You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey there! I noticed some possible problems in some code in this repo. A quick summary of a few of them is below, but let me know if you're interested in seeing a full report or talking about cloud security in general.
severity: serious
filename:./cicd/CICD.cft.yml
line number(s): [54]
resource(s):
IAM role should not allow * action on its permissions policy
severity: warning
filename:./cicd/CICD.cft.yml
line number(s): [196]
resource(s):
CloudFront Distribution should enable access logging
severity: warning
filename:./cicd/CICD.cft.yml
line number(s): [10, 32]
resource(s):
CodeBuild project should specify an EncryptionKey value
severity: warning
filename:./cicd/CICD.cft.yml
line number(s): [54]
resource(s):
IAM role should not allow * resource on its permissions policy
severity: warning
filename:./cicd/CICD.cft.yml
line number(s): [54]
resource(s):
Resource found with an explicit name, this disallows updates that require replacement of this resource
The text was updated successfully, but these errors were encountered:
@ctindall Thanks for your report. As this CICD isn't invoked for anything except a merge to master/production, I'm not terribly concerned with most of this, as very few people have permissions to make those merges anyways.
Regardless, I agree that the Resource: "*" on line 76 is a legitimate issue that we should address; everything else I see as a non-issue.
Hey there! I noticed some possible problems in some code in this repo. A quick summary of a few of them is below, but let me know if you're interested in seeing a full report or talking about cloud security in general.
severity: serious
filename:
./cicd/CICD.cft.yml
line number(s): [54]
resource(s):
IAM role should not allow * action on its permissions policy
severity: warning
filename:
./cicd/CICD.cft.yml
line number(s): [196]
resource(s):
CloudFront Distribution should enable access logging
severity: warning
filename:
./cicd/CICD.cft.yml
line number(s): [10, 32]
resource(s):
CodeBuild project should specify an EncryptionKey value
severity: warning
filename:
./cicd/CICD.cft.yml
line number(s): [54]
resource(s):
IAM role should not allow * resource on its permissions policy
severity: warning
filename:
./cicd/CICD.cft.yml
line number(s): [54]
resource(s):
Resource found with an explicit name, this disallows updates that require replacement of this resource
The text was updated successfully, but these errors were encountered: