From fc8787bd319639cb118e0245b6b785c294d7107c Mon Sep 17 00:00:00 2001 From: Ulrich Grave Date: Tue, 18 Oct 2022 14:38:25 +0200 Subject: [PATCH] feat(terraform): add versioned kubernetes resources to terraform kubernetes checks (1/5) (#3653) Add versioned kubernetes resources to terraform kubernetes checks (Part 1/5) --- docs/5.Policy Index/all.md | 2120 +++++++++++++++--------------- docs/5.Policy Index/terraform.md | 334 ++--- 2 files changed, 1233 insertions(+), 1221 deletions(-) diff --git a/docs/5.Policy Index/all.md b/docs/5.Policy Index/all.md index dda5f404bc6..4c5815c8f66 100644 --- a/docs/5.Policy Index/all.md +++ b/docs/5.Policy Index/all.md @@ -1807,1063 +1807,1069 @@ nav_order: 1 | 1796 | CKV_K8S_10 | resource | ReplicationController | CPU requests should be set | Kubernetes | | 1797 | CKV_K8S_10 | resource | StatefulSet | CPU requests should be set | Kubernetes | | 1798 | CKV_K8S_10 | resource | kubernetes_pod | CPU requests should be set | Terraform | -| 1799 | CKV_K8S_11 | resource | CronJob | CPU limits should be set | Kubernetes | -| 1800 | CKV_K8S_11 | resource | DaemonSet | CPU limits should be set | Kubernetes | -| 1801 | CKV_K8S_11 | resource | Deployment | CPU limits should be set | Kubernetes | -| 1802 | CKV_K8S_11 | resource | DeploymentConfig | CPU limits should be set | Kubernetes | -| 1803 | CKV_K8S_11 | resource | Job | CPU limits should be set | Kubernetes | -| 1804 | CKV_K8S_11 | resource | Pod | CPU limits should be set | Kubernetes | -| 1805 | CKV_K8S_11 | resource | PodTemplate | CPU limits should be set | Kubernetes | -| 1806 | CKV_K8S_11 | resource | ReplicaSet | CPU limits should be set | Kubernetes | -| 1807 | CKV_K8S_11 | resource | ReplicationController | CPU limits should be set | Kubernetes | -| 1808 | CKV_K8S_11 | resource | StatefulSet | CPU limits should be set | Kubernetes | -| 1809 | CKV_K8S_11 | resource | kubernetes_pod | CPU Limits should be set | Terraform | -| 1810 | CKV_K8S_12 | resource | CronJob | Memory requests should be set | Kubernetes | -| 1811 | CKV_K8S_12 | resource | DaemonSet | Memory requests should be set | Kubernetes | -| 1812 | CKV_K8S_12 | resource | Deployment | Memory requests should be set | Kubernetes | -| 1813 | CKV_K8S_12 | resource | DeploymentConfig | Memory requests should be set | Kubernetes | -| 1814 | CKV_K8S_12 | resource | Job | Memory requests should be set | Kubernetes | -| 1815 | CKV_K8S_12 | resource | Pod | Memory requests should be set | Kubernetes | -| 1816 | CKV_K8S_12 | resource | PodTemplate | Memory requests should be set | Kubernetes | -| 1817 | CKV_K8S_12 | resource | ReplicaSet | Memory requests should be set | Kubernetes | -| 1818 | CKV_K8S_12 | resource | ReplicationController | Memory requests should be set | Kubernetes | -| 1819 | CKV_K8S_12 | resource | StatefulSet | Memory requests should be set | Kubernetes | -| 1820 | CKV_K8S_12 | resource | kubernetes_pod | Memory Limits should be set | Terraform | -| 1821 | CKV_K8S_13 | resource | CronJob | Memory limits should be set | Kubernetes | -| 1822 | CKV_K8S_13 | resource | DaemonSet | Memory limits should be set | Kubernetes | -| 1823 | CKV_K8S_13 | resource | Deployment | Memory limits should be set | Kubernetes | -| 1824 | CKV_K8S_13 | resource | DeploymentConfig | Memory limits should be set | Kubernetes | -| 1825 | CKV_K8S_13 | resource | Job | Memory limits should be set | Kubernetes | -| 1826 | CKV_K8S_13 | resource | Pod | Memory limits should be set | Kubernetes | -| 1827 | CKV_K8S_13 | resource | PodTemplate | Memory limits should be set | Kubernetes | -| 1828 | CKV_K8S_13 | resource | ReplicaSet | Memory limits should be set | Kubernetes | -| 1829 | CKV_K8S_13 | resource | ReplicationController | Memory limits should be set | Kubernetes | -| 1830 | CKV_K8S_13 | resource | StatefulSet | Memory limits should be set | Kubernetes | -| 1831 | CKV_K8S_13 | resource | kubernetes_pod | Memory requests should be set | Terraform | -| 1832 | CKV_K8S_14 | resource | CronJob | Image Tag should be fixed - not latest or blank | Kubernetes | -| 1833 | CKV_K8S_14 | resource | DaemonSet | Image Tag should be fixed - not latest or blank | Kubernetes | -| 1834 | CKV_K8S_14 | resource | Deployment | Image Tag should be fixed - not latest or blank | Kubernetes | -| 1835 | CKV_K8S_14 | resource | DeploymentConfig | Image Tag should be fixed - not latest or blank | Kubernetes | -| 1836 | CKV_K8S_14 | resource | Job | Image Tag should be fixed - not latest or blank | Kubernetes | -| 1837 | CKV_K8S_14 | resource | Pod | Image Tag should be fixed - not latest or blank | Kubernetes | -| 1838 | CKV_K8S_14 | resource | PodTemplate | Image Tag should be fixed - not latest or blank | Kubernetes | -| 1839 | CKV_K8S_14 | resource | ReplicaSet | Image Tag should be fixed - not latest or blank | Kubernetes | -| 1840 | CKV_K8S_14 | resource | ReplicationController | Image Tag should be fixed - not latest or blank | Kubernetes | -| 1841 | CKV_K8S_14 | resource | StatefulSet | Image Tag should be fixed - not latest or blank | Kubernetes | -| 1842 | CKV_K8S_14 | resource | kubernetes_pod | Image Tag should be fixed - not latest or blank | Terraform | -| 1843 | CKV_K8S_15 | resource | CronJob | Image Pull Policy should be Always | Kubernetes | -| 1844 | CKV_K8S_15 | resource | DaemonSet | Image Pull Policy should be Always | Kubernetes | -| 1845 | CKV_K8S_15 | resource | Deployment | Image Pull Policy should be Always | Kubernetes | -| 1846 | CKV_K8S_15 | resource | DeploymentConfig | Image Pull Policy should be Always | Kubernetes | -| 1847 | CKV_K8S_15 | resource | Job | Image Pull Policy should be Always | Kubernetes | -| 1848 | CKV_K8S_15 | resource | Pod | Image Pull Policy should be Always | Kubernetes | -| 1849 | CKV_K8S_15 | resource | PodTemplate | Image Pull Policy should be Always | Kubernetes | -| 1850 | CKV_K8S_15 | resource | ReplicaSet | Image Pull Policy should be Always | Kubernetes | -| 1851 | CKV_K8S_15 | resource | ReplicationController | Image Pull Policy should be Always | Kubernetes | -| 1852 | CKV_K8S_15 | resource | StatefulSet | Image Pull Policy should be Always | Kubernetes | -| 1853 | CKV_K8S_15 | resource | kubernetes_pod | Image Pull Policy should be Always | Terraform | -| 1854 | CKV_K8S_16 | resource | CronJob | Container should not be privileged | Kubernetes | -| 1855 | CKV_K8S_16 | resource | DaemonSet | Container should not be privileged | Kubernetes | -| 1856 | CKV_K8S_16 | resource | Deployment | Container should not be privileged | Kubernetes | -| 1857 | CKV_K8S_16 | resource | DeploymentConfig | Container should not be privileged | Kubernetes | -| 1858 | CKV_K8S_16 | resource | Job | Container should not be privileged | Kubernetes | -| 1859 | CKV_K8S_16 | resource | Pod | Container should not be privileged | Kubernetes | -| 1860 | CKV_K8S_16 | resource | PodTemplate | Container should not be privileged | Kubernetes | -| 1861 | CKV_K8S_16 | resource | ReplicaSet | Container should not be privileged | Kubernetes | -| 1862 | CKV_K8S_16 | resource | ReplicationController | Container should not be privileged | Kubernetes | -| 1863 | CKV_K8S_16 | resource | StatefulSet | Container should not be privileged | Kubernetes | -| 1864 | CKV_K8S_16 | resource | kubernetes_pod | Do not admit privileged containers | Terraform | -| 1865 | CKV_K8S_17 | resource | CronJob | Containers should not share the host process ID namespace | Kubernetes | -| 1866 | CKV_K8S_17 | resource | DaemonSet | Containers should not share the host process ID namespace | Kubernetes | -| 1867 | CKV_K8S_17 | resource | Deployment | Containers should not share the host process ID namespace | Kubernetes | -| 1868 | CKV_K8S_17 | resource | Job | Containers should not share the host process ID namespace | Kubernetes | -| 1869 | CKV_K8S_17 | resource | Pod | Containers should not share the host process ID namespace | Kubernetes | -| 1870 | CKV_K8S_17 | resource | ReplicaSet | Containers should not share the host process ID namespace | Kubernetes | -| 1871 | CKV_K8S_17 | resource | ReplicationController | Containers should not share the host process ID namespace | Kubernetes | -| 1872 | CKV_K8S_17 | resource | StatefulSet | Containers should not share the host process ID namespace | Kubernetes | -| 1873 | CKV_K8S_17 | resource | kubernetes_pod | Do not admit containers wishing to share the host process ID namespace | Terraform | -| 1874 | CKV_K8S_18 | resource | CronJob | Containers should not share the host IPC namespace | Kubernetes | -| 1875 | CKV_K8S_18 | resource | DaemonSet | Containers should not share the host IPC namespace | Kubernetes | -| 1876 | CKV_K8S_18 | resource | Deployment | Containers should not share the host IPC namespace | Kubernetes | -| 1877 | CKV_K8S_18 | resource | Job | Containers should not share the host IPC namespace | Kubernetes | -| 1878 | CKV_K8S_18 | resource | Pod | Containers should not share the host IPC namespace | Kubernetes | -| 1879 | CKV_K8S_18 | resource | ReplicaSet | Containers should not share the host IPC namespace | Kubernetes | -| 1880 | CKV_K8S_18 | resource | ReplicationController | Containers should not share the host IPC namespace | Kubernetes | -| 1881 | CKV_K8S_18 | resource | StatefulSet | Containers should not share the host IPC namespace | Kubernetes | -| 1882 | CKV_K8S_18 | resource | kubernetes_pod | Do not admit containers wishing to share the host IPC namespace | Terraform | -| 1883 | CKV_K8S_19 | resource | CronJob | Containers should not share the host network namespace | Kubernetes | -| 1884 | CKV_K8S_19 | resource | DaemonSet | Containers should not share the host network namespace | Kubernetes | -| 1885 | CKV_K8S_19 | resource | Deployment | Containers should not share the host network namespace | Kubernetes | -| 1886 | CKV_K8S_19 | resource | Job | Containers should not share the host network namespace | Kubernetes | -| 1887 | CKV_K8S_19 | resource | Pod | Containers should not share the host network namespace | Kubernetes | -| 1888 | CKV_K8S_19 | resource | ReplicaSet | Containers should not share the host network namespace | Kubernetes | -| 1889 | CKV_K8S_19 | resource | ReplicationController | Containers should not share the host network namespace | Kubernetes | -| 1890 | CKV_K8S_19 | resource | StatefulSet | Containers should not share the host network namespace | Kubernetes | -| 1891 | CKV_K8S_19 | resource | kubernetes_pod | Do not admit containers wishing to share the host network namespace | Terraform | -| 1892 | CKV_K8S_20 | resource | CronJob | Containers should not run with allowPrivilegeEscalation | Kubernetes | -| 1893 | CKV_K8S_20 | resource | DaemonSet | Containers should not run with allowPrivilegeEscalation | Kubernetes | -| 1894 | CKV_K8S_20 | resource | Deployment | Containers should not run with allowPrivilegeEscalation | Kubernetes | -| 1895 | CKV_K8S_20 | resource | DeploymentConfig | Containers should not run with allowPrivilegeEscalation | Kubernetes | -| 1896 | CKV_K8S_20 | resource | Job | Containers should not run with allowPrivilegeEscalation | Kubernetes | -| 1897 | CKV_K8S_20 | resource | Pod | Containers should not run with allowPrivilegeEscalation | Kubernetes | -| 1898 | CKV_K8S_20 | resource | PodTemplate | Containers should not run with allowPrivilegeEscalation | Kubernetes | -| 1899 | CKV_K8S_20 | resource | ReplicaSet | Containers should not run with allowPrivilegeEscalation | Kubernetes | -| 1900 | CKV_K8S_20 | resource | ReplicationController | Containers should not run with allowPrivilegeEscalation | Kubernetes | -| 1901 | CKV_K8S_20 | resource | StatefulSet | Containers should not run with allowPrivilegeEscalation | Kubernetes | -| 1902 | CKV_K8S_20 | resource | kubernetes_pod | Containers should not run with allowPrivilegeEscalation | Terraform | -| 1903 | CKV_K8S_21 | resource | ConfigMap | The default namespace should not be used | Kubernetes | -| 1904 | CKV_K8S_21 | resource | CronJob | The default namespace should not be used | Kubernetes | -| 1905 | CKV_K8S_21 | resource | DaemonSet | The default namespace should not be used | Kubernetes | -| 1906 | CKV_K8S_21 | resource | Deployment | The default namespace should not be used | Kubernetes | -| 1907 | CKV_K8S_21 | resource | Ingress | The default namespace should not be used | Kubernetes | -| 1908 | CKV_K8S_21 | resource | Job | The default namespace should not be used | Kubernetes | -| 1909 | CKV_K8S_21 | resource | Pod | The default namespace should not be used | Kubernetes | -| 1910 | CKV_K8S_21 | resource | ReplicaSet | The default namespace should not be used | Kubernetes | -| 1911 | CKV_K8S_21 | resource | ReplicationController | The default namespace should not be used | Kubernetes | -| 1912 | CKV_K8S_21 | resource | Role | The default namespace should not be used | Kubernetes | -| 1913 | CKV_K8S_21 | resource | RoleBinding | The default namespace should not be used | Kubernetes | -| 1914 | CKV_K8S_21 | resource | Secret | The default namespace should not be used | Kubernetes | -| 1915 | CKV_K8S_21 | resource | Service | The default namespace should not be used | Kubernetes | -| 1916 | CKV_K8S_21 | resource | ServiceAccount | The default namespace should not be used | Kubernetes | -| 1917 | CKV_K8S_21 | resource | StatefulSet | The default namespace should not be used | Kubernetes | -| 1918 | CKV_K8S_21 | resource | kubernetes_config_map | The default namespace should not be used | Terraform | -| 1919 | CKV_K8S_21 | resource | kubernetes_cron_job | The default namespace should not be used | Terraform | -| 1920 | CKV_K8S_21 | resource | kubernetes_daemonset | The default namespace should not be used | Terraform | -| 1921 | CKV_K8S_21 | resource | kubernetes_deployment | The default namespace should not be used | Terraform | -| 1922 | CKV_K8S_21 | resource | kubernetes_ingress | The default namespace should not be used | Terraform | -| 1923 | CKV_K8S_21 | resource | kubernetes_job | The default namespace should not be used | Terraform | -| 1924 | CKV_K8S_21 | resource | kubernetes_pod | The default namespace should not be used | Terraform | -| 1925 | CKV_K8S_21 | resource | kubernetes_replication_controller | The default namespace should not be used | Terraform | -| 1926 | CKV_K8S_21 | resource | kubernetes_role_binding | The default namespace should not be used | Terraform | -| 1927 | CKV_K8S_21 | resource | kubernetes_secret | The default namespace should not be used | Terraform | -| 1928 | CKV_K8S_21 | resource | kubernetes_service | The default namespace should not be used | Terraform | -| 1929 | CKV_K8S_21 | resource | kubernetes_service_account | The default namespace should not be used | Terraform | -| 1930 | CKV_K8S_21 | resource | kubernetes_stateful_set | The default namespace should not be used | Terraform | -| 1931 | CKV_K8S_22 | resource | CronJob | Use read-only filesystem for containers where possible | Kubernetes | -| 1932 | CKV_K8S_22 | resource | DaemonSet | Use read-only filesystem for containers where possible | Kubernetes | -| 1933 | CKV_K8S_22 | resource | Deployment | Use read-only filesystem for containers where possible | Kubernetes | -| 1934 | CKV_K8S_22 | resource | DeploymentConfig | Use read-only filesystem for containers where possible | Kubernetes | -| 1935 | CKV_K8S_22 | resource | Job | Use read-only filesystem for containers where possible | Kubernetes | -| 1936 | CKV_K8S_22 | resource | Pod | Use read-only filesystem for containers where possible | Kubernetes | -| 1937 | CKV_K8S_22 | resource | PodTemplate | Use read-only filesystem for containers where possible | Kubernetes | -| 1938 | CKV_K8S_22 | resource | ReplicaSet | Use read-only filesystem for containers where possible | Kubernetes | -| 1939 | CKV_K8S_22 | resource | ReplicationController | Use read-only filesystem for containers where possible | Kubernetes | -| 1940 | CKV_K8S_22 | resource | StatefulSet | Use read-only filesystem for containers where possible | Kubernetes | -| 1941 | CKV_K8S_22 | resource | kubernetes_pod | Use read-only filesystem for containers where possible | Terraform | -| 1942 | CKV_K8S_23 | resource | CronJob | Minimize the admission of root containers | Kubernetes | -| 1943 | CKV_K8S_23 | resource | DaemonSet | Minimize the admission of root containers | Kubernetes | -| 1944 | CKV_K8S_23 | resource | Deployment | Minimize the admission of root containers | Kubernetes | -| 1945 | CKV_K8S_23 | resource | Job | Minimize the admission of root containers | Kubernetes | -| 1946 | CKV_K8S_23 | resource | Pod | Minimize the admission of root containers | Kubernetes | -| 1947 | CKV_K8S_23 | resource | ReplicaSet | Minimize the admission of root containers | Kubernetes | -| 1948 | CKV_K8S_23 | resource | ReplicationController | Minimize the admission of root containers | Kubernetes | -| 1949 | CKV_K8S_23 | resource | StatefulSet | Minimize the admission of root containers | Kubernetes | -| 1950 | CKV_K8S_24 | resource | PodSecurityPolicy | Do not allow containers with added capability | Kubernetes | -| 1951 | CKV_K8S_24 | resource | kubernetes_pod_security_policy | Do not allow containers with added capability | Terraform | -| 1952 | CKV_K8S_25 | resource | CronJob | Minimize the admission of containers with added capability | Kubernetes | -| 1953 | CKV_K8S_25 | resource | DaemonSet | Minimize the admission of containers with added capability | Kubernetes | -| 1954 | CKV_K8S_25 | resource | Deployment | Minimize the admission of containers with added capability | Kubernetes | -| 1955 | CKV_K8S_25 | resource | DeploymentConfig | Minimize the admission of containers with added capability | Kubernetes | -| 1956 | CKV_K8S_25 | resource | Job | Minimize the admission of containers with added capability | Kubernetes | -| 1957 | CKV_K8S_25 | resource | Pod | Minimize the admission of containers with added capability | Kubernetes | -| 1958 | CKV_K8S_25 | resource | PodTemplate | Minimize the admission of containers with added capability | Kubernetes | -| 1959 | CKV_K8S_25 | resource | ReplicaSet | Minimize the admission of containers with added capability | Kubernetes | -| 1960 | CKV_K8S_25 | resource | ReplicationController | Minimize the admission of containers with added capability | Kubernetes | -| 1961 | CKV_K8S_25 | resource | StatefulSet | Minimize the admission of containers with added capability | Kubernetes | -| 1962 | CKV_K8S_25 | resource | kubernetes_pod | Minimize the admission of containers with added capability | Terraform | -| 1963 | CKV_K8S_26 | resource | CronJob | Do not specify hostPort unless absolutely necessary | Kubernetes | -| 1964 | CKV_K8S_26 | resource | DaemonSet | Do not specify hostPort unless absolutely necessary | Kubernetes | -| 1965 | CKV_K8S_26 | resource | Deployment | Do not specify hostPort unless absolutely necessary | Kubernetes | -| 1966 | CKV_K8S_26 | resource | DeploymentConfig | Do not specify hostPort unless absolutely necessary | Kubernetes | -| 1967 | CKV_K8S_26 | resource | Job | Do not specify hostPort unless absolutely necessary | Kubernetes | -| 1968 | CKV_K8S_26 | resource | Pod | Do not specify hostPort unless absolutely necessary | Kubernetes | -| 1969 | CKV_K8S_26 | resource | PodTemplate | Do not specify hostPort unless absolutely necessary | Kubernetes | -| 1970 | CKV_K8S_26 | resource | ReplicaSet | Do not specify hostPort unless absolutely necessary | Kubernetes | -| 1971 | CKV_K8S_26 | resource | ReplicationController | Do not specify hostPort unless absolutely necessary | Kubernetes | -| 1972 | CKV_K8S_26 | resource | StatefulSet | Do not specify hostPort unless absolutely necessary | Kubernetes | -| 1973 | CKV_K8S_26 | resource | kubernetes_pod | Do not specify hostPort unless absolutely necessary | Terraform | -| 1974 | CKV_K8S_27 | resource | CronJob | Do not expose the docker daemon socket to containers | Kubernetes | -| 1975 | CKV_K8S_27 | resource | DaemonSet | Do not expose the docker daemon socket to containers | Kubernetes | -| 1976 | CKV_K8S_27 | resource | Deployment | Do not expose the docker daemon socket to containers | Kubernetes | -| 1977 | CKV_K8S_27 | resource | Job | Do not expose the docker daemon socket to containers | Kubernetes | -| 1978 | CKV_K8S_27 | resource | Pod | Do not expose the docker daemon socket to containers | Kubernetes | -| 1979 | CKV_K8S_27 | resource | ReplicaSet | Do not expose the docker daemon socket to containers | Kubernetes | -| 1980 | CKV_K8S_27 | resource | ReplicationController | Do not expose the docker daemon socket to containers | Kubernetes | -| 1981 | CKV_K8S_27 | resource | StatefulSet | Do not expose the docker daemon socket to containers | Kubernetes | -| 1982 | CKV_K8S_27 | resource | kubernetes_daemonset | Do not expose the docker daemon socket to containers | Terraform | -| 1983 | CKV_K8S_27 | resource | kubernetes_deployment | Do not expose the docker daemon socket to containers | Terraform | -| 1984 | CKV_K8S_27 | resource | kubernetes_pod | Do not expose the docker daemon socket to containers | Terraform | -| 1985 | CKV_K8S_28 | resource | CronJob | Minimize the admission of containers with the NET_RAW capability | Kubernetes | -| 1986 | CKV_K8S_28 | resource | DaemonSet | Minimize the admission of containers with the NET_RAW capability | Kubernetes | -| 1987 | CKV_K8S_28 | resource | Deployment | Minimize the admission of containers with the NET_RAW capability | Kubernetes | -| 1988 | CKV_K8S_28 | resource | DeploymentConfig | Minimize the admission of containers with the NET_RAW capability | Kubernetes | -| 1989 | CKV_K8S_28 | resource | Job | Minimize the admission of containers with the NET_RAW capability | Kubernetes | -| 1990 | CKV_K8S_28 | resource | Pod | Minimize the admission of containers with the NET_RAW capability | Kubernetes | -| 1991 | CKV_K8S_28 | resource | PodTemplate | Minimize the admission of containers with the NET_RAW capability | Kubernetes | -| 1992 | CKV_K8S_28 | resource | ReplicaSet | Minimize the admission of containers with the NET_RAW capability | Kubernetes | -| 1993 | CKV_K8S_28 | resource | ReplicationController | Minimize the admission of containers with the NET_RAW capability | Kubernetes | -| 1994 | CKV_K8S_28 | resource | StatefulSet | Minimize the admission of containers with the NET_RAW capability | Kubernetes | -| 1995 | CKV_K8S_28 | resource | kubernetes_pod | Minimize the admission of containers with the NET_RAW capability | Terraform | -| 1996 | CKV_K8S_29 | resource | CronJob | Apply security context to your pods and containers | Kubernetes | -| 1997 | CKV_K8S_29 | resource | DaemonSet | Apply security context to your pods and containers | Kubernetes | -| 1998 | CKV_K8S_29 | resource | Deployment | Apply security context to your pods and containers | Kubernetes | -| 1999 | CKV_K8S_29 | resource | Job | Apply security context to your pods and containers | Kubernetes | -| 2000 | CKV_K8S_29 | resource | Pod | Apply security context to your pods and containers | Kubernetes | -| 2001 | CKV_K8S_29 | resource | ReplicaSet | Apply security context to your pods and containers | Kubernetes | -| 2002 | CKV_K8S_29 | resource | ReplicationController | Apply security context to your pods and containers | Kubernetes | -| 2003 | CKV_K8S_29 | resource | StatefulSet | Apply security context to your pods and containers | Kubernetes | -| 2004 | CKV_K8S_29 | resource | kubernetes_daemonset | Apply security context to your pods and containers | Terraform | -| 2005 | CKV_K8S_29 | resource | kubernetes_deployment | Apply security context to your pods and containers | Terraform | -| 2006 | CKV_K8S_29 | resource | kubernetes_pod | Apply security context to your pods and containers | Terraform | -| 2007 | CKV_K8S_30 | resource | CronJob | Apply security context to your pods and containers | Kubernetes | -| 2008 | CKV_K8S_30 | resource | DaemonSet | Apply security context to your pods and containers | Kubernetes | -| 2009 | CKV_K8S_30 | resource | Deployment | Apply security context to your pods and containers | Kubernetes | -| 2010 | CKV_K8S_30 | resource | DeploymentConfig | Apply security context to your pods and containers | Kubernetes | -| 2011 | CKV_K8S_30 | resource | Job | Apply security context to your pods and containers | Kubernetes | -| 2012 | CKV_K8S_30 | resource | Pod | Apply security context to your pods and containers | Kubernetes | -| 2013 | CKV_K8S_30 | resource | PodTemplate | Apply security context to your pods and containers | Kubernetes | -| 2014 | CKV_K8S_30 | resource | ReplicaSet | Apply security context to your pods and containers | Kubernetes | -| 2015 | CKV_K8S_30 | resource | ReplicationController | Apply security context to your pods and containers | Kubernetes | -| 2016 | CKV_K8S_30 | resource | StatefulSet | Apply security context to your pods and containers | Kubernetes | -| 2017 | CKV_K8S_30 | resource | kubernetes_pod | Apply security context to your pods and containers | Terraform | -| 2018 | CKV_K8S_31 | resource | CronJob | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | -| 2019 | CKV_K8S_31 | resource | DaemonSet | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | -| 2020 | CKV_K8S_31 | resource | Deployment | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | -| 2021 | CKV_K8S_31 | resource | Job | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | -| 2022 | CKV_K8S_31 | resource | Pod | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | -| 2023 | CKV_K8S_31 | resource | ReplicaSet | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | -| 2024 | CKV_K8S_31 | resource | ReplicationController | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | -| 2025 | CKV_K8S_31 | resource | StatefulSet | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | -| 2026 | CKV_K8S_32 | resource | PodSecurityPolicy | Ensure default seccomp profile set to docker/default or runtime/default | Kubernetes | -| 2027 | CKV_K8S_32 | resource | kubernetes_pod_security_policy | Ensure default seccomp profile set to docker/default or runtime/default | Terraform | -| 2028 | CKV_K8S_33 | resource | CronJob | Ensure the Kubernetes dashboard is not deployed | Kubernetes | -| 2029 | CKV_K8S_33 | resource | DaemonSet | Ensure the Kubernetes dashboard is not deployed | Kubernetes | -| 2030 | CKV_K8S_33 | resource | Deployment | Ensure the Kubernetes dashboard is not deployed | Kubernetes | -| 2031 | CKV_K8S_33 | resource | DeploymentConfig | Ensure the Kubernetes dashboard is not deployed | Kubernetes | -| 2032 | CKV_K8S_33 | resource | Job | Ensure the Kubernetes dashboard is not deployed | Kubernetes | -| 2033 | CKV_K8S_33 | resource | Pod | Ensure the Kubernetes dashboard is not deployed | Kubernetes | -| 2034 | CKV_K8S_33 | resource | PodTemplate | Ensure the Kubernetes dashboard is not deployed | Kubernetes | -| 2035 | CKV_K8S_33 | resource | ReplicaSet | Ensure the Kubernetes dashboard is not deployed | Kubernetes | -| 2036 | CKV_K8S_33 | resource | ReplicationController | Ensure the Kubernetes dashboard is not deployed | Kubernetes | -| 2037 | CKV_K8S_33 | resource | StatefulSet | Ensure the Kubernetes dashboard is not deployed | Kubernetes | -| 2038 | CKV_K8S_34 | resource | CronJob | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | -| 2039 | CKV_K8S_34 | resource | DaemonSet | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | -| 2040 | CKV_K8S_34 | resource | Deployment | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | -| 2041 | CKV_K8S_34 | resource | DeploymentConfig | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | -| 2042 | CKV_K8S_34 | resource | Job | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | -| 2043 | CKV_K8S_34 | resource | Pod | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | -| 2044 | CKV_K8S_34 | resource | PodTemplate | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | -| 2045 | CKV_K8S_34 | resource | ReplicaSet | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | -| 2046 | CKV_K8S_34 | resource | ReplicationController | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | -| 2047 | CKV_K8S_34 | resource | StatefulSet | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | -| 2048 | CKV_K8S_34 | resource | kubernetes_pod | Ensure that Tiller (Helm v2) is not deployed | Terraform | -| 2049 | CKV_K8S_35 | resource | CronJob | Prefer using secrets as files over secrets as environment variables | Kubernetes | -| 2050 | CKV_K8S_35 | resource | DaemonSet | Prefer using secrets as files over secrets as environment variables | Kubernetes | -| 2051 | CKV_K8S_35 | resource | Deployment | Prefer using secrets as files over secrets as environment variables | Kubernetes | -| 2052 | CKV_K8S_35 | resource | DeploymentConfig | Prefer using secrets as files over secrets as environment variables | Kubernetes | -| 2053 | CKV_K8S_35 | resource | Job | Prefer using secrets as files over secrets as environment variables | Kubernetes | -| 2054 | CKV_K8S_35 | resource | Pod | Prefer using secrets as files over secrets as environment variables | Kubernetes | -| 2055 | CKV_K8S_35 | resource | PodTemplate | Prefer using secrets as files over secrets as environment variables | Kubernetes | -| 2056 | CKV_K8S_35 | resource | ReplicaSet | Prefer using secrets as files over secrets as environment variables | Kubernetes | -| 2057 | CKV_K8S_35 | resource | ReplicationController | Prefer using secrets as files over secrets as environment variables | Kubernetes | -| 2058 | CKV_K8S_35 | resource | StatefulSet | Prefer using secrets as files over secrets as environment variables | Kubernetes | -| 2059 | CKV_K8S_35 | resource | kubernetes_pod | Prefer using secrets as files over secrets as environment variables | Terraform | -| 2060 | CKV_K8S_36 | resource | PodSecurityPolicy | Minimize the admission of containers with capabilities assigned | Kubernetes | -| 2061 | CKV_K8S_36 | resource | kubernetes_pod_security_policy | Minimise the admission of containers with capabilities assigned | Terraform | -| 2062 | CKV_K8S_37 | resource | CronJob | Minimize the admission of containers with capabilities assigned | Kubernetes | -| 2063 | CKV_K8S_37 | resource | DaemonSet | Minimize the admission of containers with capabilities assigned | Kubernetes | -| 2064 | CKV_K8S_37 | resource | Deployment | Minimize the admission of containers with capabilities assigned | Kubernetes | -| 2065 | CKV_K8S_37 | resource | DeploymentConfig | Minimize the admission of containers with capabilities assigned | Kubernetes | -| 2066 | CKV_K8S_37 | resource | Job | Minimize the admission of containers with capabilities assigned | Kubernetes | -| 2067 | CKV_K8S_37 | resource | Pod | Minimize the admission of containers with capabilities assigned | Kubernetes | -| 2068 | CKV_K8S_37 | resource | PodTemplate | Minimize the admission of containers with capabilities assigned | Kubernetes | -| 2069 | CKV_K8S_37 | resource | ReplicaSet | Minimize the admission of containers with capabilities assigned | Kubernetes | -| 2070 | CKV_K8S_37 | resource | ReplicationController | Minimize the admission of containers with capabilities assigned | Kubernetes | -| 2071 | CKV_K8S_37 | resource | StatefulSet | Minimize the admission of containers with capabilities assigned | Kubernetes | -| 2072 | CKV_K8S_37 | resource | kubernetes_pod | Minimise the admission of containers with capabilities assigned | Terraform | -| 2073 | CKV_K8S_38 | resource | CronJob | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | -| 2074 | CKV_K8S_38 | resource | DaemonSet | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | -| 2075 | CKV_K8S_38 | resource | Deployment | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | -| 2076 | CKV_K8S_38 | resource | Job | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | -| 2077 | CKV_K8S_38 | resource | Pod | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | -| 2078 | CKV_K8S_38 | resource | ReplicaSet | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | -| 2079 | CKV_K8S_38 | resource | ReplicationController | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | -| 2080 | CKV_K8S_38 | resource | StatefulSet | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | -| 2081 | CKV_K8S_39 | resource | CronJob | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | -| 2082 | CKV_K8S_39 | resource | DaemonSet | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | -| 2083 | CKV_K8S_39 | resource | Deployment | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | -| 2084 | CKV_K8S_39 | resource | DeploymentConfig | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | -| 2085 | CKV_K8S_39 | resource | Job | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | -| 2086 | CKV_K8S_39 | resource | Pod | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | -| 2087 | CKV_K8S_39 | resource | PodTemplate | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | -| 2088 | CKV_K8S_39 | resource | ReplicaSet | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | -| 2089 | CKV_K8S_39 | resource | ReplicationController | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | -| 2090 | CKV_K8S_39 | resource | StatefulSet | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | -| 2091 | CKV_K8S_39 | resource | kubernetes_pod | Do not use the CAP_SYS_ADMIN linux capability | Terraform | -| 2092 | CKV_K8S_40 | resource | CronJob | Containers should run as a high UID to avoid host conflict | Kubernetes | -| 2093 | CKV_K8S_40 | resource | DaemonSet | Containers should run as a high UID to avoid host conflict | Kubernetes | -| 2094 | CKV_K8S_40 | resource | Deployment | Containers should run as a high UID to avoid host conflict | Kubernetes | -| 2095 | CKV_K8S_40 | resource | Job | Containers should run as a high UID to avoid host conflict | Kubernetes | -| 2096 | CKV_K8S_40 | resource | Pod | Containers should run as a high UID to avoid host conflict | Kubernetes | -| 2097 | CKV_K8S_40 | resource | ReplicaSet | Containers should run as a high UID to avoid host conflict | Kubernetes | -| 2098 | CKV_K8S_40 | resource | ReplicationController | Containers should run as a high UID to avoid host conflict | Kubernetes | -| 2099 | CKV_K8S_40 | resource | StatefulSet | Containers should run as a high UID to avoid host conflict | Kubernetes | -| 2100 | CKV_K8S_41 | resource | ServiceAccount | Ensure that default service accounts are not actively used | Kubernetes | -| 2101 | CKV_K8S_41 | resource | kubernetes_service_account | Ensure that default service accounts are not actively used | Terraform | -| 2102 | CKV_K8S_42 | resource | ClusterRoleBinding | Ensure that default service accounts are not actively used | Kubernetes | -| 2103 | CKV_K8S_42 | resource | RoleBinding | Ensure that default service accounts are not actively used | Kubernetes | -| 2104 | CKV_K8S_42 | resource | kubernetes_cluster_role_binding | Ensure that default service accounts are not actively used | Terraform | -| 2105 | CKV_K8S_42 | resource | kubernetes_role_binding | Ensure that default service accounts are not actively used | Terraform | -| 2106 | CKV_K8S_43 | resource | CronJob | Image should use digest | Kubernetes | -| 2107 | CKV_K8S_43 | resource | DaemonSet | Image should use digest | Kubernetes | -| 2108 | CKV_K8S_43 | resource | Deployment | Image should use digest | Kubernetes | -| 2109 | CKV_K8S_43 | resource | DeploymentConfig | Image should use digest | Kubernetes | -| 2110 | CKV_K8S_43 | resource | Job | Image should use digest | Kubernetes | -| 2111 | CKV_K8S_43 | resource | Pod | Image should use digest | Kubernetes | -| 2112 | CKV_K8S_43 | resource | PodTemplate | Image should use digest | Kubernetes | -| 2113 | CKV_K8S_43 | resource | ReplicaSet | Image should use digest | Kubernetes | -| 2114 | CKV_K8S_43 | resource | ReplicationController | Image should use digest | Kubernetes | -| 2115 | CKV_K8S_43 | resource | StatefulSet | Image should use digest | Kubernetes | -| 2116 | CKV_K8S_43 | resource | kubernetes_pod | Image should use digest | Terraform | -| 2117 | CKV_K8S_44 | resource | Service | Ensure that the Tiller Service (Helm v2) is deleted | Kubernetes | -| 2118 | CKV_K8S_44 | resource | kubernetes_service | Ensure that the Tiller Service (Helm v2) is deleted | Terraform | -| 2119 | CKV_K8S_45 | resource | CronJob | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | -| 2120 | CKV_K8S_45 | resource | DaemonSet | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | -| 2121 | CKV_K8S_45 | resource | Deployment | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | -| 2122 | CKV_K8S_45 | resource | DeploymentConfig | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | -| 2123 | CKV_K8S_45 | resource | Job | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | -| 2124 | CKV_K8S_45 | resource | Pod | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | -| 2125 | CKV_K8S_45 | resource | PodTemplate | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | -| 2126 | CKV_K8S_45 | resource | ReplicaSet | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | -| 2127 | CKV_K8S_45 | resource | ReplicationController | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | -| 2128 | CKV_K8S_45 | resource | StatefulSet | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | -| 2129 | CKV_K8S_49 | resource | ClusterRole | Minimize wildcard use in Roles and ClusterRoles | Kubernetes | -| 2130 | CKV_K8S_49 | resource | Role | Minimize wildcard use in Roles and ClusterRoles | Kubernetes | -| 2131 | CKV_K8S_49 | resource | kubernetes_cluster_role | Minimize wildcard use in Roles and ClusterRoles | Terraform | -| 2132 | CKV_K8S_49 | resource | kubernetes_role | Minimize wildcard use in Roles and ClusterRoles | Terraform | -| 2133 | CKV_K8S_68 | resource | CronJob | Ensure that the --anonymous-auth argument is set to false | Kubernetes | -| 2134 | CKV_K8S_68 | resource | DaemonSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes | -| 2135 | CKV_K8S_68 | resource | Deployment | Ensure that the --anonymous-auth argument is set to false | Kubernetes | -| 2136 | CKV_K8S_68 | resource | DeploymentConfig | Ensure that the --anonymous-auth argument is set to false | Kubernetes | -| 2137 | CKV_K8S_68 | resource | Job | Ensure that the --anonymous-auth argument is set to false | Kubernetes | -| 2138 | CKV_K8S_68 | resource | Pod | Ensure that the --anonymous-auth argument is set to false | Kubernetes | -| 2139 | CKV_K8S_68 | resource | PodTemplate | Ensure that the --anonymous-auth argument is set to false | Kubernetes | -| 2140 | CKV_K8S_68 | resource | ReplicaSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes | -| 2141 | CKV_K8S_68 | resource | ReplicationController | Ensure that the --anonymous-auth argument is set to false | Kubernetes | -| 2142 | CKV_K8S_68 | resource | StatefulSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes | -| 2143 | CKV_K8S_69 | resource | CronJob | Ensure that the --basic-auth-file argument is not set | Kubernetes | -| 2144 | CKV_K8S_69 | resource | DaemonSet | Ensure that the --basic-auth-file argument is not set | Kubernetes | -| 2145 | CKV_K8S_69 | resource | Deployment | Ensure that the --basic-auth-file argument is not set | Kubernetes | -| 2146 | CKV_K8S_69 | resource | DeploymentConfig | Ensure that the --basic-auth-file argument is not set | Kubernetes | -| 2147 | CKV_K8S_69 | resource | Job | Ensure that the --basic-auth-file argument is not set | Kubernetes | -| 2148 | CKV_K8S_69 | resource | Pod | Ensure that the --basic-auth-file argument is not set | Kubernetes | -| 2149 | CKV_K8S_69 | resource | PodTemplate | Ensure that the --basic-auth-file argument is not set | Kubernetes | -| 2150 | CKV_K8S_69 | resource | ReplicaSet | Ensure that the --basic-auth-file argument is not set | Kubernetes | -| 2151 | CKV_K8S_69 | resource | ReplicationController | Ensure that the --basic-auth-file argument is not set | Kubernetes | -| 2152 | CKV_K8S_69 | resource | StatefulSet | Ensure that the --basic-auth-file argument is not set | Kubernetes | -| 2153 | CKV_K8S_70 | resource | CronJob | Ensure that the --token-auth-file argument is not set | Kubernetes | -| 2154 | CKV_K8S_70 | resource | DaemonSet | Ensure that the --token-auth-file argument is not set | Kubernetes | -| 2155 | CKV_K8S_70 | resource | Deployment | Ensure that the --token-auth-file argument is not set | Kubernetes | -| 2156 | CKV_K8S_70 | resource | DeploymentConfig | Ensure that the --token-auth-file argument is not set | Kubernetes | -| 2157 | CKV_K8S_70 | resource | Job | Ensure that the --token-auth-file argument is not set | Kubernetes | -| 2158 | CKV_K8S_70 | resource | Pod | Ensure that the --token-auth-file argument is not set | Kubernetes | -| 2159 | CKV_K8S_70 | resource | PodTemplate | Ensure that the --token-auth-file argument is not set | Kubernetes | -| 2160 | CKV_K8S_70 | resource | ReplicaSet | Ensure that the --token-auth-file argument is not set | Kubernetes | -| 2161 | CKV_K8S_70 | resource | ReplicationController | Ensure that the --token-auth-file argument is not set | Kubernetes | -| 2162 | CKV_K8S_70 | resource | StatefulSet | Ensure that the --token-auth-file argument is not set | Kubernetes | -| 2163 | CKV_K8S_71 | resource | CronJob | Ensure that the --kubelet-https argument is set to true | Kubernetes | -| 2164 | CKV_K8S_71 | resource | DaemonSet | Ensure that the --kubelet-https argument is set to true | Kubernetes | -| 2165 | CKV_K8S_71 | resource | Deployment | Ensure that the --kubelet-https argument is set to true | Kubernetes | -| 2166 | CKV_K8S_71 | resource | DeploymentConfig | Ensure that the --kubelet-https argument is set to true | Kubernetes | -| 2167 | CKV_K8S_71 | resource | Job | Ensure that the --kubelet-https argument is set to true | Kubernetes | -| 2168 | CKV_K8S_71 | resource | Pod | Ensure that the --kubelet-https argument is set to true | Kubernetes | -| 2169 | CKV_K8S_71 | resource | PodTemplate | Ensure that the --kubelet-https argument is set to true | Kubernetes | -| 2170 | CKV_K8S_71 | resource | ReplicaSet | Ensure that the --kubelet-https argument is set to true | Kubernetes | -| 2171 | CKV_K8S_71 | resource | ReplicationController | Ensure that the --kubelet-https argument is set to true | Kubernetes | -| 2172 | CKV_K8S_71 | resource | StatefulSet | Ensure that the --kubelet-https argument is set to true | Kubernetes | -| 2173 | CKV_K8S_72 | resource | CronJob | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | -| 2174 | CKV_K8S_72 | resource | DaemonSet | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | -| 2175 | CKV_K8S_72 | resource | Deployment | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | -| 2176 | CKV_K8S_72 | resource | DeploymentConfig | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | -| 2177 | CKV_K8S_72 | resource | Job | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | -| 2178 | CKV_K8S_72 | resource | Pod | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | -| 2179 | CKV_K8S_72 | resource | PodTemplate | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | -| 2180 | CKV_K8S_72 | resource | ReplicaSet | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | -| 2181 | CKV_K8S_72 | resource | ReplicationController | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | -| 2182 | CKV_K8S_72 | resource | StatefulSet | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | -| 2183 | CKV_K8S_73 | resource | CronJob | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | -| 2184 | CKV_K8S_73 | resource | DaemonSet | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | -| 2185 | CKV_K8S_73 | resource | Deployment | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | -| 2186 | CKV_K8S_73 | resource | DeploymentConfig | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | -| 2187 | CKV_K8S_73 | resource | Job | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | -| 2188 | CKV_K8S_73 | resource | Pod | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | -| 2189 | CKV_K8S_73 | resource | PodTemplate | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | -| 2190 | CKV_K8S_73 | resource | ReplicaSet | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | -| 2191 | CKV_K8S_73 | resource | ReplicationController | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | -| 2192 | CKV_K8S_73 | resource | StatefulSet | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | -| 2193 | CKV_K8S_74 | resource | CronJob | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | -| 2194 | CKV_K8S_74 | resource | DaemonSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | -| 2195 | CKV_K8S_74 | resource | Deployment | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | -| 2196 | CKV_K8S_74 | resource | DeploymentConfig | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | -| 2197 | CKV_K8S_74 | resource | Job | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | -| 2198 | CKV_K8S_74 | resource | Pod | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | -| 2199 | CKV_K8S_74 | resource | PodTemplate | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | -| 2200 | CKV_K8S_74 | resource | ReplicaSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | -| 2201 | CKV_K8S_74 | resource | ReplicationController | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | -| 2202 | CKV_K8S_74 | resource | StatefulSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | -| 2203 | CKV_K8S_75 | resource | CronJob | Ensure that the --authorization-mode argument includes Node | Kubernetes | -| 2204 | CKV_K8S_75 | resource | DaemonSet | Ensure that the --authorization-mode argument includes Node | Kubernetes | -| 2205 | CKV_K8S_75 | resource | Deployment | Ensure that the --authorization-mode argument includes Node | Kubernetes | -| 2206 | CKV_K8S_75 | resource | DeploymentConfig | Ensure that the --authorization-mode argument includes Node | Kubernetes | -| 2207 | CKV_K8S_75 | resource | Job | Ensure that the --authorization-mode argument includes Node | Kubernetes | -| 2208 | CKV_K8S_75 | resource | Pod | Ensure that the --authorization-mode argument includes Node | Kubernetes | -| 2209 | CKV_K8S_75 | resource | PodTemplate | Ensure that the --authorization-mode argument includes Node | Kubernetes | -| 2210 | CKV_K8S_75 | resource | ReplicaSet | Ensure that the --authorization-mode argument includes Node | Kubernetes | -| 2211 | CKV_K8S_75 | resource | ReplicationController | Ensure that the --authorization-mode argument includes Node | Kubernetes | -| 2212 | CKV_K8S_75 | resource | StatefulSet | Ensure that the --authorization-mode argument includes Node | Kubernetes | -| 2213 | CKV_K8S_77 | resource | CronJob | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | -| 2214 | CKV_K8S_77 | resource | DaemonSet | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | -| 2215 | CKV_K8S_77 | resource | Deployment | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | -| 2216 | CKV_K8S_77 | resource | DeploymentConfig | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | -| 2217 | CKV_K8S_77 | resource | Job | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | -| 2218 | CKV_K8S_77 | resource | Pod | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | -| 2219 | CKV_K8S_77 | resource | PodTemplate | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | -| 2220 | CKV_K8S_77 | resource | ReplicaSet | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | -| 2221 | CKV_K8S_77 | resource | ReplicationController | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | -| 2222 | CKV_K8S_77 | resource | StatefulSet | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | -| 2223 | CKV_K8S_78 | resource | AdmissionConfiguration | Ensure that the admission control plugin EventRateLimit is set | Kubernetes | -| 2224 | CKV_K8S_79 | resource | CronJob | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | -| 2225 | CKV_K8S_79 | resource | DaemonSet | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | -| 2226 | CKV_K8S_79 | resource | Deployment | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | -| 2227 | CKV_K8S_79 | resource | DeploymentConfig | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | -| 2228 | CKV_K8S_79 | resource | Job | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | -| 2229 | CKV_K8S_79 | resource | Pod | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | -| 2230 | CKV_K8S_79 | resource | PodTemplate | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | -| 2231 | CKV_K8S_79 | resource | ReplicaSet | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | -| 2232 | CKV_K8S_79 | resource | ReplicationController | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | -| 2233 | CKV_K8S_79 | resource | StatefulSet | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | -| 2234 | CKV_K8S_80 | resource | CronJob | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | -| 2235 | CKV_K8S_80 | resource | DaemonSet | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | -| 2236 | CKV_K8S_80 | resource | Deployment | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | -| 2237 | CKV_K8S_80 | resource | DeploymentConfig | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | -| 2238 | CKV_K8S_80 | resource | Job | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | -| 2239 | CKV_K8S_80 | resource | Pod | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | -| 2240 | CKV_K8S_80 | resource | PodTemplate | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | -| 2241 | CKV_K8S_80 | resource | ReplicaSet | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | -| 2242 | CKV_K8S_80 | resource | ReplicationController | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | -| 2243 | CKV_K8S_80 | resource | StatefulSet | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | -| 2244 | CKV_K8S_81 | resource | CronJob | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | -| 2245 | CKV_K8S_81 | resource | DaemonSet | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | -| 2246 | CKV_K8S_81 | resource | Deployment | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | -| 2247 | CKV_K8S_81 | resource | DeploymentConfig | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | -| 2248 | CKV_K8S_81 | resource | Job | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | -| 2249 | CKV_K8S_81 | resource | Pod | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | -| 2250 | CKV_K8S_81 | resource | PodTemplate | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | -| 2251 | CKV_K8S_81 | resource | ReplicaSet | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | -| 2252 | CKV_K8S_81 | resource | ReplicationController | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | -| 2253 | CKV_K8S_81 | resource | StatefulSet | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | -| 2254 | CKV_K8S_82 | resource | CronJob | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | -| 2255 | CKV_K8S_82 | resource | DaemonSet | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | -| 2256 | CKV_K8S_82 | resource | Deployment | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | -| 2257 | CKV_K8S_82 | resource | DeploymentConfig | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | -| 2258 | CKV_K8S_82 | resource | Job | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | -| 2259 | CKV_K8S_82 | resource | Pod | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | -| 2260 | CKV_K8S_82 | resource | PodTemplate | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | -| 2261 | CKV_K8S_82 | resource | ReplicaSet | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | -| 2262 | CKV_K8S_82 | resource | ReplicationController | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | -| 2263 | CKV_K8S_82 | resource | StatefulSet | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | -| 2264 | CKV_K8S_83 | resource | CronJob | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | -| 2265 | CKV_K8S_83 | resource | DaemonSet | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | -| 2266 | CKV_K8S_83 | resource | Deployment | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | -| 2267 | CKV_K8S_83 | resource | DeploymentConfig | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | -| 2268 | CKV_K8S_83 | resource | Job | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | -| 2269 | CKV_K8S_83 | resource | Pod | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | -| 2270 | CKV_K8S_83 | resource | PodTemplate | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | -| 2271 | CKV_K8S_83 | resource | ReplicaSet | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | -| 2272 | CKV_K8S_83 | resource | ReplicationController | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | -| 2273 | CKV_K8S_83 | resource | StatefulSet | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | -| 2274 | CKV_K8S_84 | resource | CronJob | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | -| 2275 | CKV_K8S_84 | resource | DaemonSet | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | -| 2276 | CKV_K8S_84 | resource | Deployment | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | -| 2277 | CKV_K8S_84 | resource | DeploymentConfig | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | -| 2278 | CKV_K8S_84 | resource | Job | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | -| 2279 | CKV_K8S_84 | resource | Pod | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | -| 2280 | CKV_K8S_84 | resource | PodTemplate | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | -| 2281 | CKV_K8S_84 | resource | ReplicaSet | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | -| 2282 | CKV_K8S_84 | resource | ReplicationController | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | -| 2283 | CKV_K8S_84 | resource | StatefulSet | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | -| 2284 | CKV_K8S_85 | resource | CronJob | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | -| 2285 | CKV_K8S_85 | resource | DaemonSet | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | -| 2286 | CKV_K8S_85 | resource | Deployment | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | -| 2287 | CKV_K8S_85 | resource | DeploymentConfig | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | -| 2288 | CKV_K8S_85 | resource | Job | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | -| 2289 | CKV_K8S_85 | resource | Pod | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | -| 2290 | CKV_K8S_85 | resource | PodTemplate | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | -| 2291 | CKV_K8S_85 | resource | ReplicaSet | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | -| 2292 | CKV_K8S_85 | resource | ReplicationController | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | -| 2293 | CKV_K8S_85 | resource | StatefulSet | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | -| 2294 | CKV_K8S_86 | resource | CronJob | Ensure that the --insecure-bind-address argument is not set | Kubernetes | -| 2295 | CKV_K8S_86 | resource | DaemonSet | Ensure that the --insecure-bind-address argument is not set | Kubernetes | -| 2296 | CKV_K8S_86 | resource | Deployment | Ensure that the --insecure-bind-address argument is not set | Kubernetes | -| 2297 | CKV_K8S_86 | resource | DeploymentConfig | Ensure that the --insecure-bind-address argument is not set | Kubernetes | -| 2298 | CKV_K8S_86 | resource | Job | Ensure that the --insecure-bind-address argument is not set | Kubernetes | -| 2299 | CKV_K8S_86 | resource | Pod | Ensure that the --insecure-bind-address argument is not set | Kubernetes | -| 2300 | CKV_K8S_86 | resource | PodTemplate | Ensure that the --insecure-bind-address argument is not set | Kubernetes | -| 2301 | CKV_K8S_86 | resource | ReplicaSet | Ensure that the --insecure-bind-address argument is not set | Kubernetes | -| 2302 | CKV_K8S_86 | resource | ReplicationController | Ensure that the --insecure-bind-address argument is not set | Kubernetes | -| 2303 | CKV_K8S_86 | resource | StatefulSet | Ensure that the --insecure-bind-address argument is not set | Kubernetes | -| 2304 | CKV_K8S_88 | resource | CronJob | Ensure that the --insecure-port argument is set to 0 | Kubernetes | -| 2305 | CKV_K8S_88 | resource | DaemonSet | Ensure that the --insecure-port argument is set to 0 | Kubernetes | -| 2306 | CKV_K8S_88 | resource | Deployment | Ensure that the --insecure-port argument is set to 0 | Kubernetes | -| 2307 | CKV_K8S_88 | resource | DeploymentConfig | Ensure that the --insecure-port argument is set to 0 | Kubernetes | -| 2308 | CKV_K8S_88 | resource | Job | Ensure that the --insecure-port argument is set to 0 | Kubernetes | -| 2309 | CKV_K8S_88 | resource | Pod | Ensure that the --insecure-port argument is set to 0 | Kubernetes | -| 2310 | CKV_K8S_88 | resource | PodTemplate | Ensure that the --insecure-port argument is set to 0 | Kubernetes | -| 2311 | CKV_K8S_88 | resource | ReplicaSet | Ensure that the --insecure-port argument is set to 0 | Kubernetes | -| 2312 | CKV_K8S_88 | resource | ReplicationController | Ensure that the --insecure-port argument is set to 0 | Kubernetes | -| 2313 | CKV_K8S_88 | resource | StatefulSet | Ensure that the --insecure-port argument is set to 0 | Kubernetes | -| 2314 | CKV_K8S_89 | resource | CronJob | Ensure that the --secure-port argument is not set to 0 | Kubernetes | -| 2315 | CKV_K8S_89 | resource | DaemonSet | Ensure that the --secure-port argument is not set to 0 | Kubernetes | -| 2316 | CKV_K8S_89 | resource | Deployment | Ensure that the --secure-port argument is not set to 0 | Kubernetes | -| 2317 | CKV_K8S_89 | resource | DeploymentConfig | Ensure that the --secure-port argument is not set to 0 | Kubernetes | -| 2318 | CKV_K8S_89 | resource | Job | Ensure that the --secure-port argument is not set to 0 | Kubernetes | -| 2319 | CKV_K8S_89 | resource | Pod | Ensure that the --secure-port argument is not set to 0 | Kubernetes | -| 2320 | CKV_K8S_89 | resource | PodTemplate | Ensure that the --secure-port argument is not set to 0 | Kubernetes | -| 2321 | CKV_K8S_89 | resource | ReplicaSet | Ensure that the --secure-port argument is not set to 0 | Kubernetes | -| 2322 | CKV_K8S_89 | resource | ReplicationController | Ensure that the --secure-port argument is not set to 0 | Kubernetes | -| 2323 | CKV_K8S_89 | resource | StatefulSet | Ensure that the --secure-port argument is not set to 0 | Kubernetes | -| 2324 | CKV_K8S_90 | resource | CronJob | Ensure that the --profiling argument is set to false | Kubernetes | -| 2325 | CKV_K8S_90 | resource | DaemonSet | Ensure that the --profiling argument is set to false | Kubernetes | -| 2326 | CKV_K8S_90 | resource | Deployment | Ensure that the --profiling argument is set to false | Kubernetes | -| 2327 | CKV_K8S_90 | resource | DeploymentConfig | Ensure that the --profiling argument is set to false | Kubernetes | -| 2328 | CKV_K8S_90 | resource | Job | Ensure that the --profiling argument is set to false | Kubernetes | -| 2329 | CKV_K8S_90 | resource | Pod | Ensure that the --profiling argument is set to false | Kubernetes | -| 2330 | CKV_K8S_90 | resource | PodTemplate | Ensure that the --profiling argument is set to false | Kubernetes | -| 2331 | CKV_K8S_90 | resource | ReplicaSet | Ensure that the --profiling argument is set to false | Kubernetes | -| 2332 | CKV_K8S_90 | resource | ReplicationController | Ensure that the --profiling argument is set to false | Kubernetes | -| 2333 | CKV_K8S_90 | resource | StatefulSet | Ensure that the --profiling argument is set to false | Kubernetes | -| 2334 | CKV_K8S_91 | resource | CronJob | Ensure that the --audit-log-path argument is set | Kubernetes | -| 2335 | CKV_K8S_91 | resource | DaemonSet | Ensure that the --audit-log-path argument is set | Kubernetes | -| 2336 | CKV_K8S_91 | resource | Deployment | Ensure that the --audit-log-path argument is set | Kubernetes | -| 2337 | CKV_K8S_91 | resource | DeploymentConfig | Ensure that the --audit-log-path argument is set | Kubernetes | -| 2338 | CKV_K8S_91 | resource | Job | Ensure that the --audit-log-path argument is set | Kubernetes | -| 2339 | CKV_K8S_91 | resource | Pod | Ensure that the --audit-log-path argument is set | Kubernetes | -| 2340 | CKV_K8S_91 | resource | PodTemplate | Ensure that the --audit-log-path argument is set | Kubernetes | -| 2341 | CKV_K8S_91 | resource | ReplicaSet | Ensure that the --audit-log-path argument is set | Kubernetes | -| 2342 | CKV_K8S_91 | resource | ReplicationController | Ensure that the --audit-log-path argument is set | Kubernetes | -| 2343 | CKV_K8S_91 | resource | StatefulSet | Ensure that the --audit-log-path argument is set | Kubernetes | -| 2344 | CKV_K8S_92 | resource | CronJob | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | -| 2345 | CKV_K8S_92 | resource | DaemonSet | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | -| 2346 | CKV_K8S_92 | resource | Deployment | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | -| 2347 | CKV_K8S_92 | resource | DeploymentConfig | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | -| 2348 | CKV_K8S_92 | resource | Job | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | -| 2349 | CKV_K8S_92 | resource | Pod | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | -| 2350 | CKV_K8S_92 | resource | PodTemplate | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | -| 2351 | CKV_K8S_92 | resource | ReplicaSet | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | -| 2352 | CKV_K8S_92 | resource | ReplicationController | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | -| 2353 | CKV_K8S_92 | resource | StatefulSet | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | -| 2354 | CKV_K8S_93 | resource | CronJob | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | -| 2355 | CKV_K8S_93 | resource | DaemonSet | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | -| 2356 | CKV_K8S_93 | resource | Deployment | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | -| 2357 | CKV_K8S_93 | resource | DeploymentConfig | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | -| 2358 | CKV_K8S_93 | resource | Job | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | -| 2359 | CKV_K8S_93 | resource | Pod | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | -| 2360 | CKV_K8S_93 | resource | PodTemplate | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | -| 2361 | CKV_K8S_93 | resource | ReplicaSet | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | -| 2362 | CKV_K8S_93 | resource | ReplicationController | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | -| 2363 | CKV_K8S_93 | resource | StatefulSet | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | -| 2364 | CKV_K8S_94 | resource | CronJob | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | -| 2365 | CKV_K8S_94 | resource | DaemonSet | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | -| 2366 | CKV_K8S_94 | resource | Deployment | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | -| 2367 | CKV_K8S_94 | resource | DeploymentConfig | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | -| 2368 | CKV_K8S_94 | resource | Job | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | -| 2369 | CKV_K8S_94 | resource | Pod | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | -| 2370 | CKV_K8S_94 | resource | PodTemplate | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | -| 2371 | CKV_K8S_94 | resource | ReplicaSet | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | -| 2372 | CKV_K8S_94 | resource | ReplicationController | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | -| 2373 | CKV_K8S_94 | resource | StatefulSet | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | -| 2374 | CKV_K8S_95 | resource | CronJob | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | -| 2375 | CKV_K8S_95 | resource | DaemonSet | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | -| 2376 | CKV_K8S_95 | resource | Deployment | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | -| 2377 | CKV_K8S_95 | resource | DeploymentConfig | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | -| 2378 | CKV_K8S_95 | resource | Job | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | -| 2379 | CKV_K8S_95 | resource | Pod | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | -| 2380 | CKV_K8S_95 | resource | PodTemplate | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | -| 2381 | CKV_K8S_95 | resource | ReplicaSet | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | -| 2382 | CKV_K8S_95 | resource | ReplicationController | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | -| 2383 | CKV_K8S_95 | resource | StatefulSet | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | -| 2384 | CKV_K8S_96 | resource | CronJob | Ensure that the --service-account-lookup argument is set to true | Kubernetes | -| 2385 | CKV_K8S_96 | resource | DaemonSet | Ensure that the --service-account-lookup argument is set to true | Kubernetes | -| 2386 | CKV_K8S_96 | resource | Deployment | Ensure that the --service-account-lookup argument is set to true | Kubernetes | -| 2387 | CKV_K8S_96 | resource | DeploymentConfig | Ensure that the --service-account-lookup argument is set to true | Kubernetes | -| 2388 | CKV_K8S_96 | resource | Job | Ensure that the --service-account-lookup argument is set to true | Kubernetes | -| 2389 | CKV_K8S_96 | resource | Pod | Ensure that the --service-account-lookup argument is set to true | Kubernetes | -| 2390 | CKV_K8S_96 | resource | PodTemplate | Ensure that the --service-account-lookup argument is set to true | Kubernetes | -| 2391 | CKV_K8S_96 | resource | ReplicaSet | Ensure that the --service-account-lookup argument is set to true | Kubernetes | -| 2392 | CKV_K8S_96 | resource | ReplicationController | Ensure that the --service-account-lookup argument is set to true | Kubernetes | -| 2393 | CKV_K8S_96 | resource | StatefulSet | Ensure that the --service-account-lookup argument is set to true | Kubernetes | -| 2394 | CKV_K8S_97 | resource | CronJob | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | -| 2395 | CKV_K8S_97 | resource | DaemonSet | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | -| 2396 | CKV_K8S_97 | resource | Deployment | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | -| 2397 | CKV_K8S_97 | resource | DeploymentConfig | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | -| 2398 | CKV_K8S_97 | resource | Job | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | -| 2399 | CKV_K8S_97 | resource | Pod | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | -| 2400 | CKV_K8S_97 | resource | PodTemplate | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | -| 2401 | CKV_K8S_97 | resource | ReplicaSet | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | -| 2402 | CKV_K8S_97 | resource | ReplicationController | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | -| 2403 | CKV_K8S_97 | resource | StatefulSet | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | -| 2404 | CKV_K8S_99 | resource | CronJob | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | -| 2405 | CKV_K8S_99 | resource | DaemonSet | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | -| 2406 | CKV_K8S_99 | resource | Deployment | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | -| 2407 | CKV_K8S_99 | resource | DeploymentConfig | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | -| 2408 | CKV_K8S_99 | resource | Job | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | -| 2409 | CKV_K8S_99 | resource | Pod | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | -| 2410 | CKV_K8S_99 | resource | PodTemplate | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | -| 2411 | CKV_K8S_99 | resource | ReplicaSet | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | -| 2412 | CKV_K8S_99 | resource | ReplicationController | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | -| 2413 | CKV_K8S_99 | resource | StatefulSet | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | -| 2414 | CKV_K8S_100 | resource | CronJob | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | -| 2415 | CKV_K8S_100 | resource | DaemonSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | -| 2416 | CKV_K8S_100 | resource | Deployment | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | -| 2417 | CKV_K8S_100 | resource | DeploymentConfig | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | -| 2418 | CKV_K8S_100 | resource | Job | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | -| 2419 | CKV_K8S_100 | resource | Pod | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | -| 2420 | CKV_K8S_100 | resource | PodTemplate | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | -| 2421 | CKV_K8S_100 | resource | ReplicaSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | -| 2422 | CKV_K8S_100 | resource | ReplicationController | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | -| 2423 | CKV_K8S_100 | resource | StatefulSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | -| 2424 | CKV_K8S_102 | resource | CronJob | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | -| 2425 | CKV_K8S_102 | resource | DaemonSet | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | -| 2426 | CKV_K8S_102 | resource | Deployment | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | -| 2427 | CKV_K8S_102 | resource | DeploymentConfig | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | -| 2428 | CKV_K8S_102 | resource | Job | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | -| 2429 | CKV_K8S_102 | resource | Pod | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | -| 2430 | CKV_K8S_102 | resource | PodTemplate | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | -| 2431 | CKV_K8S_102 | resource | ReplicaSet | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | -| 2432 | CKV_K8S_102 | resource | ReplicationController | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | -| 2433 | CKV_K8S_102 | resource | StatefulSet | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | -| 2434 | CKV_K8S_104 | resource | CronJob | Ensure that encryption providers are appropriately configured | Kubernetes | -| 2435 | CKV_K8S_104 | resource | DaemonSet | Ensure that encryption providers are appropriately configured | Kubernetes | -| 2436 | CKV_K8S_104 | resource | Deployment | Ensure that encryption providers are appropriately configured | Kubernetes | -| 2437 | CKV_K8S_104 | resource | DeploymentConfig | Ensure that encryption providers are appropriately configured | Kubernetes | -| 2438 | CKV_K8S_104 | resource | Job | Ensure that encryption providers are appropriately configured | Kubernetes | -| 2439 | CKV_K8S_104 | resource | Pod | Ensure that encryption providers are appropriately configured | Kubernetes | -| 2440 | CKV_K8S_104 | resource | PodTemplate | Ensure that encryption providers are appropriately configured | Kubernetes | -| 2441 | CKV_K8S_104 | resource | ReplicaSet | Ensure that encryption providers are appropriately configured | Kubernetes | -| 2442 | CKV_K8S_104 | resource | ReplicationController | Ensure that encryption providers are appropriately configured | Kubernetes | -| 2443 | CKV_K8S_104 | resource | StatefulSet | Ensure that encryption providers are appropriately configured | Kubernetes | -| 2444 | CKV_K8S_105 | resource | CronJob | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | -| 2445 | CKV_K8S_105 | resource | DaemonSet | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | -| 2446 | CKV_K8S_105 | resource | Deployment | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | -| 2447 | CKV_K8S_105 | resource | DeploymentConfig | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | -| 2448 | CKV_K8S_105 | resource | Job | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | -| 2449 | CKV_K8S_105 | resource | Pod | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | -| 2450 | CKV_K8S_105 | resource | PodTemplate | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | -| 2451 | CKV_K8S_105 | resource | ReplicaSet | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | -| 2452 | CKV_K8S_105 | resource | ReplicationController | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | -| 2453 | CKV_K8S_105 | resource | StatefulSet | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | -| 2454 | CKV_K8S_106 | resource | CronJob | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | -| 2455 | CKV_K8S_106 | resource | DaemonSet | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | -| 2456 | CKV_K8S_106 | resource | Deployment | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | -| 2457 | CKV_K8S_106 | resource | DeploymentConfig | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | -| 2458 | CKV_K8S_106 | resource | Job | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | -| 2459 | CKV_K8S_106 | resource | Pod | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | -| 2460 | CKV_K8S_106 | resource | PodTemplate | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | -| 2461 | CKV_K8S_106 | resource | ReplicaSet | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | -| 2462 | CKV_K8S_106 | resource | ReplicationController | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | -| 2463 | CKV_K8S_106 | resource | StatefulSet | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | -| 2464 | CKV_K8S_107 | resource | CronJob | Ensure that the --profiling argument is set to false | Kubernetes | -| 2465 | CKV_K8S_107 | resource | DaemonSet | Ensure that the --profiling argument is set to false | Kubernetes | -| 2466 | CKV_K8S_107 | resource | Deployment | Ensure that the --profiling argument is set to false | Kubernetes | -| 2467 | CKV_K8S_107 | resource | DeploymentConfig | Ensure that the --profiling argument is set to false | Kubernetes | -| 2468 | CKV_K8S_107 | resource | Job | Ensure that the --profiling argument is set to false | Kubernetes | -| 2469 | CKV_K8S_107 | resource | Pod | Ensure that the --profiling argument is set to false | Kubernetes | -| 2470 | CKV_K8S_107 | resource | PodTemplate | Ensure that the --profiling argument is set to false | Kubernetes | -| 2471 | CKV_K8S_107 | resource | ReplicaSet | Ensure that the --profiling argument is set to false | Kubernetes | -| 2472 | CKV_K8S_107 | resource | ReplicationController | Ensure that the --profiling argument is set to false | Kubernetes | -| 2473 | CKV_K8S_107 | resource | StatefulSet | Ensure that the --profiling argument is set to false | Kubernetes | -| 2474 | CKV_K8S_108 | resource | CronJob | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | -| 2475 | CKV_K8S_108 | resource | DaemonSet | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | -| 2476 | CKV_K8S_108 | resource | Deployment | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | -| 2477 | CKV_K8S_108 | resource | DeploymentConfig | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | -| 2478 | CKV_K8S_108 | resource | Job | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | -| 2479 | CKV_K8S_108 | resource | Pod | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | -| 2480 | CKV_K8S_108 | resource | PodTemplate | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | -| 2481 | CKV_K8S_108 | resource | ReplicaSet | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | -| 2482 | CKV_K8S_108 | resource | ReplicationController | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | -| 2483 | CKV_K8S_108 | resource | StatefulSet | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | -| 2484 | CKV_K8S_110 | resource | CronJob | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | -| 2485 | CKV_K8S_110 | resource | DaemonSet | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | -| 2486 | CKV_K8S_110 | resource | Deployment | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | -| 2487 | CKV_K8S_110 | resource | DeploymentConfig | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | -| 2488 | CKV_K8S_110 | resource | Job | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | -| 2489 | CKV_K8S_110 | resource | Pod | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | -| 2490 | CKV_K8S_110 | resource | PodTemplate | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | -| 2491 | CKV_K8S_110 | resource | ReplicaSet | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | -| 2492 | CKV_K8S_110 | resource | ReplicationController | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | -| 2493 | CKV_K8S_110 | resource | StatefulSet | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | -| 2494 | CKV_K8S_111 | resource | CronJob | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | -| 2495 | CKV_K8S_111 | resource | DaemonSet | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | -| 2496 | CKV_K8S_111 | resource | Deployment | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | -| 2497 | CKV_K8S_111 | resource | DeploymentConfig | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | -| 2498 | CKV_K8S_111 | resource | Job | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | -| 2499 | CKV_K8S_111 | resource | Pod | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | -| 2500 | CKV_K8S_111 | resource | PodTemplate | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | -| 2501 | CKV_K8S_111 | resource | ReplicaSet | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | -| 2502 | CKV_K8S_111 | resource | ReplicationController | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | -| 2503 | CKV_K8S_111 | resource | StatefulSet | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | -| 2504 | CKV_K8S_112 | resource | CronJob | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | -| 2505 | CKV_K8S_112 | resource | DaemonSet | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | -| 2506 | CKV_K8S_112 | resource | Deployment | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | -| 2507 | CKV_K8S_112 | resource | DeploymentConfig | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | -| 2508 | CKV_K8S_112 | resource | Job | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | -| 2509 | CKV_K8S_112 | resource | Pod | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | -| 2510 | CKV_K8S_112 | resource | PodTemplate | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | -| 2511 | CKV_K8S_112 | resource | ReplicaSet | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | -| 2512 | CKV_K8S_112 | resource | ReplicationController | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | -| 2513 | CKV_K8S_112 | resource | StatefulSet | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | -| 2514 | CKV_K8S_113 | resource | CronJob | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | -| 2515 | CKV_K8S_113 | resource | DaemonSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | -| 2516 | CKV_K8S_113 | resource | Deployment | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | -| 2517 | CKV_K8S_113 | resource | DeploymentConfig | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | -| 2518 | CKV_K8S_113 | resource | Job | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | -| 2519 | CKV_K8S_113 | resource | Pod | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | -| 2520 | CKV_K8S_113 | resource | PodTemplate | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | -| 2521 | CKV_K8S_113 | resource | ReplicaSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | -| 2522 | CKV_K8S_113 | resource | ReplicationController | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | -| 2523 | CKV_K8S_113 | resource | StatefulSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | -| 2524 | CKV_K8S_114 | resource | CronJob | Ensure that the --profiling argument is set to false | Kubernetes | -| 2525 | CKV_K8S_114 | resource | DaemonSet | Ensure that the --profiling argument is set to false | Kubernetes | -| 2526 | CKV_K8S_114 | resource | Deployment | Ensure that the --profiling argument is set to false | Kubernetes | -| 2527 | CKV_K8S_114 | resource | DeploymentConfig | Ensure that the --profiling argument is set to false | Kubernetes | -| 2528 | CKV_K8S_114 | resource | Job | Ensure that the --profiling argument is set to false | Kubernetes | -| 2529 | CKV_K8S_114 | resource | Pod | Ensure that the --profiling argument is set to false | Kubernetes | -| 2530 | CKV_K8S_114 | resource | PodTemplate | Ensure that the --profiling argument is set to false | Kubernetes | -| 2531 | CKV_K8S_114 | resource | ReplicaSet | Ensure that the --profiling argument is set to false | Kubernetes | -| 2532 | CKV_K8S_114 | resource | ReplicationController | Ensure that the --profiling argument is set to false | Kubernetes | -| 2533 | CKV_K8S_114 | resource | StatefulSet | Ensure that the --profiling argument is set to false | Kubernetes | -| 2534 | CKV_K8S_115 | resource | CronJob | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | -| 2535 | CKV_K8S_115 | resource | DaemonSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | -| 2536 | CKV_K8S_115 | resource | Deployment | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | -| 2537 | CKV_K8S_115 | resource | DeploymentConfig | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | -| 2538 | CKV_K8S_115 | resource | Job | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | -| 2539 | CKV_K8S_115 | resource | Pod | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | -| 2540 | CKV_K8S_115 | resource | PodTemplate | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | -| 2541 | CKV_K8S_115 | resource | ReplicaSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | -| 2542 | CKV_K8S_115 | resource | ReplicationController | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | -| 2543 | CKV_K8S_115 | resource | StatefulSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | -| 2544 | CKV_K8S_116 | resource | CronJob | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | -| 2545 | CKV_K8S_116 | resource | DaemonSet | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | -| 2546 | CKV_K8S_116 | resource | Deployment | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | -| 2547 | CKV_K8S_116 | resource | DeploymentConfig | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | -| 2548 | CKV_K8S_116 | resource | Job | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | -| 2549 | CKV_K8S_116 | resource | Pod | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | -| 2550 | CKV_K8S_116 | resource | PodTemplate | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | -| 2551 | CKV_K8S_116 | resource | ReplicaSet | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | -| 2552 | CKV_K8S_116 | resource | ReplicationController | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | -| 2553 | CKV_K8S_116 | resource | StatefulSet | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | -| 2554 | CKV_K8S_117 | resource | CronJob | Ensure that the --client-cert-auth argument is set to true | Kubernetes | -| 2555 | CKV_K8S_117 | resource | DaemonSet | Ensure that the --client-cert-auth argument is set to true | Kubernetes | -| 2556 | CKV_K8S_117 | resource | Deployment | Ensure that the --client-cert-auth argument is set to true | Kubernetes | -| 2557 | CKV_K8S_117 | resource | DeploymentConfig | Ensure that the --client-cert-auth argument is set to true | Kubernetes | -| 2558 | CKV_K8S_117 | resource | Job | Ensure that the --client-cert-auth argument is set to true | Kubernetes | -| 2559 | CKV_K8S_117 | resource | Pod | Ensure that the --client-cert-auth argument is set to true | Kubernetes | -| 2560 | CKV_K8S_117 | resource | PodTemplate | Ensure that the --client-cert-auth argument is set to true | Kubernetes | -| 2561 | CKV_K8S_117 | resource | ReplicaSet | Ensure that the --client-cert-auth argument is set to true | Kubernetes | -| 2562 | CKV_K8S_117 | resource | ReplicationController | Ensure that the --client-cert-auth argument is set to true | Kubernetes | -| 2563 | CKV_K8S_117 | resource | StatefulSet | Ensure that the --client-cert-auth argument is set to true | Kubernetes | -| 2564 | CKV_K8S_118 | resource | CronJob | Ensure that the --auto-tls argument is not set to true | Kubernetes | -| 2565 | CKV_K8S_118 | resource | DaemonSet | Ensure that the --auto-tls argument is not set to true | Kubernetes | -| 2566 | CKV_K8S_118 | resource | Deployment | Ensure that the --auto-tls argument is not set to true | Kubernetes | -| 2567 | CKV_K8S_118 | resource | DeploymentConfig | Ensure that the --auto-tls argument is not set to true | Kubernetes | -| 2568 | CKV_K8S_118 | resource | Job | Ensure that the --auto-tls argument is not set to true | Kubernetes | -| 2569 | CKV_K8S_118 | resource | Pod | Ensure that the --auto-tls argument is not set to true | Kubernetes | -| 2570 | CKV_K8S_118 | resource | PodTemplate | Ensure that the --auto-tls argument is not set to true | Kubernetes | -| 2571 | CKV_K8S_118 | resource | ReplicaSet | Ensure that the --auto-tls argument is not set to true | Kubernetes | -| 2572 | CKV_K8S_118 | resource | ReplicationController | Ensure that the --auto-tls argument is not set to true | Kubernetes | -| 2573 | CKV_K8S_118 | resource | StatefulSet | Ensure that the --auto-tls argument is not set to true | Kubernetes | -| 2574 | CKV_K8S_119 | resource | CronJob | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | -| 2575 | CKV_K8S_119 | resource | DaemonSet | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | -| 2576 | CKV_K8S_119 | resource | Deployment | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | -| 2577 | CKV_K8S_119 | resource | DeploymentConfig | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | -| 2578 | CKV_K8S_119 | resource | Job | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | -| 2579 | CKV_K8S_119 | resource | Pod | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | -| 2580 | CKV_K8S_119 | resource | PodTemplate | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | -| 2581 | CKV_K8S_119 | resource | ReplicaSet | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | -| 2582 | CKV_K8S_119 | resource | ReplicationController | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | -| 2583 | CKV_K8S_119 | resource | StatefulSet | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | -| 2584 | CKV_K8S_121 | resource | Pod | Ensure that the --peer-client-cert-auth argument is set to true | Kubernetes | -| 2585 | CKV_K8S_138 | resource | CronJob | Ensure that the --anonymous-auth argument is set to false | Kubernetes | -| 2586 | CKV_K8S_138 | resource | DaemonSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes | -| 2587 | CKV_K8S_138 | resource | Deployment | Ensure that the --anonymous-auth argument is set to false | Kubernetes | -| 2588 | CKV_K8S_138 | resource | DeploymentConfig | Ensure that the --anonymous-auth argument is set to false | Kubernetes | -| 2589 | CKV_K8S_138 | resource | Job | Ensure that the --anonymous-auth argument is set to false | Kubernetes | -| 2590 | CKV_K8S_138 | resource | Pod | Ensure that the --anonymous-auth argument is set to false | Kubernetes | -| 2591 | CKV_K8S_138 | resource | PodTemplate | Ensure that the --anonymous-auth argument is set to false | Kubernetes | -| 2592 | CKV_K8S_138 | resource | ReplicaSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes | -| 2593 | CKV_K8S_138 | resource | ReplicationController | Ensure that the --anonymous-auth argument is set to false | Kubernetes | -| 2594 | CKV_K8S_138 | resource | StatefulSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes | -| 2595 | CKV_K8S_139 | resource | CronJob | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | -| 2596 | CKV_K8S_139 | resource | DaemonSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | -| 2597 | CKV_K8S_139 | resource | Deployment | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | -| 2598 | CKV_K8S_139 | resource | DeploymentConfig | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | -| 2599 | CKV_K8S_139 | resource | Job | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | -| 2600 | CKV_K8S_139 | resource | Pod | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | -| 2601 | CKV_K8S_139 | resource | PodTemplate | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | -| 2602 | CKV_K8S_139 | resource | ReplicaSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | -| 2603 | CKV_K8S_139 | resource | ReplicationController | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | -| 2604 | CKV_K8S_139 | resource | StatefulSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | -| 2605 | CKV_K8S_140 | resource | CronJob | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | -| 2606 | CKV_K8S_140 | resource | DaemonSet | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | -| 2607 | CKV_K8S_140 | resource | Deployment | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | -| 2608 | CKV_K8S_140 | resource | DeploymentConfig | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | -| 2609 | CKV_K8S_140 | resource | Job | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | -| 2610 | CKV_K8S_140 | resource | Pod | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | -| 2611 | CKV_K8S_140 | resource | PodTemplate | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | -| 2612 | CKV_K8S_140 | resource | ReplicaSet | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | -| 2613 | CKV_K8S_140 | resource | ReplicationController | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | -| 2614 | CKV_K8S_140 | resource | StatefulSet | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | -| 2615 | CKV_K8S_141 | resource | CronJob | Ensure that the --read-only-port argument is set to 0 | Kubernetes | -| 2616 | CKV_K8S_141 | resource | DaemonSet | Ensure that the --read-only-port argument is set to 0 | Kubernetes | -| 2617 | CKV_K8S_141 | resource | Deployment | Ensure that the --read-only-port argument is set to 0 | Kubernetes | -| 2618 | CKV_K8S_141 | resource | DeploymentConfig | Ensure that the --read-only-port argument is set to 0 | Kubernetes | -| 2619 | CKV_K8S_141 | resource | Job | Ensure that the --read-only-port argument is set to 0 | Kubernetes | -| 2620 | CKV_K8S_141 | resource | Pod | Ensure that the --read-only-port argument is set to 0 | Kubernetes | -| 2621 | CKV_K8S_141 | resource | PodTemplate | Ensure that the --read-only-port argument is set to 0 | Kubernetes | -| 2622 | CKV_K8S_141 | resource | ReplicaSet | Ensure that the --read-only-port argument is set to 0 | Kubernetes | -| 2623 | CKV_K8S_141 | resource | ReplicationController | Ensure that the --read-only-port argument is set to 0 | Kubernetes | -| 2624 | CKV_K8S_141 | resource | StatefulSet | Ensure that the --read-only-port argument is set to 0 | Kubernetes | -| 2625 | CKV_K8S_143 | resource | CronJob | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | -| 2626 | CKV_K8S_143 | resource | DaemonSet | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | -| 2627 | CKV_K8S_143 | resource | Deployment | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | -| 2628 | CKV_K8S_143 | resource | DeploymentConfig | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | -| 2629 | CKV_K8S_143 | resource | Job | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | -| 2630 | CKV_K8S_143 | resource | Pod | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | -| 2631 | CKV_K8S_143 | resource | PodTemplate | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | -| 2632 | CKV_K8S_143 | resource | ReplicaSet | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | -| 2633 | CKV_K8S_143 | resource | ReplicationController | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | -| 2634 | CKV_K8S_143 | resource | StatefulSet | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | -| 2635 | CKV_K8S_144 | resource | CronJob | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | -| 2636 | CKV_K8S_144 | resource | DaemonSet | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | -| 2637 | CKV_K8S_144 | resource | Deployment | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | -| 2638 | CKV_K8S_144 | resource | DeploymentConfig | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | -| 2639 | CKV_K8S_144 | resource | Job | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | -| 2640 | CKV_K8S_144 | resource | Pod | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | -| 2641 | CKV_K8S_144 | resource | PodTemplate | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | -| 2642 | CKV_K8S_144 | resource | ReplicaSet | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | -| 2643 | CKV_K8S_144 | resource | ReplicationController | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | -| 2644 | CKV_K8S_144 | resource | StatefulSet | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | -| 2645 | CKV_K8S_145 | resource | CronJob | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | -| 2646 | CKV_K8S_145 | resource | DaemonSet | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | -| 2647 | CKV_K8S_145 | resource | Deployment | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | -| 2648 | CKV_K8S_145 | resource | DeploymentConfig | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | -| 2649 | CKV_K8S_145 | resource | Job | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | -| 2650 | CKV_K8S_145 | resource | Pod | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | -| 2651 | CKV_K8S_145 | resource | PodTemplate | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | -| 2652 | CKV_K8S_145 | resource | ReplicaSet | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | -| 2653 | CKV_K8S_145 | resource | ReplicationController | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | -| 2654 | CKV_K8S_145 | resource | StatefulSet | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | -| 2655 | CKV_K8S_146 | resource | CronJob | Ensure that the --hostname-override argument is not set | Kubernetes | -| 2656 | CKV_K8S_146 | resource | DaemonSet | Ensure that the --hostname-override argument is not set | Kubernetes | -| 2657 | CKV_K8S_146 | resource | Deployment | Ensure that the --hostname-override argument is not set | Kubernetes | -| 2658 | CKV_K8S_146 | resource | DeploymentConfig | Ensure that the --hostname-override argument is not set | Kubernetes | -| 2659 | CKV_K8S_146 | resource | Job | Ensure that the --hostname-override argument is not set | Kubernetes | -| 2660 | CKV_K8S_146 | resource | Pod | Ensure that the --hostname-override argument is not set | Kubernetes | -| 2661 | CKV_K8S_146 | resource | PodTemplate | Ensure that the --hostname-override argument is not set | Kubernetes | -| 2662 | CKV_K8S_146 | resource | ReplicaSet | Ensure that the --hostname-override argument is not set | Kubernetes | -| 2663 | CKV_K8S_146 | resource | ReplicationController | Ensure that the --hostname-override argument is not set | Kubernetes | -| 2664 | CKV_K8S_146 | resource | StatefulSet | Ensure that the --hostname-override argument is not set | Kubernetes | -| 2665 | CKV_K8S_147 | resource | CronJob | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | -| 2666 | CKV_K8S_147 | resource | DaemonSet | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | -| 2667 | CKV_K8S_147 | resource | Deployment | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | -| 2668 | CKV_K8S_147 | resource | DeploymentConfig | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | -| 2669 | CKV_K8S_147 | resource | Job | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | -| 2670 | CKV_K8S_147 | resource | Pod | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | -| 2671 | CKV_K8S_147 | resource | PodTemplate | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | -| 2672 | CKV_K8S_147 | resource | ReplicaSet | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | -| 2673 | CKV_K8S_147 | resource | ReplicationController | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | -| 2674 | CKV_K8S_147 | resource | StatefulSet | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | -| 2675 | CKV_K8S_148 | resource | CronJob | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | -| 2676 | CKV_K8S_148 | resource | DaemonSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | -| 2677 | CKV_K8S_148 | resource | Deployment | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | -| 2678 | CKV_K8S_148 | resource | DeploymentConfig | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | -| 2679 | CKV_K8S_148 | resource | Job | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | -| 2680 | CKV_K8S_148 | resource | Pod | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | -| 2681 | CKV_K8S_148 | resource | PodTemplate | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | -| 2682 | CKV_K8S_148 | resource | ReplicaSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | -| 2683 | CKV_K8S_148 | resource | ReplicationController | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | -| 2684 | CKV_K8S_148 | resource | StatefulSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | -| 2685 | CKV_K8S_149 | resource | CronJob | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | -| 2686 | CKV_K8S_149 | resource | DaemonSet | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | -| 2687 | CKV_K8S_149 | resource | Deployment | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | -| 2688 | CKV_K8S_149 | resource | DeploymentConfig | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | -| 2689 | CKV_K8S_149 | resource | Job | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | -| 2690 | CKV_K8S_149 | resource | Pod | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | -| 2691 | CKV_K8S_149 | resource | PodTemplate | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | -| 2692 | CKV_K8S_149 | resource | ReplicaSet | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | -| 2693 | CKV_K8S_149 | resource | ReplicationController | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | -| 2694 | CKV_K8S_149 | resource | StatefulSet | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | -| 2695 | CKV_K8S_151 | resource | CronJob | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | -| 2696 | CKV_K8S_151 | resource | DaemonSet | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | -| 2697 | CKV_K8S_151 | resource | Deployment | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | -| 2698 | CKV_K8S_151 | resource | DeploymentConfig | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | -| 2699 | CKV_K8S_151 | resource | Job | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | -| 2700 | CKV_K8S_151 | resource | Pod | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | -| 2701 | CKV_K8S_151 | resource | PodTemplate | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | -| 2702 | CKV_K8S_151 | resource | ReplicaSet | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | -| 2703 | CKV_K8S_151 | resource | ReplicationController | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | -| 2704 | CKV_K8S_151 | resource | StatefulSet | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | -| 2705 | CKV_K8S_152 | resource | Ingress | Prevent NGINX Ingress annotation snippets which contain LUA code execution. See CVE-2021-25742 | Kubernetes | -| 2706 | CKV_K8S_153 | resource | Ingress | Prevent All NGINX Ingress annotation snippets. See CVE-2021-25742 | Kubernetes | -| 2707 | CKV_K8S_154 | resource | Ingress | Prevent NGINX Ingress annotation snippets which contain alias statements See CVE-2021-25742 | Kubernetes | -| 2708 | CKV_K8S_155 | resource | ClusterRole | Minimize ClusterRoles that grant control over validating or mutating admission webhook configurations | Kubernetes | -| 2709 | CKV_K8S_156 | resource | ClusterRole | Minimize ClusterRoles that grant permissions to approve CertificateSigningRequests | Kubernetes | -| 2710 | CKV_K8S_157 | resource | ClusterRole | Minimize Roles and ClusterRoles that grant permissions to bind RoleBindings or ClusterRoleBindings | Kubernetes | -| 2711 | CKV_K8S_157 | resource | Role | Minimize Roles and ClusterRoles that grant permissions to bind RoleBindings or ClusterRoleBindings | Kubernetes | -| 2712 | CKV_K8S_158 | resource | ClusterRole | Minimize Roles and ClusterRoles that grant permissions to escalate Roles or ClusterRoles | Kubernetes | -| 2713 | CKV_K8S_158 | resource | Role | Minimize Roles and ClusterRoles that grant permissions to escalate Roles or ClusterRoles | Kubernetes | -| 2714 | CKV_LIN_1 | provider | linode | Ensure no hard coded Linode tokens exist in provider | Terraform | -| 2715 | CKV_LIN_2 | resource | linode_instance | Ensure SSH key set in authorized_keys | Terraform | -| 2716 | CKV_LIN_3 | resource | linode_user | Ensure email is set | Terraform | -| 2717 | CKV_LIN_4 | resource | linode_user | Ensure username is set | Terraform | -| 2718 | CKV_LIN_5 | resource | linode_firewall | Ensure Inbound Firewall Policy is not set to ACCEPT | Terraform | -| 2719 | CKV_LIN_6 | resource | linode_firewall | Ensure Outbound Firewall Policy is not set to ACCEPT | Terraform | -| 2720 | CKV_NCP_1 | resource | ncloud_lb_target_group | Ensure HTTP HTTPS Target group defines Healthcheck | Terraform | -| 2721 | CKV_NCP_002 | resource | ncloud_access_control_group | Ensure every access control groups rule has a description | Terraform | -| 2722 | CKV_NCP_002 | resource | ncloud_access_control_group_rule | Ensure every access control groups rule has a description | Terraform | -| 2723 | CKV_OCI_1 | provider | oci | Ensure no hard coded OCI private key in provider | Terraform | -| 2724 | CKV_OCI_2 | resource | oci_core_volume | Ensure OCI Block Storage Block Volume has backup enabled | Terraform | -| 2725 | CKV_OCI_3 | resource | oci_core_volume | OCI Block Storage Block Volumes are not encrypted with a Customer Managed Key (CMK) | Terraform | -| 2726 | CKV_OCI_4 | resource | oci_core_instance | Ensure OCI Compute Instance boot volume has in-transit data encryption enabled | Terraform | -| 2727 | CKV_OCI_5 | resource | oci_core_instance | Ensure OCI Compute Instance has Legacy MetaData service endpoint disabled | Terraform | -| 2728 | CKV_OCI_6 | resource | oci_core_instance | Ensure OCI Compute Instance has monitoring enabled | Terraform | -| 2729 | CKV_OCI_7 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage bucket can emit object events | Terraform | -| 2730 | CKV_OCI_8 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage has versioning enabled | Terraform | -| 2731 | CKV_OCI_9 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage is encrypted with Customer Managed Key | Terraform | -| 2732 | CKV_OCI_10 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage is not Public | Terraform | -| 2733 | CKV_OCI_11 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain lower case | Terraform | -| 2734 | CKV_OCI_12 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain Numeric characters | Terraform | -| 2735 | CKV_OCI_13 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain Special characters | Terraform | -| 2736 | CKV_OCI_14 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain Uppercase characters | Terraform | -| 2737 | CKV_OCI_15 | resource | oci_file_storage_file_system | Ensure OCI File System is Encrypted with a customer Managed Key | Terraform | -| 2738 | CKV_OCI_16 | resource | oci_core_security_list | Ensure VCN has an inbound security list | Terraform | -| 2739 | CKV_OCI_17 | resource | oci_core_security_list | Ensure VCN inbound security lists are stateless | Terraform | -| 2740 | CKV_OCI_18 | resource | oci_identity_authentication_policy | OCI IAM password policy for local (non-federated) users has a minimum length of 14 characters | Terraform | -| 2741 | CKV_OCI_19 | resource | oci_core_security_list | Ensure no security list allow ingress from 0.0.0.0:0 to port 22. | Terraform | -| 2742 | CKV_OCI_20 | resource | oci_core_security_list | Ensure no security list allow ingress from 0.0.0.0:0 to port 3389. | Terraform | -| 2743 | CKV_OCI_21 | resource | oci_core_network_security_group_security_rule | Ensure security group has stateless ingress security rules | Terraform | -| 2744 | CKV_OCI_22 | resource | oci_core_network_security_group_security_rule | Ensure no security groups rules allow ingress from 0.0.0.0/0 to port 22 | Terraform | -| 2745 | CKV2_OCI_1 | resource | oci_identity_group | Ensure administrator users are not associated with API keys | Terraform | -| 2746 | CKV2_OCI_1 | resource | oci_identity_user | Ensure administrator users are not associated with API keys | Terraform | -| 2747 | CKV2_OCI_1 | resource | oci_identity_user_group_membership | Ensure administrator users are not associated with API keys | Terraform | -| 2748 | CKV_OPENAPI_1 | resource | securityDefinitions | Ensure that securityDefinitions is defined and not empty - version 2.0 files | OpenAPI | -| 2749 | CKV_OPENAPI_2 | resource | security | Ensure that if the security scheme is not of type 'oauth2', the array value must be empty - version 2.0 files | OpenAPI | -| 2750 | CKV_OPENAPI_3 | resource | components | Ensure that security schemes don't allow cleartext credentials over unencrypted channel - version 3.x.y files | OpenAPI | -| 2751 | CKV_OPENAPI_4 | resource | security | Ensure that the global security field has rules defined | OpenAPI | -| 2752 | CKV_OPENAPI_5 | resource | security | Ensure that security operations is not empty. | OpenAPI | -| 2753 | CKV_OPENAPI_6 | resource | security | Ensure that security requirement defined in securityDefinitions - version 2.0 files | OpenAPI | -| 2754 | CKV_OPENAPI_7 | resource | security | Ensure that the path scheme does not support unencrypted HTTP connection where all transmissions are open to interception- version 2.0 files | OpenAPI | -| 2755 | CKV_OPENSTACK_1 | provider | openstack | Ensure no hard coded OpenStack password, token, or application_credential_secret exists in provider | Terraform | -| 2756 | CKV_OPENSTACK_2 | resource | openstack_compute_secgroup_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp) | Terraform | -| 2757 | CKV_OPENSTACK_2 | resource | openstack_networking_secgroup_rule_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp) | Terraform | -| 2758 | CKV_OPENSTACK_3 | resource | openstack_compute_secgroup_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp) | Terraform | -| 2759 | CKV_OPENSTACK_3 | resource | openstack_networking_secgroup_rule_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp) | Terraform | -| 2760 | CKV_OPENSTACK_4 | resource | openstack_compute_instance_v2 | Ensure that instance does not use basic credentials | Terraform | -| 2761 | CKV_OPENSTACK_5 | resource | openstack_fw_rule_v1 | Ensure firewall rule set a destination IP | Terraform | -| 2762 | CKV_PAN_1 | provider | panos | Ensure no hard coded PAN-OS credentials exist in provider | Terraform | -| 2763 | CKV_PAN_2 | resource | panos_management_profile | Ensure plain-text management HTTP is not enabled for an Interface Management Profile | Terraform | -| 2764 | CKV_PAN_3 | resource | panos_management_profile | Ensure plain-text management Telnet is not enabled for an Interface Management Profile | Terraform | -| 2765 | CKV_PAN_4 | resource | panos_security_policy | Ensure DSRI is not enabled within security policies | Terraform | -| 2766 | CKV_PAN_4 | resource | panos_security_rule_group | Ensure DSRI is not enabled within security policies | Terraform | -| 2767 | CKV_PAN_5 | resource | panos_security_policy | Ensure security rules do not have 'applications' set to 'any' | Terraform | -| 2768 | CKV_PAN_5 | resource | panos_security_rule_group | Ensure security rules do not have 'applications' set to 'any' | Terraform | -| 2769 | CKV_PAN_6 | resource | panos_security_policy | Ensure security rules do not have 'services' set to 'any' | Terraform | -| 2770 | CKV_PAN_6 | resource | panos_security_rule_group | Ensure security rules do not have 'services' set to 'any' | Terraform | -| 2771 | CKV_PAN_7 | resource | panos_security_policy | Ensure security rules do not have 'source_addresses' and 'destination_addresses' both containing values of 'any' | Terraform | -| 2772 | CKV_PAN_7 | resource | panos_security_rule_group | Ensure security rules do not have 'source_addresses' and 'destination_addresses' both containing values of 'any' | Terraform | -| 2773 | CKV_PAN_8 | resource | panos_security_policy | Ensure description is populated within security policies | Terraform | -| 2774 | CKV_PAN_8 | resource | panos_security_rule_group | Ensure description is populated within security policies | Terraform | -| 2775 | CKV_PAN_9 | resource | panos_security_policy | Ensure a Log Forwarding Profile is selected for each security policy rule | Terraform | -| 2776 | CKV_PAN_9 | resource | panos_security_rule_group | Ensure a Log Forwarding Profile is selected for each security policy rule | Terraform | -| 2777 | CKV_PAN_10 | resource | panos_security_policy | Ensure logging at session end is enabled within security policies | Terraform | -| 2778 | CKV_PAN_10 | resource | panos_security_rule_group | Ensure logging at session end is enabled within security policies | Terraform | -| 2779 | CKV_PAN_11 | resource | panos_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure encryption algorithms | Terraform | -| 2780 | CKV_PAN_11 | resource | panos_panorama_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure encryption algorithms | Terraform | -| 2781 | CKV_PAN_12 | resource | panos_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure authentication algorithms | Terraform | -| 2782 | CKV_PAN_12 | resource | panos_panorama_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure authentication algorithms | Terraform | -| 2783 | CKV_PAN_13 | resource | panos_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure protocols | Terraform | -| 2784 | CKV_PAN_13 | resource | panos_panorama_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure protocols | Terraform | -| 2785 | CKV_PAN_14 | resource | panos_panorama_zone | Ensure a Zone Protection Profile is defined within Security Zones | Terraform | -| 2786 | CKV_PAN_14 | resource | panos_zone | Ensure a Zone Protection Profile is defined within Security Zones | Terraform | -| 2787 | CKV_PAN_14 | resource | panos_zone_entry | Ensure a Zone Protection Profile is defined within Security Zones | Terraform | -| 2788 | CKV_PAN_15 | resource | panos_panorama_zone | Ensure an Include ACL is defined for a Zone when User-ID is enabled | Terraform | -| 2789 | CKV_PAN_15 | resource | panos_zone | Ensure an Include ACL is defined for a Zone when User-ID is enabled | Terraform | -| 2790 | CKV_SECRET_1 | Artifactory Credentials | secrets | Artifactory Credentials | secrets | -| 2791 | CKV_SECRET_2 | AWS Access Key | secrets | AWS Access Key | secrets | -| 2792 | CKV_SECRET_3 | Azure Storage Account access key | secrets | Azure Storage Account access key | secrets | -| 2793 | CKV_SECRET_4 | Basic Auth Credentials | secrets | Basic Auth Credentials | secrets | -| 2794 | CKV_SECRET_5 | Cloudant Credentials | secrets | Cloudant Credentials | secrets | -| 2795 | CKV_SECRET_6 | Base64 High Entropy String | secrets | Base64 High Entropy String | secrets | -| 2796 | CKV_SECRET_7 | IBM Cloud IAM Key | secrets | IBM Cloud IAM Key | secrets | -| 2797 | CKV_SECRET_8 | IBM COS HMAC Credentials | secrets | IBM COS HMAC Credentials | secrets | -| 2798 | CKV_SECRET_9 | JSON Web Token | secrets | JSON Web Token | secrets | -| 2799 | CKV_SECRET_10 | Secret Keyword | secrets | Secret Keyword | secrets | -| 2800 | CKV_SECRET_11 | Mailchimp Access Key | secrets | Mailchimp Access Key | secrets | -| 2801 | CKV_SECRET_12 | NPM tokens | secrets | NPM tokens | secrets | -| 2802 | CKV_SECRET_13 | Private Key | secrets | Private Key | secrets | -| 2803 | CKV_SECRET_14 | Slack Token | secrets | Slack Token | secrets | -| 2804 | CKV_SECRET_15 | SoftLayer Credentials | secrets | SoftLayer Credentials | secrets | -| 2805 | CKV_SECRET_16 | Square OAuth Secret | secrets | Square OAuth Secret | secrets | -| 2806 | CKV_SECRET_17 | Stripe Access Key | secrets | Stripe Access Key | secrets | -| 2807 | CKV_SECRET_18 | Twilio API Key | secrets | Twilio API Key | secrets | -| 2808 | CKV_SECRET_19 | Hex High Entropy String | secrets | Hex High Entropy String | secrets | -| 2809 | CKV_YC_1 | resource | yandex_mdb_clickhouse_cluster | Ensure security group is assigned to database cluster. | Terraform | -| 2810 | CKV_YC_1 | resource | yandex_mdb_elasticsearch_cluster | Ensure security group is assigned to database cluster. | Terraform | -| 2811 | CKV_YC_1 | resource | yandex_mdb_greenplum_cluster | Ensure security group is assigned to database cluster. | Terraform | -| 2812 | CKV_YC_1 | resource | yandex_mdb_kafka_cluster | Ensure security group is assigned to database cluster. | Terraform | -| 2813 | CKV_YC_1 | resource | yandex_mdb_mongodb_cluster | Ensure security group is assigned to database cluster. | Terraform | -| 2814 | CKV_YC_1 | resource | yandex_mdb_mysql_cluster | Ensure security group is assigned to database cluster. | Terraform | -| 2815 | CKV_YC_1 | resource | yandex_mdb_postgresql_cluster | Ensure security group is assigned to database cluster. | Terraform | -| 2816 | CKV_YC_1 | resource | yandex_mdb_redis_cluster | Ensure security group is assigned to database cluster. | Terraform | -| 2817 | CKV_YC_1 | resource | yandex_mdb_sqlserver_cluster | Ensure security group is assigned to database cluster. | Terraform | -| 2818 | CKV_YC_2 | resource | yandex_compute_instance | Ensure compute instance does not have public IP. | Terraform | -| 2819 | CKV_YC_3 | resource | yandex_storage_bucket | Ensure storage bucket is encrypted. | Terraform | -| 2820 | CKV_YC_4 | resource | yandex_compute_instance | Ensure compute instance does not have serial console enabled. | Terraform | -| 2821 | CKV_YC_5 | resource | yandex_kubernetes_cluster | Ensure Kubernetes cluster does not have public IP address. | Terraform | -| 2822 | CKV_YC_6 | resource | yandex_kubernetes_node_group | Ensure Kubernetes cluster node group does not have public IP addresses. | Terraform | -| 2823 | CKV_YC_7 | resource | yandex_kubernetes_cluster | Ensure Kubernetes cluster auto-upgrade is enabled. | Terraform | -| 2824 | CKV_YC_8 | resource | yandex_kubernetes_node_group | Ensure Kubernetes node group auto-upgrade is enabled. | Terraform | -| 2825 | CKV_YC_9 | resource | yandex_kms_symmetric_key | Ensure KMS symmetric key is rotated. | Terraform | -| 2826 | CKV_YC_10 | resource | yandex_kubernetes_cluster | Ensure etcd database is encrypted with KMS key. | Terraform | -| 2827 | CKV_YC_11 | resource | yandex_compute_instance | Ensure security group is assigned to network interface. | Terraform | -| 2828 | CKV_YC_12 | resource | yandex_mdb_clickhouse_cluster | Ensure public IP is not assigned to database cluster. | Terraform | -| 2829 | CKV_YC_12 | resource | yandex_mdb_elasticsearch_cluster | Ensure public IP is not assigned to database cluster. | Terraform | -| 2830 | CKV_YC_12 | resource | yandex_mdb_greenplum_cluster | Ensure public IP is not assigned to database cluster. | Terraform | -| 2831 | CKV_YC_12 | resource | yandex_mdb_kafka_cluster | Ensure public IP is not assigned to database cluster. | Terraform | -| 2832 | CKV_YC_12 | resource | yandex_mdb_mongodb_cluster | Ensure public IP is not assigned to database cluster. | Terraform | -| 2833 | CKV_YC_12 | resource | yandex_mdb_mysql_cluster | Ensure public IP is not assigned to database cluster. | Terraform | -| 2834 | CKV_YC_12 | resource | yandex_mdb_postgresql_cluster | Ensure public IP is not assigned to database cluster. | Terraform | -| 2835 | CKV_YC_12 | resource | yandex_mdb_sqlserver_cluster | Ensure public IP is not assigned to database cluster. | Terraform | -| 2836 | CKV_YC_13 | resource | yandex_resourcemanager_cloud_iam_binding | Ensure cloud member does not have elevated access. | Terraform | -| 2837 | CKV_YC_13 | resource | yandex_resourcemanager_cloud_iam_member | Ensure cloud member does not have elevated access. | Terraform | -| 2838 | CKV_YC_14 | resource | yandex_kubernetes_cluster | Ensure security group is assigned to Kubernetes cluster. | Terraform | -| 2839 | CKV_YC_15 | resource | yandex_kubernetes_node_group | Ensure security group is assigned to Kubernetes node group. | Terraform | -| 2840 | CKV_YC_16 | resource | yandex_kubernetes_cluster | Ensure network policy is assigned to Kubernetes cluster. | Terraform | -| 2841 | CKV_YC_17 | resource | yandex_storage_bucket | Ensure storage bucket does not have public access permissions. | Terraform | -| 2842 | CKV_YC_18 | resource | yandex_compute_instance_group | Ensure compute instance group does not have public IP. | Terraform | -| 2843 | CKV_YC_19 | resource | yandex_vpc_security_group | Ensure security group does not contain allow-all rules. | Terraform | -| 2844 | CKV_YC_20 | resource | yandex_vpc_security_group_rule | Ensure security group rule is not allow-all. | Terraform | -| 2845 | CKV_YC_21 | resource | yandex_organizationmanager_organization_iam_binding | Ensure organization member does not have elevated access. | Terraform | -| 2846 | CKV_YC_21 | resource | yandex_organizationmanager_organization_iam_member | Ensure organization member does not have elevated access. | Terraform | -| 2847 | CKV_YC_22 | resource | yandex_compute_instance_group | Ensure compute instance group has security group assigned. | Terraform | -| 2848 | CKV_YC_23 | resource | yandex_resourcemanager_folder_iam_binding | Ensure folder member does not have elevated access. | Terraform | -| 2849 | CKV_YC_23 | resource | yandex_resourcemanager_folder_iam_member | Ensure folder member does not have elevated access. | Terraform | -| 2850 | CKV_YC_24 | resource | yandex_organizationmanager_organization_iam_binding | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | -| 2851 | CKV_YC_24 | resource | yandex_organizationmanager_organization_iam_member | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | -| 2852 | CKV_YC_24 | resource | yandex_resourcemanager_cloud_iam_binding | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | -| 2853 | CKV_YC_24 | resource | yandex_resourcemanager_cloud_iam_member | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | -| 2854 | CKV_YC_24 | resource | yandex_resourcemanager_folder_iam_binding | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | -| 2855 | CKV_YC_24 | resource | yandex_resourcemanager_folder_iam_member | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | +| 1799 | CKV_K8S_10 | resource | kubernetes_pod_v1 | CPU requests should be set | Terraform | +| 1800 | CKV_K8S_11 | resource | CronJob | CPU limits should be set | Kubernetes | +| 1801 | CKV_K8S_11 | resource | DaemonSet | CPU limits should be set | Kubernetes | +| 1802 | CKV_K8S_11 | resource | Deployment | CPU limits should be set | Kubernetes | +| 1803 | CKV_K8S_11 | resource | DeploymentConfig | CPU limits should be set | Kubernetes | +| 1804 | CKV_K8S_11 | resource | Job | CPU limits should be set | Kubernetes | +| 1805 | CKV_K8S_11 | resource | Pod | CPU limits should be set | Kubernetes | +| 1806 | CKV_K8S_11 | resource | PodTemplate | CPU limits should be set | Kubernetes | +| 1807 | CKV_K8S_11 | resource | ReplicaSet | CPU limits should be set | Kubernetes | +| 1808 | CKV_K8S_11 | resource | ReplicationController | CPU limits should be set | Kubernetes | +| 1809 | CKV_K8S_11 | resource | StatefulSet | CPU limits should be set | Kubernetes | +| 1810 | CKV_K8S_11 | resource | kubernetes_pod | CPU Limits should be set | Terraform | +| 1811 | CKV_K8S_11 | resource | kubernetes_pod_v1 | CPU Limits should be set | Terraform | +| 1812 | CKV_K8S_12 | resource | CronJob | Memory requests should be set | Kubernetes | +| 1813 | CKV_K8S_12 | resource | DaemonSet | Memory requests should be set | Kubernetes | +| 1814 | CKV_K8S_12 | resource | Deployment | Memory requests should be set | Kubernetes | +| 1815 | CKV_K8S_12 | resource | DeploymentConfig | Memory requests should be set | Kubernetes | +| 1816 | CKV_K8S_12 | resource | Job | Memory requests should be set | Kubernetes | +| 1817 | CKV_K8S_12 | resource | Pod | Memory requests should be set | Kubernetes | +| 1818 | CKV_K8S_12 | resource | PodTemplate | Memory requests should be set | Kubernetes | +| 1819 | CKV_K8S_12 | resource | ReplicaSet | Memory requests should be set | Kubernetes | +| 1820 | CKV_K8S_12 | resource | ReplicationController | Memory requests should be set | Kubernetes | +| 1821 | CKV_K8S_12 | resource | StatefulSet | Memory requests should be set | Kubernetes | +| 1822 | CKV_K8S_12 | resource | kubernetes_pod | Memory Limits should be set | Terraform | +| 1823 | CKV_K8S_13 | resource | CronJob | Memory limits should be set | Kubernetes | +| 1824 | CKV_K8S_13 | resource | DaemonSet | Memory limits should be set | Kubernetes | +| 1825 | CKV_K8S_13 | resource | Deployment | Memory limits should be set | Kubernetes | +| 1826 | CKV_K8S_13 | resource | DeploymentConfig | Memory limits should be set | Kubernetes | +| 1827 | CKV_K8S_13 | resource | Job | Memory limits should be set | Kubernetes | +| 1828 | CKV_K8S_13 | resource | Pod | Memory limits should be set | Kubernetes | +| 1829 | CKV_K8S_13 | resource | PodTemplate | Memory limits should be set | Kubernetes | +| 1830 | CKV_K8S_13 | resource | ReplicaSet | Memory limits should be set | Kubernetes | +| 1831 | CKV_K8S_13 | resource | ReplicationController | Memory limits should be set | Kubernetes | +| 1832 | CKV_K8S_13 | resource | StatefulSet | Memory limits should be set | Kubernetes | +| 1833 | CKV_K8S_13 | resource | kubernetes_pod | Memory requests should be set | Terraform | +| 1834 | CKV_K8S_14 | resource | CronJob | Image Tag should be fixed - not latest or blank | Kubernetes | +| 1835 | CKV_K8S_14 | resource | DaemonSet | Image Tag should be fixed - not latest or blank | Kubernetes | +| 1836 | CKV_K8S_14 | resource | Deployment | Image Tag should be fixed - not latest or blank | Kubernetes | +| 1837 | CKV_K8S_14 | resource | DeploymentConfig | Image Tag should be fixed - not latest or blank | Kubernetes | +| 1838 | CKV_K8S_14 | resource | Job | Image Tag should be fixed - not latest or blank | Kubernetes | +| 1839 | CKV_K8S_14 | resource | Pod | Image Tag should be fixed - not latest or blank | Kubernetes | +| 1840 | CKV_K8S_14 | resource | PodTemplate | Image Tag should be fixed - not latest or blank | Kubernetes | +| 1841 | CKV_K8S_14 | resource | ReplicaSet | Image Tag should be fixed - not latest or blank | Kubernetes | +| 1842 | CKV_K8S_14 | resource | ReplicationController | Image Tag should be fixed - not latest or blank | Kubernetes | +| 1843 | CKV_K8S_14 | resource | StatefulSet | Image Tag should be fixed - not latest or blank | Kubernetes | +| 1844 | CKV_K8S_14 | resource | kubernetes_pod | Image Tag should be fixed - not latest or blank | Terraform | +| 1845 | CKV_K8S_15 | resource | CronJob | Image Pull Policy should be Always | Kubernetes | +| 1846 | CKV_K8S_15 | resource | DaemonSet | Image Pull Policy should be Always | Kubernetes | +| 1847 | CKV_K8S_15 | resource | Deployment | Image Pull Policy should be Always | Kubernetes | +| 1848 | CKV_K8S_15 | resource | DeploymentConfig | Image Pull Policy should be Always | Kubernetes | +| 1849 | CKV_K8S_15 | resource | Job | Image Pull Policy should be Always | Kubernetes | +| 1850 | CKV_K8S_15 | resource | Pod | Image Pull Policy should be Always | Kubernetes | +| 1851 | CKV_K8S_15 | resource | PodTemplate | Image Pull Policy should be Always | Kubernetes | +| 1852 | CKV_K8S_15 | resource | ReplicaSet | Image Pull Policy should be Always | Kubernetes | +| 1853 | CKV_K8S_15 | resource | ReplicationController | Image Pull Policy should be Always | Kubernetes | +| 1854 | CKV_K8S_15 | resource | StatefulSet | Image Pull Policy should be Always | Kubernetes | +| 1855 | CKV_K8S_15 | resource | kubernetes_pod | Image Pull Policy should be Always | Terraform | +| 1856 | CKV_K8S_16 | resource | CronJob | Container should not be privileged | Kubernetes | +| 1857 | CKV_K8S_16 | resource | DaemonSet | Container should not be privileged | Kubernetes | +| 1858 | CKV_K8S_16 | resource | Deployment | Container should not be privileged | Kubernetes | +| 1859 | CKV_K8S_16 | resource | DeploymentConfig | Container should not be privileged | Kubernetes | +| 1860 | CKV_K8S_16 | resource | Job | Container should not be privileged | Kubernetes | +| 1861 | CKV_K8S_16 | resource | Pod | Container should not be privileged | Kubernetes | +| 1862 | CKV_K8S_16 | resource | PodTemplate | Container should not be privileged | Kubernetes | +| 1863 | CKV_K8S_16 | resource | ReplicaSet | Container should not be privileged | Kubernetes | +| 1864 | CKV_K8S_16 | resource | ReplicationController | Container should not be privileged | Kubernetes | +| 1865 | CKV_K8S_16 | resource | StatefulSet | Container should not be privileged | Kubernetes | +| 1866 | CKV_K8S_16 | resource | kubernetes_pod | Do not admit privileged containers | Terraform | +| 1867 | CKV_K8S_17 | resource | CronJob | Containers should not share the host process ID namespace | Kubernetes | +| 1868 | CKV_K8S_17 | resource | DaemonSet | Containers should not share the host process ID namespace | Kubernetes | +| 1869 | CKV_K8S_17 | resource | Deployment | Containers should not share the host process ID namespace | Kubernetes | +| 1870 | CKV_K8S_17 | resource | Job | Containers should not share the host process ID namespace | Kubernetes | +| 1871 | CKV_K8S_17 | resource | Pod | Containers should not share the host process ID namespace | Kubernetes | +| 1872 | CKV_K8S_17 | resource | ReplicaSet | Containers should not share the host process ID namespace | Kubernetes | +| 1873 | CKV_K8S_17 | resource | ReplicationController | Containers should not share the host process ID namespace | Kubernetes | +| 1874 | CKV_K8S_17 | resource | StatefulSet | Containers should not share the host process ID namespace | Kubernetes | +| 1875 | CKV_K8S_17 | resource | kubernetes_pod | Do not admit containers wishing to share the host process ID namespace | Terraform | +| 1876 | CKV_K8S_18 | resource | CronJob | Containers should not share the host IPC namespace | Kubernetes | +| 1877 | CKV_K8S_18 | resource | DaemonSet | Containers should not share the host IPC namespace | Kubernetes | +| 1878 | CKV_K8S_18 | resource | Deployment | Containers should not share the host IPC namespace | Kubernetes | +| 1879 | CKV_K8S_18 | resource | Job | Containers should not share the host IPC namespace | Kubernetes | +| 1880 | CKV_K8S_18 | resource | Pod | Containers should not share the host IPC namespace | Kubernetes | +| 1881 | CKV_K8S_18 | resource | ReplicaSet | Containers should not share the host IPC namespace | Kubernetes | +| 1882 | CKV_K8S_18 | resource | ReplicationController | Containers should not share the host IPC namespace | Kubernetes | +| 1883 | CKV_K8S_18 | resource | StatefulSet | Containers should not share the host IPC namespace | Kubernetes | +| 1884 | CKV_K8S_18 | resource | kubernetes_pod | Do not admit containers wishing to share the host IPC namespace | Terraform | +| 1885 | CKV_K8S_19 | resource | CronJob | Containers should not share the host network namespace | Kubernetes | +| 1886 | CKV_K8S_19 | resource | DaemonSet | Containers should not share the host network namespace | Kubernetes | +| 1887 | CKV_K8S_19 | resource | Deployment | Containers should not share the host network namespace | Kubernetes | +| 1888 | CKV_K8S_19 | resource | Job | Containers should not share the host network namespace | Kubernetes | +| 1889 | CKV_K8S_19 | resource | Pod | Containers should not share the host network namespace | Kubernetes | +| 1890 | CKV_K8S_19 | resource | ReplicaSet | Containers should not share the host network namespace | Kubernetes | +| 1891 | CKV_K8S_19 | resource | ReplicationController | Containers should not share the host network namespace | Kubernetes | +| 1892 | CKV_K8S_19 | resource | StatefulSet | Containers should not share the host network namespace | Kubernetes | +| 1893 | CKV_K8S_19 | resource | kubernetes_pod | Do not admit containers wishing to share the host network namespace | Terraform | +| 1894 | CKV_K8S_20 | resource | CronJob | Containers should not run with allowPrivilegeEscalation | Kubernetes | +| 1895 | CKV_K8S_20 | resource | DaemonSet | Containers should not run with allowPrivilegeEscalation | Kubernetes | +| 1896 | CKV_K8S_20 | resource | Deployment | Containers should not run with allowPrivilegeEscalation | Kubernetes | +| 1897 | CKV_K8S_20 | resource | DeploymentConfig | Containers should not run with allowPrivilegeEscalation | Kubernetes | +| 1898 | CKV_K8S_20 | resource | Job | Containers should not run with allowPrivilegeEscalation | Kubernetes | +| 1899 | CKV_K8S_20 | resource | Pod | Containers should not run with allowPrivilegeEscalation | Kubernetes | +| 1900 | CKV_K8S_20 | resource | PodTemplate | Containers should not run with allowPrivilegeEscalation | Kubernetes | +| 1901 | CKV_K8S_20 | resource | ReplicaSet | Containers should not run with allowPrivilegeEscalation | Kubernetes | +| 1902 | CKV_K8S_20 | resource | ReplicationController | Containers should not run with allowPrivilegeEscalation | Kubernetes | +| 1903 | CKV_K8S_20 | resource | StatefulSet | Containers should not run with allowPrivilegeEscalation | Kubernetes | +| 1904 | CKV_K8S_20 | resource | kubernetes_pod | Containers should not run with allowPrivilegeEscalation | Terraform | +| 1905 | CKV_K8S_20 | resource | kubernetes_pod_v1 | Containers should not run with allowPrivilegeEscalation | Terraform | +| 1906 | CKV_K8S_21 | resource | ConfigMap | The default namespace should not be used | Kubernetes | +| 1907 | CKV_K8S_21 | resource | CronJob | The default namespace should not be used | Kubernetes | +| 1908 | CKV_K8S_21 | resource | DaemonSet | The default namespace should not be used | Kubernetes | +| 1909 | CKV_K8S_21 | resource | Deployment | The default namespace should not be used | Kubernetes | +| 1910 | CKV_K8S_21 | resource | Ingress | The default namespace should not be used | Kubernetes | +| 1911 | CKV_K8S_21 | resource | Job | The default namespace should not be used | Kubernetes | +| 1912 | CKV_K8S_21 | resource | Pod | The default namespace should not be used | Kubernetes | +| 1913 | CKV_K8S_21 | resource | ReplicaSet | The default namespace should not be used | Kubernetes | +| 1914 | CKV_K8S_21 | resource | ReplicationController | The default namespace should not be used | Kubernetes | +| 1915 | CKV_K8S_21 | resource | Role | The default namespace should not be used | Kubernetes | +| 1916 | CKV_K8S_21 | resource | RoleBinding | The default namespace should not be used | Kubernetes | +| 1917 | CKV_K8S_21 | resource | Secret | The default namespace should not be used | Kubernetes | +| 1918 | CKV_K8S_21 | resource | Service | The default namespace should not be used | Kubernetes | +| 1919 | CKV_K8S_21 | resource | ServiceAccount | The default namespace should not be used | Kubernetes | +| 1920 | CKV_K8S_21 | resource | StatefulSet | The default namespace should not be used | Kubernetes | +| 1921 | CKV_K8S_21 | resource | kubernetes_config_map | The default namespace should not be used | Terraform | +| 1922 | CKV_K8S_21 | resource | kubernetes_cron_job | The default namespace should not be used | Terraform | +| 1923 | CKV_K8S_21 | resource | kubernetes_daemonset | The default namespace should not be used | Terraform | +| 1924 | CKV_K8S_21 | resource | kubernetes_deployment | The default namespace should not be used | Terraform | +| 1925 | CKV_K8S_21 | resource | kubernetes_ingress | The default namespace should not be used | Terraform | +| 1926 | CKV_K8S_21 | resource | kubernetes_job | The default namespace should not be used | Terraform | +| 1927 | CKV_K8S_21 | resource | kubernetes_pod | The default namespace should not be used | Terraform | +| 1928 | CKV_K8S_21 | resource | kubernetes_replication_controller | The default namespace should not be used | Terraform | +| 1929 | CKV_K8S_21 | resource | kubernetes_role_binding | The default namespace should not be used | Terraform | +| 1930 | CKV_K8S_21 | resource | kubernetes_secret | The default namespace should not be used | Terraform | +| 1931 | CKV_K8S_21 | resource | kubernetes_service | The default namespace should not be used | Terraform | +| 1932 | CKV_K8S_21 | resource | kubernetes_service_account | The default namespace should not be used | Terraform | +| 1933 | CKV_K8S_21 | resource | kubernetes_stateful_set | The default namespace should not be used | Terraform | +| 1934 | CKV_K8S_22 | resource | CronJob | Use read-only filesystem for containers where possible | Kubernetes | +| 1935 | CKV_K8S_22 | resource | DaemonSet | Use read-only filesystem for containers where possible | Kubernetes | +| 1936 | CKV_K8S_22 | resource | Deployment | Use read-only filesystem for containers where possible | Kubernetes | +| 1937 | CKV_K8S_22 | resource | DeploymentConfig | Use read-only filesystem for containers where possible | Kubernetes | +| 1938 | CKV_K8S_22 | resource | Job | Use read-only filesystem for containers where possible | Kubernetes | +| 1939 | CKV_K8S_22 | resource | Pod | Use read-only filesystem for containers where possible | Kubernetes | +| 1940 | CKV_K8S_22 | resource | PodTemplate | Use read-only filesystem for containers where possible | Kubernetes | +| 1941 | CKV_K8S_22 | resource | ReplicaSet | Use read-only filesystem for containers where possible | Kubernetes | +| 1942 | CKV_K8S_22 | resource | ReplicationController | Use read-only filesystem for containers where possible | Kubernetes | +| 1943 | CKV_K8S_22 | resource | StatefulSet | Use read-only filesystem for containers where possible | Kubernetes | +| 1944 | CKV_K8S_22 | resource | kubernetes_pod | Use read-only filesystem for containers where possible | Terraform | +| 1945 | CKV_K8S_23 | resource | CronJob | Minimize the admission of root containers | Kubernetes | +| 1946 | CKV_K8S_23 | resource | DaemonSet | Minimize the admission of root containers | Kubernetes | +| 1947 | CKV_K8S_23 | resource | Deployment | Minimize the admission of root containers | Kubernetes | +| 1948 | CKV_K8S_23 | resource | Job | Minimize the admission of root containers | Kubernetes | +| 1949 | CKV_K8S_23 | resource | Pod | Minimize the admission of root containers | Kubernetes | +| 1950 | CKV_K8S_23 | resource | ReplicaSet | Minimize the admission of root containers | Kubernetes | +| 1951 | CKV_K8S_23 | resource | ReplicationController | Minimize the admission of root containers | Kubernetes | +| 1952 | CKV_K8S_23 | resource | StatefulSet | Minimize the admission of root containers | Kubernetes | +| 1953 | CKV_K8S_24 | resource | PodSecurityPolicy | Do not allow containers with added capability | Kubernetes | +| 1954 | CKV_K8S_24 | resource | kubernetes_pod_security_policy | Do not allow containers with added capability | Terraform | +| 1955 | CKV_K8S_25 | resource | CronJob | Minimize the admission of containers with added capability | Kubernetes | +| 1956 | CKV_K8S_25 | resource | DaemonSet | Minimize the admission of containers with added capability | Kubernetes | +| 1957 | CKV_K8S_25 | resource | Deployment | Minimize the admission of containers with added capability | Kubernetes | +| 1958 | CKV_K8S_25 | resource | DeploymentConfig | Minimize the admission of containers with added capability | Kubernetes | +| 1959 | CKV_K8S_25 | resource | Job | Minimize the admission of containers with added capability | Kubernetes | +| 1960 | CKV_K8S_25 | resource | Pod | Minimize the admission of containers with added capability | Kubernetes | +| 1961 | CKV_K8S_25 | resource | PodTemplate | Minimize the admission of containers with added capability | Kubernetes | +| 1962 | CKV_K8S_25 | resource | ReplicaSet | Minimize the admission of containers with added capability | Kubernetes | +| 1963 | CKV_K8S_25 | resource | ReplicationController | Minimize the admission of containers with added capability | Kubernetes | +| 1964 | CKV_K8S_25 | resource | StatefulSet | Minimize the admission of containers with added capability | Kubernetes | +| 1965 | CKV_K8S_25 | resource | kubernetes_pod | Minimize the admission of containers with added capability | Terraform | +| 1966 | CKV_K8S_25 | resource | kubernetes_pod_v1 | Minimize the admission of containers with added capability | Terraform | +| 1967 | CKV_K8S_26 | resource | CronJob | Do not specify hostPort unless absolutely necessary | Kubernetes | +| 1968 | CKV_K8S_26 | resource | DaemonSet | Do not specify hostPort unless absolutely necessary | Kubernetes | +| 1969 | CKV_K8S_26 | resource | Deployment | Do not specify hostPort unless absolutely necessary | Kubernetes | +| 1970 | CKV_K8S_26 | resource | DeploymentConfig | Do not specify hostPort unless absolutely necessary | Kubernetes | +| 1971 | CKV_K8S_26 | resource | Job | Do not specify hostPort unless absolutely necessary | Kubernetes | +| 1972 | CKV_K8S_26 | resource | Pod | Do not specify hostPort unless absolutely necessary | Kubernetes | +| 1973 | CKV_K8S_26 | resource | PodTemplate | Do not specify hostPort unless absolutely necessary | Kubernetes | +| 1974 | CKV_K8S_26 | resource | ReplicaSet | Do not specify hostPort unless absolutely necessary | Kubernetes | +| 1975 | CKV_K8S_26 | resource | ReplicationController | Do not specify hostPort unless absolutely necessary | Kubernetes | +| 1976 | CKV_K8S_26 | resource | StatefulSet | Do not specify hostPort unless absolutely necessary | Kubernetes | +| 1977 | CKV_K8S_26 | resource | kubernetes_pod | Do not specify hostPort unless absolutely necessary | Terraform | +| 1978 | CKV_K8S_27 | resource | CronJob | Do not expose the docker daemon socket to containers | Kubernetes | +| 1979 | CKV_K8S_27 | resource | DaemonSet | Do not expose the docker daemon socket to containers | Kubernetes | +| 1980 | CKV_K8S_27 | resource | Deployment | Do not expose the docker daemon socket to containers | Kubernetes | +| 1981 | CKV_K8S_27 | resource | Job | Do not expose the docker daemon socket to containers | Kubernetes | +| 1982 | CKV_K8S_27 | resource | Pod | Do not expose the docker daemon socket to containers | Kubernetes | +| 1983 | CKV_K8S_27 | resource | ReplicaSet | Do not expose the docker daemon socket to containers | Kubernetes | +| 1984 | CKV_K8S_27 | resource | ReplicationController | Do not expose the docker daemon socket to containers | Kubernetes | +| 1985 | CKV_K8S_27 | resource | StatefulSet | Do not expose the docker daemon socket to containers | Kubernetes | +| 1986 | CKV_K8S_27 | resource | kubernetes_daemonset | Do not expose the docker daemon socket to containers | Terraform | +| 1987 | CKV_K8S_27 | resource | kubernetes_deployment | Do not expose the docker daemon socket to containers | Terraform | +| 1988 | CKV_K8S_27 | resource | kubernetes_pod | Do not expose the docker daemon socket to containers | Terraform | +| 1989 | CKV_K8S_28 | resource | CronJob | Minimize the admission of containers with the NET_RAW capability | Kubernetes | +| 1990 | CKV_K8S_28 | resource | DaemonSet | Minimize the admission of containers with the NET_RAW capability | Kubernetes | +| 1991 | CKV_K8S_28 | resource | Deployment | Minimize the admission of containers with the NET_RAW capability | Kubernetes | +| 1992 | CKV_K8S_28 | resource | DeploymentConfig | Minimize the admission of containers with the NET_RAW capability | Kubernetes | +| 1993 | CKV_K8S_28 | resource | Job | Minimize the admission of containers with the NET_RAW capability | Kubernetes | +| 1994 | CKV_K8S_28 | resource | Pod | Minimize the admission of containers with the NET_RAW capability | Kubernetes | +| 1995 | CKV_K8S_28 | resource | PodTemplate | Minimize the admission of containers with the NET_RAW capability | Kubernetes | +| 1996 | CKV_K8S_28 | resource | ReplicaSet | Minimize the admission of containers with the NET_RAW capability | Kubernetes | +| 1997 | CKV_K8S_28 | resource | ReplicationController | Minimize the admission of containers with the NET_RAW capability | Kubernetes | +| 1998 | CKV_K8S_28 | resource | StatefulSet | Minimize the admission of containers with the NET_RAW capability | Kubernetes | +| 1999 | CKV_K8S_28 | resource | kubernetes_pod | Minimize the admission of containers with the NET_RAW capability | Terraform | +| 2000 | CKV_K8S_29 | resource | CronJob | Apply security context to your pods and containers | Kubernetes | +| 2001 | CKV_K8S_29 | resource | DaemonSet | Apply security context to your pods and containers | Kubernetes | +| 2002 | CKV_K8S_29 | resource | Deployment | Apply security context to your pods and containers | Kubernetes | +| 2003 | CKV_K8S_29 | resource | Job | Apply security context to your pods and containers | Kubernetes | +| 2004 | CKV_K8S_29 | resource | Pod | Apply security context to your pods and containers | Kubernetes | +| 2005 | CKV_K8S_29 | resource | ReplicaSet | Apply security context to your pods and containers | Kubernetes | +| 2006 | CKV_K8S_29 | resource | ReplicationController | Apply security context to your pods and containers | Kubernetes | +| 2007 | CKV_K8S_29 | resource | StatefulSet | Apply security context to your pods and containers | Kubernetes | +| 2008 | CKV_K8S_29 | resource | kubernetes_daemonset | Apply security context to your pods and containers | Terraform | +| 2009 | CKV_K8S_29 | resource | kubernetes_deployment | Apply security context to your pods and containers | Terraform | +| 2010 | CKV_K8S_29 | resource | kubernetes_pod | Apply security context to your pods and containers | Terraform | +| 2011 | CKV_K8S_30 | resource | CronJob | Apply security context to your pods and containers | Kubernetes | +| 2012 | CKV_K8S_30 | resource | DaemonSet | Apply security context to your pods and containers | Kubernetes | +| 2013 | CKV_K8S_30 | resource | Deployment | Apply security context to your pods and containers | Kubernetes | +| 2014 | CKV_K8S_30 | resource | DeploymentConfig | Apply security context to your pods and containers | Kubernetes | +| 2015 | CKV_K8S_30 | resource | Job | Apply security context to your pods and containers | Kubernetes | +| 2016 | CKV_K8S_30 | resource | Pod | Apply security context to your pods and containers | Kubernetes | +| 2017 | CKV_K8S_30 | resource | PodTemplate | Apply security context to your pods and containers | Kubernetes | +| 2018 | CKV_K8S_30 | resource | ReplicaSet | Apply security context to your pods and containers | Kubernetes | +| 2019 | CKV_K8S_30 | resource | ReplicationController | Apply security context to your pods and containers | Kubernetes | +| 2020 | CKV_K8S_30 | resource | StatefulSet | Apply security context to your pods and containers | Kubernetes | +| 2021 | CKV_K8S_30 | resource | kubernetes_pod | Apply security context to your pods and containers | Terraform | +| 2022 | CKV_K8S_30 | resource | kubernetes_pod_v1 | Apply security context to your pods and containers | Terraform | +| 2023 | CKV_K8S_31 | resource | CronJob | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | +| 2024 | CKV_K8S_31 | resource | DaemonSet | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | +| 2025 | CKV_K8S_31 | resource | Deployment | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | +| 2026 | CKV_K8S_31 | resource | Job | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | +| 2027 | CKV_K8S_31 | resource | Pod | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | +| 2028 | CKV_K8S_31 | resource | ReplicaSet | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | +| 2029 | CKV_K8S_31 | resource | ReplicationController | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | +| 2030 | CKV_K8S_31 | resource | StatefulSet | Ensure that the seccomp profile is set to docker/default or runtime/default | Kubernetes | +| 2031 | CKV_K8S_32 | resource | PodSecurityPolicy | Ensure default seccomp profile set to docker/default or runtime/default | Kubernetes | +| 2032 | CKV_K8S_32 | resource | kubernetes_pod_security_policy | Ensure default seccomp profile set to docker/default or runtime/default | Terraform | +| 2033 | CKV_K8S_33 | resource | CronJob | Ensure the Kubernetes dashboard is not deployed | Kubernetes | +| 2034 | CKV_K8S_33 | resource | DaemonSet | Ensure the Kubernetes dashboard is not deployed | Kubernetes | +| 2035 | CKV_K8S_33 | resource | Deployment | Ensure the Kubernetes dashboard is not deployed | Kubernetes | +| 2036 | CKV_K8S_33 | resource | DeploymentConfig | Ensure the Kubernetes dashboard is not deployed | Kubernetes | +| 2037 | CKV_K8S_33 | resource | Job | Ensure the Kubernetes dashboard is not deployed | Kubernetes | +| 2038 | CKV_K8S_33 | resource | Pod | Ensure the Kubernetes dashboard is not deployed | Kubernetes | +| 2039 | CKV_K8S_33 | resource | PodTemplate | Ensure the Kubernetes dashboard is not deployed | Kubernetes | +| 2040 | CKV_K8S_33 | resource | ReplicaSet | Ensure the Kubernetes dashboard is not deployed | Kubernetes | +| 2041 | CKV_K8S_33 | resource | ReplicationController | Ensure the Kubernetes dashboard is not deployed | Kubernetes | +| 2042 | CKV_K8S_33 | resource | StatefulSet | Ensure the Kubernetes dashboard is not deployed | Kubernetes | +| 2043 | CKV_K8S_34 | resource | CronJob | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | +| 2044 | CKV_K8S_34 | resource | DaemonSet | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | +| 2045 | CKV_K8S_34 | resource | Deployment | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | +| 2046 | CKV_K8S_34 | resource | DeploymentConfig | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | +| 2047 | CKV_K8S_34 | resource | Job | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | +| 2048 | CKV_K8S_34 | resource | Pod | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | +| 2049 | CKV_K8S_34 | resource | PodTemplate | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | +| 2050 | CKV_K8S_34 | resource | ReplicaSet | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | +| 2051 | CKV_K8S_34 | resource | ReplicationController | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | +| 2052 | CKV_K8S_34 | resource | StatefulSet | Ensure that Tiller (Helm v2) is not deployed | Kubernetes | +| 2053 | CKV_K8S_34 | resource | kubernetes_pod | Ensure that Tiller (Helm v2) is not deployed | Terraform | +| 2054 | CKV_K8S_35 | resource | CronJob | Prefer using secrets as files over secrets as environment variables | Kubernetes | +| 2055 | CKV_K8S_35 | resource | DaemonSet | Prefer using secrets as files over secrets as environment variables | Kubernetes | +| 2056 | CKV_K8S_35 | resource | Deployment | Prefer using secrets as files over secrets as environment variables | Kubernetes | +| 2057 | CKV_K8S_35 | resource | DeploymentConfig | Prefer using secrets as files over secrets as environment variables | Kubernetes | +| 2058 | CKV_K8S_35 | resource | Job | Prefer using secrets as files over secrets as environment variables | Kubernetes | +| 2059 | CKV_K8S_35 | resource | Pod | Prefer using secrets as files over secrets as environment variables | Kubernetes | +| 2060 | CKV_K8S_35 | resource | PodTemplate | Prefer using secrets as files over secrets as environment variables | Kubernetes | +| 2061 | CKV_K8S_35 | resource | ReplicaSet | Prefer using secrets as files over secrets as environment variables | Kubernetes | +| 2062 | CKV_K8S_35 | resource | ReplicationController | Prefer using secrets as files over secrets as environment variables | Kubernetes | +| 2063 | CKV_K8S_35 | resource | StatefulSet | Prefer using secrets as files over secrets as environment variables | Kubernetes | +| 2064 | CKV_K8S_35 | resource | kubernetes_pod | Prefer using secrets as files over secrets as environment variables | Terraform | +| 2065 | CKV_K8S_36 | resource | PodSecurityPolicy | Minimize the admission of containers with capabilities assigned | Kubernetes | +| 2066 | CKV_K8S_36 | resource | kubernetes_pod_security_policy | Minimise the admission of containers with capabilities assigned | Terraform | +| 2067 | CKV_K8S_37 | resource | CronJob | Minimize the admission of containers with capabilities assigned | Kubernetes | +| 2068 | CKV_K8S_37 | resource | DaemonSet | Minimize the admission of containers with capabilities assigned | Kubernetes | +| 2069 | CKV_K8S_37 | resource | Deployment | Minimize the admission of containers with capabilities assigned | Kubernetes | +| 2070 | CKV_K8S_37 | resource | DeploymentConfig | Minimize the admission of containers with capabilities assigned | Kubernetes | +| 2071 | CKV_K8S_37 | resource | Job | Minimize the admission of containers with capabilities assigned | Kubernetes | +| 2072 | CKV_K8S_37 | resource | Pod | Minimize the admission of containers with capabilities assigned | Kubernetes | +| 2073 | CKV_K8S_37 | resource | PodTemplate | Minimize the admission of containers with capabilities assigned | Kubernetes | +| 2074 | CKV_K8S_37 | resource | ReplicaSet | Minimize the admission of containers with capabilities assigned | Kubernetes | +| 2075 | CKV_K8S_37 | resource | ReplicationController | Minimize the admission of containers with capabilities assigned | Kubernetes | +| 2076 | CKV_K8S_37 | resource | StatefulSet | Minimize the admission of containers with capabilities assigned | Kubernetes | +| 2077 | CKV_K8S_37 | resource | kubernetes_pod | Minimise the admission of containers with capabilities assigned | Terraform | +| 2078 | CKV_K8S_38 | resource | CronJob | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | +| 2079 | CKV_K8S_38 | resource | DaemonSet | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | +| 2080 | CKV_K8S_38 | resource | Deployment | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | +| 2081 | CKV_K8S_38 | resource | Job | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | +| 2082 | CKV_K8S_38 | resource | Pod | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | +| 2083 | CKV_K8S_38 | resource | ReplicaSet | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | +| 2084 | CKV_K8S_38 | resource | ReplicationController | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | +| 2085 | CKV_K8S_38 | resource | StatefulSet | Ensure that Service Account Tokens are only mounted where necessary | Kubernetes | +| 2086 | CKV_K8S_39 | resource | CronJob | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | +| 2087 | CKV_K8S_39 | resource | DaemonSet | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | +| 2088 | CKV_K8S_39 | resource | Deployment | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | +| 2089 | CKV_K8S_39 | resource | DeploymentConfig | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | +| 2090 | CKV_K8S_39 | resource | Job | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | +| 2091 | CKV_K8S_39 | resource | Pod | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | +| 2092 | CKV_K8S_39 | resource | PodTemplate | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | +| 2093 | CKV_K8S_39 | resource | ReplicaSet | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | +| 2094 | CKV_K8S_39 | resource | ReplicationController | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | +| 2095 | CKV_K8S_39 | resource | StatefulSet | Do not use the CAP_SYS_ADMIN linux capability | Kubernetes | +| 2096 | CKV_K8S_39 | resource | kubernetes_pod | Do not use the CAP_SYS_ADMIN linux capability | Terraform | +| 2097 | CKV_K8S_39 | resource | kubernetes_pod_v1 | Do not use the CAP_SYS_ADMIN linux capability | Terraform | +| 2098 | CKV_K8S_40 | resource | CronJob | Containers should run as a high UID to avoid host conflict | Kubernetes | +| 2099 | CKV_K8S_40 | resource | DaemonSet | Containers should run as a high UID to avoid host conflict | Kubernetes | +| 2100 | CKV_K8S_40 | resource | Deployment | Containers should run as a high UID to avoid host conflict | Kubernetes | +| 2101 | CKV_K8S_40 | resource | Job | Containers should run as a high UID to avoid host conflict | Kubernetes | +| 2102 | CKV_K8S_40 | resource | Pod | Containers should run as a high UID to avoid host conflict | Kubernetes | +| 2103 | CKV_K8S_40 | resource | ReplicaSet | Containers should run as a high UID to avoid host conflict | Kubernetes | +| 2104 | CKV_K8S_40 | resource | ReplicationController | Containers should run as a high UID to avoid host conflict | Kubernetes | +| 2105 | CKV_K8S_40 | resource | StatefulSet | Containers should run as a high UID to avoid host conflict | Kubernetes | +| 2106 | CKV_K8S_41 | resource | ServiceAccount | Ensure that default service accounts are not actively used | Kubernetes | +| 2107 | CKV_K8S_41 | resource | kubernetes_service_account | Ensure that default service accounts are not actively used | Terraform | +| 2108 | CKV_K8S_42 | resource | ClusterRoleBinding | Ensure that default service accounts are not actively used | Kubernetes | +| 2109 | CKV_K8S_42 | resource | RoleBinding | Ensure that default service accounts are not actively used | Kubernetes | +| 2110 | CKV_K8S_42 | resource | kubernetes_cluster_role_binding | Ensure that default service accounts are not actively used | Terraform | +| 2111 | CKV_K8S_42 | resource | kubernetes_role_binding | Ensure that default service accounts are not actively used | Terraform | +| 2112 | CKV_K8S_43 | resource | CronJob | Image should use digest | Kubernetes | +| 2113 | CKV_K8S_43 | resource | DaemonSet | Image should use digest | Kubernetes | +| 2114 | CKV_K8S_43 | resource | Deployment | Image should use digest | Kubernetes | +| 2115 | CKV_K8S_43 | resource | DeploymentConfig | Image should use digest | Kubernetes | +| 2116 | CKV_K8S_43 | resource | Job | Image should use digest | Kubernetes | +| 2117 | CKV_K8S_43 | resource | Pod | Image should use digest | Kubernetes | +| 2118 | CKV_K8S_43 | resource | PodTemplate | Image should use digest | Kubernetes | +| 2119 | CKV_K8S_43 | resource | ReplicaSet | Image should use digest | Kubernetes | +| 2120 | CKV_K8S_43 | resource | ReplicationController | Image should use digest | Kubernetes | +| 2121 | CKV_K8S_43 | resource | StatefulSet | Image should use digest | Kubernetes | +| 2122 | CKV_K8S_43 | resource | kubernetes_pod | Image should use digest | Terraform | +| 2123 | CKV_K8S_44 | resource | Service | Ensure that the Tiller Service (Helm v2) is deleted | Kubernetes | +| 2124 | CKV_K8S_44 | resource | kubernetes_service | Ensure that the Tiller Service (Helm v2) is deleted | Terraform | +| 2125 | CKV_K8S_45 | resource | CronJob | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | +| 2126 | CKV_K8S_45 | resource | DaemonSet | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | +| 2127 | CKV_K8S_45 | resource | Deployment | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | +| 2128 | CKV_K8S_45 | resource | DeploymentConfig | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | +| 2129 | CKV_K8S_45 | resource | Job | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | +| 2130 | CKV_K8S_45 | resource | Pod | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | +| 2131 | CKV_K8S_45 | resource | PodTemplate | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | +| 2132 | CKV_K8S_45 | resource | ReplicaSet | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | +| 2133 | CKV_K8S_45 | resource | ReplicationController | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | +| 2134 | CKV_K8S_45 | resource | StatefulSet | Ensure the Tiller Deployment (Helm V2) is not accessible from within the cluster | Kubernetes | +| 2135 | CKV_K8S_49 | resource | ClusterRole | Minimize wildcard use in Roles and ClusterRoles | Kubernetes | +| 2136 | CKV_K8S_49 | resource | Role | Minimize wildcard use in Roles and ClusterRoles | Kubernetes | +| 2137 | CKV_K8S_49 | resource | kubernetes_cluster_role | Minimize wildcard use in Roles and ClusterRoles | Terraform | +| 2138 | CKV_K8S_49 | resource | kubernetes_role | Minimize wildcard use in Roles and ClusterRoles | Terraform | +| 2139 | CKV_K8S_68 | resource | CronJob | Ensure that the --anonymous-auth argument is set to false | Kubernetes | +| 2140 | CKV_K8S_68 | resource | DaemonSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes | +| 2141 | CKV_K8S_68 | resource | Deployment | Ensure that the --anonymous-auth argument is set to false | Kubernetes | +| 2142 | CKV_K8S_68 | resource | DeploymentConfig | Ensure that the --anonymous-auth argument is set to false | Kubernetes | +| 2143 | CKV_K8S_68 | resource | Job | Ensure that the --anonymous-auth argument is set to false | Kubernetes | +| 2144 | CKV_K8S_68 | resource | Pod | Ensure that the --anonymous-auth argument is set to false | Kubernetes | +| 2145 | CKV_K8S_68 | resource | PodTemplate | Ensure that the --anonymous-auth argument is set to false | Kubernetes | +| 2146 | CKV_K8S_68 | resource | ReplicaSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes | +| 2147 | CKV_K8S_68 | resource | ReplicationController | Ensure that the --anonymous-auth argument is set to false | Kubernetes | +| 2148 | CKV_K8S_68 | resource | StatefulSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes | +| 2149 | CKV_K8S_69 | resource | CronJob | Ensure that the --basic-auth-file argument is not set | Kubernetes | +| 2150 | CKV_K8S_69 | resource | DaemonSet | Ensure that the --basic-auth-file argument is not set | Kubernetes | +| 2151 | CKV_K8S_69 | resource | Deployment | Ensure that the --basic-auth-file argument is not set | Kubernetes | +| 2152 | CKV_K8S_69 | resource | DeploymentConfig | Ensure that the --basic-auth-file argument is not set | Kubernetes | +| 2153 | CKV_K8S_69 | resource | Job | Ensure that the --basic-auth-file argument is not set | Kubernetes | +| 2154 | CKV_K8S_69 | resource | Pod | Ensure that the --basic-auth-file argument is not set | Kubernetes | +| 2155 | CKV_K8S_69 | resource | PodTemplate | Ensure that the --basic-auth-file argument is not set | Kubernetes | +| 2156 | CKV_K8S_69 | resource | ReplicaSet | Ensure that the --basic-auth-file argument is not set | Kubernetes | +| 2157 | CKV_K8S_69 | resource | ReplicationController | Ensure that the --basic-auth-file argument is not set | Kubernetes | +| 2158 | CKV_K8S_69 | resource | StatefulSet | Ensure that the --basic-auth-file argument is not set | Kubernetes | +| 2159 | CKV_K8S_70 | resource | CronJob | Ensure that the --token-auth-file argument is not set | Kubernetes | +| 2160 | CKV_K8S_70 | resource | DaemonSet | Ensure that the --token-auth-file argument is not set | Kubernetes | +| 2161 | CKV_K8S_70 | resource | Deployment | Ensure that the --token-auth-file argument is not set | Kubernetes | +| 2162 | CKV_K8S_70 | resource | DeploymentConfig | Ensure that the --token-auth-file argument is not set | Kubernetes | +| 2163 | CKV_K8S_70 | resource | Job | Ensure that the --token-auth-file argument is not set | Kubernetes | +| 2164 | CKV_K8S_70 | resource | Pod | Ensure that the --token-auth-file argument is not set | Kubernetes | +| 2165 | CKV_K8S_70 | resource | PodTemplate | Ensure that the --token-auth-file argument is not set | Kubernetes | +| 2166 | CKV_K8S_70 | resource | ReplicaSet | Ensure that the --token-auth-file argument is not set | Kubernetes | +| 2167 | CKV_K8S_70 | resource | ReplicationController | Ensure that the --token-auth-file argument is not set | Kubernetes | +| 2168 | CKV_K8S_70 | resource | StatefulSet | Ensure that the --token-auth-file argument is not set | Kubernetes | +| 2169 | CKV_K8S_71 | resource | CronJob | Ensure that the --kubelet-https argument is set to true | Kubernetes | +| 2170 | CKV_K8S_71 | resource | DaemonSet | Ensure that the --kubelet-https argument is set to true | Kubernetes | +| 2171 | CKV_K8S_71 | resource | Deployment | Ensure that the --kubelet-https argument is set to true | Kubernetes | +| 2172 | CKV_K8S_71 | resource | DeploymentConfig | Ensure that the --kubelet-https argument is set to true | Kubernetes | +| 2173 | CKV_K8S_71 | resource | Job | Ensure that the --kubelet-https argument is set to true | Kubernetes | +| 2174 | CKV_K8S_71 | resource | Pod | Ensure that the --kubelet-https argument is set to true | Kubernetes | +| 2175 | CKV_K8S_71 | resource | PodTemplate | Ensure that the --kubelet-https argument is set to true | Kubernetes | +| 2176 | CKV_K8S_71 | resource | ReplicaSet | Ensure that the --kubelet-https argument is set to true | Kubernetes | +| 2177 | CKV_K8S_71 | resource | ReplicationController | Ensure that the --kubelet-https argument is set to true | Kubernetes | +| 2178 | CKV_K8S_71 | resource | StatefulSet | Ensure that the --kubelet-https argument is set to true | Kubernetes | +| 2179 | CKV_K8S_72 | resource | CronJob | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | +| 2180 | CKV_K8S_72 | resource | DaemonSet | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | +| 2181 | CKV_K8S_72 | resource | Deployment | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | +| 2182 | CKV_K8S_72 | resource | DeploymentConfig | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | +| 2183 | CKV_K8S_72 | resource | Job | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | +| 2184 | CKV_K8S_72 | resource | Pod | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | +| 2185 | CKV_K8S_72 | resource | PodTemplate | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | +| 2186 | CKV_K8S_72 | resource | ReplicaSet | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | +| 2187 | CKV_K8S_72 | resource | ReplicationController | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | +| 2188 | CKV_K8S_72 | resource | StatefulSet | Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate | Kubernetes | +| 2189 | CKV_K8S_73 | resource | CronJob | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | +| 2190 | CKV_K8S_73 | resource | DaemonSet | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | +| 2191 | CKV_K8S_73 | resource | Deployment | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | +| 2192 | CKV_K8S_73 | resource | DeploymentConfig | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | +| 2193 | CKV_K8S_73 | resource | Job | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | +| 2194 | CKV_K8S_73 | resource | Pod | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | +| 2195 | CKV_K8S_73 | resource | PodTemplate | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | +| 2196 | CKV_K8S_73 | resource | ReplicaSet | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | +| 2197 | CKV_K8S_73 | resource | ReplicationController | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | +| 2198 | CKV_K8S_73 | resource | StatefulSet | Ensure that the --kubelet-certificate-authority argument is set as appropriate | Kubernetes | +| 2199 | CKV_K8S_74 | resource | CronJob | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | +| 2200 | CKV_K8S_74 | resource | DaemonSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | +| 2201 | CKV_K8S_74 | resource | Deployment | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | +| 2202 | CKV_K8S_74 | resource | DeploymentConfig | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | +| 2203 | CKV_K8S_74 | resource | Job | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | +| 2204 | CKV_K8S_74 | resource | Pod | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | +| 2205 | CKV_K8S_74 | resource | PodTemplate | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | +| 2206 | CKV_K8S_74 | resource | ReplicaSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | +| 2207 | CKV_K8S_74 | resource | ReplicationController | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | +| 2208 | CKV_K8S_74 | resource | StatefulSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | +| 2209 | CKV_K8S_75 | resource | CronJob | Ensure that the --authorization-mode argument includes Node | Kubernetes | +| 2210 | CKV_K8S_75 | resource | DaemonSet | Ensure that the --authorization-mode argument includes Node | Kubernetes | +| 2211 | CKV_K8S_75 | resource | Deployment | Ensure that the --authorization-mode argument includes Node | Kubernetes | +| 2212 | CKV_K8S_75 | resource | DeploymentConfig | Ensure that the --authorization-mode argument includes Node | Kubernetes | +| 2213 | CKV_K8S_75 | resource | Job | Ensure that the --authorization-mode argument includes Node | Kubernetes | +| 2214 | CKV_K8S_75 | resource | Pod | Ensure that the --authorization-mode argument includes Node | Kubernetes | +| 2215 | CKV_K8S_75 | resource | PodTemplate | Ensure that the --authorization-mode argument includes Node | Kubernetes | +| 2216 | CKV_K8S_75 | resource | ReplicaSet | Ensure that the --authorization-mode argument includes Node | Kubernetes | +| 2217 | CKV_K8S_75 | resource | ReplicationController | Ensure that the --authorization-mode argument includes Node | Kubernetes | +| 2218 | CKV_K8S_75 | resource | StatefulSet | Ensure that the --authorization-mode argument includes Node | Kubernetes | +| 2219 | CKV_K8S_77 | resource | CronJob | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | +| 2220 | CKV_K8S_77 | resource | DaemonSet | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | +| 2221 | CKV_K8S_77 | resource | Deployment | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | +| 2222 | CKV_K8S_77 | resource | DeploymentConfig | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | +| 2223 | CKV_K8S_77 | resource | Job | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | +| 2224 | CKV_K8S_77 | resource | Pod | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | +| 2225 | CKV_K8S_77 | resource | PodTemplate | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | +| 2226 | CKV_K8S_77 | resource | ReplicaSet | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | +| 2227 | CKV_K8S_77 | resource | ReplicationController | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | +| 2228 | CKV_K8S_77 | resource | StatefulSet | Ensure that the --authorization-mode argument includes RBAC | Kubernetes | +| 2229 | CKV_K8S_78 | resource | AdmissionConfiguration | Ensure that the admission control plugin EventRateLimit is set | Kubernetes | +| 2230 | CKV_K8S_79 | resource | CronJob | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | +| 2231 | CKV_K8S_79 | resource | DaemonSet | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | +| 2232 | CKV_K8S_79 | resource | Deployment | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | +| 2233 | CKV_K8S_79 | resource | DeploymentConfig | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | +| 2234 | CKV_K8S_79 | resource | Job | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | +| 2235 | CKV_K8S_79 | resource | Pod | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | +| 2236 | CKV_K8S_79 | resource | PodTemplate | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | +| 2237 | CKV_K8S_79 | resource | ReplicaSet | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | +| 2238 | CKV_K8S_79 | resource | ReplicationController | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | +| 2239 | CKV_K8S_79 | resource | StatefulSet | Ensure that the admission control plugin AlwaysAdmit is not set | Kubernetes | +| 2240 | CKV_K8S_80 | resource | CronJob | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | +| 2241 | CKV_K8S_80 | resource | DaemonSet | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | +| 2242 | CKV_K8S_80 | resource | Deployment | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | +| 2243 | CKV_K8S_80 | resource | DeploymentConfig | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | +| 2244 | CKV_K8S_80 | resource | Job | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | +| 2245 | CKV_K8S_80 | resource | Pod | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | +| 2246 | CKV_K8S_80 | resource | PodTemplate | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | +| 2247 | CKV_K8S_80 | resource | ReplicaSet | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | +| 2248 | CKV_K8S_80 | resource | ReplicationController | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | +| 2249 | CKV_K8S_80 | resource | StatefulSet | Ensure that the admission control plugin AlwaysPullImages is set | Kubernetes | +| 2250 | CKV_K8S_81 | resource | CronJob | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | +| 2251 | CKV_K8S_81 | resource | DaemonSet | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | +| 2252 | CKV_K8S_81 | resource | Deployment | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | +| 2253 | CKV_K8S_81 | resource | DeploymentConfig | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | +| 2254 | CKV_K8S_81 | resource | Job | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | +| 2255 | CKV_K8S_81 | resource | Pod | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | +| 2256 | CKV_K8S_81 | resource | PodTemplate | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | +| 2257 | CKV_K8S_81 | resource | ReplicaSet | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | +| 2258 | CKV_K8S_81 | resource | ReplicationController | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | +| 2259 | CKV_K8S_81 | resource | StatefulSet | Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used | Kubernetes | +| 2260 | CKV_K8S_82 | resource | CronJob | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | +| 2261 | CKV_K8S_82 | resource | DaemonSet | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | +| 2262 | CKV_K8S_82 | resource | Deployment | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | +| 2263 | CKV_K8S_82 | resource | DeploymentConfig | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | +| 2264 | CKV_K8S_82 | resource | Job | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | +| 2265 | CKV_K8S_82 | resource | Pod | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | +| 2266 | CKV_K8S_82 | resource | PodTemplate | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | +| 2267 | CKV_K8S_82 | resource | ReplicaSet | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | +| 2268 | CKV_K8S_82 | resource | ReplicationController | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | +| 2269 | CKV_K8S_82 | resource | StatefulSet | Ensure that the admission control plugin ServiceAccount is set | Kubernetes | +| 2270 | CKV_K8S_83 | resource | CronJob | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | +| 2271 | CKV_K8S_83 | resource | DaemonSet | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | +| 2272 | CKV_K8S_83 | resource | Deployment | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | +| 2273 | CKV_K8S_83 | resource | DeploymentConfig | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | +| 2274 | CKV_K8S_83 | resource | Job | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | +| 2275 | CKV_K8S_83 | resource | Pod | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | +| 2276 | CKV_K8S_83 | resource | PodTemplate | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | +| 2277 | CKV_K8S_83 | resource | ReplicaSet | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | +| 2278 | CKV_K8S_83 | resource | ReplicationController | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | +| 2279 | CKV_K8S_83 | resource | StatefulSet | Ensure that the admission control plugin NamespaceLifecycle is set | Kubernetes | +| 2280 | CKV_K8S_84 | resource | CronJob | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | +| 2281 | CKV_K8S_84 | resource | DaemonSet | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | +| 2282 | CKV_K8S_84 | resource | Deployment | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | +| 2283 | CKV_K8S_84 | resource | DeploymentConfig | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | +| 2284 | CKV_K8S_84 | resource | Job | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | +| 2285 | CKV_K8S_84 | resource | Pod | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | +| 2286 | CKV_K8S_84 | resource | PodTemplate | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | +| 2287 | CKV_K8S_84 | resource | ReplicaSet | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | +| 2288 | CKV_K8S_84 | resource | ReplicationController | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | +| 2289 | CKV_K8S_84 | resource | StatefulSet | Ensure that the admission control plugin PodSecurityPolicy is set | Kubernetes | +| 2290 | CKV_K8S_85 | resource | CronJob | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | +| 2291 | CKV_K8S_85 | resource | DaemonSet | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | +| 2292 | CKV_K8S_85 | resource | Deployment | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | +| 2293 | CKV_K8S_85 | resource | DeploymentConfig | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | +| 2294 | CKV_K8S_85 | resource | Job | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | +| 2295 | CKV_K8S_85 | resource | Pod | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | +| 2296 | CKV_K8S_85 | resource | PodTemplate | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | +| 2297 | CKV_K8S_85 | resource | ReplicaSet | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | +| 2298 | CKV_K8S_85 | resource | ReplicationController | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | +| 2299 | CKV_K8S_85 | resource | StatefulSet | Ensure that the admission control plugin NodeRestriction is set | Kubernetes | +| 2300 | CKV_K8S_86 | resource | CronJob | Ensure that the --insecure-bind-address argument is not set | Kubernetes | +| 2301 | CKV_K8S_86 | resource | DaemonSet | Ensure that the --insecure-bind-address argument is not set | Kubernetes | +| 2302 | CKV_K8S_86 | resource | Deployment | Ensure that the --insecure-bind-address argument is not set | Kubernetes | +| 2303 | CKV_K8S_86 | resource | DeploymentConfig | Ensure that the --insecure-bind-address argument is not set | Kubernetes | +| 2304 | CKV_K8S_86 | resource | Job | Ensure that the --insecure-bind-address argument is not set | Kubernetes | +| 2305 | CKV_K8S_86 | resource | Pod | Ensure that the --insecure-bind-address argument is not set | Kubernetes | +| 2306 | CKV_K8S_86 | resource | PodTemplate | Ensure that the --insecure-bind-address argument is not set | Kubernetes | +| 2307 | CKV_K8S_86 | resource | ReplicaSet | Ensure that the --insecure-bind-address argument is not set | Kubernetes | +| 2308 | CKV_K8S_86 | resource | ReplicationController | Ensure that the --insecure-bind-address argument is not set | Kubernetes | +| 2309 | CKV_K8S_86 | resource | StatefulSet | Ensure that the --insecure-bind-address argument is not set | Kubernetes | +| 2310 | CKV_K8S_88 | resource | CronJob | Ensure that the --insecure-port argument is set to 0 | Kubernetes | +| 2311 | CKV_K8S_88 | resource | DaemonSet | Ensure that the --insecure-port argument is set to 0 | Kubernetes | +| 2312 | CKV_K8S_88 | resource | Deployment | Ensure that the --insecure-port argument is set to 0 | Kubernetes | +| 2313 | CKV_K8S_88 | resource | DeploymentConfig | Ensure that the --insecure-port argument is set to 0 | Kubernetes | +| 2314 | CKV_K8S_88 | resource | Job | Ensure that the --insecure-port argument is set to 0 | Kubernetes | +| 2315 | CKV_K8S_88 | resource | Pod | Ensure that the --insecure-port argument is set to 0 | Kubernetes | +| 2316 | CKV_K8S_88 | resource | PodTemplate | Ensure that the --insecure-port argument is set to 0 | Kubernetes | +| 2317 | CKV_K8S_88 | resource | ReplicaSet | Ensure that the --insecure-port argument is set to 0 | Kubernetes | +| 2318 | CKV_K8S_88 | resource | ReplicationController | Ensure that the --insecure-port argument is set to 0 | Kubernetes | +| 2319 | CKV_K8S_88 | resource | StatefulSet | Ensure that the --insecure-port argument is set to 0 | Kubernetes | +| 2320 | CKV_K8S_89 | resource | CronJob | Ensure that the --secure-port argument is not set to 0 | Kubernetes | +| 2321 | CKV_K8S_89 | resource | DaemonSet | Ensure that the --secure-port argument is not set to 0 | Kubernetes | +| 2322 | CKV_K8S_89 | resource | Deployment | Ensure that the --secure-port argument is not set to 0 | Kubernetes | +| 2323 | CKV_K8S_89 | resource | DeploymentConfig | Ensure that the --secure-port argument is not set to 0 | Kubernetes | +| 2324 | CKV_K8S_89 | resource | Job | Ensure that the --secure-port argument is not set to 0 | Kubernetes | +| 2325 | CKV_K8S_89 | resource | Pod | Ensure that the --secure-port argument is not set to 0 | Kubernetes | +| 2326 | CKV_K8S_89 | resource | PodTemplate | Ensure that the --secure-port argument is not set to 0 | Kubernetes | +| 2327 | CKV_K8S_89 | resource | ReplicaSet | Ensure that the --secure-port argument is not set to 0 | Kubernetes | +| 2328 | CKV_K8S_89 | resource | ReplicationController | Ensure that the --secure-port argument is not set to 0 | Kubernetes | +| 2329 | CKV_K8S_89 | resource | StatefulSet | Ensure that the --secure-port argument is not set to 0 | Kubernetes | +| 2330 | CKV_K8S_90 | resource | CronJob | Ensure that the --profiling argument is set to false | Kubernetes | +| 2331 | CKV_K8S_90 | resource | DaemonSet | Ensure that the --profiling argument is set to false | Kubernetes | +| 2332 | CKV_K8S_90 | resource | Deployment | Ensure that the --profiling argument is set to false | Kubernetes | +| 2333 | CKV_K8S_90 | resource | DeploymentConfig | Ensure that the --profiling argument is set to false | Kubernetes | +| 2334 | CKV_K8S_90 | resource | Job | Ensure that the --profiling argument is set to false | Kubernetes | +| 2335 | CKV_K8S_90 | resource | Pod | Ensure that the --profiling argument is set to false | Kubernetes | +| 2336 | CKV_K8S_90 | resource | PodTemplate | Ensure that the --profiling argument is set to false | Kubernetes | +| 2337 | CKV_K8S_90 | resource | ReplicaSet | Ensure that the --profiling argument is set to false | Kubernetes | +| 2338 | CKV_K8S_90 | resource | ReplicationController | Ensure that the --profiling argument is set to false | Kubernetes | +| 2339 | CKV_K8S_90 | resource | StatefulSet | Ensure that the --profiling argument is set to false | Kubernetes | +| 2340 | CKV_K8S_91 | resource | CronJob | Ensure that the --audit-log-path argument is set | Kubernetes | +| 2341 | CKV_K8S_91 | resource | DaemonSet | Ensure that the --audit-log-path argument is set | Kubernetes | +| 2342 | CKV_K8S_91 | resource | Deployment | Ensure that the --audit-log-path argument is set | Kubernetes | +| 2343 | CKV_K8S_91 | resource | DeploymentConfig | Ensure that the --audit-log-path argument is set | Kubernetes | +| 2344 | CKV_K8S_91 | resource | Job | Ensure that the --audit-log-path argument is set | Kubernetes | +| 2345 | CKV_K8S_91 | resource | Pod | Ensure that the --audit-log-path argument is set | Kubernetes | +| 2346 | CKV_K8S_91 | resource | PodTemplate | Ensure that the --audit-log-path argument is set | Kubernetes | +| 2347 | CKV_K8S_91 | resource | ReplicaSet | Ensure that the --audit-log-path argument is set | Kubernetes | +| 2348 | CKV_K8S_91 | resource | ReplicationController | Ensure that the --audit-log-path argument is set | Kubernetes | +| 2349 | CKV_K8S_91 | resource | StatefulSet | Ensure that the --audit-log-path argument is set | Kubernetes | +| 2350 | CKV_K8S_92 | resource | CronJob | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | +| 2351 | CKV_K8S_92 | resource | DaemonSet | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | +| 2352 | CKV_K8S_92 | resource | Deployment | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | +| 2353 | CKV_K8S_92 | resource | DeploymentConfig | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | +| 2354 | CKV_K8S_92 | resource | Job | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | +| 2355 | CKV_K8S_92 | resource | Pod | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | +| 2356 | CKV_K8S_92 | resource | PodTemplate | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | +| 2357 | CKV_K8S_92 | resource | ReplicaSet | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | +| 2358 | CKV_K8S_92 | resource | ReplicationController | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | +| 2359 | CKV_K8S_92 | resource | StatefulSet | Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | Kubernetes | +| 2360 | CKV_K8S_93 | resource | CronJob | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | +| 2361 | CKV_K8S_93 | resource | DaemonSet | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | +| 2362 | CKV_K8S_93 | resource | Deployment | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | +| 2363 | CKV_K8S_93 | resource | DeploymentConfig | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | +| 2364 | CKV_K8S_93 | resource | Job | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | +| 2365 | CKV_K8S_93 | resource | Pod | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | +| 2366 | CKV_K8S_93 | resource | PodTemplate | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | +| 2367 | CKV_K8S_93 | resource | ReplicaSet | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | +| 2368 | CKV_K8S_93 | resource | ReplicationController | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | +| 2369 | CKV_K8S_93 | resource | StatefulSet | Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriate | Kubernetes | +| 2370 | CKV_K8S_94 | resource | CronJob | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | +| 2371 | CKV_K8S_94 | resource | DaemonSet | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | +| 2372 | CKV_K8S_94 | resource | Deployment | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | +| 2373 | CKV_K8S_94 | resource | DeploymentConfig | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | +| 2374 | CKV_K8S_94 | resource | Job | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | +| 2375 | CKV_K8S_94 | resource | Pod | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | +| 2376 | CKV_K8S_94 | resource | PodTemplate | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | +| 2377 | CKV_K8S_94 | resource | ReplicaSet | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | +| 2378 | CKV_K8S_94 | resource | ReplicationController | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | +| 2379 | CKV_K8S_94 | resource | StatefulSet | Ensure that the --audit-log-maxsize argument is set to 100 or as appropriate | Kubernetes | +| 2380 | CKV_K8S_95 | resource | CronJob | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | +| 2381 | CKV_K8S_95 | resource | DaemonSet | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | +| 2382 | CKV_K8S_95 | resource | Deployment | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | +| 2383 | CKV_K8S_95 | resource | DeploymentConfig | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | +| 2384 | CKV_K8S_95 | resource | Job | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | +| 2385 | CKV_K8S_95 | resource | Pod | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | +| 2386 | CKV_K8S_95 | resource | PodTemplate | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | +| 2387 | CKV_K8S_95 | resource | ReplicaSet | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | +| 2388 | CKV_K8S_95 | resource | ReplicationController | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | +| 2389 | CKV_K8S_95 | resource | StatefulSet | Ensure that the --request-timeout argument is set as appropriate | Kubernetes | +| 2390 | CKV_K8S_96 | resource | CronJob | Ensure that the --service-account-lookup argument is set to true | Kubernetes | +| 2391 | CKV_K8S_96 | resource | DaemonSet | Ensure that the --service-account-lookup argument is set to true | Kubernetes | +| 2392 | CKV_K8S_96 | resource | Deployment | Ensure that the --service-account-lookup argument is set to true | Kubernetes | +| 2393 | CKV_K8S_96 | resource | DeploymentConfig | Ensure that the --service-account-lookup argument is set to true | Kubernetes | +| 2394 | CKV_K8S_96 | resource | Job | Ensure that the --service-account-lookup argument is set to true | Kubernetes | +| 2395 | CKV_K8S_96 | resource | Pod | Ensure that the --service-account-lookup argument is set to true | Kubernetes | +| 2396 | CKV_K8S_96 | resource | PodTemplate | Ensure that the --service-account-lookup argument is set to true | Kubernetes | +| 2397 | CKV_K8S_96 | resource | ReplicaSet | Ensure that the --service-account-lookup argument is set to true | Kubernetes | +| 2398 | CKV_K8S_96 | resource | ReplicationController | Ensure that the --service-account-lookup argument is set to true | Kubernetes | +| 2399 | CKV_K8S_96 | resource | StatefulSet | Ensure that the --service-account-lookup argument is set to true | Kubernetes | +| 2400 | CKV_K8S_97 | resource | CronJob | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | +| 2401 | CKV_K8S_97 | resource | DaemonSet | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | +| 2402 | CKV_K8S_97 | resource | Deployment | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | +| 2403 | CKV_K8S_97 | resource | DeploymentConfig | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | +| 2404 | CKV_K8S_97 | resource | Job | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | +| 2405 | CKV_K8S_97 | resource | Pod | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | +| 2406 | CKV_K8S_97 | resource | PodTemplate | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | +| 2407 | CKV_K8S_97 | resource | ReplicaSet | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | +| 2408 | CKV_K8S_97 | resource | ReplicationController | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | +| 2409 | CKV_K8S_97 | resource | StatefulSet | Ensure that the --service-account-key-file argument is set as appropriate | Kubernetes | +| 2410 | CKV_K8S_99 | resource | CronJob | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | +| 2411 | CKV_K8S_99 | resource | DaemonSet | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | +| 2412 | CKV_K8S_99 | resource | Deployment | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | +| 2413 | CKV_K8S_99 | resource | DeploymentConfig | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | +| 2414 | CKV_K8S_99 | resource | Job | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | +| 2415 | CKV_K8S_99 | resource | Pod | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | +| 2416 | CKV_K8S_99 | resource | PodTemplate | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | +| 2417 | CKV_K8S_99 | resource | ReplicaSet | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | +| 2418 | CKV_K8S_99 | resource | ReplicationController | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | +| 2419 | CKV_K8S_99 | resource | StatefulSet | Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate | Kubernetes | +| 2420 | CKV_K8S_100 | resource | CronJob | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | +| 2421 | CKV_K8S_100 | resource | DaemonSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | +| 2422 | CKV_K8S_100 | resource | Deployment | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | +| 2423 | CKV_K8S_100 | resource | DeploymentConfig | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | +| 2424 | CKV_K8S_100 | resource | Job | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | +| 2425 | CKV_K8S_100 | resource | Pod | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | +| 2426 | CKV_K8S_100 | resource | PodTemplate | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | +| 2427 | CKV_K8S_100 | resource | ReplicaSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | +| 2428 | CKV_K8S_100 | resource | ReplicationController | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | +| 2429 | CKV_K8S_100 | resource | StatefulSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | +| 2430 | CKV_K8S_102 | resource | CronJob | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | +| 2431 | CKV_K8S_102 | resource | DaemonSet | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | +| 2432 | CKV_K8S_102 | resource | Deployment | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | +| 2433 | CKV_K8S_102 | resource | DeploymentConfig | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | +| 2434 | CKV_K8S_102 | resource | Job | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | +| 2435 | CKV_K8S_102 | resource | Pod | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | +| 2436 | CKV_K8S_102 | resource | PodTemplate | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | +| 2437 | CKV_K8S_102 | resource | ReplicaSet | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | +| 2438 | CKV_K8S_102 | resource | ReplicationController | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | +| 2439 | CKV_K8S_102 | resource | StatefulSet | Ensure that the --etcd-cafile argument is set as appropriate | Kubernetes | +| 2440 | CKV_K8S_104 | resource | CronJob | Ensure that encryption providers are appropriately configured | Kubernetes | +| 2441 | CKV_K8S_104 | resource | DaemonSet | Ensure that encryption providers are appropriately configured | Kubernetes | +| 2442 | CKV_K8S_104 | resource | Deployment | Ensure that encryption providers are appropriately configured | Kubernetes | +| 2443 | CKV_K8S_104 | resource | DeploymentConfig | Ensure that encryption providers are appropriately configured | Kubernetes | +| 2444 | CKV_K8S_104 | resource | Job | Ensure that encryption providers are appropriately configured | Kubernetes | +| 2445 | CKV_K8S_104 | resource | Pod | Ensure that encryption providers are appropriately configured | Kubernetes | +| 2446 | CKV_K8S_104 | resource | PodTemplate | Ensure that encryption providers are appropriately configured | Kubernetes | +| 2447 | CKV_K8S_104 | resource | ReplicaSet | Ensure that encryption providers are appropriately configured | Kubernetes | +| 2448 | CKV_K8S_104 | resource | ReplicationController | Ensure that encryption providers are appropriately configured | Kubernetes | +| 2449 | CKV_K8S_104 | resource | StatefulSet | Ensure that encryption providers are appropriately configured | Kubernetes | +| 2450 | CKV_K8S_105 | resource | CronJob | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | +| 2451 | CKV_K8S_105 | resource | DaemonSet | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | +| 2452 | CKV_K8S_105 | resource | Deployment | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | +| 2453 | CKV_K8S_105 | resource | DeploymentConfig | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | +| 2454 | CKV_K8S_105 | resource | Job | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | +| 2455 | CKV_K8S_105 | resource | Pod | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | +| 2456 | CKV_K8S_105 | resource | PodTemplate | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | +| 2457 | CKV_K8S_105 | resource | ReplicaSet | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | +| 2458 | CKV_K8S_105 | resource | ReplicationController | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | +| 2459 | CKV_K8S_105 | resource | StatefulSet | Ensure that the API Server only makes use of Strong Cryptographic Ciphers | Kubernetes | +| 2460 | CKV_K8S_106 | resource | CronJob | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | +| 2461 | CKV_K8S_106 | resource | DaemonSet | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | +| 2462 | CKV_K8S_106 | resource | Deployment | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | +| 2463 | CKV_K8S_106 | resource | DeploymentConfig | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | +| 2464 | CKV_K8S_106 | resource | Job | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | +| 2465 | CKV_K8S_106 | resource | Pod | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | +| 2466 | CKV_K8S_106 | resource | PodTemplate | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | +| 2467 | CKV_K8S_106 | resource | ReplicaSet | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | +| 2468 | CKV_K8S_106 | resource | ReplicationController | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | +| 2469 | CKV_K8S_106 | resource | StatefulSet | Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | Kubernetes | +| 2470 | CKV_K8S_107 | resource | CronJob | Ensure that the --profiling argument is set to false | Kubernetes | +| 2471 | CKV_K8S_107 | resource | DaemonSet | Ensure that the --profiling argument is set to false | Kubernetes | +| 2472 | CKV_K8S_107 | resource | Deployment | Ensure that the --profiling argument is set to false | Kubernetes | +| 2473 | CKV_K8S_107 | resource | DeploymentConfig | Ensure that the --profiling argument is set to false | Kubernetes | +| 2474 | CKV_K8S_107 | resource | Job | Ensure that the --profiling argument is set to false | Kubernetes | +| 2475 | CKV_K8S_107 | resource | Pod | Ensure that the --profiling argument is set to false | Kubernetes | +| 2476 | CKV_K8S_107 | resource | PodTemplate | Ensure that the --profiling argument is set to false | Kubernetes | +| 2477 | CKV_K8S_107 | resource | ReplicaSet | Ensure that the --profiling argument is set to false | Kubernetes | +| 2478 | CKV_K8S_107 | resource | ReplicationController | Ensure that the --profiling argument is set to false | Kubernetes | +| 2479 | CKV_K8S_107 | resource | StatefulSet | Ensure that the --profiling argument is set to false | Kubernetes | +| 2480 | CKV_K8S_108 | resource | CronJob | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | +| 2481 | CKV_K8S_108 | resource | DaemonSet | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | +| 2482 | CKV_K8S_108 | resource | Deployment | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | +| 2483 | CKV_K8S_108 | resource | DeploymentConfig | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | +| 2484 | CKV_K8S_108 | resource | Job | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | +| 2485 | CKV_K8S_108 | resource | Pod | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | +| 2486 | CKV_K8S_108 | resource | PodTemplate | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | +| 2487 | CKV_K8S_108 | resource | ReplicaSet | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | +| 2488 | CKV_K8S_108 | resource | ReplicationController | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | +| 2489 | CKV_K8S_108 | resource | StatefulSet | Ensure that the --use-service-account-credentials argument is set to true | Kubernetes | +| 2490 | CKV_K8S_110 | resource | CronJob | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | +| 2491 | CKV_K8S_110 | resource | DaemonSet | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | +| 2492 | CKV_K8S_110 | resource | Deployment | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | +| 2493 | CKV_K8S_110 | resource | DeploymentConfig | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | +| 2494 | CKV_K8S_110 | resource | Job | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | +| 2495 | CKV_K8S_110 | resource | Pod | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | +| 2496 | CKV_K8S_110 | resource | PodTemplate | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | +| 2497 | CKV_K8S_110 | resource | ReplicaSet | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | +| 2498 | CKV_K8S_110 | resource | ReplicationController | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | +| 2499 | CKV_K8S_110 | resource | StatefulSet | Ensure that the --service-account-private-key-file argument is set as appropriate | Kubernetes | +| 2500 | CKV_K8S_111 | resource | CronJob | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | +| 2501 | CKV_K8S_111 | resource | DaemonSet | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | +| 2502 | CKV_K8S_111 | resource | Deployment | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | +| 2503 | CKV_K8S_111 | resource | DeploymentConfig | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | +| 2504 | CKV_K8S_111 | resource | Job | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | +| 2505 | CKV_K8S_111 | resource | Pod | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | +| 2506 | CKV_K8S_111 | resource | PodTemplate | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | +| 2507 | CKV_K8S_111 | resource | ReplicaSet | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | +| 2508 | CKV_K8S_111 | resource | ReplicationController | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | +| 2509 | CKV_K8S_111 | resource | StatefulSet | Ensure that the --root-ca-file argument is set as appropriate | Kubernetes | +| 2510 | CKV_K8S_112 | resource | CronJob | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | +| 2511 | CKV_K8S_112 | resource | DaemonSet | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | +| 2512 | CKV_K8S_112 | resource | Deployment | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | +| 2513 | CKV_K8S_112 | resource | DeploymentConfig | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | +| 2514 | CKV_K8S_112 | resource | Job | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | +| 2515 | CKV_K8S_112 | resource | Pod | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | +| 2516 | CKV_K8S_112 | resource | PodTemplate | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | +| 2517 | CKV_K8S_112 | resource | ReplicaSet | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | +| 2518 | CKV_K8S_112 | resource | ReplicationController | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | +| 2519 | CKV_K8S_112 | resource | StatefulSet | Ensure that the RotateKubeletServerCertificate argument is set to true | Kubernetes | +| 2520 | CKV_K8S_113 | resource | CronJob | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | +| 2521 | CKV_K8S_113 | resource | DaemonSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | +| 2522 | CKV_K8S_113 | resource | Deployment | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | +| 2523 | CKV_K8S_113 | resource | DeploymentConfig | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | +| 2524 | CKV_K8S_113 | resource | Job | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | +| 2525 | CKV_K8S_113 | resource | Pod | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | +| 2526 | CKV_K8S_113 | resource | PodTemplate | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | +| 2527 | CKV_K8S_113 | resource | ReplicaSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | +| 2528 | CKV_K8S_113 | resource | ReplicationController | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | +| 2529 | CKV_K8S_113 | resource | StatefulSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | +| 2530 | CKV_K8S_114 | resource | CronJob | Ensure that the --profiling argument is set to false | Kubernetes | +| 2531 | CKV_K8S_114 | resource | DaemonSet | Ensure that the --profiling argument is set to false | Kubernetes | +| 2532 | CKV_K8S_114 | resource | Deployment | Ensure that the --profiling argument is set to false | Kubernetes | +| 2533 | CKV_K8S_114 | resource | DeploymentConfig | Ensure that the --profiling argument is set to false | Kubernetes | +| 2534 | CKV_K8S_114 | resource | Job | Ensure that the --profiling argument is set to false | Kubernetes | +| 2535 | CKV_K8S_114 | resource | Pod | Ensure that the --profiling argument is set to false | Kubernetes | +| 2536 | CKV_K8S_114 | resource | PodTemplate | Ensure that the --profiling argument is set to false | Kubernetes | +| 2537 | CKV_K8S_114 | resource | ReplicaSet | Ensure that the --profiling argument is set to false | Kubernetes | +| 2538 | CKV_K8S_114 | resource | ReplicationController | Ensure that the --profiling argument is set to false | Kubernetes | +| 2539 | CKV_K8S_114 | resource | StatefulSet | Ensure that the --profiling argument is set to false | Kubernetes | +| 2540 | CKV_K8S_115 | resource | CronJob | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | +| 2541 | CKV_K8S_115 | resource | DaemonSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | +| 2542 | CKV_K8S_115 | resource | Deployment | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | +| 2543 | CKV_K8S_115 | resource | DeploymentConfig | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | +| 2544 | CKV_K8S_115 | resource | Job | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | +| 2545 | CKV_K8S_115 | resource | Pod | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | +| 2546 | CKV_K8S_115 | resource | PodTemplate | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | +| 2547 | CKV_K8S_115 | resource | ReplicaSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | +| 2548 | CKV_K8S_115 | resource | ReplicationController | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | +| 2549 | CKV_K8S_115 | resource | StatefulSet | Ensure that the --bind-address argument is set to 127.0.0.1 | Kubernetes | +| 2550 | CKV_K8S_116 | resource | CronJob | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | +| 2551 | CKV_K8S_116 | resource | DaemonSet | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | +| 2552 | CKV_K8S_116 | resource | Deployment | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | +| 2553 | CKV_K8S_116 | resource | DeploymentConfig | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | +| 2554 | CKV_K8S_116 | resource | Job | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | +| 2555 | CKV_K8S_116 | resource | Pod | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | +| 2556 | CKV_K8S_116 | resource | PodTemplate | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | +| 2557 | CKV_K8S_116 | resource | ReplicaSet | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | +| 2558 | CKV_K8S_116 | resource | ReplicationController | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | +| 2559 | CKV_K8S_116 | resource | StatefulSet | Ensure that the --cert-file and --key-file arguments are set as appropriate | Kubernetes | +| 2560 | CKV_K8S_117 | resource | CronJob | Ensure that the --client-cert-auth argument is set to true | Kubernetes | +| 2561 | CKV_K8S_117 | resource | DaemonSet | Ensure that the --client-cert-auth argument is set to true | Kubernetes | +| 2562 | CKV_K8S_117 | resource | Deployment | Ensure that the --client-cert-auth argument is set to true | Kubernetes | +| 2563 | CKV_K8S_117 | resource | DeploymentConfig | Ensure that the --client-cert-auth argument is set to true | Kubernetes | +| 2564 | CKV_K8S_117 | resource | Job | Ensure that the --client-cert-auth argument is set to true | Kubernetes | +| 2565 | CKV_K8S_117 | resource | Pod | Ensure that the --client-cert-auth argument is set to true | Kubernetes | +| 2566 | CKV_K8S_117 | resource | PodTemplate | Ensure that the --client-cert-auth argument is set to true | Kubernetes | +| 2567 | CKV_K8S_117 | resource | ReplicaSet | Ensure that the --client-cert-auth argument is set to true | Kubernetes | +| 2568 | CKV_K8S_117 | resource | ReplicationController | Ensure that the --client-cert-auth argument is set to true | Kubernetes | +| 2569 | CKV_K8S_117 | resource | StatefulSet | Ensure that the --client-cert-auth argument is set to true | Kubernetes | +| 2570 | CKV_K8S_118 | resource | CronJob | Ensure that the --auto-tls argument is not set to true | Kubernetes | +| 2571 | CKV_K8S_118 | resource | DaemonSet | Ensure that the --auto-tls argument is not set to true | Kubernetes | +| 2572 | CKV_K8S_118 | resource | Deployment | Ensure that the --auto-tls argument is not set to true | Kubernetes | +| 2573 | CKV_K8S_118 | resource | DeploymentConfig | Ensure that the --auto-tls argument is not set to true | Kubernetes | +| 2574 | CKV_K8S_118 | resource | Job | Ensure that the --auto-tls argument is not set to true | Kubernetes | +| 2575 | CKV_K8S_118 | resource | Pod | Ensure that the --auto-tls argument is not set to true | Kubernetes | +| 2576 | CKV_K8S_118 | resource | PodTemplate | Ensure that the --auto-tls argument is not set to true | Kubernetes | +| 2577 | CKV_K8S_118 | resource | ReplicaSet | Ensure that the --auto-tls argument is not set to true | Kubernetes | +| 2578 | CKV_K8S_118 | resource | ReplicationController | Ensure that the --auto-tls argument is not set to true | Kubernetes | +| 2579 | CKV_K8S_118 | resource | StatefulSet | Ensure that the --auto-tls argument is not set to true | Kubernetes | +| 2580 | CKV_K8S_119 | resource | CronJob | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | +| 2581 | CKV_K8S_119 | resource | DaemonSet | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | +| 2582 | CKV_K8S_119 | resource | Deployment | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | +| 2583 | CKV_K8S_119 | resource | DeploymentConfig | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | +| 2584 | CKV_K8S_119 | resource | Job | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | +| 2585 | CKV_K8S_119 | resource | Pod | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | +| 2586 | CKV_K8S_119 | resource | PodTemplate | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | +| 2587 | CKV_K8S_119 | resource | ReplicaSet | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | +| 2588 | CKV_K8S_119 | resource | ReplicationController | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | +| 2589 | CKV_K8S_119 | resource | StatefulSet | Ensure that the --peer-cert-file and --peer-key-file arguments are set as appropriate | Kubernetes | +| 2590 | CKV_K8S_121 | resource | Pod | Ensure that the --peer-client-cert-auth argument is set to true | Kubernetes | +| 2591 | CKV_K8S_138 | resource | CronJob | Ensure that the --anonymous-auth argument is set to false | Kubernetes | +| 2592 | CKV_K8S_138 | resource | DaemonSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes | +| 2593 | CKV_K8S_138 | resource | Deployment | Ensure that the --anonymous-auth argument is set to false | Kubernetes | +| 2594 | CKV_K8S_138 | resource | DeploymentConfig | Ensure that the --anonymous-auth argument is set to false | Kubernetes | +| 2595 | CKV_K8S_138 | resource | Job | Ensure that the --anonymous-auth argument is set to false | Kubernetes | +| 2596 | CKV_K8S_138 | resource | Pod | Ensure that the --anonymous-auth argument is set to false | Kubernetes | +| 2597 | CKV_K8S_138 | resource | PodTemplate | Ensure that the --anonymous-auth argument is set to false | Kubernetes | +| 2598 | CKV_K8S_138 | resource | ReplicaSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes | +| 2599 | CKV_K8S_138 | resource | ReplicationController | Ensure that the --anonymous-auth argument is set to false | Kubernetes | +| 2600 | CKV_K8S_138 | resource | StatefulSet | Ensure that the --anonymous-auth argument is set to false | Kubernetes | +| 2601 | CKV_K8S_139 | resource | CronJob | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | +| 2602 | CKV_K8S_139 | resource | DaemonSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | +| 2603 | CKV_K8S_139 | resource | Deployment | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | +| 2604 | CKV_K8S_139 | resource | DeploymentConfig | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | +| 2605 | CKV_K8S_139 | resource | Job | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | +| 2606 | CKV_K8S_139 | resource | Pod | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | +| 2607 | CKV_K8S_139 | resource | PodTemplate | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | +| 2608 | CKV_K8S_139 | resource | ReplicaSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | +| 2609 | CKV_K8S_139 | resource | ReplicationController | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | +| 2610 | CKV_K8S_139 | resource | StatefulSet | Ensure that the --authorization-mode argument is not set to AlwaysAllow | Kubernetes | +| 2611 | CKV_K8S_140 | resource | CronJob | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | +| 2612 | CKV_K8S_140 | resource | DaemonSet | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | +| 2613 | CKV_K8S_140 | resource | Deployment | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | +| 2614 | CKV_K8S_140 | resource | DeploymentConfig | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | +| 2615 | CKV_K8S_140 | resource | Job | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | +| 2616 | CKV_K8S_140 | resource | Pod | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | +| 2617 | CKV_K8S_140 | resource | PodTemplate | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | +| 2618 | CKV_K8S_140 | resource | ReplicaSet | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | +| 2619 | CKV_K8S_140 | resource | ReplicationController | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | +| 2620 | CKV_K8S_140 | resource | StatefulSet | Ensure that the --client-ca-file argument is set as appropriate | Kubernetes | +| 2621 | CKV_K8S_141 | resource | CronJob | Ensure that the --read-only-port argument is set to 0 | Kubernetes | +| 2622 | CKV_K8S_141 | resource | DaemonSet | Ensure that the --read-only-port argument is set to 0 | Kubernetes | +| 2623 | CKV_K8S_141 | resource | Deployment | Ensure that the --read-only-port argument is set to 0 | Kubernetes | +| 2624 | CKV_K8S_141 | resource | DeploymentConfig | Ensure that the --read-only-port argument is set to 0 | Kubernetes | +| 2625 | CKV_K8S_141 | resource | Job | Ensure that the --read-only-port argument is set to 0 | Kubernetes | +| 2626 | CKV_K8S_141 | resource | Pod | Ensure that the --read-only-port argument is set to 0 | Kubernetes | +| 2627 | CKV_K8S_141 | resource | PodTemplate | Ensure that the --read-only-port argument is set to 0 | Kubernetes | +| 2628 | CKV_K8S_141 | resource | ReplicaSet | Ensure that the --read-only-port argument is set to 0 | Kubernetes | +| 2629 | CKV_K8S_141 | resource | ReplicationController | Ensure that the --read-only-port argument is set to 0 | Kubernetes | +| 2630 | CKV_K8S_141 | resource | StatefulSet | Ensure that the --read-only-port argument is set to 0 | Kubernetes | +| 2631 | CKV_K8S_143 | resource | CronJob | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | +| 2632 | CKV_K8S_143 | resource | DaemonSet | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | +| 2633 | CKV_K8S_143 | resource | Deployment | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | +| 2634 | CKV_K8S_143 | resource | DeploymentConfig | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | +| 2635 | CKV_K8S_143 | resource | Job | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | +| 2636 | CKV_K8S_143 | resource | Pod | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | +| 2637 | CKV_K8S_143 | resource | PodTemplate | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | +| 2638 | CKV_K8S_143 | resource | ReplicaSet | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | +| 2639 | CKV_K8S_143 | resource | ReplicationController | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | +| 2640 | CKV_K8S_143 | resource | StatefulSet | Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | Kubernetes | +| 2641 | CKV_K8S_144 | resource | CronJob | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | +| 2642 | CKV_K8S_144 | resource | DaemonSet | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | +| 2643 | CKV_K8S_144 | resource | Deployment | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | +| 2644 | CKV_K8S_144 | resource | DeploymentConfig | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | +| 2645 | CKV_K8S_144 | resource | Job | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | +| 2646 | CKV_K8S_144 | resource | Pod | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | +| 2647 | CKV_K8S_144 | resource | PodTemplate | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | +| 2648 | CKV_K8S_144 | resource | ReplicaSet | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | +| 2649 | CKV_K8S_144 | resource | ReplicationController | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | +| 2650 | CKV_K8S_144 | resource | StatefulSet | Ensure that the --protect-kernel-defaults argument is set to true | Kubernetes | +| 2651 | CKV_K8S_145 | resource | CronJob | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | +| 2652 | CKV_K8S_145 | resource | DaemonSet | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | +| 2653 | CKV_K8S_145 | resource | Deployment | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | +| 2654 | CKV_K8S_145 | resource | DeploymentConfig | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | +| 2655 | CKV_K8S_145 | resource | Job | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | +| 2656 | CKV_K8S_145 | resource | Pod | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | +| 2657 | CKV_K8S_145 | resource | PodTemplate | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | +| 2658 | CKV_K8S_145 | resource | ReplicaSet | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | +| 2659 | CKV_K8S_145 | resource | ReplicationController | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | +| 2660 | CKV_K8S_145 | resource | StatefulSet | Ensure that the --make-iptables-util-chains argument is set to true | Kubernetes | +| 2661 | CKV_K8S_146 | resource | CronJob | Ensure that the --hostname-override argument is not set | Kubernetes | +| 2662 | CKV_K8S_146 | resource | DaemonSet | Ensure that the --hostname-override argument is not set | Kubernetes | +| 2663 | CKV_K8S_146 | resource | Deployment | Ensure that the --hostname-override argument is not set | Kubernetes | +| 2664 | CKV_K8S_146 | resource | DeploymentConfig | Ensure that the --hostname-override argument is not set | Kubernetes | +| 2665 | CKV_K8S_146 | resource | Job | Ensure that the --hostname-override argument is not set | Kubernetes | +| 2666 | CKV_K8S_146 | resource | Pod | Ensure that the --hostname-override argument is not set | Kubernetes | +| 2667 | CKV_K8S_146 | resource | PodTemplate | Ensure that the --hostname-override argument is not set | Kubernetes | +| 2668 | CKV_K8S_146 | resource | ReplicaSet | Ensure that the --hostname-override argument is not set | Kubernetes | +| 2669 | CKV_K8S_146 | resource | ReplicationController | Ensure that the --hostname-override argument is not set | Kubernetes | +| 2670 | CKV_K8S_146 | resource | StatefulSet | Ensure that the --hostname-override argument is not set | Kubernetes | +| 2671 | CKV_K8S_147 | resource | CronJob | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | +| 2672 | CKV_K8S_147 | resource | DaemonSet | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | +| 2673 | CKV_K8S_147 | resource | Deployment | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | +| 2674 | CKV_K8S_147 | resource | DeploymentConfig | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | +| 2675 | CKV_K8S_147 | resource | Job | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | +| 2676 | CKV_K8S_147 | resource | Pod | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | +| 2677 | CKV_K8S_147 | resource | PodTemplate | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | +| 2678 | CKV_K8S_147 | resource | ReplicaSet | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | +| 2679 | CKV_K8S_147 | resource | ReplicationController | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | +| 2680 | CKV_K8S_147 | resource | StatefulSet | Ensure that the --event-qps argument is set to 0 or a level which ensures appropriate event capture | Kubernetes | +| 2681 | CKV_K8S_148 | resource | CronJob | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | +| 2682 | CKV_K8S_148 | resource | DaemonSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | +| 2683 | CKV_K8S_148 | resource | Deployment | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | +| 2684 | CKV_K8S_148 | resource | DeploymentConfig | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | +| 2685 | CKV_K8S_148 | resource | Job | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | +| 2686 | CKV_K8S_148 | resource | Pod | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | +| 2687 | CKV_K8S_148 | resource | PodTemplate | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | +| 2688 | CKV_K8S_148 | resource | ReplicaSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | +| 2689 | CKV_K8S_148 | resource | ReplicationController | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | +| 2690 | CKV_K8S_148 | resource | StatefulSet | Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate | Kubernetes | +| 2691 | CKV_K8S_149 | resource | CronJob | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | +| 2692 | CKV_K8S_149 | resource | DaemonSet | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | +| 2693 | CKV_K8S_149 | resource | Deployment | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | +| 2694 | CKV_K8S_149 | resource | DeploymentConfig | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | +| 2695 | CKV_K8S_149 | resource | Job | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | +| 2696 | CKV_K8S_149 | resource | Pod | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | +| 2697 | CKV_K8S_149 | resource | PodTemplate | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | +| 2698 | CKV_K8S_149 | resource | ReplicaSet | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | +| 2699 | CKV_K8S_149 | resource | ReplicationController | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | +| 2700 | CKV_K8S_149 | resource | StatefulSet | Ensure that the --rotate-certificates argument is not set to false | Kubernetes | +| 2701 | CKV_K8S_151 | resource | CronJob | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | +| 2702 | CKV_K8S_151 | resource | DaemonSet | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | +| 2703 | CKV_K8S_151 | resource | Deployment | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | +| 2704 | CKV_K8S_151 | resource | DeploymentConfig | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | +| 2705 | CKV_K8S_151 | resource | Job | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | +| 2706 | CKV_K8S_151 | resource | Pod | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | +| 2707 | CKV_K8S_151 | resource | PodTemplate | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | +| 2708 | CKV_K8S_151 | resource | ReplicaSet | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | +| 2709 | CKV_K8S_151 | resource | ReplicationController | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | +| 2710 | CKV_K8S_151 | resource | StatefulSet | Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | Kubernetes | +| 2711 | CKV_K8S_152 | resource | Ingress | Prevent NGINX Ingress annotation snippets which contain LUA code execution. See CVE-2021-25742 | Kubernetes | +| 2712 | CKV_K8S_153 | resource | Ingress | Prevent All NGINX Ingress annotation snippets. See CVE-2021-25742 | Kubernetes | +| 2713 | CKV_K8S_154 | resource | Ingress | Prevent NGINX Ingress annotation snippets which contain alias statements See CVE-2021-25742 | Kubernetes | +| 2714 | CKV_K8S_155 | resource | ClusterRole | Minimize ClusterRoles that grant control over validating or mutating admission webhook configurations | Kubernetes | +| 2715 | CKV_K8S_156 | resource | ClusterRole | Minimize ClusterRoles that grant permissions to approve CertificateSigningRequests | Kubernetes | +| 2716 | CKV_K8S_157 | resource | ClusterRole | Minimize Roles and ClusterRoles that grant permissions to bind RoleBindings or ClusterRoleBindings | Kubernetes | +| 2717 | CKV_K8S_157 | resource | Role | Minimize Roles and ClusterRoles that grant permissions to bind RoleBindings or ClusterRoleBindings | Kubernetes | +| 2718 | CKV_K8S_158 | resource | ClusterRole | Minimize Roles and ClusterRoles that grant permissions to escalate Roles or ClusterRoles | Kubernetes | +| 2719 | CKV_K8S_158 | resource | Role | Minimize Roles and ClusterRoles that grant permissions to escalate Roles or ClusterRoles | Kubernetes | +| 2720 | CKV_LIN_1 | provider | linode | Ensure no hard coded Linode tokens exist in provider | Terraform | +| 2721 | CKV_LIN_2 | resource | linode_instance | Ensure SSH key set in authorized_keys | Terraform | +| 2722 | CKV_LIN_3 | resource | linode_user | Ensure email is set | Terraform | +| 2723 | CKV_LIN_4 | resource | linode_user | Ensure username is set | Terraform | +| 2724 | CKV_LIN_5 | resource | linode_firewall | Ensure Inbound Firewall Policy is not set to ACCEPT | Terraform | +| 2725 | CKV_LIN_6 | resource | linode_firewall | Ensure Outbound Firewall Policy is not set to ACCEPT | Terraform | +| 2726 | CKV_NCP_1 | resource | ncloud_lb_target_group | Ensure HTTP HTTPS Target group defines Healthcheck | Terraform | +| 2727 | CKV_NCP_002 | resource | ncloud_access_control_group | Ensure every access control groups rule has a description | Terraform | +| 2728 | CKV_NCP_002 | resource | ncloud_access_control_group_rule | Ensure every access control groups rule has a description | Terraform | +| 2729 | CKV_OCI_1 | provider | oci | Ensure no hard coded OCI private key in provider | Terraform | +| 2730 | CKV_OCI_2 | resource | oci_core_volume | Ensure OCI Block Storage Block Volume has backup enabled | Terraform | +| 2731 | CKV_OCI_3 | resource | oci_core_volume | OCI Block Storage Block Volumes are not encrypted with a Customer Managed Key (CMK) | Terraform | +| 2732 | CKV_OCI_4 | resource | oci_core_instance | Ensure OCI Compute Instance boot volume has in-transit data encryption enabled | Terraform | +| 2733 | CKV_OCI_5 | resource | oci_core_instance | Ensure OCI Compute Instance has Legacy MetaData service endpoint disabled | Terraform | +| 2734 | CKV_OCI_6 | resource | oci_core_instance | Ensure OCI Compute Instance has monitoring enabled | Terraform | +| 2735 | CKV_OCI_7 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage bucket can emit object events | Terraform | +| 2736 | CKV_OCI_8 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage has versioning enabled | Terraform | +| 2737 | CKV_OCI_9 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage is encrypted with Customer Managed Key | Terraform | +| 2738 | CKV_OCI_10 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage is not Public | Terraform | +| 2739 | CKV_OCI_11 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain lower case | Terraform | +| 2740 | CKV_OCI_12 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain Numeric characters | Terraform | +| 2741 | CKV_OCI_13 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain Special characters | Terraform | +| 2742 | CKV_OCI_14 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain Uppercase characters | Terraform | +| 2743 | CKV_OCI_15 | resource | oci_file_storage_file_system | Ensure OCI File System is Encrypted with a customer Managed Key | Terraform | +| 2744 | CKV_OCI_16 | resource | oci_core_security_list | Ensure VCN has an inbound security list | Terraform | +| 2745 | CKV_OCI_17 | resource | oci_core_security_list | Ensure VCN inbound security lists are stateless | Terraform | +| 2746 | CKV_OCI_18 | resource | oci_identity_authentication_policy | OCI IAM password policy for local (non-federated) users has a minimum length of 14 characters | Terraform | +| 2747 | CKV_OCI_19 | resource | oci_core_security_list | Ensure no security list allow ingress from 0.0.0.0:0 to port 22. | Terraform | +| 2748 | CKV_OCI_20 | resource | oci_core_security_list | Ensure no security list allow ingress from 0.0.0.0:0 to port 3389. | Terraform | +| 2749 | CKV_OCI_21 | resource | oci_core_network_security_group_security_rule | Ensure security group has stateless ingress security rules | Terraform | +| 2750 | CKV_OCI_22 | resource | oci_core_network_security_group_security_rule | Ensure no security groups rules allow ingress from 0.0.0.0/0 to port 22 | Terraform | +| 2751 | CKV2_OCI_1 | resource | oci_identity_group | Ensure administrator users are not associated with API keys | Terraform | +| 2752 | CKV2_OCI_1 | resource | oci_identity_user | Ensure administrator users are not associated with API keys | Terraform | +| 2753 | CKV2_OCI_1 | resource | oci_identity_user_group_membership | Ensure administrator users are not associated with API keys | Terraform | +| 2754 | CKV_OPENAPI_1 | resource | securityDefinitions | Ensure that securityDefinitions is defined and not empty - version 2.0 files | OpenAPI | +| 2755 | CKV_OPENAPI_2 | resource | security | Ensure that if the security scheme is not of type 'oauth2', the array value must be empty - version 2.0 files | OpenAPI | +| 2756 | CKV_OPENAPI_3 | resource | components | Ensure that security schemes don't allow cleartext credentials over unencrypted channel - version 3.x.y files | OpenAPI | +| 2757 | CKV_OPENAPI_4 | resource | security | Ensure that the global security field has rules defined | OpenAPI | +| 2758 | CKV_OPENAPI_5 | resource | security | Ensure that security operations is not empty. | OpenAPI | +| 2759 | CKV_OPENAPI_6 | resource | security | Ensure that security requirement defined in securityDefinitions - version 2.0 files | OpenAPI | +| 2760 | CKV_OPENAPI_7 | resource | security | Ensure that the path scheme does not support unencrypted HTTP connection where all transmissions are open to interception- version 2.0 files | OpenAPI | +| 2761 | CKV_OPENSTACK_1 | provider | openstack | Ensure no hard coded OpenStack password, token, or application_credential_secret exists in provider | Terraform | +| 2762 | CKV_OPENSTACK_2 | resource | openstack_compute_secgroup_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp) | Terraform | +| 2763 | CKV_OPENSTACK_2 | resource | openstack_networking_secgroup_rule_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp) | Terraform | +| 2764 | CKV_OPENSTACK_3 | resource | openstack_compute_secgroup_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp) | Terraform | +| 2765 | CKV_OPENSTACK_3 | resource | openstack_networking_secgroup_rule_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp) | Terraform | +| 2766 | CKV_OPENSTACK_4 | resource | openstack_compute_instance_v2 | Ensure that instance does not use basic credentials | Terraform | +| 2767 | CKV_OPENSTACK_5 | resource | openstack_fw_rule_v1 | Ensure firewall rule set a destination IP | Terraform | +| 2768 | CKV_PAN_1 | provider | panos | Ensure no hard coded PAN-OS credentials exist in provider | Terraform | +| 2769 | CKV_PAN_2 | resource | panos_management_profile | Ensure plain-text management HTTP is not enabled for an Interface Management Profile | Terraform | +| 2770 | CKV_PAN_3 | resource | panos_management_profile | Ensure plain-text management Telnet is not enabled for an Interface Management Profile | Terraform | +| 2771 | CKV_PAN_4 | resource | panos_security_policy | Ensure DSRI is not enabled within security policies | Terraform | +| 2772 | CKV_PAN_4 | resource | panos_security_rule_group | Ensure DSRI is not enabled within security policies | Terraform | +| 2773 | CKV_PAN_5 | resource | panos_security_policy | Ensure security rules do not have 'applications' set to 'any' | Terraform | +| 2774 | CKV_PAN_5 | resource | panos_security_rule_group | Ensure security rules do not have 'applications' set to 'any' | Terraform | +| 2775 | CKV_PAN_6 | resource | panos_security_policy | Ensure security rules do not have 'services' set to 'any' | Terraform | +| 2776 | CKV_PAN_6 | resource | panos_security_rule_group | Ensure security rules do not have 'services' set to 'any' | Terraform | +| 2777 | CKV_PAN_7 | resource | panos_security_policy | Ensure security rules do not have 'source_addresses' and 'destination_addresses' both containing values of 'any' | Terraform | +| 2778 | CKV_PAN_7 | resource | panos_security_rule_group | Ensure security rules do not have 'source_addresses' and 'destination_addresses' both containing values of 'any' | Terraform | +| 2779 | CKV_PAN_8 | resource | panos_security_policy | Ensure description is populated within security policies | Terraform | +| 2780 | CKV_PAN_8 | resource | panos_security_rule_group | Ensure description is populated within security policies | Terraform | +| 2781 | CKV_PAN_9 | resource | panos_security_policy | Ensure a Log Forwarding Profile is selected for each security policy rule | Terraform | +| 2782 | CKV_PAN_9 | resource | panos_security_rule_group | Ensure a Log Forwarding Profile is selected for each security policy rule | Terraform | +| 2783 | CKV_PAN_10 | resource | panos_security_policy | Ensure logging at session end is enabled within security policies | Terraform | +| 2784 | CKV_PAN_10 | resource | panos_security_rule_group | Ensure logging at session end is enabled within security policies | Terraform | +| 2785 | CKV_PAN_11 | resource | panos_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure encryption algorithms | Terraform | +| 2786 | CKV_PAN_11 | resource | panos_panorama_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure encryption algorithms | Terraform | +| 2787 | CKV_PAN_12 | resource | panos_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure authentication algorithms | Terraform | +| 2788 | CKV_PAN_12 | resource | panos_panorama_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure authentication algorithms | Terraform | +| 2789 | CKV_PAN_13 | resource | panos_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure protocols | Terraform | +| 2790 | CKV_PAN_13 | resource | panos_panorama_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure protocols | Terraform | +| 2791 | CKV_PAN_14 | resource | panos_panorama_zone | Ensure a Zone Protection Profile is defined within Security Zones | Terraform | +| 2792 | CKV_PAN_14 | resource | panos_zone | Ensure a Zone Protection Profile is defined within Security Zones | Terraform | +| 2793 | CKV_PAN_14 | resource | panos_zone_entry | Ensure a Zone Protection Profile is defined within Security Zones | Terraform | +| 2794 | CKV_PAN_15 | resource | panos_panorama_zone | Ensure an Include ACL is defined for a Zone when User-ID is enabled | Terraform | +| 2795 | CKV_PAN_15 | resource | panos_zone | Ensure an Include ACL is defined for a Zone when User-ID is enabled | Terraform | +| 2796 | CKV_SECRET_1 | Artifactory Credentials | secrets | Artifactory Credentials | secrets | +| 2797 | CKV_SECRET_2 | AWS Access Key | secrets | AWS Access Key | secrets | +| 2798 | CKV_SECRET_3 | Azure Storage Account access key | secrets | Azure Storage Account access key | secrets | +| 2799 | CKV_SECRET_4 | Basic Auth Credentials | secrets | Basic Auth Credentials | secrets | +| 2800 | CKV_SECRET_5 | Cloudant Credentials | secrets | Cloudant Credentials | secrets | +| 2801 | CKV_SECRET_6 | Base64 High Entropy String | secrets | Base64 High Entropy String | secrets | +| 2802 | CKV_SECRET_7 | IBM Cloud IAM Key | secrets | IBM Cloud IAM Key | secrets | +| 2803 | CKV_SECRET_8 | IBM COS HMAC Credentials | secrets | IBM COS HMAC Credentials | secrets | +| 2804 | CKV_SECRET_9 | JSON Web Token | secrets | JSON Web Token | secrets | +| 2805 | CKV_SECRET_10 | Secret Keyword | secrets | Secret Keyword | secrets | +| 2806 | CKV_SECRET_11 | Mailchimp Access Key | secrets | Mailchimp Access Key | secrets | +| 2807 | CKV_SECRET_12 | NPM tokens | secrets | NPM tokens | secrets | +| 2808 | CKV_SECRET_13 | Private Key | secrets | Private Key | secrets | +| 2809 | CKV_SECRET_14 | Slack Token | secrets | Slack Token | secrets | +| 2810 | CKV_SECRET_15 | SoftLayer Credentials | secrets | SoftLayer Credentials | secrets | +| 2811 | CKV_SECRET_16 | Square OAuth Secret | secrets | Square OAuth Secret | secrets | +| 2812 | CKV_SECRET_17 | Stripe Access Key | secrets | Stripe Access Key | secrets | +| 2813 | CKV_SECRET_18 | Twilio API Key | secrets | Twilio API Key | secrets | +| 2814 | CKV_SECRET_19 | Hex High Entropy String | secrets | Hex High Entropy String | secrets | +| 2815 | CKV_YC_1 | resource | yandex_mdb_clickhouse_cluster | Ensure security group is assigned to database cluster. | Terraform | +| 2816 | CKV_YC_1 | resource | yandex_mdb_elasticsearch_cluster | Ensure security group is assigned to database cluster. | Terraform | +| 2817 | CKV_YC_1 | resource | yandex_mdb_greenplum_cluster | Ensure security group is assigned to database cluster. | Terraform | +| 2818 | CKV_YC_1 | resource | yandex_mdb_kafka_cluster | Ensure security group is assigned to database cluster. | Terraform | +| 2819 | CKV_YC_1 | resource | yandex_mdb_mongodb_cluster | Ensure security group is assigned to database cluster. | Terraform | +| 2820 | CKV_YC_1 | resource | yandex_mdb_mysql_cluster | Ensure security group is assigned to database cluster. | Terraform | +| 2821 | CKV_YC_1 | resource | yandex_mdb_postgresql_cluster | Ensure security group is assigned to database cluster. | Terraform | +| 2822 | CKV_YC_1 | resource | yandex_mdb_redis_cluster | Ensure security group is assigned to database cluster. | Terraform | +| 2823 | CKV_YC_1 | resource | yandex_mdb_sqlserver_cluster | Ensure security group is assigned to database cluster. | Terraform | +| 2824 | CKV_YC_2 | resource | yandex_compute_instance | Ensure compute instance does not have public IP. | Terraform | +| 2825 | CKV_YC_3 | resource | yandex_storage_bucket | Ensure storage bucket is encrypted. | Terraform | +| 2826 | CKV_YC_4 | resource | yandex_compute_instance | Ensure compute instance does not have serial console enabled. | Terraform | +| 2827 | CKV_YC_5 | resource | yandex_kubernetes_cluster | Ensure Kubernetes cluster does not have public IP address. | Terraform | +| 2828 | CKV_YC_6 | resource | yandex_kubernetes_node_group | Ensure Kubernetes cluster node group does not have public IP addresses. | Terraform | +| 2829 | CKV_YC_7 | resource | yandex_kubernetes_cluster | Ensure Kubernetes cluster auto-upgrade is enabled. | Terraform | +| 2830 | CKV_YC_8 | resource | yandex_kubernetes_node_group | Ensure Kubernetes node group auto-upgrade is enabled. | Terraform | +| 2831 | CKV_YC_9 | resource | yandex_kms_symmetric_key | Ensure KMS symmetric key is rotated. | Terraform | +| 2832 | CKV_YC_10 | resource | yandex_kubernetes_cluster | Ensure etcd database is encrypted with KMS key. | Terraform | +| 2833 | CKV_YC_11 | resource | yandex_compute_instance | Ensure security group is assigned to network interface. | Terraform | +| 2834 | CKV_YC_12 | resource | yandex_mdb_clickhouse_cluster | Ensure public IP is not assigned to database cluster. | Terraform | +| 2835 | CKV_YC_12 | resource | yandex_mdb_elasticsearch_cluster | Ensure public IP is not assigned to database cluster. | Terraform | +| 2836 | CKV_YC_12 | resource | yandex_mdb_greenplum_cluster | Ensure public IP is not assigned to database cluster. | Terraform | +| 2837 | CKV_YC_12 | resource | yandex_mdb_kafka_cluster | Ensure public IP is not assigned to database cluster. | Terraform | +| 2838 | CKV_YC_12 | resource | yandex_mdb_mongodb_cluster | Ensure public IP is not assigned to database cluster. | Terraform | +| 2839 | CKV_YC_12 | resource | yandex_mdb_mysql_cluster | Ensure public IP is not assigned to database cluster. | Terraform | +| 2840 | CKV_YC_12 | resource | yandex_mdb_postgresql_cluster | Ensure public IP is not assigned to database cluster. | Terraform | +| 2841 | CKV_YC_12 | resource | yandex_mdb_sqlserver_cluster | Ensure public IP is not assigned to database cluster. | Terraform | +| 2842 | CKV_YC_13 | resource | yandex_resourcemanager_cloud_iam_binding | Ensure cloud member does not have elevated access. | Terraform | +| 2843 | CKV_YC_13 | resource | yandex_resourcemanager_cloud_iam_member | Ensure cloud member does not have elevated access. | Terraform | +| 2844 | CKV_YC_14 | resource | yandex_kubernetes_cluster | Ensure security group is assigned to Kubernetes cluster. | Terraform | +| 2845 | CKV_YC_15 | resource | yandex_kubernetes_node_group | Ensure security group is assigned to Kubernetes node group. | Terraform | +| 2846 | CKV_YC_16 | resource | yandex_kubernetes_cluster | Ensure network policy is assigned to Kubernetes cluster. | Terraform | +| 2847 | CKV_YC_17 | resource | yandex_storage_bucket | Ensure storage bucket does not have public access permissions. | Terraform | +| 2848 | CKV_YC_18 | resource | yandex_compute_instance_group | Ensure compute instance group does not have public IP. | Terraform | +| 2849 | CKV_YC_19 | resource | yandex_vpc_security_group | Ensure security group does not contain allow-all rules. | Terraform | +| 2850 | CKV_YC_20 | resource | yandex_vpc_security_group_rule | Ensure security group rule is not allow-all. | Terraform | +| 2851 | CKV_YC_21 | resource | yandex_organizationmanager_organization_iam_binding | Ensure organization member does not have elevated access. | Terraform | +| 2852 | CKV_YC_21 | resource | yandex_organizationmanager_organization_iam_member | Ensure organization member does not have elevated access. | Terraform | +| 2853 | CKV_YC_22 | resource | yandex_compute_instance_group | Ensure compute instance group has security group assigned. | Terraform | +| 2854 | CKV_YC_23 | resource | yandex_resourcemanager_folder_iam_binding | Ensure folder member does not have elevated access. | Terraform | +| 2855 | CKV_YC_23 | resource | yandex_resourcemanager_folder_iam_member | Ensure folder member does not have elevated access. | Terraform | +| 2856 | CKV_YC_24 | resource | yandex_organizationmanager_organization_iam_binding | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | +| 2857 | CKV_YC_24 | resource | yandex_organizationmanager_organization_iam_member | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | +| 2858 | CKV_YC_24 | resource | yandex_resourcemanager_cloud_iam_binding | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | +| 2859 | CKV_YC_24 | resource | yandex_resourcemanager_cloud_iam_member | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | +| 2860 | CKV_YC_24 | resource | yandex_resourcemanager_folder_iam_binding | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | +| 2861 | CKV_YC_24 | resource | yandex_resourcemanager_folder_iam_member | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | --- diff --git a/docs/5.Policy Index/terraform.md b/docs/5.Policy Index/terraform.md index a023993c6fa..4f12b648736 100644 --- a/docs/5.Policy Index/terraform.md +++ b/docs/5.Policy Index/terraform.md @@ -1440,170 +1440,176 @@ nav_order: 1 | 1429 | CKV_K8S_8 | resource | kubernetes_pod | Liveness Probe Should be Configured | Terraform | | 1430 | CKV_K8S_9 | resource | kubernetes_pod | Readiness Probe Should be Configured | Terraform | | 1431 | CKV_K8S_10 | resource | kubernetes_pod | CPU requests should be set | Terraform | -| 1432 | CKV_K8S_11 | resource | kubernetes_pod | CPU Limits should be set | Terraform | -| 1433 | CKV_K8S_12 | resource | kubernetes_pod | Memory Limits should be set | Terraform | -| 1434 | CKV_K8S_13 | resource | kubernetes_pod | Memory requests should be set | Terraform | -| 1435 | CKV_K8S_14 | resource | kubernetes_pod | Image Tag should be fixed - not latest or blank | Terraform | -| 1436 | CKV_K8S_15 | resource | kubernetes_pod | Image Pull Policy should be Always | Terraform | -| 1437 | CKV_K8S_16 | resource | kubernetes_pod | Do not admit privileged containers | Terraform | -| 1438 | CKV_K8S_17 | resource | kubernetes_pod | Do not admit containers wishing to share the host process ID namespace | Terraform | -| 1439 | CKV_K8S_18 | resource | kubernetes_pod | Do not admit containers wishing to share the host IPC namespace | Terraform | -| 1440 | CKV_K8S_19 | resource | kubernetes_pod | Do not admit containers wishing to share the host network namespace | Terraform | -| 1441 | CKV_K8S_20 | resource | kubernetes_pod | Containers should not run with allowPrivilegeEscalation | Terraform | -| 1442 | CKV_K8S_21 | resource | kubernetes_config_map | The default namespace should not be used | Terraform | -| 1443 | CKV_K8S_21 | resource | kubernetes_cron_job | The default namespace should not be used | Terraform | -| 1444 | CKV_K8S_21 | resource | kubernetes_daemonset | The default namespace should not be used | Terraform | -| 1445 | CKV_K8S_21 | resource | kubernetes_deployment | The default namespace should not be used | Terraform | -| 1446 | CKV_K8S_21 | resource | kubernetes_ingress | The default namespace should not be used | Terraform | -| 1447 | CKV_K8S_21 | resource | kubernetes_job | The default namespace should not be used | Terraform | -| 1448 | CKV_K8S_21 | resource | kubernetes_pod | The default namespace should not be used | Terraform | -| 1449 | CKV_K8S_21 | resource | kubernetes_replication_controller | The default namespace should not be used | Terraform | -| 1450 | CKV_K8S_21 | resource | kubernetes_role_binding | The default namespace should not be used | Terraform | -| 1451 | CKV_K8S_21 | resource | kubernetes_secret | The default namespace should not be used | Terraform | -| 1452 | CKV_K8S_21 | resource | kubernetes_service | The default namespace should not be used | Terraform | -| 1453 | CKV_K8S_21 | resource | kubernetes_service_account | The default namespace should not be used | Terraform | -| 1454 | CKV_K8S_21 | resource | kubernetes_stateful_set | The default namespace should not be used | Terraform | -| 1455 | CKV_K8S_22 | resource | kubernetes_pod | Use read-only filesystem for containers where possible | Terraform | -| 1456 | CKV_K8S_24 | resource | kubernetes_pod_security_policy | Do not allow containers with added capability | Terraform | -| 1457 | CKV_K8S_25 | resource | kubernetes_pod | Minimize the admission of containers with added capability | Terraform | -| 1458 | CKV_K8S_26 | resource | kubernetes_pod | Do not specify hostPort unless absolutely necessary | Terraform | -| 1459 | CKV_K8S_27 | resource | kubernetes_daemonset | Do not expose the docker daemon socket to containers | Terraform | -| 1460 | CKV_K8S_27 | resource | kubernetes_deployment | Do not expose the docker daemon socket to containers | Terraform | -| 1461 | CKV_K8S_27 | resource | kubernetes_pod | Do not expose the docker daemon socket to containers | Terraform | -| 1462 | CKV_K8S_28 | resource | kubernetes_pod | Minimize the admission of containers with the NET_RAW capability | Terraform | -| 1463 | CKV_K8S_29 | resource | kubernetes_daemonset | Apply security context to your pods and containers | Terraform | -| 1464 | CKV_K8S_29 | resource | kubernetes_deployment | Apply security context to your pods and containers | Terraform | -| 1465 | CKV_K8S_29 | resource | kubernetes_pod | Apply security context to your pods and containers | Terraform | -| 1466 | CKV_K8S_30 | resource | kubernetes_pod | Apply security context to your pods and containers | Terraform | -| 1467 | CKV_K8S_32 | resource | kubernetes_pod_security_policy | Ensure default seccomp profile set to docker/default or runtime/default | Terraform | -| 1468 | CKV_K8S_34 | resource | kubernetes_pod | Ensure that Tiller (Helm v2) is not deployed | Terraform | -| 1469 | CKV_K8S_35 | resource | kubernetes_pod | Prefer using secrets as files over secrets as environment variables | Terraform | -| 1470 | CKV_K8S_36 | resource | kubernetes_pod_security_policy | Minimise the admission of containers with capabilities assigned | Terraform | -| 1471 | CKV_K8S_37 | resource | kubernetes_pod | Minimise the admission of containers with capabilities assigned | Terraform | -| 1472 | CKV_K8S_39 | resource | kubernetes_pod | Do not use the CAP_SYS_ADMIN linux capability | Terraform | -| 1473 | CKV_K8S_41 | resource | kubernetes_service_account | Ensure that default service accounts are not actively used | Terraform | -| 1474 | CKV_K8S_42 | resource | kubernetes_cluster_role_binding | Ensure that default service accounts are not actively used | Terraform | -| 1475 | CKV_K8S_42 | resource | kubernetes_role_binding | Ensure that default service accounts are not actively used | Terraform | -| 1476 | CKV_K8S_43 | resource | kubernetes_pod | Image should use digest | Terraform | -| 1477 | CKV_K8S_44 | resource | kubernetes_service | Ensure that the Tiller Service (Helm v2) is deleted | Terraform | -| 1478 | CKV_K8S_49 | resource | kubernetes_cluster_role | Minimize wildcard use in Roles and ClusterRoles | Terraform | -| 1479 | CKV_K8S_49 | resource | kubernetes_role | Minimize wildcard use in Roles and ClusterRoles | Terraform | -| 1480 | CKV_LIN_1 | provider | linode | Ensure no hard coded Linode tokens exist in provider | Terraform | -| 1481 | CKV_LIN_2 | resource | linode_instance | Ensure SSH key set in authorized_keys | Terraform | -| 1482 | CKV_LIN_3 | resource | linode_user | Ensure email is set | Terraform | -| 1483 | CKV_LIN_4 | resource | linode_user | Ensure username is set | Terraform | -| 1484 | CKV_LIN_5 | resource | linode_firewall | Ensure Inbound Firewall Policy is not set to ACCEPT | Terraform | -| 1485 | CKV_LIN_6 | resource | linode_firewall | Ensure Outbound Firewall Policy is not set to ACCEPT | Terraform | -| 1486 | CKV_NCP_1 | resource | ncloud_lb_target_group | Ensure HTTP HTTPS Target group defines Healthcheck | Terraform | -| 1487 | CKV_NCP_002 | resource | ncloud_access_control_group | Ensure every access control groups rule has a description | Terraform | -| 1488 | CKV_NCP_002 | resource | ncloud_access_control_group_rule | Ensure every access control groups rule has a description | Terraform | -| 1489 | CKV_OCI_1 | provider | oci | Ensure no hard coded OCI private key in provider | Terraform | -| 1490 | CKV_OCI_2 | resource | oci_core_volume | Ensure OCI Block Storage Block Volume has backup enabled | Terraform | -| 1491 | CKV_OCI_3 | resource | oci_core_volume | OCI Block Storage Block Volumes are not encrypted with a Customer Managed Key (CMK) | Terraform | -| 1492 | CKV_OCI_4 | resource | oci_core_instance | Ensure OCI Compute Instance boot volume has in-transit data encryption enabled | Terraform | -| 1493 | CKV_OCI_5 | resource | oci_core_instance | Ensure OCI Compute Instance has Legacy MetaData service endpoint disabled | Terraform | -| 1494 | CKV_OCI_6 | resource | oci_core_instance | Ensure OCI Compute Instance has monitoring enabled | Terraform | -| 1495 | CKV_OCI_7 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage bucket can emit object events | Terraform | -| 1496 | CKV_OCI_8 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage has versioning enabled | Terraform | -| 1497 | CKV_OCI_9 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage is encrypted with Customer Managed Key | Terraform | -| 1498 | CKV_OCI_10 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage is not Public | Terraform | -| 1499 | CKV_OCI_11 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain lower case | Terraform | -| 1500 | CKV_OCI_12 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain Numeric characters | Terraform | -| 1501 | CKV_OCI_13 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain Special characters | Terraform | -| 1502 | CKV_OCI_14 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain Uppercase characters | Terraform | -| 1503 | CKV_OCI_15 | resource | oci_file_storage_file_system | Ensure OCI File System is Encrypted with a customer Managed Key | Terraform | -| 1504 | CKV_OCI_16 | resource | oci_core_security_list | Ensure VCN has an inbound security list | Terraform | -| 1505 | CKV_OCI_17 | resource | oci_core_security_list | Ensure VCN inbound security lists are stateless | Terraform | -| 1506 | CKV_OCI_18 | resource | oci_identity_authentication_policy | OCI IAM password policy for local (non-federated) users has a minimum length of 14 characters | Terraform | -| 1507 | CKV_OCI_19 | resource | oci_core_security_list | Ensure no security list allow ingress from 0.0.0.0:0 to port 22. | Terraform | -| 1508 | CKV_OCI_20 | resource | oci_core_security_list | Ensure no security list allow ingress from 0.0.0.0:0 to port 3389. | Terraform | -| 1509 | CKV_OCI_21 | resource | oci_core_network_security_group_security_rule | Ensure security group has stateless ingress security rules | Terraform | -| 1510 | CKV_OCI_22 | resource | oci_core_network_security_group_security_rule | Ensure no security groups rules allow ingress from 0.0.0.0/0 to port 22 | Terraform | -| 1511 | CKV2_OCI_1 | resource | oci_identity_group | Ensure administrator users are not associated with API keys | Terraform | -| 1512 | CKV2_OCI_1 | resource | oci_identity_user | Ensure administrator users are not associated with API keys | Terraform | -| 1513 | CKV2_OCI_1 | resource | oci_identity_user_group_membership | Ensure administrator users are not associated with API keys | Terraform | -| 1514 | CKV_OPENSTACK_1 | provider | openstack | Ensure no hard coded OpenStack password, token, or application_credential_secret exists in provider | Terraform | -| 1515 | CKV_OPENSTACK_2 | resource | openstack_compute_secgroup_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp) | Terraform | -| 1516 | CKV_OPENSTACK_2 | resource | openstack_networking_secgroup_rule_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp) | Terraform | -| 1517 | CKV_OPENSTACK_3 | resource | openstack_compute_secgroup_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp) | Terraform | -| 1518 | CKV_OPENSTACK_3 | resource | openstack_networking_secgroup_rule_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp) | Terraform | -| 1519 | CKV_OPENSTACK_4 | resource | openstack_compute_instance_v2 | Ensure that instance does not use basic credentials | Terraform | -| 1520 | CKV_OPENSTACK_5 | resource | openstack_fw_rule_v1 | Ensure firewall rule set a destination IP | Terraform | -| 1521 | CKV_PAN_1 | provider | panos | Ensure no hard coded PAN-OS credentials exist in provider | Terraform | -| 1522 | CKV_PAN_2 | resource | panos_management_profile | Ensure plain-text management HTTP is not enabled for an Interface Management Profile | Terraform | -| 1523 | CKV_PAN_3 | resource | panos_management_profile | Ensure plain-text management Telnet is not enabled for an Interface Management Profile | Terraform | -| 1524 | CKV_PAN_4 | resource | panos_security_policy | Ensure DSRI is not enabled within security policies | Terraform | -| 1525 | CKV_PAN_4 | resource | panos_security_rule_group | Ensure DSRI is not enabled within security policies | Terraform | -| 1526 | CKV_PAN_5 | resource | panos_security_policy | Ensure security rules do not have 'applications' set to 'any' | Terraform | -| 1527 | CKV_PAN_5 | resource | panos_security_rule_group | Ensure security rules do not have 'applications' set to 'any' | Terraform | -| 1528 | CKV_PAN_6 | resource | panos_security_policy | Ensure security rules do not have 'services' set to 'any' | Terraform | -| 1529 | CKV_PAN_6 | resource | panos_security_rule_group | Ensure security rules do not have 'services' set to 'any' | Terraform | -| 1530 | CKV_PAN_7 | resource | panos_security_policy | Ensure security rules do not have 'source_addresses' and 'destination_addresses' both containing values of 'any' | Terraform | -| 1531 | CKV_PAN_7 | resource | panos_security_rule_group | Ensure security rules do not have 'source_addresses' and 'destination_addresses' both containing values of 'any' | Terraform | -| 1532 | CKV_PAN_8 | resource | panos_security_policy | Ensure description is populated within security policies | Terraform | -| 1533 | CKV_PAN_8 | resource | panos_security_rule_group | Ensure description is populated within security policies | Terraform | -| 1534 | CKV_PAN_9 | resource | panos_security_policy | Ensure a Log Forwarding Profile is selected for each security policy rule | Terraform | -| 1535 | CKV_PAN_9 | resource | panos_security_rule_group | Ensure a Log Forwarding Profile is selected for each security policy rule | Terraform | -| 1536 | CKV_PAN_10 | resource | panos_security_policy | Ensure logging at session end is enabled within security policies | Terraform | -| 1537 | CKV_PAN_10 | resource | panos_security_rule_group | Ensure logging at session end is enabled within security policies | Terraform | -| 1538 | CKV_PAN_11 | resource | panos_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure encryption algorithms | Terraform | -| 1539 | CKV_PAN_11 | resource | panos_panorama_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure encryption algorithms | Terraform | -| 1540 | CKV_PAN_12 | resource | panos_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure authentication algorithms | Terraform | -| 1541 | CKV_PAN_12 | resource | panos_panorama_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure authentication algorithms | Terraform | -| 1542 | CKV_PAN_13 | resource | panos_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure protocols | Terraform | -| 1543 | CKV_PAN_13 | resource | panos_panorama_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure protocols | Terraform | -| 1544 | CKV_PAN_14 | resource | panos_panorama_zone | Ensure a Zone Protection Profile is defined within Security Zones | Terraform | -| 1545 | CKV_PAN_14 | resource | panos_zone | Ensure a Zone Protection Profile is defined within Security Zones | Terraform | -| 1546 | CKV_PAN_14 | resource | panos_zone_entry | Ensure a Zone Protection Profile is defined within Security Zones | Terraform | -| 1547 | CKV_PAN_15 | resource | panos_panorama_zone | Ensure an Include ACL is defined for a Zone when User-ID is enabled | Terraform | -| 1548 | CKV_PAN_15 | resource | panos_zone | Ensure an Include ACL is defined for a Zone when User-ID is enabled | Terraform | -| 1549 | CKV_YC_1 | resource | yandex_mdb_clickhouse_cluster | Ensure security group is assigned to database cluster. | Terraform | -| 1550 | CKV_YC_1 | resource | yandex_mdb_elasticsearch_cluster | Ensure security group is assigned to database cluster. | Terraform | -| 1551 | CKV_YC_1 | resource | yandex_mdb_greenplum_cluster | Ensure security group is assigned to database cluster. | Terraform | -| 1552 | CKV_YC_1 | resource | yandex_mdb_kafka_cluster | Ensure security group is assigned to database cluster. | Terraform | -| 1553 | CKV_YC_1 | resource | yandex_mdb_mongodb_cluster | Ensure security group is assigned to database cluster. | Terraform | -| 1554 | CKV_YC_1 | resource | yandex_mdb_mysql_cluster | Ensure security group is assigned to database cluster. | Terraform | -| 1555 | CKV_YC_1 | resource | yandex_mdb_postgresql_cluster | Ensure security group is assigned to database cluster. | Terraform | -| 1556 | CKV_YC_1 | resource | yandex_mdb_redis_cluster | Ensure security group is assigned to database cluster. | Terraform | -| 1557 | CKV_YC_1 | resource | yandex_mdb_sqlserver_cluster | Ensure security group is assigned to database cluster. | Terraform | -| 1558 | CKV_YC_2 | resource | yandex_compute_instance | Ensure compute instance does not have public IP. | Terraform | -| 1559 | CKV_YC_3 | resource | yandex_storage_bucket | Ensure storage bucket is encrypted. | Terraform | -| 1560 | CKV_YC_4 | resource | yandex_compute_instance | Ensure compute instance does not have serial console enabled. | Terraform | -| 1561 | CKV_YC_5 | resource | yandex_kubernetes_cluster | Ensure Kubernetes cluster does not have public IP address. | Terraform | -| 1562 | CKV_YC_6 | resource | yandex_kubernetes_node_group | Ensure Kubernetes cluster node group does not have public IP addresses. | Terraform | -| 1563 | CKV_YC_7 | resource | yandex_kubernetes_cluster | Ensure Kubernetes cluster auto-upgrade is enabled. | Terraform | -| 1564 | CKV_YC_8 | resource | yandex_kubernetes_node_group | Ensure Kubernetes node group auto-upgrade is enabled. | Terraform | -| 1565 | CKV_YC_9 | resource | yandex_kms_symmetric_key | Ensure KMS symmetric key is rotated. | Terraform | -| 1566 | CKV_YC_10 | resource | yandex_kubernetes_cluster | Ensure etcd database is encrypted with KMS key. | Terraform | -| 1567 | CKV_YC_11 | resource | yandex_compute_instance | Ensure security group is assigned to network interface. | Terraform | -| 1568 | CKV_YC_12 | resource | yandex_mdb_clickhouse_cluster | Ensure public IP is not assigned to database cluster. | Terraform | -| 1569 | CKV_YC_12 | resource | yandex_mdb_elasticsearch_cluster | Ensure public IP is not assigned to database cluster. | Terraform | -| 1570 | CKV_YC_12 | resource | yandex_mdb_greenplum_cluster | Ensure public IP is not assigned to database cluster. | Terraform | -| 1571 | CKV_YC_12 | resource | yandex_mdb_kafka_cluster | Ensure public IP is not assigned to database cluster. | Terraform | -| 1572 | CKV_YC_12 | resource | yandex_mdb_mongodb_cluster | Ensure public IP is not assigned to database cluster. | Terraform | -| 1573 | CKV_YC_12 | resource | yandex_mdb_mysql_cluster | Ensure public IP is not assigned to database cluster. | Terraform | -| 1574 | CKV_YC_12 | resource | yandex_mdb_postgresql_cluster | Ensure public IP is not assigned to database cluster. | Terraform | -| 1575 | CKV_YC_12 | resource | yandex_mdb_sqlserver_cluster | Ensure public IP is not assigned to database cluster. | Terraform | -| 1576 | CKV_YC_13 | resource | yandex_resourcemanager_cloud_iam_binding | Ensure cloud member does not have elevated access. | Terraform | -| 1577 | CKV_YC_13 | resource | yandex_resourcemanager_cloud_iam_member | Ensure cloud member does not have elevated access. | Terraform | -| 1578 | CKV_YC_14 | resource | yandex_kubernetes_cluster | Ensure security group is assigned to Kubernetes cluster. | Terraform | -| 1579 | CKV_YC_15 | resource | yandex_kubernetes_node_group | Ensure security group is assigned to Kubernetes node group. | Terraform | -| 1580 | CKV_YC_16 | resource | yandex_kubernetes_cluster | Ensure network policy is assigned to Kubernetes cluster. | Terraform | -| 1581 | CKV_YC_17 | resource | yandex_storage_bucket | Ensure storage bucket does not have public access permissions. | Terraform | -| 1582 | CKV_YC_18 | resource | yandex_compute_instance_group | Ensure compute instance group does not have public IP. | Terraform | -| 1583 | CKV_YC_19 | resource | yandex_vpc_security_group | Ensure security group does not contain allow-all rules. | Terraform | -| 1584 | CKV_YC_20 | resource | yandex_vpc_security_group_rule | Ensure security group rule is not allow-all. | Terraform | -| 1585 | CKV_YC_21 | resource | yandex_organizationmanager_organization_iam_binding | Ensure organization member does not have elevated access. | Terraform | -| 1586 | CKV_YC_21 | resource | yandex_organizationmanager_organization_iam_member | Ensure organization member does not have elevated access. | Terraform | -| 1587 | CKV_YC_22 | resource | yandex_compute_instance_group | Ensure compute instance group has security group assigned. | Terraform | -| 1588 | CKV_YC_23 | resource | yandex_resourcemanager_folder_iam_binding | Ensure folder member does not have elevated access. | Terraform | -| 1589 | CKV_YC_23 | resource | yandex_resourcemanager_folder_iam_member | Ensure folder member does not have elevated access. | Terraform | -| 1590 | CKV_YC_24 | resource | yandex_organizationmanager_organization_iam_binding | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | -| 1591 | CKV_YC_24 | resource | yandex_organizationmanager_organization_iam_member | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | -| 1592 | CKV_YC_24 | resource | yandex_resourcemanager_cloud_iam_binding | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | -| 1593 | CKV_YC_24 | resource | yandex_resourcemanager_cloud_iam_member | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | -| 1594 | CKV_YC_24 | resource | yandex_resourcemanager_folder_iam_binding | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | -| 1595 | CKV_YC_24 | resource | yandex_resourcemanager_folder_iam_member | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | +| 1432 | CKV_K8S_10 | resource | kubernetes_pod_v1 | CPU requests should be set | Terraform | +| 1433 | CKV_K8S_11 | resource | kubernetes_pod | CPU Limits should be set | Terraform | +| 1434 | CKV_K8S_11 | resource | kubernetes_pod_v1 | CPU Limits should be set | Terraform | +| 1435 | CKV_K8S_12 | resource | kubernetes_pod | Memory Limits should be set | Terraform | +| 1436 | CKV_K8S_13 | resource | kubernetes_pod | Memory requests should be set | Terraform | +| 1437 | CKV_K8S_14 | resource | kubernetes_pod | Image Tag should be fixed - not latest or blank | Terraform | +| 1438 | CKV_K8S_15 | resource | kubernetes_pod | Image Pull Policy should be Always | Terraform | +| 1439 | CKV_K8S_16 | resource | kubernetes_pod | Do not admit privileged containers | Terraform | +| 1440 | CKV_K8S_17 | resource | kubernetes_pod | Do not admit containers wishing to share the host process ID namespace | Terraform | +| 1441 | CKV_K8S_18 | resource | kubernetes_pod | Do not admit containers wishing to share the host IPC namespace | Terraform | +| 1442 | CKV_K8S_19 | resource | kubernetes_pod | Do not admit containers wishing to share the host network namespace | Terraform | +| 1443 | CKV_K8S_20 | resource | kubernetes_pod | Containers should not run with allowPrivilegeEscalation | Terraform | +| 1444 | CKV_K8S_20 | resource | kubernetes_pod_v1 | Containers should not run with allowPrivilegeEscalation | Terraform | +| 1445 | CKV_K8S_21 | resource | kubernetes_config_map | The default namespace should not be used | Terraform | +| 1446 | CKV_K8S_21 | resource | kubernetes_cron_job | The default namespace should not be used | Terraform | +| 1447 | CKV_K8S_21 | resource | kubernetes_daemonset | The default namespace should not be used | Terraform | +| 1448 | CKV_K8S_21 | resource | kubernetes_deployment | The default namespace should not be used | Terraform | +| 1449 | CKV_K8S_21 | resource | kubernetes_ingress | The default namespace should not be used | Terraform | +| 1450 | CKV_K8S_21 | resource | kubernetes_job | The default namespace should not be used | Terraform | +| 1451 | CKV_K8S_21 | resource | kubernetes_pod | The default namespace should not be used | Terraform | +| 1452 | CKV_K8S_21 | resource | kubernetes_replication_controller | The default namespace should not be used | Terraform | +| 1453 | CKV_K8S_21 | resource | kubernetes_role_binding | The default namespace should not be used | Terraform | +| 1454 | CKV_K8S_21 | resource | kubernetes_secret | The default namespace should not be used | Terraform | +| 1455 | CKV_K8S_21 | resource | kubernetes_service | The default namespace should not be used | Terraform | +| 1456 | CKV_K8S_21 | resource | kubernetes_service_account | The default namespace should not be used | Terraform | +| 1457 | CKV_K8S_21 | resource | kubernetes_stateful_set | The default namespace should not be used | Terraform | +| 1458 | CKV_K8S_22 | resource | kubernetes_pod | Use read-only filesystem for containers where possible | Terraform | +| 1459 | CKV_K8S_24 | resource | kubernetes_pod_security_policy | Do not allow containers with added capability | Terraform | +| 1460 | CKV_K8S_25 | resource | kubernetes_pod | Minimize the admission of containers with added capability | Terraform | +| 1461 | CKV_K8S_25 | resource | kubernetes_pod_v1 | Minimize the admission of containers with added capability | Terraform | +| 1462 | CKV_K8S_26 | resource | kubernetes_pod | Do not specify hostPort unless absolutely necessary | Terraform | +| 1463 | CKV_K8S_27 | resource | kubernetes_daemonset | Do not expose the docker daemon socket to containers | Terraform | +| 1464 | CKV_K8S_27 | resource | kubernetes_deployment | Do not expose the docker daemon socket to containers | Terraform | +| 1465 | CKV_K8S_27 | resource | kubernetes_pod | Do not expose the docker daemon socket to containers | Terraform | +| 1466 | CKV_K8S_28 | resource | kubernetes_pod | Minimize the admission of containers with the NET_RAW capability | Terraform | +| 1467 | CKV_K8S_29 | resource | kubernetes_daemonset | Apply security context to your pods and containers | Terraform | +| 1468 | CKV_K8S_29 | resource | kubernetes_deployment | Apply security context to your pods and containers | Terraform | +| 1469 | CKV_K8S_29 | resource | kubernetes_pod | Apply security context to your pods and containers | Terraform | +| 1470 | CKV_K8S_30 | resource | kubernetes_pod | Apply security context to your pods and containers | Terraform | +| 1471 | CKV_K8S_30 | resource | kubernetes_pod_v1 | Apply security context to your pods and containers | Terraform | +| 1472 | CKV_K8S_32 | resource | kubernetes_pod_security_policy | Ensure default seccomp profile set to docker/default or runtime/default | Terraform | +| 1473 | CKV_K8S_34 | resource | kubernetes_pod | Ensure that Tiller (Helm v2) is not deployed | Terraform | +| 1474 | CKV_K8S_35 | resource | kubernetes_pod | Prefer using secrets as files over secrets as environment variables | Terraform | +| 1475 | CKV_K8S_36 | resource | kubernetes_pod_security_policy | Minimise the admission of containers with capabilities assigned | Terraform | +| 1476 | CKV_K8S_37 | resource | kubernetes_pod | Minimise the admission of containers with capabilities assigned | Terraform | +| 1477 | CKV_K8S_39 | resource | kubernetes_pod | Do not use the CAP_SYS_ADMIN linux capability | Terraform | +| 1478 | CKV_K8S_39 | resource | kubernetes_pod_v1 | Do not use the CAP_SYS_ADMIN linux capability | Terraform | +| 1479 | CKV_K8S_41 | resource | kubernetes_service_account | Ensure that default service accounts are not actively used | Terraform | +| 1480 | CKV_K8S_42 | resource | kubernetes_cluster_role_binding | Ensure that default service accounts are not actively used | Terraform | +| 1481 | CKV_K8S_42 | resource | kubernetes_role_binding | Ensure that default service accounts are not actively used | Terraform | +| 1482 | CKV_K8S_43 | resource | kubernetes_pod | Image should use digest | Terraform | +| 1483 | CKV_K8S_44 | resource | kubernetes_service | Ensure that the Tiller Service (Helm v2) is deleted | Terraform | +| 1484 | CKV_K8S_49 | resource | kubernetes_cluster_role | Minimize wildcard use in Roles and ClusterRoles | Terraform | +| 1485 | CKV_K8S_49 | resource | kubernetes_role | Minimize wildcard use in Roles and ClusterRoles | Terraform | +| 1486 | CKV_LIN_1 | provider | linode | Ensure no hard coded Linode tokens exist in provider | Terraform | +| 1487 | CKV_LIN_2 | resource | linode_instance | Ensure SSH key set in authorized_keys | Terraform | +| 1488 | CKV_LIN_3 | resource | linode_user | Ensure email is set | Terraform | +| 1489 | CKV_LIN_4 | resource | linode_user | Ensure username is set | Terraform | +| 1490 | CKV_LIN_5 | resource | linode_firewall | Ensure Inbound Firewall Policy is not set to ACCEPT | Terraform | +| 1491 | CKV_LIN_6 | resource | linode_firewall | Ensure Outbound Firewall Policy is not set to ACCEPT | Terraform | +| 1492 | CKV_NCP_1 | resource | ncloud_lb_target_group | Ensure HTTP HTTPS Target group defines Healthcheck | Terraform | +| 1493 | CKV_NCP_002 | resource | ncloud_access_control_group | Ensure every access control groups rule has a description | Terraform | +| 1494 | CKV_NCP_002 | resource | ncloud_access_control_group_rule | Ensure every access control groups rule has a description | Terraform | +| 1495 | CKV_OCI_1 | provider | oci | Ensure no hard coded OCI private key in provider | Terraform | +| 1496 | CKV_OCI_2 | resource | oci_core_volume | Ensure OCI Block Storage Block Volume has backup enabled | Terraform | +| 1497 | CKV_OCI_3 | resource | oci_core_volume | OCI Block Storage Block Volumes are not encrypted with a Customer Managed Key (CMK) | Terraform | +| 1498 | CKV_OCI_4 | resource | oci_core_instance | Ensure OCI Compute Instance boot volume has in-transit data encryption enabled | Terraform | +| 1499 | CKV_OCI_5 | resource | oci_core_instance | Ensure OCI Compute Instance has Legacy MetaData service endpoint disabled | Terraform | +| 1500 | CKV_OCI_6 | resource | oci_core_instance | Ensure OCI Compute Instance has monitoring enabled | Terraform | +| 1501 | CKV_OCI_7 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage bucket can emit object events | Terraform | +| 1502 | CKV_OCI_8 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage has versioning enabled | Terraform | +| 1503 | CKV_OCI_9 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage is encrypted with Customer Managed Key | Terraform | +| 1504 | CKV_OCI_10 | resource | oci_objectstorage_bucket | Ensure OCI Object Storage is not Public | Terraform | +| 1505 | CKV_OCI_11 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain lower case | Terraform | +| 1506 | CKV_OCI_12 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain Numeric characters | Terraform | +| 1507 | CKV_OCI_13 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain Special characters | Terraform | +| 1508 | CKV_OCI_14 | resource | oci_identity_authentication_policy | OCI IAM password policy - must contain Uppercase characters | Terraform | +| 1509 | CKV_OCI_15 | resource | oci_file_storage_file_system | Ensure OCI File System is Encrypted with a customer Managed Key | Terraform | +| 1510 | CKV_OCI_16 | resource | oci_core_security_list | Ensure VCN has an inbound security list | Terraform | +| 1511 | CKV_OCI_17 | resource | oci_core_security_list | Ensure VCN inbound security lists are stateless | Terraform | +| 1512 | CKV_OCI_18 | resource | oci_identity_authentication_policy | OCI IAM password policy for local (non-federated) users has a minimum length of 14 characters | Terraform | +| 1513 | CKV_OCI_19 | resource | oci_core_security_list | Ensure no security list allow ingress from 0.0.0.0:0 to port 22. | Terraform | +| 1514 | CKV_OCI_20 | resource | oci_core_security_list | Ensure no security list allow ingress from 0.0.0.0:0 to port 3389. | Terraform | +| 1515 | CKV_OCI_21 | resource | oci_core_network_security_group_security_rule | Ensure security group has stateless ingress security rules | Terraform | +| 1516 | CKV_OCI_22 | resource | oci_core_network_security_group_security_rule | Ensure no security groups rules allow ingress from 0.0.0.0/0 to port 22 | Terraform | +| 1517 | CKV2_OCI_1 | resource | oci_identity_group | Ensure administrator users are not associated with API keys | Terraform | +| 1518 | CKV2_OCI_1 | resource | oci_identity_user | Ensure administrator users are not associated with API keys | Terraform | +| 1519 | CKV2_OCI_1 | resource | oci_identity_user_group_membership | Ensure administrator users are not associated with API keys | Terraform | +| 1520 | CKV_OPENSTACK_1 | provider | openstack | Ensure no hard coded OpenStack password, token, or application_credential_secret exists in provider | Terraform | +| 1521 | CKV_OPENSTACK_2 | resource | openstack_compute_secgroup_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp) | Terraform | +| 1522 | CKV_OPENSTACK_2 | resource | openstack_networking_secgroup_rule_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp) | Terraform | +| 1523 | CKV_OPENSTACK_3 | resource | openstack_compute_secgroup_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp) | Terraform | +| 1524 | CKV_OPENSTACK_3 | resource | openstack_networking_secgroup_rule_v2 | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp) | Terraform | +| 1525 | CKV_OPENSTACK_4 | resource | openstack_compute_instance_v2 | Ensure that instance does not use basic credentials | Terraform | +| 1526 | CKV_OPENSTACK_5 | resource | openstack_fw_rule_v1 | Ensure firewall rule set a destination IP | Terraform | +| 1527 | CKV_PAN_1 | provider | panos | Ensure no hard coded PAN-OS credentials exist in provider | Terraform | +| 1528 | CKV_PAN_2 | resource | panos_management_profile | Ensure plain-text management HTTP is not enabled for an Interface Management Profile | Terraform | +| 1529 | CKV_PAN_3 | resource | panos_management_profile | Ensure plain-text management Telnet is not enabled for an Interface Management Profile | Terraform | +| 1530 | CKV_PAN_4 | resource | panos_security_policy | Ensure DSRI is not enabled within security policies | Terraform | +| 1531 | CKV_PAN_4 | resource | panos_security_rule_group | Ensure DSRI is not enabled within security policies | Terraform | +| 1532 | CKV_PAN_5 | resource | panos_security_policy | Ensure security rules do not have 'applications' set to 'any' | Terraform | +| 1533 | CKV_PAN_5 | resource | panos_security_rule_group | Ensure security rules do not have 'applications' set to 'any' | Terraform | +| 1534 | CKV_PAN_6 | resource | panos_security_policy | Ensure security rules do not have 'services' set to 'any' | Terraform | +| 1535 | CKV_PAN_6 | resource | panos_security_rule_group | Ensure security rules do not have 'services' set to 'any' | Terraform | +| 1536 | CKV_PAN_7 | resource | panos_security_policy | Ensure security rules do not have 'source_addresses' and 'destination_addresses' both containing values of 'any' | Terraform | +| 1537 | CKV_PAN_7 | resource | panos_security_rule_group | Ensure security rules do not have 'source_addresses' and 'destination_addresses' both containing values of 'any' | Terraform | +| 1538 | CKV_PAN_8 | resource | panos_security_policy | Ensure description is populated within security policies | Terraform | +| 1539 | CKV_PAN_8 | resource | panos_security_rule_group | Ensure description is populated within security policies | Terraform | +| 1540 | CKV_PAN_9 | resource | panos_security_policy | Ensure a Log Forwarding Profile is selected for each security policy rule | Terraform | +| 1541 | CKV_PAN_9 | resource | panos_security_rule_group | Ensure a Log Forwarding Profile is selected for each security policy rule | Terraform | +| 1542 | CKV_PAN_10 | resource | panos_security_policy | Ensure logging at session end is enabled within security policies | Terraform | +| 1543 | CKV_PAN_10 | resource | panos_security_rule_group | Ensure logging at session end is enabled within security policies | Terraform | +| 1544 | CKV_PAN_11 | resource | panos_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure encryption algorithms | Terraform | +| 1545 | CKV_PAN_11 | resource | panos_panorama_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure encryption algorithms | Terraform | +| 1546 | CKV_PAN_12 | resource | panos_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure authentication algorithms | Terraform | +| 1547 | CKV_PAN_12 | resource | panos_panorama_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure authentication algorithms | Terraform | +| 1548 | CKV_PAN_13 | resource | panos_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure protocols | Terraform | +| 1549 | CKV_PAN_13 | resource | panos_panorama_ipsec_crypto_profile | Ensure IPsec profiles do not specify use of insecure protocols | Terraform | +| 1550 | CKV_PAN_14 | resource | panos_panorama_zone | Ensure a Zone Protection Profile is defined within Security Zones | Terraform | +| 1551 | CKV_PAN_14 | resource | panos_zone | Ensure a Zone Protection Profile is defined within Security Zones | Terraform | +| 1552 | CKV_PAN_14 | resource | panos_zone_entry | Ensure a Zone Protection Profile is defined within Security Zones | Terraform | +| 1553 | CKV_PAN_15 | resource | panos_panorama_zone | Ensure an Include ACL is defined for a Zone when User-ID is enabled | Terraform | +| 1554 | CKV_PAN_15 | resource | panos_zone | Ensure an Include ACL is defined for a Zone when User-ID is enabled | Terraform | +| 1555 | CKV_YC_1 | resource | yandex_mdb_clickhouse_cluster | Ensure security group is assigned to database cluster. | Terraform | +| 1556 | CKV_YC_1 | resource | yandex_mdb_elasticsearch_cluster | Ensure security group is assigned to database cluster. | Terraform | +| 1557 | CKV_YC_1 | resource | yandex_mdb_greenplum_cluster | Ensure security group is assigned to database cluster. | Terraform | +| 1558 | CKV_YC_1 | resource | yandex_mdb_kafka_cluster | Ensure security group is assigned to database cluster. | Terraform | +| 1559 | CKV_YC_1 | resource | yandex_mdb_mongodb_cluster | Ensure security group is assigned to database cluster. | Terraform | +| 1560 | CKV_YC_1 | resource | yandex_mdb_mysql_cluster | Ensure security group is assigned to database cluster. | Terraform | +| 1561 | CKV_YC_1 | resource | yandex_mdb_postgresql_cluster | Ensure security group is assigned to database cluster. | Terraform | +| 1562 | CKV_YC_1 | resource | yandex_mdb_redis_cluster | Ensure security group is assigned to database cluster. | Terraform | +| 1563 | CKV_YC_1 | resource | yandex_mdb_sqlserver_cluster | Ensure security group is assigned to database cluster. | Terraform | +| 1564 | CKV_YC_2 | resource | yandex_compute_instance | Ensure compute instance does not have public IP. | Terraform | +| 1565 | CKV_YC_3 | resource | yandex_storage_bucket | Ensure storage bucket is encrypted. | Terraform | +| 1566 | CKV_YC_4 | resource | yandex_compute_instance | Ensure compute instance does not have serial console enabled. | Terraform | +| 1567 | CKV_YC_5 | resource | yandex_kubernetes_cluster | Ensure Kubernetes cluster does not have public IP address. | Terraform | +| 1568 | CKV_YC_6 | resource | yandex_kubernetes_node_group | Ensure Kubernetes cluster node group does not have public IP addresses. | Terraform | +| 1569 | CKV_YC_7 | resource | yandex_kubernetes_cluster | Ensure Kubernetes cluster auto-upgrade is enabled. | Terraform | +| 1570 | CKV_YC_8 | resource | yandex_kubernetes_node_group | Ensure Kubernetes node group auto-upgrade is enabled. | Terraform | +| 1571 | CKV_YC_9 | resource | yandex_kms_symmetric_key | Ensure KMS symmetric key is rotated. | Terraform | +| 1572 | CKV_YC_10 | resource | yandex_kubernetes_cluster | Ensure etcd database is encrypted with KMS key. | Terraform | +| 1573 | CKV_YC_11 | resource | yandex_compute_instance | Ensure security group is assigned to network interface. | Terraform | +| 1574 | CKV_YC_12 | resource | yandex_mdb_clickhouse_cluster | Ensure public IP is not assigned to database cluster. | Terraform | +| 1575 | CKV_YC_12 | resource | yandex_mdb_elasticsearch_cluster | Ensure public IP is not assigned to database cluster. | Terraform | +| 1576 | CKV_YC_12 | resource | yandex_mdb_greenplum_cluster | Ensure public IP is not assigned to database cluster. | Terraform | +| 1577 | CKV_YC_12 | resource | yandex_mdb_kafka_cluster | Ensure public IP is not assigned to database cluster. | Terraform | +| 1578 | CKV_YC_12 | resource | yandex_mdb_mongodb_cluster | Ensure public IP is not assigned to database cluster. | Terraform | +| 1579 | CKV_YC_12 | resource | yandex_mdb_mysql_cluster | Ensure public IP is not assigned to database cluster. | Terraform | +| 1580 | CKV_YC_12 | resource | yandex_mdb_postgresql_cluster | Ensure public IP is not assigned to database cluster. | Terraform | +| 1581 | CKV_YC_12 | resource | yandex_mdb_sqlserver_cluster | Ensure public IP is not assigned to database cluster. | Terraform | +| 1582 | CKV_YC_13 | resource | yandex_resourcemanager_cloud_iam_binding | Ensure cloud member does not have elevated access. | Terraform | +| 1583 | CKV_YC_13 | resource | yandex_resourcemanager_cloud_iam_member | Ensure cloud member does not have elevated access. | Terraform | +| 1584 | CKV_YC_14 | resource | yandex_kubernetes_cluster | Ensure security group is assigned to Kubernetes cluster. | Terraform | +| 1585 | CKV_YC_15 | resource | yandex_kubernetes_node_group | Ensure security group is assigned to Kubernetes node group. | Terraform | +| 1586 | CKV_YC_16 | resource | yandex_kubernetes_cluster | Ensure network policy is assigned to Kubernetes cluster. | Terraform | +| 1587 | CKV_YC_17 | resource | yandex_storage_bucket | Ensure storage bucket does not have public access permissions. | Terraform | +| 1588 | CKV_YC_18 | resource | yandex_compute_instance_group | Ensure compute instance group does not have public IP. | Terraform | +| 1589 | CKV_YC_19 | resource | yandex_vpc_security_group | Ensure security group does not contain allow-all rules. | Terraform | +| 1590 | CKV_YC_20 | resource | yandex_vpc_security_group_rule | Ensure security group rule is not allow-all. | Terraform | +| 1591 | CKV_YC_21 | resource | yandex_organizationmanager_organization_iam_binding | Ensure organization member does not have elevated access. | Terraform | +| 1592 | CKV_YC_21 | resource | yandex_organizationmanager_organization_iam_member | Ensure organization member does not have elevated access. | Terraform | +| 1593 | CKV_YC_22 | resource | yandex_compute_instance_group | Ensure compute instance group has security group assigned. | Terraform | +| 1594 | CKV_YC_23 | resource | yandex_resourcemanager_folder_iam_binding | Ensure folder member does not have elevated access. | Terraform | +| 1595 | CKV_YC_23 | resource | yandex_resourcemanager_folder_iam_member | Ensure folder member does not have elevated access. | Terraform | +| 1596 | CKV_YC_24 | resource | yandex_organizationmanager_organization_iam_binding | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | +| 1597 | CKV_YC_24 | resource | yandex_organizationmanager_organization_iam_member | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | +| 1598 | CKV_YC_24 | resource | yandex_resourcemanager_cloud_iam_binding | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | +| 1599 | CKV_YC_24 | resource | yandex_resourcemanager_cloud_iam_member | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | +| 1600 | CKV_YC_24 | resource | yandex_resourcemanager_folder_iam_binding | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | +| 1601 | CKV_YC_24 | resource | yandex_resourcemanager_folder_iam_member | Ensure passport account is not used for assignment. Use service accounts and federated accounts where possible. | Terraform | ---