Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prisma Cloud fix config: /packages/node/base/package.json and 170 more #4

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Prisma Cloud fix config: /packages/node/base/package.json and 170 more #4

wants to merge 1 commit into from

Conversation

prisma-cloud-devsecops[bot]
Copy link

Prisma Cloud has created this PR to fix Supply Chain risks found in files in this project.

Changes included in this PR:

  • /packages/node/base/package.json
  • /packages/node/base/package-lock.json
  • /packages/pom.xml
  • /packages/sub/pom.xml
  • /terraform/aws/kms.tf:aws_kms_key.logs_key
  • /terraform/aws/es.tf:aws_elasticsearch_domain.monitoring-framework
  • /terraform/aws/es.tf:aws_elasticsearch_domain.monitoring-framework
  • /terraform/azure/security_center.tf:azurerm_security_center_contact.contact
  • /terraform/aws/db-app.tf:aws_instance.db_app
  • /terraform/aws/db-app.tf:aws_instance.db_app
  • /terraform/aws/lambda.tf:aws_lambda_function.analysis_lambda
  • /terraform/aws/rds.tf:aws_rds_cluster.app4-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app4-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app4-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app4-rds-cluster
  • /terraform/aws/ec2.tf:aws_ebs_volume.web_host_storage
  • /terraform/azure/instance.tf:azurerm_windows_virtual_machine.windows_machine
  • /terraform/azure/mssql.tf:azurerm_mssql_server_security_alert_policy.alertpolicy7
  • /terraform/gcp/big_data.tf:google_sql_database_instance.master_instance
  • /terraform/gcp/big_data.tf:google_sql_database_instance.master_instance
  • /terraform/gcp/gcs.tf:google_storage_bucket.terragoat_website
  • /terraform/aws/neptune.tf:aws_neptune_cluster.default
  • /terraform/azure/mssql.tf:azurerm_mssql_server_security_alert_policy.alertpolicy1
  • /terraform/azure/mssql.tf:azurerm_mssql_server_security_alert_policy.alertpolicy3
  • /terraform/azure/sql.tf:azurerm_mssql_server_security_alert_policy.example
  • /terraform/azure/sql.tf:azurerm_mssql_server_security_alert_policy.example
  • /terraform/azure/mssql.tf:azurerm_mssql_server.mssql6
  • /terraform/azure/mssql.tf:azurerm_mssql_server.mssql6
  • /terraform/azure/mssql.tf:azurerm_mssql_server.mssql1
  • /terraform/azure/mssql.tf:azurerm_mssql_server.mssql1
  • /terraform/gcp/gke.tf:google_container_node_pool.custom_node_pool
  • /terraform/gcp/gke.tf:google_container_node_pool.custom_node_pool
  • /terraform/gcp/gke.tf:google_container_node_pool.custom_node_pool
  • /terraform/aws/rds.tf:aws_rds_cluster.app2-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app2-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app2-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app2-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app5-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app5-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app5-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app5-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app1-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app1-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app1-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app1-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app7-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app7-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app7-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app7-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app8-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app8-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app8-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app8-rds-cluster
  • /terraform/aws/ec2.tf:aws_instance.web_host
  • /terraform/aws/ec2.tf:aws_instance.web_host
  • /terraform/alicloud/trail.tf:alicloud_actiontrail_trail.fail
  • /terraform/azure/security_center.tf:azurerm_security_center_subscription_pricing.pricing
  • /terraform/aws/s3.tf:aws_s3_bucket.operations
  • /terraform/aws/s3.tf:aws_s3_bucket.operations
  • /terraform/aws/s3.tf:aws_s3_bucket.operations
  • /terraform/aws/s3.tf:aws_s3_bucket.data_science
  • /terraform/aws/s3.tf:aws_s3_bucket.data_science
  • /terraform/azure/aks.tf:azurerm_kubernetes_cluster.k8s_cluster
  • /terraform/azure/aks.tf:azurerm_kubernetes_cluster.k8s_cluster
  • /terraform/alicloud/trail.tf:alicloud_oss_bucket.trail
  • /terraform/alicloud/trail.tf:alicloud_oss_bucket.trail
  • /terraform/gcp/instances.tf:google_compute_instance.server
  • /terraform/gcp/instances.tf:google_compute_instance.server
  • /terraform/gcp/instances.tf:google_compute_instance.server
  • /terraform/gcp/instances.tf:google_compute_instance.server
  • /terraform/aws/s3.tf:aws_s3_bucket.data
  • /terraform/aws/s3.tf:aws_s3_bucket.data
  • /terraform/aws/s3.tf:aws_s3_bucket.data
  • /terraform/aws/s3.tf:aws_s3_bucket.data
  • /terraform/azure/app_service.tf:azurerm_app_service.app-service1
  • /terraform/azure/app_service.tf:azurerm_app_service.app-service1
  • /terraform/azure/app_service.tf:azurerm_app_service.app-service1
  • /terraform/azure/app_service.tf:azurerm_app_service.app-service1
  • /terraform/azure/app_service.tf:azurerm_app_service.app-service1
  • /terraform/azure/app_service.tf:azurerm_app_service.app-service1
  • /terraform/azure/app_service.tf:azurerm_app_service.app-service1
  • /terraform/azure/app_service.tf:azurerm_app_service.app-service1
  • /terraform/azure/app_service.tf:azurerm_app_service.app-service1
  • /terraform/azure/app_service.tf:azurerm_app_service.app-service1
  • /terraform/azure/app_service.tf:azurerm_app_service.app-service1
  • /terraform/aws/eks.tf:aws_subnet.eks_subnet1
  • /terraform/azure/mssql.tf:azurerm_mssql_server_security_alert_policy.alertpolicy2
  • /terraform/azure/mssql.tf:azurerm_mssql_server_security_alert_policy.alertpolicy4
  • /terraform/azure/mssql.tf:azurerm_mssql_server_security_alert_policy.alertpolicy5
  • /terraform/azure/mssql.tf:azurerm_mssql_server_security_alert_policy.alertpolicy5
  • /terraform/azure/mssql.tf:azurerm_mssql_server_security_alert_policy.alertpolicy6
  • /terraform/gcp/gke.tf:google_container_cluster.workload_cluster
  • /terraform/gcp/gke.tf:google_container_cluster.workload_cluster
  • /terraform/gcp/gke.tf:google_container_cluster.workload_cluster
  • /terraform/gcp/gke.tf:google_container_cluster.workload_cluster
  • /terraform/gcp/gke.tf:google_container_cluster.workload_cluster
  • /terraform/gcp/gke.tf:google_container_cluster.workload_cluster
  • /terraform/azure/instance.tf:azurerm_linux_virtual_machine.linux_machine
  • /terraform/azure/app_service.tf:azurerm_app_service.app-service2
  • /terraform/azure/app_service.tf:azurerm_app_service.app-service2
  • /terraform/azure/app_service.tf:azurerm_app_service.app-service2
  • /terraform/azure/app_service.tf:azurerm_app_service.app-service2
  • /terraform/azure/app_service.tf:azurerm_app_service.app-service2
  • /terraform/azure/app_service.tf:azurerm_app_service.app-service2
  • /terraform/azure/app_service.tf:azurerm_app_service.app-service2
  • /terraform/azure/app_service.tf:azurerm_app_service.app-service2
  • /terraform/azure/app_service.tf:azurerm_app_service.app-service2
  • /terraform/aws/rds.tf:aws_rds_cluster.app6-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app6-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app6-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app6-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app9-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app9-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app9-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app9-rds-cluster
  • /terraform/azure/key_vault.tf:azurerm_key_vault.example
  • /terraform/azure/key_vault.tf:azurerm_key_vault.example
  • /terraform/azure/key_vault.tf:azurerm_key_vault_key.generated
  • /terraform/azure/mssql.tf:azurerm_mssql_server.mssql2
  • /terraform/azure/mssql.tf:azurerm_mssql_server.mssql2
  • /terraform/azure/sql.tf:azurerm_postgresql_server.example
  • /terraform/azure/sql.tf:azurerm_postgresql_server.example
  • /terraform/azure/sql.tf:azurerm_postgresql_server.example
  • /terraform/azure/sql.tf:azurerm_postgresql_server.example
  • /terraform/azure/sql.tf:azurerm_postgresql_server.example
  • /terraform/azure/mssql.tf:azurerm_mssql_server.mssql3
  • /terraform/azure/mssql.tf:azurerm_mssql_server.mssql3
  • /terraform/azure/mssql.tf:azurerm_mssql_server.mssql4
  • /terraform/azure/mssql.tf:azurerm_mssql_server.mssql4
  • /terraform/azure/mssql.tf:azurerm_mssql_server.mssql5
  • /terraform/azure/mssql.tf:azurerm_mssql_server.mssql5
  • /terraform/azure/mssql.tf:azurerm_mssql_server.mssql7
  • /terraform/azure/mssql.tf:azurerm_mssql_server.mssql7
  • /terraform/azure/sql.tf:azurerm_mysql_server.example
  • /terraform/azure/sql.tf:azurerm_mysql_server.example
  • /terraform/azure/sql.tf:azurerm_mysql_server.example
  • /terraform/azure/sql.tf:azurerm_mysql_server.example
  • /terraform/azure/sql.tf:azurerm_mysql_server.example
  • /terraform/aws/ec2.tf:aws_subnet.web_subnet
  • /terraform/aws/ec2.tf:aws_subnet.web_subnet2
  • /terraform/aws/ecr.tf:aws_ecr_repository.repository
  • /terraform/aws/ecr.tf:aws_ecr_repository.repository
  • /terraform/aws/ecr.tf:aws_ecr_repository.repository
  • /terraform/aws/eks.tf:aws_subnet.eks_subnet2
  • /terraform/aws/eks.tf:aws_eks_cluster.eks_cluster
  • /terraform/aws/eks.tf:aws_eks_cluster.eks_cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app3-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app3-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app3-rds-cluster
  • /terraform/aws/rds.tf:aws_rds_cluster.app3-rds-cluster
  • /terraform/aws/ec2.tf:aws_s3_bucket.flowbucket
  • /terraform/aws/ec2.tf:aws_s3_bucket.flowbucket
  • /terraform/aws/ec2.tf:aws_s3_bucket.flowbucket
  • /terraform/aws/ec2.tf:aws_s3_bucket.flowbucket
  • /terraform/aws/s3.tf:aws_s3_bucket.financials
  • /terraform/aws/s3.tf:aws_s3_bucket.financials
  • /terraform/aws/s3.tf:aws_s3_bucket.financials
  • /terraform/aws/s3.tf:aws_s3_bucket.financials
  • /terraform/aws/s3.tf:aws_s3_bucket.logs
  • /terraform/aws/db-app.tf:aws_db_instance.default
  • /terraform/aws/db-app.tf:aws_db_instance.default
  • /terraform/aws/db-app.tf:aws_db_instance.default
  • /terraform/aws/db-app.tf:aws_db_instance.default
  • /terraform/aws/db-app.tf:aws_db_instance.default
  • /terraform/oracle/bucket.tf:oci_objectstorage_bucket.secretsquirrel
  • /terraform/oracle/bucket.tf:oci_objectstorage_bucket.secretsquirrel
  • /terraform/oracle/bucket.tf:oci_objectstorage_bucket.secretsquirrel
  • /terraform/alicloud/rds.tf:alicloud_db_instance.seeme
  • /terraform/alicloud/bucket.tf:alicloud_oss_bucket.bad_bucket
  • /terraform/alicloud/bucket.tf:alicloud_oss_bucket.bad_bucket
  • /terraform/alicloud/bucket.tf:alicloud_oss_bucket.bad_bucket

Policies:

  • Ensure all data stored in Aurora is securely encrypted at rest
  • Ensure all data stored in the Elasticsearch is securely encrypted at rest
  • Ensure Elasticsearch Domain Logging is enabled
  • Ensure that IP forwarding is not enabled on Instances
  • Ensure all data stored in the EBS is securely encrypted
  • Ensure 'Enable connecting to serial ports' is not enabled for VM Instance
  • Ensure RDS cluster has IAM authentication enabled
  • Ensure Neptune storage is securely encrypted
  • Ensure rotation for customer created CMKs is enabled
  • Ensure App Service Authentication is set on Azure App Service
  • Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters
  • Ensure Network Policy is enabled on Kubernetes Engine Clusters
  • Ensure all data stored in the S3 bucket is securely encrypted at rest
  • Ensure that Compute instances do not have public IP addresses
  • Ensure that PostgreSQL server enables geo-redundant backups
  • Ensure that PostgreSQL server disables public network access
  • Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server
  • Ensure that My SQL server enables Threat detection policy
  • Ensure that 'Send Alerts To' is enabled for MSSQL servers
  • Ensure MySQL is using the latest version of TLS encryption
  • Ensure that My SQL server enables geo-redundant backups
  • Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server
  • Ensure that ECR repositories are encrypted using KMS
  • Ensure ECR image scanning on push is enabled
  • Ensure EKS Cluster has Secrets Encryption Enabled
  • Ensure Amazon EKS public endpoint disabled
  • Ensure all data stored in the RDS bucket is not public accessible
  • Ensure all data stored in the RDS is securely encrypted at rest
  • Ensure RDS database has IAM authentication enabled
  • Ensure that RDS instances have Multi-AZ enabled
  • Ensure that enhanced monitoring is enabled for Amazon RDS instances
  • Ensure OCI Object Storage has versioning enabled
  • Ensure OCI Object Storage bucket can emit object events
  • Ensure OCI Object Storage is not Public
  • Ensure RDS instance uses SSL
  • Alibaba Cloud OSS bucket accessible to public
  • Ensure that detailed monitoring is enabled for EC2 instances
  • Ensure that RDS clusters have deletion protection enabled
  • Ensure Secure Boot for Shielded GKE Nodes is Enabled
  • Ensure MSSQL is using the latest version of TLS encryption
  • Ensure that Cloud Storage buckets have uniform bucket-level access enabled
  • Ensure VPC subnets do not assign public IP by default
  • Ensure that an Amazon RDS Clusters have AWS Identity and Access Management (IAM) authentication enabled
  • Ensure that EC2 is EBS optimized
  • Packages scan found vulnerabilities
  • Ensure FTP deployments are disabled
  • Ensure that 'Net Framework' version is the latest, if used as a part of the web app
  • Ensure that AKS enables private clusters
  • Ensure OSS bucket has versioning enabled
  • Ensure that 'Send email notification for high severity alerts' is set to 'On'
  • Ensure that app services use Azure Files
  • Ensure X-ray tracing is enabled for Lambda
  • Ensure that 'Email service and co-administrators' is 'Enabled' for MSSQL servers
  • Ensure OSS bucket has transfer Acceleration enabled
  • Ensure the S3 bucket has access logging enabled
  • Ensure use of Binary Authorization
  • Ensure that App service enables failed request tracing
  • Ensure 'Automatic node upgrade' is enabled for Kubernetes Clusters
  • Ensure web app is using the latest version of TLS encryption
  • Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service
  • Ensure 'Automatic node repair' is enabled for Kubernetes Clusters
  • Ensure ECR Image Tags are immutable
  • Ensure that Register with Azure Active Directory is enabled on App Service
  • Ensure Virtual Machine Extensions are not Installed
  • Ensure Action Trail Logging for all regions
  • Ensure that S3 buckets are encrypted with KMS by default
  • Ensure that SQL server disables public network access
  • Ensure AKS logging to Azure Monitoring is Configured
  • Ensure that App service enables detailed error messages
  • Ensure that standard pricing tier is selected
  • Ensure all Cloud SQL database instance have backup configuration enabled
  • Ensure all data stored in the S3 bucket have versioning enabled
  • Ensure the web app has 'Client Certificates (Incoming client certificates)' set
  • Ensure that 'HTTP Version' is the latest if used to run the web app
  • Ensure that key vault allows firewall rules settings
  • Ensure 'public network access enabled' is set to 'False' for mySQL servers
  • Ensure that PostgreSQL server enables infrastructure encryption
  • Ensure all Cloud SQL database instance requires all incoming connections to use SSL
  • Ensure that key vault enables purge protection
  • Ensure legacy Compute Engine instance metadata APIs are Disabled
  • Ensure a client certificate is used by clients to authenticate to Kubernetes Engine Clusters
  • Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in prject metadata for all instances)
  • Enable VPC Flow Logs and Intranode Visibility
  • Ensure that PostgreSQL server enables Threat detection policy
  • Ensure that key vault key is backed by HSM

Please check the changes in this PR to ensure they do not introduce conflicts to your project.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
0 participants