Disables serverless check

Author: arunpamulapati

configs/security_best_practices.csv

@@ -24,7 +24,7 @@ id,check_id,category,check,evaluation_value,severity,recommendation,aws,azure,gc
 23,INFO-2,Informational,Max concurrent runs,5,Low,Limit the number of parallel runs for a given job to avoid resource contention,1,1,1,1,0,Check if max_concurrent_runs configuration for each job is less than configured value,curl --netrc -X GET \ https://<workspace_url>/api/2.0/jobs/list \ | jq,https://docs.databricks.com/data-engineering/jobs/jobs.html#max-concurrent-runs,https://learn.microsoft.com/en-us/azure/databricks/data-engineering/jobs/jobs#max-concurrent-runs,https://docs.gcp.databricks.com/data-engineering/jobs/jobs.html#max-concurrent-runs
 24,INFO-3,Informational,Global libraries,-1,Low,"Global libraries are discouraged for security reasons. Use cluster libraries or notebook-scoped libraries to improve startup time for clusters that don't require that library, and to improve flexibility where that library is not required.",1,1,1,1,0,Check if is_library_for_all_clusters is set as true for any library that is configured for clusters,curl --netrc -X GET \ https://<workspace_url>/api/2.0/libraries/all-cluster-statuses | jq .,https://docs.databricks.com/libraries/cluster-libraries.html,https://learn.microsoft.com/en-us/azure/databricks/libraries/cluster-libraries,https://docs.gcp.databricks.com/libraries/cluster-libraries.html
 25,INFO-4,Informational,User Privileges,5,Low,Limit number of users with cluster create privileges,1,1,1,1,0,"Check entitlements.value for each user and look if they have 'allow-cluster-create', 'allow-instance-pool-create' as permission, and count the number of users with such permissions to report if that crossed the configured threshold.",curl --netrc -X GET \ https://<workspace_url>/api/2.0/preview/scim/v2/Users,https://docs.databricks.com/security/access-control/cluster-acl.html,https://learn.microsoft.com/en-us/azure/databricks/security/access-control/cluster-acl,https://docs.gcp.databricks.com/security/access-control/cluster-acl.html
-26,INFO-5,Informational,Global Init Script,-1,Medium,"Global init scripts are discouraged for security, improved startup and flexibility reasons",1,1,1,1,0,Check if there are any global-init-scripts configured,curl --netrc -X GET \ https://<workspace_url>/api/2.0/global-init-scripts,https://docs.databricks.com/clusters/init-scripts.html#global-init-scripts,https://learn.microsoft.com/en-us/azure/databricks/clusters/init-scripts#global-init-scripts,https://docs.gcp.databricks.com/clusters/init-scripts.html#global-init-scripts
+26,INFO-5,Informational,Global Init Script,-1,Medium,"Global init scripts are discouraged for security, improved startup and flexibility reasons",1,1,1,1,0,Check if there are any global-init-scripts configured,curl --netrc -X GET \ https://<workspace_url>/api/2.0/global-init-scripts,https://docs.databricks.com/clusters/init-scripts.html#init-script-types,https://learn.microsoft.com/en-us/azure/databricks/clusters/init-scripts#init-script-types,https://docs.gcp.databricks.com/clusters/init-scripts.html#global-init-scripts
 27,INFO-6,Informational,Admin Count,2,Low,Limit the number of admin accounts so that most users are not admins,1,1,1,1,0,"Check members count of diplayName ""admins"" in groups to report if the count is more than the configured threshold",curl --netrc -X GET \ https://<workspace_url>/api/2.0/preview/scim/v2/Groups,https://docs.databricks.com/administration-guide/users-groups/users.html,https://learn.microsoft.com/en-us/azure/databricks/administration-guide/users-groups/users,https://docs.gcp.databricks.com/administration-guide/users-groups/users.html
 28,INFO-7,Informational,VPC (or VNET) Peering,-1,Medium,VPC (or VNET) endpoints or Private Link are recommended,1,1,1,1,0,Manual check (Update cofiguration status using <SATProject>/notebooks/Setup/8. update_workspace_configuration notebook),Manual check,https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html,https://learn.microsoft.com/en-us/azure/databricks/administration-guide/cloud-configurations/azure/vnet-inject,https://cloud.google.com/vpc/docs/private-access-options
 29,INFO-8,Informational,Job View Acls,-1,High,Use Job Visibility Control to prevent users from viewing jobs where they do not have permissions,1,1,1,1,0,Check workspace-conf for enableJobViewAcls setting,curl -n -X GET 'https://<workspace_url>/api/2.0/preview/workspace-conf?keys=enableJobViewAcls',https://docs.databricks.com/administration-guide/access-control/jobs-acl.html,https://learn.microsoft.com/en-us/azure/databricks/administration-guide/access-control/jobs-acl,https://docs.gcp.databricks.com/administration-guide/access-control/jobs-acl.html
@@ -57,7 +57,7 @@ id,check_id,category,check,evaluation_value,severity,recommendation,aws,azure,gc
 56,GOV-19,Governance,Delta sharing Token Expiration,-1,Medium,Establish a process for rotating credentials Delta sharing Token,1,1,1,1,0,"Check if expiration_time on share recipients for tokens for share with authentication_type ""TOKEN""",curl --netrc -X GET \ https://<workspace_url>/api/2.1/unity-catalog/recipients,https://docs.databricks.com/data-sharing/create-recipient.html#security-considerations-for-tokens,https://learn.microsoft.com/en-us/azure/databricks/data-sharing/create-recipient#--security-considerations-for-tokens,https://docs.gcp.databricks.com/data-sharing/access-list.html#security-considerations-for-tokens
 57,GOV-20,Governance,Use of Metastore,-1,Low,Create a Unity Catalog metastore,1,1,1,1,0,Check if securable_type = 'METASTORE' exists in metasores,curl --netrc -X GET \ https://<workspace_url>/api/2.1/unity-catalog/metastores,https://docs.databricks.com/data-governance/unity-catalog/create-metastore.html,https://learn.microsoft.com/en-us/azure/databricks/data-governance/unity-catalog/create-metastore,https://docs.gcp.databricks.com/data-governance/unity-catalog/create-metastore.html
 58,GOV-21,Governance,Metastore Admin,-1,High,Delegate metastore admin to a group who is not the account admin,1,1,1,1,0,Check if securable_type = 'METASTORE' and owner != created_by for a metastore,curl --netrc -X GET \ https://<workspace_url>/api/2.1/unity-catalog/metastores,https://docs.databricks.com/data-governance/unity-catalog/manage-privileges/index.html#assign-a-metastore-admin,https://learn.microsoft.com/en-us/azure/databricks/data-governance/unity-catalog/manage-privileges/#--assign-a-metastore-admin,https://docs.gcp.databricks.com/data-governance/unity-catalog/manage-privileges/index.html#assign-a-metastore-admin
-59,GOV-22,Governance,Metastore Storage Credentials,-1,Medium,Use external locations rather than using storage credentials directly,1,1,1,1,0,Check if securable_type = 'STORAGE_CREDENTIAL' for storage-credentials ,curl --netrc -X GET \ https://<workspace_url>/api/2.1/unity-catalog/storage-credentials,https://docs.databricks.com/data-governance/unity-catalog/manage-external-locations-and-credentials.html,https://learn.microsoft.com/en-us/azure/databricks/data-governance/unity-catalog/manage-external-locations-and-credentials,https://docs.gcp.databricks.com/data-governance/unity-catalog/manage-external-locations-and-credentials.html
+59,GOV-22,Informational,Metastore Storage Credentials,-1,Medium,Use external locations rather than using storage credentials directly,1,1,1,0,0,Check if securable_type = 'STORAGE_CREDENTIAL' for storage-credentials ,curl --netrc -X GET \ https://<workspace_url>/api/2.1/unity-catalog/storage-credentials,https://docs.databricks.com/data-governance/unity-catalog/manage-external-locations-and-credentials.html,https://learn.microsoft.com/en-us/azure/databricks/data-governance/unity-catalog/manage-external-locations-and-credentials,https://docs.gcp.databricks.com/data-governance/unity-catalog/manage-external-locations-and-credentials.html
 60,GOV-23,Governance,UC enabled Data warehouses,-1,Low,Use UC enabled Data warehouses,1,1,1,1,0,Check if disable_uc = true on warehouses,curl --netrc -X GET \ https://<workspace_url>/api/2.0/sql/warehouses,https://docs.databricks.com/sql/admin/create-sql-warehouse.html#advanced-options,https://learn.microsoft.com/en-us/azure/databricks/sql/admin/create-sql-warehouse#--advanced-options,https://docs.gcp.databricks.com/sql/admin/create-sql-warehouse.html#advanced-options
-61,INFO-17,Informational,Serverless Compute,-1,Low,Enable Serverless Compute,1,1,0,1,0,Check if enable_serverless_compute != true on warehouses ,curl --netrc -X GET \ https://<workspace_url>/api/2.0/sql/config/warehouses,https://docs.databricks.com/sql/admin/serverless.html,https://learn.microsoft.com/en-us/azure/databricks/sql/admin/serverless,N/A
-62,INFO-18,Informational,Delta Sharing CREATE_RECIPIENT and CREATE_SHARE permissions,-1,Medium,Limit who has CREATE_RECIPIENT and CREATE_SHARE permissions on metastore,1,1,1,1,0,Check if who has specified permission on the metastore,curl --netrc -X GET \ https://<workspace_url>/api/2.1/unity-catalog/permissions/{securable_type}/{full_name},https://docs.databricks.com/data-sharing/create-recipient.html,https://learn.microsoft.com/en-us/azure/databricks/data-sharing/create-recipient,https://docs.gcp.databricks.com/data-sharing/create-recipient.html
+61,INFO-17,Informational,Serverless Compute,-1,Low,Enable Serverless Compute,1,1,0,0,0,Check if enable_serverless_compute != true on warehouses ,curl --netrc -X GET \ https://<workspace_url>/api/2.0/sql/config/warehouses,https://docs.databricks.com/sql/admin/serverless.html,https://learn.microsoft.com/en-us/azure/databricks/sql/admin/serverless,N/A
+62,INFO-18,Informational,Delta Sharing CREATE_RECIPIENT and CREATE_SHARE permissions,-1,Low,Limit who has CREATE_RECIPIENT and CREATE_SHARE permissions on metastore,1,1,1,1,0,Check who has  CREATE_RECIPIENT and CREATE_SHARE permission on the metastore,curl --netrc -X GET \ https://<workspace_url>/api/2.1/unity-catalog/permissions/{securable_type}/{full_name},https://docs.databricks.com/data-sharing/create-recipient.html,https://learn.microsoft.com/en-us/azure/databricks/data-sharing/create-recipient,https://docs.gcp.databricks.com/data-sharing/create-recipient.html