OSC&R (Open Software Supply Chain Attack Reference)
- Version: 2024
- URL: https://pbom.dev/
- Source of truth:
pipeline_check/core/standards/data/oscr.py
OSC&R (Open Software Supply Chain Attack Reference) is an open framework that mirrors the MITRE ATT&CK matrix structure for software supply chain attacks. Twelve tactics (Reconnaissance through Impact), 86 techniques. The matrix is maintained at pbom-dev/OSCAR.
OSC&R fills a gap between the OWASP CI/CD Top 10 (CI/CD-specific but only 10 items) and broader frameworks like NIST 800-53 (exhaustive but not attack-centric). Use this page when you want to map pipeline posture findings to a supply-chain attack taxonomy, showing which attacker techniques your current configuration would or would not resist.
Pair with OWASP CI/CD Top 10 for the canonical risk vocabulary and SLSA for the build-integrity axis.
At a glance
- Controls in this standard: 86
- Controls evidenced by at least one check: 61 / 86
- Distinct checks evidencing this standard: 725
- Of those, autofixable with
--fix: 112
Severity levels (CRITICAL / HIGH / MEDIUM / LOW / INFO) follow the same scale across every provider and standard. See How to read severity on the standards overview for the definitions.
Coverage by control
Click a control ID to jump to the per-control section with the full check list. The severity mix column shows the spread of evidencing checks by severity (Critical / High / Medium / Low / Info).
| Control | Title | Checks | Severity mix |
|---|---|---|---|
REC-1 |
Discover naming conventions | 0 | — |
REC-2 |
Scan public CI/CD configurations for secrets and vulnerable actions | 16 | 16C |
REC-3 |
Discover technology stacks | 0 | — |
REC-4 |
Active scanning | 0 | — |
REC-5 |
Discover used open-source dependencies | 0 | — |
REC-6 |
Scan public artifacts for secrets | 10 | 4C · 6H |
REC-7 |
Discover internal artifact names | 0 | — |
REC-8 |
Discover coding flaws | 0 | — |
REC-9 |
Accidental public disclosure of internal resources | 0 | — |
REC-10 |
Scan configuration on public resources | 2 | 1H · 1L |
RD-1 |
Malicious code contribution to an open-source repository | 6 | 3H · 3M |
RD-2 |
Accounts in public registry | 0 | — |
RD-3 |
Publish malicious artifact | 4 | 4H |
RD-4 |
Forge developer reputation | 4 | 1H · 3M |
RD-5 |
Compromised legitimate artifact | 14 | 11C · 3H |
RD-6 |
Advertise malicious artifact | 0 | — |
IA-1 |
Combosquatting | 1 | 1H |
IA-2 |
Malicious IDE extension | 0 | — |
IA-3 |
External user accounts | 1 | 1H |
IA-4 |
Services / servers compromise | 6 | 1H · 5M |
IA-5 |
Vulnerable CI/CD system | 14 | 8M · 6L |
IA-6 |
Exposed storage | 6 | 3C · 1H · 2M |
IA-7 |
Malicious module injection | 0 | — |
IA-8 |
Exposed webhook | 1 | 1H |
IA-9 |
Compromised token | 20 | 4C · 9H · 7M |
IA-10 |
Vulnerable CI/CD plugins | 11 | 1C · 10H |
IA-11 |
Vulnerable CI/CD template | 70 | 36H · 28M · 6L |
IA-12 |
Exposed internal API | 0 | — |
IA-13 |
Vulnerability in third-party dependency | 52 | 8C · 8H · 36M |
IA-14 |
Compromised developer workstation | 0 | — |
IA-15 |
Exposed database | 0 | — |
IA-16 |
Compromised service account | 10 | 1C · 7H · 2M |
IA-17 |
Dependency confusion | 8 | 6H · 2M |
IA-18 |
Permissive network access | 10 | 1C · 5H · 4M |
IA-19 |
Repojacking | 2 | 2H |
IA-20 |
Compromised user account | 4 | 3H · 1M |
IA-21 |
Typosquatting | 1 | 1H |
IA-22 |
Weak authentication methods | 13 | 11H · 2M |
IA-23 |
Brandjacking | 1 | 1H |
IA-24 |
Shadow IT | 2 | 1H · 1M |
EX-1 |
Installation scripts | 15 | 13H · 2M |
EX-2 |
Runtime logic bomb | 0 | — |
EX-3 |
IDE | 0 | — |
EX-4 |
Runtime backdoor | 0 | — |
EX-5 |
Package manager | 0 | — |
EX-6 |
Command injection | 84 | 8C · 69H · 6M · 1L |
EX-7 |
SQL injection | 0 | — |
EX-8 |
Cross-site scripting | 0 | — |
EX-9 |
Malicious artifact execution | 5 | 5C |
EX-10 |
Cloud workload | 0 | — |
EX-11 |
Auto merge rules in SCM | 2 | 1H · 1M |
EX-12 |
Trigger pipeline execution | 22 | 5C · 12H · 3M · 2L |
PER-1 |
Recursive PR | 3 | 1C · 1H · 1M |
PER-2 |
Deploy keys | 1 | 1H |
PER-3 |
Backdoor in code | 4 | 3C · 1H |
PER-4 |
Add user | 1 | 1H |
PER-5 |
Untagged resources | 0 | — |
PER-6 |
Scheduled task / job on self-hosted runner | 8 | 2H · 6M |
PER-7 |
Implant in zombie instance | 0 | — |
PER-8 |
Create access token | 5 | 4H · 1M |
PE-1 |
Inject malicious dependency to privileged user repository | 7 | 2C · 5H |
PE-2 |
Runners / agents running with high user privileges | 47 | 11C · 24H · 10M · 2L |
DE-1 |
Bypass review using admin permission | 41 | 16H · 23M · 2L |
DE-2 |
SaaS sprawl | 1 | 1M |
DE-3 |
Misconfigured audit log settings | 33 | 3H · 7M · 7L · 16I |
DE-4 |
Misconfiguration of security measures | 92 | 1C · 14H · 56M · 21L |
DE-5 |
Malicious compiler / interpreter | 0 | — |
DE-6 |
Misconfigured traffic log settings | 2 | 1M · 1L |
CA-1 |
Passwords in application logs | 1 | 1M |
CA-2 |
Dumping credentials from files | 15 | 6C · 6H · 3M |
CA-3 |
Harvest secrets from logs | 2 | 1C · 1H |
CA-4 |
Dumping short-lived token | 2 | 2M |
CA-5 |
Dump tokens from environment variable | 25 | 4C · 20H · 1M |
CA-6 |
Passwords in CI/CD logs | 42 | 19C · 19H · 4M |
CA-7 |
Runtime leakage of password | 0 | — |
CA-8 |
Steal credentials in container artifacts | 12 | 4C · 7H · 1M |
LM-1 |
Push implants across repositories | 1 | 1H |
LM-2 |
Overprivileged user account | 34 | 7C · 16H · 10M · 1L |
COL-1 |
Unencrypted data in transit | 29 | 25H · 3M · 1L |
COL-2 |
Unencrypted data at rest | 9 | 1C · 2H · 6M |
EXF-1 |
Bypass of outbound traffic control | 1 | 1C |
EXF-2 |
Source code | 2 | 1C · 1H |
EXF-3 |
Webhook | 1 | 1H |
IMP-1 |
Delete repositories for DoS | 2 | 2H |
IMP-2 |
Resource hijacking | 5 | 1H · 4M |
IMP-3 |
Misconfiguration of serverless workloads | 4 | 1C · 3H |
Filter at runtime
Restrict a scan to checks that evidence this standard with --standard oscr:
# All providers, only checks tied to this standard
pipeline_check --standard oscr
# Compose with --pipeline to scope by provider
pipeline_check --pipeline github --standard oscr
# Compose with another standard to widen the lens
pipeline_check --pipeline aws --standard oscr --standard owasp_cicd_top_10
Controls in scope
REC-1: Discover naming conventions
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
REC-2: Scan public CI/CD configurations for secrets and vulnerable actions
Evidenced by 16 checks across 15 providers (Argo Workflows, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, CloudFormation, Developer environment, Drone CI, GitHub Actions, GitLab CI, Harness CI/CD, Jenkins, Tekton, Terraform).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-008 |
Credential-shaped literal in pipeline body | CRITICAL | Azure DevOps | 🔧 fix |
ARGO-006 |
Literal secret value in Argo template env or parameter default | CRITICAL | Argo Workflows | 🔧 fix |
BB-008 |
Credential-shaped literal in pipeline body | CRITICAL | Bitbucket | 🔧 fix |
BK-002 |
Literal secret value in pipeline env block | CRITICAL | Buildkite | 🔧 fix |
CC-008 |
Credential-shaped literal in config body | CRITICAL | CircleCI | 🔧 fix |
CF-002 |
Stateful data-store resource carries a plaintext secret | CRITICAL | CloudFormation | |
DEV-008 |
Credential-shaped literal in a developer-environment config | CRITICAL | Developer environment | |
DR-004 |
Literal credential in step environment / settings | CRITICAL | Drone CI | |
GCB-012 |
Credential-shaped literal in pipeline body | CRITICAL | Cloud Build | 🔧 fix |
GHA-008 |
Credential-shaped literal in workflow body | CRITICAL | GitHub Actions | 🔧 fix |
GHA-039 |
services / container credentials embedded as literal in workflow | CRITICAL | GitHub Actions | |
GL-008 |
Credential-shaped literal in pipeline body | CRITICAL | GitLab CI | 🔧 fix |
HARNESS-004 |
Literal credential in a pipeline / stage variable | CRITICAL | Harness CI/CD | 🔧 fix |
JF-008 |
Credential-shaped literal in pipeline body | CRITICAL | Jenkins | 🔧 fix |
TF-002 |
Stateful data-store resource carries a plaintext secret | CRITICAL | Terraform | |
TKN-005 |
Literal secret value in Tekton step env or param default | CRITICAL | Tekton | 🔧 fix |
REC-3: Discover technology stacks
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
REC-4: Active scanning
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
REC-5: Discover used open-source dependencies
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
REC-6: Scan public artifacts for secrets
Evidenced by 10 checks across 4 providers (Dockerfile, Kubernetes, NuGet, npm).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
DF-006 |
ENV or ARG carries a credential-shaped literal value | CRITICAL | Dockerfile | |
DF-019 |
COPY/ADD source path looks like a credential file | HIGH | Dockerfile | 🔧 fix |
DF-020 |
ARG declares a credential-named build argument | HIGH | Dockerfile | 🔧 fix |
DF-025 |
RUN writes a registry auth token into a Docker layer | CRITICAL | Dockerfile | |
K8S-017 |
Container env value carries a credential-shaped literal | CRITICAL | Kubernetes | |
K8S-018 |
Secret stringData/data carries a credential-shaped literal | CRITICAL | Kubernetes | |
K8S-037 |
ConfigMap data carries a credential-shaped literal | HIGH | Kubernetes | |
NPM-011 |
package.json files field includes secret-shaped paths | HIGH | npm | |
NPM-013 |
package.json files field uses an overly broad pattern | HIGH | npm | |
NUGET-010 |
NuGet.config stores a feed credential in plaintext | HIGH | NuGet |
REC-7: Discover internal artifact names
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
REC-8: Discover coding flaws
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
REC-9: Accidental public disclosure of internal resources
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
REC-10: Scan configuration on public resources
Evidenced by 2 checks across SCM.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
SCM-016 |
Private vulnerability reporting is not enabled | LOW | SCM | |
SCM-026 |
Webhook ships events insecurely (HTTP / no-TLS / no-secret) | HIGH | SCM |
RD-1: Malicious code contribution to an open-source repository
Evidenced by 6 checks across SCM.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
SCM-001 |
Default branch has no protection rule | HIGH | SCM | |
SCM-002 |
Default branch protection does not require pull request reviews | HIGH | SCM | |
SCM-010 |
Branch protection allows administrators to bypass | HIGH | SCM | |
SCM-011 |
Default branch protection does not require CODEOWNERS reviews | MEDIUM | SCM | |
SCM-012 |
Default branch protection keeps stale reviews after a push | MEDIUM | SCM | |
SCM-017 |
Repository has no CODEOWNERS file | MEDIUM | SCM |
RD-2: Accounts in public registry
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
RD-3: Publish malicious artifact
Evidenced by 4 checks across 4 providers (NuGet, PyPI, maven, npm).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
MVN-008 |
Direct dependency was published within the cooldown window | HIGH | maven | |
NPM-008 |
Direct dependency was published within the cooldown window | HIGH | npm | |
NUGET-008 |
NuGet package published within the cooldown window | HIGH | NuGet | |
PYPI-008 |
Direct dependency was published within the cooldown window | HIGH | PyPI |
RD-4: Forge developer reputation
Evidenced by 4 checks across GitHub Actions.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
GHA-041 |
Action upstream repo has a single contributor | MEDIUM | GitHub Actions | |
GHA-042 |
Action upstream repo is newly created | MEDIUM | GitHub Actions | |
GHA-043 |
Low-star action runs with sensitive permissions | HIGH | GitHub Actions | |
GHA-047 |
Action ref resolves to a recently committed tag or SHA | MEDIUM | GitHub Actions |
RD-5: Compromised legitimate artifact
Evidenced by 14 checks across 13 providers (AWS, Azure DevOps, Bitbucket, CircleCI, Composer, GitHub Actions, GitLab CI, Jenkins, NuGet, PyPI, RubyGems, maven, npm).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-026 |
Pipeline contains indicators of malicious activity | CRITICAL | Azure DevOps | |
BB-025 |
Pipeline contains indicators of malicious activity | CRITICAL | Bitbucket | |
CB-011 |
CodeBuild buildspec contains indicators of malicious activity | CRITICAL | AWS | |
CC-026 |
Config contains indicators of malicious activity | CRITICAL | CircleCI | |
COMPOSER-007 |
composer.json requires a known-compromised package version | HIGH | Composer | |
GEM-006 |
Gemfile requires a known-compromised gem version | HIGH | RubyGems | |
GHA-040 |
Action reference matches a known-compromised SHA or tag | CRITICAL | GitHub Actions | |
GHA-096 |
Action reference has a known GHSA vulnerability | HIGH | GitHub Actions | |
GL-025 |
Pipeline contains indicators of malicious activity | CRITICAL | GitLab CI | |
JF-029 |
Jenkinsfile contains indicators of malicious activity | CRITICAL | Jenkins | |
MVN-006 |
pom.xml pins a known-compromised Maven Central artifact version | CRITICAL | maven | |
NPM-006 |
package-lock.json pins a known-compromised package version | CRITICAL | npm | |
NUGET-005 |
Known-compromised NuGet package version | CRITICAL | NuGet | |
PYPI-006 |
requirements.txt pins a known-compromised PyPI package version | CRITICAL | PyPI |
RD-6: Advertise malicious artifact
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
IA-1: Combosquatting
Evidenced by 1 check across GitHub Actions.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
GHA-088 |
Action uses: slug is a near-edit of a top-traffic action |
HIGH | GitHub Actions |
IA-2: Malicious IDE extension
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
IA-3: External user accounts
Evidenced by 1 check across SCM.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
SCM-027 |
Outside collaborator holds write / maintain / admin access | HIGH | SCM |
IA-4: Services / servers compromise
Evidenced by 6 checks across 5 providers (Azure DevOps, Bitbucket, CircleCI, GitHub Actions, GitLab CI).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-013 |
Self-hosted pool without explicit ephemeral marker | MEDIUM | Azure DevOps | |
BB-016 |
Self-hosted runner without ephemeral marker | MEDIUM | Bitbucket | |
CC-010 |
Self-hosted runner without ephemeral marker | MEDIUM | CircleCI | |
GHA-012 |
Self-hosted runner without ephemeral marker | MEDIUM | GitHub Actions | |
GHA-105 |
Self-hosted runner reachable from an untrusted PR trigger | HIGH | GitHub Actions | |
GL-014 |
Self-managed runner without ephemeral tag | MEDIUM | GitLab CI |
IA-5: Vulnerable CI/CD system
Evidenced by 14 checks across 12 providers (AWS, Argo Workflows, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, GitHub Actions, GitLab CI, Harness CI/CD, Jenkins, Tekton).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-015 |
Job has no timeoutInMinutes, unbounded build |
MEDIUM | Azure DevOps | 🔧 fix |
ARGO-007 |
Argo workflow has no activeDeadlineSeconds | LOW | Argo Workflows | |
BB-005 |
Step has no max-time, unbounded build |
MEDIUM | Bitbucket | 🔧 fix |
BK-006 |
Step has no timeout_in_minutes | LOW | Buildkite | |
CB-004 |
Build timeout missing or at the AWS maximum (480 min) | LOW | AWS | |
CB-005 |
Outdated managed build image | MEDIUM | AWS | |
CC-015 |
No no_output_timeout configured |
MEDIUM | CircleCI | 🔧 fix |
GCB-005 |
Build timeout unset or excessive | LOW | Cloud Build | 🔧 fix |
GHA-015 |
Job has no timeout-minutes, unbounded build |
MEDIUM | GitHub Actions | 🔧 fix |
GHA-068 |
runs-on: targets an end-of-life hosted-runner image |
MEDIUM | GitHub Actions | |
GL-015 |
Job has no timeout, unbounded build |
MEDIUM | GitLab CI | 🔧 fix |
HARNESS-019 |
Pipeline step lacks an explicit timeout | LOW | Harness CI/CD | |
JF-015 |
Pipeline has no timeout wrapper, unbounded build |
MEDIUM | Jenkins | 🔧 fix |
TKN-006 |
Tekton run lacks an explicit timeout | LOW | Tekton |
IA-6: Exposed storage
Evidenced by 6 checks across AWS.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
CA-003 |
CodeArtifact domain policy allows cross-account wildcard | CRITICAL | AWS | |
CCM-003 |
CodeCommit trigger targets SNS/Lambda in a different account | MEDIUM | AWS | |
ECR-003 |
Repository policy allows public access | CRITICAL | AWS | |
S3-001 |
Artifact bucket public access block not fully enabled | CRITICAL | AWS | |
S3-002 |
Artifact bucket server-side encryption not configured | HIGH | AWS | |
S3-003 |
Artifact bucket versioning not enabled | MEDIUM | AWS |
IA-7: Malicious module injection
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
IA-8: Exposed webhook
Evidenced by 1 check across AWS.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
EB-002 |
EventBridge rule has a wildcard target ARN | HIGH | AWS |
IA-9: Compromised token
Evidenced by 20 checks across 10 providers (AWS, Azure DevOps, Bitbucket, CircleCI, Cloud Build, GitHub Actions, GitLab CI, Jenkins, SCM, npm).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-014 |
AWS auth uses long-lived access keys | MEDIUM | Azure DevOps | 🔧 fix |
BB-011 |
AWS auth uses long-lived access keys | MEDIUM | Bitbucket | 🔧 fix |
BB-017 |
Repository token written to persistent storage | CRITICAL | Bitbucket | 🔧 fix |
CB-001 |
Secrets in plaintext environment variables | CRITICAL | AWS | |
CB-006 |
CodeBuild source auth uses long-lived token | HIGH | AWS | |
CC-019 |
add_ssh_keys without fingerprint restriction |
HIGH | CircleCI | |
CP-004 |
Legacy ThirdParty/GitHub source action (OAuth token) | HIGH | AWS | |
GCB-003 |
Secret Manager value referenced in step args | HIGH | Cloud Build | |
GCB-018 |
Legacy KMS secrets block in use (prefer availableSecrets / Secret Manager) | MEDIUM | Cloud Build | |
GHA-005 |
AWS auth uses long-lived access keys | MEDIUM | GitHub Actions | 🔧 fix |
GHA-019 |
GITHUB_TOKEN written to persistent storage | CRITICAL | GitHub Actions | 🔧 fix |
GHA-037 |
actions/checkout persists GITHUB_TOKEN into .git/config | HIGH | GitHub Actions | 🔧 fix |
GHA-054 |
actions/checkout with ssh-key persists SSH credential in repo | HIGH | GitHub Actions | 🔧 fix |
GL-013 |
AWS auth uses long-lived access keys | MEDIUM | GitLab CI | 🔧 fix |
GL-020 |
CI_JOB_TOKEN written to persistent storage | CRITICAL | GitLab CI | 🔧 fix |
IAM-007 |
IAM user has access key older than 90 days | HIGH | AWS | |
JF-004 |
AWS auth uses long-lived access keys via withCredentials | MEDIUM | Jenkins | 🔧 fix |
JF-010 |
Long-lived AWS keys exposed via environment {} block | HIGH | Jenkins | 🔧 fix |
NPM-012 |
.npmrc publish token lacks IP or readonly restriction | HIGH | npm | |
SCM-049 |
Classic PAT used where a fine-grained token suffices | MEDIUM | SCM |
IA-10: Vulnerable CI/CD plugins
Evidenced by 11 checks across 9 providers (Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, Dockerfile, GitHub Actions, GitLab CI, Jenkins).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-016 |
Remote script piped to shell interpreter | HIGH | Azure DevOps | 🔧 fix |
BB-012 |
Remote script piped to shell interpreter | HIGH | Bitbucket | 🔧 fix |
BK-004 |
Remote script piped into shell interpreter | HIGH | Buildkite | 🔧 fix |
CC-016 |
Remote script piped to shell interpreter | HIGH | CircleCI | 🔧 fix |
DF-004 |
RUN executes a remote script via curl-pipe / wget-pipe | HIGH | Dockerfile | |
GCB-010 |
Remote script piped to shell interpreter | HIGH | Cloud Build | |
GHA-016 |
Remote script piped to shell interpreter | HIGH | GitHub Actions | 🔧 fix |
GHA-040 |
Action reference matches a known-compromised SHA or tag | CRITICAL | GitHub Actions | |
GHA-096 |
Action reference has a known GHSA vulnerability | HIGH | GitHub Actions | |
GL-016 |
Remote script piped to shell interpreter | HIGH | GitLab CI | 🔧 fix |
JF-016 |
Remote script piped to shell interpreter | HIGH | Jenkins | 🔧 fix |
IA-11: Vulnerable CI/CD template
Evidenced by 70 checks across 21 providers (AWS, Argo Workflows, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, Dockerfile, Drone CI, GitHub Actions, GitLab CI, Harness CI/CD, Helm, Jenkins, Kubernetes, Modelfile, NuGet, PyPI, Tekton, maven, npm).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-001 |
Task reference not pinned to specific version | HIGH | Azure DevOps | 🔧 fix |
ADO-005 |
Container image not pinned to specific version | HIGH | Azure DevOps | |
ADO-009 |
Container image pinned by tag rather than sha256 digest | LOW | Azure DevOps | |
ADO-021 |
Package install without lockfile enforcement | MEDIUM | Azure DevOps | 🔧 fix |
ADO-025 |
Cross-repo template not pinned to commit SHA | HIGH | Azure DevOps | |
ARGO-001 |
Argo template container image not pinned to a digest | HIGH | Argo Workflows | |
BB-001 |
pipe: action not pinned to exact version | HIGH | Bitbucket | 🔧 fix |
BB-009 |
pipe: pinned by version rather than sha256 digest | LOW | Bitbucket | |
BB-021 |
Package install without lockfile enforcement | MEDIUM | Bitbucket | 🔧 fix |
BB-029 |
image: (step or service) not pinned by sha256 digest | HIGH | Bitbucket | |
BK-001 |
Buildkite plugin not pinned to an exact version | HIGH | Buildkite | |
CB-009 |
CodeBuild image not pinned by digest | MEDIUM | AWS | |
CC-001 |
Orb not pinned to exact semver | HIGH | CircleCI | 🔧 fix |
CC-003 |
Docker image not pinned by digest | HIGH | CircleCI | |
CC-021 |
Package install without lockfile enforcement | MEDIUM | CircleCI | 🔧 fix |
CC-029 |
Machine executor image not pinned | HIGH | CircleCI | |
DF-001 |
FROM image not pinned to sha256 digest | HIGH | Dockerfile | 🔧 fix |
DF-003 |
ADD pulls remote URL without integrity verification | HIGH | Dockerfile | |
DF-009 |
ADD used where COPY would suffice | LOW | Dockerfile | |
DF-010 |
apt-get dist-upgrade / upgrade pulls unknown package versions | LOW | Dockerfile | |
DF-031 |
COPY --from external image not pinned to sha256 digest | HIGH | Dockerfile | |
DR-001 |
Step image not pinned to a digest | HIGH | Drone CI | |
DR-005 |
Plugin step uses a floating image tag | HIGH | Drone CI | |
DR-008 |
Step uses pull: never (skips registry verification) |
MEDIUM | Drone CI | |
ECR-002 |
Image tags are mutable | HIGH | AWS | |
GCB-001 |
Cloud Build step image not pinned by digest | HIGH | Cloud Build | 🔧 fix |
GCB-004 |
dynamicSubstitutions on with user substitutions in step args | HIGH | Cloud Build | |
GHA-001 |
Action not pinned to commit SHA | HIGH | GitHub Actions | 🔧 fix |
GHA-021 |
Package install without lockfile enforcement | MEDIUM | GitHub Actions | 🔧 fix |
GHA-025 |
Reusable workflow not pinned to commit SHA | HIGH | GitHub Actions | |
GHA-051 |
services / container image is not pinned by digest | HIGH | GitHub Actions | |
GHA-089 |
Action upstream repo is archived | MEDIUM | GitHub Actions | |
GHA-090 |
Action SHA pin references a commit absent from the claimed repo | HIGH | GitHub Actions | |
GHA-094 |
Action SHA pin matches the current tip of an upstream branch | MEDIUM | GitHub Actions | |
GHA-095 |
Action SHA pin does not match its version comment | HIGH | GitHub Actions | |
GL-001 |
Image not pinned to specific version or digest | HIGH | GitLab CI | 🔧 fix |
GL-005 |
include: pulls remote / project without pinned ref | HIGH | GitLab CI | |
GL-009 |
Image pinned to version tag rather than sha256 digest | LOW | GitLab CI | |
GL-021 |
Package install without lockfile enforcement | MEDIUM | GitLab CI | 🔧 fix |
GL-028 |
services: image not pinned | HIGH | GitLab CI | |
GL-042 |
include: component pulls a CI/CD component without a pinned version | HIGH | GitLab CI | |
HARNESS-001 |
Step image not pinned to a digest | HIGH | Harness CI/CD | |
HELM-001 |
Chart.yaml declares legacy apiVersion: v1 | MEDIUM | Helm | 🔧 fix |
HELM-004 |
Chart dependency version is a range, not an exact pin | MEDIUM | Helm | |
HELM-008 |
Chart.lock generated more than 90 days ago | MEDIUM | Helm | |
JF-001 |
Shared library not pinned to a tag or commit | HIGH | Jenkins | |
JF-009 |
Agent docker image not pinned to sha256 digest | HIGH | Jenkins | |
JF-021 |
Package install without lockfile enforcement | MEDIUM | Jenkins | 🔧 fix |
K8S-036 |
ServiceAccount imagePullSecrets references missing Secret | MEDIUM | Kubernetes | |
MODEL-001 |
Base model pulled without a pinned reference | MEDIUM | Modelfile | |
MODEL-002 |
Base model pulled from a third-party hub | MEDIUM | Modelfile | |
MODEL-003 |
Base model loaded from a local unverified weights blob | LOW | Modelfile | |
MODEL-004 |
LoRA adapter applied from a remote source | MEDIUM | Modelfile | |
MODEL-005 |
Vendored model config declares custom loader code (auto_map) | MEDIUM | Modelfile | |
MVN-001 |
pom.xml dependency uses a floating version range | MEDIUM | maven | |
MVN-002 |
pom.xml depends on a mutable SNAPSHOT version | MEDIUM | maven | |
MVN-004 |
pom.xml dependency omits an explicit <version> |
MEDIUM | maven | |
MVN-005 |
Maven repository accepts artifacts without strict checksum gating | MEDIUM | maven | |
NPM-001 |
package.json dependency uses a floating version range | MEDIUM | npm | |
NPM-002 |
package-lock.json entry missing integrity hash | HIGH | npm | |
NUGET-001 |
Floating NuGet version range | MEDIUM | NuGet | |
NUGET-002 |
Wildcard prerelease NuGet version | MEDIUM | NuGet | |
NUGET-003 |
PackageReference missing explicit version | MEDIUM | NuGet | |
NUGET-006 |
No NuGet lock file for reproducible restores | MEDIUM | NuGet | |
PYPI-001 |
requirements.txt entry missing an exact version pin | MEDIUM | PyPI | |
PYPI-002 |
requirements.txt missing hash pinning (--require-hashes / --hash=) | HIGH | PyPI | |
PYPI-004 |
requirements.txt VCS dependency uses a mutable ref | HIGH | PyPI | |
PYPI-015 |
requirements.txt installs from a direct artifact URL | HIGH | PyPI | |
TKN-001 |
Tekton step image not pinned to a digest | HIGH | Tekton | |
TKN-016 |
Remote resolver taskRef / pipelineRef not pinned to an immutable revision | HIGH | Tekton |
IA-12: Exposed internal API
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
IA-13: Vulnerability in third-party dependency
Evidenced by 52 checks across 20 providers (AWS, Argo Workflows, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, Composer, Drone CI, GitHub Actions, GitLab CI, Harness CI/CD, Jenkins, NuGet, PyPI, RubyGems, SCM, Tekton, maven, npm).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-020 |
No vulnerability scanning step | MEDIUM | Azure DevOps | |
ADO-022 |
Dependency update command bypasses lockfile pins | MEDIUM | Azure DevOps | 🔧 fix |
ADO-028 |
Package install bypasses registry integrity (git / path / tarball source) | MEDIUM | Azure DevOps | |
ARGO-012 |
No vulnerability scanning step | MEDIUM | Argo Workflows | |
ARGO-014 |
Argo template script runs unpinned package install | MEDIUM | Argo Workflows | |
BB-015 |
No vulnerability scanning step | MEDIUM | Bitbucket | |
BB-022 |
Dependency update command bypasses lockfile pins | MEDIUM | Bitbucket | 🔧 fix |
BB-027 |
Package install bypasses registry integrity (git / path / tarball source) | MEDIUM | Bitbucket | |
BB-030 |
npm install without registry-signature verification step | MEDIUM | Bitbucket | |
BB-031 |
pip install without --require-hashes verification |
MEDIUM | Bitbucket | |
BK-012 |
No vulnerability scanning step | MEDIUM | Buildkite | |
BK-014 |
Step commands run unpinned package installs | MEDIUM | Buildkite | |
CC-020 |
No vulnerability scanning step | MEDIUM | CircleCI | |
CC-022 |
Dependency update command bypasses lockfile pins | MEDIUM | CircleCI | 🔧 fix |
CC-028 |
Package install bypasses registry integrity (git / path / tarball source) | MEDIUM | CircleCI | |
COMPOSER-007 |
composer.json requires a known-compromised package version | HIGH | Composer | |
DR-010 |
Step commands run unpinned package installs | MEDIUM | Drone CI | |
DR-022 |
No vulnerability-scan step (trivy / grype / snyk) | MEDIUM | Drone CI | |
ECR-001 |
Image scanning on push not enabled | HIGH | AWS | |
ECR-007 |
Inspector v2 enhanced scanning disabled for ECR | MEDIUM | AWS | |
GCB-008 |
No vulnerability scanning step in Cloud Build pipeline | MEDIUM | Cloud Build | |
GEM-006 |
Gemfile requires a known-compromised gem version | HIGH | RubyGems | |
GHA-020 |
No vulnerability scanning step | MEDIUM | GitHub Actions | |
GHA-022 |
Dependency update command bypasses lockfile pins | MEDIUM | GitHub Actions | 🔧 fix |
GHA-029 |
Package install bypasses registry integrity (git / path / tarball source) | MEDIUM | GitHub Actions | |
GHA-059 |
npm install without registry-signature verification step | MEDIUM | GitHub Actions | |
GHA-060 |
pip install without --require-hashes verification |
MEDIUM | GitHub Actions | |
GL-019 |
No vulnerability scanning step | MEDIUM | GitLab CI | |
GL-022 |
Dependency update command bypasses lockfile pins | MEDIUM | GitLab CI | 🔧 fix |
GL-027 |
Package install bypasses registry integrity (git / path / tarball source) | MEDIUM | GitLab CI | |
GL-034 |
npm install without registry-signature verification step | MEDIUM | GitLab CI | |
GL-035 |
pip install without --require-hashes verification |
MEDIUM | GitLab CI | |
HARNESS-018 |
No vulnerability-scan step (trivy / grype / snyk) | MEDIUM | Harness CI/CD | |
JF-020 |
No vulnerability scanning step | MEDIUM | Jenkins | |
JF-022 |
Dependency update command bypasses lockfile pins | MEDIUM | Jenkins | 🔧 fix |
JF-031 |
Package install bypasses registry integrity (git / path / tarball source) | MEDIUM | Jenkins | |
MVN-006 |
pom.xml pins a known-compromised Maven Central artifact version | CRITICAL | maven | |
MVN-008 |
Direct dependency was published within the cooldown window | HIGH | maven | |
MVN-009 |
Maven artifact has a known OSV advisory | CRITICAL | maven | |
NPM-006 |
package-lock.json pins a known-compromised package version | CRITICAL | npm | |
NPM-008 |
Direct dependency was published within the cooldown window | HIGH | npm | |
NPM-009 |
New transitive dependency added since the base ref | HIGH | npm | |
NPM-010 |
npm package has a known OSV advisory | CRITICAL | npm | |
NUGET-005 |
Known-compromised NuGet package version | CRITICAL | NuGet | |
NUGET-008 |
NuGet package published within the cooldown window | HIGH | NuGet | |
NUGET-009 |
NuGet package has a known OSV advisory | CRITICAL | NuGet | |
PYPI-006 |
requirements.txt pins a known-compromised PyPI package version | CRITICAL | PyPI | |
PYPI-008 |
Direct dependency was published within the cooldown window | HIGH | PyPI | |
PYPI-009 |
PyPI package has a known OSV advisory | CRITICAL | PyPI | |
SCM-005 |
Dependabot security updates are not enabled | MEDIUM | SCM | |
TKN-012 |
No vulnerability scanning step | MEDIUM | Tekton | |
TKN-014 |
Tekton step script runs unpinned package install | MEDIUM | Tekton |
IA-14: Compromised developer workstation
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
IA-15: Exposed database
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
IA-16: Compromised service account
Evidenced by 10 checks across 3 providers (AWS, Cloud Build, Terraform).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
GCB-020 |
serviceAccount points at the default Cloud Build service account | HIGH | Cloud Build | |
IAM-001 |
CI/CD role has AdministratorAccess policy attached | CRITICAL | AWS | |
IAM-002 |
CI/CD role has wildcard Action in attached policy | HIGH | AWS | |
IAM-003 |
CI/CD role has no permission boundary | MEDIUM | AWS | |
IAM-004 |
CI/CD role can PassRole to any role | HIGH | AWS | |
IAM-005 |
CI/CD role trust policy missing sts:ExternalId | HIGH | AWS | |
IAM-006 |
Sensitive actions granted with wildcard Resource | MEDIUM | AWS | |
IAM-008 |
OIDC-federated role trust policy missing audience or subject pin | HIGH | AWS | |
IAM-009 |
Azure federated identity credential trusts a broad GitHub subject | HIGH | Terraform | |
IAM-010 |
GCP workload identity provider has no repository attribute condition | HIGH | Terraform |
IA-17: Dependency confusion
Evidenced by 8 checks across 5 providers (AWS, NuGet, PyPI, maven, npm).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
CA-002 |
CodeArtifact repository has a public external connection | HIGH | AWS | |
ECR-006 |
ECR pull-through cache rule uses an untrusted upstream | HIGH | AWS | |
MVN-007 |
settings.xml mirror routes external traffic through one repo | MEDIUM | maven | |
NPM-003 |
package-lock.json entry resolves from a non-registry source | HIGH | npm | |
NUGET-007 |
Multiple NuGet sources without packageSourceMapping | HIGH | NuGet | |
PYPI-005 |
requirements.txt declares --extra-index-url (dependency-confusion surface) | HIGH | PyPI | |
PYPI-016 |
requirements.txt repoints the primary index at a non-PyPI host | HIGH | PyPI | |
PYPI-017 |
requirements.txt uses a remote --find-links source | MEDIUM | PyPI |
IA-18: Permissive network access
Evidenced by 10 checks across 5 providers (AWS, CloudFormation, Dockerfile, Kubernetes, Terraform).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
CF-003 |
CodeBuild project's VPC contains a public subnet | HIGH | CloudFormation | |
DF-013 |
EXPOSE declares sensitive remote-access port | CRITICAL | Dockerfile | 🔧 fix |
K8S-026 |
LoadBalancer Service has no loadBalancerSourceRanges | HIGH | Kubernetes | |
K8S-027 |
Ingress has no TLS configuration | MEDIUM | Kubernetes | |
K8S-032 |
Namespace lacks default-deny NetworkPolicy | MEDIUM | Kubernetes | |
K8S-038 |
NetworkPolicy ingress / egress allows all sources or destinations | MEDIUM | Kubernetes | |
K8S-041 |
Service.externalIPs allows traffic interception (CVE-2020-8554) | HIGH | Kubernetes | |
K8S-043 |
Ingress rule has wildcard or missing host (catch-all) | MEDIUM | Kubernetes | |
PBAC-001 |
CodeBuild project has no VPC configuration | HIGH | AWS | |
TF-003 |
CodeBuild VPC config references a public subnet | HIGH | Terraform |
IA-19: Repojacking
Evidenced by 2 checks across GitHub Actions.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
GHA-090 |
Action SHA pin references a commit absent from the claimed repo | HIGH | GitHub Actions | |
GHA-091 |
Action upstream repo is missing (takeover-eligible namespace) | HIGH | GitHub Actions |
IA-20: Compromised user account
Evidenced by 4 checks across 2 providers (GitHub Actions, SCM).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
GHA-034 |
Reusable workflow called with secrets: inherit | MEDIUM | GitHub Actions | 🔧 fix |
GHA-116 |
Workflow serializes the entire secrets context (toJSON(secrets)) | HIGH | GitHub Actions | |
SCM-020 |
Default workflow GITHUB_TOKEN has write permission | HIGH | SCM | |
SCM-025 |
Repo has write-enabled deploy keys (push backdoor) | HIGH | SCM |
IA-21: Typosquatting
Evidenced by 1 check across GitHub Actions.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
GHA-088 |
Action uses: slug is a near-edit of a top-traffic action |
HIGH | GitHub Actions |
IA-22: Weak authentication methods
Evidenced by 13 checks across 5 providers (Azure DevOps, Bitbucket, CircleCI, GitHub Actions, GitLab CI).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-029 |
Service-connection-using job without environment or branch gate | HIGH | Azure DevOps | |
BB-028 |
OIDC step without deployment-gated environment | HIGH | Bitbucket | |
CC-031 |
OIDC role assumption without branch filter or approval gate | HIGH | CircleCI | |
GHA-030 |
OIDC token requested without environment-protected job | HIGH | GitHub Actions | |
GHA-050 |
Publish step relies on long-lived registry token | HIGH | GitHub Actions | |
GHA-062 |
OIDC subject claim in sibling IaC grants overly broad scope | HIGH | GitHub Actions | |
GHA-069 |
id-token: write granted without an OIDC-consumer step |
MEDIUM | GitHub Actions | |
GHA-113 |
OIDC trusted-publishing job without an environment gate | HIGH | GitHub Actions | |
GHA-114 |
Package-publish workflow runs on an unrestricted push trigger | HIGH | GitHub Actions | |
GHA-115 |
id-token: write granted workflow-wide instead of job-scoped |
MEDIUM | GitHub Actions | |
GL-031 |
id_tokens: missing audience pin or environment binding | HIGH | GitLab CI | |
GL-040 |
CI_JOB_TOKEN used for cross-project / remote access | HIGH | GitLab CI | |
GL-050 |
Package-publish job relies on a long-lived registry token | HIGH | GitLab CI |
IA-23: Brandjacking
Evidenced by 1 check across GitHub Actions.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
GHA-088 |
Action uses: slug is a near-edit of a top-traffic action |
HIGH | GitHub Actions |
IA-24: Shadow IT
Evidenced by 2 checks across 2 providers (GitHub Actions, SCM).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
GHA-018 |
Package install from insecure source | HIGH | GitHub Actions | 🔧 fix |
SCM-022 |
Repo Actions permissions allow any source (no allow-list) | MEDIUM | SCM |
EX-1: Installation scripts
Evidenced by 15 checks across 11 providers (Argo CD, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, Dockerfile, GitHub Actions, GitLab CI, Jenkins, npm).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-016 |
Remote script piped to shell interpreter | HIGH | Azure DevOps | 🔧 fix |
ARGOCD-008 |
Argo CD Application invokes a config-management plugin | MEDIUM | Argo CD | |
ARGOCD-015 |
Argo CD Kustomize build options enable the Helm plugin | HIGH | Argo CD | |
BB-012 |
Remote script piped to shell interpreter | HIGH | Bitbucket | 🔧 fix |
BK-004 |
Remote script piped into shell interpreter | HIGH | Buildkite | 🔧 fix |
CC-016 |
Remote script piped to shell interpreter | HIGH | CircleCI | 🔧 fix |
DF-004 |
RUN executes a remote script via curl-pipe / wget-pipe | HIGH | Dockerfile | |
DF-022 |
RUN uses npm install instead of npm ci | MEDIUM | Dockerfile | |
DF-024 |
RUN npm/yarn/pnpm install runs lifecycle scripts | HIGH | Dockerfile | |
GCB-010 |
Remote script piped to shell interpreter | HIGH | Cloud Build | |
GHA-016 |
Remote script piped to shell interpreter | HIGH | GitHub Actions | 🔧 fix |
GL-016 |
Remote script piped to shell interpreter | HIGH | GitLab CI | 🔧 fix |
JF-016 |
Remote script piped to shell interpreter | HIGH | Jenkins | 🔧 fix |
NPM-004 |
package.json declares an install-time lifecycle script | HIGH | npm | |
NPM-007 |
.npmrc does not disable install-time lifecycle scripts | HIGH | npm |
EX-2: Runtime logic bomb
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
EX-3: IDE
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
EX-4: Runtime backdoor
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
EX-5: Package manager
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
EX-6: Command injection
Evidenced by 84 checks across 14 providers (Argo CD, Argo Workflows, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, Dockerfile, Drone CI, GitHub Actions, GitLab CI, Harness CI/CD, Jenkins, Tekton).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-002 |
Script injection via attacker-controllable context | HIGH | Azure DevOps | |
ADO-012 |
Cache@2 key derives from $(System.PullRequest.*) | MEDIUM | Azure DevOps | |
ADO-027 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Azure DevOps | |
ADO-030 |
pool interpolates attacker-controllable value | HIGH | Azure DevOps | 🔧 fix |
ADO-034 |
ML model loaded with trust_remote_code (code execution) | HIGH | Azure DevOps | |
ADO-035 |
Untrusted PR/commit context reaches an agentic AI CLI (prompt injection) | HIGH | Azure DevOps | |
ADO-036 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | Azure DevOps | |
ARGO-005 |
Argo input parameter interpolated unsafely in script / args | CRITICAL | Argo Workflows | |
ARGO-017 |
Argo resource template applies a manifest built from an untrusted parameter | CRITICAL | Argo Workflows | |
ARGO-019 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Argo Workflows | |
ARGOCD-007 |
Argo CD Helm parameters interpolate generator output without goTemplate | HIGH | Argo CD | |
BB-002 |
Script injection via attacker-controllable context | HIGH | Bitbucket | |
BB-018 |
Cache key derives from attacker-controllable input | MEDIUM | Bitbucket | |
BB-026 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Bitbucket | |
BB-035 |
ML model loaded with trust_remote_code (code execution) | HIGH | Bitbucket | |
BB-036 |
Untrusted PR/branch context reaches an agentic AI CLI (prompt injection) | HIGH | Bitbucket | |
BB-037 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | Bitbucket | |
BK-003 |
Untrusted Buildkite variable interpolated in command | HIGH | Buildkite | |
BK-015 |
agents map interpolates attacker-controllable Buildkite variable | HIGH | Buildkite | |
BK-016 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Buildkite | |
CC-002 |
Script injection via untrusted environment variable | HIGH | CircleCI | |
CC-025 |
Cache key derives from attacker-controllable input | MEDIUM | CircleCI | |
CC-027 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | CircleCI | |
CC-034 |
ML model loaded with trust_remote_code (code execution) | HIGH | CircleCI | |
CC-036 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | CircleCI | |
CC-037 |
Untrusted PR/build context reaches an agentic AI CLI (prompt injection) | HIGH | CircleCI | |
DF-005 |
RUN uses shell-eval (eval / sh -c on a variable / backticks) | HIGH | Dockerfile | |
DR-003 |
Untrusted Drone template variable in shell command | HIGH | Drone CI | |
DR-009 |
Cache plugin key embeds an attacker-controllable Drone variable | HIGH | Drone CI | |
DR-011 |
node map interpolates attacker-controllable Drone variable | HIGH | Drone CI | |
DR-017 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Drone CI | |
GCB-006 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Cloud Build | |
GCB-019 |
Shell entrypoint inlines a user substitution into args | HIGH | Cloud Build | |
GCB-022 |
options.substitutionOption set to ALLOW_LOOSE | LOW | Cloud Build | 🔧 fix |
GCB-023 |
Step references a user substitution not declared in substitutions: | MEDIUM | Cloud Build | |
GHA-002 |
pull_request_target checks out PR head | CRITICAL | GitHub Actions | 🔧 fix |
GHA-003 |
Script injection via untrusted context | HIGH | GitHub Actions | 🔧 fix |
GHA-011 |
Cache key derives from attacker-controllable input | MEDIUM | GitHub Actions | |
GHA-027 |
Workflow contains indicators of malicious activity | CRITICAL | GitHub Actions | |
GHA-028 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | GitHub Actions | |
GHA-031 |
Workflow uses retired set-output / save-state command | HIGH | GitHub Actions | 🔧 fix |
GHA-035 |
github-script step interpolates untrusted context | HIGH | GitHub Actions | |
GHA-036 |
runs-on interpolates untrusted context | HIGH | GitHub Actions | 🔧 fix |
GHA-038 |
Workflow re-enables retired ::set-env / ::add-path commands | CRITICAL | GitHub Actions | |
GHA-052 |
actions/cache key includes untrusted PR-controllable input | HIGH | GitHub Actions | |
GHA-053 |
if: predicate evaluates attacker-controllable context as expression | HIGH | GitHub Actions | |
GHA-063 |
if: predicate gates on a spoofable bot-actor comparison |
HIGH | GitHub Actions | |
GHA-064 |
contains() invoked with comma-delimited string operand |
HIGH | GitHub Actions | |
GHA-117 |
IaC apply on an untrusted pull_request trigger | CRITICAL | GitHub Actions | |
GHA-118 |
Untrusted content written to $GITHUB_ENV / $GITHUB_PATH | HIGH | GitHub Actions | |
GHA-119 |
Untrusted context reaches an agentic AI CLI (prompt injection) | HIGH | GitHub Actions | |
GHA-120 |
ML model loaded with trust_remote_code (code execution) | HIGH | GitHub Actions | |
GHA-122 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | GitHub Actions | |
GL-002 |
Script injection via untrusted commit/MR context | HIGH | GitLab CI | |
GL-012 |
Cache key derives from MR-controlled CI variable | MEDIUM | GitLab CI | |
GL-026 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | GitLab CI | |
GL-032 |
tags: interpolates untrusted CI variable | HIGH | GitLab CI | 🔧 fix |
GL-033 |
Global before_script / after_script propagates taint to every job | HIGH | GitLab CI | |
GL-041 |
IaC apply on an untrusted merge-request trigger | CRITICAL | GitLab CI | |
GL-045 |
ML model loaded with trust_remote_code (code execution) | HIGH | GitLab CI | |
GL-047 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | GitLab CI | |
GL-048 |
Untrusted MR/commit context reaches an agentic AI CLI (prompt injection) | HIGH | GitLab CI | |
HARNESS-002 |
Untrusted Harness expression interpolated into a step command | HIGH | Harness CI/CD | |
HARNESS-008 |
Untrusted context reaches an agentic AI CLI (prompt injection) | HIGH | Harness CI/CD | |
HARNESS-010 |
ML model loaded with trust_remote_code (code execution) | HIGH | Harness CI/CD | |
HARNESS-011 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | Harness CI/CD | |
HARNESS-014 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Harness CI/CD | |
JF-002 |
Script step interpolates attacker-controllable env var | HIGH | Jenkins | |
JF-030 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Jenkins | |
JF-032 |
Agent label interpolates attacker-controllable value | HIGH | Jenkins | 🔧 fix |
JF-037 |
Untrusted PR/build context reaches an agentic AI CLI (prompt injection) | HIGH | Jenkins | |
JF-039 |
ML model loaded with trust_remote_code (code execution) | HIGH | Jenkins | |
JF-041 |
Unsafe deserialization of a fetched artifact (pickle RCE) | HIGH | Jenkins | |
TAINT-001 |
Untrusted input flows across step boundaries via step outputs | HIGH | GitHub Actions | |
TAINT-002 |
Untrusted input flows across jobs via jobs.<id>.outputs: |
HIGH | GitHub Actions | |
TAINT-003 |
Untrusted input forwarded into reusable workflow with: |
HIGH | GitHub Actions | |
TAINT-004 |
Untrusted input flows across jobs via dotenv artifact | HIGH | GitLab CI | |
TAINT-005 |
Untrusted input flows across steps via buildkite-agent meta-data |
HIGH | Buildkite | |
TAINT-006 |
Untrusted input flows across tasks via Tekton results |
HIGH | Tekton | |
TAINT-007 |
Untrusted input flows across templates via Argo outputs.parameters |
HIGH | Argo Workflows | |
TAINT-008 |
Untrusted input flows via GitLab extends: template inheritance |
HIGH | GitLab CI | |
TKN-003 |
Tekton param interpolated unsafely in step script | CRITICAL | Tekton | |
TKN-015 |
Workspace subPath interpolates a Task parameter (path traversal) | HIGH | Tekton | |
TKN-018 |
Dangerous shell idiom (eval, sh -c variable, backtick exec) | HIGH | Tekton |
EX-7: SQL injection
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
EX-8: Cross-site scripting
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
EX-9: Malicious artifact execution
Evidenced by 5 checks across 5 providers (Azure DevOps, Bitbucket, GitHub Actions, GitLab CI, Jenkins).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-010 |
Cross-pipeline download: ingestion unverified |
CRITICAL | Azure DevOps | |
BB-010 |
Deploy step ingests pull-request artifact unverified | CRITICAL | Bitbucket | |
GHA-009 |
workflow_run downloads upstream artifact unverified | CRITICAL | GitHub Actions | |
GL-010 |
Multi-project pipeline ingests upstream artifact unverified | CRITICAL | GitLab CI | |
JF-013 |
copyArtifacts ingests another job's output unverified | CRITICAL | Jenkins |
EX-10: Cloud workload
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
EX-11: Auto merge rules in SCM
Evidenced by 2 checks across SCM.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
SCM-021 |
Actions can approve pull requests (self-approval bypass) | HIGH | SCM | |
SCM-031 |
Repo allows auto-merge (no human-timing gate) | MEDIUM | SCM |
EX-12: Trigger pipeline execution
Evidenced by 22 checks across 7 providers (AWS, Argo CD, Azure DevOps, CircleCI, GitHub Actions, GitLab CI, Jenkins).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-019 |
extends: template on PR-validated pipeline points to local path |
CRITICAL | Azure DevOps | |
ARGOCD-006 |
Argo CD ApplicationSet PR/SCM generator without project allowlist | HIGH | Argo CD | |
CB-007 |
CodeBuild webhook has no filter group | MEDIUM | AWS | |
CB-008 |
CodeBuild buildspec is inline (not sourced from a protected repo) | HIGH | AWS | |
CB-010 |
CodeBuild webhook allows fork-PR builds without actor filtering | HIGH | AWS | |
CC-012 |
Dynamic config via setup: true enables code injection |
MEDIUM | CircleCI | |
CP-003 |
Source stage using polling instead of event-driven trigger | LOW | AWS | |
CP-007 |
CodePipeline v2 PR trigger accepts all branches | HIGH | AWS | |
GHA-010 |
Local action (./path) on untrusted-trigger workflow | HIGH | GitHub Actions | |
GHA-013 |
issue_comment trigger without author guard | HIGH | GitHub Actions | |
GHA-032 |
run: invokes local script on untrusted-trigger workflow | CRITICAL | GitHub Actions | |
GHA-044 |
Build tool runs lifecycle scripts on untrusted-trigger workflow | HIGH | GitHub Actions | |
GHA-045 |
Caller-controlled ref input feeds actions/checkout | HIGH | GitHub Actions | |
GHA-046 |
Manual PR-head fetch on untrusted-trigger workflow | CRITICAL | GitHub Actions | |
GHA-058 |
Agentic CLI invoked with permission-bypass flags | HIGH | GitHub Actions | |
GHA-071 |
shell: pwsh / powershell on a Linux / macOS step |
LOW | GitHub Actions | |
GHA-102 |
actions/checkout with submodule fetch on a PR trigger |
HIGH | GitHub Actions | |
GHA-103 |
AI code-review bot on untrusted trigger without environment gate | CRITICAL | GitHub Actions | |
GHA-104 |
AI agent generates and pushes commits without PR review | HIGH | GitHub Actions | |
GL-011 |
include: local file pulled in MR-triggered pipeline | HIGH | GitLab CI | |
JF-012 |
load step pulls Groovy from disk without integrity pin |
MEDIUM | Jenkins | |
JF-019 |
Groovy sandbox escape pattern detected | CRITICAL | Jenkins |
PER-1: Recursive PR
Evidenced by 3 checks across 2 providers (GitHub Actions, SCM).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
GHA-048 |
Workflow step writes a file under .github/workflows/ | CRITICAL | GitHub Actions | |
GHA-097 |
Recursive PR auto-merge loop | HIGH | GitHub Actions | |
SCM-031 |
Repo allows auto-merge (no human-timing gate) | MEDIUM | SCM |
PER-2: Deploy keys
Evidenced by 1 check across SCM.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
SCM-025 |
Repo has write-enabled deploy keys (push backdoor) | HIGH | SCM |
PER-3: Backdoor in code
Evidenced by 4 checks across GitHub Actions.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
GHA-048 |
Workflow step writes a file under .github/workflows/ | CRITICAL | GitHub Actions | |
GHA-049 |
Workflow step makes a privileged git write (cross-repo or actions[bot] bypass) | HIGH | GitHub Actions | |
GHA-056 |
Workflow body contains a known supply-chain worm indicator | CRITICAL | GitHub Actions | |
GHA-065 |
Workflow body contains zero-width or bidi Unicode characters | CRITICAL | GitHub Actions |
PER-4: Add user
Evidenced by 1 check across SCM.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
SCM-030 |
Repository ruleset has bypass actor with bypass_mode: always | HIGH | SCM |
PER-5: Untagged resources
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
PER-6: Scheduled task / job on self-hosted runner
Evidenced by 8 checks across 6 providers (Azure DevOps, Bitbucket, CircleCI, GitHub Actions, GitLab CI, Jenkins).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-013 |
Self-hosted pool without explicit ephemeral marker | MEDIUM | Azure DevOps | |
BB-016 |
Self-hosted runner without ephemeral marker | MEDIUM | Bitbucket | |
CC-010 |
Self-hosted runner without ephemeral marker | MEDIUM | CircleCI | |
GHA-012 |
Self-hosted runner without ephemeral marker | MEDIUM | GitHub Actions | |
GHA-105 |
Self-hosted runner reachable from an untrusted PR trigger | HIGH | GitHub Actions | |
GHA-112 |
Self-hosted deploy job not gated by a protected environment | HIGH | GitHub Actions | |
GL-014 |
Self-managed runner without ephemeral tag | MEDIUM | GitLab CI | |
JF-014 |
Agent label missing ephemeral marker | MEDIUM | Jenkins |
PER-7: Implant in zombie instance
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
PER-8: Create access token
Evidenced by 5 checks across 2 providers (AWS, GitHub Actions).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
CP-004 |
Legacy ThirdParty/GitHub source action (OAuth token) | HIGH | AWS | |
GHA-055 |
Reusable workflow outputs derive a secret or caller-input value | HIGH | GitHub Actions | |
GHA-061 |
GitHub App token minted without a permissions: filter |
MEDIUM | GitHub Actions | |
GHA-106 |
AI agent CLI runs with a write-scoped GITHUB_TOKEN | HIGH | GitHub Actions | |
GHA-111 |
AI agent generates IaC applied to the cloud in the same job | HIGH | GitHub Actions |
PE-1: Inject malicious dependency to privileged user repository
Evidenced by 7 checks across 2 providers (Argo CD, GitHub Actions).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ARGOCD-006 |
Argo CD ApplicationSet PR/SCM generator without project allowlist | HIGH | Argo CD | |
GHA-002 |
pull_request_target checks out PR head | CRITICAL | GitHub Actions | 🔧 fix |
GHA-044 |
Build tool runs lifecycle scripts on untrusted-trigger workflow | HIGH | GitHub Actions | |
GHA-045 |
Caller-controlled ref input feeds actions/checkout | HIGH | GitHub Actions | |
GHA-046 |
Manual PR-head fetch on untrusted-trigger workflow | CRITICAL | GitHub Actions | |
GHA-092 |
PR head SHA captured then re-fetched (force-push race) | HIGH | GitHub Actions | |
GHA-102 |
actions/checkout with submodule fetch on a PR trigger |
HIGH | GitHub Actions |
PE-2: Runners / agents running with high user privileges
Evidenced by 47 checks across 15 providers (AWS, Argo Workflows, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, Dockerfile, Drone CI, GitHub Actions, GitLab CI, Harness CI/CD, Jenkins, Kubernetes, Tekton).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-017 |
Docker run with insecure flags (privileged/host mount) | CRITICAL | Azure DevOps | 🔧 fix |
ARGO-002 |
Argo template container runs privileged or as root | HIGH | Argo Workflows | |
ARGO-004 |
Argo workflow mounts hostPath or shares host namespaces | CRITICAL | Argo Workflows | |
BB-013 |
Docker run with insecure flags (privileged/host mount) | CRITICAL | Bitbucket | 🔧 fix |
BK-005 |
Container started with --privileged or host-bind escalation | HIGH | Buildkite | 🔧 fix |
CB-002 |
Privileged mode enabled | HIGH | AWS | |
CC-014 |
Job missing resource_class declaration |
MEDIUM | CircleCI | |
CC-017 |
Docker run with insecure flags (privileged/host mount) | CRITICAL | CircleCI | 🔧 fix |
DF-002 |
Container runs as root (missing or root USER directive) | HIGH | Dockerfile | 🔧 fix |
DF-008 |
RUN invokes docker --privileged or escalates capabilities | HIGH | Dockerfile | |
DF-012 |
RUN invokes sudo | HIGH | Dockerfile | |
DF-014 |
WORKDIR set to a system / kernel filesystem path | CRITICAL | Dockerfile | |
DF-015 |
RUN grants world-writable permissions (chmod 777 / a+w) | MEDIUM | Dockerfile | |
DF-017 |
ENV PATH prepends a world-writable directory | MEDIUM | Dockerfile | 🔧 fix |
DF-018 |
RUN chown rewrites ownership of a system path | MEDIUM | Dockerfile | |
DR-002 |
Step runs with privileged: true | HIGH | Drone CI | |
DR-007 |
Step mounts a sensitive host path | HIGH | Drone CI | |
GCB-016 |
Step dir field contains parent-directory escape (..) | MEDIUM | Cloud Build | |
GCB-021 |
No private worker pool, build runs on the shared default pool | MEDIUM | Cloud Build | 🔧 fix |
GHA-017 |
Docker run with insecure flags (privileged/host mount) | CRITICAL | GitHub Actions | 🔧 fix |
GHA-026 |
Container job disables isolation via options: |
HIGH | GitHub Actions | |
GHA-107 |
harden-runner runs in audit mode (egress not blocked) | MEDIUM | GitHub Actions | |
GHA-108 |
Sensitive workflow has no runtime egress control | LOW | GitHub Actions | |
GHA-109 |
harden-runner is not the first step in the job | LOW | GitHub Actions | |
GL-017 |
Docker run with insecure flags (privileged/host mount) | CRITICAL | GitLab CI | 🔧 fix |
GL-039 |
Docker-in-Docker service exposes an unauthenticated daemon | HIGH | GitLab CI | |
HARNESS-003 |
Step runs with privileged: true | HIGH | Harness CI/CD | |
HARNESS-007 |
Stage infrastructure mounts a sensitive host path | HIGH | Harness CI/CD | |
JF-003 |
Pipeline uses agent any (no executor isolation) |
MEDIUM | Jenkins | |
JF-017 |
Docker run with insecure flags (privileged/host mount) | CRITICAL | Jenkins | 🔧 fix |
JF-025 |
Kubernetes agent pod template runs privileged or mounts hostPath | HIGH | Jenkins | |
K8S-002 |
Pod hostNetwork: true | HIGH | Kubernetes | 🔧 fix |
K8S-003 |
Pod hostPID: true | HIGH | Kubernetes | 🔧 fix |
K8S-004 |
Pod hostIPC: true | HIGH | Kubernetes | 🔧 fix |
K8S-005 |
Container securityContext.privileged: true | CRITICAL | Kubernetes | 🔧 fix |
K8S-006 |
Container allowPrivilegeEscalation not explicitly false | HIGH | Kubernetes | 🔧 fix |
K8S-007 |
Container runAsNonRoot not true / runAsUser is 0 | HIGH | Kubernetes | 🔧 fix |
K8S-013 |
Pod uses a hostPath volume | HIGH | Kubernetes | 🔧 fix |
K8S-014 |
Pod hostPath references a sensitive host directory | CRITICAL | Kubernetes | |
K8S-028 |
Container declares hostPort | MEDIUM | Kubernetes | 🔧 fix |
K8S-030 |
Workload schedules onto a control-plane node | HIGH | Kubernetes | 🔧 fix |
K8S-035 |
Container securityContext.runAsUser is 0 | HIGH | Kubernetes | |
K8S-039 |
Pod uses shareProcessNamespace: true | MEDIUM | Kubernetes | |
K8S-040 |
Container securityContext.procMount: Unmasked | HIGH | Kubernetes | |
TKN-002 |
Tekton step runs privileged or as root | HIGH | Tekton | |
TKN-004 |
Tekton Task mounts hostPath or shares host namespaces | CRITICAL | Tekton | |
TKN-013 |
Tekton sidecar runs privileged or as root | HIGH | Tekton |
DE-1: Bypass review using admin permission
Evidenced by 41 checks across 10 providers (AWS, Azure DevOps, Bitbucket, Buildkite, CircleCI, GitHub Actions, GitLab CI, Harness CI/CD, Jenkins, SCM).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-004 |
Deployment job missing environment binding | MEDIUM | Azure DevOps | |
ADO-038 |
Agentic CLI output lands without human review | HIGH | Azure DevOps | |
BB-004 |
Deploy step missing deployment: environment gate |
MEDIUM | Bitbucket | |
BB-039 |
Agentic CLI output lands without human review | HIGH | Bitbucket | |
BK-007 |
Deploy step not gated by a manual block / input | MEDIUM | Buildkite | |
BK-013 |
Deploy step has no branches: filter | MEDIUM | Buildkite | |
CC-009 |
Deploy job missing manual approval gate | MEDIUM | CircleCI | |
CC-013 |
Deploy job in workflow has no branch filter | MEDIUM | CircleCI | |
CC-030 |
Workflow job uses context without branch filter or approval gate | MEDIUM | CircleCI | |
CC-038 |
Agentic CLI output lands without human review | HIGH | CircleCI | |
CCM-001 |
CodeCommit repository has no approval rule template attached | HIGH | AWS | |
CD-001 |
Automatic rollback on failure not enabled | MEDIUM | AWS | |
CD-002 |
AllAtOnce deployment config, no canary or rolling strategy | HIGH | AWS | |
CP-001 |
No approval action before deploy stages | HIGH | AWS | |
CP-005 |
Production Deploy stage has no preceding ManualApproval | MEDIUM | AWS | |
GHA-014 |
Deploy job missing environment binding | MEDIUM | GitHub Actions | 🔧 fix |
GHA-086 |
Wildcard branch trigger gates an environment-bound deploy | MEDIUM | GitHub Actions | |
GHA-112 |
Self-hosted deploy job not gated by a protected environment | HIGH | GitHub Actions | |
GHA-123 |
Agentic CLI output lands without human review | HIGH | GitHub Actions | |
GL-004 |
Deploy job lacks manual approval or environment gate | MEDIUM | GitLab CI | |
GL-029 |
Manual deploy job defaults to allow_failure: true | MEDIUM | GitLab CI | |
GL-049 |
Agentic CLI output lands without human review | HIGH | GitLab CI | |
HARNESS-009 |
Agentic CLI output lands without human review | HIGH | Harness CI/CD | |
JF-005 |
Deploy stage missing manual input approval |
MEDIUM | Jenkins | |
JF-024 |
input approval step missing submitter restriction |
MEDIUM | Jenkins | |
JF-026 |
build job: trigger ignores downstream failure |
MEDIUM | Jenkins | |
JF-038 |
Agentic CLI output lands without human review | HIGH | Jenkins | |
SCM-002 |
Default branch protection does not require pull request reviews | HIGH | SCM | |
SCM-010 |
Branch protection allows administrators to bypass | HIGH | SCM | |
SCM-011 |
Default branch protection does not require CODEOWNERS reviews | MEDIUM | SCM | |
SCM-013 |
Default branch protection does not require conversation resolution | LOW | SCM | |
SCM-014 |
Default branch protection does not require approval of the most recent push | MEDIUM | SCM | |
SCM-018 |
Required PR reviews can be bypassed by named identities | MEDIUM | SCM | |
SCM-019 |
Push restrictions allowlist names individual users | LOW | SCM | |
SCM-023 |
Deployment environment lacks required-reviewer protection | HIGH | SCM | |
SCM-024 |
Deployment environment can deploy from any branch | MEDIUM | SCM | |
SCM-028 |
Private repo allows forking | MEDIUM | SCM | |
SCM-029 |
Repository ruleset is in evaluate / disabled mode (not enforced) | MEDIUM | SCM | |
SCM-030 |
Repository ruleset has bypass actor with bypass_mode: always | HIGH | SCM | |
SCM-032 |
Active ruleset doesn't require a PR review (governance theater) | HIGH | SCM | |
SCM-044 |
Default-branch signed-commits requirement bypassed for admins | MEDIUM | SCM |
DE-2: SaaS sprawl
Evidenced by 1 check across SCM.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
SCM-022 |
Repo Actions permissions allow any source (no allow-list) | MEDIUM | SCM |
DE-3: Misconfigured audit log settings
Evidenced by 33 checks across 7 providers (AWS, CircleCI, Cloud Build, Dockerfile, GitHub Actions, Jenkins, SCM).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
CA-000 |
CodeArtifact API access failed | INFO | AWS | |
CB-000 |
CodeBuild API access failed | INFO | AWS | |
CB-003 |
Build logging not enabled | MEDIUM | AWS | |
CC-011 |
No store_test_results step (test results not archived) | LOW | CircleCI | |
CCM-000 |
CodeCommit API access failed | INFO | AWS | |
CD-000 |
CodeDeploy API access failed | INFO | AWS | |
CD-003 |
No CloudWatch alarm monitoring on deployment group | MEDIUM | AWS | |
CP-000 |
CodePipeline API access failed | INFO | AWS | |
CT-000 |
CloudTrail API access failed | INFO | AWS | |
CT-001 |
No active CloudTrail trail in region | HIGH | AWS | |
CT-002 |
CloudTrail log-file validation disabled | MEDIUM | AWS | |
CT-003 |
CloudTrail trail is not multi-region | MEDIUM | AWS | |
CWL-000 |
CloudWatch Logs API access failed | INFO | AWS | |
CWL-001 |
CodeBuild log group has no retention policy | LOW | AWS | |
DF-007 |
No HEALTHCHECK directive declared | LOW | Dockerfile | 🔧 fix |
EB-000 |
EventBridge API access failed | INFO | AWS | |
ECR-000 |
ECR API access failed | INFO | AWS | |
GCB-014 |
Build logging disabled (options.logging: NONE) | HIGH | Cloud Build | 🔧 fix |
GCB-025 |
Build has no tags for audit / discoverability | LOW | Cloud Build | |
GHA-087 |
Derived value of a secret printed to the build log | HIGH | GitHub Actions | |
IAM-000 |
IAM API access failed | INFO | AWS | |
JF-011 |
Pipeline has no buildDiscarder retention policy |
LOW | Jenkins | 🔧 fix |
KMS-000 |
KMS API access failed | INFO | AWS | |
LMB-000 |
Lambda API access failed | INFO | AWS | |
PBAC-000 |
PBAC enumeration failed | INFO | AWS | |
S3-000 |
S3 API access failed | INFO | AWS | |
S3-004 |
Artifact bucket access logging not enabled | LOW | AWS | |
SCM-003 |
GitHub default code scanning is not enabled | MEDIUM | SCM | |
SCM-045 |
Default code scanning uses the limited query suite | LOW | SCM | |
SCM-046 |
Default code scanning is configured but paused | MEDIUM | SCM | |
SCM-047 |
Repo language excluded from default code-scanning coverage | MEDIUM | SCM | |
SM-000 |
Secrets Manager API access failed | INFO | AWS | |
SSM-000 |
SSM Parameter Store API access failed | INFO | AWS |
DE-4: Misconfiguration of security measures
Evidenced by 92 checks across 19 providers (AWS, Argo CD, Argo Workflows, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, Dockerfile, Drone CI, GitHub Actions, GitLab CI, Harness CI/CD, Helm, Jenkins, Kubernetes, OCI manifest, SCM, Tekton).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-006 |
Artifacts not signed | MEDIUM | Azure DevOps | |
ADO-007 |
SBOM not produced | MEDIUM | Azure DevOps | |
ADO-024 |
No SLSA provenance attestation produced | MEDIUM | Azure DevOps | |
ARGO-009 |
Artifacts not signed (no cosign/sigstore step) | MEDIUM | Argo Workflows | |
ARGO-010 |
No SBOM generated for build artifacts | MEDIUM | Argo Workflows | |
ARGO-011 |
No SLSA provenance attestation produced | MEDIUM | Argo Workflows | |
ARGOCD-003 |
Argo CD Application auto-sync prunes without selfHeal guardrail | MEDIUM | Argo CD | |
ATTEST-001 |
SLSA provenance attests an untrusted builder identity | HIGH | OCI manifest | |
ATTEST-002 |
SLSA provenance source-repo claim is missing or unverifiable | HIGH | OCI manifest | |
ATTEST-003 |
SBOM contains floating-version dependencies | MEDIUM | OCI manifest | |
ATTEST-004 |
SLSA provenance ships without a resolved-dependencies set | MEDIUM | OCI manifest | |
ATTEST-005 |
In-toto Statement subject is missing or unpinned | HIGH | OCI manifest | |
ATTEST-006 |
SLSA provenance lacks a meaningful buildType | MEDIUM | OCI manifest | |
ATTEST-007 |
SBOM packages lack supplier / originator attribution | LOW | OCI manifest | |
BB-006 |
Artifacts not signed | MEDIUM | Bitbucket | |
BB-007 |
SBOM not produced | MEDIUM | Bitbucket | |
BB-024 |
No SLSA provenance attestation produced | MEDIUM | Bitbucket | |
BK-009 |
Artifacts not signed (no cosign/sigstore step) | MEDIUM | Buildkite | |
BK-010 |
No SBOM generated for build artifacts | MEDIUM | Buildkite | |
BK-011 |
No SLSA provenance attestation produced | MEDIUM | Buildkite | |
CC-006 |
Artifacts not signed (no cosign/sigstore step) | MEDIUM | CircleCI | |
CC-007 |
SBOM not produced (no CycloneDX/syft/Trivy-SBOM step) | MEDIUM | CircleCI | |
CC-024 |
No SLSA provenance attestation produced | MEDIUM | CircleCI | |
CCM-002 |
CodeCommit repository not encrypted with customer KMS CMK | MEDIUM | AWS | |
DF-011 |
Package manager install without cache cleanup in same layer | LOW | Dockerfile | |
DF-016 |
Image lacks OCI provenance labels | LOW | Dockerfile | |
DR-019 |
Artifacts not signed (no cosign/sigstore step) | MEDIUM | Drone CI | |
DR-020 |
No SBOM produced (no syft / cyclonedx step) | MEDIUM | Drone CI | |
DR-021 |
No SLSA provenance attestation produced | MEDIUM | Drone CI | |
ECR-004 |
No lifecycle policy configured | LOW | AWS | |
GCB-009 |
Artifacts not signed (no cosign / sigstore step) | MEDIUM | Cloud Build | |
GCB-015 |
SBOM not produced (no CycloneDX / syft / Trivy-SBOM step) | MEDIUM | Cloud Build | |
GCB-017 |
Image-producing build does not request SLSA provenance | MEDIUM | Cloud Build | |
GCB-024 |
Build pushes Docker images but top-level images: is empty | LOW | Cloud Build | |
GCB-026 |
Step waitFor: references an unknown step id | MEDIUM | Cloud Build | |
GHA-006 |
Artifacts not signed (no cosign/sigstore step) | MEDIUM | GitHub Actions | |
GHA-007 |
SBOM not produced (no CycloneDX/syft/Trivy-SBOM step) | MEDIUM | GitHub Actions | |
GHA-024 |
No SLSA provenance attestation produced | MEDIUM | GitHub Actions | |
GHA-038 |
Workflow re-enables retired ::set-env / ::add-path commands | CRITICAL | GitHub Actions | |
GHA-098 |
Pipeline deploys without a security scan gate | MEDIUM | GitHub Actions | |
GHA-100 |
cosign verify without certificate identity binding |
HIGH | GitHub Actions | |
GL-006 |
Artifacts not signed | MEDIUM | GitLab CI | |
GL-007 |
SBOM not produced | MEDIUM | GitLab CI | |
GL-024 |
No SLSA provenance attestation produced | MEDIUM | GitLab CI | |
HARNESS-015 |
Artifacts not signed (no cosign/sigstore step) | MEDIUM | Harness CI/CD | |
HARNESS-016 |
No SBOM produced (no syft / cyclonedx step) | MEDIUM | Harness CI/CD | |
HARNESS-017 |
No SLSA provenance attestation produced | MEDIUM | Harness CI/CD | |
HELM-002 |
Chart.lock missing per-dependency digests | HIGH | Helm | 🔧 fix |
HELM-005 |
Chart maintainers field empty or missing chain-of-custody info | LOW | Helm | |
HELM-006 |
Chart.yaml does not declare a kubeVersion compatibility range | LOW | Helm | |
HELM-007 |
Chart.yaml description field is empty or missing | LOW | Helm | |
HELM-010 |
Chart.yaml appVersion field is empty or missing | LOW | Helm | |
JF-006 |
Artifacts not signed | MEDIUM | Jenkins | |
JF-007 |
SBOM not produced | MEDIUM | Jenkins | |
JF-027 |
archiveArtifacts does not record a fingerprint |
LOW | Jenkins | |
JF-028 |
No SLSA provenance attestation produced | MEDIUM | Jenkins | |
K8S-015 |
Container missing resources.limits.memory | MEDIUM | Kubernetes | |
K8S-016 |
Container missing resources.limits.cpu | LOW | Kubernetes | |
K8S-022 |
Service exposes SSH (port 22) | MEDIUM | Kubernetes | |
K8S-023 |
Namespace missing Pod Security Admission enforcement label | HIGH | Kubernetes | |
K8S-031 |
Namespace missing PSA warn label | LOW | Kubernetes | |
K8S-044 |
Admission webhook fails open or mutates cluster-wide unscoped | HIGH | Kubernetes | |
LMB-001 |
Lambda function has no code-signing config | HIGH | AWS | |
OCI-001 |
Image manifest is missing OCI provenance annotations | MEDIUM | OCI manifest | |
OCI-002 |
Image is missing a build attestation manifest | HIGH | OCI manifest | |
OCI-003 |
Image manifest is missing the image.created annotation |
LOW | OCI manifest | |
OCI-005 |
Image manifest is missing the image.licenses annotation |
LOW | OCI manifest | |
OCI-006 |
Image has an excessive layer count | LOW | OCI manifest | |
OCI-007 |
Image manifest uses legacy schemaVersion 1 (no content addressing) | HIGH | OCI manifest | |
OCI-008 |
Manifest references digest using unsupported hash algorithm | HIGH | OCI manifest | |
OCI-009 |
Image manifest is missing OCI base-image annotations | MEDIUM | OCI manifest | |
SCM-006 |
Default branch protection does not require signed commits | MEDIUM | SCM | |
SCM-007 |
Default branch protection allows force-pushes | HIGH | SCM | |
SCM-008 |
Default branch protection does not require status checks | MEDIUM | SCM | |
SCM-009 |
Default branch protection allows branch deletion | HIGH | SCM | |
SCM-029 |
Repository ruleset is in evaluate / disabled mode (not enforced) | MEDIUM | SCM | |
SCM-033 |
Active ruleset doesn't require status checks | MEDIUM | SCM | |
SCM-034 |
Active ruleset doesn't block force-push | MEDIUM | SCM | |
SCM-035 |
Active ruleset doesn't block branch deletion | LOW | SCM | |
SCM-036 |
Active ruleset doesn't require signed commits | MEDIUM | SCM | |
SCM-037 |
Active ruleset's pull_request rule doesn't dismiss stale reviews | MEDIUM | SCM | |
SCM-038 |
Active ruleset doesn't require linear history | LOW | SCM | |
SCM-039 |
Active ruleset doesn't pin a required workflow | LOW | SCM | |
SCM-040 |
Active ruleset doesn't gate on code scanning results | LOW | SCM | |
SCM-041 |
Active ruleset doesn't gate on a deployment environment | LOW | SCM | |
SCM-042 |
Active ruleset doesn't require merge queue | LOW | SCM | |
SCM-043 |
Tag-targeted ruleset doesn't require signed commits | MEDIUM | SCM | |
SIGN-001 |
No AWS Signer profile defined for Lambda deploys | MEDIUM | AWS | |
SIGN-002 |
AWS Signer profile is revoked or inactive | HIGH | AWS | |
TKN-009 |
Artifacts not signed (no cosign/sigstore step) | MEDIUM | Tekton | |
TKN-010 |
No SBOM generated for build artifacts | MEDIUM | Tekton | |
TKN-011 |
No SLSA provenance attestation produced | MEDIUM | Tekton |
DE-5: Malicious compiler / interpreter
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
DE-6: Misconfigured traffic log settings
Evidenced by 2 checks across AWS.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
CW-001 |
No CloudWatch alarm on CodeBuild FailedBuilds metric | LOW | AWS | |
EB-001 |
No EventBridge rule for CodePipeline failure notifications | MEDIUM | AWS |
CA-1: Passwords in application logs
Evidenced by 1 check across Kubernetes.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
K8S-012 |
Pod automountServiceAccountToken not false | MEDIUM | Kubernetes |
CA-2: Dumping credentials from files
Evidenced by 15 checks across 6 providers (AWS, Argo CD, Cloud Build, CloudFormation, Jenkins, Terraform).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ARGOCD-005 |
Argo CD repository entry stores plaintext credentials | CRITICAL | Argo CD | |
CB-001 |
Secrets in plaintext environment variables | CRITICAL | AWS | |
CF-001 |
Template declares AWS::IAM::AccessKey (long-lived credential) | CRITICAL | CloudFormation | |
CF-002 |
Stateful data-store resource carries a plaintext secret | CRITICAL | CloudFormation | |
GCB-003 |
Secret Manager value referenced in step args | HIGH | Cloud Build | |
GCB-018 |
Legacy KMS secrets block in use (prefer availableSecrets / Secret Manager) | MEDIUM | Cloud Build | |
JF-033 |
withCredentials secret leaked via Groovy ${...} interpolation in sh step | HIGH | Jenkins | |
JF-034 |
Pipeline declares a password() build parameter | HIGH | Jenkins | |
KMS-001 |
KMS customer-managed key has rotation disabled | MEDIUM | AWS | |
SM-001 |
Secrets Manager secret has no rotation configured | HIGH | AWS | |
SM-002 |
Secrets Manager resource policy allows wildcard principal | CRITICAL | AWS | |
SSM-001 |
SSM Parameter with secret-like name is not a SecureString | HIGH | AWS | |
SSM-002 |
SSM SecureString uses the default AWS-managed key | MEDIUM | AWS | |
TF-001 |
Plan declares aws_iam_access_key (long-lived credential) | HIGH | Terraform | |
TF-002 |
Stateful data-store resource carries a plaintext secret | CRITICAL | Terraform |
CA-3: Harvest secrets from logs
Evidenced by 2 checks across GitHub Actions.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
GHA-057 |
Secret-scanner output sent to network egress | CRITICAL | GitHub Actions | |
GHA-093 |
Living-off-the-Pipeline indicators (workflow-command abuse) | HIGH | GitHub Actions |
CA-4: Dumping short-lived token
Evidenced by 2 checks across GitHub Actions.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
GHA-069 |
id-token: write granted without an OIDC-consumer step |
MEDIUM | GitHub Actions | |
GHA-115 |
id-token: write granted workflow-wide instead of job-scoped |
MEDIUM | GitHub Actions |
CA-5: Dump tokens from environment variable
Evidenced by 25 checks across 13 providers (Argo Workflows, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, Drone CI, GitHub Actions, GitLab CI, Harness CI/CD, Jenkins, SCM, Tekton).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-031 |
Secret variable echoed / printed in a script step | HIGH | Azure DevOps | |
ADO-032 |
checkout persistCredentials leaves the pipeline token in .git/config | HIGH | Azure DevOps | |
ARGO-018 |
Secret-named variable echoed / printed in a template script | HIGH | Argo Workflows | |
BB-017 |
Repository token written to persistent storage | CRITICAL | Bitbucket | 🔧 fix |
BB-019 |
after-script references secrets | HIGH | Bitbucket | |
BB-032 |
Secret-named variable echoed / printed in a script block | HIGH | Bitbucket | |
BK-017 |
Secret-named variable echoed / printed in a step command | HIGH | Buildkite | |
CC-032 |
Secret-named variable echoed / printed in a run step | HIGH | CircleCI | |
DR-018 |
Secret-named variable echoed / printed in a step command | HIGH | Drone CI | |
GCB-028 |
Secret-named variable echoed / printed in a build step | HIGH | Cloud Build | |
GHA-019 |
GITHUB_TOKEN written to persistent storage | CRITICAL | GitHub Actions | 🔧 fix |
GHA-033 |
Secret value echoed / printed in a run: block | CRITICAL | GitHub Actions | |
GHA-037 |
actions/checkout persists GITHUB_TOKEN into .git/config | HIGH | GitHub Actions | 🔧 fix |
GHA-054 |
actions/checkout with ssh-key persists SSH credential in repo | HIGH | GitHub Actions | 🔧 fix |
GHA-055 |
Reusable workflow outputs derive a secret or caller-input value | HIGH | GitHub Actions | |
GHA-072 |
Secret in env: at a wider scope than its consumer | HIGH | GitHub Actions | |
GHA-073 |
Reusable workflow declares an unused workflow_call secret |
MEDIUM | GitHub Actions | |
GL-020 |
CI_JOB_TOKEN written to persistent storage | CRITICAL | GitLab CI | 🔧 fix |
GL-036 |
Secret-named variable echoed / printed in a script block | HIGH | GitLab CI | |
GL-038 |
CI_DEBUG_TRACE / debug logging dumps secrets to the job log | HIGH | GitLab CI | |
HARNESS-013 |
Secret-named variable echoed / printed in a step command | HIGH | Harness CI/CD | |
JF-042 |
Secret-named variable echoed / printed in a build step | HIGH | Jenkins | |
SCM-048 |
Org codespace secret scoped to all repos | HIGH | SCM | |
TAINT-009 |
Environment-protected secret flows to unprotected job | HIGH | GitHub Actions | |
TKN-017 |
Secret-named variable echoed / printed in a step script | HIGH | Tekton |
CA-6: Passwords in CI/CD logs
Evidenced by 42 checks across 14 providers (Argo Workflows, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, Developer environment, Drone CI, GitHub Actions, GitLab CI, Harness CI/CD, Jenkins, SCM, Tekton).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-003 |
Variables contain literal secret values | CRITICAL | Azure DevOps | |
ADO-008 |
Credential-shaped literal in pipeline body | CRITICAL | Azure DevOps | 🔧 fix |
ADO-031 |
Secret variable echoed / printed in a script step | HIGH | Azure DevOps | |
ADO-032 |
checkout persistCredentials leaves the pipeline token in .git/config | HIGH | Azure DevOps | |
ARGO-006 |
Literal secret value in Argo template env or parameter default | CRITICAL | Argo Workflows | 🔧 fix |
ARGO-018 |
Secret-named variable echoed / printed in a template script | HIGH | Argo Workflows | |
BB-003 |
Variables contain literal secret values | CRITICAL | Bitbucket | |
BB-008 |
Credential-shaped literal in pipeline body | CRITICAL | Bitbucket | 🔧 fix |
BB-032 |
Secret-named variable echoed / printed in a script block | HIGH | Bitbucket | |
BK-002 |
Literal secret value in pipeline env block | CRITICAL | Buildkite | 🔧 fix |
BK-017 |
Secret-named variable echoed / printed in a step command | HIGH | Buildkite | |
CC-004 |
Secret-like environment variable not managed via context | MEDIUM | CircleCI | |
CC-005 |
AWS auth uses long-lived access keys in environment block | MEDIUM | CircleCI | 🔧 fix |
CC-008 |
Credential-shaped literal in config body | CRITICAL | CircleCI | 🔧 fix |
CC-032 |
Secret-named variable echoed / printed in a run step | HIGH | CircleCI | |
DEV-008 |
Credential-shaped literal in a developer-environment config | CRITICAL | Developer environment | |
DR-004 |
Literal credential in step environment / settings | CRITICAL | Drone CI | |
DR-018 |
Secret-named variable echoed / printed in a step command | HIGH | Drone CI | |
GCB-007 |
availableSecrets references versions/latest |
MEDIUM | Cloud Build | 🔧 fix |
GCB-012 |
Credential-shaped literal in pipeline body | CRITICAL | Cloud Build | 🔧 fix |
GCB-028 |
Secret-named variable echoed / printed in a build step | HIGH | Cloud Build | |
GHA-008 |
Credential-shaped literal in workflow body | CRITICAL | GitHub Actions | 🔧 fix |
GHA-033 |
Secret value echoed / printed in a run: block | CRITICAL | GitHub Actions | |
GHA-039 |
services / container credentials embedded as literal in workflow | CRITICAL | GitHub Actions | |
GHA-066 |
actions/upload-artifact path is a workspace wildcard |
HIGH | GitHub Actions | |
GHA-067 |
actions/cache writes credential-shaped paths |
HIGH | GitHub Actions | |
GHA-087 |
Derived value of a secret printed to the build log | HIGH | GitHub Actions | |
GHA-093 |
Living-off-the-Pipeline indicators (workflow-command abuse) | HIGH | GitHub Actions | |
GHA-099 |
Deployment job has a secret-shaped plaintext env var | CRITICAL | GitHub Actions | |
GL-003 |
Variables contain literal secret values | CRITICAL | GitLab CI | |
GL-008 |
Credential-shaped literal in pipeline body | CRITICAL | GitLab CI | 🔧 fix |
GL-036 |
Secret-named variable echoed / printed in a script block | HIGH | GitLab CI | |
GL-038 |
CI_DEBUG_TRACE / debug logging dumps secrets to the job log | HIGH | GitLab CI | |
HARNESS-004 |
Literal credential in a pipeline / stage variable | CRITICAL | Harness CI/CD | 🔧 fix |
HARNESS-013 |
Secret-named variable echoed / printed in a step command | HIGH | Harness CI/CD | |
JF-004 |
AWS auth uses long-lived access keys via withCredentials | MEDIUM | Jenkins | 🔧 fix |
JF-008 |
Credential-shaped literal in pipeline body | CRITICAL | Jenkins | 🔧 fix |
JF-042 |
Secret-named variable echoed / printed in a build step | HIGH | Jenkins | |
SCM-004 |
GitHub secret scanning is not enabled | HIGH | SCM | |
SCM-015 |
Secret scanning push protection is not enabled | HIGH | SCM | |
TKN-005 |
Literal secret value in Tekton step env or param default | CRITICAL | Tekton | 🔧 fix |
TKN-017 |
Secret-named variable echoed / printed in a step script | HIGH | Tekton |
CA-7: Runtime leakage of password
No checks in this scanner currently evidence this control. Open an issue if your team would value coverage.
CA-8: Steal credentials in container artifacts
Evidenced by 12 checks across 4 providers (Dockerfile, Kubernetes, NuGet, npm).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
DF-006 |
ENV or ARG carries a credential-shaped literal value | CRITICAL | Dockerfile | |
DF-019 |
COPY/ADD source path looks like a credential file | HIGH | Dockerfile | 🔧 fix |
DF-020 |
ARG declares a credential-named build argument | HIGH | Dockerfile | 🔧 fix |
DF-023 |
ENV sets a dynamic-loader hijack variable | HIGH | Dockerfile | |
DF-025 |
RUN writes a registry auth token into a Docker layer | CRITICAL | Dockerfile | |
DF-030 |
ENV NODE_OPTIONS preloads code or opens an inspector | MEDIUM | Dockerfile | |
K8S-017 |
Container env value carries a credential-shaped literal | CRITICAL | Kubernetes | |
K8S-018 |
Secret stringData/data carries a credential-shaped literal | CRITICAL | Kubernetes | |
K8S-037 |
ConfigMap data carries a credential-shaped literal | HIGH | Kubernetes | |
NPM-011 |
package.json files field includes secret-shaped paths | HIGH | npm | |
NPM-013 |
package.json files field uses an overly broad pattern | HIGH | npm | |
NUGET-010 |
NuGet.config stores a feed credential in plaintext | HIGH | NuGet |
LM-1: Push implants across repositories
Evidenced by 1 check across GitHub Actions.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
GHA-049 |
Workflow step makes a privileged git write (cross-repo or actions[bot] bypass) | HIGH | GitHub Actions |
LM-2: Overprivileged user account
Evidenced by 34 checks across 8 providers (AWS, Argo CD, Argo Workflows, Cloud Build, GitHub Actions, Kubernetes, SCM, Tekton).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ARGO-003 |
Argo workflow uses the default ServiceAccount | MEDIUM | Argo Workflows | |
ARGO-013 |
Argo workflow does not opt out of SA token automount | MEDIUM | Argo Workflows | |
ARGO-016 |
Workflow bound to a cluster-admin / over-privileged ServiceAccount | CRITICAL | Argo Workflows | |
ARGOCD-001 |
Argo CD AppProject permits any source repository | HIGH | Argo CD | |
ARGOCD-002 |
Argo CD AppProject permits any destination cluster or namespace | HIGH | Argo CD | |
ARGOCD-004 |
Argo CD RBAC policy grants wildcard authority | CRITICAL | Argo CD | |
ARGOCD-009 |
Argo CD anonymous access enabled | CRITICAL | Argo CD | |
ARGOCD-011 |
Argo CD AppProject cluster-resource whitelist is wide open | HIGH | Argo CD | |
ARGOCD-014 |
Argo CD web terminal enabled via exec.enabled | CRITICAL | Argo CD | |
CA-004 |
CodeArtifact repo policy grants codeartifact:* with Resource '*' |
HIGH | AWS | |
CB-002 |
Privileged mode enabled | HIGH | AWS | |
GCB-002 |
Cloud Build uses the default service account | HIGH | Cloud Build | |
GHA-004 |
Workflow permissions block missing or overprovisioned | MEDIUM | GitHub Actions | 🔧 fix |
GHA-061 |
GitHub App token minted without a permissions: filter |
MEDIUM | GitHub Actions | |
GHA-106 |
AI agent CLI runs with a write-scoped GITHUB_TOKEN | HIGH | GitHub Actions | |
GHA-111 |
AI agent generates IaC applied to the cloud in the same job | HIGH | GitHub Actions | |
IAM-001 |
CI/CD role has AdministratorAccess policy attached | CRITICAL | AWS | |
IAM-002 |
CI/CD role has wildcard Action in attached policy | HIGH | AWS | |
IAM-004 |
CI/CD role can PassRole to any role | HIGH | AWS | |
IAM-006 |
Sensitive actions granted with wildcard Resource | MEDIUM | AWS | |
K8S-011 |
Pod serviceAccountName unset or 'default' | MEDIUM | Kubernetes | |
K8S-019 |
Workload deployed in the 'default' namespace | LOW | Kubernetes | |
K8S-020 |
ClusterRoleBinding grants cluster-admin or system:masters | CRITICAL | Kubernetes | 🔧 fix |
K8S-021 |
Role or ClusterRole grants wildcard verbs+resources | HIGH | Kubernetes | |
K8S-025 |
System priority class used outside kube-system | HIGH | Kubernetes | |
K8S-029 |
RoleBinding grants permissions to the default ServiceAccount | HIGH | Kubernetes | 🔧 fix |
K8S-034 |
ServiceAccount automountServiceAccountToken not explicitly false | MEDIUM | Kubernetes | |
K8S-042 |
RoleBinding grants access to system:anonymous / system:unauthenticated | CRITICAL | Kubernetes | |
PBAC-002 |
CodeBuild service role shared across multiple projects | MEDIUM | AWS | |
PBAC-003 |
CodeBuild security group allows 0.0.0.0/0 all-port egress | MEDIUM | AWS | |
PBAC-005 |
CodePipeline stage action roles mirror the pipeline role | HIGH | AWS | |
SCM-020 |
Default workflow GITHUB_TOKEN has write permission | HIGH | SCM | |
SCM-027 |
Outside collaborator holds write / maintain / admin access | HIGH | SCM | |
TKN-007 |
Tekton run uses the default ServiceAccount | MEDIUM | Tekton |
COL-1: Unencrypted data in transit
Evidenced by 29 checks across 20 providers (Argo Workflows, Azure DevOps, Bitbucket, Buildkite, CircleCI, Cloud Build, Dockerfile, Drone CI, GitHub Actions, GitLab CI, Harness CI/CD, Helm, Jenkins, Kubernetes, NuGet, OCI manifest, PyPI, Tekton, maven, npm).
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
ADO-023 |
TLS / certificate verification bypass | HIGH | Azure DevOps | 🔧 fix |
ARGO-008 |
Argo script source pipes remote install or disables TLS | HIGH | Argo Workflows | 🔧 fix |
ARGO-015 |
Input artifact pulls from an insecure (non-HTTPS) URL | HIGH | Argo Workflows | |
BB-023 |
TLS / certificate verification bypass | HIGH | Bitbucket | 🔧 fix |
BK-008 |
TLS verification disabled in step command | MEDIUM | Buildkite | 🔧 fix |
CC-023 |
TLS / certificate verification bypass | HIGH | CircleCI | 🔧 fix |
DF-021 |
RUN pip install bypasses TLS or uses an HTTP index | HIGH | Dockerfile | |
DF-026 |
ENV disables Node.js TLS certificate verification | HIGH | Dockerfile | |
DF-027 |
ENV disables Python HTTPS certificate verification | HIGH | Dockerfile | |
DF-028 |
ENV disables Git TLS certificate verification | HIGH | Dockerfile | |
DF-029 |
ENV neuters Python requests CA bundle | HIGH | Dockerfile | |
DR-006 |
TLS verification disabled in step commands | HIGH | Drone CI | 🔧 fix |
GCB-011 |
TLS / certificate verification bypass | HIGH | Cloud Build | 🔧 fix |
GHA-023 |
TLS / certificate verification bypass | HIGH | GitHub Actions | 🔧 fix |
GHA-070 |
ssh-keyscan / disabled host-key check trust-on-first-use |
HIGH | GitHub Actions | |
GL-023 |
TLS / certificate verification bypass | HIGH | GitLab CI | 🔧 fix |
HARNESS-006 |
TLS verification disabled in step commands | HIGH | Harness CI/CD | 🔧 fix |
HELM-003 |
Chart dependency declared on a non-HTTPS repository | HIGH | Helm | 🔧 fix |
HELM-009 |
Chart home / sources URL uses a non-HTTPS scheme | LOW | Helm | |
JF-023 |
TLS / certificate verification bypass | HIGH | Jenkins | 🔧 fix |
JF-035 |
httpRequest step disables SSL verification | HIGH | Jenkins | |
K8S-027 |
Ingress has no TLS configuration | MEDIUM | Kubernetes | |
MVN-003 |
pom.xml declares a plaintext-HTTP Maven repository | HIGH | maven | |
NPM-005 |
package.json git dependency uses a mutable ref | HIGH | npm | |
NUGET-004 |
HTTP-only NuGet package source | HIGH | NuGet | |
OCI-004 |
Image layer references an arbitrary URL (foreign layer) | HIGH | OCI manifest | |
PYPI-003 |
requirements.txt uses an HTTP index or disables TLS verification | HIGH | PyPI | |
PYPI-018 |
requirements.txt forces source builds via --no-binary | MEDIUM | PyPI | |
TKN-008 |
Tekton step script pipes remote install or disables TLS | HIGH | Tekton | 🔧 fix |
COL-2: Unencrypted data at rest
Evidenced by 9 checks across AWS.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
CA-001 |
CodeArtifact domain has no KMS encryptionKey configured | MEDIUM | AWS | |
CP-002 |
Artifact store not encrypted with customer-managed KMS key | MEDIUM | AWS | |
CWL-002 |
CodeBuild log group not KMS-encrypted | MEDIUM | AWS | |
ECR-005 |
Repository encrypted with AES256 rather than KMS CMK | MEDIUM | AWS | |
KMS-002 |
KMS key policy grants wildcard KMS actions | HIGH | AWS | |
S3-001 |
Artifact bucket public access block not fully enabled | CRITICAL | AWS | |
S3-002 |
Artifact bucket server-side encryption not configured | HIGH | AWS | |
S3-003 |
Artifact bucket versioning not enabled | MEDIUM | AWS | |
S3-005 |
Artifact bucket missing aws:SecureTransport deny | MEDIUM | AWS |
EXF-1: Bypass of outbound traffic control
Evidenced by 1 check across GitHub Actions.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
GHA-057 |
Secret-scanner output sent to network egress | CRITICAL | GitHub Actions |
EXF-2: Source code
Evidenced by 2 checks across GitHub Actions.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
GHA-019 |
GITHUB_TOKEN written to persistent storage | CRITICAL | GitHub Actions | 🔧 fix |
GHA-066 |
actions/upload-artifact path is a workspace wildcard |
HIGH | GitHub Actions |
EXF-3: Webhook
Evidenced by 1 check across SCM.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
SCM-026 |
Webhook ships events insecurely (HTTP / no-TLS / no-secret) | HIGH | SCM |
IMP-1: Delete repositories for DoS
Evidenced by 2 checks across SCM.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
SCM-007 |
Default branch protection allows force-pushes | HIGH | SCM | |
SCM-009 |
Default branch protection allows branch deletion | HIGH | SCM |
IMP-2: Resource hijacking
Evidenced by 5 checks across Kubernetes.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
K8S-008 |
Container readOnlyRootFilesystem not true | MEDIUM | Kubernetes | 🔧 fix |
K8S-009 |
Container capabilities not dropping ALL / adding dangerous caps | HIGH | Kubernetes | |
K8S-010 |
Container seccompProfile not RuntimeDefault or Localhost | MEDIUM | Kubernetes | |
K8S-024 |
Container missing both livenessProbe and readinessProbe | MEDIUM | Kubernetes | |
K8S-033 |
Namespace lacks ResourceQuota or LimitRange | MEDIUM | Kubernetes |
IMP-3: Misconfiguration of serverless workloads
Evidenced by 4 checks across AWS.
| Check | Title | Severity | Provider | Fix |
|---|---|---|---|---|
LMB-001 |
Lambda function has no code-signing config | HIGH | AWS | |
LMB-002 |
Lambda function URL has AuthType=NONE | HIGH | AWS | |
LMB-003 |
Lambda function env vars may contain plaintext secrets | HIGH | AWS | |
LMB-004 |
Lambda resource policy allows wildcard principal | CRITICAL | AWS |
Not covered
Several OSC&R techniques describe attacker-side actions that a CI/CD configuration scanner cannot detect:
- Reconnaissance (REC-1, REC-3, REC-4, REC-5, REC-7, REC-8, REC-9): discovering naming conventions, technology stacks, coding flaws, and internal artifact names are attacker-side information gathering.
- Resource Development (RD-2, RD-6): creating registry accounts and advertising malicious artifacts are attacker-side prep.
- Initial Access (IA-2, IA-12, IA-14, IA-15): malicious IDE extensions, exposed internal APIs, compromised developer workstations, and exposed databases require runtime or network telemetry.
- Execution (EX-2, EX-3, EX-4, EX-5, EX-7, EX-8, EX-10): runtime logic bombs, IDE execution, runtime backdoors, package-manager exploitation, SQL injection, XSS, and cloud workload abuse are application-security or runtime concerns.
- Persistence (PER-5, PER-7): untagged cloud resources and zombie instances require cloud-inventory introspection.
- Credential Access (CA-1, CA-7): application-level password logging and runtime credential leakage require runtime telemetry.
- Defense Evasion (DE-2, DE-5): SaaS sprawl and malicious compilers require asset-inventory and build-tool-chain introspection.
- Exfiltration (EXF-1): outbound traffic bypass requires network telemetry.
- Impact (IMP-1 partial): repository deletion is partially covered via SCM branch-protection rules.
This page is generated. Edit pipeline_check/core/standards/data/oscr.py (mappings) or scripts/gen_standards_docs.py (intro / per-control prose) and run python scripts/gen_standards_docs.py oscr.