The Cloud Report is a security scan of your cloud environment that shows misconfigurations and potential security risks.
Which actions should I take with the report?
- Your engineering team should thoroughly review the report, determine what is applicable to your organization, and document and approve the process of resolving the potential risks.
- Respond to or remediate, as appropriate, any potential risks or misconfigurations identified in accordance with the Vulnerability and Patch Management Policy that can be found under the Policies section.
- Note: Our cloud report’s scope consists of your entire cloud environment - with that in mind, it is up to you to determine which risks can be ignored (e.g., security controls relating to dev/non-prod environments can be ignored as they are out of audit scope or if an S3 bucket is intentionally public).
- If a pull request is required to solve the risk, the pull request and associated change ticket must capture the risk and resolution and document all of the steps in accordance with your change management policy.
- After changes have been made to our environment, you can export an updated Cloud Report to track any remaining vulnerabilities.