added

OCI and OpenStack support as part of 53 new policies 🛂

Bridgecrew added 53 new out-of-the-box policies across multiple resource types and providers.
New additions also include supporting Oracle Cloud Infrastructure (OCI) Terraform resources and OpenStack secrets and Terraform resources.

22422242
Policy IdPolicy title
BC_AWS_LOGGING_30Ensure API Gateway V2 has Access Logging enabled
BC_AWS_NETWORKING_61Ensure API Gateway caching is enabled
BC_AWS_NETWORKING_62Ensure that Load Balancer has deletion protection enabled
BC_AWS_STORAGE_1Ensure QLDB ledger has deletion protection enabled
BC_AWS_SERVERLESS_5Ensure encryption settings for Lambda environmental variable is set properly
BC_AWS_NETWORKING_63Verify CloudFront Distribution Viewer Certificate is using TLS v1.2
BC_AZR_STORAGE_4Ensure Storage Accounts adhere to the naming rules
BC_AZR_STORAGE_5Ensure cosmosdb does not allow privileged escalation by restricting management plane changes
BC_OCI_SECRETS_1Ensure no hard coded OCI private key in provider
BC_OCI_Storage_1Ensure OCI Block Storage Block Volume has backup enabled
BC_OCI_Storage_2Ensure OCI Block Storage Block Volumes are encrypted with a Customer Managed Key (CMK)
BC_OCI_COMPUTE_1Ensure OCI Compute Instance boot volume has in-transit data encryption enabled
BC_OCI_COMPUTE_2Ensure OCI Compute Instance has Legacy MetaData service endpoint disabled
BC_OCI_LOGGING_1Ensure OCI Compute Instance has monitoring enabled
BC_OCI_STORAGE_3Ensure OCI Object Storage bucket can emit object events
BC_OCI_STORAGE_4Ensure OCI Object Storage has versioning enabled
BC_OCI_STORAGE_5Ensure OCI Object Storage is encrypted with Customer Managed Key
BC_OCI_STORAGE_6Ensure OCI Object Storage is not Public
BC_OCI_IAM_1Ensure OCI IAM password policy contains lowercase characters
BC_OCI_IAM_2Ensure OCI IAM password policy contains numeric characters
BC_OCI_IAM_3Ensure OCI IAM password policy contains symbols
BC_OCI_IAM_4Ensure OCI IAM password policy contains uppercase characters
BC_OCI_STORAGE_7Ensure OCI File System is Encrypted with a customer Managed Key
BC_OCI_NETWORKING_1Ensure VCN has an inbound security list
BC_OCI_NETWORKING_2Ensure VCN inbound security lists are stateless
BC_OCI_IAM_5Ensure OCI IAM password policy has a minimum length of 14 characters
BC_AWS_NETWORKING_64Ensure WAF has associated rules
BC_AWS_LOGGING_31Ensure Logging is enabled for WAF Web Access Control Lists
BC_AWS_GENERAL_97Ensure Kinesis Video Stream is encrypted by KMS using a customer managed Key (CMK)
BC_AWS_GENERAL_98Ensure fx ontap file system is encrypted by KMS using a customer managed Key (CMK)
BC_AWS_GENERAL_99Ensure FSX Windows filesystem is encrypted by KMS using a customer managed Key (CMK)
BC_AWS_GENERAL_100Ensure Image Builder component is encrypted by KMS using a customer managed Key (CMK)
BC_AWS_GENERAL_101Ensure S3 Object Copy is encrypted by KMS using a customer managed Key (CMK)
BC_AWS_GENERAL_102Ensure Doc DB is encrypted by KMS using a customer managed Key (CMK)
BC_AWS_GENERAL_103Ensure EBS Snapshot Copy is encrypted by KMS using a customer managed Key (CMK)
BC_AWS_GENERAL_104Ensure EFS file system is encrypted by KMS using a customer managed Key (CMK)
BC_AWS_GENERAL_105Ensure Kinesis Stream is encrypted by KMS using a customer managed Key (CMK)
BC_AWS_GENERAL_106Ensure S3 bucket Object is encrypted by KMS using a customer managed Key (CMK)
BC_AWS_GENERAL_107Ensure Sagemaker domain is encrypted by KMS using a customer managed Key (CMK)
BC_AWS_GENERAL_108Ensure RedShift Cluster is encrypted by KMS using a customer managed Key (CMK)
BC_AWS_GENERAL_109Ensure EBS Volume is encrypted by KMS using a customer managed Key (CMK)
BC_AWS_GENERAL_110Ensure lustre file systems is encrypted by KMS using a customer managed Key (CMK)
BC_AWS_GENERAL_111Ensure Elasticache replication group is encrypted by KMS using a customer managed Key (CMK)
BC_AWS_LOGGING_32Ensure Postgres RDS has Query Logging enabled
BC_AWS_LOGGING_33Ensure WAF2 has a Logging Configuration
BC_AWS_NETWORKING_65Ensure CloudFront distribution has a strict security headers policy attached
BC_1Ensure no hard coded API token exist in the provider
BC_K8S_108Prevent NGINX Ingress annotation snippets which contain LUA code execution. See CVE-2021-25742
BC_K8S_109Prevent All NGINX Ingress annotation snippets. See CVE-2021-25742
BC_K8S_110Prevent NGINX Ingress annotation snippets which contain alias statements See CVE-2021-25742
BC_OPENSTACK_SECRETS_1Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp)
BC_OPENSTACK_NETWORKING_1Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp)
BC_OPENSTACK_NETWORKING_2Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp)