NPM package potentially vulnerable to dependency confusion attack
A Dependency Confusion attack occurs when a software installer script is tricked into pulling a malicious package from a public...
Cloud Risks
Docker container escape
Docker Socket '{DockerSocket}' was found to have mounted sockets. Docker socket is the UNIX socket that Docker is listening to....
PyPi package potentially vulnerable to dependency confusion attack
A Dependency Confusion attack occurs when a software installer script is tricked into pulling a malicious package from a public...
Redundant Service Found on Windows VM
It was found that a few redundant services are running on the server. As a best practice, it is recommended...
RDS database cluster is using an unsupported engine version
RDS database cluster ""{AwsRdsDbCluster}"" is using an unsupported engine version. The database engine is ""{AwsRdsDbCluster.Engine}"" and the current version being...
VMware Virtual Machine with connected serial ports
A VMware virtual machine is a software-based emulation of a physical computer. It was detected that the VMware VM {VmwareVm.Name}...
Kubernetes node’s kubelet –tls-cert-file and –tls-private-key-file are not set
Kubelet communication contains sensitive parameters that should remain encrypted in transit. Orca has detected that the --tls-cert-file or --tls-private-key-file arguments...
Kubernetes node’s kubelet anonymous-auth flag is enabled
The kubelet reads various parameters, including security settings, from a config file. When the anonymous-auth flag is enabled, requests that...
Kubernetes node’s kubelet authorization-mode is set to AlwaysAllow
The kubelet reads various parameters, including security settings, from a config file. When AuthorizationMode is set to 'AlwaysAllow', the kubelet...