- S6265 Granting access to S3 buckets to all or authenticated users is security-sensitive
- S6249 Authorizing HTTP communications with S3 buckets is security-sensitive
- S6245 Disabling server-side encryption of S3 buckets is security-sensitive
- S6252 Disabling versioning of S3 buckets is security-sensitive
- S6281 Allowing public ACLs or policies on a S3 bucket is security-sensitive
- S6270 Policies authorizing public access to resources are security-sensitive
- S6302 Policies granting all privileges are security-sensitive
- S6304 Policies granting access to all resources of an account are security-sensitive
- S6317 AWS IAM policies should not allow privilege escalation
- S6321 Administration services access should be restricted to specific IP addresses
- S6329 Allowing public network access to cloud resources is security-sensitive
- S6333 Creating public APIs is security sensitive
- S4423: Weak SSL/TLS protocols should not be used
- S5332: Using clear-text protocols is security-sensitive
- S6275: Using unencrypted EBS volumes is security-sensitive
- S6332: Using unencrypted EFS file systems is security-sensitive
- S6308: Using unencrypted Elasticsearch domains is security-sensitive
- S6303: Using unencrypted RDS databases is security-sensitive
- S6319: Using unencrypted SageMaker notebook instances is security-sensitive
- S6327: Using unencrypted SNS topics is security-sensitive
- S6330: Using unencrypted SQS queues is security-sensitive
You’ll benefit from all the same rules that are supported when analyzing
This works out-of-the-box, without any additional action on your side.
See the example below .
Note that this applies to inline code, zipped assets are not included in the analysis.
All of this is available now in SonarCloud and will be in the next version of SonarQube and SonarLint when released.
Let us know what you think!