| 🛡️ AWS Account IAM Access Analyzer is not enabled for all regions🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS API Gateway API Route Authorization Type is not configured🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS CodeBuild Project Bitbucket Source Location URL contains credentials🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Auto Scaling Group Launch Template is not configured to require IMDSv2🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Instance IAM role is not attached🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Instance IMDSv2 is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS ECS Task Definition passes secrets as container environment variables🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS ECS Task Definition runs as privileged🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS ECS Task Definition Readonly Root Filesystem is disabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS ECS Task Definition shares the host's process namespace🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS KMS Key Policy allows public access🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS Lambda Function allows public access🟢 | 1 | 🟠 x1, 🟢 x5 | no data |
| 🛡️ AWS RDS Cluster IAM Database Authentication is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS RDS Instance IAM Database Authentication is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS Redshift Cluster Enhanced VPC Routing is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS SageMaker Notebook Instance is not in a VPC🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS SageMaker Notebook Instance Root Access is not disabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS VPC is not configured with a VPC Endpoint for Amazon EC2 service🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS VPC Transit Gateway Auto Accept Shared Attachments is enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure App Service Authentication is disabled and Basic Authentication is enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure App Service Basic Authentication is enabled🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Azure App Service is not registered with Microsoft Entra ID🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Cosmos DB Account Private Endpoints are not used🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Cosmos DB Account Virtual Network Filter is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Cosmos DB Entra ID Client Authentication is not used🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Azure Databricks users and groups are not synced from Microsoft Entra ID🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Azure Databricks Workspace does not use private endpoint connections🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Databricks Workspace is not deployed in a customer-managed virtual network (VNet)🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Key Vault Managed HSM is not used whenever required🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Azure Key Vault Private Endpoints are not used🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Key Vault Role Based Access Control is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Managed Disk Data Access Auth Mode is not set to Azure Active Directory🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Network Security Perimeter is used to secure Azure PaaS resources🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Azure SQL Server Microsoft Entra authentication is not configured🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Storage Account Default To OAuth Authentication is not set to Yes🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Storage Account Private Endpoints are not used🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Storage Account Shared Key Access is not disabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Virtual Network Gateway point-to-site configuration authentication type is not set to Azure Active Directory🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Google Access Approval is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Cloud Function Environment Variables store confidential data🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Google Cloud MySQL Instance allows anyone to connect with administrative privileges🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Google Cloud MySQL Instance Skip_show_database Database Flag is not set to on🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Cloud SQL Server Instance contained database authentication Database Flag is set to on🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Cloud SQL Server Instance user options Database Flag is configured🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Instance Block Project-Wide SSH Keys is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Instance is configured to use the Default Service Account🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Instance OS Login is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GKE Cluster Control Plane Authorized Networks are disabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GKE Cluster Network policy is disabled.🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Identity Aware Proxy (IAP) is not used to enforce access controls🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Google KMS Crypto Key is anonymously or publicly accessible🟠🟢⚪ | | 🟠 x1, 🟢 x2, ⚪ x1 | no data |
| 🛡️ Google Storage Bucket Uniform Bucket-Level Access is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Microsoft Entra ID Passwordless Authentication Methods are used🟢⚪ | | 🟢 x2, ⚪ x1 | no data |