Open tongyiming opened 2 weeks ago
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
add CKV_TC_1 to ensure all data stored in the CBS is securely encrypted
add CKV_TC_2 to ensure CVM instance should not allocate public IP
add CKV_TC_3 to ensure CVM monitor service is enabled for CVM instances
add CKV_TC_4 to ensure CVM instances not use default
add CKV_TC_5 to ensure CVM instances not refer resource vpc named default
add CKV_TC_6 to ensure TKE log agent enable
add CKV_TC_7 to ensure TKE not assigned public ip
add CKV_TC_8 to ensure VPC security group rule not accept all traffic
add CKV_TC_9 to ensure CDB not enable internet service
add CKV_TC_10 to ensure CDB intranet port not equal 3306
add CKV_TC_11 to ensure CLB config log_set_id and log_topic_id
add CKV_TC_12 to check CLB listren protocol
add CKV_TC_13 to ensure CVM user data not contain aksk
add CKV_TC_14 to ensure VPC flow log disabled
[x] My code follows the style guidelines of this project
[x] I have performed a self-review of my own code
[ ] I have commented my code, particularly in hard-to-understand areas
[ ] I have made corresponding changes to the documentation
[x] I have added tests that prove my feature, policy, or fix is effective and works
[ ] New and existing tests pass locally with my changes
[ ] Any dependent changes have been merged and published in downstream modules
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Description
add CKV_TC_1 to ensure all data stored in the CBS is securely encrypted
add CKV_TC_2 to ensure CVM instance should not allocate public IP
add CKV_TC_3 to ensure CVM monitor service is enabled for CVM instances
add CKV_TC_4 to ensure CVM instances not use default
add CKV_TC_5 to ensure CVM instances not refer resource vpc named default
add CKV_TC_6 to ensure TKE log agent enable
add CKV_TC_7 to ensure TKE not assigned public ip
add CKV_TC_8 to ensure VPC security group rule not accept all traffic
add CKV_TC_9 to ensure CDB not enable internet service
add CKV_TC_10 to ensure CDB intranet port not equal 3306
add CKV_TC_11 to ensure CLB config log_set_id and log_topic_id
add CKV_TC_12 to check CLB listren protocol
add CKV_TC_13 to ensure CVM user data not contain aksk
add CKV_TC_14 to ensure VPC flow log disabled
Checklist:
[x] My code follows the style guidelines of this project
[x] I have performed a self-review of my own code
[ ] I have commented my code, particularly in hard-to-understand areas
[ ] I have made corresponding changes to the documentation
[x] I have added tests that prove my feature, policy, or fix is effective and works
[ ] New and existing tests pass locally with my changes
[ ] Any dependent changes have been merged and published in downstream modules