├── .coveragerc ├── .dockerignore ├── .github └── workflows │ ├── publish.yml │ └── test.yml ├── .gitignore ├── .pre-commit-config.yaml ├── CODE_OF_CONDUCT.md ├── Dockerfile ├── LICENSE ├── MANIFEST.in ├── Makefile ├── README.md ├── aws ├── __init__.py ├── autoscaling │ ├── __init__.py │ └── resources.py ├── client.py ├── cloudtrail │ ├── __init__.py │ ├── resources.py │ ├── test_cloudtrail_enabled_in_all_regions.py │ └── test_cloudtrail_log_validation_enabled.py ├── conftest.py ├── ec2 │ ├── __init__.py │ ├── helpers.py │ ├── resources.py │ ├── test_ec2_all_eips_bound.py │ ├── test_ec2_ebs_snapshot_not_too_old.py │ ├── test_ec2_ebs_snapshots_are_private.py │ ├── test_ec2_ebs_volume_attached_to_instance.py │ ├── test_ec2_ebs_volume_encrypted.py │ ├── test_ec2_ebs_volume_not_piops.py │ ├── test_ec2_instance_has_required_tags.py │ ├── test_ec2_instance_on_acceptable_ami.py │ ├── test_ec2_security_group_in_use.py │ ├── test_ec2_security_group_opens_all_ports.py │ ├── test_ec2_security_group_opens_all_ports_to_all.py │ ├── test_ec2_security_group_opens_all_ports_to_self.py │ ├── test_ec2_security_group_opens_specific_ports_to_all.py │ └── test_ec2_vpc_flow_log_enabled.py ├── elasticache │ ├── __init__.py │ └── resources.py ├── elasticsearch │ ├── __init__.py │ ├── resources.py │ └── test_elasticsearch_domains_have_logging_enabled.py ├── elb │ ├── resources.py │ ├── test_elb_desync_mode.py │ └── test_elb_instances_attached.py ├── iam │ ├── __init__.py │ ├── helpers.py │ ├── resources.py │ ├── test_iam_access_key_is_old.py │ ├── test_iam_admin_user_with_access_keys.py │ ├── test_iam_admin_user_without_mfa.py │ ├── test_iam_cross_account_admin_roles_require_mfa.py │ ├── test_iam_user_is_inactive.py │ └── test_iam_user_without_mfa.py ├── rds │ ├── __init__.py │ ├── helpers.py │ ├── resources.py │ ├── test_rds_db_instance_backup_enabled.py │ ├── test_rds_db_instance_encrypted.py │ ├── test_rds_db_instance_is_multiaz.py │ ├── test_rds_db_instance_is_postgres_with_invalid_certificate.py │ ├── test_rds_db_instance_minor_version_updates_enabled.py │ ├── test_rds_db_instance_not_publicly_accessible_by_vpc_sg.py │ ├── test_rds_db_instance_storage_type_not_piops.py │ ├── test_rds_db_security_group_does_not_grant_public_access.py │ ├── test_rds_db_snapshot_encrypted.py │ ├── test_rds_db_snapshot_not_publicly_accessible.py │ └── test_rds_db_snapshot_not_too_old.py ├── redshift │ ├── __init__.py │ ├── helpers.py │ ├── resources.py │ └── test_redshift_security_group_does_not_allow_all_ips_access.py ├── route53 │ ├── __init__.py │ ├── resources.py │ └── test_route53_cnames_minimum_ttl_or_greater.py ├── s3 │ ├── __init__.py │ ├── helpers.py │ ├── resources.py │ ├── test_s3_bucket_cors_disabled.py │ ├── test_s3_bucket_does_not_grant_all_principals_all_actions.py │ ├── test_s3_bucket_has_life_cycle_policy.py │ ├── test_s3_bucket_logging_enabled.py │ ├── test_s3_bucket_no_world_acl.py │ ├── test_s3_bucket_versioning_enabled.py │ ├── test_s3_bucket_versioning_mfa_delete_enabled.py │ └── test_s3_bucket_web_hosting_disabled.py └── sns │ ├── __init__.py │ ├── resources.py │ ├── test_sns_pending_verified.py │ ├── test_sns_subscriptions_without_topics.py │ └── test_sns_topics_without_subscriptions.py ├── cache.py ├── config.yaml.example ├── conftest.py ├── custom_config.py ├── docs ├── .nojekyll ├── Architecture.rst ├── CodingConventions.rst ├── ContributingDocumentation.rst ├── FAQ.rst ├── Makefile ├── MozillaDeployment.rst ├── NewServices.rst ├── Source.rst ├── UseCases.rst ├── conf.py ├── frost-snowman-logo.png ├── index.rst ├── readme-include.md └── requirements.txt ├── example_cache └── v │ ├── cache │ └── lastfailed │ ├── pytest_aws:example-account:us-east-1:iam:list_user_policies::UserName=spacemanspiff.json │ ├── pytest_aws:example-account:us-east-1:iam:list_user_policies::UserName=tigerone.json │ └── pytest_aws:example-account:us-east-1:iam:list_users::.json ├── exemptions.py ├── frost ├── __init__.py └── cli.py ├── gcp ├── __init__.py ├── bigquery │ ├── __init__.py │ ├── resources.py │ └── test_dataset_not_publicly_accessible.py ├── client.py ├── compute │ ├── __init__.py │ ├── helpers.py │ ├── resources.py │ ├── test_firewall_opens_all_ports_to_all.py │ ├── test_firewall_opens_all_ports_to_any.py │ ├── test_firewall_opens_any_ports_to_all.py │ ├── test_gke_version_up_to_date.py │ └── test_only_allowed_gke_versions.py ├── conftest.py ├── iam │ ├── __init__.py │ ├── helpers.py │ ├── resources.py │ ├── test_admin_service_accounts.py │ ├── test_only_allowed_org_accounts.py │ └── test_service_account_key_is_old.py └── sql │ ├── __init__.py │ ├── resources.py │ ├── test_sql_instance_automatic_backup_enabled.py │ ├── test_sql_instance_private_ip_required.py │ └── test_sql_instance_ssl_required.py ├── gsuite ├── README.md ├── __init__.py ├── admin │ ├── __init__.py │ ├── helpers.py │ ├── resources.py │ ├── test_admin_user_is_inactive.py │ └── test_groups_have_enough_owners.py ├── client.py └── conftest.py ├── helpers.py ├── meta_test_cache.py ├── renovate.json ├── requirements.txt ├── service_report_generator.py ├── setup.py └── severity.py /.coveragerc: -------------------------------------------------------------------------------- 1 | [run] 2 | branch = True 3 | omit = venv/* 4 | -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/.dockerignore -------------------------------------------------------------------------------- /.github/workflows/publish.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/.github/workflows/publish.yml -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/.github/workflows/test.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/.gitignore -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/.pre-commit-config.yaml -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/CODE_OF_CONDUCT.md -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/Dockerfile -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/LICENSE -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/MANIFEST.in -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/Makefile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/README.md -------------------------------------------------------------------------------- /aws/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/autoscaling/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/autoscaling/resources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/autoscaling/resources.py -------------------------------------------------------------------------------- /aws/client.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/client.py -------------------------------------------------------------------------------- /aws/cloudtrail/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/cloudtrail/resources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/cloudtrail/resources.py -------------------------------------------------------------------------------- /aws/cloudtrail/test_cloudtrail_enabled_in_all_regions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/cloudtrail/test_cloudtrail_enabled_in_all_regions.py -------------------------------------------------------------------------------- /aws/cloudtrail/test_cloudtrail_log_validation_enabled.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/cloudtrail/test_cloudtrail_log_validation_enabled.py -------------------------------------------------------------------------------- /aws/conftest.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/conftest.py -------------------------------------------------------------------------------- /aws/ec2/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/ec2/helpers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/ec2/helpers.py -------------------------------------------------------------------------------- /aws/ec2/resources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/ec2/resources.py -------------------------------------------------------------------------------- /aws/ec2/test_ec2_all_eips_bound.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/ec2/test_ec2_all_eips_bound.py -------------------------------------------------------------------------------- /aws/ec2/test_ec2_ebs_snapshot_not_too_old.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/ec2/test_ec2_ebs_snapshot_not_too_old.py -------------------------------------------------------------------------------- /aws/ec2/test_ec2_ebs_snapshots_are_private.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/ec2/test_ec2_ebs_snapshots_are_private.py -------------------------------------------------------------------------------- /aws/ec2/test_ec2_ebs_volume_attached_to_instance.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/ec2/test_ec2_ebs_volume_attached_to_instance.py -------------------------------------------------------------------------------- /aws/ec2/test_ec2_ebs_volume_encrypted.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/ec2/test_ec2_ebs_volume_encrypted.py -------------------------------------------------------------------------------- /aws/ec2/test_ec2_ebs_volume_not_piops.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/ec2/test_ec2_ebs_volume_not_piops.py -------------------------------------------------------------------------------- /aws/ec2/test_ec2_instance_has_required_tags.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/ec2/test_ec2_instance_has_required_tags.py -------------------------------------------------------------------------------- /aws/ec2/test_ec2_instance_on_acceptable_ami.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/ec2/test_ec2_instance_on_acceptable_ami.py -------------------------------------------------------------------------------- /aws/ec2/test_ec2_security_group_in_use.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/ec2/test_ec2_security_group_in_use.py -------------------------------------------------------------------------------- /aws/ec2/test_ec2_security_group_opens_all_ports.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/ec2/test_ec2_security_group_opens_all_ports.py -------------------------------------------------------------------------------- /aws/ec2/test_ec2_security_group_opens_all_ports_to_all.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/ec2/test_ec2_security_group_opens_all_ports_to_all.py -------------------------------------------------------------------------------- /aws/ec2/test_ec2_security_group_opens_all_ports_to_self.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/ec2/test_ec2_security_group_opens_all_ports_to_self.py -------------------------------------------------------------------------------- /aws/ec2/test_ec2_security_group_opens_specific_ports_to_all.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/ec2/test_ec2_security_group_opens_specific_ports_to_all.py -------------------------------------------------------------------------------- /aws/ec2/test_ec2_vpc_flow_log_enabled.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/ec2/test_ec2_vpc_flow_log_enabled.py -------------------------------------------------------------------------------- /aws/elasticache/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/elasticache/resources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/elasticache/resources.py -------------------------------------------------------------------------------- /aws/elasticsearch/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/elasticsearch/resources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/elasticsearch/resources.py -------------------------------------------------------------------------------- /aws/elasticsearch/test_elasticsearch_domains_have_logging_enabled.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/elasticsearch/test_elasticsearch_domains_have_logging_enabled.py -------------------------------------------------------------------------------- /aws/elb/resources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/elb/resources.py -------------------------------------------------------------------------------- /aws/elb/test_elb_desync_mode.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/elb/test_elb_desync_mode.py -------------------------------------------------------------------------------- /aws/elb/test_elb_instances_attached.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/elb/test_elb_instances_attached.py -------------------------------------------------------------------------------- /aws/iam/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/iam/helpers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/iam/helpers.py -------------------------------------------------------------------------------- /aws/iam/resources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/iam/resources.py -------------------------------------------------------------------------------- /aws/iam/test_iam_access_key_is_old.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/iam/test_iam_access_key_is_old.py -------------------------------------------------------------------------------- /aws/iam/test_iam_admin_user_with_access_keys.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/iam/test_iam_admin_user_with_access_keys.py -------------------------------------------------------------------------------- /aws/iam/test_iam_admin_user_without_mfa.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/iam/test_iam_admin_user_without_mfa.py -------------------------------------------------------------------------------- /aws/iam/test_iam_cross_account_admin_roles_require_mfa.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/iam/test_iam_cross_account_admin_roles_require_mfa.py -------------------------------------------------------------------------------- /aws/iam/test_iam_user_is_inactive.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/iam/test_iam_user_is_inactive.py -------------------------------------------------------------------------------- /aws/iam/test_iam_user_without_mfa.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/iam/test_iam_user_without_mfa.py -------------------------------------------------------------------------------- /aws/rds/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/rds/helpers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/rds/helpers.py -------------------------------------------------------------------------------- /aws/rds/resources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/rds/resources.py -------------------------------------------------------------------------------- /aws/rds/test_rds_db_instance_backup_enabled.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/rds/test_rds_db_instance_backup_enabled.py -------------------------------------------------------------------------------- /aws/rds/test_rds_db_instance_encrypted.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/rds/test_rds_db_instance_encrypted.py -------------------------------------------------------------------------------- /aws/rds/test_rds_db_instance_is_multiaz.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/rds/test_rds_db_instance_is_multiaz.py -------------------------------------------------------------------------------- /aws/rds/test_rds_db_instance_is_postgres_with_invalid_certificate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/rds/test_rds_db_instance_is_postgres_with_invalid_certificate.py -------------------------------------------------------------------------------- /aws/rds/test_rds_db_instance_minor_version_updates_enabled.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/rds/test_rds_db_instance_minor_version_updates_enabled.py -------------------------------------------------------------------------------- /aws/rds/test_rds_db_instance_not_publicly_accessible_by_vpc_sg.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/rds/test_rds_db_instance_not_publicly_accessible_by_vpc_sg.py -------------------------------------------------------------------------------- /aws/rds/test_rds_db_instance_storage_type_not_piops.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/rds/test_rds_db_instance_storage_type_not_piops.py -------------------------------------------------------------------------------- /aws/rds/test_rds_db_security_group_does_not_grant_public_access.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/rds/test_rds_db_security_group_does_not_grant_public_access.py -------------------------------------------------------------------------------- /aws/rds/test_rds_db_snapshot_encrypted.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/rds/test_rds_db_snapshot_encrypted.py -------------------------------------------------------------------------------- /aws/rds/test_rds_db_snapshot_not_publicly_accessible.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/rds/test_rds_db_snapshot_not_publicly_accessible.py -------------------------------------------------------------------------------- /aws/rds/test_rds_db_snapshot_not_too_old.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/rds/test_rds_db_snapshot_not_too_old.py -------------------------------------------------------------------------------- /aws/redshift/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/redshift/helpers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/redshift/helpers.py -------------------------------------------------------------------------------- /aws/redshift/resources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/redshift/resources.py -------------------------------------------------------------------------------- /aws/redshift/test_redshift_security_group_does_not_allow_all_ips_access.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/redshift/test_redshift_security_group_does_not_allow_all_ips_access.py -------------------------------------------------------------------------------- /aws/route53/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/route53/resources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/route53/resources.py -------------------------------------------------------------------------------- /aws/route53/test_route53_cnames_minimum_ttl_or_greater.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/route53/test_route53_cnames_minimum_ttl_or_greater.py -------------------------------------------------------------------------------- /aws/s3/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/s3/helpers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/s3/helpers.py -------------------------------------------------------------------------------- /aws/s3/resources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/s3/resources.py -------------------------------------------------------------------------------- /aws/s3/test_s3_bucket_cors_disabled.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/s3/test_s3_bucket_cors_disabled.py -------------------------------------------------------------------------------- /aws/s3/test_s3_bucket_does_not_grant_all_principals_all_actions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/s3/test_s3_bucket_does_not_grant_all_principals_all_actions.py -------------------------------------------------------------------------------- /aws/s3/test_s3_bucket_has_life_cycle_policy.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/s3/test_s3_bucket_has_life_cycle_policy.py -------------------------------------------------------------------------------- /aws/s3/test_s3_bucket_logging_enabled.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/s3/test_s3_bucket_logging_enabled.py -------------------------------------------------------------------------------- /aws/s3/test_s3_bucket_no_world_acl.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/s3/test_s3_bucket_no_world_acl.py -------------------------------------------------------------------------------- /aws/s3/test_s3_bucket_versioning_enabled.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/s3/test_s3_bucket_versioning_enabled.py -------------------------------------------------------------------------------- /aws/s3/test_s3_bucket_versioning_mfa_delete_enabled.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/s3/test_s3_bucket_versioning_mfa_delete_enabled.py -------------------------------------------------------------------------------- /aws/s3/test_s3_bucket_web_hosting_disabled.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/s3/test_s3_bucket_web_hosting_disabled.py -------------------------------------------------------------------------------- /aws/sns/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /aws/sns/resources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/sns/resources.py -------------------------------------------------------------------------------- /aws/sns/test_sns_pending_verified.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/sns/test_sns_pending_verified.py -------------------------------------------------------------------------------- /aws/sns/test_sns_subscriptions_without_topics.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/sns/test_sns_subscriptions_without_topics.py -------------------------------------------------------------------------------- /aws/sns/test_sns_topics_without_subscriptions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/aws/sns/test_sns_topics_without_subscriptions.py -------------------------------------------------------------------------------- /cache.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/cache.py -------------------------------------------------------------------------------- /config.yaml.example: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/config.yaml.example -------------------------------------------------------------------------------- /conftest.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/conftest.py -------------------------------------------------------------------------------- /custom_config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/custom_config.py -------------------------------------------------------------------------------- /docs/.nojekyll: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /docs/Architecture.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/docs/Architecture.rst -------------------------------------------------------------------------------- /docs/CodingConventions.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/docs/CodingConventions.rst -------------------------------------------------------------------------------- /docs/ContributingDocumentation.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/docs/ContributingDocumentation.rst -------------------------------------------------------------------------------- /docs/FAQ.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/docs/FAQ.rst -------------------------------------------------------------------------------- /docs/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/docs/Makefile -------------------------------------------------------------------------------- /docs/MozillaDeployment.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/docs/MozillaDeployment.rst -------------------------------------------------------------------------------- /docs/NewServices.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/docs/NewServices.rst -------------------------------------------------------------------------------- /docs/Source.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/docs/Source.rst -------------------------------------------------------------------------------- /docs/UseCases.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/docs/UseCases.rst -------------------------------------------------------------------------------- /docs/conf.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/docs/conf.py -------------------------------------------------------------------------------- /docs/frost-snowman-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/docs/frost-snowman-logo.png -------------------------------------------------------------------------------- /docs/index.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/docs/index.rst -------------------------------------------------------------------------------- /docs/readme-include.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/docs/readme-include.md -------------------------------------------------------------------------------- /docs/requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/docs/requirements.txt -------------------------------------------------------------------------------- /example_cache/v/cache/lastfailed: -------------------------------------------------------------------------------- 1 | {} -------------------------------------------------------------------------------- /example_cache/v/pytest_aws:example-account:us-east-1:iam:list_user_policies::UserName=spacemanspiff.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/example_cache/v/pytest_aws:example-account:us-east-1:iam:list_user_policies::UserName=spacemanspiff.json -------------------------------------------------------------------------------- /example_cache/v/pytest_aws:example-account:us-east-1:iam:list_user_policies::UserName=tigerone.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/example_cache/v/pytest_aws:example-account:us-east-1:iam:list_user_policies::UserName=tigerone.json -------------------------------------------------------------------------------- /example_cache/v/pytest_aws:example-account:us-east-1:iam:list_users::.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/example_cache/v/pytest_aws:example-account:us-east-1:iam:list_users::.json -------------------------------------------------------------------------------- /exemptions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/exemptions.py -------------------------------------------------------------------------------- /frost/__init__.py: -------------------------------------------------------------------------------- 1 | SOURCE_URL = "https://github.com/mozilla/frost" 2 | VERSION = "0.4.7" 3 | -------------------------------------------------------------------------------- /frost/cli.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/frost/cli.py -------------------------------------------------------------------------------- /gcp/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /gcp/bigquery/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /gcp/bigquery/resources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gcp/bigquery/resources.py -------------------------------------------------------------------------------- /gcp/bigquery/test_dataset_not_publicly_accessible.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gcp/bigquery/test_dataset_not_publicly_accessible.py -------------------------------------------------------------------------------- /gcp/client.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gcp/client.py -------------------------------------------------------------------------------- /gcp/compute/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /gcp/compute/helpers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gcp/compute/helpers.py -------------------------------------------------------------------------------- /gcp/compute/resources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gcp/compute/resources.py -------------------------------------------------------------------------------- /gcp/compute/test_firewall_opens_all_ports_to_all.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gcp/compute/test_firewall_opens_all_ports_to_all.py -------------------------------------------------------------------------------- /gcp/compute/test_firewall_opens_all_ports_to_any.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gcp/compute/test_firewall_opens_all_ports_to_any.py -------------------------------------------------------------------------------- /gcp/compute/test_firewall_opens_any_ports_to_all.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gcp/compute/test_firewall_opens_any_ports_to_all.py -------------------------------------------------------------------------------- /gcp/compute/test_gke_version_up_to_date.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gcp/compute/test_gke_version_up_to_date.py -------------------------------------------------------------------------------- /gcp/compute/test_only_allowed_gke_versions.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gcp/compute/test_only_allowed_gke_versions.py -------------------------------------------------------------------------------- /gcp/conftest.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gcp/conftest.py -------------------------------------------------------------------------------- /gcp/iam/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /gcp/iam/helpers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gcp/iam/helpers.py -------------------------------------------------------------------------------- /gcp/iam/resources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gcp/iam/resources.py -------------------------------------------------------------------------------- /gcp/iam/test_admin_service_accounts.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gcp/iam/test_admin_service_accounts.py -------------------------------------------------------------------------------- /gcp/iam/test_only_allowed_org_accounts.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gcp/iam/test_only_allowed_org_accounts.py -------------------------------------------------------------------------------- /gcp/iam/test_service_account_key_is_old.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gcp/iam/test_service_account_key_is_old.py -------------------------------------------------------------------------------- /gcp/sql/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /gcp/sql/resources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gcp/sql/resources.py -------------------------------------------------------------------------------- /gcp/sql/test_sql_instance_automatic_backup_enabled.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gcp/sql/test_sql_instance_automatic_backup_enabled.py -------------------------------------------------------------------------------- /gcp/sql/test_sql_instance_private_ip_required.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gcp/sql/test_sql_instance_private_ip_required.py -------------------------------------------------------------------------------- /gcp/sql/test_sql_instance_ssl_required.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gcp/sql/test_sql_instance_ssl_required.py -------------------------------------------------------------------------------- /gsuite/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gsuite/README.md -------------------------------------------------------------------------------- /gsuite/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /gsuite/admin/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /gsuite/admin/helpers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gsuite/admin/helpers.py -------------------------------------------------------------------------------- /gsuite/admin/resources.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gsuite/admin/resources.py -------------------------------------------------------------------------------- /gsuite/admin/test_admin_user_is_inactive.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gsuite/admin/test_admin_user_is_inactive.py -------------------------------------------------------------------------------- /gsuite/admin/test_groups_have_enough_owners.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gsuite/admin/test_groups_have_enough_owners.py -------------------------------------------------------------------------------- /gsuite/client.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gsuite/client.py -------------------------------------------------------------------------------- /gsuite/conftest.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/gsuite/conftest.py -------------------------------------------------------------------------------- /helpers.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/helpers.py -------------------------------------------------------------------------------- /meta_test_cache.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/meta_test_cache.py -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/renovate.json -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/requirements.txt -------------------------------------------------------------------------------- /service_report_generator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/service_report_generator.py -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/setup.py -------------------------------------------------------------------------------- /severity.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mozilla/frost/HEAD/severity.py --------------------------------------------------------------------------------