You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/attack-path-reference.md
+9-1Lines changed: 9 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -77,6 +77,14 @@ Prerequisite: [Enable Defender for Containers](defender-for-containers-enable.md
77
77
| Internet exposed Kubernetes pod is running a container with RCE vulnerabilities | An internet exposed Kubernetes pod in a namespace is running a container using an image that has vulnerabilities allowing remote code execution. |
78
78
| Kubernetes pod running on an internet exposed node uses host network is running a container with RCE vulnerabilities | A Kubernetes pod in a namespace with host network access enabled is exposed to the internet via the host network. The pod is running a container using an image that has vulnerabilities allowing remote code execution. |
79
79
80
+
### GitHub repositories
81
+
82
+
Prerequisite: [Enable Defender for DevOps](defender-for-devops-introduction.md).
83
+
84
+
| Attack Path Display Name | Attack Path Description |
85
+
|--|--|
86
+
| Internet exposed GitHub repository with plaintext secret is publicly accessible (Preview) | A GitHub repositorie is reachable from the internet, allows public read access without authorization required, and holds plaintext secrets. |
87
+
80
88
## Cloud security graph components list
81
89
82
90
This section lists all of the cloud security graph components (connections and insights) that can be used in queries with the [cloud security explorer](concept-attack-path.md).
@@ -89,7 +97,7 @@ This section lists all of the cloud security graph components (connections and
89
97
| Contains sensitive data | Indicates that a resource contains sensitive data based on Microsoft Purview scan and applicable only if Microsoft Purview is enabled. For more details, you can learn how to [prioritize security actions by data sensitivity](./information-protection.md). | Azure SQL Server, Azure Storage Account, AWS S3 bucket |
90
98
| Has tags | Lists the resource tags of the cloud resource | All Azure and AWS resources |
91
99
| Installed software | Lists all software installed on the machine. This insight is applicable only for VMs that have threat and vulnerability management integration with Defender for Cloud enabled and are connected to Defender for Cloud. | Azure virtual machine, AWS EC2 |
92
-
| Allows public access | Indicates that a public read access is allowed to the data store with no authorization required | Azure storage account, AWS S3 bucket |
100
+
| Allows public access | Indicates that a public read access is allowed to the resource with no authorization required | Azure storage account, AWS S3 bucket, GitHub repository|
93
101
| Doesn't have MFA enabled | Indicates that the user account does not have a multi-factor authentication solution enabled | AAD User account, IAM user |
94
102
| Is external user | Indicates that the user account is outside the organization's domain | AAD User account |
95
103
| Is managed | Indicates that an identity is managed by the cloud provider | Azure Managed Identity |
0 commit comments