Prisma Cloud fix config: /packages/node/base/package.json and 170 more

[prisma-cloud-devsecops]

Prisma Cloud has created this PR to fix Supply Chain risks found in files in this project.

Changes included in this PR:

• /packages/node/base/package.json
• /packages/node/base/package-lock.json
• /packages/pom.xml
• /packages/sub/pom.xml
• /terraform/aws/kms.tf:aws_kms_key.logs_key
• /terraform/aws/es.tf:aws_elasticsearch_domain.monitoring-framework
• /terraform/aws/es.tf:aws_elasticsearch_domain.monitoring-framework
• /terraform/azure/security_center.tf:azurerm_security_center_contact.contact
• /terraform/aws/db-app.tf:aws_instance.db_app
• /terraform/aws/db-app.tf:aws_instance.db_app
• /terraform/aws/lambda.tf:aws_lambda_function.analysis_lambda
• /terraform/aws/rds.tf:aws_rds_cluster.app4-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app4-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app4-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app4-rds-cluster
• /terraform/aws/ec2.tf:aws_ebs_volume.web_host_storage
• /terraform/azure/instance.tf:azurerm_windows_virtual_machine.windows_machine
• /terraform/azure/mssql.tf:azurerm_mssql_server_security_alert_policy.alertpolicy7
• /terraform/gcp/big_data.tf:google_sql_database_instance.master_instance
• /terraform/gcp/big_data.tf:google_sql_database_instance.master_instance
• /terraform/gcp/gcs.tf:google_storage_bucket.terragoat_website
• /terraform/aws/neptune.tf:aws_neptune_cluster.default
• /terraform/azure/mssql.tf:azurerm_mssql_server_security_alert_policy.alertpolicy1
• /terraform/azure/mssql.tf:azurerm_mssql_server_security_alert_policy.alertpolicy3
• /terraform/azure/sql.tf:azurerm_mssql_server_security_alert_policy.example
• /terraform/azure/sql.tf:azurerm_mssql_server_security_alert_policy.example
• /terraform/azure/mssql.tf:azurerm_mssql_server.mssql6
• /terraform/azure/mssql.tf:azurerm_mssql_server.mssql6
• /terraform/azure/mssql.tf:azurerm_mssql_server.mssql1
• /terraform/azure/mssql.tf:azurerm_mssql_server.mssql1
• /terraform/gcp/gke.tf:google_container_node_pool.custom_node_pool
• /terraform/gcp/gke.tf:google_container_node_pool.custom_node_pool
• /terraform/gcp/gke.tf:google_container_node_pool.custom_node_pool
• /terraform/aws/rds.tf:aws_rds_cluster.app2-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app2-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app2-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app2-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app5-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app5-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app5-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app5-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app1-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app1-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app1-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app1-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app7-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app7-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app7-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app7-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app8-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app8-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app8-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app8-rds-cluster
• /terraform/aws/ec2.tf:aws_instance.web_host
• /terraform/aws/ec2.tf:aws_instance.web_host
• /terraform/alicloud/trail.tf:alicloud_actiontrail_trail.fail
• /terraform/azure/security_center.tf:azurerm_security_center_subscription_pricing.pricing
• /terraform/aws/s3.tf:aws_s3_bucket.operations
• /terraform/aws/s3.tf:aws_s3_bucket.operations
• /terraform/aws/s3.tf:aws_s3_bucket.operations
• /terraform/aws/s3.tf:aws_s3_bucket.data_science
• /terraform/aws/s3.tf:aws_s3_bucket.data_science
• /terraform/azure/aks.tf:azurerm_kubernetes_cluster.k8s_cluster
• /terraform/azure/aks.tf:azurerm_kubernetes_cluster.k8s_cluster
• /terraform/alicloud/trail.tf:alicloud_oss_bucket.trail
• /terraform/alicloud/trail.tf:alicloud_oss_bucket.trail
• /terraform/gcp/instances.tf:google_compute_instance.server
• /terraform/gcp/instances.tf:google_compute_instance.server
• /terraform/gcp/instances.tf:google_compute_instance.server
• /terraform/gcp/instances.tf:google_compute_instance.server
• /terraform/aws/s3.tf:aws_s3_bucket.data
• /terraform/aws/s3.tf:aws_s3_bucket.data
• /terraform/aws/s3.tf:aws_s3_bucket.data
• /terraform/aws/s3.tf:aws_s3_bucket.data
• /terraform/azure/app_service.tf:azurerm_app_service.app-service1
• /terraform/azure/app_service.tf:azurerm_app_service.app-service1
• /terraform/azure/app_service.tf:azurerm_app_service.app-service1
• /terraform/azure/app_service.tf:azurerm_app_service.app-service1
• /terraform/azure/app_service.tf:azurerm_app_service.app-service1
• /terraform/azure/app_service.tf:azurerm_app_service.app-service1
• /terraform/azure/app_service.tf:azurerm_app_service.app-service1
• /terraform/azure/app_service.tf:azurerm_app_service.app-service1
• /terraform/azure/app_service.tf:azurerm_app_service.app-service1
• /terraform/azure/app_service.tf:azurerm_app_service.app-service1
• /terraform/azure/app_service.tf:azurerm_app_service.app-service1
• /terraform/aws/eks.tf:aws_subnet.eks_subnet1
• /terraform/azure/mssql.tf:azurerm_mssql_server_security_alert_policy.alertpolicy2
• /terraform/azure/mssql.tf:azurerm_mssql_server_security_alert_policy.alertpolicy4
• /terraform/azure/mssql.tf:azurerm_mssql_server_security_alert_policy.alertpolicy5
• /terraform/azure/mssql.tf:azurerm_mssql_server_security_alert_policy.alertpolicy5
• /terraform/azure/mssql.tf:azurerm_mssql_server_security_alert_policy.alertpolicy6
• /terraform/gcp/gke.tf:google_container_cluster.workload_cluster
• /terraform/gcp/gke.tf:google_container_cluster.workload_cluster
• /terraform/gcp/gke.tf:google_container_cluster.workload_cluster
• /terraform/gcp/gke.tf:google_container_cluster.workload_cluster
• /terraform/gcp/gke.tf:google_container_cluster.workload_cluster
• /terraform/gcp/gke.tf:google_container_cluster.workload_cluster
• /terraform/azure/instance.tf:azurerm_linux_virtual_machine.linux_machine
• /terraform/azure/app_service.tf:azurerm_app_service.app-service2
• /terraform/azure/app_service.tf:azurerm_app_service.app-service2
• /terraform/azure/app_service.tf:azurerm_app_service.app-service2
• /terraform/azure/app_service.tf:azurerm_app_service.app-service2
• /terraform/azure/app_service.tf:azurerm_app_service.app-service2
• /terraform/azure/app_service.tf:azurerm_app_service.app-service2
• /terraform/azure/app_service.tf:azurerm_app_service.app-service2
• /terraform/azure/app_service.tf:azurerm_app_service.app-service2
• /terraform/azure/app_service.tf:azurerm_app_service.app-service2
• /terraform/aws/rds.tf:aws_rds_cluster.app6-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app6-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app6-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app6-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app9-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app9-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app9-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app9-rds-cluster
• /terraform/azure/key_vault.tf:azurerm_key_vault.example
• /terraform/azure/key_vault.tf:azurerm_key_vault.example
• /terraform/azure/key_vault.tf:azurerm_key_vault_key.generated
• /terraform/azure/mssql.tf:azurerm_mssql_server.mssql2
• /terraform/azure/mssql.tf:azurerm_mssql_server.mssql2
• /terraform/azure/sql.tf:azurerm_postgresql_server.example
• /terraform/azure/sql.tf:azurerm_postgresql_server.example
• /terraform/azure/sql.tf:azurerm_postgresql_server.example
• /terraform/azure/sql.tf:azurerm_postgresql_server.example
• /terraform/azure/sql.tf:azurerm_postgresql_server.example
• /terraform/azure/mssql.tf:azurerm_mssql_server.mssql3
• /terraform/azure/mssql.tf:azurerm_mssql_server.mssql3
• /terraform/azure/mssql.tf:azurerm_mssql_server.mssql4
• /terraform/azure/mssql.tf:azurerm_mssql_server.mssql4
• /terraform/azure/mssql.tf:azurerm_mssql_server.mssql5
• /terraform/azure/mssql.tf:azurerm_mssql_server.mssql5
• /terraform/azure/mssql.tf:azurerm_mssql_server.mssql7
• /terraform/azure/mssql.tf:azurerm_mssql_server.mssql7
• /terraform/azure/sql.tf:azurerm_mysql_server.example
• /terraform/azure/sql.tf:azurerm_mysql_server.example
• /terraform/azure/sql.tf:azurerm_mysql_server.example
• /terraform/azure/sql.tf:azurerm_mysql_server.example
• /terraform/azure/sql.tf:azurerm_mysql_server.example
• /terraform/aws/ec2.tf:aws_subnet.web_subnet
• /terraform/aws/ec2.tf:aws_subnet.web_subnet2
• /terraform/aws/ecr.tf:aws_ecr_repository.repository
• /terraform/aws/ecr.tf:aws_ecr_repository.repository
• /terraform/aws/ecr.tf:aws_ecr_repository.repository
• /terraform/aws/eks.tf:aws_subnet.eks_subnet2
• /terraform/aws/eks.tf:aws_eks_cluster.eks_cluster
• /terraform/aws/eks.tf:aws_eks_cluster.eks_cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app3-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app3-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app3-rds-cluster
• /terraform/aws/rds.tf:aws_rds_cluster.app3-rds-cluster
• /terraform/aws/ec2.tf:aws_s3_bucket.flowbucket
• /terraform/aws/ec2.tf:aws_s3_bucket.flowbucket
• /terraform/aws/ec2.tf:aws_s3_bucket.flowbucket
• /terraform/aws/ec2.tf:aws_s3_bucket.flowbucket
• /terraform/aws/s3.tf:aws_s3_bucket.financials
• /terraform/aws/s3.tf:aws_s3_bucket.financials
• /terraform/aws/s3.tf:aws_s3_bucket.financials
• /terraform/aws/s3.tf:aws_s3_bucket.financials
• /terraform/aws/s3.tf:aws_s3_bucket.logs
• /terraform/aws/db-app.tf:aws_db_instance.default
• /terraform/aws/db-app.tf:aws_db_instance.default
• /terraform/aws/db-app.tf:aws_db_instance.default
• /terraform/aws/db-app.tf:aws_db_instance.default
• /terraform/aws/db-app.tf:aws_db_instance.default
• /terraform/oracle/bucket.tf:oci_objectstorage_bucket.secretsquirrel
• /terraform/oracle/bucket.tf:oci_objectstorage_bucket.secretsquirrel
• /terraform/oracle/bucket.tf:oci_objectstorage_bucket.secretsquirrel
• /terraform/alicloud/rds.tf:alicloud_db_instance.seeme
• /terraform/alicloud/bucket.tf:alicloud_oss_bucket.bad_bucket
• /terraform/alicloud/bucket.tf:alicloud_oss_bucket.bad_bucket
• /terraform/alicloud/bucket.tf:alicloud_oss_bucket.bad_bucket

Policies:

• Ensure all data stored in Aurora is securely encrypted at rest
• Ensure all data stored in the Elasticsearch is securely encrypted at rest
• Ensure Elasticsearch Domain Logging is enabled
• Ensure that IP forwarding is not enabled on Instances
• Ensure all data stored in the EBS is securely encrypted
• Ensure 'Enable connecting to serial ports' is not enabled for VM Instance
• Ensure RDS cluster has IAM authentication enabled
• Ensure Neptune storage is securely encrypted
• Ensure rotation for customer created CMKs is enabled
• Ensure App Service Authentication is set on Azure App Service
• Ensure Legacy Authorization is set to Disabled on Kubernetes Engine Clusters
• Ensure Network Policy is enabled on Kubernetes Engine Clusters
• Ensure all data stored in the S3 bucket is securely encrypted at rest
• Ensure that Compute instances do not have public IP addresses
• Ensure that PostgreSQL server enables geo-redundant backups
• Ensure that PostgreSQL server disables public network access
• Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server
• Ensure that My SQL server enables Threat detection policy
• Ensure that 'Send Alerts To' is enabled for MSSQL servers
• Ensure MySQL is using the latest version of TLS encryption
• Ensure that My SQL server enables geo-redundant backups
• Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server
• Ensure that ECR repositories are encrypted using KMS
• Ensure ECR image scanning on push is enabled
• Ensure EKS Cluster has Secrets Encryption Enabled
• Ensure Amazon EKS public endpoint disabled
• Ensure all data stored in the RDS bucket is not public accessible
• Ensure all data stored in the RDS is securely encrypted at rest
• Ensure RDS database has IAM authentication enabled
• Ensure that RDS instances have Multi-AZ enabled
• Ensure that enhanced monitoring is enabled for Amazon RDS instances
• Ensure OCI Object Storage has versioning enabled
• Ensure OCI Object Storage bucket can emit object events
• Ensure OCI Object Storage is not Public
• Ensure RDS instance uses SSL
• Alibaba Cloud OSS bucket accessible to public
• Ensure that detailed monitoring is enabled for EC2 instances
• Ensure that RDS clusters have deletion protection enabled
• Ensure Secure Boot for Shielded GKE Nodes is Enabled
• Ensure MSSQL is using the latest version of TLS encryption
• Ensure that Cloud Storage buckets have uniform bucket-level access enabled
• Ensure VPC subnets do not assign public IP by default
• Ensure that an Amazon RDS Clusters have AWS Identity and Access Management (IAM) authentication enabled
• Ensure that EC2 is EBS optimized
• Packages scan found vulnerabilities
• Ensure FTP deployments are disabled
• Ensure that 'Net Framework' version is the latest, if used as a part of the web app
• Ensure that AKS enables private clusters
• Ensure OSS bucket has versioning enabled
• Ensure that 'Send email notification for high severity alerts' is set to 'On'
• Ensure that app services use Azure Files
• Ensure X-ray tracing is enabled for Lambda
• Ensure that 'Email service and co-administrators' is 'Enabled' for MSSQL servers
• Ensure OSS bucket has transfer Acceleration enabled
• Ensure the S3 bucket has access logging enabled
• Ensure use of Binary Authorization
• Ensure that App service enables failed request tracing
• Ensure 'Automatic node upgrade' is enabled for Kubernetes Clusters
• Ensure web app is using the latest version of TLS encryption
• Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service
• Ensure 'Automatic node repair' is enabled for Kubernetes Clusters
• Ensure ECR Image Tags are immutable
• Ensure that Register with Azure Active Directory is enabled on App Service
• Ensure Virtual Machine Extensions are not Installed
• Ensure Action Trail Logging for all regions
• Ensure that S3 buckets are encrypted with KMS by default
• Ensure that SQL server disables public network access
• Ensure AKS logging to Azure Monitoring is Configured
• Ensure that App service enables detailed error messages
• Ensure that standard pricing tier is selected
• Ensure all Cloud SQL database instance have backup configuration enabled
• Ensure all data stored in the S3 bucket have versioning enabled
• Ensure the web app has 'Client Certificates (Incoming client certificates)' set
• Ensure that 'HTTP Version' is the latest if used to run the web app
• Ensure that key vault allows firewall rules settings
• Ensure 'public network access enabled' is set to 'False' for mySQL servers
• Ensure that PostgreSQL server enables infrastructure encryption
• Ensure all Cloud SQL database instance requires all incoming connections to use SSL
• Ensure that key vault enables purge protection
• Ensure legacy Compute Engine instance metadata APIs are Disabled
• Ensure a client certificate is used by clients to authenticate to Kubernetes Engine Clusters
• Ensure that no instance in the project overrides the project setting for enabling OSLogin(OSLogin needs to be enabled in prject metadata for all instances)
• Enable VPC Flow Logs and Intranode Visibility
• Ensure that PostgreSQL server enables Threat detection policy
• Ensure that key vault key is backed by HSM

Please check the changes in this PR to ensure they do not introduce conflicts to your project.