Loading...
Loading...
Compare original and translation side by side
../../shared/schemas/flags.md| Flag | Effect |
|---|---|
| Target scope (default: |
| Analysis depth (default: |
| Minimum severity to report (default: all). |
| Output format: |
| Generate remediation patches for each finding. |
| Add OWASP context and learning material to each finding. |
../../shared/schemas/flags.md| 标志 | 作用 |
|---|---|
| 目标范围(默认值: |
| 分析深度(默认值: |
| 报告的最低严重级别(默认值:所有级别)。 |
| 输出格式: |
| 为每个检测结果生成修复补丁。 |
| 为每个检测结果添加OWASP相关背景和学习资料。 |
references/detection-patterns.mdreferences/detection-patterns.md--scopechanged*.yaml*.yml*.toml*.ini*.cfg*.conf*.json*.properties*.env*.env.*nginx.confhttpd.confapache2.confCaddyfiletraefik.ymlsettings.pyconfig/*.rbapplication.propertiesnext.config.*nuxt.config.**.tf*.hclDockerfiledocker-compose*.yml*.k8s.ymlk8s/*.yaml.github/workflows/*.yml.gitlab-ci.ymlJenkinsfile.circleci/config.yml--scopechanged*.yaml*.yml*.toml*.ini*.cfg*.conf*.json*.properties*.env*.env.*nginx.confhttpd.confapache2.confCaddyfiletraefik.ymlsettings.pyconfig/*.rbapplication.propertiesnext.config.*nuxt.config.**.tf*.hclDockerfiledocker-compose*.yml*.k8s.ymlk8s/*.yaml.github/workflows/*.yml.gitlab-ci.ymlJenkinsfile.circleci/config.yml| Scanner | Detect | Best For |
|---|---|---|
| checkov | | IaC misconfigurations (Terraform, K8s, Docker) |
| tfsec | | Terraform-specific security |
| kics | | Multi-IaC scanning |
| trivy | | Filesystem misconfigs, Dockerfiles, K8s |
| semgrep | | Code-level misconfiguration patterns |
| 扫描器 | 检测命令 | 最佳适用场景 |
|---|---|---|
| checkov | | IaC配置错误(Terraform、K8s、Docker) |
| tfsec | | Terraform特定安全问题 |
| kics | | 多IaC扫描 |
| trivy | | 文件系统配置错误、Dockerfile、K8s |
| semgrep | | 代码级配置错误模式 |
checkov -d <target> -o json --quiettfsec <target> --format jsonkics scan -p <target> --type jsontrivy fs --format json --scanners misconfig <target>semgrep scan --config auto --json --quiet <target>../../shared/schemas/scanners.mdcheckov -d <target> -o json --quiettfsec <target> --format jsonkics scan -p <target> --type jsontrivy fs --format json --scanners misconfig <target>semgrep scan --config auto --json --quiet <target>../../shared/schemas/scanners.mdreferences/detection-patterns.mdreferences/detection-patterns.md../../shared/schemas/findings.mdMSCFG-001MSCFG-002../../shared/schemas/findings.mdMSCFG-001MSCFG-002DEBUG=TrueNODE_ENV=developmentFLASK_DEBUG=1RAILS_ENV=developmentAccess-Control-Allow-Origin: *DEBUG=TrueNODE_ENV=developmentFLASK_DEBUG=1RAILS_ENV=developmentAccess-Control-Allow-Origin: *../../shared/schemas/scanners.md| Scanner | What It Catches |
|---|---|
| checkov | IaC misconfigurations: open security groups, missing encryption, public S3 buckets |
| tfsec | Terraform-specific: missing tags, public subnets, insecure defaults |
| kics | Multi-IaC: Docker, K8s, Terraform, CloudFormation misconfigurations |
| trivy | Dockerfile and K8s manifest misconfigurations, misconfigured filesystem |
| semgrep | Code patterns: missing headers, debug flags, insecure cookie settings |
references/detection-patterns.mdconfidence: medium../../shared/schemas/scanners.md| 扫描器 | 检测内容 |
|---|---|
| checkov | IaC配置错误:开放的安全组、缺失加密、公共S3存储桶 |
| tfsec | Terraform特定问题:缺失标签、公共子网、不安全的默认设置 |
| kics | 多IaC:Docker、K8s、Terraform、CloudFormation配置错误 |
| trivy | Dockerfile和K8s清单配置错误、错误配置的文件系统 |
| semgrep | 代码模式:缺失头信息、调试标志、不安全的Cookie设置 |
references/detection-patterns.mdconfidence: medium../../shared/schemas/findings.mdMSCFGMSCFG-001references.owaspA05:2021references.cwereferences.stridemetadata.toolmisconfigmetadata.frameworkowaspmetadata.categoryA05| Severity | Count |
|----------|-------|
| CRITICAL | N |
| HIGH | N |
| MEDIUM | N |
| LOW | N |../../shared/schemas/findings.mdMSCFGMSCFG-001references.owaspA05:2021references.cwereferences.stridemetadata.toolmisconfigmetadata.frameworkowaspmetadata.categoryA05| 严重级别 | 数量 |
|----------|-------|
| CRITICAL | N |
| HIGH | N |
| MEDIUM | N |
| LOW | N |