NIST SP 800-53 Rev. 5
- Version: Rev. 5
- URL: https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final
- Source of truth:
pipeline_check/core/standards/data/nist_800_53.py
The federal control catalog. The scanner evidences the AC, AU, CM, IA, SI, and SR family controls whose CI/CD-side state is visible in pipeline configuration. Use this page when an authorization package asks for 800-53 control evidence; pair with NIST SSDF for SSDLC vocabulary.
At a glance
- Controls in this standard: 26
- Controls evidenced by at least one check: 26 / 26
- Distinct checks evidencing this standard: 994
- Of those, autofixable with
--fix: 120
Severity levels (CRITICAL / HIGH / MEDIUM / LOW / INFO) follow the same scale across every provider and standard. See How to read severity on the standards overview for the definitions.
Coverage by control
Click a control ID to jump to the per-control section with the full check list. The severity mix column shows the spread of evidencing checks by severity (Critical / High / Medium / Low / Info).
| Control | Title | Checks | Severity mix |
|---|---|---|---|
AC-2 |
Account Management | 20 | 2C · 5H · 13M |
AC-3 |
Access Enforcement | 99 | 14C · 55H · 29M · 1L |
AC-6 |
Least Privilege | 110 | 14C · 64H · 30M · 2L |
AU-2 |
Event Logging | 55 | 7H · 20M · 12L · 16I |
AU-9 |
Protection of Audit Information | 30 | 2C · 22H · 6M |
AU-11 |
Audit Record Retention | 8 | 4M · 4L |
AU-12 |
Audit Record Generation | 34 | 5H · 10M · 3L · 16I |
CM-2 |
Baseline Configuration | 29 | 2H · 21M · 6L |
CM-6 |
Configuration Settings | 197 | 20C · 108H · 53M · 15L · 1I |
CM-7 |
Least Functionality | 135 | 8C · 73H · 47M · 7L |
CM-8 |
System Component Inventory | 29 | 3H · 18M · 8L |
IA-5 |
Authenticator Management | 144 | 30C · 93H · 20M · 1L |
RA-5 |
Vulnerability Monitoring and Scanning | 69 | 18C · 18H · 22M · 11L |
SA-10 |
Developer Configuration Management | 34 | 3C · 13H · 17M · 1L |
SA-11 |
Developer Testing and Evaluation | 127 | 20C · 85H · 16M · 6L |
SA-15 |
Development Process, Standards, and Tools | 47 | 4C · 21H · 17M · 5L |
SC-7 |
Boundary Protection | 55 | 12C · 26H · 16M · 1L |
SC-8 |
Transmission Confidentiality and Integrity | 46 | 36H · 9M · 1L |
SC-12 |
Cryptographic Key Establishment and Management | 24 | 7H · 15M · 2L |
SC-13 |
Cryptographic Protection | 41 | 28H · 11M · 2L |
SC-28 |
Protection of Information at Rest | 36 | 6C · 22H · 8M |
SI-2 |
Flaw Remediation | 111 | 40H · 56M · 15L |
SI-7 |
Software, Firmware, and Information Integrity | 130 | 12C · 63H · 53M · 1L · 1I |
SR-3 |
Supply Chain Controls and Processes | 232 | 21C · 119H · 77M · 15L |
SR-4 |
Provenance | 63 | 7H · 49M · 7L |
SR-11 |
Component Authenticity | 169 | 12C · 83H · 63M · 11L |
Filter at runtime
Restrict a scan to checks that evidence this standard with --standard nist_800_53:
# All providers, only checks tied to this standard
pipeline_check --standard nist_800_53
# Compose with --pipeline to scope by provider
pipeline_check --pipeline github --standard nist_800_53
# Compose with another standard to widen the lens
pipeline_check --pipeline aws --standard nist_800_53 --standard owasp_cicd_top_10
Controls in scope
AC-2: Account Management
Evidenced by 20 checks across 7 providers (AWS, Argo Workflows, Azure Cloud, GCP, Kubernetes, SCM, Tekton).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ACR-001 |
Container registry admin user enabled | HIGH | Azure Cloud | |
ARGO-003 |
Argo workflow uses the default ServiceAccount | MEDIUM | Argo Workflows | |
ARGO-016 |
Workflow bound to a cluster-admin / over-privileged ServiceAccount | CRITICAL | Argo Workflows | |
AZAPP-003 |
App Service does not use a managed identity | MEDIUM | Azure Cloud | |
AZSQL-004 |
SQL Server has no Azure AD administrator configured | MEDIUM | Azure Cloud | |
AZVM-005 |
Virtual machine does not use a managed identity | MEDIUM | Azure Cloud | |
ENTRA-005 |
No Conditional Access policy restricting external users | MEDIUM | Azure Cloud | |
GCCE-002 |
Compute instance does not have OS Login enabled | MEDIUM | GCP | |
GCIAM-004 |
Compute instance uses default service account | HIGH | GCP | |
GCIAM-005 |
Domain-restricted sharing constraint not enforced | MEDIUM | GCP | |
GCRUN-002 |
Cloud Run service or function uses default compute SA | HIGH | GCP | |
GCSQL-004 |
Cloud SQL instance does not have IAM authentication enabled | MEDIUM | GCP | |
IAM-003 |
CI/CD role has no permission boundary | MEDIUM | AWS | |
IAM-005 |
CI/CD role trust policy missing sts:ExternalId | HIGH | AWS | |
K8S-011 |
Pod serviceAccountName unset or 'default' | MEDIUM | Kubernetes | |
K8S-034 |
ServiceAccount automountServiceAccountToken not explicitly false | MEDIUM | Kubernetes | |
K8S-042 |
RoleBinding grants access to system:anonymous / system:unauthenticated | CRITICAL | Kubernetes | |
PBAC-002 |
CodeBuild service role shared across multiple projects | MEDIUM | AWS | |
SCM-027 |
Outside collaborator holds write / maintain / admin access | HIGH | SCM | |
TKN-007 |
Tekton run uses the default ServiceAccount | MEDIUM | Tekton |
AC-3: Access Enforcement
Evidenced by 99 checks across 19 providers (AWS, Azure Cloud, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, GCP, GitHub Actions, GitLab CI, GitLab group governance, Harness CI/CD, Jenkins, Kubernetes, NuGet, Pulumi, SCM, Terraform, npm).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ACR-002 |
Container registry allows public network access | HIGH | Azure Cloud | |
ADO-004 |
Deployment job missing environment binding | MEDIUM | Azure DevOps | |
ADO-029 |
Service-connection-using job without environment or branch gate | HIGH | Azure DevOps | |
ADO-038 |
Agentic CLI output lands without human review | HIGH | Azure DevOps | |
AKV-003 |
Key Vault allows access from all networks | MEDIUM | Azure Cloud | |
AKV-006 |
Key Vault uses vault access policies instead of RBAC | MEDIUM | Azure Cloud | |
AZNW-001 |
NSG allows inbound SSH or RDP from the internet | CRITICAL | Azure Cloud | |
AZNW-004 |
NSG has no explicit deny-all inbound rule | MEDIUM | Azure Cloud | |
AZSQL-003 |
SQL Server allows public network access | HIGH | Azure Cloud | |
AZSQL-004 |
SQL Server has no Azure AD administrator configured | MEDIUM | Azure Cloud | |
AZST-001 |
Storage account allows public blob access | HIGH | Azure Cloud | |
AZVM-003 |
Virtual machine does not have JIT network access | MEDIUM | Azure Cloud | |
BB-004 |
Deploy step missing deployment: environment gate |
MEDIUM | Bitbucket | |
BB-028 |
OIDC step without deployment-gated environment | HIGH | Bitbucket | |
BB-034 |
Production deployment on a pull-request pipeline | CRITICAL | Bitbucket | |
BB-039 |
Agentic CLI output lands without human review | HIGH | Bitbucket | |
BK-007 |
Deploy step not gated by a manual block / input | MEDIUM | Buildkite | |
BK-013 |
Deploy step has no branches: filter | MEDIUM | Buildkite | |
CA-003 |
CodeArtifact domain policy allows cross-account wildcard | CRITICAL | AWS | |
CB-010 |
CodeBuild webhook allows fork-PR builds without actor filtering | HIGH | AWS | |
CC-030 |
Workflow job uses context without branch filter or approval gate | MEDIUM | CircleCI | |
CC-031 |
OIDC role assumption without branch filter or approval gate | HIGH | CircleCI | |
CC-038 |
Agentic CLI output lands without human review | HIGH | CircleCI | |
CCM-001 |
CodeCommit repository has no approval rule template attached | HIGH | AWS | |
CCM-003 |
CodeCommit trigger targets SNS/Lambda in a different account | MEDIUM | AWS | |
CP-007 |
CodePipeline v2 PR trigger accepts all branches | HIGH | AWS | |
ECR-003 |
Repository policy allows public access | CRITICAL | AWS | |
ENTRA-001 |
Service principal assigned Global Administrator | CRITICAL | Azure Cloud | |
ENTRA-004 |
No Conditional Access policy requiring MFA for admins | HIGH | Azure Cloud | |
ENTRA-005 |
No Conditional Access policy restricting external users | MEDIUM | Azure Cloud | |
GAR-002 |
Artifact Registry repository is publicly readable | HIGH | GCP | |
GCB-002 |
Cloud Build uses the default service account | HIGH | Cloud Build | |
GCB-020 |
serviceAccount points at the default Cloud Build service account | HIGH | Cloud Build | |
GCCE-005 |
Instance does not block project-wide SSH keys | MEDIUM | GCP | |
GCIAM-001 |
Service account has Owner or Editor role on project | CRITICAL | GCP | |
GCIAM-003 |
Service account token creator granted without constraint | HIGH | GCP | |
GCIAM-005 |
Domain-restricted sharing constraint not enforced | MEDIUM | GCP | |
GCKMS-002 |
KMS key IAM policy grants public access | HIGH | GCP | |
GCKMS-004 |
KMS key ring IAM has overly broad bindings | HIGH | GCP | |
GCNET-002 |
No default-deny ingress firewall rule configured | MEDIUM | GCP | |
GCNET-003 |
Firewall allows SSH or RDP from the internet | CRITICAL | GCP | |
GCRUN-001 |
Cloud Run service allows unauthenticated access | HIGH | GCP | |
GCS-001 |
Cloud Storage bucket is publicly accessible | HIGH | GCP | |
GCS-002 |
Bucket does not enforce uniform bucket-level access | MEDIUM | GCP | |
GCSQL-001 |
Cloud SQL instance has a public IP address | HIGH | GCP | |
GCSQL-004 |
Cloud SQL instance does not have IAM authentication enabled | MEDIUM | GCP | |
GHA-014 |
Deploy job missing environment binding | MEDIUM | GitHub Actions | 🔧 fix |
GHA-030 |
OIDC token requested without environment-protected job | HIGH | GitHub Actions | |
GHA-062 |
OIDC subject claim in sibling IaC grants overly broad scope | HIGH | GitHub Actions | |
GHA-063 |
if: predicate gates on a spoofable bot-actor comparison |
HIGH | GitHub Actions | |
GHA-064 |
contains() invoked with comma-delimited string operand |
HIGH | GitHub Actions | |
GHA-086 |
Wildcard branch trigger gates an environment-bound deploy | MEDIUM | GitHub Actions | |
GHA-112 |
Self-hosted deploy job not gated by a protected environment | HIGH | GitHub Actions | |
GHA-113 |
OIDC trusted-publishing job without an environment gate | HIGH | GitHub Actions | |
GHA-114 |
Package-publish workflow runs on an unrestricted push trigger | HIGH | GitHub Actions | |
GHA-123 |
Agentic CLI output lands without human review | HIGH | GitHub Actions | |
GL-004 |
Deploy job lacks manual approval or environment gate | MEDIUM | GitLab CI | |
GL-029 |
Manual deploy job defaults to allow_failure: true | MEDIUM | GitLab CI | |
GL-031 |
id_tokens: missing audience pin or environment binding | HIGH | GitLab CI | |
GL-040 |
CI_JOB_TOKEN used for cross-project / remote access | HIGH | GitLab CI | |
GL-044 |
Automatic production deployment on a merge-request pipeline | CRITICAL | GitLab CI | |
GL-049 |
Agentic CLI output lands without human review | HIGH | GitLab CI | |
GLGRP-004 |
GitLab group default branch protection is disabled for new projects | MEDIUM | GitLab group governance | |
HARNESS-009 |
Agentic CLI output lands without human review | HIGH | Harness CI/CD | |
IAM-001 |
CI/CD role has AdministratorAccess policy attached | CRITICAL | AWS | |
IAM-002 |
CI/CD role has wildcard Action in attached policy | HIGH | AWS | |
IAM-004 |
CI/CD role can PassRole to any role | HIGH | AWS | |
IAM-005 |
CI/CD role trust policy missing sts:ExternalId | HIGH | AWS | |
IAM-006 |
Sensitive actions granted with wildcard Resource | MEDIUM | AWS | |
IAM-008 |
OIDC-federated role trust policy missing audience or subject pin | HIGH | AWS | |
IAM-009 |
Azure federated identity credential trusts a broad GitHub subject | HIGH | Terraform | |
IAM-010 |
GCP workload identity provider has no repository attribute condition | HIGH | Terraform | |
JF-024 |
input approval step missing submitter restriction |
MEDIUM | Jenkins | |
JF-038 |
Agentic CLI output lands without human review | HIGH | Jenkins | |
K8S-020 |
ClusterRoleBinding grants cluster-admin or system:masters | CRITICAL | Kubernetes | 🔧 fix |
K8S-021 |
Role or ClusterRole grants wildcard verbs+resources | HIGH | Kubernetes | |
K8S-026 |
LoadBalancer Service has no loadBalancerSourceRanges | HIGH | Kubernetes | |
K8S-029 |
RoleBinding grants permissions to the default ServiceAccount | HIGH | Kubernetes | 🔧 fix |
K8S-032 |
Namespace lacks default-deny NetworkPolicy | MEDIUM | Kubernetes | |
K8S-038 |
NetworkPolicy ingress / egress allows all sources or destinations | MEDIUM | Kubernetes | |
K8S-041 |
Service.externalIPs allows traffic interception (CVE-2020-8554) | HIGH | Kubernetes | |
K8S-042 |
RoleBinding grants access to system:anonymous / system:unauthenticated | CRITICAL | Kubernetes | |
KMS-002 |
KMS key policy grants wildcard KMS actions | HIGH | AWS | |
LMB-002 |
Lambda function URL has AuthType=NONE | HIGH | AWS | |
LMB-004 |
Lambda resource policy allows wildcard principal | CRITICAL | AWS | |
NPM-013 |
package.json files field uses an overly broad pattern | HIGH | npm | |
NUGET-010 |
NuGet.config stores a feed credential in plaintext | HIGH | NuGet | |
PULUMI-005 |
Pulumi source declares an IAM policy with wildcard action + resource | HIGH | Pulumi | |
PULUMI-006 |
Pulumi source uses StackReference without project/org guard | MEDIUM | Pulumi | |
PULUMI-007 |
Pulumi source declares a publicly accessible cloud resource | HIGH | Pulumi | |
S3-001 |
Artifact bucket public access block not fully enabled | CRITICAL | AWS | |
SCM-001 |
Default branch has no protection rule | HIGH | SCM | |
SCM-011 |
Default branch protection does not require CODEOWNERS reviews | MEDIUM | SCM | |
SCM-019 |
Push restrictions allowlist names individual users | LOW | SCM | |
SCM-021 |
Actions can approve pull requests (self-approval bypass) | HIGH | SCM | |
SCM-023 |
Deployment environment lacks required-reviewer protection | HIGH | SCM | |
SCM-028 |
Private repo allows forking | MEDIUM | SCM | |
SM-002 |
Secrets Manager resource policy allows wildcard principal | CRITICAL | AWS | |
TAINT-009 |
Environment-protected secret flows to unprotected job | HIGH | GitHub Actions |
AC-6: Least Privilege
Evidenced by 110 checks across 25 providers (AWS, Actions run history, Argo CD, Argo Workflows, Azure Cloud, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, Developer environment, Dockerfile, Drone CI, GCP, GitHub Actions, GitLab CI, GitLab group governance, GitLab pipeline run history, Harness CI/CD, Jenkins, Kubernetes, Pulumi, SCM, SCM org governance, Tekton).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ACR-001 |
Container registry admin user enabled | HIGH | Azure Cloud | |
ADO-017 |
Docker run with insecure flags (privileged/host mount) | CRITICAL | Azure DevOps | 🔧 fix |
AKV-006 |
Key Vault uses vault access policies instead of RBAC | MEDIUM | Azure Cloud | |
ARGO-002 |
Argo template container runs privileged or as root | HIGH | Argo Workflows | |
ARGO-003 |
Argo workflow uses the default ServiceAccount | MEDIUM | Argo Workflows | |
ARGO-004 |
Argo workflow mounts hostPath or shares host namespaces | CRITICAL | Argo Workflows | |
ARGO-013 |
Argo workflow does not opt out of SA token automount | MEDIUM | Argo Workflows | |
ARGO-016 |
Workflow bound to a cluster-admin / over-privileged ServiceAccount | CRITICAL | Argo Workflows | |
ARGOCD-011 |
Argo CD AppProject cluster-resource whitelist is wide open | HIGH | Argo CD | |
BB-013 |
Docker run with insecure flags (privileged/host mount) | CRITICAL | Bitbucket | 🔧 fix |
BK-005 |
Container started with --privileged or host-bind escalation | HIGH | Buildkite | 🔧 fix |
CA-004 |
CodeArtifact repo policy grants codeartifact:* with Resource '*' |
HIGH | AWS | |
CC-014 |
Job missing resource_class declaration |
MEDIUM | CircleCI | |
DEV-005 |
Devcontainer initializeCommand runs unsandboxed on the host | HIGH | Developer environment | |
DF-002 |
Container runs as root (missing or root USER directive) | HIGH | Dockerfile | 🔧 fix |
DF-008 |
RUN invokes docker --privileged or escalates capabilities | HIGH | Dockerfile | |
DF-012 |
RUN invokes sudo | HIGH | Dockerfile | |
DF-014 |
WORKDIR set to a system / kernel filesystem path | CRITICAL | Dockerfile | |
DF-015 |
RUN grants world-writable permissions (chmod 777 / a+w) | MEDIUM | Dockerfile | |
DF-017 |
ENV PATH prepends a world-writable directory | MEDIUM | Dockerfile | 🔧 fix |
DF-018 |
RUN chown rewrites ownership of a system path | MEDIUM | Dockerfile | |
DF-023 |
ENV sets a dynamic-loader hijack variable | HIGH | Dockerfile | |
DR-002 |
Step runs with privileged: true | HIGH | Drone CI | |
DR-007 |
Step mounts a sensitive host path | HIGH | Drone CI | |
DR-013 |
Pipeline defines no trigger event filter | MEDIUM | Drone CI | |
EB-002 |
EventBridge rule has a wildcard target ARN | HIGH | AWS | |
ENTRA-001 |
Service principal assigned Global Administrator | CRITICAL | Azure Cloud | |
GCB-002 |
Cloud Build uses the default service account | HIGH | Cloud Build | |
GCB-016 |
Step dir field contains parent-directory escape (..) | MEDIUM | Cloud Build | |
GCB-020 |
serviceAccount points at the default Cloud Build service account | HIGH | Cloud Build | |
GCIAM-001 |
Service account has Owner or Editor role on project | CRITICAL | GCP | |
GCIAM-003 |
Service account token creator granted without constraint | HIGH | GCP | |
GCIAM-004 |
Compute instance uses default service account | HIGH | GCP | |
GCKMS-004 |
KMS key ring IAM has overly broad bindings | HIGH | GCP | |
GCRUN-002 |
Cloud Run service or function uses default compute SA | HIGH | GCP | |
GHA-004 |
Workflow permissions block missing or overprovisioned | MEDIUM | GitHub Actions | 🔧 fix |
GHA-034 |
Reusable workflow called with secrets: inherit | MEDIUM | GitHub Actions | 🔧 fix |
GHA-043 |
Low-star action runs with sensitive permissions | HIGH | GitHub Actions | |
GHA-049 |
Workflow step makes a privileged git write (cross-repo or actions[bot] bypass) | HIGH | GitHub Actions | |
GHA-050 |
Publish step relies on long-lived registry token | HIGH | GitHub Actions | |
GHA-061 |
GitHub App token minted without a permissions: filter |
MEDIUM | GitHub Actions | |
GHA-062 |
OIDC subject claim in sibling IaC grants overly broad scope | HIGH | GitHub Actions | |
GHA-069 |
id-token: write granted without an OIDC-consumer step |
MEDIUM | GitHub Actions | |
GHA-072 |
Secret in env: at a wider scope than its consumer | HIGH | GitHub Actions | |
GHA-106 |
AI agent CLI runs with a write-scoped GITHUB_TOKEN | HIGH | GitHub Actions | |
GHA-111 |
AI agent generates IaC applied to the cloud in the same job | HIGH | GitHub Actions | |
GHA-115 |
id-token: write granted workflow-wide instead of job-scoped |
MEDIUM | GitHub Actions | |
GHA-116 |
Workflow serializes the entire secrets context (toJSON(secrets)) | HIGH | GitHub Actions | |
GL-050 |
Package-publish job relies on a long-lived registry token | HIGH | GitLab CI | |
GLGRP-001 |
GitLab group does not require two-factor authentication | HIGH | GitLab group governance | |
GLGRP-002 |
GitLab group allows forking projects outside the group | MEDIUM | GitLab group governance | |
GLGRP-003 |
GitLab group allows sharing projects outside the group hierarchy | MEDIUM | GitLab group governance | |
GLRUN-004 |
Fork pipeline minted a cloud OIDC token | HIGH | GitLab pipeline run history | |
HARNESS-003 |
Step runs with privileged: true | HIGH | Harness CI/CD | |
HARNESS-007 |
Stage infrastructure mounts a sensitive host path | HIGH | Harness CI/CD | |
IAM-001 |
CI/CD role has AdministratorAccess policy attached | CRITICAL | AWS | |
IAM-002 |
CI/CD role has wildcard Action in attached policy | HIGH | AWS | |
IAM-003 |
CI/CD role has no permission boundary | MEDIUM | AWS | |
IAM-004 |
CI/CD role can PassRole to any role | HIGH | AWS | |
IAM-006 |
Sensitive actions granted with wildcard Resource | MEDIUM | AWS | |
JF-003 |
Pipeline uses agent any (no executor isolation) |
MEDIUM | Jenkins | |
JF-017 |
Docker run with insecure flags (privileged/host mount) | CRITICAL | Jenkins | 🔧 fix |
JF-025 |
Kubernetes agent pod template runs privileged or mounts hostPath | HIGH | Jenkins | |
K8S-005 |
Container securityContext.privileged: true | CRITICAL | Kubernetes | 🔧 fix |
K8S-006 |
Container allowPrivilegeEscalation not explicitly false | HIGH | Kubernetes | 🔧 fix |
K8S-007 |
Container runAsNonRoot not true / runAsUser is 0 | HIGH | Kubernetes | 🔧 fix |
K8S-009 |
Container capabilities not dropping ALL / adding dangerous caps | HIGH | Kubernetes | |
K8S-011 |
Pod serviceAccountName unset or 'default' | MEDIUM | Kubernetes | |
K8S-012 |
Pod automountServiceAccountToken not false | MEDIUM | Kubernetes | |
K8S-013 |
Pod uses a hostPath volume | HIGH | Kubernetes | 🔧 fix |
K8S-014 |
Pod hostPath references a sensitive host directory | CRITICAL | Kubernetes | |
K8S-020 |
ClusterRoleBinding grants cluster-admin or system:masters | CRITICAL | Kubernetes | 🔧 fix |
K8S-021 |
Role or ClusterRole grants wildcard verbs+resources | HIGH | Kubernetes | |
K8S-023 |
Namespace missing Pod Security Admission enforcement label | HIGH | Kubernetes | |
K8S-025 |
System priority class used outside kube-system | HIGH | Kubernetes | |
K8S-029 |
RoleBinding grants permissions to the default ServiceAccount | HIGH | Kubernetes | 🔧 fix |
K8S-030 |
Workload schedules onto a control-plane node | HIGH | Kubernetes | 🔧 fix |
K8S-031 |
Namespace missing PSA warn label | LOW | Kubernetes | |
K8S-034 |
ServiceAccount automountServiceAccountToken not explicitly false | MEDIUM | Kubernetes | |
K8S-035 |
Container securityContext.runAsUser is 0 | HIGH | Kubernetes | |
K8S-039 |
Pod uses shareProcessNamespace: true | MEDIUM | Kubernetes | |
K8S-040 |
Container securityContext.procMount: Unmasked | HIGH | Kubernetes | |
K8S-042 |
RoleBinding grants access to system:anonymous / system:unauthenticated | CRITICAL | Kubernetes | |
K8S-044 |
Admission webhook fails open or mutates cluster-wide unscoped | HIGH | Kubernetes | |
KMS-002 |
KMS key policy grants wildcard KMS actions | HIGH | AWS | |
ORG-001 |
Organization does not require two-factor authentication | HIGH | SCM org governance | |
ORG-002 |
Organization default member permission grants write to every repo | HIGH | SCM org governance | |
ORG-004 |
Organization default workflow token grants write permissions | HIGH | SCM org governance | |
ORG-006 |
Organization Actions secret is exposed to every repository | HIGH | SCM org governance | |
ORG-007 |
Organization allows forking of private repositories | MEDIUM | SCM org governance | |
ORG-008 |
Organization lets members create public repositories | MEDIUM | SCM org governance | |
PBAC-002 |
CodeBuild service role shared across multiple projects | MEDIUM | AWS | |
PBAC-005 |
CodePipeline stage action roles mirror the pipeline role | HIGH | AWS | |
PULUMI-005 |
Pulumi source declares an IAM policy with wildcard action + resource | HIGH | Pulumi | |
PULUMI-007 |
Pulumi source declares a publicly accessible cloud resource | HIGH | Pulumi | |
RUN-004 |
Fork PR run minted a cloud OIDC token | HIGH | Actions run history | |
SCM-010 |
Branch protection allows administrators to bypass | HIGH | SCM | |
SCM-018 |
Required PR reviews can be bypassed by named identities | MEDIUM | SCM | |
SCM-019 |
Push restrictions allowlist names individual users | LOW | SCM | |
SCM-020 |
Default workflow GITHUB_TOKEN has write permission | HIGH | SCM | |
SCM-025 |
Repo has write-enabled deploy keys (push backdoor) | HIGH | SCM | |
SCM-027 |
Outside collaborator holds write / maintain / admin access | HIGH | SCM | |
SCM-030 |
Repository ruleset has bypass actor with bypass_mode: always | HIGH | SCM | |
SCM-044 |
Default-branch signed-commits requirement bypassed for admins | MEDIUM | SCM | |
SCM-048 |
Org codespace secret scoped to all repos | HIGH | SCM | |
SCM-049 |
Classic PAT used where a fine-grained token suffices | MEDIUM | SCM | |
TKN-002 |
Tekton step runs privileged or as root | HIGH | Tekton | |
TKN-004 |
Tekton Task mounts hostPath or shares host namespaces | CRITICAL | Tekton | |
TKN-007 |
Tekton run uses the default ServiceAccount | MEDIUM | Tekton | |
TKN-013 |
Tekton sidecar runs privileged or as root | HIGH | Tekton |
AU-2: Event Logging
Evidenced by 55 checks across 13 providers (AWS, Argo CD, Argo Workflows, Azure Cloud, Buildkite, CircleCI, Cloud Build, Dockerfile, GCP, Harness CI/CD, Jenkins, Kubernetes, Tekton).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ARGO-007 |
Argo workflow has no activeDeadlineSeconds | LOW | Argo Workflows | |
ARGOCD-012 |
Argo CD AppProject defines no sync windows | MEDIUM | Argo CD | |
AZMON-001 |
No diagnostic setting for subscription Activity Log | HIGH | Azure Cloud | |
AZMON-003 |
No alert rule for critical administrative operations | MEDIUM | Azure Cloud | |
AZMON-004 |
Key Vault has no diagnostic settings configured | MEDIUM | Azure Cloud | |
AZMON-005 |
NSG flow log retention less than 90 days | MEDIUM | Azure Cloud | |
AZMON-007 |
No service health alert rule configured | LOW | Azure Cloud | |
AZNW-002 |
NSG does not have flow logging enabled | MEDIUM | Azure Cloud | |
AZSQL-002 |
SQL Server auditing not enabled | HIGH | Azure Cloud | |
BK-006 |
Step has no timeout_in_minutes | LOW | Buildkite | |
CA-000 |
CodeArtifact API access failed | INFO | AWS | |
CB-000 |
CodeBuild API access failed | INFO | AWS | |
CB-003 |
Build logging not enabled | MEDIUM | AWS | |
CC-011 |
No store_test_results step (test results not archived) | LOW | CircleCI | |
CCM-000 |
CodeCommit API access failed | INFO | AWS | |
CD-000 |
CodeDeploy API access failed | INFO | AWS | |
CD-003 |
No CloudWatch alarm monitoring on deployment group | MEDIUM | AWS | |
CP-000 |
CodePipeline API access failed | INFO | AWS | |
CT-000 |
CloudTrail API access failed | INFO | AWS | |
CT-001 |
No active CloudTrail trail in region | HIGH | AWS | |
CT-003 |
CloudTrail trail is not multi-region | MEDIUM | AWS | |
CW-001 |
No CloudWatch alarm on CodeBuild FailedBuilds metric | LOW | AWS | |
CWL-000 |
CloudWatch Logs API access failed | INFO | AWS | |
CWL-001 |
CodeBuild log group has no retention policy | LOW | AWS | |
DF-007 |
No HEALTHCHECK directive declared | LOW | Dockerfile | 🔧 fix |
DF-020 |
ARG declares a credential-named build argument | HIGH | Dockerfile | 🔧 fix |
EB-000 |
EventBridge API access failed | INFO | AWS | |
EB-001 |
No EventBridge rule for CodePipeline failure notifications | MEDIUM | AWS | |
ECR-000 |
ECR API access failed | INFO | AWS | |
ENTRA-006 |
No Conditional Access sign-in risk policy | HIGH | Azure Cloud | |
GCB-014 |
Build logging disabled (options.logging: NONE) | HIGH | Cloud Build | 🔧 fix |
GCB-025 |
Build has no tags for audit / discoverability | LOW | Cloud Build | |
GCLOG-001 |
Cloud Audit Logs not enabled for all services | HIGH | GCP | |
GCLOG-002 |
No log sink configured for audit logs | MEDIUM | GCP | |
GCLOG-004 |
VPC Flow Logs not enabled on subnet | MEDIUM | GCP | |
GCLOG-005 |
Firewall rule logging not enabled | MEDIUM | GCP | |
GCLOG-006 |
Critical service missing Data Access audit log types | MEDIUM | GCP | |
GCLOG-007 |
No log metric filter for IAM policy changes | MEDIUM | GCP | |
GCLOG-008 |
No log metric filter for firewall rule changes | MEDIUM | GCP | |
GCLOG-009 |
No log metric filter for route changes | MEDIUM | GCP | |
GCLOG-010 |
No log metric filter for Cloud SQL config changes | MEDIUM | GCP | |
GCLOG-011 |
No log metric filter for custom role changes | MEDIUM | GCP | |
GCS-005 |
Cloud Storage bucket access logging not enabled | MEDIUM | GCP | |
HARNESS-019 |
Pipeline step lacks an explicit timeout | LOW | Harness CI/CD | |
IAM-000 |
IAM API access failed | INFO | AWS | |
JF-011 |
Pipeline has no buildDiscarder retention policy |
LOW | Jenkins | 🔧 fix |
K8S-024 |
Container missing both livenessProbe and readinessProbe | MEDIUM | Kubernetes | |
KMS-000 |
KMS API access failed | INFO | AWS | |
LMB-000 |
Lambda API access failed | INFO | AWS | |
PBAC-000 |
PBAC enumeration failed | INFO | AWS | |
S3-000 |
S3 API access failed | INFO | AWS | |
S3-004 |
Artifact bucket access logging not enabled | LOW | AWS | |
SM-000 |
Secrets Manager API access failed | INFO | AWS | |
SSM-000 |
SSM Parameter Store API access failed | INFO | AWS | |
TKN-006 |
Tekton run lacks an explicit timeout | LOW | Tekton |
AU-9: Protection of Audit Information
Evidenced by 30 checks across 15 providers (AWS, Argo Workflows, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, Drone CI, GCP, GitHub Actions, GitLab CI, Harness CI/CD, Jenkins, Pulumi, Tekton).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-031 |
Secret variable echoed / printed in a script step | HIGH | Azure DevOps | |
ADO-032 |
checkout persistCredentials leaves the pipeline token in .git/config | HIGH | Azure DevOps | |
ARGO-018 |
Secret-named variable echoed / printed in a template script | HIGH | Argo Workflows | |
BB-019 |
after-script references secrets | HIGH | Bitbucket | |
BB-032 |
Secret-named variable echoed / printed in a script block | HIGH | Bitbucket | |
BK-017 |
Secret-named variable echoed / printed in a step command | HIGH | Buildkite | |
CC-032 |
Secret-named variable echoed / printed in a run step | HIGH | CircleCI | |
CT-001 |
No active CloudTrail trail in region | HIGH | AWS | |
CT-002 |
CloudTrail log-file validation disabled | MEDIUM | AWS | |
CWL-002 |
CodeBuild log group not KMS-encrypted | MEDIUM | AWS | |
DR-018 |
Secret-named variable echoed / printed in a step command | HIGH | Drone CI | |
GCB-014 |
Build logging disabled (options.logging: NONE) | HIGH | Cloud Build | 🔧 fix |
GCB-028 |
Secret-named variable echoed / printed in a build step | HIGH | Cloud Build | |
GCLOG-002 |
No log sink configured for audit logs | MEDIUM | GCP | |
GHA-033 |
Secret value echoed / printed in a run: block | CRITICAL | GitHub Actions | |
GHA-055 |
Reusable workflow outputs derive a secret or caller-input value | HIGH | GitHub Actions | |
GHA-066 |
actions/upload-artifact path is a workspace wildcard |
HIGH | GitHub Actions | |
GHA-087 |
Derived value of a secret printed to the build log | HIGH | GitHub Actions | |
GHA-093 |
Living-off-the-Pipeline indicators (workflow-command abuse) | HIGH | GitHub Actions | |
GL-036 |
Secret-named variable echoed / printed in a script block | HIGH | GitLab CI | |
GL-038 |
CI_DEBUG_TRACE / debug logging dumps secrets to the job log | HIGH | GitLab CI | |
HARNESS-013 |
Secret-named variable echoed / printed in a step command | HIGH | Harness CI/CD | |
JF-033 |
withCredentials secret leaked via Groovy ${...} interpolation in sh step | HIGH | Jenkins | |
JF-042 |
Secret-named variable echoed / printed in a build step | HIGH | Jenkins | |
PULUMI-004 |
Pulumi project uses an insecure state backend | MEDIUM | Pulumi | |
S3-001 |
Artifact bucket public access block not fully enabled | CRITICAL | AWS | |
S3-002 |
Artifact bucket server-side encryption not configured | HIGH | AWS | |
S3-003 |
Artifact bucket versioning not enabled | MEDIUM | AWS | |
S3-005 |
Artifact bucket missing aws:SecureTransport deny | MEDIUM | AWS | |
TKN-017 |
Secret-named variable echoed / printed in a step script | HIGH | Tekton |
AU-11: Audit Record Retention
Evidenced by 8 checks across 6 providers (AWS, Argo CD, Azure Cloud, CircleCI, GCP, Jenkins).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ARGOCD-013 |
Argo CD Application sets no explicit revisionHistoryLimit | LOW | Argo CD | |
AZMON-002 |
Activity Log retention less than 365 days | MEDIUM | Azure Cloud | |
AZMON-005 |
NSG flow log retention less than 90 days | MEDIUM | Azure Cloud | |
AZMON-006 |
Log Analytics workspace retention less than 365 days | MEDIUM | Azure Cloud | |
CC-011 |
No store_test_results step (test results not archived) | LOW | CircleCI | |
CWL-001 |
CodeBuild log group has no retention policy | LOW | AWS | |
GCLOG-003 |
Log bucket retention less than 365 days | MEDIUM | GCP | |
JF-011 |
Pipeline has no buildDiscarder retention policy |
LOW | Jenkins | 🔧 fix |
AU-12: Audit Record Generation
Evidenced by 34 checks across 6 providers (AWS, Azure Cloud, CircleCI, Cloud Build, GCP, Jenkins).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
AZMON-001 |
No diagnostic setting for subscription Activity Log | HIGH | Azure Cloud | |
AZMON-004 |
Key Vault has no diagnostic settings configured | MEDIUM | Azure Cloud | |
AZNW-002 |
NSG does not have flow logging enabled | MEDIUM | Azure Cloud | |
AZSQL-002 |
SQL Server auditing not enabled | HIGH | Azure Cloud | |
CA-000 |
CodeArtifact API access failed | INFO | AWS | |
CB-000 |
CodeBuild API access failed | INFO | AWS | |
CB-003 |
Build logging not enabled | MEDIUM | AWS | |
CC-011 |
No store_test_results step (test results not archived) | LOW | CircleCI | |
CCM-000 |
CodeCommit API access failed | INFO | AWS | |
CD-000 |
CodeDeploy API access failed | INFO | AWS | |
CD-003 |
No CloudWatch alarm monitoring on deployment group | MEDIUM | AWS | |
CP-000 |
CodePipeline API access failed | INFO | AWS | |
CT-000 |
CloudTrail API access failed | INFO | AWS | |
CT-001 |
No active CloudTrail trail in region | HIGH | AWS | |
CT-003 |
CloudTrail trail is not multi-region | MEDIUM | AWS | |
CWL-000 |
CloudWatch Logs API access failed | INFO | AWS | |
EB-000 |
EventBridge API access failed | INFO | AWS | |
ECR-000 |
ECR API access failed | INFO | AWS | |
GCB-014 |
Build logging disabled (options.logging: NONE) | HIGH | Cloud Build | 🔧 fix |
GCLOG-001 |
Cloud Audit Logs not enabled for all services | HIGH | GCP | |
GCLOG-002 |
No log sink configured for audit logs | MEDIUM | GCP | |
GCLOG-004 |
VPC Flow Logs not enabled on subnet | MEDIUM | GCP | |
GCLOG-005 |
Firewall rule logging not enabled | MEDIUM | GCP | |
GCLOG-006 |
Critical service missing Data Access audit log types | MEDIUM | GCP | |
GCS-005 |
Cloud Storage bucket access logging not enabled | MEDIUM | GCP | |
IAM-000 |
IAM API access failed | INFO | AWS | |
JF-011 |
Pipeline has no buildDiscarder retention policy |
LOW | Jenkins | 🔧 fix |
KMS-000 |
KMS API access failed | INFO | AWS | |
LMB-000 |
Lambda API access failed | INFO | AWS | |
PBAC-000 |
PBAC enumeration failed | INFO | AWS | |
S3-000 |
S3 API access failed | INFO | AWS | |
S3-004 |
Artifact bucket access logging not enabled | LOW | AWS | |
SM-000 |
Secrets Manager API access failed | INFO | AWS | |
SSM-000 |
SSM Parameter Store API access failed | INFO | AWS |
CM-2: Baseline Configuration
Evidenced by 29 checks across 18 providers (AWS, Argo Workflows, Azure Cloud, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, Dockerfile, Drone CI, GCP, GitHub Actions, GitLab CI, Harness CI/CD, Helm, Jenkins, OCI manifest, Tekton).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-005 |
Container image not pinned to specific version | HIGH | Azure DevOps | |
ADO-024 |
No SLSA provenance attestation produced | MEDIUM | Azure DevOps | |
ARGO-011 |
No SLSA provenance attestation produced | MEDIUM | Argo Workflows | |
AZST-005 |
Storage account blob lifecycle policy should be reviewed | LOW | Azure Cloud | |
BB-024 |
No SLSA provenance attestation produced | MEDIUM | Bitbucket | |
BK-011 |
No SLSA provenance attestation produced | MEDIUM | Buildkite | |
CB-005 |
Outdated managed build image | MEDIUM | AWS | |
CB-008 |
CodeBuild buildspec is inline (not sourced from a protected repo) | HIGH | AWS | |
CC-024 |
No SLSA provenance attestation produced | MEDIUM | CircleCI | |
DF-010 |
apt-get dist-upgrade / upgrade pulls unknown package versions | LOW | Dockerfile | |
DF-022 |
RUN uses npm install instead of npm ci | MEDIUM | Dockerfile | |
DR-021 |
No SLSA provenance attestation produced | MEDIUM | Drone CI | |
ECR-004 |
No lifecycle policy configured | LOW | AWS | |
GAR-003 |
Artifact Registry has no cleanup policy | MEDIUM | GCP | |
GCB-007 |
availableSecrets references versions/latest |
MEDIUM | Cloud Build | 🔧 fix |
GCB-017 |
Image-producing build does not request SLSA provenance | MEDIUM | Cloud Build | |
GCB-018 |
Legacy KMS secrets block in use (prefer availableSecrets / Secret Manager) | MEDIUM | Cloud Build | |
GHA-024 |
No SLSA provenance attestation produced | MEDIUM | GitHub Actions | |
GHA-068 |
runs-on: targets an end-of-life hosted-runner image |
MEDIUM | GitHub Actions | |
GL-024 |
No SLSA provenance attestation produced | MEDIUM | GitLab CI | |
HARNESS-017 |
No SLSA provenance attestation produced | MEDIUM | Harness CI/CD | |
HELM-001 |
Chart.yaml declares legacy apiVersion: v1 | MEDIUM | Helm | 🔧 fix |
HELM-006 |
Chart.yaml does not declare a kubeVersion compatibility range | LOW | Helm | |
HELM-010 |
Chart.yaml appVersion field is empty or missing | LOW | Helm | |
HELM-012 |
Chart marked deprecated without naming a successor | MEDIUM | Helm | |
HELM-013 |
Chart.yaml type field missing or invalid | MEDIUM | Helm | |
JF-028 |
No SLSA provenance attestation produced | MEDIUM | Jenkins | |
OCI-006 |
Image has an excessive layer count | LOW | OCI manifest | |
TKN-011 |
No SLSA provenance attestation produced | MEDIUM | Tekton |
CM-6: Configuration Settings
Evidenced by 197 checks across 28 providers (AWS, Actions run history, Argo CD, Argo Workflows, Azure Cloud, Azure DevOps, Bitbucket, Buildkite, Cargo, CircleCI, Cloud Build, Dockerfile, Drone CI, GCP, GitHub Actions, GitLab CI, GitLab pipeline run history, Go modules, Harness CI/CD, Helm, Jenkins, Kubernetes, NuGet, Pulumi, SCM, SCM org governance, Tekton, npm).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ACR-005 |
Container registry tag immutability (verify per-repository locking) | INFO | Azure Cloud | |
ADO-002 |
Script injection via attacker-controllable context | HIGH | Azure DevOps | |
ADO-011 |
template: <local-path> on PR-validated pipeline |
HIGH | Azure DevOps | |
ADO-012 |
Cache@2 key derives from $(System.PullRequest.*) | MEDIUM | Azure DevOps | |
ADO-013 |
Self-hosted pool without explicit ephemeral marker | MEDIUM | Azure DevOps | |
ADO-015 |
Job has no timeoutInMinutes, unbounded build |
MEDIUM | Azure DevOps | 🔧 fix |
ADO-019 |
extends: template on PR-validated pipeline points to local path |
CRITICAL | Azure DevOps | |
ADO-027 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Azure DevOps | |
ADO-030 |
pool interpolates attacker-controllable value | HIGH | Azure DevOps | 🔧 fix |
ADO-033 |
IaC apply on a PR-validated pipeline | CRITICAL | Azure DevOps | |
ADO-034 |
ML model loaded with trust_remote_code (code execution) | HIGH | Azure DevOps | |
ADO-035 |
Untrusted PR/commit context reaches an agentic AI CLI (prompt injection) | HIGH | Azure DevOps | |
ADO-036 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | Azure DevOps | |
AKV-001 |
Key Vault soft delete not enabled | HIGH | Azure Cloud | |
AKV-002 |
Key Vault purge protection not enabled | HIGH | Azure Cloud | |
ARGO-005 |
Argo input parameter interpolated unsafely in script / args | CRITICAL | Argo Workflows | |
ARGO-017 |
Argo resource template applies a manifest built from an untrusted parameter | CRITICAL | Argo Workflows | |
ARGO-019 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Argo Workflows | |
ARGOCD-012 |
Argo CD AppProject defines no sync windows | MEDIUM | Argo CD | |
AZVM-004 |
Virtual machine automatic OS patching not enabled | MEDIUM | Azure Cloud | |
BB-002 |
Script injection via attacker-controllable context | HIGH | Bitbucket | |
BB-005 |
Step has no max-time, unbounded build |
MEDIUM | Bitbucket | 🔧 fix |
BB-016 |
Self-hosted runner without ephemeral marker | MEDIUM | Bitbucket | |
BB-018 |
Cache key derives from attacker-controllable input | MEDIUM | Bitbucket | |
BB-026 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Bitbucket | |
BB-033 |
IaC apply on a pull-request pipeline | CRITICAL | Bitbucket | |
BB-035 |
ML model loaded with trust_remote_code (code execution) | HIGH | Bitbucket | |
BB-036 |
Untrusted PR/branch context reaches an agentic AI CLI (prompt injection) | HIGH | Bitbucket | |
BB-037 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | Bitbucket | |
BK-003 |
Untrusted Buildkite variable interpolated in command | HIGH | Buildkite | |
BK-015 |
agents map interpolates attacker-controllable Buildkite variable | HIGH | Buildkite | |
BK-016 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Buildkite | |
CARGO-010 |
Cargo.toml lacks an explicit rust-version field | LOW | Cargo | |
CB-002 |
Privileged mode enabled | HIGH | AWS | |
CB-004 |
Build timeout missing or at the AWS maximum (480 min) | LOW | AWS | |
CB-007 |
CodeBuild webhook has no filter group | MEDIUM | AWS | |
CB-010 |
CodeBuild webhook allows fork-PR builds without actor filtering | HIGH | AWS | |
CC-002 |
Script injection via untrusted environment variable | HIGH | CircleCI | |
CC-010 |
Self-hosted runner without ephemeral marker | MEDIUM | CircleCI | |
CC-012 |
Dynamic config via setup: true enables code injection |
MEDIUM | CircleCI | |
CC-014 |
Job missing resource_class declaration |
MEDIUM | CircleCI | |
CC-015 |
No no_output_timeout configured |
MEDIUM | CircleCI | 🔧 fix |
CC-017 |
Docker run with insecure flags (privileged/host mount) | CRITICAL | CircleCI | 🔧 fix |
CC-025 |
Cache key derives from attacker-controllable input | MEDIUM | CircleCI | |
CC-027 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | CircleCI | |
CC-034 |
ML model loaded with trust_remote_code (code execution) | HIGH | CircleCI | |
CC-036 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | CircleCI | |
CC-037 |
Untrusted PR/build context reaches an agentic AI CLI (prompt injection) | HIGH | CircleCI | |
CP-003 |
Source stage using polling instead of event-driven trigger | LOW | AWS | |
CP-007 |
CodePipeline v2 PR trigger accepts all branches | HIGH | AWS | |
DF-002 |
Container runs as root (missing or root USER directive) | HIGH | Dockerfile | 🔧 fix |
DF-005 |
RUN uses shell-eval (eval / sh -c on a variable / backticks) | HIGH | Dockerfile | |
DF-009 |
ADD used where COPY would suffice | LOW | Dockerfile | |
DF-011 |
Package manager install without cache cleanup in same layer | LOW | Dockerfile | |
DF-012 |
RUN invokes sudo | HIGH | Dockerfile | |
DF-014 |
WORKDIR set to a system / kernel filesystem path | CRITICAL | Dockerfile | |
DF-015 |
RUN grants world-writable permissions (chmod 777 / a+w) | MEDIUM | Dockerfile | |
DF-017 |
ENV PATH prepends a world-writable directory | MEDIUM | Dockerfile | 🔧 fix |
DF-018 |
RUN chown rewrites ownership of a system path | MEDIUM | Dockerfile | |
DF-023 |
ENV sets a dynamic-loader hijack variable | HIGH | Dockerfile | |
DF-024 |
RUN npm/yarn/pnpm install runs lifecycle scripts | HIGH | Dockerfile | |
DF-030 |
ENV NODE_OPTIONS preloads code or opens an inspector | MEDIUM | Dockerfile | |
DR-003 |
Untrusted Drone template variable in shell command | HIGH | Drone CI | |
DR-009 |
Cache plugin key embeds an attacker-controllable Drone variable | HIGH | Drone CI | |
DR-011 |
node map interpolates attacker-controllable Drone variable | HIGH | Drone CI | |
DR-017 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Drone CI | |
GCB-005 |
Build timeout unset or excessive | LOW | Cloud Build | 🔧 fix |
GCB-006 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Cloud Build | |
GCB-016 |
Step dir field contains parent-directory escape (..) | MEDIUM | Cloud Build | |
GCB-019 |
Shell entrypoint inlines a user substitution into args | HIGH | Cloud Build | |
GCB-022 |
options.substitutionOption set to ALLOW_LOOSE | LOW | Cloud Build | 🔧 fix |
GCB-023 |
Step references a user substitution not declared in substitutions: | MEDIUM | Cloud Build | |
GCB-026 |
Step waitFor: references an unknown step id | MEDIUM | Cloud Build | |
GCCE-001 |
Compute instance does not have Shielded VM enabled | MEDIUM | GCP | |
GCCE-005 |
Instance does not block project-wide SSH keys | MEDIUM | GCP | |
GCKMS-005 |
KMS key has primary version scheduled for destruction | MEDIUM | GCP | |
GCRUN-003 |
Cloud Run service has zero minimum instances | LOW | GCP | |
GCS-002 |
Bucket does not enforce uniform bucket-level access | MEDIUM | GCP | |
GCS-003 |
Bucket versioning not enabled | MEDIUM | GCP | |
GCSQL-002 |
Cloud SQL instance does not have automated backups enabled | MEDIUM | GCP | |
GCSQL-005 |
Cloud SQL instance does not have point-in-time recovery enabled | MEDIUM | GCP | |
GHA-002 |
pull_request_target checks out PR head | CRITICAL | GitHub Actions | 🔧 fix |
GHA-003 |
Script injection via untrusted context | HIGH | GitHub Actions | 🔧 fix |
GHA-004 |
Workflow permissions block missing or overprovisioned | MEDIUM | GitHub Actions | 🔧 fix |
GHA-010 |
Local action (./path) on untrusted-trigger workflow | HIGH | GitHub Actions | |
GHA-011 |
Cache key derives from attacker-controllable input | MEDIUM | GitHub Actions | |
GHA-012 |
Self-hosted runner without ephemeral marker | MEDIUM | GitHub Actions | |
GHA-013 |
issue_comment trigger without author guard | HIGH | GitHub Actions | |
GHA-015 |
Job has no timeout-minutes, unbounded build |
MEDIUM | GitHub Actions | 🔧 fix |
GHA-026 |
Container job disables isolation via options: |
HIGH | GitHub Actions | |
GHA-027 |
Workflow contains indicators of malicious activity | CRITICAL | GitHub Actions | |
GHA-031 |
Workflow uses retired set-output / save-state command | HIGH | GitHub Actions | 🔧 fix |
GHA-032 |
run: invokes local script on untrusted-trigger workflow | CRITICAL | GitHub Actions | |
GHA-035 |
github-script step interpolates untrusted context | HIGH | GitHub Actions | |
GHA-036 |
runs-on interpolates untrusted context | HIGH | GitHub Actions | 🔧 fix |
GHA-038 |
Workflow re-enables retired ::set-env / ::add-path commands | CRITICAL | GitHub Actions | |
GHA-044 |
Build tool runs lifecycle scripts on untrusted-trigger workflow | HIGH | GitHub Actions | |
GHA-045 |
Caller-controlled ref input feeds actions/checkout | HIGH | GitHub Actions | |
GHA-046 |
Manual PR-head fetch on untrusted-trigger workflow | CRITICAL | GitHub Actions | |
GHA-048 |
Workflow step writes a file under .github/workflows/ | CRITICAL | GitHub Actions | |
GHA-052 |
actions/cache key includes untrusted PR-controllable input | HIGH | GitHub Actions | |
GHA-053 |
if: predicate evaluates attacker-controllable context as expression | HIGH | GitHub Actions | |
GHA-058 |
Agentic CLI invoked with permission-bypass flags | HIGH | GitHub Actions | |
GHA-092 |
PR head SHA captured then re-fetched (force-push race) | HIGH | GitHub Actions | |
GHA-097 |
Recursive PR auto-merge loop | HIGH | GitHub Actions | |
GHA-102 |
actions/checkout with submodule fetch on a PR trigger |
HIGH | GitHub Actions | |
GHA-103 |
AI code-review bot on untrusted trigger without environment gate | CRITICAL | GitHub Actions | |
GHA-104 |
AI agent generates and pushes commits without PR review | HIGH | GitHub Actions | |
GHA-105 |
Self-hosted runner reachable from an untrusted PR trigger | HIGH | GitHub Actions | |
GHA-107 |
harden-runner runs in audit mode (egress not blocked) | MEDIUM | GitHub Actions | |
GHA-108 |
Sensitive workflow has no runtime egress control | LOW | GitHub Actions | |
GHA-109 |
harden-runner is not the first step in the job | LOW | GitHub Actions | |
GHA-117 |
IaC apply on an untrusted pull_request trigger | CRITICAL | GitHub Actions | |
GHA-118 |
Untrusted content written to $GITHUB_ENV / $GITHUB_PATH | HIGH | GitHub Actions | |
GHA-119 |
Untrusted context reaches an agentic AI CLI (prompt injection) | HIGH | GitHub Actions | |
GHA-120 |
ML model loaded with trust_remote_code (code execution) | HIGH | GitHub Actions | |
GHA-122 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | GitHub Actions | |
GL-002 |
Script injection via untrusted commit/MR context | HIGH | GitLab CI | |
GL-005 |
include: pulls remote / project without pinned ref | HIGH | GitLab CI | |
GL-011 |
include: local file pulled in MR-triggered pipeline | HIGH | GitLab CI | |
GL-012 |
Cache key derives from MR-controlled CI variable | MEDIUM | GitLab CI | |
GL-014 |
Self-managed runner without ephemeral tag | MEDIUM | GitLab CI | |
GL-015 |
Job has no timeout, unbounded build |
MEDIUM | GitLab CI | 🔧 fix |
GL-017 |
Docker run with insecure flags (privileged/host mount) | CRITICAL | GitLab CI | 🔧 fix |
GL-026 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | GitLab CI | |
GL-032 |
tags: interpolates untrusted CI variable | HIGH | GitLab CI | 🔧 fix |
GL-033 |
Global before_script / after_script propagates taint to every job | HIGH | GitLab CI | |
GL-039 |
Docker-in-Docker service exposes an unauthenticated daemon | HIGH | GitLab CI | |
GL-041 |
IaC apply on an untrusted merge-request trigger | CRITICAL | GitLab CI | |
GL-042 |
include: component pulls a CI/CD component without a pinned version | HIGH | GitLab CI | |
GL-045 |
ML model loaded with trust_remote_code (code execution) | HIGH | GitLab CI | |
GL-047 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | GitLab CI | |
GL-048 |
Untrusted MR/commit context reaches an agentic AI CLI (prompt injection) | HIGH | GitLab CI | |
GLRUN-001 |
Merge-request pipeline exercised in run history | MEDIUM | GitLab pipeline run history | |
GLRUN-002 |
Fork merge-request pipeline executed in run history | HIGH | GitLab pipeline run history | |
GLRUN-003 |
Secret leaked in a fork pipeline's job trace | HIGH | GitLab pipeline run history | |
GLRUN-004 |
Fork pipeline minted a cloud OIDC token | HIGH | GitLab pipeline run history | |
GLRUN-005 |
Fork pipeline ran on a self-managed runner | HIGH | GitLab pipeline run history | |
GOMOD-005 |
go.mod does not declare a minimum Go toolchain version | LOW | Go modules | |
HARNESS-002 |
Untrusted Harness expression interpolated into a step command | HIGH | Harness CI/CD | |
HARNESS-008 |
Untrusted context reaches an agentic AI CLI (prompt injection) | HIGH | Harness CI/CD | |
HARNESS-010 |
ML model loaded with trust_remote_code (code execution) | HIGH | Harness CI/CD | |
HARNESS-011 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | Harness CI/CD | |
HARNESS-014 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Harness CI/CD | |
HELM-006 |
Chart.yaml does not declare a kubeVersion compatibility range | LOW | Helm | |
JF-002 |
Script step interpolates attacker-controllable env var | HIGH | Jenkins | |
JF-003 |
Pipeline uses agent any (no executor isolation) |
MEDIUM | Jenkins | |
JF-014 |
Agent label missing ephemeral marker | MEDIUM | Jenkins | |
JF-015 |
Pipeline has no timeout wrapper, unbounded build |
MEDIUM | Jenkins | 🔧 fix |
JF-019 |
Groovy sandbox escape pattern detected | CRITICAL | Jenkins | |
JF-030 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Jenkins | |
JF-032 |
Agent label interpolates attacker-controllable value | HIGH | Jenkins | 🔧 fix |
JF-036 |
Script step interpolates a build parameter (params.*) | HIGH | Jenkins | |
JF-037 |
Untrusted PR/build context reaches an agentic AI CLI (prompt injection) | HIGH | Jenkins | |
JF-039 |
ML model loaded with trust_remote_code (code execution) | HIGH | Jenkins | |
JF-041 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | Jenkins | |
K8S-005 |
Container securityContext.privileged: true | CRITICAL | Kubernetes | 🔧 fix |
K8S-006 |
Container allowPrivilegeEscalation not explicitly false | HIGH | Kubernetes | 🔧 fix |
K8S-007 |
Container runAsNonRoot not true / runAsUser is 0 | HIGH | Kubernetes | 🔧 fix |
K8S-008 |
Container readOnlyRootFilesystem not true | MEDIUM | Kubernetes | 🔧 fix |
K8S-010 |
Container seccompProfile not RuntimeDefault or Localhost | MEDIUM | Kubernetes | |
K8S-015 |
Container missing resources.limits.memory | MEDIUM | Kubernetes | |
K8S-016 |
Container missing resources.limits.cpu | LOW | Kubernetes | |
K8S-019 |
Workload deployed in the 'default' namespace | LOW | Kubernetes | |
K8S-023 |
Namespace missing Pod Security Admission enforcement label | HIGH | Kubernetes | |
K8S-031 |
Namespace missing PSA warn label | LOW | Kubernetes | |
K8S-033 |
Namespace lacks ResourceQuota or LimitRange | MEDIUM | Kubernetes | |
K8S-035 |
Container securityContext.runAsUser is 0 | HIGH | Kubernetes | |
K8S-039 |
Pod uses shareProcessNamespace: true | MEDIUM | Kubernetes | |
K8S-040 |
Container securityContext.procMount: Unmasked | HIGH | Kubernetes | |
K8S-043 |
Ingress rule has wildcard or missing host (catch-all) | MEDIUM | Kubernetes | |
K8S-044 |
Admission webhook fails open or mutates cluster-wide unscoped | HIGH | Kubernetes | |
NPM-004 |
package.json declares an install-time lifecycle script | HIGH | npm | |
NPM-007 |
.npmrc does not disable install-time lifecycle scripts | HIGH | npm | |
NUGET-015 |
PackageReference VersionOverride defeats Central Package Management | MEDIUM | NuGet | |
ORG-009 |
Organization self-hosted runner group is available to public repositories | HIGH | SCM org governance | |
ORG-013 |
Organization ruleset is in evaluate / disabled mode (not enforced) | MEDIUM | SCM org governance | |
PULUMI-009 |
Pulumi.yaml runtime does not match any source file | MEDIUM | Pulumi | |
PULUMI-012 |
Pulumi plugin version unpinned or floating | MEDIUM | Pulumi | |
RUN-001 |
Fork PR executed on a privileged trigger | HIGH | Actions run history | |
RUN-002 |
Privileged trigger exercised in run history | MEDIUM | Actions run history | |
RUN-003 |
Secret leaked in workflow run logs | HIGH | Actions run history | |
RUN-004 |
Fork PR run minted a cloud OIDC token | HIGH | Actions run history | |
RUN-005 |
Fork PR run executed on a self-hosted runner | HIGH | Actions run history | |
SCM-024 |
Deployment environment can deploy from any branch | MEDIUM | SCM | |
SCM-029 |
Repository ruleset is in evaluate / disabled mode (not enforced) | MEDIUM | SCM | |
TAINT-001 |
Untrusted input flows across step boundaries via step outputs | HIGH | GitHub Actions | |
TAINT-002 |
Untrusted input flows across jobs via jobs.<id>.outputs: |
HIGH | GitHub Actions | |
TAINT-003 |
Untrusted input forwarded into reusable workflow with: |
HIGH | GitHub Actions | |
TAINT-004 |
Untrusted input flows across jobs via dotenv artifact | HIGH | GitLab CI | |
TAINT-005 |
Untrusted input flows across steps via buildkite-agent meta-data |
HIGH | Buildkite | |
TAINT-006 |
Untrusted input flows across tasks via Tekton results |
HIGH | Tekton | |
TAINT-007 |
Untrusted input flows across templates via Argo outputs.parameters |
HIGH | Argo Workflows | |
TAINT-008 |
Untrusted input flows via GitLab extends: template inheritance |
HIGH | GitLab CI | |
TKN-003 |
Tekton param interpolated unsafely in step script | CRITICAL | Tekton | |
TKN-015 |
Workspace subPath interpolates a Task parameter (path traversal) | HIGH | Tekton | |
TKN-018 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Tekton |
CM-7: Least Functionality
Evidenced by 135 checks across 31 providers (AWS, Argo CD, Argo Workflows, Azure Cloud, Azure DevOps, Bitbucket, Buildkite, Cargo, CircleCI, Composer, Developer environment, Dockerfile, Drone CI, GCP, GitHub Actions, GitLab CI, Go modules, Harness CI/CD, Helm, Jenkins, Kubernetes, NuGet, OCI manifest, Pulumi, PyPI, RubyGems, SCM, SCM org governance, Tekton, maven, npm).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-013 |
Self-hosted pool without explicit ephemeral marker | MEDIUM | Azure DevOps | |
ADO-017 |
Docker run with insecure flags (privileged/host mount) | CRITICAL | Azure DevOps | 🔧 fix |
ARGO-002 |
Argo template container runs privileged or as root | HIGH | Argo Workflows | |
ARGOCD-010 |
Argo CD Application targetRevision uses a mutable ref | HIGH | Argo CD | |
ARGOCD-011 |
Argo CD AppProject cluster-resource whitelist is wide open | HIGH | Argo CD | |
ARGOCD-016 |
Application Helm valueFiles fetched from a remote URL | HIGH | Argo CD | |
ARGOCD-017 |
Argo CD in-cluster Application deploys from a mutable source | HIGH | Argo CD | |
ARGOCD-018 |
argocd-cm ships custom resource health / action Lua | MEDIUM | Argo CD | |
ARGOCD-019 |
Argo CD Application disables drift detection on a sensitive field | HIGH | Argo CD | |
AZAPP-004 |
App Service has remote debugging enabled | HIGH | Azure Cloud | |
AZAPP-005 |
App Service FTP access not disabled | MEDIUM | Azure Cloud | |
AZNW-005 |
Public IP address associated with a VM NIC | HIGH | Azure Cloud | |
AZVM-002 |
Virtual machine has a public IP address | HIGH | Azure Cloud | |
BB-013 |
Docker run with insecure flags (privileged/host mount) | CRITICAL | Bitbucket | 🔧 fix |
BB-016 |
Self-hosted runner without ephemeral marker | MEDIUM | Bitbucket | |
BK-005 |
Container started with --privileged or host-bind escalation | HIGH | Buildkite | 🔧 fix |
CARGO-001 |
Cargo.toml dependency uses a floating version spec | MEDIUM | Cargo | |
CARGO-002 |
Cargo.toml git dependency uses a mutable ref (no rev) | HIGH | Cargo | |
CARGO-003 |
Cargo.toml present without a sibling Cargo.lock | HIGH | Cargo | |
CARGO-004 |
Cargo.toml dependency is a local-path entry | MEDIUM | Cargo | |
CARGO-005 |
Cargo.toml dependency sourced from an alternate registry | HIGH | Cargo | |
CARGO-007 |
[build-dependencies] entry uses a floating version spec | HIGH | Cargo | |
CARGO-008 |
Cargo.toml [patch.crates-io] substitutes a different crate | HIGH | Cargo | |
CARGO-009 |
[workspace.dependencies] entry uses a floating version spec | MEDIUM | Cargo | |
CARGO-011 |
build.rs runs network or process calls at compile time | HIGH | Cargo | |
CARGO-012 |
.cargo/config.toml overrides the registry source or injects build flags | HIGH | Cargo | |
CARGO-013 |
Cargo.lock package sourced off crates.io | MEDIUM | Cargo | |
CARGO-014 |
No supply-chain audit-gate config (cargo-deny / cargo-vet / cargo-audit) | LOW | Cargo | |
CB-002 |
Privileged mode enabled | HIGH | AWS | |
CB-007 |
CodeBuild webhook has no filter group | MEDIUM | AWS | |
CC-010 |
Self-hosted runner without ephemeral marker | MEDIUM | CircleCI | |
CC-017 |
Docker run with insecure flags (privileged/host mount) | CRITICAL | CircleCI | 🔧 fix |
CC-033 |
Job disables Go module checksum / sum-db verification | HIGH | CircleCI | |
COMPOSER-002 |
composer.json require uses a floating version constraint | MEDIUM | Composer | |
COMPOSER-005 |
composer.json minimum-stability accepts unstable releases | MEDIUM | Composer | |
COMPOSER-006 |
composer.json scripts hook pipes a remote download to a shell | HIGH | Composer | |
COMPOSER-008 |
composer.json allow-plugins permits any plugin to execute | HIGH | Composer | |
COMPOSER-014 |
composer.json minimum-stability lowered without prefer-stable | MEDIUM | Composer | |
DEV-001 |
VS Code task runs automatically on folder open | LOW | Developer environment | |
DEV-002 |
Devcontainer lifecycle command runs automatically | LOW | Developer environment | |
DEV-003 |
Committed Claude Code hook runs a shell command | MEDIUM | Developer environment | |
DEV-004 |
Auto-run command fetches and executes remote code | CRITICAL | Developer environment | |
DEV-005 |
Devcontainer initializeCommand runs unsandboxed on the host | HIGH | Developer environment | |
DEV-006 |
VS Code settings point a tool at a repo-local binary | HIGH | Developer environment | |
DEV-007 |
Committed MCP config auto-launches a local command server | MEDIUM | Developer environment | |
DF-008 |
RUN invokes docker --privileged or escalates capabilities | HIGH | Dockerfile | |
DF-013 |
EXPOSE declares sensitive remote-access port | CRITICAL | Dockerfile | 🔧 fix |
DF-024 |
RUN npm/yarn/pnpm install runs lifecycle scripts | HIGH | Dockerfile | |
DF-030 |
ENV NODE_OPTIONS preloads code or opens an inspector | MEDIUM | Dockerfile | |
DR-002 |
Step runs with privileged: true | HIGH | Drone CI | |
DR-013 |
Pipeline defines no trigger event filter | MEDIUM | Drone CI | |
DR-014 |
Step pipes a remote download into a shell interpreter | HIGH | Drone CI | 🔧 fix |
DR-015 |
Pipeline clone enables recursive submodule cloning | MEDIUM | Drone CI | |
DR-016 |
Step image: field carries a Drone template substitution | HIGH | Drone CI | |
GCCE-003 |
Compute instance has serial port access enabled | MEDIUM | GCP | |
GCCE-004 |
Compute instance has an external IP address | HIGH | GCP | |
GCNET-001 |
Default VPC network exists in project | MEDIUM | GCP | |
GCNET-004 |
Subnet does not have Private Google Access enabled | MEDIUM | GCP | |
GCNET-005 |
No Cloud NAT gateway configured | LOW | GCP | |
GCRUN-004 |
Cloud Run service does not use a VPC connector | MEDIUM | GCP | |
GEM-002 |
Gemfile gem entry uses a floating version constraint | MEDIUM | RubyGems | |
GEM-005 |
Gemfile gem with git: / github: source missing a ref SHA pin | HIGH | RubyGems | |
GEM-007 |
Gemfile declares multiple top-level sources without scoping | MEDIUM | RubyGems | |
GEM-008 |
Gemfile gem declared with a path: source | HIGH | RubyGems | |
GEM-010 |
Gemfile uses dynamic gem-list resolution | MEDIUM | RubyGems | |
GEM-011 |
Gemfile registers a Bundler plugin that runs at install time | HIGH | RubyGems | |
GEM-012 |
Gemfile gem pinned to a per-gem :source | MEDIUM | RubyGems | |
GEM-013 |
Gemfile git gem fetched over an insecure transport | HIGH | RubyGems | |
GHA-004 |
Workflow permissions block missing or overprovisioned | MEDIUM | GitHub Actions | 🔧 fix |
GHA-012 |
Self-hosted runner without ephemeral marker | MEDIUM | GitHub Actions | |
GHA-026 |
Container job disables isolation via options: |
HIGH | GitHub Actions | |
GHA-069 |
id-token: write granted without an OIDC-consumer step |
MEDIUM | GitHub Actions | |
GHA-073 |
Reusable workflow declares an unused workflow_call secret |
MEDIUM | GitHub Actions | |
GHA-105 |
Self-hosted runner reachable from an untrusted PR trigger | HIGH | GitHub Actions | |
GHA-107 |
harden-runner runs in audit mode (egress not blocked) | MEDIUM | GitHub Actions | |
GHA-108 |
Sensitive workflow has no runtime egress control | LOW | GitHub Actions | |
GHA-109 |
harden-runner is not the first step in the job | LOW | GitHub Actions | |
GHA-110 |
Workflow disables Go module checksum / sum-db verification | HIGH | GitHub Actions | |
GHA-112 |
Self-hosted deploy job not gated by a protected environment | HIGH | GitHub Actions | |
GHA-115 |
id-token: write granted workflow-wide instead of job-scoped |
MEDIUM | GitHub Actions | |
GL-014 |
Self-managed runner without ephemeral tag | MEDIUM | GitLab CI | |
GL-017 |
Docker run with insecure flags (privileged/host mount) | CRITICAL | GitLab CI | 🔧 fix |
GL-037 |
Pipeline disables Go module checksum / sum-db verification | HIGH | GitLab CI | |
GL-039 |
Docker-in-Docker service exposes an unauthenticated daemon | HIGH | GitLab CI | |
GOMOD-001 |
go.mod present without sibling go.sum integrity manifest | HIGH | Go modules | |
GOMOD-002 |
go.mod replace directive points to a local filesystem path | HIGH | Go modules | |
GOMOD-003 |
go.mod replace directive substitutes a different module | HIGH | Go modules | |
GOMOD-007 |
vendor/modules.txt missing or stale relative to go.mod | HIGH | Go modules | |
GOMOD-008 |
go.mod replace directive points to a module without a version pin | MEDIUM | Go modules | |
GOMOD-009 |
Direct require uses a pre-release version | MEDIUM | Go modules | |
GOMOD-010 |
go.mod exclude directive masks an upstream version | MEDIUM | Go modules | |
GOMOD-011 |
go.mod tool directive pulls an executable build dependency | MEDIUM | Go modules | |
GOMOD-012 |
go.mod require / replace targets an insecure or non-canonical host | HIGH | Go modules | |
HARNESS-003 |
Step runs with privileged: true | HIGH | Harness CI/CD | |
HARNESS-005 |
Step pipes a remote download into a shell interpreter | HIGH | Harness CI/CD | 🔧 fix |
HELM-015 |
OCI chart dependency pinned only by a mutable tag | HIGH | Helm | |
HELM-017 |
Template renders an untrusted value through tpl | HIGH | Helm | |
JF-014 |
Agent label missing ephemeral marker | MEDIUM | Jenkins | |
JF-017 |
Docker run with insecure flags (privileged/host mount) | CRITICAL | Jenkins | 🔧 fix |
JF-025 |
Kubernetes agent pod template runs privileged or mounts hostPath | HIGH | Jenkins | |
K8S-002 |
Pod hostNetwork: true | HIGH | Kubernetes | 🔧 fix |
K8S-003 |
Pod hostPID: true | HIGH | Kubernetes | 🔧 fix |
K8S-004 |
Pod hostIPC: true | HIGH | Kubernetes | 🔧 fix |
K8S-005 |
Container securityContext.privileged: true | CRITICAL | Kubernetes | 🔧 fix |
K8S-009 |
Container capabilities not dropping ALL / adding dangerous caps | HIGH | Kubernetes | |
K8S-012 |
Pod automountServiceAccountToken not false | MEDIUM | Kubernetes | |
K8S-021 |
Role or ClusterRole grants wildcard verbs+resources | HIGH | Kubernetes | |
K8S-022 |
Service exposes SSH (port 22) | MEDIUM | Kubernetes | |
K8S-025 |
System priority class used outside kube-system | HIGH | Kubernetes | |
K8S-028 |
Container declares hostPort | MEDIUM | Kubernetes | 🔧 fix |
K8S-030 |
Workload schedules onto a control-plane node | HIGH | Kubernetes | 🔧 fix |
MVN-012 |
pom.xml build plugin uses a floating version | HIGH | maven | |
MVN-013 |
pom.xml build extension uses a floating version | HIGH | maven | |
MVN-014 |
Maven Wrapper distributionUrl lacks distributionSha256Sum | MEDIUM | maven | |
MVN-015 |
pom.xml binds a build-time code-execution plugin to the lifecycle | HIGH | maven | |
MVN-016 |
build.gradle re-enables HTTP via allowInsecureProtocol = true | HIGH | maven | |
MVN-018 |
distributionManagement release repository accepts SNAPSHOTs | MEDIUM | maven | |
NPM-004 |
package.json declares an install-time lifecycle script | HIGH | npm | |
NPM-007 |
.npmrc does not disable install-time lifecycle scripts | HIGH | npm | |
NUGET-011 |
packageSourceMapping pattern is a global wildcard | HIGH | NuGet | |
NUGET-013 |
dotnet-tools.json entry lacks a version pin | HIGH | NuGet | |
NUGET-016 |
Private feed without |
HIGH | NuGet | |
NUGET-017 |
Public gallery active alongside a private feed, not disabled | HIGH | NuGet | |
NUGET-018 |
Project runs build-time MSBuild logic at restore/build | HIGH | NuGet | |
OCI-006 |
Image has an excessive layer count | LOW | OCI manifest | |
ORG-009 |
Organization self-hosted runner group is available to public repositories | HIGH | SCM org governance | |
PULUMI-006 |
Pulumi source uses StackReference without project/org guard | MEDIUM | Pulumi | |
PULUMI-008 |
Pulumi source spawns a shell with non-constant input | HIGH | Pulumi | |
PULUMI-013 |
Pulumi dynamic provider runs arbitrary code at deploy time | HIGH | Pulumi | |
PULUMI-014 |
ESC environment imported without a project / org qualifier | MEDIUM | Pulumi | |
PYPI-012 |
pyproject.toml [build-system].requires uses floating versions | HIGH | PyPI | |
PYPI-013 |
pyproject.toml defers dependency resolution via dynamic | MEDIUM | PyPI | |
SCM-022 |
Repo Actions permissions allow any source (no allow-list) | MEDIUM | SCM | |
TKN-002 |
Tekton step runs privileged or as root | HIGH | Tekton | |
TKN-013 |
Tekton sidecar runs privileged or as root | HIGH | Tekton |
CM-8: System Component Inventory
Evidenced by 29 checks across 19 providers (AWS, Argo Workflows, Azure Cloud, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, Composer, Dockerfile, Drone CI, GCP, GitHub Actions, GitLab CI, Harness CI/CD, Jenkins, OCI manifest, RubyGems, Tekton).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-007 |
SBOM not produced | MEDIUM | Azure DevOps | |
ARGO-010 |
No SBOM generated for build artifacts | MEDIUM | Argo Workflows | |
ATTEST-003 |
SBOM contains floating-version dependencies | MEDIUM | OCI manifest | |
ATTEST-004 |
SLSA provenance ships without a resolved-dependencies set | MEDIUM | OCI manifest | |
ATTEST-006 |
SLSA provenance lacks a meaningful buildType | MEDIUM | OCI manifest | |
ATTEST-007 |
SBOM packages lack supplier / originator attribution | LOW | OCI manifest | |
AZST-005 |
Storage account blob lifecycle policy should be reviewed | LOW | Azure Cloud | |
BB-007 |
SBOM not produced | MEDIUM | Bitbucket | |
BK-010 |
No SBOM generated for build artifacts | MEDIUM | Buildkite | |
CC-007 |
SBOM not produced (no CycloneDX/syft/Trivy-SBOM step) | MEDIUM | CircleCI | |
COMPOSER-001 |
composer.json present without a sibling composer.lock | HIGH | Composer | |
DF-016 |
Image lacks OCI provenance labels | LOW | Dockerfile | |
DR-020 |
No SBOM produced (no syft / cyclonedx step) | MEDIUM | Drone CI | |
ECR-002 |
Image tags are mutable | HIGH | AWS | |
ECR-004 |
No lifecycle policy configured | LOW | AWS | |
GAR-003 |
Artifact Registry has no cleanup policy | MEDIUM | GCP | |
GCB-015 |
SBOM not produced (no CycloneDX / syft / Trivy-SBOM step) | MEDIUM | Cloud Build | |
GCB-024 |
Build pushes Docker images but top-level images: is empty | LOW | Cloud Build | |
GEM-001 |
Gemfile present without a sibling Gemfile.lock | HIGH | RubyGems | |
GHA-007 |
SBOM not produced (no CycloneDX/syft/Trivy-SBOM step) | MEDIUM | GitHub Actions | |
GL-007 |
SBOM not produced | MEDIUM | GitLab CI | |
HARNESS-016 |
No SBOM produced (no syft / cyclonedx step) | MEDIUM | Harness CI/CD | |
JF-007 |
SBOM not produced | MEDIUM | Jenkins | |
JF-027 |
archiveArtifacts does not record a fingerprint |
LOW | Jenkins | |
OCI-001 |
Image manifest is missing OCI provenance annotations | MEDIUM | OCI manifest | |
OCI-003 |
Image manifest is missing the image.created annotation |
LOW | OCI manifest | |
OCI-005 |
Image manifest is missing the image.licenses annotation |
LOW | OCI manifest | |
OCI-009 |
Image manifest is missing OCI base-image annotations | MEDIUM | OCI manifest | |
TKN-010 |
No SBOM generated for build artifacts | MEDIUM | Tekton |
IA-5: Authenticator Management
Evidenced by 144 checks across 31 providers (AWS, Argo Workflows, Azure Cloud, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, CloudFormation, Composer, Developer environment, Dockerfile, Drone CI, GCP, GitHub Actions, GitLab CI, GitLab group governance, Harness CI/CD, Helm, Jenkins, Kubernetes, NuGet, Pulumi, PyPI, RubyGems, SCM, SCM org governance, Tekton, Terraform, maven, npm).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ACR-001 |
Container registry admin user enabled | HIGH | Azure Cloud | |
ADO-003 |
Variables contain literal secret values | CRITICAL | Azure DevOps | |
ADO-008 |
Credential-shaped literal in pipeline body | CRITICAL | Azure DevOps | 🔧 fix |
ADO-014 |
AWS auth uses long-lived access keys | MEDIUM | Azure DevOps | 🔧 fix |
ADO-031 |
Secret variable echoed / printed in a script step | HIGH | Azure DevOps | |
ADO-032 |
checkout persistCredentials leaves the pipeline token in .git/config | HIGH | Azure DevOps | |
AKV-004 |
Key Vault key has no expiration date | MEDIUM | Azure Cloud | |
AKV-005 |
Key Vault secret has no expiration date | MEDIUM | Azure Cloud | |
ARGO-006 |
Literal secret value in Argo template env or parameter default | CRITICAL | Argo Workflows | 🔧 fix |
ARGO-013 |
Argo workflow does not opt out of SA token automount | MEDIUM | Argo Workflows | |
ARGO-018 |
Secret-named variable echoed / printed in a template script | HIGH | Argo Workflows | |
AZAPP-003 |
App Service does not use a managed identity | MEDIUM | Azure Cloud | |
AZVM-005 |
Virtual machine does not use a managed identity | MEDIUM | Azure Cloud | |
BB-003 |
Variables contain literal secret values | CRITICAL | Bitbucket | |
BB-008 |
Credential-shaped literal in pipeline body | CRITICAL | Bitbucket | 🔧 fix |
BB-011 |
AWS auth uses long-lived access keys | MEDIUM | Bitbucket | 🔧 fix |
BB-017 |
Repository token written to persistent storage | CRITICAL | Bitbucket | 🔧 fix |
BB-019 |
after-script references secrets | HIGH | Bitbucket | |
BB-020 |
Full clone depth exposes complete history | LOW | Bitbucket | |
BB-028 |
OIDC step without deployment-gated environment | HIGH | Bitbucket | |
BB-032 |
Secret-named variable echoed / printed in a script block | HIGH | Bitbucket | |
BK-002 |
Literal secret value in pipeline env block | CRITICAL | Buildkite | 🔧 fix |
BK-017 |
Secret-named variable echoed / printed in a step command | HIGH | Buildkite | |
CB-001 |
Secrets in plaintext environment variables | CRITICAL | AWS | |
CB-006 |
CodeBuild source auth uses long-lived token | HIGH | AWS | |
CB-008 |
CodeBuild buildspec is inline (not sourced from a protected repo) | HIGH | AWS | |
CC-004 |
Secret-like environment variable not managed via context | MEDIUM | CircleCI | |
CC-005 |
AWS auth uses long-lived access keys in environment block | MEDIUM | CircleCI | 🔧 fix |
CC-008 |
Credential-shaped literal in config body | CRITICAL | CircleCI | 🔧 fix |
CC-019 |
add_ssh_keys without fingerprint restriction |
HIGH | CircleCI | |
CC-031 |
OIDC role assumption without branch filter or approval gate | HIGH | CircleCI | |
CC-032 |
Secret-named variable echoed / printed in a run step | HIGH | CircleCI | |
CF-001 |
Template declares AWS::IAM::AccessKey (long-lived credential) | CRITICAL | CloudFormation | |
CF-002 |
Stateful data-store resource carries a plaintext secret | CRITICAL | CloudFormation | |
COMPOSER-004 |
composer.json repository URL embeds plaintext credentials | HIGH | Composer | |
COMPOSER-009 |
auth.json committed alongside composer.json with literal credentials | HIGH | Composer | |
CP-004 |
Legacy ThirdParty/GitHub source action (OAuth token) | HIGH | AWS | |
DEV-008 |
Credential-shaped literal in a developer-environment config | CRITICAL | Developer environment | |
DF-006 |
ENV or ARG carries a credential-shaped literal value | CRITICAL | Dockerfile | |
DF-019 |
COPY/ADD source path looks like a credential file | HIGH | Dockerfile | 🔧 fix |
DF-020 |
ARG declares a credential-named build argument | HIGH | Dockerfile | 🔧 fix |
DF-025 |
RUN writes a registry auth token into a Docker layer | CRITICAL | Dockerfile | |
DR-004 |
Literal credential in step environment / settings | CRITICAL | Drone CI | |
DR-018 |
Secret-named variable echoed / printed in a step command | HIGH | Drone CI | |
ENTRA-002 |
App registration credential valid beyond 180 days | HIGH | Azure Cloud | |
ENTRA-003 |
Service principal uses password credential | HIGH | Azure Cloud | |
ENTRA-004 |
No Conditional Access policy requiring MFA for admins | HIGH | Azure Cloud | |
GCB-003 |
Secret Manager value referenced in step args | HIGH | Cloud Build | |
GCB-012 |
Credential-shaped literal in pipeline body | CRITICAL | Cloud Build | 🔧 fix |
GCB-018 |
Legacy KMS secrets block in use (prefer availableSecrets / Secret Manager) | MEDIUM | Cloud Build | |
GCB-028 |
Secret-named variable echoed / printed in a build step | HIGH | Cloud Build | |
GCCE-002 |
Compute instance does not have OS Login enabled | MEDIUM | GCP | |
GCIAM-002 |
Service account has user-managed key | HIGH | GCP | |
GCIAM-006 |
Service account key older than 90 days | HIGH | GCP | |
GEM-004 |
Gemfile source URL embeds plaintext credentials | HIGH | RubyGems | |
GEM-009 |
.bundle/config committed with embedded credentials | HIGH | RubyGems | |
GHA-005 |
AWS auth uses long-lived access keys | MEDIUM | GitHub Actions | 🔧 fix |
GHA-008 |
Credential-shaped literal in workflow body | CRITICAL | GitHub Actions | 🔧 fix |
GHA-018 |
Package install from insecure source | HIGH | GitHub Actions | 🔧 fix |
GHA-030 |
OIDC token requested without environment-protected job | HIGH | GitHub Actions | |
GHA-033 |
Secret value echoed / printed in a run: block | CRITICAL | GitHub Actions | |
GHA-034 |
Reusable workflow called with secrets: inherit | MEDIUM | GitHub Actions | 🔧 fix |
GHA-037 |
actions/checkout persists GITHUB_TOKEN into .git/config | HIGH | GitHub Actions | 🔧 fix |
GHA-039 |
services / container credentials embedded as literal in workflow | CRITICAL | GitHub Actions | |
GHA-049 |
Workflow step makes a privileged git write (cross-repo or actions[bot] bypass) | HIGH | GitHub Actions | |
GHA-050 |
Publish step relies on long-lived registry token | HIGH | GitHub Actions | |
GHA-054 |
actions/checkout with ssh-key persists SSH credential in repo | HIGH | GitHub Actions | 🔧 fix |
GHA-055 |
Reusable workflow outputs derive a secret or caller-input value | HIGH | GitHub Actions | |
GHA-057 |
Secret-scanner output sent to network egress | CRITICAL | GitHub Actions | |
GHA-061 |
GitHub App token minted without a permissions: filter |
MEDIUM | GitHub Actions | |
GHA-066 |
actions/upload-artifact path is a workspace wildcard |
HIGH | GitHub Actions | |
GHA-067 |
actions/cache writes credential-shaped paths |
HIGH | GitHub Actions | |
GHA-070 |
ssh-keyscan / disabled host-key check trust-on-first-use |
HIGH | GitHub Actions | |
GHA-072 |
Secret in env: at a wider scope than its consumer | HIGH | GitHub Actions | |
GHA-073 |
Reusable workflow declares an unused workflow_call secret |
MEDIUM | GitHub Actions | |
GHA-087 |
Derived value of a secret printed to the build log | HIGH | GitHub Actions | |
GHA-093 |
Living-off-the-Pipeline indicators (workflow-command abuse) | HIGH | GitHub Actions | |
GHA-099 |
Deployment job has a secret-shaped plaintext env var | CRITICAL | GitHub Actions | |
GHA-106 |
AI agent CLI runs with a write-scoped GITHUB_TOKEN | HIGH | GitHub Actions | |
GHA-111 |
AI agent generates IaC applied to the cloud in the same job | HIGH | GitHub Actions | |
GHA-113 |
OIDC trusted-publishing job without an environment gate | HIGH | GitHub Actions | |
GHA-114 |
Package-publish workflow runs on an unrestricted push trigger | HIGH | GitHub Actions | |
GHA-116 |
Workflow serializes the entire secrets context (toJSON(secrets)) | HIGH | GitHub Actions | |
GL-003 |
Variables contain literal secret values | CRITICAL | GitLab CI | |
GL-008 |
Credential-shaped literal in pipeline body | CRITICAL | GitLab CI | 🔧 fix |
GL-013 |
AWS auth uses long-lived access keys | MEDIUM | GitLab CI | 🔧 fix |
GL-020 |
CI_JOB_TOKEN written to persistent storage | CRITICAL | GitLab CI | 🔧 fix |
GL-031 |
id_tokens: missing audience pin or environment binding | HIGH | GitLab CI | |
GL-036 |
Secret-named variable echoed / printed in a script block | HIGH | GitLab CI | |
GL-038 |
CI_DEBUG_TRACE / debug logging dumps secrets to the job log | HIGH | GitLab CI | |
GL-040 |
CI_JOB_TOKEN used for cross-project / remote access | HIGH | GitLab CI | |
GL-050 |
Package-publish job relies on a long-lived registry token | HIGH | GitLab CI | |
GLGRP-001 |
GitLab group does not require two-factor authentication | HIGH | GitLab group governance | |
GLGRP-006 |
GitLab group CI/CD variable exposes a secret with a weak control | HIGH | GitLab group governance | |
HARNESS-004 |
Literal credential in a pipeline / stage variable | CRITICAL | Harness CI/CD | 🔧 fix |
HARNESS-013 |
Secret-named variable echoed / printed in a step command | HIGH | Harness CI/CD | |
HELM-011 |
Chart dependency repository URL embeds plaintext credentials | HIGH | Helm | |
HELM-016 |
values.yaml ships a default secret or credential | HIGH | Helm | |
IAM-007 |
IAM user has access key older than 90 days | HIGH | AWS | |
IAM-008 |
OIDC-federated role trust policy missing audience or subject pin | HIGH | AWS | |
IAM-009 |
Azure federated identity credential trusts a broad GitHub subject | HIGH | Terraform | |
IAM-010 |
GCP workload identity provider has no repository attribute condition | HIGH | Terraform | |
JF-004 |
AWS auth uses long-lived access keys via withCredentials | MEDIUM | Jenkins | 🔧 fix |
JF-008 |
Credential-shaped literal in pipeline body | CRITICAL | Jenkins | 🔧 fix |
JF-010 |
Long-lived AWS keys exposed via environment {} block | HIGH | Jenkins | 🔧 fix |
JF-033 |
withCredentials secret leaked via Groovy ${...} interpolation in sh step | HIGH | Jenkins | |
JF-034 |
Pipeline declares a password() build parameter | HIGH | Jenkins | |
JF-042 |
Secret-named variable echoed / printed in a build step | HIGH | Jenkins | |
K8S-017 |
Container env value carries a credential-shaped literal | CRITICAL | Kubernetes | |
K8S-018 |
Secret stringData/data carries a credential-shaped literal | CRITICAL | Kubernetes | |
K8S-037 |
ConfigMap data carries a credential-shaped literal | HIGH | Kubernetes | |
LMB-003 |
Lambda function env vars may contain plaintext secrets | HIGH | AWS | |
MVN-010 |
settings.xml |
HIGH | maven | |
MVN-011 |
Maven repository URL embeds plaintext credentials | HIGH | maven | |
MVN-017 |
settings.xml |
HIGH | maven | |
NPM-011 |
package.json files field includes secret-shaped paths | HIGH | npm | |
NPM-012 |
.npmrc publish token lacks IP or readonly restriction | HIGH | npm | |
NPM-013 |
package.json files field uses an overly broad pattern | HIGH | npm | |
NUGET-010 |
NuGet.config stores a feed credential in plaintext | HIGH | NuGet | |
NUGET-014 |
NuGet.config source URL embeds plaintext credentials | HIGH | NuGet | |
ORG-001 |
Organization does not require two-factor authentication | HIGH | SCM org governance | |
ORG-002 |
Organization default member permission grants write to every repo | HIGH | SCM org governance | |
ORG-004 |
Organization default workflow token grants write permissions | HIGH | SCM org governance | |
ORG-006 |
Organization Actions secret is exposed to every repository | HIGH | SCM org governance | |
ORG-010 |
New repositories default to secret scanning without push protection | MEDIUM | SCM org governance | |
PULUMI-002 |
Pulumi stack config carries a secret-shaped key in plaintext | HIGH | Pulumi | |
PULUMI-003 |
Pulumi source file embeds a hardcoded credential | HIGH | Pulumi | |
PULUMI-010 |
Pulumi stack carries both encryptionsalt and a cloud-KMS provider | MEDIUM | Pulumi | |
PULUMI-011 |
Pulumi plugin pulled from a custom download server | HIGH | Pulumi | |
PYPI-010 |
Requirements file carries an index URL with embedded credentials | HIGH | PyPI | |
SCM-004 |
GitHub secret scanning is not enabled | HIGH | SCM | |
SCM-015 |
Secret scanning push protection is not enabled | HIGH | SCM | |
SCM-020 |
Default workflow GITHUB_TOKEN has write permission | HIGH | SCM | |
SCM-025 |
Repo has write-enabled deploy keys (push backdoor) | HIGH | SCM | |
SCM-026 |
Webhook ships events insecurely (HTTP / no-TLS / no-secret) | HIGH | SCM | |
SCM-048 |
Org codespace secret scoped to all repos | HIGH | SCM | |
SCM-049 |
Classic PAT used where a fine-grained token suffices | MEDIUM | SCM | |
SM-001 |
Secrets Manager secret has no rotation configured | HIGH | AWS | |
SSM-001 |
SSM Parameter with secret-like name is not a SecureString | HIGH | AWS | |
TAINT-009 |
Environment-protected secret flows to unprotected job | HIGH | GitHub Actions | |
TF-001 |
Plan declares aws_iam_access_key (long-lived credential) | HIGH | Terraform | |
TF-002 |
Stateful data-store resource carries a plaintext secret | CRITICAL | Terraform | |
TKN-005 |
Literal secret value in Tekton step env or param default | CRITICAL | Tekton | 🔧 fix |
TKN-017 |
Secret-named variable echoed / printed in a step script | HIGH | Tekton |
RA-5: Vulnerability Monitoring and Scanning
Evidenced by 69 checks across 22 providers (AWS, Actions run history, Argo Workflows, Azure Cloud, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, Drone CI, GCP, GitHub Actions, GitLab CI, Harness CI/CD, Jenkins, NuGet, PyPI, SCM, SCM org governance, Tekton, maven, npm).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ACR-004 |
Container registry Defender scanning not enabled | HIGH | Azure Cloud | |
ADO-020 |
No vulnerability scanning step | MEDIUM | Azure DevOps | |
ADO-026 |
Pipeline contains indicators of malicious activity | CRITICAL | Azure DevOps | |
ARGO-012 |
No vulnerability scanning step | MEDIUM | Argo Workflows | |
AZSQL-005 |
SQL Server advanced threat protection not enabled | MEDIUM | Azure Cloud | |
BB-015 |
No vulnerability scanning step | MEDIUM | Bitbucket | |
BB-025 |
Pipeline contains indicators of malicious activity | CRITICAL | Bitbucket | |
BK-012 |
No vulnerability scanning step | MEDIUM | Buildkite | |
CB-005 |
Outdated managed build image | MEDIUM | AWS | |
CB-011 |
CodeBuild buildspec contains indicators of malicious activity | CRITICAL | AWS | |
CC-001 |
Orb not pinned to exact semver | HIGH | CircleCI | 🔧 fix |
CC-003 |
Docker image not pinned by digest | HIGH | CircleCI | |
CC-020 |
No vulnerability scanning step | MEDIUM | CircleCI | |
CC-026 |
Config contains indicators of malicious activity | CRITICAL | CircleCI | |
DR-022 |
No vulnerability-scan step (trivy / grype / snyk) | MEDIUM | Drone CI | |
ECR-001 |
Image scanning on push not enabled | HIGH | AWS | |
ECR-007 |
Inspector v2 enhanced scanning disabled for ECR | MEDIUM | AWS | |
GAR-001 |
Artifact Registry repository has no vulnerability scanning | HIGH | GCP | |
GCB-001 |
Cloud Build step image not pinned by digest | HIGH | Cloud Build | 🔧 fix |
GCB-008 |
No vulnerability scanning step in Cloud Build pipeline | MEDIUM | Cloud Build | |
GCB-027 |
Config contains indicators of malicious activity | CRITICAL | Cloud Build | |
GHA-001 |
Action not pinned to commit SHA | HIGH | GitHub Actions | 🔧 fix |
GHA-020 |
No vulnerability scanning step | MEDIUM | GitHub Actions | |
GHA-040 |
Action reference matches a known-compromised SHA or tag | CRITICAL | GitHub Actions | |
GHA-056 |
Workflow body contains a known supply-chain worm indicator | CRITICAL | GitHub Actions | |
GHA-088 |
Action uses: slug is a near-edit of a top-traffic action |
HIGH | GitHub Actions | |
GHA-089 |
Action upstream repo is archived | MEDIUM | GitHub Actions | |
GHA-090 |
Action SHA pin references a commit absent from the claimed repo | HIGH | GitHub Actions | |
GHA-091 |
Action upstream repo is missing (takeover-eligible namespace) | HIGH | GitHub Actions | |
GHA-096 |
Action reference has a known GHSA vulnerability | HIGH | GitHub Actions | |
GHA-098 |
Pipeline deploys without a security scan gate | MEDIUM | GitHub Actions | |
GL-019 |
No vulnerability scanning step | MEDIUM | GitLab CI | |
GL-025 |
Pipeline contains indicators of malicious activity | CRITICAL | GitLab CI | |
GL-043 |
GitLab native security scanner explicitly disabled | MEDIUM | GitLab CI | |
HARNESS-018 |
No vulnerability-scan step (trivy / grype / snyk) | MEDIUM | Harness CI/CD | |
JF-020 |
No vulnerability scanning step | MEDIUM | Jenkins | |
JF-029 |
Jenkinsfile contains indicators of malicious activity | CRITICAL | Jenkins | |
MVN-006 |
pom.xml pins a known-compromised Maven Central artifact version | CRITICAL | maven | |
MVN-008 |
Direct dependency was published within the cooldown window | HIGH | maven | |
MVN-009 |
Maven artifact has a known OSV advisory | CRITICAL | maven | |
NPM-006 |
package-lock.json pins a known-compromised package version | CRITICAL | npm | |
NPM-008 |
Direct dependency was published within the cooldown window | HIGH | npm | |
NPM-010 |
npm package has a known OSV advisory | CRITICAL | npm | |
NPM-014 |
Direct dependency relies on a single npm publisher | LOW | npm | |
NPM-015 |
Direct dependency published without build provenance | LOW | npm | |
NPM-016 |
Direct dependency has a low OpenSSF Scorecard | LOW | npm | |
NPM-017 |
Direct dependency provenance built from a non-release ref | LOW | npm | |
NPM-018 |
Direct dependency's latest release published by a new npm account | MEDIUM | npm | |
NPM-019 |
package.json overrides / resolutions rewrites a dependency to a non-registry source | HIGH | npm | |
NPM-020 |
.npmrc repoints the default or a scoped registry to a non-canonical host | HIGH | npm | |
NUGET-005 |
Known-compromised NuGet package version | CRITICAL | NuGet | |
NUGET-008 |
NuGet package published within the cooldown window | HIGH | NuGet | |
NUGET-009 |
NuGet package has a known OSV advisory | CRITICAL | NuGet | |
ORG-003 |
Organization allows any GitHub Action to run (no allow-list) | HIGH | SCM org governance | |
ORG-012 |
New repositories get Dependabot alerts but not security updates | LOW | SCM org governance | |
PYPI-006 |
requirements.txt pins a known-compromised PyPI package version | CRITICAL | PyPI | |
PYPI-008 |
Direct dependency was published within the cooldown window | HIGH | PyPI | |
PYPI-009 |
PyPI package has a known OSV advisory | CRITICAL | PyPI | |
PYPI-019 |
Direct dependency published without PEP 740 provenance | LOW | PyPI | |
PYPI-020 |
Direct dependency has a low OpenSSF Scorecard | LOW | PyPI | |
PYPI-021 |
Direct dependency provenance built from a non-release ref | LOW | PyPI | |
RUN-006 |
Known-compromised action executed in run history | CRITICAL | Actions run history | |
SCM-005 |
Dependabot security updates are not enabled | MEDIUM | SCM | |
SCM-016 |
Private vulnerability reporting is not enabled | LOW | SCM | |
SCM-040 |
Active ruleset doesn't gate on code scanning results | LOW | SCM | |
SCM-045 |
Default code scanning uses the limited query suite | LOW | SCM | |
SCM-046 |
Default code scanning is configured but paused | MEDIUM | SCM | |
SCM-047 |
Repo language excluded from default code-scanning coverage | MEDIUM | SCM | |
TKN-012 |
No vulnerability scanning step | MEDIUM | Tekton |
SA-10: Developer Configuration Management
Evidenced by 34 checks across 10 providers (AWS, Azure DevOps, Bitbucket, Buildkite, CircleCI, GitHub Actions, GitLab CI, Harness CI/CD, Jenkins, SCM).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-004 |
Deployment job missing environment binding | MEDIUM | Azure DevOps | |
ADO-029 |
Service-connection-using job without environment or branch gate | HIGH | Azure DevOps | |
ADO-038 |
Agentic CLI output lands without human review | HIGH | Azure DevOps | |
BB-004 |
Deploy step missing deployment: environment gate |
MEDIUM | Bitbucket | |
BB-034 |
Production deployment on a pull-request pipeline | CRITICAL | Bitbucket | |
BB-039 |
Agentic CLI output lands without human review | HIGH | Bitbucket | |
BK-007 |
Deploy step not gated by a manual block / input | MEDIUM | Buildkite | |
CC-009 |
Deploy job missing manual approval gate | MEDIUM | CircleCI | |
CC-013 |
Deploy job in workflow has no branch filter | MEDIUM | CircleCI | |
CC-030 |
Workflow job uses context without branch filter or approval gate | MEDIUM | CircleCI | |
CC-038 |
Agentic CLI output lands without human review | HIGH | CircleCI | |
CCM-001 |
CodeCommit repository has no approval rule template attached | HIGH | AWS | |
CD-001 |
Automatic rollback on failure not enabled | MEDIUM | AWS | |
CD-002 |
AllAtOnce deployment config, no canary or rolling strategy | HIGH | AWS | |
CP-001 |
No approval action before deploy stages | HIGH | AWS | |
CP-005 |
Production Deploy stage has no preceding ManualApproval | MEDIUM | AWS | |
GHA-014 |
Deploy job missing environment binding | MEDIUM | GitHub Actions | 🔧 fix |
GHA-064 |
contains() invoked with comma-delimited string operand |
HIGH | GitHub Actions | |
GHA-065 |
Workflow body contains zero-width or bidi Unicode characters | CRITICAL | GitHub Actions | |
GHA-086 |
Wildcard branch trigger gates an environment-bound deploy | MEDIUM | GitHub Actions | |
GHA-098 |
Pipeline deploys without a security scan gate | MEDIUM | GitHub Actions | |
GHA-123 |
Agentic CLI output lands without human review | HIGH | GitHub Actions | |
GL-004 |
Deploy job lacks manual approval or environment gate | MEDIUM | GitLab CI | |
GL-029 |
Manual deploy job defaults to allow_failure: true | MEDIUM | GitLab CI | |
GL-044 |
Automatic production deployment on a merge-request pipeline | CRITICAL | GitLab CI | |
GL-049 |
Agentic CLI output lands without human review | HIGH | GitLab CI | |
HARNESS-009 |
Agentic CLI output lands without human review | HIGH | Harness CI/CD | |
JF-005 |
Deploy stage missing manual input approval |
MEDIUM | Jenkins | |
JF-024 |
input approval step missing submitter restriction |
MEDIUM | Jenkins | |
JF-026 |
build job: trigger ignores downstream failure |
MEDIUM | Jenkins | |
JF-038 |
Agentic CLI output lands without human review | HIGH | Jenkins | |
SCM-023 |
Deployment environment lacks required-reviewer protection | HIGH | SCM | |
SCM-024 |
Deployment environment can deploy from any branch | MEDIUM | SCM | |
SCM-041 |
Active ruleset doesn't gate on a deployment environment | LOW | SCM |
SA-11: Developer Testing and Evaluation
Evidenced by 127 checks across 17 providers (AWS, Actions run history, Argo Workflows, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, Dockerfile, Drone CI, GitHub Actions, GitLab CI, GitLab pipeline run history, Harness CI/CD, Jenkins, SCM, Tekton).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-002 |
Script injection via attacker-controllable context | HIGH | Azure DevOps | |
ADO-010 |
Cross-pipeline download: ingestion unverified |
CRITICAL | Azure DevOps | |
ADO-011 |
template: <local-path> on PR-validated pipeline |
HIGH | Azure DevOps | |
ADO-012 |
Cache@2 key derives from $(System.PullRequest.*) | MEDIUM | Azure DevOps | |
ADO-019 |
extends: template on PR-validated pipeline points to local path |
CRITICAL | Azure DevOps | |
ADO-027 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Azure DevOps | |
ADO-030 |
pool interpolates attacker-controllable value | HIGH | Azure DevOps | 🔧 fix |
ADO-033 |
IaC apply on a PR-validated pipeline | CRITICAL | Azure DevOps | |
ADO-034 |
ML model loaded with trust_remote_code (code execution) | HIGH | Azure DevOps | |
ADO-035 |
Untrusted PR/commit context reaches an agentic AI CLI (prompt injection) | HIGH | Azure DevOps | |
ADO-036 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | Azure DevOps | |
ARGO-005 |
Argo input parameter interpolated unsafely in script / args | CRITICAL | Argo Workflows | |
ARGO-017 |
Argo resource template applies a manifest built from an untrusted parameter | CRITICAL | Argo Workflows | |
ARGO-019 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Argo Workflows | |
BB-002 |
Script injection via attacker-controllable context | HIGH | Bitbucket | |
BB-010 |
Deploy step ingests pull-request artifact unverified | CRITICAL | Bitbucket | |
BB-018 |
Cache key derives from attacker-controllable input | MEDIUM | Bitbucket | |
BB-026 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Bitbucket | |
BB-033 |
IaC apply on a pull-request pipeline | CRITICAL | Bitbucket | |
BB-035 |
ML model loaded with trust_remote_code (code execution) | HIGH | Bitbucket | |
BB-036 |
Untrusted PR/branch context reaches an agentic AI CLI (prompt injection) | HIGH | Bitbucket | |
BB-037 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | Bitbucket | |
BK-003 |
Untrusted Buildkite variable interpolated in command | HIGH | Buildkite | |
BK-015 |
agents map interpolates attacker-controllable Buildkite variable | HIGH | Buildkite | |
BK-016 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Buildkite | |
CC-002 |
Script injection via untrusted environment variable | HIGH | CircleCI | |
CC-012 |
Dynamic config via setup: true enables code injection |
MEDIUM | CircleCI | |
CC-025 |
Cache key derives from attacker-controllable input | MEDIUM | CircleCI | |
CC-027 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | CircleCI | |
CC-034 |
ML model loaded with trust_remote_code (code execution) | HIGH | CircleCI | |
CC-036 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | CircleCI | |
CC-037 |
Untrusted PR/build context reaches an agentic AI CLI (prompt injection) | HIGH | CircleCI | |
DF-005 |
RUN uses shell-eval (eval / sh -c on a variable / backticks) | HIGH | Dockerfile | |
DR-003 |
Untrusted Drone template variable in shell command | HIGH | Drone CI | |
DR-009 |
Cache plugin key embeds an attacker-controllable Drone variable | HIGH | Drone CI | |
DR-011 |
node map interpolates attacker-controllable Drone variable | HIGH | Drone CI | |
DR-017 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Drone CI | |
ECR-001 |
Image scanning on push not enabled | HIGH | AWS | |
ECR-007 |
Inspector v2 enhanced scanning disabled for ECR | MEDIUM | AWS | |
GCB-006 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Cloud Build | |
GCB-008 |
No vulnerability scanning step in Cloud Build pipeline | MEDIUM | Cloud Build | |
GCB-019 |
Shell entrypoint inlines a user substitution into args | HIGH | Cloud Build | |
GCB-022 |
options.substitutionOption set to ALLOW_LOOSE | LOW | Cloud Build | 🔧 fix |
GCB-023 |
Step references a user substitution not declared in substitutions: | MEDIUM | Cloud Build | |
GHA-002 |
pull_request_target checks out PR head | CRITICAL | GitHub Actions | 🔧 fix |
GHA-003 |
Script injection via untrusted context | HIGH | GitHub Actions | 🔧 fix |
GHA-009 |
workflow_run downloads upstream artifact unverified | CRITICAL | GitHub Actions | |
GHA-010 |
Local action (./path) on untrusted-trigger workflow | HIGH | GitHub Actions | |
GHA-011 |
Cache key derives from attacker-controllable input | MEDIUM | GitHub Actions | |
GHA-013 |
issue_comment trigger without author guard | HIGH | GitHub Actions | |
GHA-027 |
Workflow contains indicators of malicious activity | CRITICAL | GitHub Actions | |
GHA-031 |
Workflow uses retired set-output / save-state command | HIGH | GitHub Actions | 🔧 fix |
GHA-032 |
run: invokes local script on untrusted-trigger workflow | CRITICAL | GitHub Actions | |
GHA-035 |
github-script step interpolates untrusted context | HIGH | GitHub Actions | |
GHA-036 |
runs-on interpolates untrusted context | HIGH | GitHub Actions | 🔧 fix |
GHA-038 |
Workflow re-enables retired ::set-env / ::add-path commands | CRITICAL | GitHub Actions | |
GHA-044 |
Build tool runs lifecycle scripts on untrusted-trigger workflow | HIGH | GitHub Actions | |
GHA-045 |
Caller-controlled ref input feeds actions/checkout | HIGH | GitHub Actions | |
GHA-046 |
Manual PR-head fetch on untrusted-trigger workflow | CRITICAL | GitHub Actions | |
GHA-052 |
actions/cache key includes untrusted PR-controllable input | HIGH | GitHub Actions | |
GHA-053 |
if: predicate evaluates attacker-controllable context as expression | HIGH | GitHub Actions | |
GHA-058 |
Agentic CLI invoked with permission-bypass flags | HIGH | GitHub Actions | |
GHA-071 |
shell: pwsh / powershell on a Linux / macOS step |
LOW | GitHub Actions | |
GHA-092 |
PR head SHA captured then re-fetched (force-push race) | HIGH | GitHub Actions | |
GHA-097 |
Recursive PR auto-merge loop | HIGH | GitHub Actions | |
GHA-103 |
AI code-review bot on untrusted trigger without environment gate | CRITICAL | GitHub Actions | |
GHA-104 |
AI agent generates and pushes commits without PR review | HIGH | GitHub Actions | |
GHA-117 |
IaC apply on an untrusted pull_request trigger | CRITICAL | GitHub Actions | |
GHA-118 |
Untrusted content written to $GITHUB_ENV / $GITHUB_PATH | HIGH | GitHub Actions | |
GHA-119 |
Untrusted context reaches an agentic AI CLI (prompt injection) | HIGH | GitHub Actions | |
GHA-120 |
ML model loaded with trust_remote_code (code execution) | HIGH | GitHub Actions | |
GHA-122 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | GitHub Actions | |
GL-002 |
Script injection via untrusted commit/MR context | HIGH | GitLab CI | |
GL-010 |
Multi-project pipeline ingests upstream artifact unverified | CRITICAL | GitLab CI | |
GL-011 |
include: local file pulled in MR-triggered pipeline | HIGH | GitLab CI | |
GL-012 |
Cache key derives from MR-controlled CI variable | MEDIUM | GitLab CI | |
GL-026 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | GitLab CI | |
GL-032 |
tags: interpolates untrusted CI variable | HIGH | GitLab CI | 🔧 fix |
GL-033 |
Global before_script / after_script propagates taint to every job | HIGH | GitLab CI | |
GL-041 |
IaC apply on an untrusted merge-request trigger | CRITICAL | GitLab CI | |
GL-045 |
ML model loaded with trust_remote_code (code execution) | HIGH | GitLab CI | |
GL-047 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | GitLab CI | |
GL-048 |
Untrusted MR/commit context reaches an agentic AI CLI (prompt injection) | HIGH | GitLab CI | |
GLRUN-001 |
Merge-request pipeline exercised in run history | MEDIUM | GitLab pipeline run history | |
GLRUN-002 |
Fork merge-request pipeline executed in run history | HIGH | GitLab pipeline run history | |
GLRUN-003 |
Secret leaked in a fork pipeline's job trace | HIGH | GitLab pipeline run history | |
GLRUN-004 |
Fork pipeline minted a cloud OIDC token | HIGH | GitLab pipeline run history | |
GLRUN-005 |
Fork pipeline ran on a self-managed runner | HIGH | GitLab pipeline run history | |
HARNESS-002 |
Untrusted Harness expression interpolated into a step command | HIGH | Harness CI/CD | |
HARNESS-008 |
Untrusted context reaches an agentic AI CLI (prompt injection) | HIGH | Harness CI/CD | |
HARNESS-010 |
ML model loaded with trust_remote_code (code execution) | HIGH | Harness CI/CD | |
HARNESS-011 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | Harness CI/CD | |
HARNESS-014 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Harness CI/CD | |
JF-002 |
Script step interpolates attacker-controllable env var | HIGH | Jenkins | |
JF-013 |
copyArtifacts ingests another job's output unverified | CRITICAL | Jenkins | |
JF-019 |
Groovy sandbox escape pattern detected | CRITICAL | Jenkins | |
JF-030 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Jenkins | |
JF-032 |
Agent label interpolates attacker-controllable value | HIGH | Jenkins | 🔧 fix |
JF-036 |
Script step interpolates a build parameter (params.*) | HIGH | Jenkins | |
JF-037 |
Untrusted PR/build context reaches an agentic AI CLI (prompt injection) | HIGH | Jenkins | |
JF-039 |
ML model loaded with trust_remote_code (code execution) | HIGH | Jenkins | |
JF-041 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | Jenkins | |
RUN-001 |
Fork PR executed on a privileged trigger | HIGH | Actions run history | |
RUN-002 |
Privileged trigger exercised in run history | MEDIUM | Actions run history | |
RUN-003 |
Secret leaked in workflow run logs | HIGH | Actions run history | |
RUN-004 |
Fork PR run minted a cloud OIDC token | HIGH | Actions run history | |
RUN-005 |
Fork PR run executed on a self-hosted runner | HIGH | Actions run history | |
SCM-003 |
GitHub default code scanning is not enabled | MEDIUM | SCM | |
SCM-008 |
Default branch protection does not require status checks | MEDIUM | SCM | |
SCM-033 |
Active ruleset doesn't require status checks | MEDIUM | SCM | |
SCM-039 |
Active ruleset doesn't pin a required workflow | LOW | SCM | |
SCM-040 |
Active ruleset doesn't gate on code scanning results | LOW | SCM | |
SCM-042 |
Active ruleset doesn't require merge queue | LOW | SCM | |
SCM-045 |
Default code scanning uses the limited query suite | LOW | SCM | |
SCM-046 |
Default code scanning is configured but paused | MEDIUM | SCM | |
SCM-047 |
Repo language excluded from default code-scanning coverage | MEDIUM | SCM | |
TAINT-001 |
Untrusted input flows across step boundaries via step outputs | HIGH | GitHub Actions | |
TAINT-002 |
Untrusted input flows across jobs via jobs.<id>.outputs: |
HIGH | GitHub Actions | |
TAINT-003 |
Untrusted input forwarded into reusable workflow with: |
HIGH | GitHub Actions | |
TAINT-004 |
Untrusted input flows across jobs via dotenv artifact | HIGH | GitLab CI | |
TAINT-005 |
Untrusted input flows across steps via buildkite-agent meta-data |
HIGH | Buildkite | |
TAINT-006 |
Untrusted input flows across tasks via Tekton results |
HIGH | Tekton | |
TAINT-007 |
Untrusted input flows across templates via Argo outputs.parameters |
HIGH | Argo Workflows | |
TAINT-008 |
Untrusted input flows via GitLab extends: template inheritance |
HIGH | GitLab CI | |
TKN-003 |
Tekton param interpolated unsafely in step script | CRITICAL | Tekton | |
TKN-015 |
Workspace subPath interpolates a Task parameter (path traversal) | HIGH | Tekton | |
TKN-018 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Tekton |
SA-15: Development Process, Standards, and Tools
Evidenced by 47 checks across 11 providers (AWS, Azure DevOps, Bitbucket, CircleCI, GitHub Actions, GitLab CI, GitLab group governance, Harness CI/CD, Jenkins, SCM, SCM org governance).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-033 |
IaC apply on a PR-validated pipeline | CRITICAL | Azure DevOps | |
ADO-036 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | Azure DevOps | |
BB-033 |
IaC apply on a pull-request pipeline | CRITICAL | Bitbucket | |
BB-037 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | Bitbucket | |
CC-002 |
Script injection via untrusted environment variable | HIGH | CircleCI | |
CC-009 |
Deploy job missing manual approval gate | MEDIUM | CircleCI | |
CC-012 |
Dynamic config via setup: true enables code injection |
MEDIUM | CircleCI | |
CC-036 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | CircleCI | |
CP-001 |
No approval action before deploy stages | HIGH | AWS | |
CP-005 |
Production Deploy stage has no preceding ManualApproval | MEDIUM | AWS | |
GHA-003 |
Script injection via untrusted context | HIGH | GitHub Actions | 🔧 fix |
GHA-117 |
IaC apply on an untrusted pull_request trigger | CRITICAL | GitHub Actions | |
GHA-118 |
Untrusted content written to $GITHUB_ENV / $GITHUB_PATH | HIGH | GitHub Actions | |
GHA-119 |
Untrusted context reaches an agentic AI CLI (prompt injection) | HIGH | GitHub Actions | |
GHA-120 |
ML model loaded with trust_remote_code (code execution) | HIGH | GitHub Actions | |
GHA-122 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | GitHub Actions | |
GL-041 |
IaC apply on an untrusted merge-request trigger | CRITICAL | GitLab CI | |
GL-047 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | GitLab CI | |
GLGRP-004 |
GitLab group default branch protection is disabled for new projects | MEDIUM | GitLab group governance | |
HARNESS-010 |
ML model loaded with trust_remote_code (code execution) | HIGH | Harness CI/CD | |
HARNESS-011 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | Harness CI/CD | |
JF-005 |
Deploy stage missing manual input approval |
MEDIUM | Jenkins | |
JF-026 |
build job: trigger ignores downstream failure |
MEDIUM | Jenkins | |
JF-041 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | Jenkins | |
ORG-005 |
Organization lets GitHub Actions approve pull requests | HIGH | SCM org governance | |
ORG-013 |
Organization ruleset is in evaluate / disabled mode (not enforced) | MEDIUM | SCM org governance | |
SCM-001 |
Default branch has no protection rule | HIGH | SCM | |
SCM-002 |
Default branch protection does not require pull request reviews | HIGH | SCM | |
SCM-008 |
Default branch protection does not require status checks | MEDIUM | SCM | |
SCM-010 |
Branch protection allows administrators to bypass | HIGH | SCM | |
SCM-011 |
Default branch protection does not require CODEOWNERS reviews | MEDIUM | SCM | |
SCM-012 |
Default branch protection keeps stale reviews after a push | MEDIUM | SCM | |
SCM-013 |
Default branch protection does not require conversation resolution | LOW | SCM | |
SCM-014 |
Default branch protection does not require approval of the most recent push | MEDIUM | SCM | |
SCM-017 |
Repository has no CODEOWNERS file | MEDIUM | SCM | |
SCM-018 |
Required PR reviews can be bypassed by named identities | MEDIUM | SCM | |
SCM-021 |
Actions can approve pull requests (self-approval bypass) | HIGH | SCM | |
SCM-029 |
Repository ruleset is in evaluate / disabled mode (not enforced) | MEDIUM | SCM | |
SCM-030 |
Repository ruleset has bypass actor with bypass_mode: always | HIGH | SCM | |
SCM-031 |
Repo allows auto-merge (no human-timing gate) | MEDIUM | SCM | |
SCM-032 |
Active ruleset doesn't require a PR review (governance theater) | HIGH | SCM | |
SCM-033 |
Active ruleset doesn't require status checks | MEDIUM | SCM | |
SCM-037 |
Active ruleset's pull_request rule doesn't dismiss stale reviews | MEDIUM | SCM | |
SCM-038 |
Active ruleset doesn't require linear history | LOW | SCM | |
SCM-039 |
Active ruleset doesn't pin a required workflow | LOW | SCM | |
SCM-041 |
Active ruleset doesn't gate on a deployment environment | LOW | SCM | |
SCM-042 |
Active ruleset doesn't require merge queue | LOW | SCM |
SC-7: Boundary Protection
Evidenced by 55 checks across 15 providers (AWS, Actions run history, Argo Workflows, Azure Cloud, Cloud Build, CloudFormation, Dockerfile, Drone CI, GCP, GitHub Actions, GitLab pipeline run history, Harness CI/CD, Kubernetes, Tekton, Terraform).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ACR-002 |
Container registry allows public network access | HIGH | Azure Cloud | |
AKV-003 |
Key Vault allows access from all networks | MEDIUM | Azure Cloud | |
ARGO-004 |
Argo workflow mounts hostPath or shares host namespaces | CRITICAL | Argo Workflows | |
AZAPP-004 |
App Service has remote debugging enabled | HIGH | Azure Cloud | |
AZNW-001 |
NSG allows inbound SSH or RDP from the internet | CRITICAL | Azure Cloud | |
AZNW-003 |
Application Gateway does not have WAF enabled | HIGH | Azure Cloud | |
AZNW-004 |
NSG has no explicit deny-all inbound rule | MEDIUM | Azure Cloud | |
AZNW-005 |
Public IP address associated with a VM NIC | HIGH | Azure Cloud | |
AZSQL-003 |
SQL Server allows public network access | HIGH | Azure Cloud | |
AZST-001 |
Storage account allows public blob access | HIGH | Azure Cloud | |
AZVM-002 |
Virtual machine has a public IP address | HIGH | Azure Cloud | |
AZVM-003 |
Virtual machine does not have JIT network access | MEDIUM | Azure Cloud | |
CA-003 |
CodeArtifact domain policy allows cross-account wildcard | CRITICAL | AWS | |
CCM-003 |
CodeCommit trigger targets SNS/Lambda in a different account | MEDIUM | AWS | |
CF-003 |
CodeBuild project's VPC contains a public subnet | HIGH | CloudFormation | |
DF-013 |
EXPOSE declares sensitive remote-access port | CRITICAL | Dockerfile | 🔧 fix |
DR-007 |
Step mounts a sensitive host path | HIGH | Drone CI | |
ECR-003 |
Repository policy allows public access | CRITICAL | AWS | |
GAR-002 |
Artifact Registry repository is publicly readable | HIGH | GCP | |
GCB-021 |
No private worker pool, build runs on the shared default pool | MEDIUM | Cloud Build | 🔧 fix |
GCCE-003 |
Compute instance has serial port access enabled | MEDIUM | GCP | |
GCCE-004 |
Compute instance has an external IP address | HIGH | GCP | |
GCNET-001 |
Default VPC network exists in project | MEDIUM | GCP | |
GCNET-002 |
No default-deny ingress firewall rule configured | MEDIUM | GCP | |
GCNET-003 |
Firewall allows SSH or RDP from the internet | CRITICAL | GCP | |
GCNET-004 |
Subnet does not have Private Google Access enabled | MEDIUM | GCP | |
GCNET-005 |
No Cloud NAT gateway configured | LOW | GCP | |
GCRUN-001 |
Cloud Run service allows unauthenticated access | HIGH | GCP | |
GCRUN-004 |
Cloud Run service does not use a VPC connector | MEDIUM | GCP | |
GCS-001 |
Cloud Storage bucket is publicly accessible | HIGH | GCP | |
GCSQL-001 |
Cloud SQL instance has a public IP address | HIGH | GCP | |
GHA-057 |
Secret-scanner output sent to network egress | CRITICAL | GitHub Actions | |
GLRUN-005 |
Fork pipeline ran on a self-managed runner | HIGH | GitLab pipeline run history | |
HARNESS-007 |
Stage infrastructure mounts a sensitive host path | HIGH | Harness CI/CD | |
K8S-002 |
Pod hostNetwork: true | HIGH | Kubernetes | 🔧 fix |
K8S-003 |
Pod hostPID: true | HIGH | Kubernetes | 🔧 fix |
K8S-004 |
Pod hostIPC: true | HIGH | Kubernetes | 🔧 fix |
K8S-013 |
Pod uses a hostPath volume | HIGH | Kubernetes | 🔧 fix |
K8S-014 |
Pod hostPath references a sensitive host directory | CRITICAL | Kubernetes | |
K8S-022 |
Service exposes SSH (port 22) | MEDIUM | Kubernetes | |
K8S-026 |
LoadBalancer Service has no loadBalancerSourceRanges | HIGH | Kubernetes | |
K8S-028 |
Container declares hostPort | MEDIUM | Kubernetes | 🔧 fix |
K8S-030 |
Workload schedules onto a control-plane node | HIGH | Kubernetes | 🔧 fix |
K8S-032 |
Namespace lacks default-deny NetworkPolicy | MEDIUM | Kubernetes | |
K8S-038 |
NetworkPolicy ingress / egress allows all sources or destinations | MEDIUM | Kubernetes | |
K8S-041 |
Service.externalIPs allows traffic interception (CVE-2020-8554) | HIGH | Kubernetes | |
K8S-043 |
Ingress rule has wildcard or missing host (catch-all) | MEDIUM | Kubernetes | |
LMB-004 |
Lambda resource policy allows wildcard principal | CRITICAL | AWS | |
PBAC-001 |
CodeBuild project has no VPC configuration | HIGH | AWS | |
PBAC-003 |
CodeBuild security group allows 0.0.0.0/0 all-port egress | MEDIUM | AWS | |
RUN-005 |
Fork PR run executed on a self-hosted runner | HIGH | Actions run history | |
S3-001 |
Artifact bucket public access block not fully enabled | CRITICAL | AWS | |
SM-002 |
Secrets Manager resource policy allows wildcard principal | CRITICAL | AWS | |
TF-003 |
CodeBuild VPC config references a public subnet | HIGH | Terraform | |
TKN-004 |
Tekton Task mounts hostPath or shares host namespaces | CRITICAL | Tekton |
SC-8: Transmission Confidentiality and Integrity
Evidenced by 46 checks across 27 providers (AWS, Argo Workflows, Azure Cloud, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, Composer, Dockerfile, Drone CI, GCP, GitHub Actions, GitLab CI, GitLab group governance, Harness CI/CD, Helm, Jenkins, Kubernetes, NuGet, Pulumi, PyPI, RubyGems, SCM, SCM org governance, Tekton, maven).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-023 |
TLS / certificate verification bypass | HIGH | Azure DevOps | 🔧 fix |
ARGO-008 |
Argo script source pipes remote install or disables TLS | HIGH | Argo Workflows | 🔧 fix |
ARGO-015 |
Input artifact pulls from an insecure (non-HTTPS) URL | HIGH | Argo Workflows | |
AZAPP-001 |
App Service does not enforce HTTPS | HIGH | Azure Cloud | |
AZAPP-002 |
App Service minimum TLS version below 1.2 | HIGH | Azure Cloud | |
AZAPP-005 |
App Service FTP access not disabled | MEDIUM | Azure Cloud | |
AZST-002 |
Storage account allows non-HTTPS traffic | HIGH | Azure Cloud | |
AZST-004 |
Storage account minimum TLS version below 1.2 | HIGH | Azure Cloud | |
BB-023 |
TLS / certificate verification bypass | HIGH | Bitbucket | 🔧 fix |
BK-008 |
TLS verification disabled in step command | MEDIUM | Buildkite | 🔧 fix |
CC-023 |
TLS / certificate verification bypass | HIGH | CircleCI | 🔧 fix |
COMPOSER-003 |
composer.json repository declared over plain HTTP | HIGH | Composer | |
COMPOSER-010 |
composer.json config.secure-http: false disables HTTPS enforcement | MEDIUM | Composer | |
COMPOSER-011 |
composer.json repository re-points a package to an external VCS source | HIGH | Composer | |
COMPOSER-012 |
composer.json disables Packagist or marks a custom repo canonical | HIGH | Composer | |
COMPOSER-013 |
composer.json config.disable-tls turns off certificate verification | HIGH | Composer | |
DF-021 |
RUN pip install bypasses TLS or uses an HTTP index | HIGH | Dockerfile | |
DF-026 |
ENV disables Node.js TLS certificate verification | HIGH | Dockerfile | |
DF-027 |
ENV disables Python HTTPS certificate verification | HIGH | Dockerfile | |
DF-028 |
ENV disables Git TLS certificate verification | HIGH | Dockerfile | |
DF-029 |
ENV neuters Python requests CA bundle | HIGH | Dockerfile | |
DR-006 |
TLS verification disabled in step commands | HIGH | Drone CI | 🔧 fix |
GCB-011 |
TLS / certificate verification bypass | HIGH | Cloud Build | 🔧 fix |
GCSQL-003 |
Cloud SQL instance does not require SSL connections | HIGH | GCP | |
GEM-003 |
Gemfile source declared over plain HTTP | HIGH | RubyGems | |
GHA-022 |
Dependency update command bypasses lockfile pins | MEDIUM | GitHub Actions | 🔧 fix |
GHA-070 |
ssh-keyscan / disabled host-key check trust-on-first-use |
HIGH | GitHub Actions | |
GL-023 |
TLS / certificate verification bypass | HIGH | GitLab CI | 🔧 fix |
GLGRP-005 |
GitLab group webhook delivers events over insecure transport | HIGH | GitLab group governance | |
HARNESS-006 |
TLS verification disabled in step commands | HIGH | Harness CI/CD | 🔧 fix |
HELM-003 |
Chart dependency declared on a non-HTTPS repository | HIGH | Helm | 🔧 fix |
HELM-009 |
Chart home / sources URL uses a non-HTTPS scheme | LOW | Helm | |
JF-023 |
TLS / certificate verification bypass | HIGH | Jenkins | 🔧 fix |
JF-035 |
httpRequest step disables SSL verification | HIGH | Jenkins | |
K8S-027 |
Ingress has no TLS configuration | MEDIUM | Kubernetes | |
MVN-003 |
pom.xml declares a plaintext-HTTP Maven repository | HIGH | maven | |
NUGET-004 |
HTTP-only NuGet package source | HIGH | NuGet | |
ORG-011 |
Organization webhook delivers events over insecure transport | HIGH | SCM org governance | |
PULUMI-004 |
Pulumi project uses an insecure state backend | MEDIUM | Pulumi | |
PYPI-003 |
requirements.txt uses an HTTP index or disables TLS verification | HIGH | PyPI | |
PYPI-011 |
Requirements file disables TLS verification via --trusted-host | HIGH | PyPI | |
PYPI-014 |
Custom package source in pyproject.toml uses plain HTTP | MEDIUM | PyPI | |
PYPI-018 |
requirements.txt forces source builds via --no-binary | MEDIUM | PyPI | |
S3-005 |
Artifact bucket missing aws:SecureTransport deny | MEDIUM | AWS | |
SCM-026 |
Webhook ships events insecurely (HTTP / no-TLS / no-secret) | HIGH | SCM | |
TKN-008 |
Tekton step script pipes remote install or disables TLS | HIGH | Tekton | 🔧 fix |
SC-12: Cryptographic Key Establishment and Management
Evidenced by 24 checks across 4 providers (AWS, Azure Cloud, GCP, Pulumi).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
AKV-004 |
Key Vault key has no expiration date | MEDIUM | Azure Cloud | |
AKV-005 |
Key Vault secret has no expiration date | MEDIUM | Azure Cloud | |
AZSQL-001 |
SQL Server TDE does not use a customer-managed key | MEDIUM | Azure Cloud | |
AZST-003 |
Storage account not encrypted with customer-managed key | MEDIUM | Azure Cloud | |
AZST-006 |
Storage account access keys not rotated within 90 days | HIGH | Azure Cloud | |
AZVM-001 |
Virtual machine disks are not encrypted | HIGH | Azure Cloud | |
CA-001 |
CodeArtifact domain has no KMS encryptionKey configured | MEDIUM | AWS | |
CCM-002 |
CodeCommit repository not encrypted with customer KMS CMK | MEDIUM | AWS | |
CP-002 |
Artifact store not encrypted with customer-managed KMS key | MEDIUM | AWS | |
CWL-002 |
CodeBuild log group not KMS-encrypted | MEDIUM | AWS | |
ECR-005 |
Repository encrypted with AES256 rather than KMS CMK | MEDIUM | AWS | |
GCIAM-006 |
Service account key older than 90 days | HIGH | GCP | |
GCKMS-001 |
KMS key rotation period exceeds 365 days | MEDIUM | GCP | |
GCKMS-002 |
KMS key IAM policy grants public access | HIGH | GCP | |
GCKMS-003 |
KMS key not using HSM protection level | LOW | GCP | |
GCKMS-005 |
KMS key has primary version scheduled for destruction | MEDIUM | GCP | |
GCKMS-006 |
KMS key uses imported (external) key material | LOW | GCP | |
GCS-004 |
Cloud Storage bucket not encrypted with CMEK | MEDIUM | GCP | |
KMS-001 |
KMS customer-managed key has rotation disabled | MEDIUM | AWS | |
PULUMI-001 |
Pulumi stack uses passphrase-based secret encryption | HIGH | Pulumi | |
PULUMI-010 |
Pulumi stack carries both encryptionsalt and a cloud-KMS provider | MEDIUM | Pulumi | |
S3-002 |
Artifact bucket server-side encryption not configured | HIGH | AWS | |
SM-001 |
Secrets Manager secret has no rotation configured | HIGH | AWS | |
SSM-002 |
SSM SecureString uses the default AWS-managed key | MEDIUM | AWS |
SC-13: Cryptographic Protection
Evidenced by 41 checks across 19 providers (AWS, Azure Cloud, Azure DevOps, Bitbucket, Buildkite, Composer, Dockerfile, Drone CI, GCP, GitHub Actions, GitLab CI, Harness CI/CD, Helm, Jenkins, Kubernetes, OCI manifest, Pulumi, PyPI, RubyGems).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-023 |
TLS / certificate verification bypass | HIGH | Azure DevOps | 🔧 fix |
AZAPP-001 |
App Service does not enforce HTTPS | HIGH | Azure Cloud | |
AZAPP-002 |
App Service minimum TLS version below 1.2 | HIGH | Azure Cloud | |
AZST-002 |
Storage account allows non-HTTPS traffic | HIGH | Azure Cloud | |
AZST-003 |
Storage account not encrypted with customer-managed key | MEDIUM | Azure Cloud | |
AZST-004 |
Storage account minimum TLS version below 1.2 | HIGH | Azure Cloud | |
AZST-006 |
Storage account access keys not rotated within 90 days | HIGH | Azure Cloud | |
BB-023 |
TLS / certificate verification bypass | HIGH | Bitbucket | 🔧 fix |
BK-008 |
TLS verification disabled in step command | MEDIUM | Buildkite | 🔧 fix |
CA-001 |
CodeArtifact domain has no KMS encryptionKey configured | MEDIUM | AWS | |
COMPOSER-003 |
composer.json repository declared over plain HTTP | HIGH | Composer | |
COMPOSER-010 |
composer.json config.secure-http: false disables HTTPS enforcement | MEDIUM | Composer | |
COMPOSER-011 |
composer.json repository re-points a package to an external VCS source | HIGH | Composer | |
COMPOSER-012 |
composer.json disables Packagist or marks a custom repo canonical | HIGH | Composer | |
COMPOSER-013 |
composer.json config.disable-tls turns off certificate verification | HIGH | Composer | |
CP-002 |
Artifact store not encrypted with customer-managed KMS key | MEDIUM | AWS | |
DF-021 |
RUN pip install bypasses TLS or uses an HTTP index | HIGH | Dockerfile | |
DF-026 |
ENV disables Node.js TLS certificate verification | HIGH | Dockerfile | |
DF-027 |
ENV disables Python HTTPS certificate verification | HIGH | Dockerfile | |
DF-028 |
ENV disables Git TLS certificate verification | HIGH | Dockerfile | |
DF-029 |
ENV neuters Python requests CA bundle | HIGH | Dockerfile | |
DR-006 |
TLS verification disabled in step commands | HIGH | Drone CI | 🔧 fix |
ECR-005 |
Repository encrypted with AES256 rather than KMS CMK | MEDIUM | AWS | |
GCKMS-001 |
KMS key rotation period exceeds 365 days | MEDIUM | GCP | |
GCKMS-003 |
KMS key not using HSM protection level | LOW | GCP | |
GCKMS-006 |
KMS key uses imported (external) key material | LOW | GCP | |
GCSQL-003 |
Cloud SQL instance does not require SSL connections | HIGH | GCP | |
GEM-003 |
Gemfile source declared over plain HTTP | HIGH | RubyGems | |
GHA-022 |
Dependency update command bypasses lockfile pins | MEDIUM | GitHub Actions | 🔧 fix |
GL-023 |
TLS / certificate verification bypass | HIGH | GitLab CI | 🔧 fix |
HARNESS-006 |
TLS verification disabled in step commands | HIGH | Harness CI/CD | 🔧 fix |
HELM-003 |
Chart dependency declared on a non-HTTPS repository | HIGH | Helm | 🔧 fix |
JF-023 |
TLS / certificate verification bypass | HIGH | Jenkins | 🔧 fix |
JF-035 |
httpRequest step disables SSL verification | HIGH | Jenkins | |
K8S-027 |
Ingress has no TLS configuration | MEDIUM | Kubernetes | |
KMS-001 |
KMS customer-managed key has rotation disabled | MEDIUM | AWS | |
OCI-008 |
Manifest references digest using unsupported hash algorithm | HIGH | OCI manifest | |
PULUMI-001 |
Pulumi stack uses passphrase-based secret encryption | HIGH | Pulumi | |
PYPI-011 |
Requirements file disables TLS verification via --trusted-host | HIGH | PyPI | |
S3-002 |
Artifact bucket server-side encryption not configured | HIGH | AWS | |
SSM-002 |
SSM SecureString uses the default AWS-managed key | MEDIUM | AWS |
SC-28: Protection of Information at Rest
Evidenced by 36 checks across 17 providers (AWS, Argo Workflows, Azure Cloud, Buildkite, Composer, Dockerfile, GCP, GitHub Actions, Helm, Jenkins, Kubernetes, NuGet, Pulumi, PyPI, RubyGems, Tekton, maven).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
AKV-001 |
Key Vault soft delete not enabled | HIGH | Azure Cloud | |
AKV-002 |
Key Vault purge protection not enabled | HIGH | Azure Cloud | |
ARGO-006 |
Literal secret value in Argo template env or parameter default | CRITICAL | Argo Workflows | 🔧 fix |
AZSQL-001 |
SQL Server TDE does not use a customer-managed key | MEDIUM | Azure Cloud | |
AZST-003 |
Storage account not encrypted with customer-managed key | MEDIUM | Azure Cloud | |
AZVM-001 |
Virtual machine disks are not encrypted | HIGH | Azure Cloud | |
BK-002 |
Literal secret value in pipeline env block | CRITICAL | Buildkite | 🔧 fix |
CCM-002 |
CodeCommit repository not encrypted with customer KMS CMK | MEDIUM | AWS | |
COMPOSER-004 |
composer.json repository URL embeds plaintext credentials | HIGH | Composer | |
COMPOSER-009 |
auth.json committed alongside composer.json with literal credentials | HIGH | Composer | |
CP-002 |
Artifact store not encrypted with customer-managed KMS key | MEDIUM | AWS | |
CWL-002 |
CodeBuild log group not KMS-encrypted | MEDIUM | AWS | |
DF-019 |
COPY/ADD source path looks like a credential file | HIGH | Dockerfile | 🔧 fix |
DF-025 |
RUN writes a registry auth token into a Docker layer | CRITICAL | Dockerfile | |
ECR-005 |
Repository encrypted with AES256 rather than KMS CMK | MEDIUM | AWS | |
GCS-004 |
Cloud Storage bucket not encrypted with CMEK | MEDIUM | GCP | |
GEM-004 |
Gemfile source URL embeds plaintext credentials | HIGH | RubyGems | |
GEM-009 |
.bundle/config committed with embedded credentials | HIGH | RubyGems | |
GHA-067 |
actions/cache writes credential-shaped paths |
HIGH | GitHub Actions | |
GHA-099 |
Deployment job has a secret-shaped plaintext env var | CRITICAL | GitHub Actions | |
HELM-011 |
Chart dependency repository URL embeds plaintext credentials | HIGH | Helm | |
HELM-016 |
values.yaml ships a default secret or credential | HIGH | Helm | |
JF-034 |
Pipeline declares a password() build parameter | HIGH | Jenkins | |
K8S-008 |
Container readOnlyRootFilesystem not true | MEDIUM | Kubernetes | 🔧 fix |
K8S-018 |
Secret stringData/data carries a credential-shaped literal | CRITICAL | Kubernetes | |
K8S-037 |
ConfigMap data carries a credential-shaped literal | HIGH | Kubernetes | |
MVN-010 |
settings.xml |
HIGH | maven | |
MVN-011 |
Maven repository URL embeds plaintext credentials | HIGH | maven | |
MVN-017 |
settings.xml |
HIGH | maven | |
NUGET-014 |
NuGet.config source URL embeds plaintext credentials | HIGH | NuGet | |
PULUMI-002 |
Pulumi stack config carries a secret-shaped key in plaintext | HIGH | Pulumi | |
PULUMI-003 |
Pulumi source file embeds a hardcoded credential | HIGH | Pulumi | |
PULUMI-011 |
Pulumi plugin pulled from a custom download server | HIGH | Pulumi | |
PYPI-010 |
Requirements file carries an index URL with embedded credentials | HIGH | PyPI | |
S3-002 |
Artifact bucket server-side encryption not configured | HIGH | AWS | |
TKN-005 |
Literal secret value in Tekton step env or param default | CRITICAL | Tekton | 🔧 fix |
SI-2: Flaw Remediation
Evidenced by 111 checks across 29 providers (AWS, Argo Workflows, Azure Cloud, Azure DevOps, Bitbucket, Buildkite, Cargo, CircleCI, Cloud Build, Composer, Dockerfile, Drone CI, GCP, GitHub Actions, GitLab CI, Go modules, Harness CI/CD, Helm, Jenkins, Kubernetes, Modelfile, NuGet, PyPI, RubyGems, SCM, SCM org governance, Tekton, maven, npm).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ACR-004 |
Container registry Defender scanning not enabled | HIGH | Azure Cloud | |
ADO-001 |
Task reference not pinned to specific version | HIGH | Azure DevOps | 🔧 fix |
ADO-009 |
Container image pinned by tag rather than sha256 digest | LOW | Azure DevOps | |
ADO-020 |
No vulnerability scanning step | MEDIUM | Azure DevOps | |
ADO-022 |
Dependency update command bypasses lockfile pins | MEDIUM | Azure DevOps | 🔧 fix |
ADO-025 |
Cross-repo template not pinned to commit SHA | HIGH | Azure DevOps | |
ADO-037 |
AI model pulled without a pinned revision | MEDIUM | Azure DevOps | |
ARGO-001 |
Argo template container image not pinned to a digest | HIGH | Argo Workflows | |
ARGO-007 |
Argo workflow has no activeDeadlineSeconds | LOW | Argo Workflows | |
ARGO-012 |
No vulnerability scanning step | MEDIUM | Argo Workflows | |
AZMON-003 |
No alert rule for critical administrative operations | MEDIUM | Azure Cloud | |
AZMON-007 |
No service health alert rule configured | LOW | Azure Cloud | |
AZNW-003 |
Application Gateway does not have WAF enabled | HIGH | Azure Cloud | |
AZSQL-005 |
SQL Server advanced threat protection not enabled | MEDIUM | Azure Cloud | |
AZVM-004 |
Virtual machine automatic OS patching not enabled | MEDIUM | Azure Cloud | |
BB-001 |
pipe: action not pinned to exact version | HIGH | Bitbucket | 🔧 fix |
BB-009 |
pipe: pinned by version rather than sha256 digest | LOW | Bitbucket | |
BB-015 |
No vulnerability scanning step | MEDIUM | Bitbucket | |
BB-022 |
Dependency update command bypasses lockfile pins | MEDIUM | Bitbucket | 🔧 fix |
BB-029 |
image: (step or service) not pinned by sha256 digest | HIGH | Bitbucket | |
BB-038 |
AI model pulled without a pinned revision | MEDIUM | Bitbucket | |
BK-001 |
Buildkite plugin not pinned to an exact version | HIGH | Buildkite | |
BK-006 |
Step has no timeout_in_minutes | LOW | Buildkite | |
BK-012 |
No vulnerability scanning step | MEDIUM | Buildkite | |
CARGO-006 |
Cargo.toml requires a known-compromised crate version | HIGH | Cargo | |
CB-005 |
Outdated managed build image | MEDIUM | AWS | |
CB-009 |
CodeBuild image not pinned by digest | MEDIUM | AWS | |
CC-001 |
Orb not pinned to exact semver | HIGH | CircleCI | 🔧 fix |
CC-003 |
Docker image not pinned by digest | HIGH | CircleCI | |
CC-020 |
No vulnerability scanning step | MEDIUM | CircleCI | |
CC-022 |
Dependency update command bypasses lockfile pins | MEDIUM | CircleCI | 🔧 fix |
CC-029 |
Machine executor image not pinned | HIGH | CircleCI | |
CC-035 |
AI model pulled without a pinned revision | MEDIUM | CircleCI | |
COMPOSER-007 |
composer.json requires a known-compromised package version | HIGH | Composer | |
CW-001 |
No CloudWatch alarm on CodeBuild FailedBuilds metric | LOW | AWS | |
DF-001 |
FROM image not pinned to sha256 digest | HIGH | Dockerfile | 🔧 fix |
DF-007 |
No HEALTHCHECK directive declared | LOW | Dockerfile | 🔧 fix |
DF-010 |
apt-get dist-upgrade / upgrade pulls unknown package versions | LOW | Dockerfile | |
DF-031 |
COPY --from external image not pinned to sha256 digest | HIGH | Dockerfile | |
DR-001 |
Step image not pinned to a digest | HIGH | Drone CI | |
DR-005 |
Plugin step uses a floating image tag | HIGH | Drone CI | |
DR-022 |
No vulnerability-scan step (trivy / grype / snyk) | MEDIUM | Drone CI | |
EB-001 |
No EventBridge rule for CodePipeline failure notifications | MEDIUM | AWS | |
ECR-001 |
Image scanning on push not enabled | HIGH | AWS | |
ECR-007 |
Inspector v2 enhanced scanning disabled for ECR | MEDIUM | AWS | |
ENTRA-006 |
No Conditional Access sign-in risk policy | HIGH | Azure Cloud | |
GAR-001 |
Artifact Registry repository has no vulnerability scanning | HIGH | GCP | |
GCB-001 |
Cloud Build step image not pinned by digest | HIGH | Cloud Build | 🔧 fix |
GCB-004 |
dynamicSubstitutions on with user substitutions in step args | HIGH | Cloud Build | |
GCB-008 |
No vulnerability scanning step in Cloud Build pipeline | MEDIUM | Cloud Build | |
GCB-025 |
Build has no tags for audit / discoverability | LOW | Cloud Build | |
GCLOG-007 |
No log metric filter for IAM policy changes | MEDIUM | GCP | |
GCLOG-008 |
No log metric filter for firewall rule changes | MEDIUM | GCP | |
GCLOG-009 |
No log metric filter for route changes | MEDIUM | GCP | |
GCLOG-010 |
No log metric filter for Cloud SQL config changes | MEDIUM | GCP | |
GCLOG-011 |
No log metric filter for custom role changes | MEDIUM | GCP | |
GCRUN-003 |
Cloud Run service has zero minimum instances | LOW | GCP | |
GCSQL-002 |
Cloud SQL instance does not have automated backups enabled | MEDIUM | GCP | |
GCSQL-005 |
Cloud SQL instance does not have point-in-time recovery enabled | MEDIUM | GCP | |
GEM-006 |
Gemfile requires a known-compromised gem version | HIGH | RubyGems | |
GHA-001 |
Action not pinned to commit SHA | HIGH | GitHub Actions | 🔧 fix |
GHA-020 |
No vulnerability scanning step | MEDIUM | GitHub Actions | |
GHA-021 |
Package install without lockfile enforcement | MEDIUM | GitHub Actions | 🔧 fix |
GHA-023 |
TLS / certificate verification bypass | HIGH | GitHub Actions | 🔧 fix |
GHA-025 |
Reusable workflow not pinned to commit SHA | HIGH | GitHub Actions | |
GHA-051 |
services / container image is not pinned by digest | HIGH | GitHub Actions | |
GHA-068 |
runs-on: targets an end-of-life hosted-runner image |
MEDIUM | GitHub Actions | |
GL-001 |
Image not pinned to specific version or digest | HIGH | GitLab CI | 🔧 fix |
GL-009 |
Image pinned to version tag rather than sha256 digest | LOW | GitLab CI | |
GL-019 |
No vulnerability scanning step | MEDIUM | GitLab CI | |
GL-022 |
Dependency update command bypasses lockfile pins | MEDIUM | GitLab CI | 🔧 fix |
GL-028 |
services: image not pinned | HIGH | GitLab CI | |
GL-043 |
GitLab native security scanner explicitly disabled | MEDIUM | GitLab CI | |
GOMOD-004 |
Direct require pinned to a +incompatible version | MEDIUM | Go modules | |
GOMOD-006 |
go.mod requires a known-compromised module version | HIGH | Go modules | |
HARNESS-001 |
Step image not pinned to a digest | HIGH | Harness CI/CD | |
HARNESS-012 |
AI model pulled without a pinned revision | MEDIUM | Harness CI/CD | |
HARNESS-018 |
No vulnerability-scan step (trivy / grype / snyk) | MEDIUM | Harness CI/CD | |
HARNESS-019 |
Pipeline step lacks an explicit timeout | LOW | Harness CI/CD | |
HELM-004 |
Chart dependency version is a range, not an exact pin | MEDIUM | Helm | |
HELM-008 |
Chart.lock generated more than 90 days ago | MEDIUM | Helm | |
HELM-012 |
Chart marked deprecated without naming a successor | MEDIUM | Helm | |
HELM-014 |
Chart dependency matches a known-compromised chart registry | HIGH | Helm | |
JF-009 |
Agent docker image not pinned to sha256 digest | HIGH | Jenkins | |
JF-020 |
No vulnerability scanning step | MEDIUM | Jenkins | |
JF-022 |
Dependency update command bypasses lockfile pins | MEDIUM | Jenkins | 🔧 fix |
JF-040 |
AI model pulled without a pinned revision | MEDIUM | Jenkins | |
K8S-001 |
Container image not pinned by sha256 digest | HIGH | Kubernetes | 🔧 fix |
K8S-024 |
Container missing both livenessProbe and readinessProbe | MEDIUM | Kubernetes | |
K8S-033 |
Namespace lacks ResourceQuota or LimitRange | MEDIUM | Kubernetes | |
MODEL-001 |
Base model pulled without a pinned reference | MEDIUM | Modelfile | |
MODEL-002 |
Base model pulled from a third-party hub | MEDIUM | Modelfile | |
MODEL-003 |
Base model loaded from a local unverified weights blob | LOW | Modelfile | |
MODEL-004 |
LoRA adapter applied from a remote source | MEDIUM | Modelfile | |
MODEL-005 |
Vendored model config declares custom loader code (auto_map) | MEDIUM | Modelfile | |
MVN-001 |
pom.xml dependency uses a floating version range | MEDIUM | maven | |
MVN-002 |
pom.xml depends on a mutable SNAPSHOT version | MEDIUM | maven | |
NPM-001 |
package.json dependency uses a floating version range | MEDIUM | npm | |
NPM-005 |
package.json git dependency uses a mutable ref | HIGH | npm | |
NUGET-001 |
Floating NuGet version range | MEDIUM | NuGet | |
NUGET-002 |
Wildcard prerelease NuGet version | MEDIUM | NuGet | |
ORG-003 |
Organization allows any GitHub Action to run (no allow-list) | HIGH | SCM org governance | |
ORG-012 |
New repositories get Dependabot alerts but not security updates | LOW | SCM org governance | |
PYPI-001 |
requirements.txt entry missing an exact version pin | MEDIUM | PyPI | |
PYPI-004 |
requirements.txt VCS dependency uses a mutable ref | HIGH | PyPI | |
PYPI-015 |
requirements.txt installs from a direct artifact URL | HIGH | PyPI | |
SCM-005 |
Dependabot security updates are not enabled | MEDIUM | SCM | |
TKN-001 |
Tekton step image not pinned to a digest | HIGH | Tekton | |
TKN-006 |
Tekton run lacks an explicit timeout | LOW | Tekton | |
TKN-012 |
No vulnerability scanning step | MEDIUM | Tekton | |
TKN-016 |
Remote resolver taskRef / pipelineRef not pinned to an immutable revision | HIGH | Tekton |
SI-7: Software, Firmware, and Information Integrity
Evidenced by 130 checks across 32 providers (AWS, Actions run history, Argo Workflows, Azure Cloud, Azure DevOps, Bitbucket, Buildkite, Cargo, CircleCI, Cloud Build, Composer, Developer environment, Dockerfile, Drone CI, GCP, GitHub Actions, GitLab CI, GitLab pipeline run history, Go modules, Harness CI/CD, Helm, Jenkins, Kubernetes, NuGet, OCI manifest, Pulumi, PyPI, SCM, SCM org governance, Tekton, maven, npm).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ACR-003 |
Container registry content trust not enabled | MEDIUM | Azure Cloud | |
ACR-005 |
Container registry tag immutability (verify per-repository locking) | INFO | Azure Cloud | |
ADO-002 |
Script injection via attacker-controllable context | HIGH | Azure DevOps | |
ADO-006 |
Artifacts not signed | MEDIUM | Azure DevOps | |
ADO-010 |
Cross-pipeline download: ingestion unverified |
CRITICAL | Azure DevOps | |
ADO-024 |
No SLSA provenance attestation produced | MEDIUM | Azure DevOps | |
ADO-034 |
ML model loaded with trust_remote_code (code execution) | HIGH | Azure DevOps | |
ADO-035 |
Untrusted PR/commit context reaches an agentic AI CLI (prompt injection) | HIGH | Azure DevOps | |
ARGO-004 |
Argo workflow mounts hostPath or shares host namespaces | CRITICAL | Argo Workflows | |
ARGO-008 |
Argo script source pipes remote install or disables TLS | HIGH | Argo Workflows | 🔧 fix |
ARGO-009 |
Artifacts not signed (no cosign/sigstore step) | MEDIUM | Argo Workflows | |
ARGO-011 |
No SLSA provenance attestation produced | MEDIUM | Argo Workflows | |
ARGO-015 |
Input artifact pulls from an insecure (non-HTTPS) URL | HIGH | Argo Workflows | |
ATTEST-001 |
SLSA provenance attests an untrusted builder identity | HIGH | OCI manifest | |
ATTEST-002 |
SLSA provenance source-repo claim is missing or unverifiable | HIGH | OCI manifest | |
ATTEST-005 |
In-toto Statement subject is missing or unpinned | HIGH | OCI manifest | |
BB-002 |
Script injection via attacker-controllable context | HIGH | Bitbucket | |
BB-006 |
Artifacts not signed | MEDIUM | Bitbucket | |
BB-010 |
Deploy step ingests pull-request artifact unverified | CRITICAL | Bitbucket | |
BB-024 |
No SLSA provenance attestation produced | MEDIUM | Bitbucket | |
BB-030 |
npm install without registry-signature verification step | MEDIUM | Bitbucket | |
BB-031 |
pip install without --require-hashes verification |
MEDIUM | Bitbucket | |
BB-035 |
ML model loaded with trust_remote_code (code execution) | HIGH | Bitbucket | |
BB-036 |
Untrusted PR/branch context reaches an agentic AI CLI (prompt injection) | HIGH | Bitbucket | |
BK-004 |
Remote script piped into shell interpreter | HIGH | Buildkite | 🔧 fix |
BK-009 |
Artifacts not signed (no cosign/sigstore step) | MEDIUM | Buildkite | |
BK-011 |
No SLSA provenance attestation produced | MEDIUM | Buildkite | |
CARGO-003 |
Cargo.toml present without a sibling Cargo.lock | HIGH | Cargo | |
CC-006 |
Artifacts not signed (no cosign/sigstore step) | MEDIUM | CircleCI | |
CC-024 |
No SLSA provenance attestation produced | MEDIUM | CircleCI | |
CC-034 |
ML model loaded with trust_remote_code (code execution) | HIGH | CircleCI | |
COMPOSER-006 |
composer.json scripts hook pipes a remote download to a shell | HIGH | Composer | |
CP-002 |
Artifact store not encrypted with customer-managed KMS key | MEDIUM | AWS | |
CT-002 |
CloudTrail log-file validation disabled | MEDIUM | AWS | |
DEV-004 |
Auto-run command fetches and executes remote code | CRITICAL | Developer environment | |
DF-003 |
ADD pulls remote URL without integrity verification | HIGH | Dockerfile | |
DF-004 |
RUN executes a remote script via curl-pipe / wget-pipe | HIGH | Dockerfile | |
DR-007 |
Step mounts a sensitive host path | HIGH | Drone CI | |
DR-014 |
Step pipes a remote download into a shell interpreter | HIGH | Drone CI | 🔧 fix |
DR-015 |
Pipeline clone enables recursive submodule cloning | MEDIUM | Drone CI | |
DR-016 |
Step image: field carries a Drone template substitution | HIGH | Drone CI | |
DR-019 |
Artifacts not signed (no cosign/sigstore step) | MEDIUM | Drone CI | |
DR-021 |
No SLSA provenance attestation produced | MEDIUM | Drone CI | |
ECR-002 |
Image tags are mutable | HIGH | AWS | |
GCB-009 |
Artifacts not signed (no cosign / sigstore step) | MEDIUM | Cloud Build | |
GCB-017 |
Image-producing build does not request SLSA provenance | MEDIUM | Cloud Build | |
GCCE-001 |
Compute instance does not have Shielded VM enabled | MEDIUM | GCP | |
GCS-003 |
Bucket versioning not enabled | MEDIUM | GCP | |
GHA-002 |
pull_request_target checks out PR head | CRITICAL | GitHub Actions | 🔧 fix |
GHA-006 |
Artifacts not signed (no cosign/sigstore step) | MEDIUM | GitHub Actions | |
GHA-009 |
workflow_run downloads upstream artifact unverified | CRITICAL | GitHub Actions | |
GHA-024 |
No SLSA provenance attestation produced | MEDIUM | GitHub Actions | |
GHA-035 |
github-script step interpolates untrusted context | HIGH | GitHub Actions | |
GHA-048 |
Workflow step writes a file under .github/workflows/ | CRITICAL | GitHub Actions | |
GHA-059 |
npm install without registry-signature verification step | MEDIUM | GitHub Actions | |
GHA-060 |
pip install without --require-hashes verification |
MEDIUM | GitHub Actions | |
GHA-063 |
if: predicate gates on a spoofable bot-actor comparison |
HIGH | GitHub Actions | |
GHA-065 |
Workflow body contains zero-width or bidi Unicode characters | CRITICAL | GitHub Actions | |
GHA-090 |
Action SHA pin references a commit absent from the claimed repo | HIGH | GitHub Actions | |
GHA-092 |
PR head SHA captured then re-fetched (force-push race) | HIGH | GitHub Actions | |
GHA-100 |
cosign verify without certificate identity binding |
HIGH | GitHub Actions | |
GHA-102 |
actions/checkout with submodule fetch on a PR trigger |
HIGH | GitHub Actions | |
GL-002 |
Script injection via untrusted commit/MR context | HIGH | GitLab CI | |
GL-006 |
Artifacts not signed | MEDIUM | GitLab CI | |
GL-010 |
Multi-project pipeline ingests upstream artifact unverified | CRITICAL | GitLab CI | |
GL-024 |
No SLSA provenance attestation produced | MEDIUM | GitLab CI | |
GL-034 |
npm install without registry-signature verification step | MEDIUM | GitLab CI | |
GL-035 |
pip install without --require-hashes verification |
MEDIUM | GitLab CI | |
GL-045 |
ML model loaded with trust_remote_code (code execution) | HIGH | GitLab CI | |
GL-048 |
Untrusted MR/commit context reaches an agentic AI CLI (prompt injection) | HIGH | GitLab CI | |
GLRUN-001 |
Merge-request pipeline exercised in run history | MEDIUM | GitLab pipeline run history | |
GLRUN-002 |
Fork merge-request pipeline executed in run history | HIGH | GitLab pipeline run history | |
GLRUN-003 |
Secret leaked in a fork pipeline's job trace | HIGH | GitLab pipeline run history | |
GLRUN-004 |
Fork pipeline minted a cloud OIDC token | HIGH | GitLab pipeline run history | |
GLRUN-005 |
Fork pipeline ran on a self-managed runner | HIGH | GitLab pipeline run history | |
GOMOD-001 |
go.mod present without sibling go.sum integrity manifest | HIGH | Go modules | |
GOMOD-007 |
vendor/modules.txt missing or stale relative to go.mod | HIGH | Go modules | |
HARNESS-005 |
Step pipes a remote download into a shell interpreter | HIGH | Harness CI/CD | 🔧 fix |
HARNESS-007 |
Stage infrastructure mounts a sensitive host path | HIGH | Harness CI/CD | |
HARNESS-015 |
Artifacts not signed (no cosign/sigstore step) | MEDIUM | Harness CI/CD | |
HARNESS-017 |
No SLSA provenance attestation produced | MEDIUM | Harness CI/CD | |
HELM-002 |
Chart.lock missing per-dependency digests | HIGH | Helm | 🔧 fix |
JF-006 |
Artifacts not signed | MEDIUM | Jenkins | |
JF-012 |
load step pulls Groovy from disk without integrity pin |
MEDIUM | Jenkins | |
JF-013 |
copyArtifacts ingests another job's output unverified | CRITICAL | Jenkins | |
JF-028 |
No SLSA provenance attestation produced | MEDIUM | Jenkins | |
JF-039 |
ML model loaded with trust_remote_code (code execution) | HIGH | Jenkins | |
K8S-010 |
Container seccompProfile not RuntimeDefault or Localhost | MEDIUM | Kubernetes | |
K8S-013 |
Pod uses a hostPath volume | HIGH | Kubernetes | 🔧 fix |
K8S-014 |
Pod hostPath references a sensitive host directory | CRITICAL | Kubernetes | |
K8S-036 |
ServiceAccount imagePullSecrets references missing Secret | MEDIUM | Kubernetes | |
LMB-001 |
Lambda function has no code-signing config | HIGH | AWS | |
MVN-005 |
Maven repository accepts artifacts without strict checksum gating | MEDIUM | maven | |
MVN-014 |
Maven Wrapper distributionUrl lacks distributionSha256Sum | MEDIUM | maven | |
NPM-002 |
package-lock.json entry missing integrity hash | HIGH | npm | |
NUGET-006 |
No NuGet lock file for reproducible restores | MEDIUM | NuGet | |
NUGET-012 |
NuGet.config does not enforce signatureValidationMode = require | HIGH | NuGet | |
NUGET-019 |
signatureValidationMode=require with no trusted signers | HIGH | NuGet | |
OCI-002 |
Image is missing a build attestation manifest | HIGH | OCI manifest | |
OCI-004 |
Image layer references an arbitrary URL (foreign layer) | HIGH | OCI manifest | |
OCI-007 |
Image manifest uses legacy schemaVersion 1 (no content addressing) | HIGH | OCI manifest | |
OCI-008 |
Manifest references digest using unsupported hash algorithm | HIGH | OCI manifest | |
ORG-010 |
New repositories default to secret scanning without push protection | MEDIUM | SCM org governance | |
PULUMI-008 |
Pulumi source spawns a shell with non-constant input | HIGH | Pulumi | |
PULUMI-013 |
Pulumi dynamic provider runs arbitrary code at deploy time | HIGH | Pulumi | |
PULUMI-014 |
ESC environment imported without a project / org qualifier | MEDIUM | Pulumi | |
PYPI-002 |
requirements.txt missing hash pinning (--require-hashes / --hash=) | HIGH | PyPI | |
PYPI-012 |
pyproject.toml [build-system].requires uses floating versions | HIGH | PyPI | |
RUN-001 |
Fork PR executed on a privileged trigger | HIGH | Actions run history | |
RUN-002 |
Privileged trigger exercised in run history | MEDIUM | Actions run history | |
RUN-003 |
Secret leaked in workflow run logs | HIGH | Actions run history | |
RUN-004 |
Fork PR run minted a cloud OIDC token | HIGH | Actions run history | |
RUN-005 |
Fork PR run executed on a self-hosted runner | HIGH | Actions run history | |
S3-003 |
Artifact bucket versioning not enabled | MEDIUM | AWS | |
SCM-004 |
GitHub secret scanning is not enabled | HIGH | SCM | |
SCM-006 |
Default branch protection does not require signed commits | MEDIUM | SCM | |
SCM-007 |
Default branch protection allows force-pushes | HIGH | SCM | |
SCM-009 |
Default branch protection allows branch deletion | HIGH | SCM | |
SCM-015 |
Secret scanning push protection is not enabled | HIGH | SCM | |
SCM-034 |
Active ruleset doesn't block force-push | MEDIUM | SCM | |
SCM-035 |
Active ruleset doesn't block branch deletion | LOW | SCM | |
SCM-036 |
Active ruleset doesn't require signed commits | MEDIUM | SCM | |
SCM-043 |
Tag-targeted ruleset doesn't require signed commits | MEDIUM | SCM | |
SCM-044 |
Default-branch signed-commits requirement bypassed for admins | MEDIUM | SCM | |
SIGN-001 |
No AWS Signer profile defined for Lambda deploys | MEDIUM | AWS | |
SIGN-002 |
AWS Signer profile is revoked or inactive | HIGH | AWS | |
TKN-004 |
Tekton Task mounts hostPath or shares host namespaces | CRITICAL | Tekton | |
TKN-008 |
Tekton step script pipes remote install or disables TLS | HIGH | Tekton | 🔧 fix |
TKN-009 |
Artifacts not signed (no cosign/sigstore step) | MEDIUM | Tekton | |
TKN-011 |
No SLSA provenance attestation produced | MEDIUM | Tekton |
SR-3: Supply Chain Controls and Processes
Evidenced by 232 checks across 30 providers (AWS, Actions run history, Argo CD, Argo Workflows, Azure DevOps, Bitbucket, Buildkite, Cargo, CircleCI, Cloud Build, Composer, Dockerfile, Drone CI, GitHub Actions, GitLab CI, Go modules, Harness CI/CD, Helm, Jenkins, Kubernetes, Modelfile, NuGet, OCI manifest, PyPI, RubyGems, SCM, SCM org governance, Tekton, maven, npm).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-001 |
Task reference not pinned to specific version | HIGH | Azure DevOps | 🔧 fix |
ADO-005 |
Container image not pinned to specific version | HIGH | Azure DevOps | |
ADO-009 |
Container image pinned by tag rather than sha256 digest | LOW | Azure DevOps | |
ADO-016 |
Remote script piped to shell interpreter | HIGH | Azure DevOps | 🔧 fix |
ADO-018 |
Package install from insecure source | HIGH | Azure DevOps | 🔧 fix |
ADO-021 |
Package install without lockfile enforcement | MEDIUM | Azure DevOps | 🔧 fix |
ADO-022 |
Dependency update command bypasses lockfile pins | MEDIUM | Azure DevOps | 🔧 fix |
ADO-025 |
Cross-repo template not pinned to commit SHA | HIGH | Azure DevOps | |
ADO-026 |
Pipeline contains indicators of malicious activity | CRITICAL | Azure DevOps | |
ADO-028 |
Package install bypasses registry integrity (git / path / tarball source) | MEDIUM | Azure DevOps | |
ADO-037 |
AI model pulled without a pinned revision | MEDIUM | Azure DevOps | |
ARGO-001 |
Argo template container image not pinned to a digest | HIGH | Argo Workflows | |
ARGO-008 |
Argo script source pipes remote install or disables TLS | HIGH | Argo Workflows | 🔧 fix |
ARGO-014 |
Argo template script runs unpinned package install | MEDIUM | Argo Workflows | |
ARGOCD-010 |
Argo CD Application targetRevision uses a mutable ref | HIGH | Argo CD | |
ARGOCD-016 |
Application Helm valueFiles fetched from a remote URL | HIGH | Argo CD | |
ARGOCD-017 |
Argo CD in-cluster Application deploys from a mutable source | HIGH | Argo CD | |
ARGOCD-018 |
argocd-cm ships custom resource health / action Lua | MEDIUM | Argo CD | |
ARGOCD-019 |
Argo CD Application disables drift detection on a sensitive field | HIGH | Argo CD | |
BB-001 |
pipe: action not pinned to exact version | HIGH | Bitbucket | 🔧 fix |
BB-009 |
pipe: pinned by version rather than sha256 digest | LOW | Bitbucket | |
BB-012 |
Remote script piped to shell interpreter | HIGH | Bitbucket | 🔧 fix |
BB-014 |
Package install from insecure source | HIGH | Bitbucket | 🔧 fix |
BB-021 |
Package install without lockfile enforcement | MEDIUM | Bitbucket | 🔧 fix |
BB-022 |
Dependency update command bypasses lockfile pins | MEDIUM | Bitbucket | 🔧 fix |
BB-025 |
Pipeline contains indicators of malicious activity | CRITICAL | Bitbucket | |
BB-027 |
Package install bypasses registry integrity (git / path / tarball source) | MEDIUM | Bitbucket | |
BB-029 |
image: (step or service) not pinned by sha256 digest | HIGH | Bitbucket | |
BB-030 |
npm install without registry-signature verification step | MEDIUM | Bitbucket | |
BB-031 |
pip install without --require-hashes verification |
MEDIUM | Bitbucket | |
BB-038 |
AI model pulled without a pinned revision | MEDIUM | Bitbucket | |
BK-001 |
Buildkite plugin not pinned to an exact version | HIGH | Buildkite | |
BK-004 |
Remote script piped into shell interpreter | HIGH | Buildkite | 🔧 fix |
BK-014 |
Step commands run unpinned package installs | MEDIUM | Buildkite | |
CA-002 |
CodeArtifact repository has a public external connection | HIGH | AWS | |
CARGO-002 |
Cargo.toml git dependency uses a mutable ref (no rev) | HIGH | Cargo | |
CARGO-004 |
Cargo.toml dependency is a local-path entry | MEDIUM | Cargo | |
CARGO-005 |
Cargo.toml dependency sourced from an alternate registry | HIGH | Cargo | |
CARGO-006 |
Cargo.toml requires a known-compromised crate version | HIGH | Cargo | |
CARGO-007 |
[build-dependencies] entry uses a floating version spec | HIGH | Cargo | |
CARGO-008 |
Cargo.toml [patch.crates-io] substitutes a different crate | HIGH | Cargo | |
CB-009 |
CodeBuild image not pinned by digest | MEDIUM | AWS | |
CB-011 |
CodeBuild buildspec contains indicators of malicious activity | CRITICAL | AWS | |
CC-001 |
Orb not pinned to exact semver | HIGH | CircleCI | 🔧 fix |
CC-003 |
Docker image not pinned by digest | HIGH | CircleCI | |
CC-016 |
Remote script piped to shell interpreter | HIGH | CircleCI | 🔧 fix |
CC-018 |
Package install from insecure source | HIGH | CircleCI | 🔧 fix |
CC-021 |
Package install without lockfile enforcement | MEDIUM | CircleCI | 🔧 fix |
CC-022 |
Dependency update command bypasses lockfile pins | MEDIUM | CircleCI | 🔧 fix |
CC-026 |
Config contains indicators of malicious activity | CRITICAL | CircleCI | |
CC-028 |
Package install bypasses registry integrity (git / path / tarball source) | MEDIUM | CircleCI | |
CC-029 |
Machine executor image not pinned | HIGH | CircleCI | |
CC-033 |
Job disables Go module checksum / sum-db verification | HIGH | CircleCI | |
CC-035 |
AI model pulled without a pinned revision | MEDIUM | CircleCI | |
COMPOSER-001 |
composer.json present without a sibling composer.lock | HIGH | Composer | |
COMPOSER-002 |
composer.json require uses a floating version constraint | MEDIUM | Composer | |
COMPOSER-005 |
composer.json minimum-stability accepts unstable releases | MEDIUM | Composer | |
COMPOSER-007 |
composer.json requires a known-compromised package version | HIGH | Composer | |
COMPOSER-008 |
composer.json allow-plugins permits any plugin to execute | HIGH | Composer | |
COMPOSER-014 |
composer.json minimum-stability lowered without prefer-stable | MEDIUM | Composer | |
DF-001 |
FROM image not pinned to sha256 digest | HIGH | Dockerfile | 🔧 fix |
DF-003 |
ADD pulls remote URL without integrity verification | HIGH | Dockerfile | |
DF-004 |
RUN executes a remote script via curl-pipe / wget-pipe | HIGH | Dockerfile | |
DF-010 |
apt-get dist-upgrade / upgrade pulls unknown package versions | LOW | Dockerfile | |
DF-021 |
RUN pip install bypasses TLS or uses an HTTP index | HIGH | Dockerfile | |
DF-022 |
RUN uses npm install instead of npm ci | MEDIUM | Dockerfile | |
DF-031 |
COPY --from external image not pinned to sha256 digest | HIGH | Dockerfile | |
DR-001 |
Step image not pinned to a digest | HIGH | Drone CI | |
DR-005 |
Plugin step uses a floating image tag | HIGH | Drone CI | |
DR-008 |
Step uses pull: never (skips registry verification) |
MEDIUM | Drone CI | |
DR-010 |
Step commands run unpinned package installs | MEDIUM | Drone CI | |
DR-012 |
Service container image not pinned to digest | HIGH | Drone CI | |
ECR-003 |
Repository policy allows public access | CRITICAL | AWS | |
ECR-006 |
ECR pull-through cache rule uses an untrusted upstream | HIGH | AWS | |
GCB-001 |
Cloud Build step image not pinned by digest | HIGH | Cloud Build | 🔧 fix |
GCB-004 |
dynamicSubstitutions on with user substitutions in step args | HIGH | Cloud Build | |
GCB-010 |
Remote script piped to shell interpreter | HIGH | Cloud Build | |
GCB-013 |
Package install bypasses registry integrity (git / path / tarball) | MEDIUM | Cloud Build | |
GCB-027 |
Config contains indicators of malicious activity | CRITICAL | Cloud Build | |
GEM-001 |
Gemfile present without a sibling Gemfile.lock | HIGH | RubyGems | |
GEM-002 |
Gemfile gem entry uses a floating version constraint | MEDIUM | RubyGems | |
GEM-005 |
Gemfile gem with git: / github: source missing a ref SHA pin | HIGH | RubyGems | |
GEM-006 |
Gemfile requires a known-compromised gem version | HIGH | RubyGems | |
GEM-007 |
Gemfile declares multiple top-level sources without scoping | MEDIUM | RubyGems | |
GEM-008 |
Gemfile gem declared with a path: source | HIGH | RubyGems | |
GEM-010 |
Gemfile uses dynamic gem-list resolution | MEDIUM | RubyGems | |
GEM-011 |
Gemfile registers a Bundler plugin that runs at install time | HIGH | RubyGems | |
GEM-012 |
Gemfile gem pinned to a per-gem :source | MEDIUM | RubyGems | |
GEM-013 |
Gemfile git gem fetched over an insecure transport | HIGH | RubyGems | |
GHA-001 |
Action not pinned to commit SHA | HIGH | GitHub Actions | 🔧 fix |
GHA-016 |
Remote script piped to shell interpreter | HIGH | GitHub Actions | 🔧 fix |
GHA-017 |
Docker run with insecure flags (privileged/host mount) | CRITICAL | GitHub Actions | 🔧 fix |
GHA-019 |
GITHUB_TOKEN written to persistent storage | CRITICAL | GitHub Actions | 🔧 fix |
GHA-021 |
Package install without lockfile enforcement | MEDIUM | GitHub Actions | 🔧 fix |
GHA-023 |
TLS / certificate verification bypass | HIGH | GitHub Actions | 🔧 fix |
GHA-025 |
Reusable workflow not pinned to commit SHA | HIGH | GitHub Actions | |
GHA-028 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | GitHub Actions | |
GHA-029 |
Package install bypasses registry integrity (git / path / tarball source) | MEDIUM | GitHub Actions | |
GHA-040 |
Action reference matches a known-compromised SHA or tag | CRITICAL | GitHub Actions | |
GHA-041 |
Action upstream repo has a single contributor | MEDIUM | GitHub Actions | |
GHA-042 |
Action upstream repo is newly created | MEDIUM | GitHub Actions | |
GHA-043 |
Low-star action runs with sensitive permissions | HIGH | GitHub Actions | |
GHA-047 |
Action ref resolves to a recently committed tag or SHA | MEDIUM | GitHub Actions | |
GHA-051 |
services / container image is not pinned by digest | HIGH | GitHub Actions | |
GHA-056 |
Workflow body contains a known supply-chain worm indicator | CRITICAL | GitHub Actions | |
GHA-059 |
npm install without registry-signature verification step | MEDIUM | GitHub Actions | |
GHA-060 |
pip install without --require-hashes verification |
MEDIUM | GitHub Actions | |
GHA-088 |
Action uses: slug is a near-edit of a top-traffic action |
HIGH | GitHub Actions | |
GHA-089 |
Action upstream repo is archived | MEDIUM | GitHub Actions | |
GHA-090 |
Action SHA pin references a commit absent from the claimed repo | HIGH | GitHub Actions | |
GHA-091 |
Action upstream repo is missing (takeover-eligible namespace) | HIGH | GitHub Actions | |
GHA-094 |
Action SHA pin matches the current tip of an upstream branch | MEDIUM | GitHub Actions | |
GHA-096 |
Action reference has a known GHSA vulnerability | HIGH | GitHub Actions | |
GHA-110 |
Workflow disables Go module checksum / sum-db verification | HIGH | GitHub Actions | |
GL-001 |
Image not pinned to specific version or digest | HIGH | GitLab CI | 🔧 fix |
GL-005 |
include: pulls remote / project without pinned ref | HIGH | GitLab CI | |
GL-009 |
Image pinned to version tag rather than sha256 digest | LOW | GitLab CI | |
GL-016 |
Remote script piped to shell interpreter | HIGH | GitLab CI | 🔧 fix |
GL-018 |
Package install from insecure source | HIGH | GitLab CI | 🔧 fix |
GL-021 |
Package install without lockfile enforcement | MEDIUM | GitLab CI | 🔧 fix |
GL-022 |
Dependency update command bypasses lockfile pins | MEDIUM | GitLab CI | 🔧 fix |
GL-025 |
Pipeline contains indicators of malicious activity | CRITICAL | GitLab CI | |
GL-027 |
Package install bypasses registry integrity (git / path / tarball source) | MEDIUM | GitLab CI | |
GL-028 |
services: image not pinned | HIGH | GitLab CI | |
GL-030 |
trigger: include: pulls child pipeline without pinned ref | HIGH | GitLab CI | |
GL-034 |
npm install without registry-signature verification step | MEDIUM | GitLab CI | |
GL-035 |
pip install without --require-hashes verification |
MEDIUM | GitLab CI | |
GL-037 |
Pipeline disables Go module checksum / sum-db verification | HIGH | GitLab CI | |
GL-042 |
include: component pulls a CI/CD component without a pinned version | HIGH | GitLab CI | |
GOMOD-002 |
go.mod replace directive points to a local filesystem path | HIGH | Go modules | |
GOMOD-003 |
go.mod replace directive substitutes a different module | HIGH | Go modules | |
GOMOD-006 |
go.mod requires a known-compromised module version | HIGH | Go modules | |
GOMOD-008 |
go.mod replace directive points to a module without a version pin | MEDIUM | Go modules | |
HARNESS-001 |
Step image not pinned to a digest | HIGH | Harness CI/CD | |
HARNESS-012 |
AI model pulled without a pinned revision | MEDIUM | Harness CI/CD | |
HELM-001 |
Chart.yaml declares legacy apiVersion: v1 | MEDIUM | Helm | 🔧 fix |
HELM-002 |
Chart.lock missing per-dependency digests | HIGH | Helm | 🔧 fix |
HELM-003 |
Chart dependency declared on a non-HTTPS repository | HIGH | Helm | 🔧 fix |
HELM-004 |
Chart dependency version is a range, not an exact pin | MEDIUM | Helm | |
HELM-005 |
Chart maintainers field empty or missing chain-of-custody info | LOW | Helm | |
HELM-007 |
Chart.yaml description field is empty or missing | LOW | Helm | |
HELM-008 |
Chart.lock generated more than 90 days ago | MEDIUM | Helm | |
HELM-009 |
Chart home / sources URL uses a non-HTTPS scheme | LOW | Helm | |
HELM-014 |
Chart dependency matches a known-compromised chart registry | HIGH | Helm | |
HELM-015 |
OCI chart dependency pinned only by a mutable tag | HIGH | Helm | |
JF-001 |
Shared library not pinned to a tag or commit | HIGH | Jenkins | |
JF-009 |
Agent docker image not pinned to sha256 digest | HIGH | Jenkins | |
JF-012 |
load step pulls Groovy from disk without integrity pin |
MEDIUM | Jenkins | |
JF-016 |
Remote script piped to shell interpreter | HIGH | Jenkins | 🔧 fix |
JF-018 |
Package install from insecure source | HIGH | Jenkins | 🔧 fix |
JF-021 |
Package install without lockfile enforcement | MEDIUM | Jenkins | 🔧 fix |
JF-022 |
Dependency update command bypasses lockfile pins | MEDIUM | Jenkins | 🔧 fix |
JF-029 |
Jenkinsfile contains indicators of malicious activity | CRITICAL | Jenkins | |
JF-031 |
Package install bypasses registry integrity (git / path / tarball source) | MEDIUM | Jenkins | |
JF-040 |
AI model pulled without a pinned revision | MEDIUM | Jenkins | |
K8S-001 |
Container image not pinned by sha256 digest | HIGH | Kubernetes | 🔧 fix |
K8S-036 |
ServiceAccount imagePullSecrets references missing Secret | MEDIUM | Kubernetes | |
MODEL-001 |
Base model pulled without a pinned reference | MEDIUM | Modelfile | |
MODEL-002 |
Base model pulled from a third-party hub | MEDIUM | Modelfile | |
MODEL-003 |
Base model loaded from a local unverified weights blob | LOW | Modelfile | |
MODEL-004 |
LoRA adapter applied from a remote source | MEDIUM | Modelfile | |
MODEL-005 |
Vendored model config declares custom loader code (auto_map) | MEDIUM | Modelfile | |
MVN-001 |
pom.xml dependency uses a floating version range | MEDIUM | maven | |
MVN-002 |
pom.xml depends on a mutable SNAPSHOT version | MEDIUM | maven | |
MVN-003 |
pom.xml declares a plaintext-HTTP Maven repository | HIGH | maven | |
MVN-004 |
pom.xml dependency omits an explicit <version> |
MEDIUM | maven | |
MVN-005 |
Maven repository accepts artifacts without strict checksum gating | MEDIUM | maven | |
MVN-006 |
pom.xml pins a known-compromised Maven Central artifact version | CRITICAL | maven | |
MVN-007 |
settings.xml mirror routes external traffic through one repo | MEDIUM | maven | |
MVN-008 |
Direct dependency was published within the cooldown window | HIGH | maven | |
MVN-009 |
Maven artifact has a known OSV advisory | CRITICAL | maven | |
MVN-012 |
pom.xml build plugin uses a floating version | HIGH | maven | |
MVN-013 |
pom.xml build extension uses a floating version | HIGH | maven | |
MVN-015 |
pom.xml binds a build-time code-execution plugin to the lifecycle | HIGH | maven | |
MVN-016 |
build.gradle re-enables HTTP via allowInsecureProtocol = true | HIGH | maven | |
MVN-018 |
distributionManagement release repository accepts SNAPSHOTs | MEDIUM | maven | |
NPM-001 |
package.json dependency uses a floating version range | MEDIUM | npm | |
NPM-002 |
package-lock.json entry missing integrity hash | HIGH | npm | |
NPM-003 |
package-lock.json entry resolves from a non-registry source | HIGH | npm | |
NPM-005 |
package.json git dependency uses a mutable ref | HIGH | npm | |
NPM-006 |
package-lock.json pins a known-compromised package version | CRITICAL | npm | |
NPM-008 |
Direct dependency was published within the cooldown window | HIGH | npm | |
NPM-009 |
New transitive dependency added since the base ref | HIGH | npm | |
NPM-010 |
npm package has a known OSV advisory | CRITICAL | npm | |
NPM-012 |
.npmrc publish token lacks IP or readonly restriction | HIGH | npm | |
NPM-014 |
Direct dependency relies on a single npm publisher | LOW | npm | |
NPM-015 |
Direct dependency published without build provenance | LOW | npm | |
NPM-016 |
Direct dependency has a low OpenSSF Scorecard | LOW | npm | |
NPM-017 |
Direct dependency provenance built from a non-release ref | LOW | npm | |
NPM-018 |
Direct dependency's latest release published by a new npm account | MEDIUM | npm | |
NPM-019 |
package.json overrides / resolutions rewrites a dependency to a non-registry source | HIGH | npm | |
NPM-020 |
.npmrc repoints the default or a scoped registry to a non-canonical host | HIGH | npm | |
NUGET-001 |
Floating NuGet version range | MEDIUM | NuGet | |
NUGET-002 |
Wildcard prerelease NuGet version | MEDIUM | NuGet | |
NUGET-003 |
PackageReference missing explicit version | MEDIUM | NuGet | |
NUGET-004 |
HTTP-only NuGet package source | HIGH | NuGet | |
NUGET-005 |
Known-compromised NuGet package version | CRITICAL | NuGet | |
NUGET-006 |
No NuGet lock file for reproducible restores | MEDIUM | NuGet | |
NUGET-007 |
Multiple NuGet sources without packageSourceMapping | HIGH | NuGet | |
NUGET-008 |
NuGet package published within the cooldown window | HIGH | NuGet | |
NUGET-009 |
NuGet package has a known OSV advisory | CRITICAL | NuGet | |
NUGET-011 |
packageSourceMapping pattern is a global wildcard | HIGH | NuGet | |
NUGET-013 |
dotnet-tools.json entry lacks a version pin | HIGH | NuGet | |
NUGET-016 |
Private feed without |
HIGH | NuGet | |
NUGET-017 |
Public gallery active alongside a private feed, not disabled | HIGH | NuGet | |
NUGET-018 |
Project runs build-time MSBuild logic at restore/build | HIGH | NuGet | |
OCI-004 |
Image layer references an arbitrary URL (foreign layer) | HIGH | OCI manifest | |
OCI-007 |
Image manifest uses legacy schemaVersion 1 (no content addressing) | HIGH | OCI manifest | |
OCI-008 |
Manifest references digest using unsupported hash algorithm | HIGH | OCI manifest | |
ORG-003 |
Organization allows any GitHub Action to run (no allow-list) | HIGH | SCM org governance | |
PYPI-001 |
requirements.txt entry missing an exact version pin | MEDIUM | PyPI | |
PYPI-002 |
requirements.txt missing hash pinning (--require-hashes / --hash=) | HIGH | PyPI | |
PYPI-003 |
requirements.txt uses an HTTP index or disables TLS verification | HIGH | PyPI | |
PYPI-004 |
requirements.txt VCS dependency uses a mutable ref | HIGH | PyPI | |
PYPI-005 |
requirements.txt declares --extra-index-url (dependency-confusion surface) | HIGH | PyPI | |
PYPI-006 |
requirements.txt pins a known-compromised PyPI package version | CRITICAL | PyPI | |
PYPI-008 |
Direct dependency was published within the cooldown window | HIGH | PyPI | |
PYPI-009 |
PyPI package has a known OSV advisory | CRITICAL | PyPI | |
PYPI-015 |
requirements.txt installs from a direct artifact URL | HIGH | PyPI | |
PYPI-016 |
requirements.txt repoints the primary index at a non-PyPI host | HIGH | PyPI | |
PYPI-017 |
requirements.txt uses a remote --find-links source | MEDIUM | PyPI | |
PYPI-018 |
requirements.txt forces source builds via --no-binary | MEDIUM | PyPI | |
PYPI-019 |
Direct dependency published without PEP 740 provenance | LOW | PyPI | |
PYPI-020 |
Direct dependency has a low OpenSSF Scorecard | LOW | PyPI | |
PYPI-021 |
Direct dependency provenance built from a non-release ref | LOW | PyPI | |
RUN-006 |
Known-compromised action executed in run history | CRITICAL | Actions run history | |
RUN-007 |
Third-party action pinned by a mutable tag executed in a privileged run | MEDIUM | Actions run history | |
SCM-022 |
Repo Actions permissions allow any source (no allow-list) | MEDIUM | SCM | |
TKN-001 |
Tekton step image not pinned to a digest | HIGH | Tekton | |
TKN-008 |
Tekton step script pipes remote install or disables TLS | HIGH | Tekton | 🔧 fix |
TKN-014 |
Tekton step script runs unpinned package install | MEDIUM | Tekton | |
TKN-016 |
Remote resolver taskRef / pipelineRef not pinned to an immutable revision | HIGH | Tekton |
SR-4: Provenance
Evidenced by 63 checks across 18 providers (AWS, Argo Workflows, Azure Cloud, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, Dockerfile, Drone CI, GitHub Actions, GitLab CI, Harness CI/CD, Helm, Jenkins, OCI manifest, SCM, Tekton).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ACR-003 |
Container registry content trust not enabled | MEDIUM | Azure Cloud | |
ADO-006 |
Artifacts not signed | MEDIUM | Azure DevOps | |
ADO-007 |
SBOM not produced | MEDIUM | Azure DevOps | |
ADO-024 |
No SLSA provenance attestation produced | MEDIUM | Azure DevOps | |
ARGO-009 |
Artifacts not signed (no cosign/sigstore step) | MEDIUM | Argo Workflows | |
ARGO-010 |
No SBOM generated for build artifacts | MEDIUM | Argo Workflows | |
ARGO-011 |
No SLSA provenance attestation produced | MEDIUM | Argo Workflows | |
ATTEST-001 |
SLSA provenance attests an untrusted builder identity | HIGH | OCI manifest | |
ATTEST-002 |
SLSA provenance source-repo claim is missing or unverifiable | HIGH | OCI manifest | |
ATTEST-003 |
SBOM contains floating-version dependencies | MEDIUM | OCI manifest | |
ATTEST-004 |
SLSA provenance ships without a resolved-dependencies set | MEDIUM | OCI manifest | |
ATTEST-005 |
In-toto Statement subject is missing or unpinned | HIGH | OCI manifest | |
ATTEST-006 |
SLSA provenance lacks a meaningful buildType | MEDIUM | OCI manifest | |
ATTEST-007 |
SBOM packages lack supplier / originator attribution | LOW | OCI manifest | |
BB-006 |
Artifacts not signed | MEDIUM | Bitbucket | |
BB-007 |
SBOM not produced | MEDIUM | Bitbucket | |
BB-024 |
No SLSA provenance attestation produced | MEDIUM | Bitbucket | |
BK-009 |
Artifacts not signed (no cosign/sigstore step) | MEDIUM | Buildkite | |
BK-010 |
No SBOM generated for build artifacts | MEDIUM | Buildkite | |
BK-011 |
No SLSA provenance attestation produced | MEDIUM | Buildkite | |
CC-006 |
Artifacts not signed (no cosign/sigstore step) | MEDIUM | CircleCI | |
CC-007 |
SBOM not produced (no CycloneDX/syft/Trivy-SBOM step) | MEDIUM | CircleCI | |
CC-024 |
No SLSA provenance attestation produced | MEDIUM | CircleCI | |
CP-002 |
Artifact store not encrypted with customer-managed KMS key | MEDIUM | AWS | |
DF-016 |
Image lacks OCI provenance labels | LOW | Dockerfile | |
DR-019 |
Artifacts not signed (no cosign/sigstore step) | MEDIUM | Drone CI | |
DR-020 |
No SBOM produced (no syft / cyclonedx step) | MEDIUM | Drone CI | |
DR-021 |
No SLSA provenance attestation produced | MEDIUM | Drone CI | |
ECR-002 |
Image tags are mutable | HIGH | AWS | |
ECR-005 |
Repository encrypted with AES256 rather than KMS CMK | MEDIUM | AWS | |
GCB-007 |
availableSecrets references versions/latest |
MEDIUM | Cloud Build | 🔧 fix |
GCB-009 |
Artifacts not signed (no cosign / sigstore step) | MEDIUM | Cloud Build | |
GCB-015 |
SBOM not produced (no CycloneDX / syft / Trivy-SBOM step) | MEDIUM | Cloud Build | |
GCB-017 |
Image-producing build does not request SLSA provenance | MEDIUM | Cloud Build | |
GCB-024 |
Build pushes Docker images but top-level images: is empty | LOW | Cloud Build | |
GHA-006 |
Artifacts not signed (no cosign/sigstore step) | MEDIUM | GitHub Actions | |
GHA-007 |
SBOM not produced (no CycloneDX/syft/Trivy-SBOM step) | MEDIUM | GitHub Actions | |
GHA-024 |
No SLSA provenance attestation produced | MEDIUM | GitHub Actions | |
GL-006 |
Artifacts not signed | MEDIUM | GitLab CI | |
GL-007 |
SBOM not produced | MEDIUM | GitLab CI | |
GL-024 |
No SLSA provenance attestation produced | MEDIUM | GitLab CI | |
HARNESS-015 |
Artifacts not signed (no cosign/sigstore step) | MEDIUM | Harness CI/CD | |
HARNESS-016 |
No SBOM produced (no syft / cyclonedx step) | MEDIUM | Harness CI/CD | |
HARNESS-017 |
No SLSA provenance attestation produced | MEDIUM | Harness CI/CD | |
HELM-005 |
Chart maintainers field empty or missing chain-of-custody info | LOW | Helm | |
JF-006 |
Artifacts not signed | MEDIUM | Jenkins | |
JF-007 |
SBOM not produced | MEDIUM | Jenkins | |
JF-027 |
archiveArtifacts does not record a fingerprint |
LOW | Jenkins | |
JF-028 |
No SLSA provenance attestation produced | MEDIUM | Jenkins | |
LMB-001 |
Lambda function has no code-signing config | HIGH | AWS | |
OCI-001 |
Image manifest is missing OCI provenance annotations | MEDIUM | OCI manifest | |
OCI-002 |
Image is missing a build attestation manifest | HIGH | OCI manifest | |
OCI-003 |
Image manifest is missing the image.created annotation |
LOW | OCI manifest | |
OCI-005 |
Image manifest is missing the image.licenses annotation |
LOW | OCI manifest | |
OCI-009 |
Image manifest is missing OCI base-image annotations | MEDIUM | OCI manifest | |
SCM-006 |
Default branch protection does not require signed commits | MEDIUM | SCM | |
SCM-036 |
Active ruleset doesn't require signed commits | MEDIUM | SCM | |
SCM-043 |
Tag-targeted ruleset doesn't require signed commits | MEDIUM | SCM | |
SIGN-001 |
No AWS Signer profile defined for Lambda deploys | MEDIUM | AWS | |
SIGN-002 |
AWS Signer profile is revoked or inactive | HIGH | AWS | |
TKN-009 |
Artifacts not signed (no cosign/sigstore step) | MEDIUM | Tekton | |
TKN-010 |
No SBOM generated for build artifacts | MEDIUM | Tekton | |
TKN-011 |
No SLSA provenance attestation produced | MEDIUM | Tekton |
SR-11: Component Authenticity
Evidenced by 169 checks across 25 providers (AWS, Actions run history, Argo Workflows, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, Dockerfile, Drone CI, GitHub Actions, GitLab CI, Harness CI/CD, Helm, Jenkins, Kubernetes, Modelfile, NuGet, OCI manifest, PyPI, SCM, SCM org governance, Tekton, maven, npm).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-001 |
Task reference not pinned to specific version | HIGH | Azure DevOps | 🔧 fix |
ADO-005 |
Container image not pinned to specific version | HIGH | Azure DevOps | |
ADO-009 |
Container image pinned by tag rather than sha256 digest | LOW | Azure DevOps | |
ADO-016 |
Remote script piped to shell interpreter | HIGH | Azure DevOps | 🔧 fix |
ADO-018 |
Package install from insecure source | HIGH | Azure DevOps | 🔧 fix |
ADO-021 |
Package install without lockfile enforcement | MEDIUM | Azure DevOps | 🔧 fix |
ADO-022 |
Dependency update command bypasses lockfile pins | MEDIUM | Azure DevOps | 🔧 fix |
ADO-025 |
Cross-repo template not pinned to commit SHA | HIGH | Azure DevOps | |
ADO-028 |
Package install bypasses registry integrity (git / path / tarball source) | MEDIUM | Azure DevOps | |
ADO-037 |
AI model pulled without a pinned revision | MEDIUM | Azure DevOps | |
ARGO-001 |
Argo template container image not pinned to a digest | HIGH | Argo Workflows | |
ARGO-008 |
Argo script source pipes remote install or disables TLS | HIGH | Argo Workflows | 🔧 fix |
ARGO-014 |
Argo template script runs unpinned package install | MEDIUM | Argo Workflows | |
BB-001 |
pipe: action not pinned to exact version | HIGH | Bitbucket | 🔧 fix |
BB-009 |
pipe: pinned by version rather than sha256 digest | LOW | Bitbucket | |
BB-012 |
Remote script piped to shell interpreter | HIGH | Bitbucket | 🔧 fix |
BB-014 |
Package install from insecure source | HIGH | Bitbucket | 🔧 fix |
BB-021 |
Package install without lockfile enforcement | MEDIUM | Bitbucket | 🔧 fix |
BB-022 |
Dependency update command bypasses lockfile pins | MEDIUM | Bitbucket | 🔧 fix |
BB-027 |
Package install bypasses registry integrity (git / path / tarball source) | MEDIUM | Bitbucket | |
BB-029 |
image: (step or service) not pinned by sha256 digest | HIGH | Bitbucket | |
BB-030 |
npm install without registry-signature verification step | MEDIUM | Bitbucket | |
BB-031 |
pip install without --require-hashes verification |
MEDIUM | Bitbucket | |
BB-038 |
AI model pulled without a pinned revision | MEDIUM | Bitbucket | |
BK-001 |
Buildkite plugin not pinned to an exact version | HIGH | Buildkite | |
BK-004 |
Remote script piped into shell interpreter | HIGH | Buildkite | 🔧 fix |
BK-014 |
Step commands run unpinned package installs | MEDIUM | Buildkite | |
CA-002 |
CodeArtifact repository has a public external connection | HIGH | AWS | |
CB-009 |
CodeBuild image not pinned by digest | MEDIUM | AWS | |
CC-001 |
Orb not pinned to exact semver | HIGH | CircleCI | 🔧 fix |
CC-003 |
Docker image not pinned by digest | HIGH | CircleCI | |
CC-016 |
Remote script piped to shell interpreter | HIGH | CircleCI | 🔧 fix |
CC-018 |
Package install from insecure source | HIGH | CircleCI | 🔧 fix |
CC-021 |
Package install without lockfile enforcement | MEDIUM | CircleCI | 🔧 fix |
CC-028 |
Package install bypasses registry integrity (git / path / tarball source) | MEDIUM | CircleCI | |
CC-029 |
Machine executor image not pinned | HIGH | CircleCI | |
CC-035 |
AI model pulled without a pinned revision | MEDIUM | CircleCI | |
DF-001 |
FROM image not pinned to sha256 digest | HIGH | Dockerfile | 🔧 fix |
DF-003 |
ADD pulls remote URL without integrity verification | HIGH | Dockerfile | |
DF-004 |
RUN executes a remote script via curl-pipe / wget-pipe | HIGH | Dockerfile | |
DF-022 |
RUN uses npm install instead of npm ci | MEDIUM | Dockerfile | |
DF-031 |
COPY --from external image not pinned to sha256 digest | HIGH | Dockerfile | |
DR-001 |
Step image not pinned to a digest | HIGH | Drone CI | |
DR-005 |
Plugin step uses a floating image tag | HIGH | Drone CI | |
DR-008 |
Step uses pull: never (skips registry verification) |
MEDIUM | Drone CI | |
DR-010 |
Step commands run unpinned package installs | MEDIUM | Drone CI | |
DR-012 |
Service container image not pinned to digest | HIGH | Drone CI | |
ECR-002 |
Image tags are mutable | HIGH | AWS | |
ECR-006 |
ECR pull-through cache rule uses an untrusted upstream | HIGH | AWS | |
GCB-001 |
Cloud Build step image not pinned by digest | HIGH | Cloud Build | 🔧 fix |
GCB-004 |
dynamicSubstitutions on with user substitutions in step args | HIGH | Cloud Build | |
GCB-010 |
Remote script piped to shell interpreter | HIGH | Cloud Build | |
GCB-013 |
Package install bypasses registry integrity (git / path / tarball) | MEDIUM | Cloud Build | |
GHA-001 |
Action not pinned to commit SHA | HIGH | GitHub Actions | 🔧 fix |
GHA-016 |
Remote script piped to shell interpreter | HIGH | GitHub Actions | 🔧 fix |
GHA-017 |
Docker run with insecure flags (privileged/host mount) | CRITICAL | GitHub Actions | 🔧 fix |
GHA-019 |
GITHUB_TOKEN written to persistent storage | CRITICAL | GitHub Actions | 🔧 fix |
GHA-021 |
Package install without lockfile enforcement | MEDIUM | GitHub Actions | 🔧 fix |
GHA-023 |
TLS / certificate verification bypass | HIGH | GitHub Actions | 🔧 fix |
GHA-025 |
Reusable workflow not pinned to commit SHA | HIGH | GitHub Actions | |
GHA-028 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | GitHub Actions | |
GHA-029 |
Package install bypasses registry integrity (git / path / tarball source) | MEDIUM | GitHub Actions | |
GHA-040 |
Action reference matches a known-compromised SHA or tag | CRITICAL | GitHub Actions | |
GHA-041 |
Action upstream repo has a single contributor | MEDIUM | GitHub Actions | |
GHA-042 |
Action upstream repo is newly created | MEDIUM | GitHub Actions | |
GHA-043 |
Low-star action runs with sensitive permissions | HIGH | GitHub Actions | |
GHA-047 |
Action ref resolves to a recently committed tag or SHA | MEDIUM | GitHub Actions | |
GHA-051 |
services / container image is not pinned by digest | HIGH | GitHub Actions | |
GHA-059 |
npm install without registry-signature verification step | MEDIUM | GitHub Actions | |
GHA-060 |
pip install without --require-hashes verification |
MEDIUM | GitHub Actions | |
GHA-088 |
Action uses: slug is a near-edit of a top-traffic action |
HIGH | GitHub Actions | |
GHA-089 |
Action upstream repo is archived | MEDIUM | GitHub Actions | |
GHA-090 |
Action SHA pin references a commit absent from the claimed repo | HIGH | GitHub Actions | |
GHA-091 |
Action upstream repo is missing (takeover-eligible namespace) | HIGH | GitHub Actions | |
GHA-094 |
Action SHA pin matches the current tip of an upstream branch | MEDIUM | GitHub Actions | |
GHA-096 |
Action reference has a known GHSA vulnerability | HIGH | GitHub Actions | |
GHA-100 |
cosign verify without certificate identity binding |
HIGH | GitHub Actions | |
GL-001 |
Image not pinned to specific version or digest | HIGH | GitLab CI | 🔧 fix |
GL-005 |
include: pulls remote / project without pinned ref | HIGH | GitLab CI | |
GL-009 |
Image pinned to version tag rather than sha256 digest | LOW | GitLab CI | |
GL-016 |
Remote script piped to shell interpreter | HIGH | GitLab CI | 🔧 fix |
GL-018 |
Package install from insecure source | HIGH | GitLab CI | 🔧 fix |
GL-021 |
Package install without lockfile enforcement | MEDIUM | GitLab CI | 🔧 fix |
GL-022 |
Dependency update command bypasses lockfile pins | MEDIUM | GitLab CI | 🔧 fix |
GL-027 |
Package install bypasses registry integrity (git / path / tarball source) | MEDIUM | GitLab CI | |
GL-028 |
services: image not pinned | HIGH | GitLab CI | |
GL-030 |
trigger: include: pulls child pipeline without pinned ref | HIGH | GitLab CI | |
GL-034 |
npm install without registry-signature verification step | MEDIUM | GitLab CI | |
GL-035 |
pip install without --require-hashes verification |
MEDIUM | GitLab CI | |
GL-042 |
include: component pulls a CI/CD component without a pinned version | HIGH | GitLab CI | |
HARNESS-001 |
Step image not pinned to a digest | HIGH | Harness CI/CD | |
HARNESS-012 |
AI model pulled without a pinned revision | MEDIUM | Harness CI/CD | |
HELM-002 |
Chart.lock missing per-dependency digests | HIGH | Helm | 🔧 fix |
HELM-004 |
Chart dependency version is a range, not an exact pin | MEDIUM | Helm | |
JF-001 |
Shared library not pinned to a tag or commit | HIGH | Jenkins | |
JF-009 |
Agent docker image not pinned to sha256 digest | HIGH | Jenkins | |
JF-012 |
load step pulls Groovy from disk without integrity pin |
MEDIUM | Jenkins | |
JF-016 |
Remote script piped to shell interpreter | HIGH | Jenkins | 🔧 fix |
JF-018 |
Package install from insecure source | HIGH | Jenkins | 🔧 fix |
JF-021 |
Package install without lockfile enforcement | MEDIUM | Jenkins | 🔧 fix |
JF-022 |
Dependency update command bypasses lockfile pins | MEDIUM | Jenkins | 🔧 fix |
JF-031 |
Package install bypasses registry integrity (git / path / tarball source) | MEDIUM | Jenkins | |
JF-040 |
AI model pulled without a pinned revision | MEDIUM | Jenkins | |
K8S-001 |
Container image not pinned by sha256 digest | HIGH | Kubernetes | 🔧 fix |
K8S-036 |
ServiceAccount imagePullSecrets references missing Secret | MEDIUM | Kubernetes | |
MODEL-001 |
Base model pulled without a pinned reference | MEDIUM | Modelfile | |
MODEL-002 |
Base model pulled from a third-party hub | MEDIUM | Modelfile | |
MODEL-003 |
Base model loaded from a local unverified weights blob | LOW | Modelfile | |
MODEL-004 |
LoRA adapter applied from a remote source | MEDIUM | Modelfile | |
MODEL-005 |
Vendored model config declares custom loader code (auto_map) | MEDIUM | Modelfile | |
MVN-001 |
pom.xml dependency uses a floating version range | MEDIUM | maven | |
MVN-002 |
pom.xml depends on a mutable SNAPSHOT version | MEDIUM | maven | |
MVN-003 |
pom.xml declares a plaintext-HTTP Maven repository | HIGH | maven | |
MVN-004 |
pom.xml dependency omits an explicit <version> |
MEDIUM | maven | |
MVN-005 |
Maven repository accepts artifacts without strict checksum gating | MEDIUM | maven | |
MVN-006 |
pom.xml pins a known-compromised Maven Central artifact version | CRITICAL | maven | |
MVN-007 |
settings.xml mirror routes external traffic through one repo | MEDIUM | maven | |
MVN-008 |
Direct dependency was published within the cooldown window | HIGH | maven | |
MVN-009 |
Maven artifact has a known OSV advisory | CRITICAL | maven | |
NPM-001 |
package.json dependency uses a floating version range | MEDIUM | npm | |
NPM-002 |
package-lock.json entry missing integrity hash | HIGH | npm | |
NPM-003 |
package-lock.json entry resolves from a non-registry source | HIGH | npm | |
NPM-005 |
package.json git dependency uses a mutable ref | HIGH | npm | |
NPM-006 |
package-lock.json pins a known-compromised package version | CRITICAL | npm | |
NPM-008 |
Direct dependency was published within the cooldown window | HIGH | npm | |
NPM-009 |
New transitive dependency added since the base ref | HIGH | npm | |
NPM-010 |
npm package has a known OSV advisory | CRITICAL | npm | |
NPM-014 |
Direct dependency relies on a single npm publisher | LOW | npm | |
NPM-015 |
Direct dependency published without build provenance | LOW | npm | |
NPM-016 |
Direct dependency has a low OpenSSF Scorecard | LOW | npm | |
NPM-017 |
Direct dependency provenance built from a non-release ref | LOW | npm | |
NPM-018 |
Direct dependency's latest release published by a new npm account | MEDIUM | npm | |
NPM-019 |
package.json overrides / resolutions rewrites a dependency to a non-registry source | HIGH | npm | |
NPM-020 |
.npmrc repoints the default or a scoped registry to a non-canonical host | HIGH | npm | |
NUGET-001 |
Floating NuGet version range | MEDIUM | NuGet | |
NUGET-002 |
Wildcard prerelease NuGet version | MEDIUM | NuGet | |
NUGET-003 |
PackageReference missing explicit version | MEDIUM | NuGet | |
NUGET-004 |
HTTP-only NuGet package source | HIGH | NuGet | |
NUGET-005 |
Known-compromised NuGet package version | CRITICAL | NuGet | |
NUGET-006 |
No NuGet lock file for reproducible restores | MEDIUM | NuGet | |
NUGET-007 |
Multiple NuGet sources without packageSourceMapping | HIGH | NuGet | |
NUGET-008 |
NuGet package published within the cooldown window | HIGH | NuGet | |
NUGET-009 |
NuGet package has a known OSV advisory | CRITICAL | NuGet | |
OCI-004 |
Image layer references an arbitrary URL (foreign layer) | HIGH | OCI manifest | |
OCI-007 |
Image manifest uses legacy schemaVersion 1 (no content addressing) | HIGH | OCI manifest | |
OCI-008 |
Manifest references digest using unsupported hash algorithm | HIGH | OCI manifest | |
ORG-003 |
Organization allows any GitHub Action to run (no allow-list) | HIGH | SCM org governance | |
PYPI-001 |
requirements.txt entry missing an exact version pin | MEDIUM | PyPI | |
PYPI-002 |
requirements.txt missing hash pinning (--require-hashes / --hash=) | HIGH | PyPI | |
PYPI-003 |
requirements.txt uses an HTTP index or disables TLS verification | HIGH | PyPI | |
PYPI-004 |
requirements.txt VCS dependency uses a mutable ref | HIGH | PyPI | |
PYPI-005 |
requirements.txt declares --extra-index-url (dependency-confusion surface) | HIGH | PyPI | |
PYPI-006 |
requirements.txt pins a known-compromised PyPI package version | CRITICAL | PyPI | |
PYPI-008 |
Direct dependency was published within the cooldown window | HIGH | PyPI | |
PYPI-009 |
PyPI package has a known OSV advisory | CRITICAL | PyPI | |
PYPI-015 |
requirements.txt installs from a direct artifact URL | HIGH | PyPI | |
PYPI-016 |
requirements.txt repoints the primary index at a non-PyPI host | HIGH | PyPI | |
PYPI-017 |
requirements.txt uses a remote --find-links source | MEDIUM | PyPI | |
PYPI-018 |
requirements.txt forces source builds via --no-binary | MEDIUM | PyPI | |
PYPI-019 |
Direct dependency published without PEP 740 provenance | LOW | PyPI | |
PYPI-020 |
Direct dependency has a low OpenSSF Scorecard | LOW | PyPI | |
PYPI-021 |
Direct dependency provenance built from a non-release ref | LOW | PyPI | |
RUN-006 |
Known-compromised action executed in run history | CRITICAL | Actions run history | |
RUN-007 |
Third-party action pinned by a mutable tag executed in a privileged run | MEDIUM | Actions run history | |
SCM-022 |
Repo Actions permissions allow any source (no allow-list) | MEDIUM | SCM | |
TKN-001 |
Tekton step image not pinned to a digest | HIGH | Tekton | |
TKN-008 |
Tekton step script pipes remote install or disables TLS | HIGH | Tekton | 🔧 fix |
TKN-014 |
Tekton step script runs unpinned package install | MEDIUM | Tekton | |
TKN-016 |
Remote resolver taskRef / pipelineRef not pinned to an immutable revision | HIGH | Tekton |
This page is generated. Edit pipeline_check/core/standards/data/nist_800_53.py (mappings) or scripts/gen_standards_docs.py (intro / per-control prose) and run python scripts/gen_standards_docs.py nist_800_53.