-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy path.checkov.yml
41 lines (40 loc) · 2.46 KB
/
.checkov.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
---
directory:
- .
skip-check:
# "Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead)"
# recommended to use SSH, but module does support password auth too
- CKV_AZURE_49
# "Ensure that Virtual machine does not enable password authentication"
# as above
- CKV_AZURE_149
# "Ensure that Virtual machine scale sets have encryption at host enabled"
# this has to be enabled on the Azure subscription so not making this mandatory in the module, ref:
# Use the Azure CLI to enable end-to-end encryption using encryption at host
# https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disks-enable-host-based-encryption-cli
- CKV_AZURE_97
# exclude rules triggered on examples
- CKV_AZURE_77 # "Ensure that UDP Services are restricted from the Internet "
- CKV_AZURE_160 # "Ensure that HTTP (port 80) access is restricted from the internet"
- CKV_AZURE_9 # "Ensure that RDP access is restricted from the internet"
- CKV_AZURE_10 # "Ensure that SSH access is restricted from the internet"
- CKV_AZURE_178 # "Ensure Windows VM enables SSH with keys for secure communication"
- CKV_AZURE_179 # "Ensure VM agent is installed"
- CKV_AZURE_182 # "Ensure that VNET has at least 2 connected DNS Endpoints"
- CKV_AZURE_183 # "Ensure that VNET has at least 2 connected DNS Endpoints"
- CKV_AZURE_44 # "Ensure Storage Account is using the latest version of TLS encryption"
- CKV_AZURE_206 # Ensure that Storage Accounts use replication
- CKV_AZURE_33 # "Ensure Storage logging is enabled for Queue service for read, write and delete requests"
- CKV_AZURE_59 # "Ensure that Storage accounts disallow public access"
- CKV_AZURE_190 # "Ensure that Storage blobs restrict public access"
- CKV_AZURE_197 # "Ensure that Storage Accounts use replication"
- CKV2_AZURE_1 # "Ensure storage for critical data are encrypted with Customer Managed Key"
- CKV2_AZURE_18 # "Ensure that Storage Accounts use customer-managed key for encryption"
- CKV2_AZURE_21 # "Ensure Storage logging is enabled for Blob service for read requests"
- CKV2_AZURE_31 # Ensure VNET subnet is configured with a Network Security Group (NSG)
- CKV2_AZURE_33 # Ensure storage account is configured with private endpoint
- CKV2_AZURE_38 # Ensure soft-delete is enabled on Azure storage account
- CKV_GHA_*
- CKV2_GHA_*
- CKV_TF_1 # Ensure Terraform module sources use a commit hash
- CKV2_ADO_1 # Ensure at least two approving reviews for PRs