cloud resources.
Ensure RAM password policy requires minimum length of 14 or greater ensure-ram-password-policy Check for weak Alibaba Cloud permissions.
Ensure RAM password policy requires at least one number ensure-ram-password-policy Check for weak Alibaba Cloud permissions.
Ensure RAM password policy requires at least one symbol protect-against-weak-permissions Check for weak Alibaba Cloud permissions.
Ensure RAM password policy expires passwords within 90 days or less set-password-expiration-date Check for weak Alibaba Cloud permissions.
Ensure RAM password policy requires at least one lowercase letter check-password-strength Check for weak Alibaba Cloud permissions.
Ensure RAM password policy prevents password reuse prevent-password-reuse Check for weak Alibaba Cloud permissions.
Ensure RAM password policy requires at least one uppercase letter ensure-password-strength-policy Check for weak Alibaba Cloud permissions.
Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 cloud-weak-configuration Check for misconfigurations in Alibaba Cloud resources.
Ensure RDS instance uses SSL ensure-rds-instance-uses-ssl Check for unencrypted Alibaba Cloud resources.
Ensure API Gateway API Protocol HTTPS ensure-api-gateway-api-protocol-https Check for unencrypted Alibaba Cloud resources.
Ensure Transparent Data Encryption is Enabled on instance ensure-transperent-data-encryption Check for unencrypted Alibaba Cloud resources.
Ensure Ram Account Password Policy Max Login Attempts not > 5 ensure-ram-account-password-policy-max-login Check for weak Alibaba Cloud permissions.
Ensure RAM enforces MFA ensure-ram-enforces-mfa Check for weak Alibaba Cloud permissions.
Ensure RDS Instance SQL Collector Retention Period should be greater than 180 ensure-rds-instance-sql-collector-retention-period Check for misconfigurations in Alibaba Cloud resources.
Ensure Kubernetes installs plugin Terway or Flannel to support standard policies ensure-kuberneters-installs-terway-or-flannet Check for misconfigurations in Alibaba Cloud resources.
Ensure KMS Key Rotation is enabled ensure-kms-key-rotation-is-enabled Check that ensures best practices in Alibaba Cloud secrets management.
Ensure KMS Keys are enabled ensure-kms-keys-are-enabled Check that ensures best practices in Alibaba Cloud secrets management.
Alibaba ALB ACL does not restrict Access alibaba-alb-acl-not-restricting-access Check for misconfigurations in Alibaba Cloud resources.
Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 ensure-no-security-groups Check for misconfigurations in Alibaba Cloud resources.
Ensure RDS instance auto upgrades for minor versions ensure-rds-instance-auto-updates Check for misconfigurations in Alibaba Cloud resources.
Ensure Action Trail Logging for all regions ensure-action-trail-logging Check for misconfigurations in Alibaba Cloud resources.
Ensure Action Trail Logging for all events ensure-action-trail-logging-for-all-events Check for misconfigurations in Alibaba Cloud resources.
Ensure OSS bucket is encrypted with Customer Master Key ensure-oss-bucket-encryption Check for unencrypted Alibaba Cloud resources.
Ensure disk is encrypted ensure-disk-is-encrypted Check for unencrypted Alibaba Cloud resources.
Ensure Disk is encrypted with Customer Master Key ensure-disk-is-encrypted Check for unencrypted Alibaba Cloud resources.
Ensure database instance is not public ensure-database-instance Check for publicly accessible Alibaba Cloud resources.