Local CSPM Lite Report

Scan Metadata

Provider: aws
AWS Account: 000000000000
Regions: us-west-1
Collected (UTC): 2026-01-02T00:00:00+00:00
Coverage: FULL (7/7 APIs successful)

Permissions & Coverage

This shows which AWS API calls were accessible during the scan. Missing access can reduce scan coverage.

Service	Action	Status	Error
sts	GetCallerIdentity	OK	—
ec2	DescribeSecurityGroups	OK	—
s3	ListBuckets	OK	—
s3	GetBucketLocation	OK	—
s3	GetPublicAccessBlock	OK	—
s3	GetBucketPolicyStatus	OK	—
s3	GetBucketPolicy	OK	—

Collected Inventory

Security Groups (by region)

Region	Security Groups	Collector Notes
us-west-1	1	OK

S3 Buckets

Total buckets collected: 1

Bucket	Region	Public Access Block	Policy Status
demo-public-bucket	us-west-1	present	IsPublic=True

Findings (6)

Evaluated Findings (6)

Risk	Rule	Resource	Region	Evidence
100	AWS_SG_INGRESS_SSH_WORLD	sg-demo123	us-west-1	0.0.0.0/0 allows port 22 (tcp) \| demo open ssh to world
100	AWS_SG_INGRESS_RDP_WORLD	sg-demo123	us-west-1	0.0.0.0/0 allows all ports (-1) \| demo all traffic open
100	AWS_SG_INGRESS_ALL_WORLD	sg-demo123	us-west-1	0.0.0.0/0 allows all ports (-1) \| demo all traffic open
90	AWS_SG_INGRESS_SSH_ANY	sg-demo123	us-west-1	0.0.0.0/0 allows port 22 (tcp) \| demo open ssh to world (cidr=0.0.0.0/0)
85	AWS_S3_BUCKET_POLICY_PUBLIC	demo-public-bucket	us-west-1	Bucket policy status indicates IsPublic=True
80	AWS_S3_PUBLIC_ACCESS_BLOCK_DISABLED	demo-public-bucket	us-west-1	PublicAccessBlock not fully enabled: BlockPublicAcls=False, IgnorePublicAcls=False, BlockPublicPolicy=False, RestrictPublicBuckets=False

Remediation Summary

Mode: LIVE (changes applied)

Eligible findings: 4
Applied: 4
Skipped: 2
Failed: 0

Applied Remediations

Status	Rule	Resource	Action	Details
SUCCESS	AWS_SG_INGRESS_SSH_WORLD	sg-demo123	REMOVE_INGRESS_RULE	[DEMO] Revoked tcp port 22 from 0.0.0.0/0 on sg-demo123
SUCCESS	AWS_SG_INGRESS_RDP_WORLD	sg-demo123	REMOVE_INGRESS_RULE	[DEMO] Revoked tcp port 3389 from 0.0.0.0/0 on sg-demo123
SUCCESS	AWS_SG_INGRESS_ALL_WORLD	sg-demo123	REMOVE_INGRESS_RULE	[DEMO] Revoked -1 port all from 0.0.0.0/0 on sg-demo123
SUCCESS	AWS_S3_PUBLIC_ACCESS_BLOCK_DISABLED	demo-public-bucket	ENABLE_PUBLIC_ACCESS_BLOCK	[DEMO] Enabled Public Access Block on demo-public-bucket

Skipped Remediations

Status	Rule	Resource	Reason
SKIPPED	AWS_SG_INGRESS_SSH_ANY	sg-demo123	SSH to any CIDR - requires manual review
SKIPPED	AWS_S3_BUCKET_POLICY_PUBLIC	demo-public-bucket	Bucket policy changes not supported for auto-fix (business logic)

Drift (vs previous scan)

Previous snapshot: C:\Users\Sid-Gaming\Downloads\local-cspm-lite\snapshots\aws\000000000000\20260101T000000Z.json
Latest snapshot: C:\Users\Sid-Gaming\Downloads\local-cspm-lite\snapshots\aws\000000000000\20260102T000000Z.json

New findings: 5
Resolved findings: 0
Persisting findings: 1
Risk increased: 1
Risk decreased: 0

New Findings

Risk	Rule	Resource	Region	Evidence
100	AWS_SG_INGRESS_ALL_WORLD	sg-demo123	us-west-1	0.0.0.0/0 allows all ports (-1) \| demo all traffic open
100	AWS_SG_INGRESS_RDP_WORLD	sg-demo123	us-west-1	0.0.0.0/0 allows all ports (-1) \| demo all traffic open
100	AWS_SG_INGRESS_SSH_WORLD	sg-demo123	us-west-1	0.0.0.0/0 allows port 22 (tcp) \| demo open ssh to world
85	AWS_S3_BUCKET_POLICY_PUBLIC	demo-public-bucket	us-west-1	Bucket policy status indicates IsPublic=True
80	AWS_S3_PUBLIC_ACCESS_BLOCK_DISABLED	demo-public-bucket	us-west-1	PublicAccessBlock not fully enabled: BlockPublicAcls=False, IgnorePublicAcls=False, BlockPublicPolicy=False, RestrictPublicBuckets=False

Resolved Findings

No resolved findings.

Risk Increased

Before	After	Rule	Resource	Region
70	90	AWS_SG_INGRESS_SSH_ANY	sg-demo123	us-west-1

Risk Decreased

No decreased-risk findings.