mcp server

[hemanthgk10]

• fix: release triggers on PR merge, version-bump uses single commit (fix: release triggers on PR merge, version-bump uses single commit #30)
• docs: fix inaccurate README claims for auto-remediation and dependency caching (docs: fix inaccurate README claims #35)
• chore: sync release workflow fixes from main (chore: sync release workflow fixes from main #36)
• feat: Add the support for MCP Server to get better context for the findings

[lacework-code-security]

Lacework Code Security

When a Pull Request in a repository is submitted, the Lacework FortiCNAPP runs scans on both the source and target branches and compares the results to identify any issues which will be introduced by the source branch.

Infrastructure as Code - Found 9 new potential violation(s) - Severity 🛑 High

Expand Details

The Lacework FortiCNAPP Infrastructure as Code (IaC) static analyzer evaluated infrastructure as code (IaC) files and identified the following security and compliance violations in the source branch. See summary in Lacework FortiCNAPP.

Violation	Description	Location	Severity
S3 bucket does not block public access	S3 buckets should have all block public access options enabled. AWS's S3 Block Public Access feature has four settings: BlockPublicAcls, IgnorePublicAcls, BlockPublicPolicy, and RestrictPublicBuckets. All four settings should be enabled to help prevent the risk of a data breach.	vulnerable.tf#L70 plugins/code-security/tests/fixtures/	🛑 High
S3 bucket does not block public access	S3 buckets should have all block public access options enabled. AWS's S3 Block Public Access feature has four settings: BlockPublicAcls, IgnorePublicAcls, BlockPublicPolicy, and RestrictPublicBuckets. All four settings should be enabled to help prevent the risk of a data breach.	vulnerable.tf#L43 plugins/code-security/tests/fixtures/	🛑 High
S3 Versioning should be enabled	You can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets. With versioning you can recover more easily from both unintended user actions and application failures. After versioning is enabled for a bucket, if Amazon S3 receives multiple write requests for the same object simultaneously, it stores all of those objects.	vulnerable.tf#L43 plugins/code-security/tests/fixtures/	🟧 Medium
S3 bucket does not have access logging	S3 bucket access logging should be enabled for all buckets. Enabling access logging provides detailed records for the requests that are made to a S3 bucket. This information is useful for security and compliance auditing purposes.	vulnerable.tf#L70 plugins/code-security/tests/fixtures/	🟧 Medium
S3 bucket does not have access logging	S3 bucket access logging should be enabled for all buckets. Enabling access logging provides detailed records for the requests that are made to a S3 bucket. This information is useful for security and compliance auditing purposes.	vulnerable.tf#L43 plugins/code-security/tests/fixtures/	🟧 Medium
Ensure that S3 bucket has cross-region replication enabled	Amazon S3 Cross-Region Replication (CRR) is a feature that automatically replicates objects from one S3 bucket to another in a different AWS Region. This policy checks whether S3 buckets have CRR enabled, which is crucial for data redundancy, compliance, and improving access latency for geographically distributed workloads.	vulnerable.tf#L43 plugins/code-security/tests/fixtures/	🟧 Medium
S3 Versioning should be enabled	You can use the S3 Versioning feature to preserve, retrieve, and restore every version of every object stored in your buckets. With versioning you can recover more easily from both unintended user actions and application failures. After versioning is enabled for a bucket, if Amazon S3 receives multiple write requests for the same object simultaneously, it stores all of those objects.	vulnerable.tf#L70 plugins/code-security/tests/fixtures/	🟧 Medium
Ensure S3 bucket policies do not allow actions with wildcard Principal	Ensure S3 bucket policies do not allow actions with the Principal set to '*', which grants permissions to all users and accounts. Instead, specify only the required users or roles for better security.	vulnerable.tf#L52 plugins/code-security/tests/fixtures/	🟧 Medium
Ensure that S3 bucket has cross-region replication enabled	Amazon S3 Cross-Region Replication (CRR) is a feature that automatically replicates objects from one S3 bucket to another in a different AWS Region. This policy checks whether S3 buckets have CRR enabled, which is crucial for data redundancy, compliance, and improving access latency for geographically distributed workloads.	vulnerable.tf#L70 plugins/code-security/tests/fixtures/	🟧 Medium