github-actions[bot]
commented
8 months ago 
KICS version: v1.7.13
| | | Category | Results | | --- |--- | --- | |  | CRITICAL | 0 | |  | HIGH | 3 | |  | MEDIUM | 2 | |  | LOW | 0 | |  | INFO | 0 | |  | TRACE | 0 | |  | TOTAL | 5 | | | Metric | Values | | --- | --- | | Files scanned  | 2 | Files parsed  | 2 | Files failed to scan  | 0 | Total executed queries  | 1045 | Queries failed to execute  | 0 | Execution time  | 27 |
Queries Results
| | Query Name| Query Id| Severity| Platform| Category| Experimental| Description| File Name| Line| Resource Type| Resource Name| Issue Type| Search Key| Expected Value| Actual Value| Remediation| Remediation Type| |:---|:---|:---|:---|:---|:---|:---|:---|:---|:---|:---|:---|:---|:---|:---|:---|:---| | [AD Admin Not Configured For SQL Server](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_active_directory_administrator)| a3a055d2-9a2e-4cc9-b9fb-12850a1a3a4b| HIGH| Terraform| Insecure Configurations| false| The Active Directory Administrator is not configured for a SQL server| test/samples/positive1.tf| 6| azurerm_sql_server| mysqlserver1| MissingAttribute| azurerm_sql_server[positive2]| A 'azurerm_sql_active_directory_administrator' should be defined for 'azurerm_sql_server[positive2]'| A 'azurerm_sql_active_directory_administrator' is not defined for 'azurerm_sql_server[positive2]'| | | | [Admin User Enabled For Container Registry](https://www.terraform.io/docs/providers/azurerm/r/container_registry.html)| b897dfbf-322c-45a8-b67c-1e698beeaa51| HIGH| Terraform| Access Control| false| Admin user is enabled for Container Registry| test/samples/positive2.tf| 11| azurerm_container_registry| containerRegistry1| IncorrectValue| azurerm_container_registry[positive2].admin_enabled| 'admin_enabled' equal 'false'| 'admin_enabled' equal 'true'| {"after":"false","before":"true"}| replacement| | [Passwords And Secrets - Generic Password](https://docs.kics.io/latest/secrets/)| 487f4be7-3fd9-4506-a07a-eae252180c08| HIGH| Common| Secret Management| false| Query to find passwords and secrets in infrastructure code.| test/samples/positive1.tf| 12| | | RedundantAttribute| | Hardcoded secret key should not appear in source| Hardcoded secret key appears in source| | | | [SQL Server Auditing Disabled](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_server)| f7e296b0-6660-4bc5-8f87-22ac4a815edf| MEDIUM| Terraform| Observability| false| Make sure that for SQL Servers, 'Auditing' is set to 'On'| test/samples/positive1.tf| 6| azurerm_sql_server| mysqlserver1| MissingAttribute| azurerm_sql_server[positive2]| 'azurerm_sql_server.positive2.extended_auditing_policy' should exist| 'azurerm_sql_server.positive2.extended_auditing_policy' does not exist| | | | [SQL Server Predictable Active Directory Account Name](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_active_directory_administrator)| bcd3fc01-5902-4f2a-b05a-227f9bbf5450| MEDIUM| Terraform| Best Practices| false| Azure SQL Server must avoid using predictable Active Directory Administrator Account names, like 'Admin', which means the attribute 'login' must be set to a name that is not easy to predict| test/samples/positive1.tf| 18| azurerm_sql_active_directory_administrator| positive3| IncorrectValue| azurerm_sql_active_directory_administrator[positive3].login| 'azurerm_sql_active_directory_administrator[positive3].login' should not be predictable'| 'azurerm_sql_active_directory_administrator[positive3].login' is predictable| | | |
closes #76 proposed changes:
ignore_on_exitto sarif upload guide