Aqua CSPM scan reports contain a wealth of information related to the security posture of your cloud infrastructure environments. These reports contain security findings and results that indicate the status and severity of these security risks.


Scan Result Overview

Every scan report result is comprised of the following pieces of information:

Examples:PASS, WARN, FAIL, UNKNOWNLow, Medium, High, Criticalus-east-1, ap-northeast-1arn:aws:s3:::example-bucket"The S3 bucket is not encrypted"

Scan Result Status

Each scan report result contains one of the following status codes:

  • PASS - A passing result, indicating that the security risk is not present
  • WARN - A warning result, indicating that a security risk may be present
  • FAIL - A failing result, indicating that a security risk is present
  • UNKNOWN - An unknown result, indicating that the security risk could not be determined

Scan Result Severity

Each scan report result also contains one of the following severity levels:

  • Low - The risk of a compromise is not significant
  • Medium - There is a moderate chance of compromise, depending on other mitigating factors
  • High - There is a high risk of compromise
  • Critical - There is an immediate risk of compromise or a compromise may have already occurred

New Risks

The first scan report that runs in your account is used as a baseline for the second report, which becomes a baseline for the third and so on. As scans are run, new risks are detected and highlighted in your scan reports using the New Risk label. A new risk is a risk that was previously not present or passing in the previous report and is now warning or failing.