| 🛡️ AWS Account IAM Access Analyzer is not enabled for all regions🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS API Gateway API Route Authorization Type is not configured🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS CodeBuild Project Bitbucket Source Location URL contains credentials🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Auto Scaling Group Launch Template is not configured to require IMDSv2🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Default Security Group does not restrict all traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Instance IAM role is not attached🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EC2 Instance IMDSv2 is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS EKS Cluster IAM OIDC provider is not created🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS RDS Aurora Cluster access is not consistent🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS VPC is not configured with a VPC Endpoint for Amazon EC2 service🟢 | 1 | 🟢 x6 | no data |
| 🛡️ AWS VPC Route Table for VPC Peering does not follow the least privilege principle🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ AWS VPC Transit Gateway Auto Accept Shared Attachments is enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure App Service Authentication is disabled and Basic Authentication is enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure App Service Basic Authentication is enabled🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Azure App Service is not registered with Microsoft Entra ID🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Cosmos DB Account Private Endpoints are not used🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Cosmos DB Entra ID Client Authentication is not used🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Azure Databricks network security groups are not configured🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Azure Databricks Personal Access Tokens (PATs) are not restricted and expirable🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Azure Databricks users and groups are not synced from Microsoft Entra ID🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Azure Key Vault Managed HSM is not used whenever required🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Azure Key Vault Private Endpoints are not used🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Key Vault Public Network Access when using Private Endpoint is enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Key Vault Role Based Access Control is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Managed Disk Data Access Auth Mode is not set to Azure Active Directory🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure PostgreSQL Flexible Server Firewall Rules allow access to Azure services🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure SQL Server Microsoft Entra authentication is not configured🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Storage Account Access Key Rotation Reminders are not enabled🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Azure Storage Account Access Keys are not regenerated periodically🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Azure Storage Account Default To OAuth Authentication is not set to Yes🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Storage Account Private Endpoints are not used🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Storage Account Shared Access Signature Tokens do not expire within 1 hour🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Azure Storage Account Shared Key Access is not disabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Storage Account Trusted Azure Services are not enabled as networking exceptions🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Azure Subscription Bastion Host does not exist🟢 | 1 | 🟠 x1, 🟢 x5 | no data |
| 🛡️ Google Access Approval is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Cloud Function Environment Variables store confidential data🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Google Cloud MySQL Instance allows anyone to connect with administrative privileges🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Google Cloud MySQL Instance Skip_show_database Database Flag is not set to on🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Cloud SQL Server Instance contained database authentication Database Flag is set to on🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Cloud SQL Server Instance remote access Database Flag is not set to off🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Cloud SQL Server Instance user options Database Flag is configured🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Dataproc Cluster is not encrypted using Customer-Managed Encryption Key🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Instance Block Project-Wide SSH Keys is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Instance Enable Connecting to Serial Ports is not disabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Instance is configured to use the Default Service Account🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Instance is configured to use the Default Service Account with full access to all Cloud APIs🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Instance IP Forwarding is not disabled.🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Instance OS Login is not enabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network allows unrestricted SSH traffic🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GCE Network has no egress deny Firewall Rule🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GKE Cluster Control Plane Authorized Networks are disabled🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GKE Cluster Node Pool uses default Service account🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google GKE Cluster Private Google Access is not enabled.🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Identity Aware Proxy (IAP) is not used to enforce access controls🟢⚪ | | 🟢 x2, ⚪ x1 | no data |
| 🛡️ Google Project has a default network🟢 | 1 | 🟢 x6 | no data |
| 🛡️ Google Storage Bucket Uniform Bucket-Level Access is not enabled🟢 | 1 | 🟢 x6 | no data |