diff --git a/assets/queries/cloudFormation/cloudwatch_metrics_disabled/query.rego b/assets/queries/cloudFormation/cloudwatch_metrics_disabled/query.rego
index 23bfaf7b392..c4268ea01f4 100644
--- a/assets/queries/cloudFormation/cloudwatch_metrics_disabled/query.rego
+++ b/assets/queries/cloudFormation/cloudwatch_metrics_disabled/query.rego
@@ -5,17 +5,56 @@ import data.generic.common as common_lib
 CxPolicy[result] {
 	document := input.document[i]
 	resource := document.Resources[key]
-	resource.Type == "AWS::CloudWatch::Alarm"
+	resource.Type == "AWS::ApiGateway::Stage"
 
 	properties := resource.Properties
 
-	not common_lib.valid_key(properties, "Metrics")
+	not common_lib.valid_key(properties, "MethodSettings")
 
 	result := {
 		"documentId": input.document[i].id,
 		"searchKey": sprintf("Resources.%s.Properties", [key]),
 		"issueType": "MissingAttribute",
-		"keyExpectedValue": sprintf("Resources.%s.Properties.Metrics should be defined", [key]),
-		"keyActualValue": sprintf("Resources.%s.Properties.Metrics is undefined", [key]),
+		"keyExpectedValue": sprintf("Resources.%s.Properties.MethodSettings should be defined", [key]),
+		"keyActualValue": sprintf("Resources.%s.Properties.MethodSettings is undefined", [key]),
+		"searchLine": common_lib.build_search_line(["Resources", key, "Properties"], []),
+	}
+}
+
+CxPolicy[result] {
+	document := input.document[i]
+	resource := document.Resources[key]
+	resource.Type == "AWS::ApiGateway::Stage"
+
+	methods := resource.Properties.MethodSettings
+	method := methods[idx]
+	not common_lib.valid_key(method, "MetricsEnabled")
+
+	result := {
+		"documentId": input.document[i].id,
+		"searchKey": sprintf("Resources.%s.Properties.MethodSettings", [key]),
+		"issueType": "MissingAttribute",
+		"keyExpectedValue": sprintf("Resources.%s.Properties.MethodSettings[%d].MetricsEnabled should be set to true", [key, idx]),
+		"keyActualValue": sprintf("Resources.%s.Properties.MethodSettings[%d].MetricsEnabled is undefined", [key, idx]),
+		"searchLine": common_lib.build_search_line(["Resources", key, "Properties", "MethodSettings"], [idx]),
+	}
+}
+
+CxPolicy[result] {
+	document := input.document[i]
+	resource := document.Resources[key]
+	resource.Type == "AWS::ApiGateway::Stage"
+
+	methods := resource.Properties.MethodSettings
+	method := methods[idx]
+	method.MetricsEnabled == "false"
+
+	result := {
+		"documentId": input.document[i].id,
+		"searchKey": sprintf("Resources.%s.Properties.MethodSettings", [key]),
+		"issueType": "MissingAttribute",
+		"keyExpectedValue": sprintf("Resources.%s.Properties.MethodSettings[%d].MetricsEnabled should be set to true", [key, idx]),
+		"keyActualValue": sprintf("Resources.%s.Properties.MethodSettings[%d].MetricsEnabled is set to false", [key, idx]),
+		"searchLine": common_lib.build_search_line(["Resources", key, "Properties", "MethodSettings", idx], ["MetricsEnabled"]),
 	}
 }
diff --git a/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/negative1.yaml b/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/negative1.yaml
index 86b90a5b14a..1bb00d62c97 100644
--- a/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/negative1.yaml
+++ b/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/negative1.yaml
@@ -1,29 +1,29 @@
 AWSTemplateFormatVersion: 2010-09-09
-Description: Creating ECS service
+Description: Creating TestDeployment
 Resources:
-  LambdaInvocationsAnomalyDetector:
-    Type: AWS::CloudWatch::AnomalyDetector
+  Prod:
+    Type: AWS::ApiGateway::Stage
     Properties:
-      MetricName: Invocations
-      Namespace: AWS/Lambda
-      Stat: Sum
-
-  LambdaInvocationsAlarm:
-    Type: AWS::CloudWatch::Alarm
-    Properties:
-      AlarmDescription: Lambda invocations
-      AlarmName: LambdaInvocationsAlarm
-      ComparisonOperator: LessThanLowerOrGreaterThanUpperThreshold
-      EvaluationPeriods: 1
-      Metrics:
-      - Expression: ANOMALY_DETECTION_BAND(m1, 2)
-        Id: ad1
-      - Id: m1
-        MetricStat:
-          Metric:
-            MetricName: Invocations
-            Namespace: AWS/Lambda
-          Period: !!int 86400
-          Stat: Sum
-      ThresholdMetricId: ad1
-      TreatMissingData: breaching
+      StageName: Prod
+      Description: Prod Stage
+      RestApiId: !Ref MyRestApi
+      DeploymentId: !Ref TestDeployment
+      DocumentationVersion: !Ref MyDocumentationVersion
+      ClientCertificateId: !Ref ClientCertificate
+      Variables:
+        Stack: Prod
+      MethodSettings:
+        - ResourcePath: /
+          HttpMethod: GET
+          MetricsEnabled: 'true'
+          DataTraceEnabled: 'false'
+        - ResourcePath: /stack
+          HttpMethod: POST
+          MetricsEnabled: 'true'
+          DataTraceEnabled: 'false'
+          ThrottlingBurstLimit: '999'
+        - ResourcePath: /stack
+          HttpMethod: GET
+          MetricsEnabled: 'true'
+          DataTraceEnabled: 'false'
+          ThrottlingBurstLimit: '555'
diff --git a/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/negative2.json b/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/negative2.json
index b5d15d62d25..2f5f864019f 100644
--- a/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/negative2.json
+++ b/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/negative2.json
@@ -1,39 +1,47 @@
 {
   "Resources": {
-    "LambdaInvocationsAnomalyDetector2": {
-      "Type": "AWS::CloudWatch::AnomalyDetector",
+    "Prod": {
+      "Type": "AWS::ApiGateway::Stage",
       "Properties": {
-        "MetricName": "Invocations",
-        "Namespace": "AWS/Lambda",
-        "Statistic": "Sum"
-      }
-    },
-    "LambdaInvocationsAlarm2": {
-      "Type": "AWS::CloudWatch::Alarm",
-      "Properties": {
-        "AlarmDescription": "Lambda invocations",
-        "AlarmName": "LambdaInvocationsAlarm",
-        "ComparisonOperator": "LessThanLowerOrGreaterThanUpperThreshold",
-        "EvaluationPeriods": 1,
-        "Metrics": [
+        "StageName": "Prod",
+        "Description": "Prod Stage",
+        "RestApiId": {
+          "Ref": "MyRestApi"
+        },
+        "DeploymentId": {
+          "Ref": "TestDeployment"
+        },
+        "DocumentationVersion": {
+          "Ref": "MyDocumentationVersion"
+        },
+        "ClientCertificateId": {
+          "Ref": "ClientCertificate"
+        },
+        "Variables": {
+          "Stack": "Prod"
+        },
+        "MethodSettings": [
+          {
+            "ResourcePath": "/",
+            "HttpMethod": "GET",
+            "MetricsEnabled": "true",
+            "DataTraceEnabled": "false"
+          },
           {
-            "Expression": "ANOMALY_DETECTION_BAND(m1, 2)",
-            "Id": "ad1"
+            "ResourcePath": "/stack",
+            "HttpMethod": "POST",
+            "MetricsEnabled": "true",
+            "DataTraceEnabled": "false",
+            "ThrottlingBurstLimit": "999"
           },
           {
-            "Id": "m1",
-            "MetricStat": {
-              "Metric": {
-                "MetricName": "Invocations",
-                "Namespace": "AWS/Lambda"
-              },
-              "Period": 86400,
-              "Stat": "Sum"
-            }
+            "ResourcePath": "/stack",
+            "HttpMethod": "GET",
+            "MetricsEnabled": "true",
+            "DataTraceEnabled": "false",
+            "ThrottlingBurstLimit": "555"
           }
-        ],
-        "ThresholdMetricId": "ad1",
-        "TreatMissingData": "breaching"
+        ]
       }
     }
   }
diff --git a/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/positive1.yaml b/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/positive1.yaml
index d4c47b7c453..90aacac6e8e 100644
--- a/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/positive1.yaml
+++ b/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/positive1.yaml
@@ -1,19 +1,28 @@
-AWSTemplateFormatVersion: "2010-09-09"
-Description: Creating ECS service
+AWSTemplateFormatVersion: 2010-09-09
+Description: Creating TestDeployment
 Resources:
-  LambdaInvocationsAnomalyDetector3:
-    Type: AWS::CloudWatch::AnomalyDetector
+  Prod:
+    Type: AWS::ApiGateway::Stage
     Properties:
-      MetricName: Invocations
-      Namespace: AWS/Lambda
-      Stat: Sum
-
-  LambdaInvocationsAlarm3:
-    Type: AWS::CloudWatch::Alarm
-    Properties:
-      AlarmDescription: Lambda invocations
-      AlarmName: LambdaInvocationsAlarm
-      ComparisonOperator: LessThanLowerOrGreaterThanUpperThreshold
-      EvaluationPeriods: 1
-      ThresholdMetricId: ad1
-      TreatMissingData: breaching
+      StageName: Prod
+      Description: Prod Stage
+      RestApiId: !Ref MyRestApi
+      DeploymentId: !Ref TestDeployment
+      DocumentationVersion: !Ref MyDocumentationVersion
+      ClientCertificateId: !Ref ClientCertificate
+      Variables:
+        Stack: Prod
+      MethodSettings:
+        - ResourcePath: /
+          HttpMethod: GET
+          MetricsEnabled: 'false'
+          DataTraceEnabled: 'false'
+        - ResourcePath: /stack
+          HttpMethod: POST
+          DataTraceEnabled: 'false'
+          ThrottlingBurstLimit: '999'
+        - ResourcePath: /stack
+          HttpMethod: GET
+          MetricsEnabled: 'true'
+          DataTraceEnabled: 'false'
+          ThrottlingBurstLimit: '555'
diff --git a/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/positive2.json b/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/positive2.json
index cd8b8688adf..ac339a4ee96 100644
--- a/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/positive2.json
+++ b/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/positive2.json
@@ -1,22 +1,46 @@
 {
   "Resources": {
-    "LambdaInvocationsAnomalyDetector4": {
-      "Type": "AWS::CloudWatch::AnomalyDetector",
+    "Prod": {
+      "Type": "AWS::ApiGateway::Stage",
       "Properties": {
-        "MetricName": "Invocations",
-        "Namespace": "AWS/Lambda",
-        "Statistic": "Sum"
-      }
-    },
-    "LambdaInvocationsAlarm4": {
-      "Type": "AWS::CloudWatch::Alarm",
-      "Properties": {
-        "AlarmDescription": "Lambda invocations",
-        "AlarmName": "LambdaInvocationsAlarm",
-        "ComparisonOperator": "LessThanLowerOrGreaterThanUpperThreshold",
-        "EvaluationPeriods": 1,
-        "ThresholdMetricId": "ad1",
-        "TreatMissingData": "breaching"
+        "StageName": "Prod",
+        "Description": "Prod Stage",
+        "RestApiId": {
+          "Ref": "MyRestApi"
+        },
+        "DeploymentId": {
+          "Ref": "TestDeployment"
+        },
+        "DocumentationVersion": {
+          "Ref": "MyDocumentationVersion"
+        },
+        "ClientCertificateId": {
+          "Ref": "ClientCertificate"
+        },
+        "Variables": {
+          "Stack": "Prod"
+        },
+        "MethodSettings": [
+          {
+            "ResourcePath": "/",
+            "HttpMethod": "GET",
+            "DataTraceEnabled": "false"
+          },
+          {
+            "ResourcePath": "/stack",
+            "HttpMethod": "POST",
+            "MetricsEnabled": "false",
+            "DataTraceEnabled": "false",
+            "ThrottlingBurstLimit": "999"
+          },
+          {
+            "ResourcePath": "/stack",
+            "HttpMethod": "GET",
+            "MetricsEnabled": "true",
+            "DataTraceEnabled": "false",
+            "ThrottlingBurstLimit": "555"
+          }
+        ]
       }
     }
   }
diff --git a/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/positive3.yaml b/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/positive3.yaml
new file mode 100644
index 00000000000..81953688ef8
--- /dev/null
+++ b/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/positive3.yaml
@@ -0,0 +1,14 @@
+AWSTemplateFormatVersion: 2010-09-09
+Description: Creating TestDeployment
+Resources:
+  Prod:
+    Type: AWS::ApiGateway::Stage
+    Properties:
+      StageName: Prod
+      Description: Prod Stage
+      RestApiId: !Ref MyRestApi
+      DeploymentId: !Ref TestDeployment
+      DocumentationVersion: !Ref MyDocumentationVersion
+      ClientCertificateId: !Ref ClientCertificate
+      Variables:
+        Stack: Prod
diff --git a/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/positive4.json b/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/positive4.json
new file mode 100644
index 00000000000..81623b514ec
--- /dev/null
+++ b/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/positive4.json
@@ -0,0 +1,26 @@
+{
+  "Resources": {
+    "Prod": {
+      "Type": "AWS::ApiGateway::Stage",
+      "Properties": {
+        "StageName": "Prod",
+        "Description": "Prod Stage",
+        "RestApiId": {
+          "Ref": "MyRestApi"
+        },
+        "DeploymentId": {
+          "Ref": "TestDeployment"
+        },
+        "DocumentationVersion": {
+          "Ref": "MyDocumentationVersion"
+        },
+        "ClientCertificateId": {
+          "Ref": "ClientCertificate"
+        },
+        "Variables": {
+          "Stack": "Prod"
+        }
+      }
+    }
+  }
+}
diff --git a/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/positive_expected_result.json b/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/positive_expected_result.json
index f1748d7eff5..8e2895e6052 100644
--- a/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/positive_expected_result.json
+++ b/assets/queries/cloudFormation/cloudwatch_metrics_disabled/test/positive_expected_result.json
@@ -2,13 +2,37 @@
   {
     "queryName": "CloudWatch Metrics Disabled",
     "severity": "MEDIUM",
-    "line": 13,
+    "line": 18,
     "fileName": "positive1.yaml"
   },
   {
-    "line": 13,
-    "fileName": "positive2.json",
     "queryName": "CloudWatch Metrics Disabled",
-    "severity": "MEDIUM"
+    "severity": "MEDIUM",
+    "line": 20,
+    "fileName": "positive1.yaml"
+  },
+  {
+    "queryName": "CloudWatch Metrics Disabled",
+    "severity": "MEDIUM",
+    "line": 25,
+    "fileName": "positive2.json"
+  },
+  {
+    "queryName": "CloudWatch Metrics Disabled",
+    "severity": "MEDIUM",
+    "line": 32,
+    "fileName": "positive2.json"
+  },
+  {
+    "queryName": "CloudWatch Metrics Disabled",
+    "severity": "MEDIUM",
+    "line": 6,
+    "fileName": "positive3.yaml"
+  },
+  {
+    "queryName": "CloudWatch Metrics Disabled",
+    "severity": "MEDIUM",
+    "line": 5,
+    "fileName": "positive4.json"
   }
 ]
diff --git a/e2e/fixtures/E2E_CLI_040_RESULT.html b/e2e/fixtures/E2E_CLI_040_RESULT.html
old mode 100644
new mode 100755
index 6d05b12554e..44e804098a1
--- a/e2e/fixtures/E2E_CLI_040_RESULT.html
+++ b/e2e/fixtures/E2E_CLI_040_RESULT.html
@@ -1,11 +1,11 @@
-<!doctype html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>KICS Scan Result</title><style>*{margin:0;padding:0;outline:0;box-sizing:border-box}body{font-family:sans-serif}.container{display:flex;align-items:center;flex-direction:column;margin:5px;border:1px solid #bebebe}.run-info{display:flex;flex-wrap:wrap;border:1px solid #bebebe;margin-top:10px;width:50vw}.run-info>span{flex-basis:50%;text-align:center}.counters{display:flex;flex-direction:row;margin:22px 0}.report-header-footer{display:flex;flex-direction:row;justify-content:space-between;border-bottom:1px solid #bebebe;width:100%;padding:15px 21px;background-color:#503e9e;height:50px;font-weight:700;font-size:14px;color:#fff;cursor:default;user-select:none}.report-header-footer>a{color:inherit;text-decoration:inherit}.report-header-footer>.title{font-size:18px}.report-header-footer>.title>span{color:#000}.report-header-footer>.timestamp{font-weight:400;font-style:italic;opacity:.5}.severity{display:flex;flex-direction:column;cursor:pointer;position:relative;margin:0 22px;align-items:center}.severity>.caption.selected{text-decoration:underline overline}.badge{color:#fff;border:2px solid #e8e8e8;border-radius:50%;cursor:default;user-select:none;padding:3px;font-size:10px;display:flex;align-items:center;justify-content:center;width:30px;height:30px;position:absolute;left:60%;top:50%}.kics-orange{color:#fc6e3a}.kics-orange>svg{fill:#fc6e3a}.kics-orange~.badge{background-color:#503e9e}.kics-purple{color:#503e9e}.kics-purple>svg{fill:#503e9e}.kics-purple~.badge{background-color:#fc6e3a}.severity>.icon>svg{width:80px;height:auto}.severity>.caption{font-size:16px;font-weight:bolder;user-select:none;cursor:default}.separator{border-top:1px solid #979797;opacity:.5;width:95%;margin:22px 0}.query{width:95vw}.query-title{display:flex;align-items:flex-start;flex-direction:column;width:100%}.query-title>h2{display:flex}.query-title>h2>div{width:20px;margin-right:12px;margin-left:-30px}.query>*{margin-left:30px}.query-info{display:flex;flex-direction:column;justify-content:space-between}.query-details{margin:12px 0;display:flex;flex-direction:column;text-align:justify}.query-details>span.query-description-title{font-size:18px;margin-top:5px}.query-details>span.cis-description-text{margin-top:5px}.query-details>span:last-child{font-size:14px}.vulnerable-info{border:1px #969696 solid;border-radius:2px;display:flex;flex-direction:column;margin:6px 9px}.vulnerable-info-header{display:flex;flex-direction:row;justify-content:space-between;margin:6px 9px}.vulnerable-info-details{display:flex;flex-direction:column;margin:6px 9px}.vulnerable-info-details>span>strong{width:5vw}.code-box{display:flex;flex-direction:column;background-color:#503e9e10}.code-line{display:flex;flex-direction:row;align-items:center;height:20px}.code-box>.error{background-color:#fc6e3a50}.code-line>.code-line-counter{font-size:10px;margin-left:9px;margin-right:10vw}.code-line>.code{font-family:monospace;font-size:16px}.kics-message{margin:24px 30vw;text-align:center}.love{color:#503e9d;font-style:italic}.social-networks{display:flex;flex-direction:row;align-items:center;justify-content:center;margin-bottom:24px}.social-networks>a{margin:0 15px}.social-networks>a>div>svg{width:20px;height:20px}.footer-text{font-style:italic;opacity:.5;font-weight:400;width:100%;display:flex;align-self:center;justify-content:center}a.checkmarx,a.checkmarx:visited,a.checkmarx:hover,a.checkmarx:active{cursor:pointer;font-weight:700;text-decoration:underline;color:#fff;opacity:.8}.hide{display:none}summary{cursor:pointer;user-select:none;font-size:18px;font-weight:700}</style><script>function filter(a){const b=document.querySelectorAll("[data-type='severity']");b.forEach(b=>a!=="TOTAL"&&a!==b.getAttribute("data-name")?b.classList.add("hide"):b.classList.remove("hide"));const c=document.querySelectorAll(".severity > .caption");c.forEach(b=>a&&a===b.innerText?b.classList.add("selected"):b.classList.remove("selected"))}</script></head><body><div class="container"><div class="report-header-footer"><span class="title">KICS <span>REPORT</span></span><span class="timestamp">08/27/2021 11:19</span><a href="https://www.kics.io/" rel="noopener" target="_blank">KICS.IO</a></div><div class="run-info"><span style="flex-basis:100%" id="scan-paths"><strong>KICS vdevelopment</strong></span>
+<!doctype html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>KICS Scan Result</title><style>*{margin:0;padding:0;outline:0;box-sizing:border-box}body{font-family:sans-serif}.container{display:flex;align-items:center;flex-direction:column;margin:5px;border:1px solid #bebebe}.run-info{display:flex;flex-wrap:wrap;border:1px solid #bebebe;margin-top:10px;width:50vw}.run-info>span{flex-basis:50%;text-align:center}.counters{display:flex;flex-direction:row;margin:22px 0}.report-header-footer{display:flex;flex-direction:row;justify-content:space-between;border-bottom:1px solid #bebebe;width:100%;padding:15px 21px;background-color:#503e9e;height:50px;font-weight:700;font-size:14px;color:#fff;cursor:default;user-select:none}.report-header-footer>a{color:inherit;text-decoration:inherit}.report-header-footer>.title{font-size:18px}.report-header-footer>.title>span{color:#000}.report-header-footer>.timestamp{font-weight:400;font-style:italic;opacity:.5}.severity{display:flex;flex-direction:column;cursor:pointer;position:relative;margin:0 22px;align-items:center}.severity>.caption.selected{text-decoration:underline overline}.badge{color:#fff;border:2px solid #e8e8e8;border-radius:50%;cursor:default;user-select:none;padding:3px;font-size:10px;display:flex;align-items:center;justify-content:center;width:30px;height:30px;position:absolute;left:60%;top:50%}.kics-orange{color:#fc6e3a}.kics-orange>svg{fill:#fc6e3a}.kics-orange~.badge{background-color:#503e9e}.kics-purple{color:#503e9e}.kics-purple>svg{fill:#503e9e}.kics-purple~.badge{background-color:#fc6e3a}.severity>.icon>svg{width:80px;height:auto}.severity>.caption{font-size:16px;font-weight:bolder;user-select:none;cursor:default}.separator{border-top:1px solid #979797;opacity:.5;width:95%;margin:22px 0}.query{width:95vw}.query-title{display:flex;align-items:flex-start;flex-direction:column;width:100%}.query-title>h2{display:flex}.query-title>h2>div{width:20px;margin-right:12px;margin-left:-30px}.query>*{margin-left:30px}.query-info{display:flex;flex-direction:column;justify-content:space-between}.query-details{margin:12px 0;display:flex;flex-direction:column;text-align:justify}.query-details>span.query-description-title{font-size:18px;margin-top:5px}.query-details>span.cis-description-text{margin-top:5px}.query-details>span:last-child{font-size:14px}.vulnerable-info{border:1px #969696 solid;border-radius:2px;display:flex;flex-direction:column;margin:6px 9px}.vulnerable-info-header{display:flex;flex-direction:row;justify-content:space-between;margin:6px 9px}.vulnerable-info-details{display:flex;flex-direction:column;margin:6px 9px}.vulnerable-info-details>span>strong{width:5vw}.code-box{display:flex;flex-direction:column;background-color:#503e9e10}.code-line{display:flex;flex-direction:row;align-items:center;height:20px}.code-box>.error{background-color:#fc6e3a50}.code-line>.code-line-counter{font-size:10px;margin-left:9px;margin-right:10vw}.code-line>.code{font-family:monospace;font-size:16px}.kics-message{margin:24px 30vw;text-align:center}.love{color:#503e9d;font-style:italic}.social-networks{display:flex;flex-direction:row;align-items:center;justify-content:center;margin-bottom:24px}.social-networks>a{margin:0 15px}.social-networks>a>div>svg{width:20px;height:20px}.footer-text{font-style:italic;opacity:.5;font-weight:400;width:100%;display:flex;align-self:center;justify-content:center}a.checkmarx,a.checkmarx:visited,a.checkmarx:hover,a.checkmarx:active{cursor:pointer;font-weight:700;text-decoration:underline;color:#fff;opacity:.8}.hide{display:none}summary{cursor:pointer;user-select:none;font-size:18px;font-weight:700}</style><script>function filter(a){const b=document.querySelectorAll("[data-type='severity']");b.forEach(b=>a!=="TOTAL"&&a!==b.getAttribute("data-name")?b.classList.add("hide"):b.classList.remove("hide"));const c=document.querySelectorAll(".severity > .caption");c.forEach(b=>a&&a===b.innerText?b.classList.add("selected"):b.classList.remove("selected"))}</script></head><body><div class="container"><div class="report-header-footer"><span class="title">KICS <span>REPORT</span></span><span class="timestamp">09/10/2021 13:07</span><a href="https://www.kics.io/" rel="noopener" target="_blank">KICS.IO</a></div><div class="run-info"><span style="flex-basis:100%" id="scan-paths"><strong>KICS vdevelopment</strong></span>
 <span style="flex-basis:100%" id="scan-paths"><strong>Scanned paths:</strong> fixtures/samples/positive.yaml</span>
-<span style="flex-basis:100%" id="scan-platforms"><strong>Platforms:</strong> CloudFormation</span><span id="scan-start-time"><strong>Start time:</strong> 11:19:26, Aug 27 2021</span>
-<span id="scan-end-time"><strong>End time:</strong> 11:19:30, Aug 27 2021</span></div><h2 style="margin-top:41px" class="kics-orange">Vulnerabilities:</h2><div class="counters"><div class="severity" onclick="filter('HIGH')"><div class="kics-orange icon"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><path d="M0,0h24v24H0V0z" fill="none"/></g><g><path d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M13,16h-2v-2h2V16z M13,12h-2V7h2V12z"/></g></svg></div><span class="badge" id="severity-count-high">4</span>
-<span class="caption">HIGH</span></div><div class="severity" onclick="filter('MEDIUM')"><div class="kics-orange icon"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><path d="M0,0h24v24H0V0z" fill="none"/></g><g><g><path d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z"/><rect height="2" width="2" x="11" y="14"/><rect height="5" width="2" x="11" y="7"/></g></g></svg></div><span class="badge" id="severity-count-medium">12</span>
+<span style="flex-basis:100%" id="scan-platforms"><strong>Platforms:</strong> CloudFormation</span><span id="scan-start-time"><strong>Start time:</strong> 13:07:06, Sep 10 2021</span>
+<span id="scan-end-time"><strong>End time:</strong> 13:07:08, Sep 10 2021</span></div><h2 style="margin-top:41px" class="kics-orange">Vulnerabilities:</h2><div class="counters"><div class="severity" onclick="filter('HIGH')"><div class="kics-orange icon"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><path d="M0,0h24v24H0V0z" fill="none"/></g><g><path d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M13,16h-2v-2h2V16z M13,12h-2V7h2V12z"/></g></svg></div><span class="badge" id="severity-count-high">4</span>
+<span class="caption">HIGH</span></div><div class="severity" onclick="filter('MEDIUM')"><div class="kics-orange icon"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><path d="M0,0h24v24H0V0z" fill="none"/></g><g><g><path d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z"/><rect height="2" width="2" x="11" y="14"/><rect height="5" width="2" x="11" y="7"/></g></g></svg></div><span class="badge" id="severity-count-medium">11</span>
 <span class="caption">MEDIUM</span></div><div class="severity" onclick="filter('LOW')"><div class="kics-purple icon"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><path d="M0,0h24v24H0V0z" fill="none"/></g><g><g><path d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z"/><rect height="2" width="2" x="11" y="14"/><rect height="5" width="2" x="11" y="7"/></g></g></svg></div><span class="badge" id="severity-count-low">5</span>
 <span class="caption">LOW</span></div><div class="severity" onclick="filter('INFO')"><div class="kics-purple icon"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><rect fill="none" height="24" width="24"/></g><g><g/><g><path d="M21,5l-9-4L3,5v6c0,5.55,3.84,10.74,9,12c2.3-0.56,4.33-1.9,5.88-3.71l-3.12-3.12c-1.94,1.29-4.58,1.07-6.29-0.64 c-1.95-1.95-1.95-5.12,0-7.07c1.95-1.95,5.12-1.95,7.07,0c1.71,1.71,1.92,4.35,0.64,6.29l2.9,2.9C20.29,15.69,21,13.38,21,11V5z"/><circle cx="12" cy="12" r="3"/></g></g></svg></div><span class="badge" id="severity-count-info">0</span>
-<span class="caption">INFO</span></div><div class="severity" onclick="filter('TOTAL')"><div class="kics-orange icon"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><rect fill="none" height="24" width="24"/></g><g><g/><g><path d="M21,5l-9-4L3,5v6c0,5.55,3.84,10.74,9,12c2.3-0.56,4.33-1.9,5.88-3.71l-3.12-3.12c-1.94,1.29-4.58,1.07-6.29-0.64 c-1.95-1.95-1.95-5.12,0-7.07c1.95-1.95,5.12-1.95,7.07,0c1.71,1.71,1.92,4.35,0.64,6.29l2.9,2.9C20.29,15.69,21,13.38,21,11V5z"/><circle cx="12" cy="12" r="3"/></g></g></svg></div><span class="badge" id="severity-count-total">21</span>
+<span class="caption">INFO</span></div><div class="severity" onclick="filter('TOTAL')"><div class="kics-orange icon"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><rect fill="none" height="24" width="24"/></g><g><g/><g><path d="M21,5l-9-4L3,5v6c0,5.55,3.84,10.74,9,12c2.3-0.56,4.33-1.9,5.88-3.71l-3.12-3.12c-1.94,1.29-4.58,1.07-6.29-0.64 c-1.95-1.95-1.95-5.12,0-7.07c1.95-1.95,5.12-1.95,7.07,0c1.71,1.71,1.92,4.35,0.64,6.29l2.9,2.9C20.29,15.69,21,13.38,21,11V5z"/><circle cx="12" cy="12" r="3"/></g></g></svg></div><span class="badge" id="severity-count-total">20</span>
 <span class="caption selected">TOTAL</span></div></div><div data-type="severity" data-name="HIGH"><hr class="separator"><div class="query"><div class="query-info"><div class="query-title"><h2><div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><path d="M0,0h24v24H0V0z" fill="none"/></g><g><path d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M13,16h-2v-2h2V16z M13,12h-2V7h2V12z"/></g></svg></div><span class="query-name">ALB Listening on HTTP</span></h2><span><strong>Platform:</strong> <span class="query-info-platform">CloudFormation</span></span>
 <span><strong>Category:</strong> <span class="query-info-category">Networking and Firewall</span></span></div><div class="query-details"><span class="query-description-title">All Application Load Balancers (ALB) should block connection requests over HTTP</span><span><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb-listener.html#cfn-ec2-elb-listener-protocol" rel="noopener" target="_blank">https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb-listener.html#cfn-ec2-elb-listener-protocol</a></span></div></div><details><summary>Results (<span class="severity-partial-count-high">1</span>)</summary><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: fixtures/samples/positive.yaml</strong>
 <span>Line 104</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> 'Resources.ALBListener.Protocol' not equal to 'HTTP'</span>
@@ -23,10 +23,7 @@
 <span><strong>Found:</strong> 'Resources.ECSALB' does not have an 'internal' scheme and a 'WebACLAssociation' associated</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">85</span><span class="code"> - Name: my-vol</span></div><div class="code-line error"><span class="code-line-counter">86</span><span class="code"> ECSALB:</span></div><div class="code-line"><span class="code-line-counter">87</span><span class="code"> Type: AWS::ElasticLoadBalancingV2::LoadBalancer</span></div></div></div></details></div></div><div data-type="severity" data-name="MEDIUM"><hr class="separator"><div class="query"><div class="query-info"><div class="query-title"><h2><div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><path d="M0,0h24v24H0V0z" fill="none"/></g><g><g><path d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z"/><rect height="2" width="2" x="11" y="14"/><rect height="5" width="2" x="11" y="7"/></g></g></svg></div><span class="query-name">Auto Scaling Group With No Associated ELB</span></h2><span><strong>Platform:</strong> <span class="query-info-platform">CloudFormation</span></span>
 <span><strong>Category:</strong> <span class="query-info-category">Availability</span></span></div><div class="query-details"><span class="query-description-title">AWS Auto Scaling Groups must have associated ELBs to ensure high availability and improve application performance. This means the attribute 'LoadBalancerNames' must be defined and not empty.</span><span><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html" rel="noopener" target="_blank">https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html</a></span></div></div><details><summary>Results (<span class="severity-partial-count-medium">1</span>)</summary><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: fixtures/samples/positive.yaml</strong>
 <span>Line 131</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> 'Resources.ECSAutoScalingGroup.Properties.LoadBalancerNames' is defined</span>
-<span><strong>Found:</strong> 'Resources.ECSAutoScalingGroup.Properties.LoadBalancerNames' is not defined</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">130</span><span class="code"> Type: AWS::AutoScaling::AutoScalingGroup</span></div><div class="code-line error"><span class="code-line-counter">131</span><span class="code"> Properties:</span></div><div class="code-line"><span class="code-line-counter">132</span><span class="code"> VPCZoneIdentifier: !Ref 'SubnetId'</span></div></div></div></details></div></div><div data-type="severity" data-name="MEDIUM"><hr class="separator"><div class="query"><div class="query-info"><div class="query-title"><h2><div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><path d="M0,0h24v24H0V0z" fill="none"/></g><g><g><path d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z"/><rect height="2" width="2" x="11" y="14"/><rect height="5" width="2" x="11" y="7"/></g></g></svg></div><span class="query-name">CloudWatch Metrics Disabled</span></h2><span><strong>Platform:</strong> <span class="query-info-platform">CloudFormation</span></span>
-<span><strong>Category:</strong> <span class="query-info-category">Observability</span></span></div><div class="query-details"><span class="query-description-title">Checks if CloudWatch Metrics is Enabled</span><span><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cw-alarm.html" rel="noopener" target="_blank">https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cw-alarm.html</a></span></div></div><details><summary>Results (<span class="severity-partial-count-medium">1</span>)</summary><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: fixtures/samples/positive.yaml</strong>
-<span>Line 211</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> Resources.ALB500sAlarmScaleUp.Properties.Metrics should be defined</span>
-<span><strong>Found:</strong> Resources.ALB500sAlarmScaleUp.Properties.Metrics is undefined</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">210</span><span class="code"> Type: AWS::CloudWatch::Alarm</span></div><div class="code-line error"><span class="code-line-counter">211</span><span class="code"> Properties:</span></div><div class="code-line"><span class="code-line-counter">212</span><span class="code"> EvaluationPeriods: 1</span></div></div></div></details></div></div><div data-type="severity" data-name="MEDIUM"><hr class="separator"><div class="query"><div class="query-info"><div class="query-title"><h2><div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><path d="M0,0h24v24H0V0z" fill="none"/></g><g><g><path d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z"/><rect height="2" width="2" x="11" y="14"/><rect height="5" width="2" x="11" y="7"/></g></g></svg></div><span class="query-name">ECS Service Without Running Tasks</span></h2><span><strong>Platform:</strong> <span class="query-info-platform">CloudFormation</span></span>
+<span><strong>Found:</strong> 'Resources.ECSAutoScalingGroup.Properties.LoadBalancerNames' is not defined</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">130</span><span class="code"> Type: AWS::AutoScaling::AutoScalingGroup</span></div><div class="code-line error"><span class="code-line-counter">131</span><span class="code"> Properties:</span></div><div class="code-line"><span class="code-line-counter">132</span><span class="code"> VPCZoneIdentifier: !Ref 'SubnetId'</span></div></div></div></details></div></div><div data-type="severity" data-name="MEDIUM"><hr class="separator"><div class="query"><div class="query-info"><div class="query-title"><h2><div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><path d="M0,0h24v24H0V0z" fill="none"/></g><g><g><path d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z"/><rect height="2" width="2" x="11" y="14"/><rect height="5" width="2" x="11" y="7"/></g></g></svg></div><span class="query-name">ECS Service Without Running Tasks</span></h2><span><strong>Platform:</strong> <span class="query-info-platform">CloudFormation</span></span>
 <span><strong>Category:</strong> <span class="query-info-category">Availability</span></span></div><div class="query-details"><span class="query-description-title">ECS Service should have at least 1 task running</span><span><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-deploymentconfiguration" rel="noopener" target="_blank">https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-service.html#cfn-ecs-service-deploymentconfiguration</a></span></div></div><details><summary>Results (<span class="severity-partial-count-medium">1</span>)</summary><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: fixtures/samples/positive.yaml</strong>
 <span>Line 159</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> Resources.service.Properties.DeploymentConfiguration is defined and not null</span>
 <span><strong>Found:</strong> Resources.service.Properties.DeploymentConfiguration is undefined or null</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">158</span><span class="code"> Type: AWS::ECS::Service</span></div><div class="code-line error"><span class="code-line-counter">159</span><span class="code"> Properties:</span></div><div class="code-line"><span class="code-line-counter">160</span><span class="code"> Cluster: !Ref 'ECSCluster'</span></div></div></div></details></div></div><div data-type="severity" data-name="MEDIUM"><hr class="separator"><div class="query"><div class="query-info"><div class="query-title"><h2><div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><path d="M0,0h24v24H0V0z" fill="none"/></g><g><g><path d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z"/><rect height="2" width="2" x="11" y="14"/><rect height="5" width="2" x="11" y="7"/></g></g></svg></div><span class="query-name">ELB With Security Group Without Inbound Rules</span></h2><span><strong>Platform:</strong> <span class="query-info-platform">CloudFormation</span></span>
@@ -40,29 +37,29 @@
 <span>Line 167</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> 'Resources.service.Properties.TaskDefinition' refers to a TaskDefinition with Role</span>
 <span><strong>Found:</strong> 'Resources.service.Properties.TaskDefinition' does not refer to a TaskDefinition with Role</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">166</span><span class="code"> Role: !Ref 'ECSServiceRole'</span></div><div class="code-line error"><span class="code-line-counter">167</span><span class="code"> TaskDefinition: !Ref 'TaskDefinition'</span></div><div class="code-line"><span class="code-line-counter">168</span><span class="code"> ECSServiceRole:</span></div></div></div></details></div></div><div data-type="severity" data-name="MEDIUM"><hr class="separator"><div class="query"><div class="query-info"><div class="query-title"><h2><div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><path d="M0,0h24v24H0V0z" fill="none"/></g><g><g><path d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z"/><rect height="2" width="2" x="11" y="14"/><rect height="5" width="2" x="11" y="7"/></g></g></svg></div><span class="query-name">Security Group Ingress With Port Range</span></h2><span><strong>Platform:</strong> <span class="query-info-platform">CloudFormation</span></span>
 <span><strong>Category:</strong> <span class="query-info-category">Networking and Firewall</span></span></div><div class="query-details"><span class="query-description-title">AWS Security Group Ingress should have a single port</span><span><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html" rel="noopener" target="_blank">https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html</a></span></div></div><details><summary>Results (<span class="severity-partial-count-medium">3</span>)</summary><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: fixtures/samples/positive.yaml</strong>
-<span>Line 35</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> Resources.EcsSecurityGroupALBports.Properties.FromPort is equal to Resources.EcsSecurityGroupALBports.Properties.ToPort</span>
-<span><strong>Found:</strong> Resources.EcsSecurityGroupALBports.Properties.FromPort is not equal to Resources.EcsSecurityGroupALBports.Properties.ToPort</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">34</span><span class="code"> Type: AWS::EC2::SecurityGroupIngress</span></div><div class="code-line error"><span class="code-line-counter">35</span><span class="code"> Properties:</span></div><div class="code-line"><span class="code-line-counter">36</span><span class="code"> GroupId: !Ref 'EcsSecurityGroup'</span></div></div></div><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: fixtures/samples/positive.yaml</strong>
 <span>Line 19</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> Resources.EcsSecurityGroupHTTPinbound02.Properties.FromPort is equal to Resources.EcsSecurityGroupHTTPinbound02.Properties.ToPort</span>
 <span><strong>Found:</strong> Resources.EcsSecurityGroupHTTPinbound02.Properties.FromPort is not equal to Resources.EcsSecurityGroupHTTPinbound02.Properties.ToPort</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">18</span><span class="code"> Type: AWS::EC2::SecurityGroupIngress</span></div><div class="code-line error"><span class="code-line-counter">19</span><span class="code"> Properties:</span></div><div class="code-line"><span class="code-line-counter">20</span><span class="code"> GroupId: !Ref 'EcsSecurityGroup'</span></div></div></div><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: fixtures/samples/positive.yaml</strong>
+<span>Line 35</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> Resources.EcsSecurityGroupALBports.Properties.FromPort is equal to Resources.EcsSecurityGroupALBports.Properties.ToPort</span>
+<span><strong>Found:</strong> Resources.EcsSecurityGroupALBports.Properties.FromPort is not equal to Resources.EcsSecurityGroupALBports.Properties.ToPort</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">34</span><span class="code"> Type: AWS::EC2::SecurityGroupIngress</span></div><div class="code-line error"><span class="code-line-counter">35</span><span class="code"> Properties:</span></div><div class="code-line"><span class="code-line-counter">36</span><span class="code"> GroupId: !Ref 'EcsSecurityGroup'</span></div></div></div><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: fixtures/samples/positive.yaml</strong>
 <span>Line 27</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> Resources.EcsSecurityGroupSSHinbound.Properties.FromPort is equal to Resources.EcsSecurityGroupSSHinbound.Properties.ToPort</span>
 <span><strong>Found:</strong> Resources.EcsSecurityGroupSSHinbound.Properties.FromPort is not equal to Resources.EcsSecurityGroupSSHinbound.Properties.ToPort</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">26</span><span class="code"> Type: AWS::EC2::SecurityGroupIngress</span></div><div class="code-line error"><span class="code-line-counter">27</span><span class="code"> Properties:</span></div><div class="code-line"><span class="code-line-counter">28</span><span class="code"> GroupId: !Ref 'EcsSecurityGroup'</span></div></div></div></details></div></div><div data-type="severity" data-name="MEDIUM"><hr class="separator"><div class="query"><div class="query-info"><div class="query-title"><h2><div class="kics-orange"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><path d="M0,0h24v24H0V0z" fill="none"/></g><g><g><path d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z"/><rect height="2" width="2" x="11" y="14"/><rect height="5" width="2" x="11" y="7"/></g></g></svg></div><span class="query-name">Unrestricted Security Group Ingress</span></h2><span><strong>Platform:</strong> <span class="query-info-platform">CloudFormation</span></span>
 <span><strong>Category:</strong> <span class="query-info-category">Networking and Firewall</span></span></div><div class="query-details"><span class="query-description-title">AWS Security Group Ingress CIDR should not be open to the world</span><span><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html" rel="noopener" target="_blank">https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html</a></span></div></div><details><summary>Results (<span class="severity-partial-count-medium">2</span>)</summary><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: fixtures/samples/positive.yaml</strong>
-<span>Line 24</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp is not open to the world (0.0.0.0/0)</span>
-<span><strong>Found:</strong> Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp is open to the world (0.0.0.0/0)</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">23</span><span class="code"> ToPort: 0</span></div><div class="code-line error"><span class="code-line-counter">24</span><span class="code"> CidrIp: 0.0.0.0/0</span></div><div class="code-line"><span class="code-line-counter">25</span><span class="code"> EcsSecurityGroupSSHinbound:</span></div></div></div><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: fixtures/samples/positive.yaml</strong>
 <span>Line 32</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp is not open to the world (0.0.0.0/0)</span>
-<span><strong>Found:</strong> Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp is open to the world (0.0.0.0/0)</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">31</span><span class="code"> ToPort: 0</span></div><div class="code-line error"><span class="code-line-counter">32</span><span class="code"> CidrIp: 0.0.0.0/0</span></div><div class="code-line"><span class="code-line-counter">33</span><span class="code"> EcsSecurityGroupALBports:</span></div></div></div></details></div></div><div data-type="severity" data-name="LOW"><hr class="separator"><div class="query"><div class="query-info"><div class="query-title"><h2><div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><path d="M0,0h24v24H0V0z" fill="none"/></g><g><g><path d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z"/><rect height="2" width="2" x="11" y="14"/><rect height="5" width="2" x="11" y="7"/></g></g></svg></div><span class="query-name">ECS Task Definition HealthCheck Missing</span></h2><span><strong>Platform:</strong> <span class="query-info-platform">CloudFormation</span></span>
+<span><strong>Found:</strong> Resources.EcsSecurityGroupSSHinbound.Properties.CidrIp is open to the world (0.0.0.0/0)</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">31</span><span class="code"> ToPort: 0</span></div><div class="code-line error"><span class="code-line-counter">32</span><span class="code"> CidrIp: 0.0.0.0/0</span></div><div class="code-line"><span class="code-line-counter">33</span><span class="code"> EcsSecurityGroupALBports:</span></div></div></div><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: fixtures/samples/positive.yaml</strong>
+<span>Line 24</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp is not open to the world (0.0.0.0/0)</span>
+<span><strong>Found:</strong> Resources.EcsSecurityGroupHTTPinbound02.Properties.CidrIp is open to the world (0.0.0.0/0)</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">23</span><span class="code"> ToPort: 0</span></div><div class="code-line error"><span class="code-line-counter">24</span><span class="code"> CidrIp: 0.0.0.0/0</span></div><div class="code-line"><span class="code-line-counter">25</span><span class="code"> EcsSecurityGroupSSHinbound:</span></div></div></div></details></div></div><div data-type="severity" data-name="LOW"><hr class="separator"><div class="query"><div class="query-info"><div class="query-title"><h2><div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><path d="M0,0h24v24H0V0z" fill="none"/></g><g><g><path d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z"/><rect height="2" width="2" x="11" y="14"/><rect height="5" width="2" x="11" y="7"/></g></g></svg></div><span class="query-name">ECS Task Definition HealthCheck Missing</span></h2><span><strong>Platform:</strong> <span class="query-info-platform">CloudFormation</span></span>
 <span><strong>Category:</strong> <span class="query-info-category">Observability</span></span></div><div class="query-details"><span class="query-description-title">Amazon ECS must have the HealthCheck property defined to give more control over monitoring the health of tasks</span><span><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html" rel="noopener" target="_blank">https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecs-taskdefinition-healthcheck.html</a></span></div></div><details><summary>Results (<span class="severity-partial-count-low">2</span>)</summary><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: fixtures/samples/positive.yaml</strong>
 <span>Line 51</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> 'Resources.TaskDefinition.Properties.ContainerDefinitions' contains 'HealthCheck' property</span>
 <span><strong>Found:</strong> 'Resources.TaskDefinition.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">50</span><span class="code"> ContainerDefinitions:</span></div><div class="code-line error"><span class="code-line-counter">51</span><span class="code"> - Name: simple-app</span></div><div class="code-line"><span class="code-line-counter">52</span><span class="code"> Cpu: 10</span></div></div></div><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: fixtures/samples/positive.yaml</strong>
 <span>Line 67</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> 'Resources.TaskDefinition.Properties.ContainerDefinitions' contains 'HealthCheck' property</span>
 <span><strong>Found:</strong> 'Resources.TaskDefinition.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">66</span><span class="code"> - ContainerPort: 80</span></div><div class="code-line error"><span class="code-line-counter">67</span><span class="code"> - Name: busybox</span></div><div class="code-line"><span class="code-line-counter">68</span><span class="code"> Cpu: 10</span></div></div></div></details></div></div><div data-type="severity" data-name="LOW"><hr class="separator"><div class="query"><div class="query-info"><div class="query-title"><h2><div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><path d="M0,0h24v24H0V0z" fill="none"/></g><g><g><path d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z"/><rect height="2" width="2" x="11" y="14"/><rect height="5" width="2" x="11" y="7"/></g></g></svg></div><span class="query-name">Security Group Rule Without Description</span></h2><span><strong>Platform:</strong> <span class="query-info-platform">CloudFormation</span></span>
 <span><strong>Category:</strong> <span class="query-info-category">Best Practices</span></span></div><div class="query-details"><span class="query-description-title">AWS Security Group Rule should have description defined</span><span><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html" rel="noopener" target="_blank">https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group.html</a></span></div></div><details><summary>Results (<span class="severity-partial-count-low">3</span>)</summary><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: fixtures/samples/positive.yaml</strong>
+<span>Line 19</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> Resources.EcsSecurityGroupHTTPinbound02.Properties.Description is set</span>
+<span><strong>Found:</strong> Resources.EcsSecurityGroupHTTPinbound02.Properties.Description is undefined</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">18</span><span class="code"> Type: AWS::EC2::SecurityGroupIngress</span></div><div class="code-line error"><span class="code-line-counter">19</span><span class="code"> Properties:</span></div><div class="code-line"><span class="code-line-counter">20</span><span class="code"> GroupId: !Ref 'EcsSecurityGroup'</span></div></div></div><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: fixtures/samples/positive.yaml</strong>
 <span>Line 27</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> Resources.EcsSecurityGroupSSHinbound.Properties.Description is set</span>
 <span><strong>Found:</strong> Resources.EcsSecurityGroupSSHinbound.Properties.Description is undefined</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">26</span><span class="code"> Type: AWS::EC2::SecurityGroupIngress</span></div><div class="code-line error"><span class="code-line-counter">27</span><span class="code"> Properties:</span></div><div class="code-line"><span class="code-line-counter">28</span><span class="code"> GroupId: !Ref 'EcsSecurityGroup'</span></div></div></div><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: fixtures/samples/positive.yaml</strong>
 <span>Line 35</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> Resources.EcsSecurityGroupALBports.Properties.Description is set</span>
-<span><strong>Found:</strong> Resources.EcsSecurityGroupALBports.Properties.Description is undefined</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">34</span><span class="code"> Type: AWS::EC2::SecurityGroupIngress</span></div><div class="code-line error"><span class="code-line-counter">35</span><span class="code"> Properties:</span></div><div class="code-line"><span class="code-line-counter">36</span><span class="code"> GroupId: !Ref 'EcsSecurityGroup'</span></div></div></div><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: fixtures/samples/positive.yaml</strong>
-<span>Line 19</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> Resources.EcsSecurityGroupHTTPinbound02.Properties.Description is set</span>
-<span><strong>Found:</strong> Resources.EcsSecurityGroupHTTPinbound02.Properties.Description is undefined</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">18</span><span class="code"> Type: AWS::EC2::SecurityGroupIngress</span></div><div class="code-line error"><span class="code-line-counter">19</span><span class="code"> Properties:</span></div><div class="code-line"><span class="code-line-counter">20</span><span class="code"> GroupId: !Ref 'EcsSecurityGroup'</span></div></div></div></details></div></div><hr class="separator"><div class="kics-message">KICS is open and will always stay such. Both the scanning engine and the security queries are clear and open for the software development community.</div><div class="love">Spread the love:</div><div class="social-networks"><a href="https://github.com/Checkmarx/kics/" rel="noopener" target="_blank"><div><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 20 20">
+<span><strong>Found:</strong> Resources.EcsSecurityGroupALBports.Properties.Description is undefined</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">34</span><span class="code"> Type: AWS::EC2::SecurityGroupIngress</span></div><div class="code-line error"><span class="code-line-counter">35</span><span class="code"> Properties:</span></div><div class="code-line"><span class="code-line-counter">36</span><span class="code"> GroupId: !Ref 'EcsSecurityGroup'</span></div></div></div></details></div></div><hr class="separator"><div class="kics-message">KICS is open and will always stay such. Both the scanning engine and the security queries are clear and open for the software development community.</div><div class="love">Spread the love:</div><div class="social-networks"><a href="https://github.com/Checkmarx/kics/" rel="noopener" target="_blank"><div><svg xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewBox="0 0 20 20">
     <g fill="none" fill-rule="evenodd">
         <g fill="#626264" fill-rule="nonzero">
             <g>
@@ -72,4 +69,4 @@
             </g>
         </g>
     </g>
-</svg></div></a></div><div class="report-header-footer"><span class="footer-text">The KICS project is powered by&nbsp;<a href="https://www.checkmarx.com/" class="checkmarx" rel="noopener" target="_blank">Checkmarx</a>, global leader of Application Security Testing</span></div></div></body></html>
+</svg></div></a></div><div class="report-header-footer"><span class="footer-text">The KICS project is powered by&nbsp;<a href="https://www.checkmarx.com/" class="checkmarx" rel="noopener" target="_blank">Checkmarx</a>, global leader of Application Security Testing</span></div></div></body></html>
\ No newline at end of file