diff --git a/cmd/tfsec-docs/main.go b/cmd/tfsec-docs/main.go
index a1c5d9ba32..46df57ef9d 100644
--- a/cmd/tfsec-docs/main.go
+++ b/cmd/tfsec-docs/main.go
@@ -56,6 +56,14 @@ func getSortedFileContents() []*FileContent {
 		if r.Rule().Terraform == nil {
 			continue
 		}
+		var badExample string
+		if len(r.Rule().Terraform.BadExamples) > 0 {
+			badExample = r.Rule().Terraform.BadExamples[0]
+		}
+		var goodExample string
+		if len(r.Rule().Terraform.GoodExamples) > 0 {
+			goodExample = r.Rule().Terraform.GoodExamples[0]
+		}
 		provider := string(r.Rule().Provider)
 		checkMap[provider] = append(checkMap[provider], templateObject{
 			ID:          r.Rule().LongID(),
@@ -67,8 +75,8 @@ func getSortedFileContents() []*FileContent {
 			Explanation: r.Rule().Explanation,
 			Impact:      r.Rule().Impact,
 			Resolution:  r.Rule().Resolution,
-			BadExample:  r.Rule().Terraform.BadExamples[0],
-			GoodExample: r.Rule().Terraform.GoodExamples[0],
+			BadExample:  badExample,
+			GoodExample: goodExample,
 			Links:       append(r.Rule().Terraform.Links, r.Rule().Links...),
 		})
 	}
diff --git a/docs/checks/aws/api-gateway/enable-cache/index.md b/docs/checks/aws/api-gateway/enable-cache/index.md
new file mode 100644
index 0000000000..63625ccdbb
--- /dev/null
+++ b/docs/checks/aws/api-gateway/enable-cache/index.md
@@ -0,0 +1,86 @@
+---
+title: Ensure that response caching is enabled for your Amazon API Gateway REST APIs.
+---
+
+# Ensure that response caching is enabled for your Amazon API Gateway REST APIs.
+
+### Default Severity: <span class="severity low">low</span>
+
+### Explanation
+
+A REST API in API Gateway is a collection of resources and methods that are integrated with backend HTTP endpoints, Lambda functions, or other AWS services. You can enable API caching in Amazon API Gateway to cache your endpoint responses. With caching, you can reduce the number of calls made to your endpoint and also improve the latency of requests to your API.
+
+### Possible Impact
+Reduce the number of calls made to your API endpoint and also improve the latency of requests to your API with response caching.
+
+### Suggested Resolution
+Enable cache
+
+
+### Insecure Example
+
+The following example will fail the aws-api-gateway-enable-cache check.
+```terraform
+
+ resource "aws_api_gateway_rest_api" "example" {
+	
+ }
+
+ resource "aws_api_gateway_stage" "example" {
+	rest_api_id = aws_api_gateway_rest_api.example.id
+ }
+
+ resource "aws_api_gateway_method_settings" "bad_example" {
+   rest_api_id = aws_api_gateway_rest_api.example.id
+   stage_name  = aws_api_gateway_stage.example.stage_name
+   method_path = "path1/GET"
+ 
+   settings {
+     metrics_enabled = true
+     logging_level   = "INFO"
+     caching_enabled = false
+   }
+ }
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the aws-api-gateway-enable-cache check.
+```terraform
+
+ resource "aws_api_gateway_rest_api" "example" {
+	
+ }
+
+ resource "aws_api_gateway_stage" "example" {
+
+ }
+
+ resource "aws_api_gateway_method_settings" "good_example" {
+   rest_api_id = aws_api_gateway_rest_api.example.id
+   stage_name  = aws_api_gateway_stage.example.stage_name
+   method_path = "path1/GET"
+ 
+   settings {
+     metrics_enabled = true
+     logging_level   = "INFO"
+     caching_enabled = true
+   }
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method_settings#cache_enabled](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_method_settings#cache_enabled){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/aws/api-gateway/index.md b/docs/checks/aws/api-gateway/index.md
index be404afd08..2e52237185 100644
--- a/docs/checks/aws/api-gateway/index.md
+++ b/docs/checks/aws/api-gateway/index.md
@@ -9,6 +9,8 @@ title: api-gateway
 
 - [enable-access-logging](enable-access-logging) API Gateway stages for V1 and V2 should have access logging enabled
 
+- [enable-cache](enable-cache) Ensure that response caching is enabled for your Amazon API Gateway REST APIs.
+
 - [enable-cache-encryption](enable-cache-encryption) API Gateway must have cache enabled
 
 - [enable-tracing](enable-tracing) API Gateway must have X-Ray tracing enabled
diff --git a/docs/checks/aws/ec2/index.md b/docs/checks/aws/ec2/index.md
index 006ac14bb0..10052cfef7 100644
--- a/docs/checks/aws/ec2/index.md
+++ b/docs/checks/aws/ec2/index.md
@@ -23,7 +23,7 @@ title: ec2
 
 - [no-default-vpc](no-default-vpc) AWS best practice to not use the default VPC for workflows
 
-- [no-excessive-port-access](no-excessive-port-access) An ingress Network ACL rule allows ALL ports.
+- [no-excessive-port-access](no-excessive-port-access) An Network ACL rule allows ALL ports.
 
 - [no-public-egress-sgr](no-public-egress-sgr) An egress security group rule allows traffic to /0.
 
@@ -41,6 +41,8 @@ title: ec2
 
 - [no-sensitive-info](no-sensitive-info) Ensure all data stored in the launch configuration EBS is securely encrypted
 
+- [require-vpc-flow-logs-for-all-vpcs](require-vpc-flow-logs-for-all-vpcs) VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. After you've created a flow log, you can view and retrieve its data in Amazon CloudWatch Logs. It is recommended that VPC Flow Logs be enabled for packet "Rejects" for VPCs.
+
 - [volume-encryption-customer-key](volume-encryption-customer-key) EBS volume encryption should use Customer Managed Keys
 
 
diff --git a/docs/checks/aws/ec2/no-excessive-port-access/index.md b/docs/checks/aws/ec2/no-excessive-port-access/index.md
index fdb659cc60..8db91046d6 100644
--- a/docs/checks/aws/ec2/no-excessive-port-access/index.md
+++ b/docs/checks/aws/ec2/no-excessive-port-access/index.md
@@ -1,8 +1,8 @@
 ---
-title: An ingress Network ACL rule allows ALL ports.
+title: An Network ACL rule allows ALL ports.
 ---
 
-# An ingress Network ACL rule allows ALL ports.
+# An Network ACL rule allows ALL ports.
 
 ### Default Severity: <span class="severity critical">critical</span>
 
@@ -11,7 +11,7 @@ title: An ingress Network ACL rule allows ALL ports.
 Ensure access to specific required ports is allowed, and nothing else.
 
 ### Possible Impact
-All ports exposed for egressing data
+All ports exposed for ingressing/egressing data
 
 ### Suggested Resolution
 Set specific allowed ports
diff --git a/docs/checks/aws/ec2/require-vpc-flow-logs-for-all-vpcs/index.md b/docs/checks/aws/ec2/require-vpc-flow-logs-for-all-vpcs/index.md
new file mode 100644
index 0000000000..0f881be079
--- /dev/null
+++ b/docs/checks/aws/ec2/require-vpc-flow-logs-for-all-vpcs/index.md
@@ -0,0 +1,29 @@
+---
+title: VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. After you've created a flow log, you can view and retrieve its data in Amazon CloudWatch Logs. It is recommended that VPC Flow Logs be enabled for packet "Rejects" for VPCs.
+---
+
+# VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. After you've created a flow log, you can view and retrieve its data in Amazon CloudWatch Logs. It is recommended that VPC Flow Logs be enabled for packet "Rejects" for VPCs.
+
+### Default Severity: <span class="severity medium">medium</span>
+
+### Explanation
+
+VPC Flow Logs provide visibility into network traffic that traverses the VPC and can be used to detect anomalous traffic or insight during security workflows.
+
+### Possible Impact
+Without VPC flow logs, you risk not having enough information about network traffic flow to investigate incidents or identify security issues.
+
+### Suggested Resolution
+Enable flow logs for VPC
+
+
+
+
+
+### Links
+
+
+- [https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/RootDeviceStorage.html](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/RootDeviceStorage.html){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/aws/elb/drop-invalid-headers/index.md b/docs/checks/aws/elb/drop-invalid-headers/index.md
index 587e8c71b8..ccdc4db850 100644
--- a/docs/checks/aws/elb/drop-invalid-headers/index.md
+++ b/docs/checks/aws/elb/drop-invalid-headers/index.md
@@ -10,7 +10,7 @@ title: Load balancers should drop invalid headers
 
 Passing unknown or invalid headers through to the target poses a potential risk of compromise. 
 
-By setting drop_invalid_header_fields to true, anything that does not conform to well known, defined headers will be removed by the load balancer.
+By setting drop_invalid_header_fields to true, anything that doe not conform to well known, defined headers will be removed by the load balancer.
 
 ### Possible Impact
 Invalid headers being passed through to the target of the load balance may exploit vulnerabilities
diff --git a/docs/checks/aws/elb/use-secure-tls-policy/index.md b/docs/checks/aws/elb/use-secure-tls-policy/index.md
index b1c00e5986..c7a3ca535d 100644
--- a/docs/checks/aws/elb/use-secure-tls-policy/index.md
+++ b/docs/checks/aws/elb/use-secure-tls-policy/index.md
@@ -37,7 +37,7 @@ The following example will pass the aws-elb-use-secure-tls-policy check.
 ```terraform
 
  resource "aws_alb_listener" "good_example" {
- 	ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01"
+ 	ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06"
  	protocol = "HTTPS"
  }
  
diff --git a/docs/checks/aws/msk/enable-at-rest-encryption/index.md b/docs/checks/aws/msk/enable-at-rest-encryption/index.md
new file mode 100644
index 0000000000..f17d709283
--- /dev/null
+++ b/docs/checks/aws/msk/enable-at-rest-encryption/index.md
@@ -0,0 +1,57 @@
+---
+title: A MSK cluster allows unencrypted data at rest.
+---
+
+# A MSK cluster allows unencrypted data at rest.
+
+### Default Severity: <span class="severity high">high</span>
+
+### Explanation
+
+Encryption should be forced for Kafka clusters, including at rest. This ensures sensitive data is kept private.
+
+### Possible Impact
+Intercepted data can be read at rest
+
+### Suggested Resolution
+Enable at rest encryption
+
+
+### Insecure Example
+
+The following example will fail the aws-msk-enable-at-rest-encryption check.
+```terraform
+
+ resource "aws_msk_cluster" "bad_example" {
+ 	encryption_info {
+ 	}
+ }
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the aws-msk-enable-at-rest-encryption check.
+```terraform
+
+ resource "aws_msk_cluster" "good_example" {
+ 	encryption_info {
+		encryption_at_rest_kms_key_arn = "foo-bar-key"
+ 	}
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#encryption_info-argument-reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#encryption_info-argument-reference){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://docs.aws.amazon.com/msk/latest/developerguide/msk-encryption.html](https://docs.aws.amazon.com/msk/latest/developerguide/msk-encryption.html){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/aws/msk/index.md b/docs/checks/aws/msk/index.md
index 6c44ba01f1..f388c1077a 100644
--- a/docs/checks/aws/msk/index.md
+++ b/docs/checks/aws/msk/index.md
@@ -7,6 +7,8 @@ title: msk
 ## Checks
 
 
+- [enable-at-rest-encryption](enable-at-rest-encryption) A MSK cluster allows unencrypted data at rest.
+
 - [enable-in-transit-encryption](enable-in-transit-encryption) A MSK cluster allows unencrypted data in transit.
 
 - [enable-logging](enable-logging) Ensure MSK Cluster logging is enabled
diff --git a/docs/checks/aws/rds/no-public-db-access/index.md b/docs/checks/aws/rds/no-public-db-access/index.md
index 4ff83b994d..222bb8ea2b 100644
--- a/docs/checks/aws/rds/no-public-db-access/index.md
+++ b/docs/checks/aws/rds/no-public-db-access/index.md
@@ -25,7 +25,7 @@ The following example will fail the aws-rds-no-public-db-access check.
  resource "aws_db_instance" "bad_example" {
  	publicly_accessible = true
  }
- 
+
 ```
 
 
@@ -38,7 +38,7 @@ The following example will pass the aws-rds-no-public-db-access check.
  resource "aws_db_instance" "good_example" {
  	publicly_accessible = false
  }
- 
+
 ```
 
 
diff --git a/docs/checks/azure/container/limit-authorized-ips/index.md b/docs/checks/azure/container/limit-authorized-ips/index.md
index 0ba2100213..32ab35002a 100644
--- a/docs/checks/azure/container/limit-authorized-ips/index.md
+++ b/docs/checks/azure/container/limit-authorized-ips/index.md
@@ -36,9 +36,13 @@ The following example will pass the azure-container-limit-authorized-ips check.
 ```terraform
 
  resource "azurerm_kubernetes_cluster" "good_example" {
-     api_server_authorized_ip_ranges = [
+	api_server_access_profile {
+		authorized_ip_ranges = [
  		"1.2.3.4/32"
  	]
+
+	}
+     
  }
  
 ```
diff --git a/docs/checks/azure/storage/use-secure-tls-policy/index.md b/docs/checks/azure/storage/use-secure-tls-policy/index.md
index 76f11645ec..2ddd43da86 100644
--- a/docs/checks/azure/storage/use-secure-tls-policy/index.md
+++ b/docs/checks/azure/storage/use-secure-tls-policy/index.md
@@ -30,6 +30,7 @@ The following example will fail the azure-storage-use-secure-tls-policy check.
    name                     = "storageaccountname"
    resource_group_name      = azurerm_resource_group.example.name
    location                 = azurerm_resource_group.example.location
+   min_tls_version          = "TLS1_0"
  }
  
 ```
diff --git a/docs/checks/google/compute/disk-encryption-no-plaintext-key/index.md b/docs/checks/google/compute/disk-encryption-no-plaintext-key/index.md
index 360478639f..26af0d185e 100644
--- a/docs/checks/google/compute/disk-encryption-no-plaintext-key/index.md
+++ b/docs/checks/google/compute/disk-encryption-no-plaintext-key/index.md
@@ -22,7 +22,7 @@ Reference a managed key rather than include the key in raw format.
 The following example will fail the google-compute-disk-encryption-no-plaintext-key check.
 ```terraform
 
- resource "google_compute_disk" "good_example" {
+ resource "google_compute_disk" "bad_example" {
  	disk_encryption_key {
  		raw_key="b2ggbm8gdGhpcyBpcyBiYWQ="
  	}
diff --git a/docs/checks/google/compute/enable-shielded-vm-im/index.md b/docs/checks/google/compute/enable-shielded-vm-im/index.md
index 8055ab39d9..01742c7bd4 100644
--- a/docs/checks/google/compute/enable-shielded-vm-im/index.md
+++ b/docs/checks/google/compute/enable-shielded-vm-im/index.md
@@ -54,7 +54,7 @@ The following example will fail the google-compute-enable-shielded-vm-im check.
 The following example will pass the google-compute-enable-shielded-vm-im check.
 ```terraform
 
- resource "google_compute_instance" "bad_example" {
+ resource "google_compute_instance" "good_example" {
    name         = "test"
    machine_type = "e2-medium"
    zone         = "us-central1-a"
diff --git a/docs/checks/google/compute/enable-shielded-vm-sb/index.md b/docs/checks/google/compute/enable-shielded-vm-sb/index.md
new file mode 100644
index 0000000000..a6d6cfed4f
--- /dev/null
+++ b/docs/checks/google/compute/enable-shielded-vm-sb/index.md
@@ -0,0 +1,92 @@
+---
+title: Instances should have Shielded VM secure boot enabled
+---
+
+# Instances should have Shielded VM secure boot enabled
+
+### Default Severity: <span class="severity medium">medium</span>
+
+### Explanation
+
+Secure boot helps ensure that the system only runs authentic software.
+
+### Possible Impact
+Unable to verify digital signature of boot components, and unable to stop the boot process if verificaiton fails.
+
+### Suggested Resolution
+Enable Shielded VM secure boot
+
+
+### Insecure Example
+
+The following example will fail the google-compute-enable-shielded-vm-sb check.
+```terraform
+
+ resource "google_compute_instance" "bad_example" {
+   name         = "test"
+   machine_type = "e2-medium"
+   zone         = "us-central1-a"
+ 
+   tags = ["foo", "bar"]
+ 
+   boot_disk {
+     initialize_params {
+       image = "debian-cloud/debian-9"
+     }
+   }
+ 
+   // Local SSD disk
+   scratch_disk {
+     interface = "SCSI"
+   }
+ 
+   shielded_instance_config {
+     enable_secure_boot = false
+   }
+ }
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the google-compute-enable-shielded-vm-sb check.
+```terraform
+
+ resource "google_compute_instance" "good_example" {
+   name         = "test"
+   machine_type = "e2-medium"
+   zone         = "us-central1-a"
+ 
+   tags = ["foo", "bar"]
+ 
+   boot_disk {
+     initialize_params {
+       image = "debian-cloud/debian-9"
+     }
+   }
+ 
+   // Local SSD disk
+   scratch_disk {
+     interface = "SCSI"
+   }
+ 
+   shielded_instance_config {
+     enable_secure_boot = true
+   }
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance#enable_secure_boot](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance#enable_secure_boot){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://cloud.google.com/security/shielded-cloud/shielded-vm#secure-boot](https://cloud.google.com/security/shielded-cloud/shielded-vm#secure-boot){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/google/compute/enable-shielded-vm-vtpm/index.md b/docs/checks/google/compute/enable-shielded-vm-vtpm/index.md
index 3fc257a78b..5f93ba52aa 100644
--- a/docs/checks/google/compute/enable-shielded-vm-vtpm/index.md
+++ b/docs/checks/google/compute/enable-shielded-vm-vtpm/index.md
@@ -54,7 +54,7 @@ The following example will fail the google-compute-enable-shielded-vm-vtpm check
 The following example will pass the google-compute-enable-shielded-vm-vtpm check.
 ```terraform
 
- resource "google_compute_instance" "bad_example" {
+ resource "google_compute_instance" "good_example" {
    name         = "test"
    machine_type = "e2-medium"
    zone         = "us-central1-a"
diff --git a/docs/checks/google/compute/index.md b/docs/checks/google/compute/index.md
index a5ba629755..06798267c1 100644
--- a/docs/checks/google/compute/index.md
+++ b/docs/checks/google/compute/index.md
@@ -13,6 +13,8 @@ title: compute
 
 - [enable-shielded-vm-im](enable-shielded-vm-im) Instances should have Shielded VM integrity monitoring enabled
 
+- [enable-shielded-vm-sb](enable-shielded-vm-sb) Instances should have Shielded VM secure boot enabled
+
 - [enable-shielded-vm-vtpm](enable-shielded-vm-vtpm) Instances should have Shielded VM VTPM enabled
 
 - [enable-vpc-flow-logs](enable-vpc-flow-logs) VPC flow logs should be enabled for all subnetworks
diff --git a/docs/checks/google/compute/no-ip-forwarding/index.md b/docs/checks/google/compute/no-ip-forwarding/index.md
index 885a8fd9f3..8a59b26f45 100644
--- a/docs/checks/google/compute/no-ip-forwarding/index.md
+++ b/docs/checks/google/compute/no-ip-forwarding/index.md
@@ -50,7 +50,7 @@ The following example will fail the google-compute-no-ip-forwarding check.
 The following example will pass the google-compute-no-ip-forwarding check.
 ```terraform
 
- resource "google_compute_instance" "bad_example" {
+ resource "google_compute_instance" "good_example" {
    name         = "test"
    machine_type = "e2-medium"
    zone         = "us-central1-a"
diff --git a/docs/checks/google/gke/index.md b/docs/checks/google/gke/index.md
index a274921f1b..0d2a7a4c6e 100644
--- a/docs/checks/google/gke/index.md
+++ b/docs/checks/google/gke/index.md
@@ -23,8 +23,6 @@ title: gke
 
 - [enable-stackdriver-monitoring](enable-stackdriver-monitoring) Stackdriver Monitoring should be enabled
 
-- [enforce-pod-security-policy](enforce-pod-security-policy) Pod security policy enforcement not defined.
-
 - [metadata-endpoints-disabled](metadata-endpoints-disabled) Legacy metadata endpoints enabled.
 
 - [no-legacy-authentication](no-legacy-authentication) Legacy client authentication methods utilized.
diff --git a/docs/checks/google/iam/index.md b/docs/checks/google/iam/index.md
index ee903df8d8..9311c524e9 100644
--- a/docs/checks/google/iam/index.md
+++ b/docs/checks/google/iam/index.md
@@ -1,27 +1,13 @@
 ---
-title: iam
+title: IAM
 ---
 
-# iam
+# IAM
 
 ## Checks
 
 
-- [no-default-network](no-default-network) Default network should not be created at project level
-
-- [no-folder-level-default-service-account-assignment](no-folder-level-default-service-account-assignment) Roles should not be assigned to default service accounts
-
-- [no-org-level-default-service-account-assignment](no-org-level-default-service-account-assignment) Roles should not be assigned to default service accounts
-
-- [no-org-level-service-account-impersonation](no-org-level-service-account-impersonation) Users should not be granted service account access at the organization level
-
-- [no-privileged-service-accounts](no-privileged-service-accounts) Service accounts should not have roles assigned with excessive privileges
-
-- [no-project-level-default-service-account-assignment](no-project-level-default-service-account-assignment) Roles should not be assigned to default service accounts
-
-- [no-project-level-service-account-impersonation](no-project-level-service-account-impersonation) Users should not be granted service account access at the project level
-
-- [no-user-granted-permissions](no-user-granted-permissions) IAM granted directly to user.
+- [no-folder-level-service-account-impersonation](no-folder-level-service-account-impersonation) Users should not be granted service account access at the folder level
 
 
 
diff --git a/docs/checks/google/iam/no-conditions-workload-identity-pool-provider/index.md b/docs/checks/google/iam/no-conditions-workload-identity-pool-provider/index.md
new file mode 100644
index 0000000000..6b657af8d7
--- /dev/null
+++ b/docs/checks/google/iam/no-conditions-workload-identity-pool-provider/index.md
@@ -0,0 +1,96 @@
+---
+title: A configuration for an external workload identity pool provider should have conditions set
+---
+
+# A configuration for an external workload identity pool provider should have conditions set
+
+### Default Severity: <span class="severity high">high</span>
+
+### Explanation
+
+In GitHub Actions, one can authenticate to Google Cloud by setting values for `workload_identity_provider` and `service_account` and requesting a short-lived OIDC token which is then used to execute commands as that Service Account. If you don't specify a condition in the workload identity provider pool configuration, then any GitHub Action can assume this role and act as that Service Account.
+
+### Possible Impact
+Allows an external attacker to authenticate as the attached service account and act with its permissions
+
+### Suggested Resolution
+Set conditions on this provider, for example by restricting it to only be allowed from repositories in your GitHub organization
+
+
+### Insecure Example
+
+The following example will fail the google-iam-no-conditions-workload-identity-pool-provider check.
+```terraform
+
+  resource "google_iam_workload_identity_pool" "github" {
+    provider = google
+    project  = data.google_project.project.project_id
+    workload_identity_pool_id = "github"
+  }
+
+  resource "google_iam_workload_identity_pool_provider" "github" {
+    provider = google
+    project  = data.google_project.project.project_id
+    workload_identity_pool_id          = google_iam_workload_identity_pool.github-actions[0].workload_identity_pool_id
+    workload_identity_pool_provider_id = "github"
+
+    attribute_mapping = {
+      "google.subject"       = "assertion.sub"
+      "attribute.actor"      = "assertion.actor"
+      "attribute.aud"        = "assertion.aud"
+      "attribute.repository" = "assertion.repository"
+    }
+
+    oidc {
+      issuer_uri = "https://token.actions.githubusercontent.com"
+    }
+  }
+
+```
+
+
+
+### Secure Example
+
+The following example will pass the google-iam-no-conditions-workload-identity-pool-provider check.
+```terraform
+
+  resource "google_iam_workload_identity_pool" "github" {
+    provider = google
+    project  = data.google_project.project.project_id
+    workload_identity_pool_id = "github"
+  }
+
+  resource "google_iam_workload_identity_pool_provider" "github" {
+    provider = google
+    project  = data.google_project.project.project_id
+    workload_identity_pool_id          = google_iam_workload_identity_pool.github-actions[0].workload_identity_pool_id
+    workload_identity_pool_provider_id = "github"
+
+    attribute_condition = "assertion.repository_owner=='your-github-organization'"
+
+    attribute_mapping = {
+      "google.subject"       = "assertion.sub"
+      "attribute.actor"      = "assertion.actor"
+      "attribute.aud"        = "assertion.aud"
+      "attribute.repository" = "assertion.repository"
+    }
+
+    oidc {
+      issuer_uri = "https://token.actions.githubusercontent.com"
+    }
+  }
+
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/iam_workload_identity_pool_provider#attribute_condition](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/iam_workload_identity_pool_provider#attribute_condition){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://www.revblock.dev/exploiting-misconfigured-google-cloud-service-accounts-from-github-actions/](https://www.revblock.dev/exploiting-misconfigured-google-cloud-service-accounts-from-github-actions/){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/google/storage/bucket-encryption-customer-key/index.md b/docs/checks/google/storage/bucket-encryption-customer-key/index.md
new file mode 100644
index 0000000000..e44a8afac2
--- /dev/null
+++ b/docs/checks/google/storage/bucket-encryption-customer-key/index.md
@@ -0,0 +1,64 @@
+---
+title: Cloud Storage buckets should be encrypted with a customer-managed key.
+---
+
+# Cloud Storage buckets should be encrypted with a customer-managed key.
+
+### Default Severity: <span class="severity low">low</span>
+
+### Explanation
+
+Using unmanaged keys makes rotation and general management difficult.
+
+### Possible Impact
+Using unmanaged keys does not allow for proper key management.
+
+### Suggested Resolution
+Encrypt Cloud Storage buckets using customer-managed keys.
+
+
+### Insecure Example
+
+The following example will fail the google-storage-bucket-encryption-customer-key check.
+```terraform
+
+ resource "google_storage_bucket" "default" {
+   name                        = "my-default-bucket"
+   location                    = "EU"
+   force_destroy               = true
+   uniform_bucket_level_access = true
+ }
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the google-storage-bucket-encryption-customer-key check.
+```terraform
+
+ resource "google_storage_bucket" "default" {
+   name                        = "my-default-bucket"
+   location                    = "EU"
+   force_destroy               = true
+   uniform_bucket_level_access = true
+
+   encryption {
+     default_kms_key_name = "projects/my-pet-project/locations/us-east1/keyRings/my-key-ring/cryptoKeys/my-key"
+   }
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket#encryption](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket#encryption){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://cloud.google.com/storage/docs/encryption/customer-managed-keys](https://cloud.google.com/storage/docs/encryption/customer-managed-keys){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/google/storage/index.md b/docs/checks/google/storage/index.md
index 4cf1819ba5..103ddc1784 100644
--- a/docs/checks/google/storage/index.md
+++ b/docs/checks/google/storage/index.md
@@ -7,6 +7,8 @@ title: storage
 ## Checks
 
 
+- [bucket-encryption-customer-key](bucket-encryption-customer-key) Cloud Storage buckets should be encrypted with a customer-managed key.
+
 - [enable-ubla](enable-ubla) Ensure that Cloud Storage buckets have uniform bucket-level access enabled
 
 - [no-public-access](no-public-access) Ensure that Cloud Storage bucket is not anonymously or publicly accessible.
diff --git a/docs/checks/nifcloud/computing/add-description-to-security-group-rule/index.md b/docs/checks/nifcloud/computing/add-description-to-security-group-rule/index.md
new file mode 100644
index 0000000000..046fd51ea3
--- /dev/null
+++ b/docs/checks/nifcloud/computing/add-description-to-security-group-rule/index.md
@@ -0,0 +1,67 @@
+---
+title: Missing description for security group rule.
+---
+
+# Missing description for security group rule.
+
+### Default Severity: <span class="severity low">low</span>
+
+### Explanation
+
+Security group rules should include a description for auditing purposes.
+
+Simplifies auditing, debugging, and managing security groups.
+
+### Possible Impact
+Descriptions provide context for the firewall rule reasons
+
+### Suggested Resolution
+Add descriptions for all security groups rules
+
+
+### Insecure Example
+
+The following example will fail the nifcloud-computing-add-description-to-security-group-rule check.
+```terraform
+
+ resource "nifcloud_security_group_rule" "bad_example" {
+   type        = "IN"
+   description = ""
+   from_port   = 80
+   to_port     = 80
+   protocol    = "TCP"
+   cidr_ip     = nifcloud_private_lan.main.cidr_block
+ }
+
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the nifcloud-computing-add-description-to-security-group-rule check.
+```terraform
+
+ resource "nifcloud_security_group_rule" "good_example" {
+   type        = "IN"
+   description = "HTTP from VPC"
+   from_port   = 80
+   to_port     = 80
+   protocol    = "TCP"
+   cidr_ip     = nifcloud_private_lan.main.cidr_block
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/security_group_rule#description](https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/security_group_rule#description){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://pfs.nifcloud.com/help/fw/rule_new.htm](https://pfs.nifcloud.com/help/fw/rule_new.htm){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/nifcloud/computing/add-description-to-security-group/index.md b/docs/checks/nifcloud/computing/add-description-to-security-group/index.md
new file mode 100644
index 0000000000..f276cd66a7
--- /dev/null
+++ b/docs/checks/nifcloud/computing/add-description-to-security-group/index.md
@@ -0,0 +1,58 @@
+---
+title: Missing description for security group.
+---
+
+# Missing description for security group.
+
+### Default Severity: <span class="severity low">low</span>
+
+### Explanation
+
+Security groups should include a description for auditing purposes.
+
+Simplifies auditing, debugging, and managing security groups.
+
+### Possible Impact
+Descriptions provide context for the firewall rule reasons
+
+### Suggested Resolution
+Add descriptions for all security groups
+
+
+### Insecure Example
+
+The following example will fail the nifcloud-computing-add-description-to-security-group check.
+```terraform
+
+ resource "nifcloud_security_group" "bad_example" {
+   group_name  = "http"
+   description = ""
+ }
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the nifcloud-computing-add-description-to-security-group check.
+```terraform
+
+ resource "nifcloud_security_group" "good_example" {
+   group_name  = "http"
+   description = "Allow inbound HTTP traffic"
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/security_group#description](https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/security_group#description){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://pfs.nifcloud.com/help/fw/change.htm](https://pfs.nifcloud.com/help/fw/change.htm){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/nifcloud/computing/add-security-group-to-instance/index.md b/docs/checks/nifcloud/computing/add-security-group-to-instance/index.md
new file mode 100644
index 0000000000..e302e13576
--- /dev/null
+++ b/docs/checks/nifcloud/computing/add-security-group-to-instance/index.md
@@ -0,0 +1,64 @@
+---
+title: Missing security group for instance.
+---
+
+# Missing security group for instance.
+
+### Default Severity: <span class="severity critical">critical</span>
+
+### Explanation
+
+Need to add a security group to your instance.
+
+### Possible Impact
+A security group controls the traffic that is allowed to reach and leave the resources that it is associated with.
+
+### Suggested Resolution
+Add security group for all instances
+
+
+### Insecure Example
+
+The following example will fail the nifcloud-computing-add-security-group-to-instance check.
+```terraform
+
+ resource "nifcloud_instance" "bad_example" {
+   image_id        = data.nifcloud_image.ubuntu.id
+   security_group  = ""
+
+   network_interface {
+     network_id = "net-COMMON_GLOBAL"
+   }
+ }
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the nifcloud-computing-add-security-group-to-instance check.
+```terraform
+
+ resource "nifcloud_instance" "good_example" {
+   image_id        = data.nifcloud_image.ubuntu.id
+   security_group  = nifcloud_security_group.example.group_name
+
+   network_interface {
+     network_id = "net-COMMON_GLOBAL"
+   }
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/instance#security_group](https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/instance#security_group){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://pfs.nifcloud.com/help/server/change_fw.htm](https://pfs.nifcloud.com/help/server/change_fw.htm){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/nifcloud/computing/index.md b/docs/checks/nifcloud/computing/index.md
new file mode 100644
index 0000000000..70fa89756d
--- /dev/null
+++ b/docs/checks/nifcloud/computing/index.md
@@ -0,0 +1,21 @@
+---
+title: computing
+---
+
+# computing
+
+## Checks
+
+
+- [add-description-to-security-group](add-description-to-security-group) Missing description for security group.
+
+- [add-description-to-security-group-rule](add-description-to-security-group-rule) Missing description for security group rule.
+
+- [add-security-group-to-instance](add-security-group-to-instance) Missing security group for instance.
+
+- [no-common-private-instance](no-common-private-instance) The instance has common private network
+
+- [no-public-ingress-sgr](no-public-ingress-sgr) An ingress security group rule allows traffic from /0.
+
+
+
diff --git a/docs/checks/nifcloud/computing/no-common-private-instance/index.md b/docs/checks/nifcloud/computing/no-common-private-instance/index.md
new file mode 100644
index 0000000000..9f270694be
--- /dev/null
+++ b/docs/checks/nifcloud/computing/no-common-private-instance/index.md
@@ -0,0 +1,64 @@
+---
+title: The instance has common private network
+---
+
+# The instance has common private network
+
+### Default Severity: <span class="severity low">low</span>
+
+### Explanation
+
+When handling sensitive data between servers, please consider using a private LAN to isolate the private side network from the shared network.
+
+### Possible Impact
+The common private network is shared with other users
+
+### Suggested Resolution
+Use private LAN
+
+
+### Insecure Example
+
+The following example will fail the nifcloud-computing-no-common-private-instance check.
+```terraform
+
+ resource "nifcloud_instance" "bad_example" {
+   image_id        = data.nifcloud_image.ubuntu.id
+   security_group  = nifcloud_security_group.example.group_name
+
+   network_interface {
+     network_id = "net-COMMON_PRIVATE"
+   }
+ }
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the nifcloud-computing-no-common-private-instance check.
+```terraform
+
+ resource "nifcloud_instance" "good_example" {
+   image_id        = data.nifcloud_image.ubuntu.id
+   security_group  = nifcloud_security_group.example.group_name
+
+   network_interface {
+     network_id = nifcloud_private_lan.main.id
+   }
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/instance#network_id](https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/instance#network_id){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://pfs.nifcloud.com/service/plan.htm](https://pfs.nifcloud.com/service/plan.htm){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/nifcloud/computing/no-public-ingress-sgr/index.md b/docs/checks/nifcloud/computing/no-public-ingress-sgr/index.md
new file mode 100644
index 0000000000..99741dac3a
--- /dev/null
+++ b/docs/checks/nifcloud/computing/no-public-ingress-sgr/index.md
@@ -0,0 +1,58 @@
+---
+title: An ingress security group rule allows traffic from /0.
+---
+
+# An ingress security group rule allows traffic from /0.
+
+### Default Severity: <span class="severity critical">critical</span>
+
+### Explanation
+
+Opening up ports to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that explicitly require it where possible.
+When publishing web applications, use a load balancer instead of publishing directly to instances.
+		
+
+### Possible Impact
+Your port exposed to the internet
+
+### Suggested Resolution
+Set a more restrictive cidr range
+
+
+### Insecure Example
+
+The following example will fail the nifcloud-computing-no-public-ingress-sgr check.
+```terraform
+
+ resource "nifcloud_security_group_rule" "bad_example" {
+ 	type    = "IN"
+ 	cidr_ip = "0.0.0.0/0"
+ }
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the nifcloud-computing-no-public-ingress-sgr check.
+```terraform
+
+ resource "nifcloud_security_group_rule" "good_example" {
+ 	type    = "IN"
+ 	cidr_ip = "10.0.0.0/16"
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/security_group_rule#cidr_ip](https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/security_group_rule#cidr_ip){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://pfs.nifcloud.com/help/fw/rule_new.htm](https://pfs.nifcloud.com/help/fw/rule_new.htm){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/nifcloud/index.md b/docs/checks/nifcloud/index.md
new file mode 100644
index 0000000000..ff1aecd495
--- /dev/null
+++ b/docs/checks/nifcloud/index.md
@@ -0,0 +1,18 @@
+---
+title: nifcloud
+---
+
+# nifcloud
+
+## Services
+
+
+- [computing](computing)
+
+- [nas](nas)
+
+- [network](network)
+
+- [rdb](rdb)
+
+
diff --git a/docs/checks/nifcloud/nas/add-description-to-nas-security-group/index.md b/docs/checks/nifcloud/nas/add-description-to-nas-security-group/index.md
new file mode 100644
index 0000000000..3ed6c90602
--- /dev/null
+++ b/docs/checks/nifcloud/nas/add-description-to-nas-security-group/index.md
@@ -0,0 +1,58 @@
+---
+title: Missing description for nas security group.
+---
+
+# Missing description for nas security group.
+
+### Default Severity: <span class="severity low">low</span>
+
+### Explanation
+
+NAS security groups should include a description for auditing purposes.
+
+Simplifies auditing, debugging, and managing nas security groups.
+
+### Possible Impact
+Descriptions provide context for the firewall rule reasons
+
+### Suggested Resolution
+Add descriptions for all nas security groups
+
+
+### Insecure Example
+
+The following example will fail the nifcloud-nas-add-description-to-nas-security-group check.
+```terraform
+
+ resource "nifcloud_nas_security_group" "bad_example" {
+   name        = "app"
+   description = ""
+ }
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the nifcloud-nas-add-description-to-nas-security-group check.
+```terraform
+
+ resource "nifcloud_nas_security_group" "good_example" {
+   group_name  = "app"
+   description = "Allow from app traffic"
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/nas_security_group#description](https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/nas_security_group#description){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://pfs.nifcloud.com/help/nas/fw_new.htm](https://pfs.nifcloud.com/help/nas/fw_new.htm){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/nifcloud/nas/index.md b/docs/checks/nifcloud/nas/index.md
new file mode 100644
index 0000000000..472b927ab6
--- /dev/null
+++ b/docs/checks/nifcloud/nas/index.md
@@ -0,0 +1,17 @@
+---
+title: nas
+---
+
+# nas
+
+## Checks
+
+
+- [add-description-to-nas-security-group](add-description-to-nas-security-group) Missing description for nas security group.
+
+- [no-common-private-nas-instance](no-common-private-nas-instance) The nas instance has common private network
+
+- [no-public-ingress-nas-sgr](no-public-ingress-nas-sgr) An ingress nas security group rule allows traffic from /0.
+
+
+
diff --git a/docs/checks/nifcloud/nas/no-common-private-nas-instance/index.md b/docs/checks/nifcloud/nas/no-common-private-nas-instance/index.md
new file mode 100644
index 0000000000..97630500a3
--- /dev/null
+++ b/docs/checks/nifcloud/nas/no-common-private-nas-instance/index.md
@@ -0,0 +1,54 @@
+---
+title: The nas instance has common private network
+---
+
+# The nas instance has common private network
+
+### Default Severity: <span class="severity low">low</span>
+
+### Explanation
+
+When handling sensitive data between servers, please consider using a private LAN to isolate the private side network from the shared network.
+
+### Possible Impact
+The common private network is shared with other users
+
+### Suggested Resolution
+Use private LAN
+
+
+### Insecure Example
+
+The following example will fail the nifcloud-nas-no-common-private-nas-instance check.
+```terraform
+
+ resource "nifcloud_nas_instance" "bad_example" {
+   network_id = "net-COMMON_PRIVATE"
+ }
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the nifcloud-nas-no-common-private-nas-instance check.
+```terraform
+
+ resource "nifcloud_nas_instance" "good_example" {
+   network_id = nifcloud_private_lan.main.id
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/nas_instance#network_id](https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/nas_instance#network_id){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://pfs.nifcloud.com/service/plan.htm](https://pfs.nifcloud.com/service/plan.htm){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/nifcloud/nas/no-public-ingress-nas-sgr/index.md b/docs/checks/nifcloud/nas/no-public-ingress-nas-sgr/index.md
new file mode 100644
index 0000000000..89489d1c0c
--- /dev/null
+++ b/docs/checks/nifcloud/nas/no-public-ingress-nas-sgr/index.md
@@ -0,0 +1,58 @@
+---
+title: An ingress nas security group rule allows traffic from /0.
+---
+
+# An ingress nas security group rule allows traffic from /0.
+
+### Default Severity: <span class="severity critical">critical</span>
+
+### Explanation
+
+Opening up ports to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that explicitly require it where possible.
+
+### Possible Impact
+Your port exposed to the internet
+
+### Suggested Resolution
+Set a more restrictive cidr range
+
+
+### Insecure Example
+
+The following example will fail the nifcloud-nas-no-public-ingress-nas-sgr check.
+```terraform
+
+ resource "nifcloud_nas_security_group" "bad_example" {
+   rule {
+     cidr_ip = "0.0.0.0/0"
+   }
+ }
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the nifcloud-nas-no-public-ingress-nas-sgr check.
+```terraform
+
+ resource "nifcloud_nas_security_group" "good_example" {
+   rule {
+     cidr_ip = "10.0.0.0/16"
+   }
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/nas_security_group#cidr_ip](https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/nas_security_group#cidr_ip){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://pfs.nifcloud.com/api/nas/AuthorizeNASSecurityGroupIngress.htm](https://pfs.nifcloud.com/api/nas/AuthorizeNASSecurityGroupIngress.htm){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/nifcloud/network/add-security-group-to-router/index.md b/docs/checks/nifcloud/network/add-security-group-to-router/index.md
new file mode 100644
index 0000000000..4bf630f62e
--- /dev/null
+++ b/docs/checks/nifcloud/network/add-security-group-to-router/index.md
@@ -0,0 +1,62 @@
+---
+title: Missing security group for router.
+---
+
+# Missing security group for router.
+
+### Default Severity: <span class="severity critical">critical</span>
+
+### Explanation
+
+Need to add a security group to your router.
+
+### Possible Impact
+A security group controls the traffic that is allowed to reach and leave the resources that it is associated with.
+
+### Suggested Resolution
+Add security group for all routers
+
+
+### Insecure Example
+
+The following example will fail the nifcloud-network-add-security-group-to-router check.
+```terraform
+
+ resource "nifcloud_router" "bad_example" {
+   security_group  = ""
+
+   network_interface {
+     network_id = "net-COMMON_GLOBAL"
+   }
+ }
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the nifcloud-network-add-security-group-to-router check.
+```terraform
+
+ resource "nifcloud_router" "good_example" {
+   security_group  = nifcloud_security_group.example.group_name
+
+   network_interface {
+     network_id = "net-COMMON_GLOBAL"
+   }
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/router#security_group](https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/router#security_group){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://pfs.nifcloud.com/help/router/change.htm](https://pfs.nifcloud.com/help/router/change.htm){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/nifcloud/network/add-security-group-to-vpn-gateway/index.md b/docs/checks/nifcloud/network/add-security-group-to-vpn-gateway/index.md
new file mode 100644
index 0000000000..3b4afb7ad0
--- /dev/null
+++ b/docs/checks/nifcloud/network/add-security-group-to-vpn-gateway/index.md
@@ -0,0 +1,62 @@
+---
+title: Missing security group for vpnGateway.
+---
+
+# Missing security group for vpnGateway.
+
+### Default Severity: <span class="severity critical">critical</span>
+
+### Explanation
+
+Need to add a security group to your vpnGateway.
+
+### Possible Impact
+A security group controls the traffic that is allowed to reach and leave the resources that it is associated with.
+
+### Suggested Resolution
+Add security group for all vpnGateways
+
+
+### Insecure Example
+
+The following example will fail the nifcloud-network-add-security-group-to-vpn-gateway check.
+```terraform
+
+ resource "nifcloud_vpn_gateway" "bad_example" {
+   security_group  = ""
+
+   network_interface {
+     network_id = "net-COMMON_GLOBAL"
+   }
+ }
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the nifcloud-network-add-security-group-to-vpn-gateway check.
+```terraform
+
+ resource "nifcloud_vpn_gateway" "good_example" {
+   security_group  = nifcloud_security_group.example.group_name
+
+   network_interface {
+     network_id = "net-COMMON_GLOBAL"
+   }
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/vpn_gateway#security_group](https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/vpn_gateway#security_group){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://pfs.nifcloud.com/help/vpngw/change.htm](https://pfs.nifcloud.com/help/vpngw/change.htm){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/nifcloud/network/http-not-used/index.md b/docs/checks/nifcloud/network/http-not-used/index.md
new file mode 100644
index 0000000000..7e0c120c72
--- /dev/null
+++ b/docs/checks/nifcloud/network/http-not-used/index.md
@@ -0,0 +1,63 @@
+---
+title: Use of plain HTTP.
+---
+
+# Use of plain HTTP.
+
+### Default Severity: <span class="severity critical">critical</span>
+
+### Explanation
+
+Plain HTTP is unencrypted and human-readable. This means that if a malicious actor was to eavesdrop on your connection, they would be able to see all of your data flowing back and forth.
+
+You should use HTTPS, which is HTTP over an encrypted (TLS) connection, meaning eavesdroppers cannot read your traffic.
+
+### Possible Impact
+Your traffic is not protected
+
+### Suggested Resolution
+Switch to HTTPS to benefit from TLS security features
+
+
+### Insecure Example
+
+The following example will fail the nifcloud-network-http-not-used check.
+```terraform
+
+ resource "nifcloud_elb" "bad_example" {
+     protocol = "HTTP"
+
+     network_interface {
+         network_id     = "net-COMMON_GLOBAL"
+         is_vip_network = true
+     }
+ }
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the nifcloud-network-http-not-used check.
+```terraform
+
+ resource "nifcloud_elb" "good_example" {
+     protocol = "HTTPS"
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/elb#protocol](https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/elb#protocol){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/load_balancer#load_balancer_port](https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/load_balancer#load_balancer_port){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://www.cloudflare.com/en-gb/learning/ssl/why-is-http-not-secure/](https://www.cloudflare.com/en-gb/learning/ssl/why-is-http-not-secure/){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/nifcloud/network/index.md b/docs/checks/nifcloud/network/index.md
new file mode 100644
index 0000000000..afb3f548a3
--- /dev/null
+++ b/docs/checks/nifcloud/network/index.md
@@ -0,0 +1,23 @@
+---
+title: network
+---
+
+# network
+
+## Checks
+
+
+- [add-security-group-to-router](add-security-group-to-router) Missing security group for router.
+
+- [add-security-group-to-vpn-gateway](add-security-group-to-vpn-gateway) Missing security group for vpnGateway.
+
+- [http-not-used](http-not-used) Use of plain HTTP.
+
+- [no-common-private-elb](no-common-private-elb) The elb has common private network
+
+- [no-common-private-router](no-common-private-router) The router has common private network
+
+- [use-secure-tls-policy](use-secure-tls-policy) An outdated SSL policy is in use by a load balancer.
+
+
+
diff --git a/docs/checks/nifcloud/network/no-common-private-elb/index.md b/docs/checks/nifcloud/network/no-common-private-elb/index.md
new file mode 100644
index 0000000000..96e4296920
--- /dev/null
+++ b/docs/checks/nifcloud/network/no-common-private-elb/index.md
@@ -0,0 +1,70 @@
+---
+title: The elb has common private network
+---
+
+# The elb has common private network
+
+### Default Severity: <span class="severity low">low</span>
+
+### Explanation
+
+When handling sensitive data between servers, please consider using a private LAN to isolate the private side network from the shared network.
+
+### Possible Impact
+The common private network is shared with other users
+
+### Suggested Resolution
+Use private LAN
+
+
+### Insecure Example
+
+The following example will fail the nifcloud-network-no-common-private-elb check.
+```terraform
+
+ resource "nifcloud_elb" "bad_example" {
+   elb_name          = "foobar"
+   availability_zone = "east-11"
+   instance_port     = 80
+   protocol          = "HTTP"
+   lb_port           = 80
+
+   network_interface {
+     network_id = "net-COMMON_PRIVATE"
+   }
+ }
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the nifcloud-network-no-common-private-elb check.
+```terraform
+
+ resource "nifcloud_elb" "good_example" {
+   elb_name          = "foobar"
+   availability_zone = "east-11"
+   instance_port     = 80
+   protocol          = "HTTP"
+   lb_port           = 80
+
+   network_interface {
+     network_id = nifcloud_private_lan.main.id
+   }
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/elb#network_id](https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/elb#network_id){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://pfs.nifcloud.com/service/plan.htm](https://pfs.nifcloud.com/service/plan.htm){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/nifcloud/network/no-common-private-router/index.md b/docs/checks/nifcloud/network/no-common-private-router/index.md
new file mode 100644
index 0000000000..f230beadeb
--- /dev/null
+++ b/docs/checks/nifcloud/network/no-common-private-router/index.md
@@ -0,0 +1,62 @@
+---
+title: The router has common private network
+---
+
+# The router has common private network
+
+### Default Severity: <span class="severity low">low</span>
+
+### Explanation
+
+When handling sensitive data between servers, please consider using a private LAN to isolate the private side network from the shared network.
+
+### Possible Impact
+The common private network is shared with other users
+
+### Suggested Resolution
+Use private LAN
+
+
+### Insecure Example
+
+The following example will fail the nifcloud-network-no-common-private-router check.
+```terraform
+
+ resource "nifcloud_router" "bad_example" {
+   security_group  = nifcloud_security_group.example.group_name
+
+   network_interface {
+     network_id = "net-COMMON_PRIVATE"
+   }
+ }
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the nifcloud-network-no-common-private-router check.
+```terraform
+
+ resource "nifcloud_router" "good_example" {
+   security_group  = nifcloud_security_group.example.group_name
+
+   network_interface {
+     network_id = nifcloud_private_lan.main.id
+   }
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/router#network_id](https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/router#network_id){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://pfs.nifcloud.com/service/plan.htm](https://pfs.nifcloud.com/service/plan.htm){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/nifcloud/network/use-secure-tls-policy/index.md b/docs/checks/nifcloud/network/use-secure-tls-policy/index.md
new file mode 100644
index 0000000000..fd592b4e61
--- /dev/null
+++ b/docs/checks/nifcloud/network/use-secure-tls-policy/index.md
@@ -0,0 +1,60 @@
+---
+title: An outdated SSL policy is in use by a load balancer.
+---
+
+# An outdated SSL policy is in use by a load balancer.
+
+### Default Severity: <span class="severity critical">critical</span>
+
+### Explanation
+
+You should not use outdated/insecure TLS versions for encryption. You should be using TLS v1.2+.
+
+### Possible Impact
+The SSL policy is outdated and has known vulnerabilities
+
+### Suggested Resolution
+Use a more recent TLS/SSL policy for the load balancer
+
+
+### Insecure Example
+
+The following example will fail the nifcloud-network-use-secure-tls-policy check.
+```terraform
+
+ resource "nifcloud_load_balancer" "bad_example" {
+    load_balancer_port  = 443
+    policy_type         = "standard"
+    ssl_policy_name     = ""
+ }
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the nifcloud-network-use-secure-tls-policy check.
+```terraform
+
+ resource "nifcloud_load_balancer" "good_example" {
+    load_balancer_port  = 443
+    policy_type         = "standard"
+    ssl_policy_name     = "Standard Ciphers D ver1"
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/load_balancer#ssl_policy_name](https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/load_balancer#ssl_policy_name){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/load_balancer_listener#ssl_policy_name](https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/load_balancer_listener#ssl_policy_name){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://pfs.nifcloud.com/service/lb_l4.htm](https://pfs.nifcloud.com/service/lb_l4.htm){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/nifcloud/rdb/add-description-to-db-security-group/index.md b/docs/checks/nifcloud/rdb/add-description-to-db-security-group/index.md
new file mode 100644
index 0000000000..bfcd52027d
--- /dev/null
+++ b/docs/checks/nifcloud/rdb/add-description-to-db-security-group/index.md
@@ -0,0 +1,58 @@
+---
+title: Missing description for db security group.
+---
+
+# Missing description for db security group.
+
+### Default Severity: <span class="severity low">low</span>
+
+### Explanation
+
+DB security groups should include a description for auditing purposes.
+
+Simplifies auditing, debugging, and managing db security groups.
+
+### Possible Impact
+Descriptions provide context for the firewall rule reasons
+
+### Suggested Resolution
+Add descriptions for all db security groups
+
+
+### Insecure Example
+
+The following example will fail the nifcloud-rdb-add-description-to-db-security-group check.
+```terraform
+
+ resource "nifcloud_db_security_group" "bad_example" {
+   name        = "app"
+   description = ""
+ }
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the nifcloud-rdb-add-description-to-db-security-group check.
+```terraform
+
+ resource "nifcloud_db_security_group" "good_example" {
+   group_name  = "app"
+   description = "Allow from app traffic"
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_security_group#description](https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_security_group#description){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://pfs.nifcloud.com/help/rdb/fw_new.htm](https://pfs.nifcloud.com/help/rdb/fw_new.htm){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/nifcloud/rdb/index.md b/docs/checks/nifcloud/rdb/index.md
new file mode 100644
index 0000000000..92289f8da1
--- /dev/null
+++ b/docs/checks/nifcloud/rdb/index.md
@@ -0,0 +1,21 @@
+---
+title: rdb
+---
+
+# rdb
+
+## Checks
+
+
+- [add-description-to-db-security-group](add-description-to-db-security-group) Missing description for db security group.
+
+- [no-common-private-db-instance](no-common-private-db-instance) The db instance has common private network
+
+- [no-public-db-access](no-public-db-access) A database resource is marked as publicly accessible.
+
+- [no-public-ingress-db-sgr](no-public-ingress-db-sgr) An ingress db security group rule allows traffic from /0.
+
+- [specify-backup-retention](specify-backup-retention) RDB instance should have backup retention longer than 1 day
+
+
+
diff --git a/docs/checks/nifcloud/rdb/no-common-private-db-instance/index.md b/docs/checks/nifcloud/rdb/no-common-private-db-instance/index.md
new file mode 100644
index 0000000000..b26685e00c
--- /dev/null
+++ b/docs/checks/nifcloud/rdb/no-common-private-db-instance/index.md
@@ -0,0 +1,54 @@
+---
+title: The db instance has common private network
+---
+
+# The db instance has common private network
+
+### Default Severity: <span class="severity low">low</span>
+
+### Explanation
+
+When handling sensitive data between servers, please consider using a private LAN to isolate the private side network from the shared network.
+
+### Possible Impact
+The common private network is shared with other users
+
+### Suggested Resolution
+Use private LAN
+
+
+### Insecure Example
+
+The following example will fail the nifcloud-rdb-no-common-private-db-instance check.
+```terraform
+
+ resource "nifcloud_db_instance" "bad_example" {
+   network_id = "net-COMMON_PRIVATE"
+ }
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the nifcloud-rdb-no-common-private-db-instance check.
+```terraform
+
+ resource "nifcloud_db_instance" "good_example" {
+   network_id = nifcloud_private_lan.main.id
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_instance#network_id](https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_instance#network_id){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://pfs.nifcloud.com/service/plan.htm](https://pfs.nifcloud.com/service/plan.htm){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/nifcloud/rdb/no-public-db-access/index.md b/docs/checks/nifcloud/rdb/no-public-db-access/index.md
new file mode 100644
index 0000000000..a719943330
--- /dev/null
+++ b/docs/checks/nifcloud/rdb/no-public-db-access/index.md
@@ -0,0 +1,54 @@
+---
+title: A database resource is marked as publicly accessible.
+---
+
+# A database resource is marked as publicly accessible.
+
+### Default Severity: <span class="severity critical">critical</span>
+
+### Explanation
+
+Database resources should not publicly available. You should limit all access to the minimum that is required for your application to function.
+
+### Possible Impact
+The database instance is publicly accessible
+
+### Suggested Resolution
+Set the database to not be publicly accessible
+
+
+### Insecure Example
+
+The following example will fail the nifcloud-rdb-no-public-db-access check.
+```terraform
+
+ resource "nifcloud_db_instance" "bad_example" {
+ 	publicly_accessible = true
+ }
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the nifcloud-rdb-no-public-db-access check.
+```terraform
+
+ resource "nifcloud_db_instance" "good_example" {
+ 	publicly_accessible = false
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_instance#publicly_accessible](https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_instance#publicly_accessible){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://pfs.nifcloud.com/guide/rdb/server_new.htm](https://pfs.nifcloud.com/guide/rdb/server_new.htm){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/nifcloud/rdb/no-public-ingress-db-sgr/index.md b/docs/checks/nifcloud/rdb/no-public-ingress-db-sgr/index.md
new file mode 100644
index 0000000000..ecd230191a
--- /dev/null
+++ b/docs/checks/nifcloud/rdb/no-public-ingress-db-sgr/index.md
@@ -0,0 +1,58 @@
+---
+title: An ingress db security group rule allows traffic from /0.
+---
+
+# An ingress db security group rule allows traffic from /0.
+
+### Default Severity: <span class="severity critical">critical</span>
+
+### Explanation
+
+Opening up ports to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that explicitly require it where possible.
+
+### Possible Impact
+Your port exposed to the internet
+
+### Suggested Resolution
+Set a more restrictive cidr range
+
+
+### Insecure Example
+
+The following example will fail the nifcloud-rdb-no-public-ingress-db-sgr check.
+```terraform
+
+ resource "nifcloud_db_security_group" "bad_example" {
+   rule {
+     cidr_ip = "0.0.0.0/0"
+   }
+ }
+ 
+```
+
+
+
+### Secure Example
+
+The following example will pass the nifcloud-rdb-no-public-ingress-db-sgr check.
+```terraform
+
+ resource "nifcloud_db_security_group" "good_example" {
+   rule {
+     cidr_ip = "10.0.0.0/16"
+   }
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_security_group#cidr_ip](https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_security_group#cidr_ip){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://pfs.nifcloud.com/api/rdb/AuthorizeDBSecurityGroupIngress.htm](https://pfs.nifcloud.com/api/rdb/AuthorizeDBSecurityGroupIngress.htm){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/docs/checks/nifcloud/rdb/specify-backup-retention/index.md b/docs/checks/nifcloud/rdb/specify-backup-retention/index.md
new file mode 100644
index 0000000000..895f627dbd
--- /dev/null
+++ b/docs/checks/nifcloud/rdb/specify-backup-retention/index.md
@@ -0,0 +1,71 @@
+---
+title: RDB instance should have backup retention longer than 1 day
+---
+
+# RDB instance should have backup retention longer than 1 day
+
+### Default Severity: <span class="severity medium">medium</span>
+
+### Explanation
+
+Backup retention periods should be set to a period that is a balance on cost and limiting risk.
+
+### Possible Impact
+Potential loss of data and short opportunity for recovery
+
+### Suggested Resolution
+Explicitly set the retention period to greater than the default
+
+
+### Insecure Example
+
+The following example will fail the nifcloud-rdb-specify-backup-retention check.
+```terraform
+
+ resource "nifcloud_db_instance" "bad_example" {
+ 	allocated_storage    = 100
+ 	engine               = "mysql"
+ 	engine_version       = "5.7"
+ 	instance_class       = "db.large8"
+ 	name                 = "mydb"
+ 	username             = "foo"
+ 	password             = "foobarbaz"
+ 	parameter_group_name = "default.mysql5.7"
+ 	skip_final_snapshot  = true
+ }
+
+```
+
+
+
+### Secure Example
+
+The following example will pass the nifcloud-rdb-specify-backup-retention check.
+```terraform
+ 
+   resource "nifcloud_db_instance" "good_example" {
+ 	allocated_storage       = 100
+ 	engine                  = "mysql"
+ 	engine_version          = "5.7"
+ 	instance_class          = "db.large8"
+ 	name                    = "mydb"
+ 	username                = "foo"
+ 	password                = "foobarbaz"
+ 	parameter_group_name    = "default.mysql5.7"
+ 	backup_retention_period = 5
+ 	skip_final_snapshot     = true
+ }
+ 
+```
+
+
+
+### Links
+
+
+- [https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_instance#backup_retention_period](https://registry.terraform.io/providers/nifcloud/nifcloud/latest/docs/resources/db_instance#backup_retention_period){:target="_blank" rel="nofollow noreferrer noopener"}
+
+- [https://pfs.nifcloud.com/spec/rdb/snapshot_backup.htm](https://pfs.nifcloud.com/spec/rdb/snapshot_backup.htm){:target="_blank" rel="nofollow noreferrer noopener"}
+
+
+
diff --git a/go.mod b/go.mod
index 5d5bd5706d..889b97337b 100644
--- a/go.mod
+++ b/go.mod
@@ -5,14 +5,14 @@ go 1.19
 require (
 	github.com/AlecAivazis/survey/v2 v2.3.6
 	github.com/Masterminds/semver v1.5.0
-	github.com/aquasecurity/defsec v0.84.1
+	github.com/aquasecurity/defsec v0.90.0
 	github.com/google/uuid v1.3.0
 	github.com/hashicorp/go-version v1.6.0
 	github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf
 	github.com/liamg/clinch v1.6.1
 	github.com/liamg/gifwrap v0.0.7
 	github.com/liamg/tml v0.6.0
-	github.com/spf13/cobra v1.6.1
+	github.com/spf13/cobra v1.7.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.15.0
 	github.com/stretchr/testify v1.8.2
@@ -21,11 +21,11 @@ require (
 )
 
 require (
-	cloud.google.com/go v0.105.0 // indirect
-	cloud.google.com/go/compute v1.14.0 // indirect
+	cloud.google.com/go v0.110.0 // indirect
+	cloud.google.com/go/compute v1.18.0 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/iam v0.8.0 // indirect
-	cloud.google.com/go/storage v1.27.0 // indirect
+	cloud.google.com/go/iam v0.12.0 // indirect
+	cloud.google.com/go/storage v1.28.1 // indirect
 	github.com/Microsoft/go-winio v0.6.0 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20221026131551-cf6655e29de4 // indirect
@@ -35,9 +35,10 @@ require (
 	github.com/alecthomas/chroma v0.10.0 // indirect
 	github.com/apparentlymart/go-cidr v1.1.0 // indirect
 	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
-	github.com/aws/aws-sdk-go v1.44.212 // indirect
+	github.com/aws/aws-sdk-go v1.44.245 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
 	github.com/bmatcuk/doublestar v1.3.4 // indirect
+	github.com/bmatcuk/doublestar/v4 v4.6.0 // indirect
 	github.com/cloudflare/circl v1.1.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dlclark/regexp2 v1.4.0 // indirect
@@ -51,29 +52,29 @@ require (
 	github.com/go-git/go-git/v5 v5.5.2 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.1 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
 	github.com/googleapis/gax-go/v2 v2.7.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-getter v1.7.0 // indirect
+	github.com/hashicorp/go-getter v1.7.1 // indirect
 	github.com/hashicorp/go-safetemp v1.0.0 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/hashicorp/hcl/v2 v2.14.1 // indirect
 	github.com/imdario/mergo v0.3.13 // indirect
-	github.com/inconshreveable/mousetrap v1.0.1 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/klauspost/compress v1.15.12 // indirect
+	github.com/klauspost/compress v1.16.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/liamg/iamgo v0.0.9 // indirect
 	github.com/liamg/jfather v0.0.7 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
-	github.com/mattn/go-colorable v0.1.12 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.17 // indirect
 	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
@@ -104,19 +105,19 @@ require (
 	github.com/zclconf/go-cty-yaml v1.0.2 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	golang.org/x/crypto v0.5.0 // indirect
-	golang.org/x/mod v0.9.0 // indirect
-	golang.org/x/net v0.8.0 // indirect
-	golang.org/x/oauth2 v0.1.0 // indirect
-	golang.org/x/sys v0.6.0 // indirect
-	golang.org/x/term v0.6.0 // indirect
-	golang.org/x/text v0.8.0 // indirect
-	golang.org/x/tools v0.6.0 // indirect
+	golang.org/x/mod v0.10.0 // indirect
+	golang.org/x/net v0.9.0 // indirect
+	golang.org/x/oauth2 v0.5.0 // indirect
+	golang.org/x/sys v0.7.0 // indirect
+	golang.org/x/term v0.7.0 // indirect
+	golang.org/x/text v0.9.0 // indirect
+	golang.org/x/tools v0.8.0 // indirect
 	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
-	google.golang.org/api v0.107.0 // indirect
+	google.golang.org/api v0.110.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef // indirect
-	google.golang.org/grpc v1.52.0 // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
+	google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 // indirect
+	google.golang.org/grpc v1.54.0 // indirect
+	google.golang.org/protobuf v1.30.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/go.sum b/go.sum
index acc426df3c..f23c63688f 100644
--- a/go.sum
+++ b/go.sum
@@ -34,6 +34,8 @@ cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34h
 cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRYtA=
 cloud.google.com/go v0.105.0 h1:DNtEKRBAAzeS4KyIory52wWHuClNaXJ5x1F7xa4q+5Y=
 cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM=
+cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys=
+cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY=
 cloud.google.com/go/aiplatform v1.22.0/go.mod h1:ig5Nct50bZlzV6NvKaTwmplLLddFx0YReh9WfTO5jKw=
 cloud.google.com/go/aiplatform v1.24.0/go.mod h1:67UUvRBKG6GTayHKV8DBv2RtR1t93YRu5B1P3x99mYY=
 cloud.google.com/go/analytics v0.11.0/go.mod h1:DjEWCu41bVbYcKyvlws9Er60YE4a//bK6mnhWvQeFNI=
@@ -72,6 +74,8 @@ cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQH
 cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOtRsugnLrlU=
 cloud.google.com/go/compute v1.14.0 h1:hfm2+FfxVmnRlh6LpB7cg1ZNU+5edAHmW679JePztk0=
 cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvjxega5vAdo=
+cloud.google.com/go/compute v1.18.0 h1:FEigFqoDbys2cvFkZ9Fjq4gnHBP55anJ0yQyau2f9oY=
+cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs=
 cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY=
 cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA=
 cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I=
@@ -113,6 +117,8 @@ cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp
 cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3QpkUc=
 cloud.google.com/go/iam v0.8.0 h1:E2osAkZzxI/+8pZcxVLcDtAQx/u+hZXVryUaYQ5O0Kk=
 cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGESjkE=
+cloud.google.com/go/iam v0.12.0 h1:DRtTY29b75ciH6Ov1PHb4/iat2CLCvrOm40Q0a6DFpE=
+cloud.google.com/go/iam v0.12.0/go.mod h1:knyHGviacl11zrtZUoDuYpDgLjvr28sLQaG0YB2GYAY=
 cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic=
 cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI=
 cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaMLqh5vLUXs9zvT8=
@@ -176,6 +182,8 @@ cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq
 cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeLgDvXzfIXc=
 cloud.google.com/go/storage v1.27.0 h1:YOO045NZI9RKfCj1c5A/ZtuuENUc8OAW+gHdGnDgyMQ=
 cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s=
+cloud.google.com/go/storage v1.28.1 h1:F5QDG5ChchaAVQhINh24U99OWHURqrW8OmQcGKXcbgI=
+cloud.google.com/go/storage v1.28.1/go.mod h1:Qnisd4CqDdo6BGs2AD5LLnEsmSQ80wQ5ogcBBKhU86Y=
 cloud.google.com/go/talent v1.1.0/go.mod h1:Vl4pt9jiHKvOgF9KoZo6Kob9oV4lwd/ZD5Cto54zDRw=
 cloud.google.com/go/talent v1.2.0/go.mod h1:MoNF9bhFQbiJ6eFD3uSsg0uBALw4n4gaCaEjBw9zo8g=
 cloud.google.com/go/videointelligence v1.6.0/go.mod h1:w0DIDlVRKtwPCn/C4iwZIJdvC69yInhW0cfi+p546uU=
@@ -222,6 +230,8 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6
 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
 github.com/aquasecurity/defsec v0.84.1 h1:YwhQprDEy4ZN/c7aDV57O5UkxOusHwtfeENI7wm4/L8=
 github.com/aquasecurity/defsec v0.84.1/go.mod h1:AywB8D+RX4X8p2luSlz4ha3w9+q2kuTHtTvJLNxaYjI=
+github.com/aquasecurity/defsec v0.90.0 h1:EU5QxObLeHv6rHJxTRQxzRkUXfsL3Enc/3v+WHk9xsY=
+github.com/aquasecurity/defsec v0.90.0/go.mod h1:ehFnrY3h2yJkd6EeHjPs2Y95431bHaFrMMurANDJumY=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
@@ -229,11 +239,15 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY
 github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/aws/aws-sdk-go v1.44.212 h1:IRstlErdeKeQ8qBsCwWt4MG2RihUOcUJVqYwbvqpE28=
 github.com/aws/aws-sdk-go v1.44.212/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.245 h1:KtY2s4q31/kn33AdV63R5t77mdxsI7rq3YT7Mgo805M=
+github.com/aws/aws-sdk-go v1.44.245/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas=
 github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4=
 github.com/bmatcuk/doublestar v1.3.4 h1:gPypJ5xD31uhX6Tf54sDPUOBXTqKH4c9aPY66CyQrS0=
 github.com/bmatcuk/doublestar v1.3.4/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9MEoZQC/PmE=
+github.com/bmatcuk/doublestar/v4 v4.6.0 h1:HTuxyug8GyFbRkrffIpzNCSK4luc0TY3wzXvzIZhEXc=
+github.com/bmatcuk/doublestar/v4 v4.6.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
 github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/bytecodealliance/wasmtime-go v1.0.0 h1:9u9gqaUiaJeN5IoD1L7egD8atOnTGyJcNp8BhkL9cUU=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@@ -348,6 +362,8 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS
 github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM=
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@@ -399,6 +415,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY
 github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg=
 github.com/googleapis/enterprise-certificate-proxy v0.2.1 h1:RY7tHKZcRlk788d5WSo/e83gOyyy742E8GSs771ySpg=
 github.com/googleapis/enterprise-certificate-proxy v0.2.1/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
+github.com/googleapis/enterprise-certificate-proxy v0.2.3 h1:yk9/cqRKtT9wXZSsRH9aurXEpJX+U6FLtpYTdC3R06k=
+github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0=
@@ -417,6 +435,8 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
 github.com/hashicorp/go-getter v1.7.0 h1:bzrYP+qu/gMrL1au7/aDvkoOVGUJpeKBgbqRHACAFDY=
 github.com/hashicorp/go-getter v1.7.0/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744=
+github.com/hashicorp/go-getter v1.7.1 h1:SWiSWN/42qdpR0MdhaOc/bLR48PLuP1ZQtYLRlM69uY=
+github.com/hashicorp/go-getter v1.7.1/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744=
 github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo=
 github.com/hashicorp/go-safetemp v1.0.0/go.mod h1:oaerMy3BhqiTbVye6QuFhFtIceqFoDHxNAB65b+Rj1I=
 github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8=
@@ -439,6 +459,8 @@ github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf h1:WfD7V
 github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf/go.mod h1:hyb9oH7vZsitZCiBt0ZvifOrB+qc8PS5IiilCIb87rg=
 github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
 github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
@@ -456,6 +478,8 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
 github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
 github.com/klauspost/compress v1.15.12 h1:YClS/PImqYbn+UILDnqxQCZ3RehC9N318SU3kElDUEM=
 github.com/klauspost/compress v1.15.12/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
+github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4=
+github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
@@ -490,9 +514,12 @@ github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaO
 github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
 github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng=
 github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
@@ -558,6 +585,8 @@ github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
 github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
 github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
 github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
+github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
+github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
 github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
 github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
@@ -669,6 +698,8 @@ golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.9.0 h1:KENHtAZL2y3NLMYZeHY9DW8HW8V+kQyJsY/V9JlKvCs=
 golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
+golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -723,6 +754,8 @@ golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM=
+golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -749,6 +782,8 @@ golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri
 golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/oauth2 v0.1.0 h1:isLCZuhj4v+tYv7eskaN4v/TM+A1begWWgyVJDdl1+Y=
 golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A=
+golang.org/x/oauth2 v0.5.0 h1:HuArIo48skDwlrvM3sEdHXElYslAMsf3KwRkkW4MC4s=
+golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -845,6 +880,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU=
+golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20201210144234-2321bbc49cbf/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210503060354-a79de5458b56/go.mod h1:tfny5GFUkzUvx4ps4ajbZsCe5lw1metzhBm9T3x7oIY=
@@ -854,6 +891,8 @@ golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ=
+golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -866,6 +905,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
 golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -924,6 +965,8 @@ golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y=
+golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -983,6 +1026,8 @@ google.golang.org/api v0.98.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ
 google.golang.org/api v0.100.0/go.mod h1:ZE3Z2+ZOr87Rx7dqFsdRQkRBk36kDtp/h+QpHbB7a70=
 google.golang.org/api v0.107.0 h1:I2SlFjD8ZWabaIFOfeEDg3pf0BHJDh6iYQ1ic3Yu/UU=
 google.golang.org/api v0.107.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY=
+google.golang.org/api v0.110.0 h1:l+rh0KYUooe9JGbGVx71tbFo4SMbMTXK3I3ia2QSEeU=
+google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1096,6 +1141,8 @@ google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz
 google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s=
 google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef h1:uQ2vjV/sHTsWSqdKeLqmwitzgvjMl7o4IdtHwUDXSJY=
 google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM=
+google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 h1:DdoeryqhaXp1LtT/emMP1BRJPHHKFi5akj/nbx/zNTA=
+google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1133,6 +1180,8 @@ google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCD
 google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
 google.golang.org/grpc v1.52.0 h1:kd48UiU7EHsV4rnLyOJRuP/Il/UHE7gdDAQ+SZI7nZk=
 google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY=
+google.golang.org/grpc v1.54.0 h1:EhTqbhiYeixwWQtAEZAxmV9MGqcjEU2mFx52xCzNyag=
+google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@@ -1150,6 +1199,8 @@ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng=
+google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/mkdocs.yml b/mkdocs.yml
index 4e3b79166f..8b952d64a0 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -44,6 +44,7 @@ nav:
   - aws:
     - api-gateway:
       - enable-access-logging: checks/aws/api-gateway/enable-access-logging/index.md
+      - enable-cache: checks/aws/api-gateway/enable-cache/index.md
       - enable-cache-encryption: checks/aws/api-gateway/enable-cache-encryption/index.md
       - enable-tracing: checks/aws/api-gateway/enable-tracing/index.md
       - no-public-access: checks/aws/api-gateway/no-public-access/index.md
@@ -104,6 +105,7 @@ nav:
       - no-secrets-in-launch-template-user-data: checks/aws/ec2/no-secrets-in-launch-template-user-data/index.md
       - no-secrets-in-user-data: checks/aws/ec2/no-secrets-in-user-data/index.md
       - no-sensitive-info: checks/aws/ec2/no-sensitive-info/index.md
+      - require-vpc-flow-logs-for-all-vpcs: checks/aws/ec2/require-vpc-flow-logs-for-all-vpcs/index.md
       - volume-encryption-customer-key: checks/aws/ec2/volume-encryption-customer-key/index.md
     - ecr:
       - enable-image-scans: checks/aws/ecr/enable-image-scans/index.md
@@ -167,6 +169,7 @@ nav:
       - enable-general-logging: checks/aws/mq/enable-general-logging/index.md
       - no-public-access: checks/aws/mq/no-public-access/index.md
     - msk:
+      - enable-at-rest-encryption: checks/aws/msk/enable-at-rest-encryption/index.md
       - enable-in-transit-encryption: checks/aws/msk/enable-in-transit-encryption/index.md
       - enable-logging: checks/aws/msk/enable-logging/index.md
     - neptune:
@@ -318,6 +321,7 @@ nav:
       - disk-encryption-customer-key: checks/google/compute/disk-encryption-customer-key/index.md
       - disk-encryption-no-plaintext-key: checks/google/compute/disk-encryption-no-plaintext-key/index.md
       - enable-shielded-vm-im: checks/google/compute/enable-shielded-vm-im/index.md
+      - enable-shielded-vm-sb: checks/google/compute/enable-shielded-vm-sb/index.md
       - enable-shielded-vm-vtpm: checks/google/compute/enable-shielded-vm-vtpm/index.md
       - enable-vpc-flow-logs: checks/google/compute/enable-vpc-flow-logs/index.md
       - no-default-service-account: checks/google/compute/no-default-service-account/index.md
@@ -354,6 +358,7 @@ nav:
       - use-rbac-permissions: checks/google/gke/use-rbac-permissions/index.md
       - use-service-account: checks/google/gke/use-service-account/index.md
     - iam:
+      - no-conditions-workload-identity-pool-provider: checks/google/iam/no-conditions-workload-identity-pool-provider/index.md
       - no-default-network: checks/google/iam/no-default-network/index.md
       - no-folder-level-default-service-account-assignment: checks/google/iam/no-folder-level-default-service-account-assignment/index.md
       - no-folder-level-service-account-impersonation: checks/google/iam/no-folder-level-service-account-impersonation/index.md
@@ -381,6 +386,7 @@ nav:
       - pg-log-lock-waits: checks/google/sql/pg-log-lock-waits/index.md
       - pg-no-min-statement-logging: checks/google/sql/pg-no-min-statement-logging/index.md
     - storage:
+      - bucket-encryption-customer-key: checks/google/storage/bucket-encryption-customer-key/index.md
       - enable-ubla: checks/google/storage/enable-ubla/index.md
       - no-public-access: checks/google/storage/no-public-access/index.md
   - kubernetes:
@@ -388,6 +394,31 @@ nav:
     - network:
       - no-public-egress: checks/kubernetes/network/no-public-egress/index.md
       - no-public-ingress: checks/kubernetes/network/no-public-ingress/index.md
+  - nifcloud:
+    - computing:
+      - add-description-to-security-group: checks/nifcloud/computing/add-description-to-security-group/index.md
+      - add-description-to-security-group-rule: checks/nifcloud/computing/add-description-to-security-group-rule/index.md
+      - add-security-group-to-instance: checks/nifcloud/computing/add-security-group-to-instance/index.md
+      - no-common-private-instance: checks/nifcloud/computing/no-common-private-instance/index.md
+      - no-public-ingress-sgr: checks/nifcloud/computing/no-public-ingress-sgr/index.md
+    - nifcloud: checks/nifcloud/home.md
+    - nas:
+      - add-description-to-nas-security-group: checks/nifcloud/nas/add-description-to-nas-security-group/index.md
+      - no-common-private-nas-instance: checks/nifcloud/nas/no-common-private-nas-instance/index.md
+      - no-public-ingress-nas-sgr: checks/nifcloud/nas/no-public-ingress-nas-sgr/index.md
+    - network:
+      - add-security-group-to-router: checks/nifcloud/network/add-security-group-to-router/index.md
+      - add-security-group-to-vpn-gateway: checks/nifcloud/network/add-security-group-to-vpn-gateway/index.md
+      - http-not-used: checks/nifcloud/network/http-not-used/index.md
+      - no-common-private-elb: checks/nifcloud/network/no-common-private-elb/index.md
+      - no-common-private-router: checks/nifcloud/network/no-common-private-router/index.md
+      - use-secure-tls-policy: checks/nifcloud/network/use-secure-tls-policy/index.md
+    - rdb:
+      - add-description-to-db-security-group: checks/nifcloud/rdb/add-description-to-db-security-group/index.md
+      - no-common-private-db-instance: checks/nifcloud/rdb/no-common-private-db-instance/index.md
+      - no-public-db-access: checks/nifcloud/rdb/no-public-db-access/index.md
+      - no-public-ingress-db-sgr: checks/nifcloud/rdb/no-public-ingress-db-sgr/index.md
+      - specify-backup-retention: checks/nifcloud/rdb/specify-backup-retention/index.md
   - openstack:
     - compute:
       - no-plaintext-password: checks/openstack/compute/no-plaintext-password/index.md