ntravis · Apr 13, 2022
diff --git a/‎docs/5.Policy Index/all.md
+59-53 b/‎docs/5.Policy Index/all.md
+59-53
diff --git a/‎docs/5.Policy Index/openapi.md
+21 b/‎docs/5.Policy Index/openapi.md
+21
@@ -1967,59 +1967,65 @@ nav_order: 1
 | 1956 | CKV2_OCI_1      | resource                         | oci_identity_group                                                           | Ensure administrator users are not associated with API keys                                                                                                                                              | Terraform               |
 | 1957 | CKV2_OCI_1      | resource                         | oci_identity_user                                                            | Ensure administrator users are not associated with API keys                                                                                                                                              | Terraform               |
 | 1958 | CKV2_OCI_1      | resource                         | oci_identity_user_group_membership                                           | Ensure administrator users are not associated with API keys                                                                                                                                              | Terraform               |
-| 1959 | CKV_OPENSTACK_1 | provider                         | openstack                                                                    | Ensure no hard coded OpenStack password, token, or application_credential_secret exists in provider                                                                                                      | Terraform               |
-| 1960 | CKV_OPENSTACK_2 | resource                         | openstack_compute_secgroup_v2                                                | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp)                                                                                                                            | Terraform               |
-| 1961 | CKV_OPENSTACK_2 | resource                         | openstack_networking_secgroup_rule_v2                                        | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp)                                                                                                                            | Terraform               |
-| 1962 | CKV_OPENSTACK_3 | resource                         | openstack_compute_secgroup_v2                                                | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp)                                                                                                                          | Terraform               |
-| 1963 | CKV_OPENSTACK_3 | resource                         | openstack_networking_secgroup_rule_v2                                        | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp)                                                                                                                          | Terraform               |
-| 1964 | CKV_OPENSTACK_4 | resource                         | openstack_compute_instance_v2                                                | Ensure that instance does not use basic credentials                                                                                                                                                      | Terraform               |
-| 1965 | CKV_OPENSTACK_5 | resource                         | openstack_fw_rule_v1                                                         | Ensure firewall rule set a destination IP                                                                                                                                                                | Terraform               |
-| 1966 | CKV_PAN_1       | provider                         | panos                                                                        | Ensure no hard coded PAN-OS credentials exist in provider                                                                                                                                                | Terraform               |
-| 1967 | CKV_PAN_2       | resource                         | panos_management_profile                                                     | Ensure plain-text management HTTP is not enabled for an Interface Management Profile                                                                                                                     | Terraform               |
-| 1968 | CKV_PAN_3       | resource                         | panos_management_profile                                                     | Ensure plain-text management Telnet is not enabled for an Interface Management Profile                                                                                                                   | Terraform               |
-| 1969 | CKV_PAN_4       | resource                         | panos_security_policy                                                        | Ensure DSRI is not enabled within security policies                                                                                                                                                      | Terraform               |
-| 1970 | CKV_PAN_4       | resource                         | panos_security_rule_group                                                    | Ensure DSRI is not enabled within security policies                                                                                                                                                      | Terraform               |
-| 1971 | CKV_PAN_5       | resource                         | panos_security_policy                                                        | Ensure security rules do not have 'applications' set to 'any'                                                                                                                                            | Terraform               |
-| 1972 | CKV_PAN_5       | resource                         | panos_security_rule_group                                                    | Ensure security rules do not have 'applications' set to 'any'                                                                                                                                            | Terraform               |
-| 1973 | CKV_PAN_6       | resource                         | panos_security_policy                                                        | Ensure security rules do not have 'services' set to 'any'                                                                                                                                                | Terraform               |
-| 1974 | CKV_PAN_6       | resource                         | panos_security_rule_group                                                    | Ensure security rules do not have 'services' set to 'any'                                                                                                                                                | Terraform               |
-| 1975 | CKV_PAN_7       | resource                         | panos_security_policy                                                        | Ensure security rules do not have 'source_addresses' and 'destination_addresses' both containing values of 'any'                                                                                         | Terraform               |
-| 1976 | CKV_PAN_7       | resource                         | panos_security_rule_group                                                    | Ensure security rules do not have 'source_addresses' and 'destination_addresses' both containing values of 'any'                                                                                         | Terraform               |
-| 1977 | CKV_PAN_8       | resource                         | panos_security_policy                                                        | Ensure description is populated within security policies                                                                                                                                                 | Terraform               |
-| 1978 | CKV_PAN_8       | resource                         | panos_security_rule_group                                                    | Ensure description is populated within security policies                                                                                                                                                 | Terraform               |
-| 1979 | CKV_PAN_9       | resource                         | panos_security_policy                                                        | Ensure a Log Forwarding Profile is selected for each security policy rule                                                                                                                                | Terraform               |
-| 1980 | CKV_PAN_9       | resource                         | panos_security_rule_group                                                    | Ensure a Log Forwarding Profile is selected for each security policy rule                                                                                                                                | Terraform               |
-| 1981 | CKV_PAN_10      | resource                         | panos_security_policy                                                        | Ensure logging at session end is enabled within security policies                                                                                                                                        | Terraform               |
-| 1982 | CKV_PAN_10      | resource                         | panos_security_rule_group                                                    | Ensure logging at session end is enabled within security policies                                                                                                                                        | Terraform               |
-| 1983 | CKV_PAN_11      | resource                         | panos_ipsec_crypto_profile                                                   | Ensure IPsec profiles do not specify use of insecure encryption algorithms                                                                                                                               | Terraform               |
-| 1984 | CKV_PAN_11      | resource                         | panos_panorama_ipsec_crypto_profile                                          | Ensure IPsec profiles do not specify use of insecure encryption algorithms                                                                                                                               | Terraform               |
-| 1985 | CKV_PAN_12      | resource                         | panos_ipsec_crypto_profile                                                   | Ensure IPsec profiles do not specify use of insecure authentication algorithms                                                                                                                           | Terraform               |
-| 1986 | CKV_PAN_12      | resource                         | panos_panorama_ipsec_crypto_profile                                          | Ensure IPsec profiles do not specify use of insecure authentication algorithms                                                                                                                           | Terraform               |
-| 1987 | CKV_PAN_13      | resource                         | panos_ipsec_crypto_profile                                                   | Ensure IPsec profiles do not specify use of insecure protocols                                                                                                                                           | Terraform               |
-| 1988 | CKV_PAN_13      | resource                         | panos_panorama_ipsec_crypto_profile                                          | Ensure IPsec profiles do not specify use of insecure protocols                                                                                                                                           | Terraform               |
-| 1989 | CKV_PAN_14      | resource                         | panos_panorama_zone                                                          | Ensure a Zone Protection Profile is defined within Security Zones                                                                                                                                        | Terraform               |
-| 1990 | CKV_PAN_14      | resource                         | panos_zone                                                                   | Ensure a Zone Protection Profile is defined within Security Zones                                                                                                                                        | Terraform               |
-| 1991 | CKV_PAN_14      | resource                         | panos_zone_entry                                                             | Ensure a Zone Protection Profile is defined within Security Zones                                                                                                                                        | Terraform               |
-| 1992 | CKV_PAN_15      | resource                         | panos_panorama_zone                                                          | Ensure an Include ACL is defined for a Zone when User-ID is enabled                                                                                                                                      | Terraform               |
-| 1993 | CKV_PAN_15      | resource                         | panos_zone                                                                   | Ensure an Include ACL is defined for a Zone when User-ID is enabled                                                                                                                                      | Terraform               |
-| 1994 | CKV_SECRET_1    | Artifactory Credentials          | secrets                                                                      | Artifactory Credentials                                                                                                                                                                                  | secrets                 |
-| 1995 | CKV_SECRET_2    | AWS Access Key                   | secrets                                                                      | AWS Access Key                                                                                                                                                                                           | secrets                 |
-| 1996 | CKV_SECRET_3    | Azure Storage Account access key | secrets                                                                      | Azure Storage Account access key                                                                                                                                                                         | secrets                 |
-| 1997 | CKV_SECRET_4    | Basic Auth Credentials           | secrets                                                                      | Basic Auth Credentials                                                                                                                                                                                   | secrets                 |
-| 1998 | CKV_SECRET_5    | Cloudant Credentials             | secrets                                                                      | Cloudant Credentials                                                                                                                                                                                     | secrets                 |
-| 1999 | CKV_SECRET_6    | Base64 High Entropy String       | secrets                                                                      | Base64 High Entropy String                                                                                                                                                                               | secrets                 |
-| 2000 | CKV_SECRET_7    | IBM Cloud IAM Key                | secrets                                                                      | IBM Cloud IAM Key                                                                                                                                                                                        | secrets                 |
-| 2001 | CKV_SECRET_8    | IBM COS HMAC Credentials         | secrets                                                                      | IBM COS HMAC Credentials                                                                                                                                                                                 | secrets                 |
-| 2002 | CKV_SECRET_9    | JSON Web Token                   | secrets                                                                      | JSON Web Token                                                                                                                                                                                           | secrets                 |
-| 2003 | CKV_SECRET_11   | Mailchimp Access Key             | secrets                                                                      | Mailchimp Access Key                                                                                                                                                                                     | secrets                 |
-| 2004 | CKV_SECRET_12   | NPM tokens                       | secrets                                                                      | NPM tokens                                                                                                                                                                                               | secrets                 |
-| 2005 | CKV_SECRET_13   | Private Key                      | secrets                                                                      | Private Key                                                                                                                                                                                              | secrets                 |
-| 2006 | CKV_SECRET_14   | Slack Token                      | secrets                                                                      | Slack Token                                                                                                                                                                                              | secrets                 |
-| 2007 | CKV_SECRET_15   | SoftLayer Credentials            | secrets                                                                      | SoftLayer Credentials                                                                                                                                                                                    | secrets                 |
-| 2008 | CKV_SECRET_16   | Square OAuth Secret              | secrets                                                                      | Square OAuth Secret                                                                                                                                                                                      | secrets                 |
-| 2009 | CKV_SECRET_17   | Stripe Access Key                | secrets                                                                      | Stripe Access Key                                                                                                                                                                                        | secrets                 |
-| 2010 | CKV_SECRET_18   | Twilio API Key                   | secrets                                                                      | Twilio API Key                                                                                                                                                                                           | secrets                 |
-| 2011 | CKV_SECRET_19   | Hex High Entropy String          | secrets                                                                      | Hex High Entropy String                                                                                                                                                                                  | secrets                 |
+| 1959 | CKV_OPENAPI_1   | resource                         | securityDefinitions                                                          | Ensure that securityDefinitions is defined and not empty.                                                                                                                                                | OpenAPI                 |
+| 1960 | CKV_OPENAPI_2   | resource                         | security                                                                     | Ensure that if the security scheme is not of type 'oauth2', the array value must be empty                                                                                                                | OpenAPI                 |
+| 1961 | CKV_OPENAPI_3   | resource                         | components                                                                   | Ensure that security schemes don't allow cleartext credentials over unencrypted channel                                                                                                                  | OpenAPI                 |
+| 1962 | CKV_OPENAPI_4   | resource                         | security                                                                     | Ensure that the global security field has rules defined                                                                                                                                                  | OpenAPI                 |
+| 1963 | CKV_OPENAPI_5   | resource                         | security                                                                     | Ensure that security operations is not empty.                                                                                                                                                            | OpenAPI                 |
+| 1964 | CKV_OPENAPI_6   | resource                         | security                                                                     | Ensure that security requirement defined in securityDefinitions.                                                                                                                                         | OpenAPI                 |
+| 1965 | CKV_OPENSTACK_1 | provider                         | openstack                                                                    | Ensure no hard coded OpenStack password, token, or application_credential_secret exists in provider                                                                                                      | Terraform               |
+| 1966 | CKV_OPENSTACK_2 | resource                         | openstack_compute_secgroup_v2                                                | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp)                                                                                                                            | Terraform               |
+| 1967 | CKV_OPENSTACK_2 | resource                         | openstack_networking_secgroup_rule_v2                                        | Ensure no security groups allow ingress from 0.0.0.0:0 to port 22 (tcp / udp)                                                                                                                            | Terraform               |
+| 1968 | CKV_OPENSTACK_3 | resource                         | openstack_compute_secgroup_v2                                                | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp)                                                                                                                          | Terraform               |
+| 1969 | CKV_OPENSTACK_3 | resource                         | openstack_networking_secgroup_rule_v2                                        | Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp)                                                                                                                          | Terraform               |
+| 1970 | CKV_OPENSTACK_4 | resource                         | openstack_compute_instance_v2                                                | Ensure that instance does not use basic credentials                                                                                                                                                      | Terraform               |
+| 1971 | CKV_OPENSTACK_5 | resource                         | openstack_fw_rule_v1                                                         | Ensure firewall rule set a destination IP                                                                                                                                                                | Terraform               |
+| 1972 | CKV_PAN_1       | provider                         | panos                                                                        | Ensure no hard coded PAN-OS credentials exist in provider                                                                                                                                                | Terraform               |
+| 1973 | CKV_PAN_2       | resource                         | panos_management_profile                                                     | Ensure plain-text management HTTP is not enabled for an Interface Management Profile                                                                                                                     | Terraform               |
+| 1974 | CKV_PAN_3       | resource                         | panos_management_profile                                                     | Ensure plain-text management Telnet is not enabled for an Interface Management Profile                                                                                                                   | Terraform               |
+| 1975 | CKV_PAN_4       | resource                         | panos_security_policy                                                        | Ensure DSRI is not enabled within security policies                                                                                                                                                      | Terraform               |
+| 1976 | CKV_PAN_4       | resource                         | panos_security_rule_group                                                    | Ensure DSRI is not enabled within security policies                                                                                                                                                      | Terraform               |
+| 1977 | CKV_PAN_5       | resource                         | panos_security_policy                                                        | Ensure security rules do not have 'applications' set to 'any'                                                                                                                                            | Terraform               |
+| 1978 | CKV_PAN_5       | resource                         | panos_security_rule_group                                                    | Ensure security rules do not have 'applications' set to 'any'                                                                                                                                            | Terraform               |
+| 1979 | CKV_PAN_6       | resource                         | panos_security_policy                                                        | Ensure security rules do not have 'services' set to 'any'                                                                                                                                                | Terraform               |
+| 1980 | CKV_PAN_6       | resource                         | panos_security_rule_group                                                    | Ensure security rules do not have 'services' set to 'any'                                                                                                                                                | Terraform               |
+| 1981 | CKV_PAN_7       | resource                         | panos_security_policy                                                        | Ensure security rules do not have 'source_addresses' and 'destination_addresses' both containing values of 'any'                                                                                         | Terraform               |
+| 1982 | CKV_PAN_7       | resource                         | panos_security_rule_group                                                    | Ensure security rules do not have 'source_addresses' and 'destination_addresses' both containing values of 'any'                                                                                         | Terraform               |
+| 1983 | CKV_PAN_8       | resource                         | panos_security_policy                                                        | Ensure description is populated within security policies                                                                                                                                                 | Terraform               |
+| 1984 | CKV_PAN_8       | resource                         | panos_security_rule_group                                                    | Ensure description is populated within security policies                                                                                                                                                 | Terraform               |
+| 1985 | CKV_PAN_9       | resource                         | panos_security_policy                                                        | Ensure a Log Forwarding Profile is selected for each security policy rule                                                                                                                                | Terraform               |
+| 1986 | CKV_PAN_9       | resource                         | panos_security_rule_group                                                    | Ensure a Log Forwarding Profile is selected for each security policy rule                                                                                                                                | Terraform               |
+| 1987 | CKV_PAN_10      | resource                         | panos_security_policy                                                        | Ensure logging at session end is enabled within security policies                                                                                                                                        | Terraform               |
+| 1988 | CKV_PAN_10      | resource                         | panos_security_rule_group                                                    | Ensure logging at session end is enabled within security policies                                                                                                                                        | Terraform               |
+| 1989 | CKV_PAN_11      | resource                         | panos_ipsec_crypto_profile                                                   | Ensure IPsec profiles do not specify use of insecure encryption algorithms                                                                                                                               | Terraform               |
+| 1990 | CKV_PAN_11      | resource                         | panos_panorama_ipsec_crypto_profile                                          | Ensure IPsec profiles do not specify use of insecure encryption algorithms                                                                                                                               | Terraform               |
+| 1991 | CKV_PAN_12      | resource                         | panos_ipsec_crypto_profile                                                   | Ensure IPsec profiles do not specify use of insecure authentication algorithms                                                                                                                           | Terraform               |
+| 1992 | CKV_PAN_12      | resource                         | panos_panorama_ipsec_crypto_profile                                          | Ensure IPsec profiles do not specify use of insecure authentication algorithms                                                                                                                           | Terraform               |
+| 1993 | CKV_PAN_13      | resource                         | panos_ipsec_crypto_profile                                                   | Ensure IPsec profiles do not specify use of insecure protocols                                                                                                                                           | Terraform               |
+| 1994 | CKV_PAN_13      | resource                         | panos_panorama_ipsec_crypto_profile                                          | Ensure IPsec profiles do not specify use of insecure protocols                                                                                                                                           | Terraform               |
+| 1995 | CKV_PAN_14      | resource                         | panos_panorama_zone                                                          | Ensure a Zone Protection Profile is defined within Security Zones                                                                                                                                        | Terraform               |
+| 1996 | CKV_PAN_14      | resource                         | panos_zone                                                                   | Ensure a Zone Protection Profile is defined within Security Zones                                                                                                                                        | Terraform               |
+| 1997 | CKV_PAN_14      | resource                         | panos_zone_entry                                                             | Ensure a Zone Protection Profile is defined within Security Zones                                                                                                                                        | Terraform               |
+| 1998 | CKV_PAN_15      | resource                         | panos_panorama_zone                                                          | Ensure an Include ACL is defined for a Zone when User-ID is enabled                                                                                                                                      | Terraform               |
+| 1999 | CKV_PAN_15      | resource                         | panos_zone                                                                   | Ensure an Include ACL is defined for a Zone when User-ID is enabled                                                                                                                                      | Terraform               |
+| 2000 | CKV_SECRET_1    | Artifactory Credentials          | secrets                                                                      | Artifactory Credentials                                                                                                                                                                                  | secrets                 |
+| 2001 | CKV_SECRET_2    | AWS Access Key                   | secrets                                                                      | AWS Access Key                                                                                                                                                                                           | secrets                 |
+| 2002 | CKV_SECRET_3    | Azure Storage Account access key | secrets                                                                      | Azure Storage Account access key                                                                                                                                                                         | secrets                 |
+| 2003 | CKV_SECRET_4    | Basic Auth Credentials           | secrets                                                                      | Basic Auth Credentials                                                                                                                                                                                   | secrets                 |
+| 2004 | CKV_SECRET_5    | Cloudant Credentials             | secrets                                                                      | Cloudant Credentials                                                                                                                                                                                     | secrets                 |
+| 2005 | CKV_SECRET_6    | Base64 High Entropy String       | secrets                                                                      | Base64 High Entropy String                                                                                                                                                                               | secrets                 |
+| 2006 | CKV_SECRET_7    | IBM Cloud IAM Key                | secrets                                                                      | IBM Cloud IAM Key                                                                                                                                                                                        | secrets                 |
+| 2007 | CKV_SECRET_8    | IBM COS HMAC Credentials         | secrets                                                                      | IBM COS HMAC Credentials                                                                                                                                                                                 | secrets                 |
+| 2008 | CKV_SECRET_9    | JSON Web Token                   | secrets                                                                      | JSON Web Token                                                                                                                                                                                           | secrets                 |
+| 2009 | CKV_SECRET_11   | Mailchimp Access Key             | secrets                                                                      | Mailchimp Access Key                                                                                                                                                                                     | secrets                 |
+| 2010 | CKV_SECRET_12   | NPM tokens                       | secrets                                                                      | NPM tokens                                                                                                                                                                                               | secrets                 |
+| 2011 | CKV_SECRET_13   | Private Key                      | secrets                                                                      | Private Key                                                                                                                                                                                              | secrets                 |
+| 2012 | CKV_SECRET_14   | Slack Token                      | secrets                                                                      | Slack Token                                                                                                                                                                                              | secrets                 |
+| 2013 | CKV_SECRET_15   | SoftLayer Credentials            | secrets                                                                      | SoftLayer Credentials                                                                                                                                                                                    | secrets                 |
+| 2014 | CKV_SECRET_16   | Square OAuth Secret              | secrets                                                                      | Square OAuth Secret                                                                                                                                                                                      | secrets                 |
+| 2015 | CKV_SECRET_17   | Stripe Access Key                | secrets                                                                      | Stripe Access Key                                                                                                                                                                                        | secrets                 |
+| 2016 | CKV_SECRET_18   | Twilio API Key                   | secrets                                                                      | Twilio API Key                                                                                                                                                                                           | secrets                 |
+| 2017 | CKV_SECRET_19   | Hex High Entropy String          | secrets                                                                      | Hex High Entropy String                                                                                                                                                                                  | secrets                 |
 
 
 ---
 
@@ -0,0 +1,21 @@
+---
+layout: default
+title: openapi resource scans
+nav_order: 1
+---
+
+# openapi resource scans (auto generated)
+
+|    | Id            | Type     | Entity              | Policy                                                                                    | IaC     |
+|----|---------------|----------|---------------------|-------------------------------------------------------------------------------------------|---------|
+|  0 | CKV_OPENAPI_1 | resource | securityDefinitions | Ensure that securityDefinitions is defined and not empty.                                 | OpenAPI |
+|  1 | CKV_OPENAPI_2 | resource | security            | Ensure that if the security scheme is not of type 'oauth2', the array value must be empty | OpenAPI |
+|  2 | CKV_OPENAPI_3 | resource | components          | Ensure that security schemes don't allow cleartext credentials over unencrypted channel   | OpenAPI |
+|  3 | CKV_OPENAPI_4 | resource | security            | Ensure that the global security field has rules defined                                   | OpenAPI |
+|  4 | CKV_OPENAPI_5 | resource | security            | Ensure that security operations is not empty.                                             | OpenAPI |
+|  5 | CKV_OPENAPI_6 | resource | security            | Ensure that security requirement defined in securityDefinitions.                          | OpenAPI |
+
+
+---
+
+