docs(queries): update queries catalog

docs/queries/ansible-queries/gcp/d0f7da39-a2d5-4c78-bb85-4b7f338b3cbb.md

@@ -23,7 +23,7 @@ hide:
 -   **URL:** [Github](https://github.com/Checkmarx/kics/tree/master/assets/queries/ansible/gcp/sql_db_instance_with_ssl_disabled)
 
 ### Description
-Cloud SQL Database Instance should have SLL enabled<br>
+Cloud SQL Database Instance should have SSL enabled<br>
 [Documentation](https://docs.ansible.com/ansible/latest/collections/google/cloud/gcp_sql_instance_module.html#parameter-settings/ip_configuration/require_ssl)
 
 ### Code samples

docs/queries/cicd-queries.md

@@ -8,7 +8,7 @@ Bellow are listed queries related with CICD GITHUB:
 
 |            Query             |Severity|Category|Description|Help|
 |------------------------------|--------|--------|-----------|----|
-|Script Block Injection<br/><sup><sub>62ff6823-927a-427f-acf9-f1ea2932d616</sub></sup>|<span style="color:#C00">High</span>|Insecure Configurations|GitHub Actions workflows can be triggered by a variety of events. Every workflow trigger is provided with a GitHub context that contains information about the triggering event, such as which user triggered it, the branch name, and other event context details. Some of this event data, like the base repository name, hash value of a changeset, or pull request number, is unlikely to be controlled or used for injection by the user that triggered the event. (<a href="../cicd-queries/common/62ff6823-927a-427f-acf9-f1ea2932d616" target="_blank">read more</a>)|<a href="https://securitylab.github.com/research/github-actions-untrusted-input/">Documentation</a><br/>|
 |Run Block Injection<br/><sup><sub>20f14e1a-a899-4e79-9f09-b6a84cd4649b</sub></sup>|<span style="color:#C00">High</span>|Insecure Configurations|GitHub Actions workflows can be triggered by a variety of events. Every workflow trigger is provided with a GitHub context that contains information about the triggering event, such as which user triggered it, the branch name, and other event context details. Some of this event data, like the base repository name, hash value of a changeset, or pull request number, is unlikely to be controlled or used for injection by the user that triggered the event. (<a href="../cicd-queries/common/20f14e1a-a899-4e79-9f09-b6a84cd4649b" target="_blank">read more</a>)|<a href="https://securitylab.github.com/research/github-actions-untrusted-input/">Documentation</a><br/>|
+|Script Block Injection<br/><sup><sub>62ff6823-927a-427f-acf9-f1ea2932d616</sub></sup>|<span style="color:#C00">High</span>|Insecure Configurations|GitHub Actions workflows can be triggered by a variety of events. Every workflow trigger is provided with a GitHub context that contains information about the triggering event, such as which user triggered it, the branch name, and other event context details. Some of this event data, like the base repository name, hash value of a changeset, or pull request number, is unlikely to be controlled or used for injection by the user that triggered the event. (<a href="../cicd-queries/common/62ff6823-927a-427f-acf9-f1ea2932d616" target="_blank">read more</a>)|<a href="https://securitylab.github.com/research/github-actions-untrusted-input/">Documentation</a><br/>|
 |Unsecured Commands<br/><sup><sub>60fd272d-15f4-4d8f-afe4-77d9c6cc0453</sub></sup>|<span style="color:#C60">Medium</span>|Insecure Configurations|There are deprecated set-env and add-path commands that can be explicitly enabled by a user via setting the ACTIONS_ALLOW_UNSECURE_COMMANDS environment variable as true. Depending on the use of the environment variable, this could enable an attacker to, at worst, modify the system path to run a different command than intended, resulting in arbitrary code execution. (<a href="../cicd-queries/common/60fd272d-15f4-4d8f-afe4-77d9c6cc0453" target="_blank">read more</a>)|<a href="https://0xn3va.gitbook.io/cheat-sheets/ci-cd/github/actions#misuse-of-the-events-related-to-incoming-prs">Documentation</a><br/>|
 |Unpinned Actions Full Length Commit SHA<br/><sup><sub>555ab8f9-2001-455e-a077-f2d0f41e2fb9</sub></sup>|<span style="color:#C60">Medium</span>|Supply-Chain|Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork. (<a href="../cicd-queries/common/555ab8f9-2001-455e-a077-f2d0f41e2fb9" target="_blank">read more</a>)|<a href="https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions">Documentation</a><br/>|

docs/queries/crossplane-queries.md

@@ -1,16 +1,6 @@
 ## Crossplane Queries List
 This page contains all queries from Crossplane.
 
-### GCP
-Bellow are listed queries related with Crossplane GCP:
-
-
-
-|            Query             |Severity|Category|Description|Help|
-|------------------------------|--------|--------|-----------|----|
-|Cloud Storage Bucket Logging Not Enabled<br/><sup><sub>6c2d627c-de0f-45fb-b33d-dad9bffbb421</sub></sup>|<span style="color:#C00">High</span>|Observability|Cloud storage bucket should have logging enabled (<a href="../crossplane-queries/gcp/6c2d627c-de0f-45fb-b33d-dad9bffbb421" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-gcp/storage.gcp.crossplane.io/Bucket/v1alpha3@v0.21.0#spec-logging">Documentation</a><br/>|
-|Google Container Node Pool Auto Repair Disabled<br/><sup><sub>b4f65d13-a609-4dc1-af7c-63d2e08bffe9</sub></sup>|<span style="color:#C60">Medium</span>|Insecure Configurations|Google Container Node Pool Auto Repair should be enabled. This service periodically checks for failing nodes and repairs them to ensure a smooth running state. (<a href="../crossplane-queries/gcp/b4f65d13-a609-4dc1-af7c-63d2e08bffe9" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-gcp/container.gcp.crossplane.io/NodePool/v1beta1@v0.21.0#spec-forProvider-management-autoRepair">Documentation</a><br/>|
-
 ### AZURE
 Bellow are listed queries related with Crossplane AZURE:
 
@@ -28,16 +18,26 @@ Bellow are listed queries related with Crossplane AWS:
 
 |            Query             |Severity|Category|Description|Help|
 |------------------------------|--------|--------|-----------|----|
+|DB Instance Storage Not Encrypted<br/><sup><sub>e50eb68a-a4af-4048-8bbe-8ec324421469</sub></sup>|<span style="color:#C00">High</span>|Encryption|RDS Instance should have its storage encrypted by setting the parameter to 'true'. The storageEncrypted default value is 'false'. (<a href="../crossplane-queries/aws/e50eb68a-a4af-4048-8bbe-8ec324421469" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-aws/database.aws.crossplane.io/RDSInstance/v1beta1@v0.29.0#spec-forProvider-storageEncrypted">Documentation</a><br/>|
 |ELB Using Weak Ciphers<br/><sup><sub>a507daa5-0795-4380-960b-dd7bb7c56661</sub></sup>|<span style="color:#C00">High</span>|Encryption|ELB Predefined or Custom Security Policies must not use weak ciphers, to reduce the risk of the SSL connection between the client and the load balancer being exploited. That means the 'sslPolicy' of 'Listener' must not coincide with any of a predefined list of weak ciphers. (<a href="../crossplane-queries/aws/a507daa5-0795-4380-960b-dd7bb7c56661" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-aws/elbv2.aws.crossplane.io/Listener/v1alpha1@v0.29.0#spec-forProvider-sslPolicy">Documentation</a><br/>|
 |EFS Without KMS<br/><sup><sub>bdecd6db-2600-47dd-a10c-72c97cf17ae9</sub></sup>|<span style="color:#C00">High</span>|Encryption|Amazon Elastic Filesystem should have filesystem encryption enabled using KMS CMK customer-managed keys instead of AWS managed-keys (<a href="../crossplane-queries/aws/bdecd6db-2600-47dd-a10c-72c97cf17ae9" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-aws/efs.aws.crossplane.io/FileSystem/v1alpha1@v0.29.0#spec-forProvider-kmsKeyID">Documentation</a><br/>|
 |EFS Not Encrypted<br/><sup><sub>72840c35-3876-48be-900d-f21b2f0c2ea1</sub></sup>|<span style="color:#C00">High</span>|Encryption|Elastic File System (EFS) must be encrypted (<a href="../crossplane-queries/aws/72840c35-3876-48be-900d-f21b2f0c2ea1" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-aws/efs.aws.crossplane.io/FileSystem/v1alpha1@v0.29.0#spec-forProvider-encrypted">Documentation</a><br/>|
-|DB Instance Storage Not Encrypted<br/><sup><sub>e50eb68a-a4af-4048-8bbe-8ec324421469</sub></sup>|<span style="color:#C00">High</span>|Encryption|RDS Instance should have its storage encrypted by setting the parameter to 'true'. The storageEncrypted default value is 'false'. (<a href="../crossplane-queries/aws/e50eb68a-a4af-4048-8bbe-8ec324421469" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-aws/database.aws.crossplane.io/RDSInstance/v1beta1@v0.29.0#spec-forProvider-storageEncrypted">Documentation</a><br/>|
-|CloudFront Without Minimum Protocol TLS 1.2<br/><sup><sub>255b0fcc-9f82-41fe-9229-01b163e3376b</sub></sup>|<span style="color:#C00">High</span>|Insecure Configurations|CloudFront Minimum Protocol version should be at least TLS 1.2 (<a href="../crossplane-queries/aws/255b0fcc-9f82-41fe-9229-01b163e3376b" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-aws/cloudfront.aws.crossplane.io/Distribution/v1alpha1@v0.29.0#spec-forProvider-distributionConfig-viewerCertificate-minimumProtocolVersion">Documentation</a><br/>|
-|DB Security Group Has Public Interface<br/><sup><sub>dd667399-8d9d-4a8d-bbb4-e49ab53b2f52</sub></sup>|<span style="color:#C00">High</span>|Insecure Configurations|The CIDR IP should not be a public interface (<a href="../crossplane-queries/aws/dd667399-8d9d-4a8d-bbb4-e49ab53b2f52" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-aws/ec2.aws.crossplane.io/SecurityGroup/v1beta1@v0.29.0#spec-forProvider-ingress-ipRanges-cidrIp">Documentation</a><br/>|
 |RDS DB Instance Publicly Accessible<br/><sup><sub>d9dc6429-5140-498a-8f55-a10daac5f000</sub></sup>|<span style="color:#C00">High</span>|Insecure Configurations|RDS must not be defined with public interface, which means the attribute 'PubliclyAccessible' must be set to false and neither dbSubnetGroupName' subnets being part of a VPC that has an Internet gateway attached to it (<a href="../crossplane-queries/aws/d9dc6429-5140-498a-8f55-a10daac5f000" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-aws/database.aws.crossplane.io/RDSInstance/v1beta1@v0.17.0">Documentation</a><br/>|
-|Neptune Database Cluster Encryption Disabled<br/><sup><sub>83bf5aca-138a-498e-b9cd-ad5bc5e117b4</sub></sup>|<span style="color:#C60">Medium</span>|Encryption|Neptune database cluster storage should have encryption enabled (<a href="../crossplane-queries/aws/83bf5aca-138a-498e-b9cd-ad5bc5e117b4" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-aws/neptune.aws.crossplane.io/DBCluster/v1alpha1@v0.29.0#spec-forProvider-storageEncrypted">Documentation</a><br/>|
+|DB Security Group Has Public Interface<br/><sup><sub>dd667399-8d9d-4a8d-bbb4-e49ab53b2f52</sub></sup>|<span style="color:#C00">High</span>|Insecure Configurations|The CIDR IP should not be a public interface (<a href="../crossplane-queries/aws/dd667399-8d9d-4a8d-bbb4-e49ab53b2f52" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-aws/ec2.aws.crossplane.io/SecurityGroup/v1beta1@v0.29.0#spec-forProvider-ingress-ipRanges-cidrIp">Documentation</a><br/>|
+|CloudFront Without Minimum Protocol TLS 1.2<br/><sup><sub>255b0fcc-9f82-41fe-9229-01b163e3376b</sub></sup>|<span style="color:#C00">High</span>|Insecure Configurations|CloudFront Minimum Protocol version should be at least TLS 1.2 (<a href="../crossplane-queries/aws/255b0fcc-9f82-41fe-9229-01b163e3376b" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-aws/cloudfront.aws.crossplane.io/Distribution/v1alpha1@v0.29.0#spec-forProvider-distributionConfig-viewerCertificate-minimumProtocolVersion">Documentation</a><br/>|
 |SQS With SSE Disabled<br/><sup><sub>9296f1cc-7a40-45de-bd41-f31745488a0e</sub></sup>|<span style="color:#C60">Medium</span>|Encryption|Amazon Simple Queue Service (SQS) queue should protect the contents of their messages using Server-Side Encryption (SSE) (<a href="../crossplane-queries/aws/9296f1cc-7a40-45de-bd41-f31745488a0e" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-aws/sqs.aws.crossplane.io/Queue/v1beta1@v0.29.0#spec-forProvider-kmsMasterKeyId">Documentation</a><br/>|
-|CloudWatch Without Retention Period Specified<br/><sup><sub>934613fe-b12c-4e5a-95f5-c1dcdffac1ff</sub></sup>|<span style="color:#C60">Medium</span>|Observability|AWS CloudWatch should have CloudWatch Logs enabled in order to monitor, store, and access log events (<a href="../crossplane-queries/aws/934613fe-b12c-4e5a-95f5-c1dcdffac1ff" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-aws/cloudwatchlogs.aws.crossplane.io/LogGroup/v1alpha1@v0.29.0#spec-forProvider-retentionInDays">Documentation</a><br/>|
+|Neptune Database Cluster Encryption Disabled<br/><sup><sub>83bf5aca-138a-498e-b9cd-ad5bc5e117b4</sub></sup>|<span style="color:#C60">Medium</span>|Encryption|Neptune database cluster storage should have encryption enabled (<a href="../crossplane-queries/aws/83bf5aca-138a-498e-b9cd-ad5bc5e117b4" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-aws/neptune.aws.crossplane.io/DBCluster/v1alpha1@v0.29.0#spec-forProvider-storageEncrypted">Documentation</a><br/>|
 |CloudFront Logging Disabled<br/><sup><sub>7b590235-1ff4-421b-b9ff-5227134be9bb</sub></sup>|<span style="color:#C60">Medium</span>|Observability|AWS CloudFront distributions should have logging enabled to collect all viewer requests, which means the attribute 'logging' must be defined with 'enabled' set to true (<a href="../crossplane-queries/aws/7b590235-1ff4-421b-b9ff-5227134be9bb" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-aws/cloudfront.aws.crossplane.io/Distribution/v1alpha1@v0.29.0#spec-forProvider-distributionConfig-logging">Documentation</a><br/>|
+|CloudWatch Without Retention Period Specified<br/><sup><sub>934613fe-b12c-4e5a-95f5-c1dcdffac1ff</sub></sup>|<span style="color:#C60">Medium</span>|Observability|AWS CloudWatch should have CloudWatch Logs enabled in order to monitor, store, and access log events (<a href="../crossplane-queries/aws/934613fe-b12c-4e5a-95f5-c1dcdffac1ff" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-aws/cloudwatchlogs.aws.crossplane.io/LogGroup/v1alpha1@v0.29.0#spec-forProvider-retentionInDays">Documentation</a><br/>|
 |CloudFront Without WAF<br/><sup><sub>6d19ce0f-b3d8-4128-ac3d-1064e0f00494</sub></sup>|<span style="color:#CC0">Low</span>|Networking and Firewall|All AWS CloudFront distributions should be integrated with the Web Application Firewall (AWS WAF) service (<a href="../crossplane-queries/aws/6d19ce0f-b3d8-4128-ac3d-1064e0f00494" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-aws/cloudfront.aws.crossplane.io/Distribution/v1alpha1@v0.29.0#spec-forProvider-distributionConfig-webACLID">Documentation</a><br/>|
 |DocDB Logging Is Disabled<br/><sup><sub>e6cd49ba-77ed-417f-9bca-4f5303554308</sub></sup>|<span style="color:#CC0">Low</span>|Observability|DocDB logging should be enabled (<a href="../crossplane-queries/aws/e6cd49ba-77ed-417f-9bca-4f5303554308" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-aws/docdb.aws.crossplane.io/DBCluster/v1alpha1@v0.21.1#status-atProvider-enabledCloudwatchLogsExports">Documentation</a><br/>|
+
+### GCP
+Bellow are listed queries related with Crossplane GCP:
+
+
+
+|            Query             |Severity|Category|Description|Help|
+|------------------------------|--------|--------|-----------|----|
+|Cloud Storage Bucket Logging Not Enabled<br/><sup><sub>6c2d627c-de0f-45fb-b33d-dad9bffbb421</sub></sup>|<span style="color:#C00">High</span>|Observability|Cloud storage bucket should have logging enabled (<a href="../crossplane-queries/gcp/6c2d627c-de0f-45fb-b33d-dad9bffbb421" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-gcp/storage.gcp.crossplane.io/Bucket/v1alpha3@v0.21.0#spec-logging">Documentation</a><br/>|
+|Google Container Node Pool Auto Repair Disabled<br/><sup><sub>b4f65d13-a609-4dc1-af7c-63d2e08bffe9</sub></sup>|<span style="color:#C60">Medium</span>|Insecure Configurations|Google Container Node Pool Auto Repair should be enabled. This service periodically checks for failing nodes and repairs them to ensure a smooth running state. (<a href="../crossplane-queries/gcp/b4f65d13-a609-4dc1-af7c-63d2e08bffe9" target="_blank">read more</a>)|<a href="https://doc.crds.dev/github.com/crossplane/provider-gcp/container.gcp.crossplane.io/NodePool/v1beta1@v0.21.0#spec-forProvider-management-autoRepair">Documentation</a><br/>|