diff --git a/assets/queries/common/passwords_and_secrets/test/negative18.tf b/assets/queries/common/passwords_and_secrets/test/negative11.tf
similarity index 100%
rename from assets/queries/common/passwords_and_secrets/test/negative18.tf
rename to assets/queries/common/passwords_and_secrets/test/negative11.tf
diff --git a/assets/queries/common/passwords_and_secrets/test/negative19.tf b/assets/queries/common/passwords_and_secrets/test/negative12.tf
similarity index 100%
rename from assets/queries/common/passwords_and_secrets/test/negative19.tf
rename to assets/queries/common/passwords_and_secrets/test/negative12.tf
diff --git a/assets/queries/common/passwords_and_secrets/test/negative20.tf b/assets/queries/common/passwords_and_secrets/test/negative13.tf
similarity index 100%
rename from assets/queries/common/passwords_and_secrets/test/negative20.tf
rename to assets/queries/common/passwords_and_secrets/test/negative13.tf
diff --git a/assets/queries/common/passwords_and_secrets/test/negative14.tf b/assets/queries/common/passwords_and_secrets/test/negative14.tf
new file mode 100644
index 00000000000..4f13644463a
--- /dev/null
+++ b/assets/queries/common/passwords_and_secrets/test/negative14.tf
@@ -0,0 +1,85 @@
+resource "aws_ecs_task_definition" "webapp" {
+  family        = "tomato-webapp"
+  task_role_arn = data.aws_iam_role.ecs_task_role.arn
+
+  container_definitions = <<EOF
+[
+  {
+    "volumesFrom": [],
+    "extraHosts": null,
+    "dnsServers": null,
+    "disableNetworking": null,
+    "dnsSearchDomains": null,
+    "portMappings": [
+      {
+        "hostPort": 0,
+        "containerPort": 8000,
+        "protocol": "tcp"
+      }
+    ],
+    "hostname": null,
+    "essential": true,
+    "entryPoint": null,
+    "mountPoints": [],
+    "name": "tomato",
+    "ulimits": null,
+    "dockerSecurityOptions": null,
+    "environment": [
+      {
+        "name": "RDS_HOST",
+        "value": "${aws_db_instance.tomato.address}"
+      },
+      {
+        "name": "RDS_NAME",
+        "value": "${aws_db_instance.tomato.name}"
+      },
+      {
+        "name": "RDS_USER",
+        "value": "${aws_db_instance.tomato.username}"
+      },
+      {
+        "name": "RDS_PASSWORD",
+        "value": "${aws_db_instance.tomato.password}"
+      },
+      {
+        "name": "RDS_PORT",
+        "value": "${aws_db_instance.tomato.port}"
+      },
+      {
+        "name": "GOOGLE_MAPS_API_KEY",
+        "value": "${var.google_maps_api_key}"
+      },
+      {
+        "name": "SECRET_KEY",
+        "value": "${var.secret_key}"
+      }
+    ],
+    "workingDirectory": "/code",
+    "readonlyRootFilesystem": null,
+    "image": "${aws_ecr_repository.tomato.repository_url}:latest",
+    "command": [
+      "sh",
+      "-c",
+      "python3 manage.py initialize && uwsgi --ini /code/uwsgi.ini"
+    ],
+    "user": null,
+    "dockerLabels": null,
+    "logConfiguration": {
+      "logDriver": "awslogs",
+      "options": {
+        "awslogs-group": "${aws_cloudwatch_log_group.tomato_webapp.name}",
+        "awslogs-region": "us-east-1",
+        "awslogs-stream-prefix": "webapp"
+      }
+    },
+    "cpu": 700,
+    "privileged": null,
+    "memoryReservation": 512,
+    "linuxParameters": {
+      "initProcessEnabled": true
+    }
+  }
+]
+EOF
+
+}
diff --git a/assets/queries/common/passwords_and_secrets/test/negative15.tf b/assets/queries/common/passwords_and_secrets/test/negative15.tf
new file mode 100644
index 00000000000..bc0d6ecbf12
--- /dev/null
+++ b/assets/queries/common/passwords_and_secrets/test/negative15.tf
@@ -0,0 +1,4 @@
+provider "heroku" {
+  email   = "ops@company.com"
+  api_key = var.heroku_api_key
+}
diff --git a/assets/queries/common/passwords_and_secrets/test/negative23.tf b/assets/queries/common/passwords_and_secrets/test/negative16.tf
similarity index 100%
rename from assets/queries/common/passwords_and_secrets/test/negative23.tf
rename to assets/queries/common/passwords_and_secrets/test/negative16.tf
diff --git a/assets/queries/common/passwords_and_secrets/test/negative24.tf b/assets/queries/common/passwords_and_secrets/test/negative17.tf
similarity index 100%
rename from assets/queries/common/passwords_and_secrets/test/negative24.tf
rename to assets/queries/common/passwords_and_secrets/test/negative17.tf
diff --git a/assets/queries/common/passwords_and_secrets/test/negative18.yaml b/assets/queries/common/passwords_and_secrets/test/negative18.yaml
new file mode 100644
index 00000000000..6e0600259ea
--- /dev/null
+++ b/assets/queries/common/passwords_and_secrets/test/negative18.yaml
@@ -0,0 +1,12 @@
+Parameters:
+  PrivateKey1:
+    Type: String
+Resources:
+  PinpointApp:
+    Type: AWS::Pinpoint::App
+    Properties:
+      Name: foobar
+  PinpointAPNSChannel:
+    Type: AWS::Pinpoint::APNSChannel
+    Properties:
+      PrivateKey: !GetAtt PrivateKey1
diff --git a/assets/queries/common/passwords_and_secrets/test/negative27.yaml b/assets/queries/common/passwords_and_secrets/test/negative19.yaml
similarity index 100%
rename from assets/queries/common/passwords_and_secrets/test/negative27.yaml
rename to assets/queries/common/passwords_and_secrets/test/negative19.yaml
diff --git a/assets/queries/common/passwords_and_secrets/test/negative28.yaml b/assets/queries/common/passwords_and_secrets/test/negative20.yaml
similarity index 100%
rename from assets/queries/common/passwords_and_secrets/test/negative28.yaml
rename to assets/queries/common/passwords_and_secrets/test/negative20.yaml
diff --git a/assets/queries/common/passwords_and_secrets/test/negative21.tf b/assets/queries/common/passwords_and_secrets/test/negative21.tf
index 4f13644463a..ca6ffa5c299 100644
--- a/assets/queries/common/passwords_and_secrets/test/negative21.tf
+++ b/assets/queries/common/passwords_and_secrets/test/negative21.tf
@@ -1,85 +1,3 @@
-resource "aws_ecs_task_definition" "webapp" {
-  family        = "tomato-webapp"
-  task_role_arn = data.aws_iam_role.ecs_task_role.arn
-
-  container_definitions = <<EOF
-[
-  {
-    "volumesFrom": [],
-    "extraHosts": null,
-    "dnsServers": null,
-    "disableNetworking": null,
-    "dnsSearchDomains": null,
-    "portMappings": [
-      {
-        "hostPort": 0,
-        "containerPort": 8000,
-        "protocol": "tcp"
-      }
-    ],
-    "hostname": null,
-    "essential": true,
-    "entryPoint": null,
-    "mountPoints": [],
-    "name": "tomato",
-    "ulimits": null,
-    "dockerSecurityOptions": null,
-    "environment": [
-      {
-        "name": "RDS_HOST",
-        "value": "${aws_db_instance.tomato.address}"
-      },
-      {
-        "name": "RDS_NAME",
-        "value": "${aws_db_instance.tomato.name}"
-      },
-      {
-        "name": "RDS_USER",
-        "value": "${aws_db_instance.tomato.username}"
-      },
-      {
-        "name": "RDS_PASSWORD",
-        "value": "${aws_db_instance.tomato.password}"
-      },
-      {
-        "name": "RDS_PORT",
-        "value": "${aws_db_instance.tomato.port}"
-      },
-      {
-        "name": "GOOGLE_MAPS_API_KEY",
-        "value": "${var.google_maps_api_key}"
-      },
-      {
-        "name": "SECRET_KEY",
-        "value": "${var.secret_key}"
-      }
-    ],
-    "workingDirectory": "/code",
-    "readonlyRootFilesystem": null,
-    "image": "${aws_ecr_repository.tomato.repository_url}:latest",
-    "command": [
-      "sh",
-      "-c",
-      "python3 manage.py initialize && uwsgi --ini /code/uwsgi.ini"
-    ],
-    "user": null,
-    "dockerLabels": null,
-    "logConfiguration": {
-      "logDriver": "awslogs",
-      "options": {
-        "awslogs-group": "${aws_cloudwatch_log_group.tomato_webapp.name}",
-        "awslogs-region": "us-east-1",
-        "awslogs-stream-prefix": "webapp"
-      }
-    },
-    "cpu": 700,
-    "privileged": null,
-    "memoryReservation": 512,
-    "linuxParameters": {
-      "initProcessEnabled": true
-    }
-  }
-]
-EOF
-
+provider "mailgun" {
+  api_key = "var.mailgun_api_key"
 }
diff --git a/assets/queries/common/passwords_and_secrets/test/negative22.tf b/assets/queries/common/passwords_and_secrets/test/negative22.tf
index bc0d6ecbf12..25083d09fd4 100644
--- a/assets/queries/common/passwords_and_secrets/test/negative22.tf
+++ b/assets/queries/common/passwords_and_secrets/test/negative22.tf
@@ -1,4 +1,3 @@
-provider "heroku" {
-  email   = "ops@company.com"
-  api_key = var.heroku_api_key
+provider "stripe" {
+  api_key = var.strip_restricted_api_key
 }
diff --git a/assets/queries/common/passwords_and_secrets/test/negative23.yaml b/assets/queries/common/passwords_and_secrets/test/negative23.yaml
new file mode 100644
index 00000000000..e31348aa535
--- /dev/null
+++ b/assets/queries/common/passwords_and_secrets/test/negative23.yaml
@@ -0,0 +1,4 @@
+- hosts: all
+  remote_user: root
+  vars:
+    twilio_api_key: '{{ TWILIO_API_KEY }}'
diff --git a/assets/queries/common/passwords_and_secrets/test/negative24.yaml b/assets/queries/common/passwords_and_secrets/test/negative24.yaml
new file mode 100644
index 00000000000..d9ddd4e3a1c
--- /dev/null
+++ b/assets/queries/common/passwords_and_secrets/test/negative24.yaml
@@ -0,0 +1,5 @@
+- hosts: all
+  remote_user: root
+  vars:
+    paypal_access_token: '{{ PAYPAL_ACCESS_TOKEN }}'
+
diff --git a/assets/queries/common/passwords_and_secrets/test/negative25.yaml b/assets/queries/common/passwords_and_secrets/test/negative25.yaml
new file mode 100644
index 00000000000..00fd2e53a80
--- /dev/null
+++ b/assets/queries/common/passwords_and_secrets/test/negative25.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: envar-demo
+  labels:
+    purpose: demonstrate-envars
+spec:
+  containers:
+  - name: envar-demo-container
+    image: gcr.io/google-samples/node-hello:1.0
diff --git a/assets/queries/common/passwords_and_secrets/test/negative26.yaml b/assets/queries/common/passwords_and_secrets/test/negative26.yaml
index 6e0600259ea..3cec573147d 100644
--- a/assets/queries/common/passwords_and_secrets/test/negative26.yaml
+++ b/assets/queries/common/passwords_and_secrets/test/negative26.yaml
@@ -1,12 +1,19 @@
-Parameters:
-  PrivateKey1:
-    Type: String
-Resources:
-  PinpointApp:
-    Type: AWS::Pinpoint::App
-    Properties:
-      Name: foobar
-  PinpointAPNSChannel:
-    Type: AWS::Pinpoint::APNSChannel
-    Properties:
-      PrivateKey: !GetAtt PrivateKey1
+apiVersion: v1
+kind: Config
+users:
+- name: cluster-admin
+  user:
+    auth-provider:
+      config: {}
+      name: gcp
+- name: google-oauth-access-token
+  user:
+    auth-provider:
+      config:
+        access-token: '{.credential.oauth_access_token_}'
+        cmd-args: config config-helper --format=json
+        cmd-path: /Users/dave/google-cloud-sdk/bin/gcloud
+        expiry: 2021-10-28T15:12:03.000Z
+        expiry-key: '{.credential.token_expiry}'
+        token-key: '{.credential.access_token}'
+      name: gcp
diff --git a/assets/queries/common/passwords_and_secrets/test/negative37.tf b/assets/queries/common/passwords_and_secrets/test/negative27.tf
similarity index 100%
rename from assets/queries/common/passwords_and_secrets/test/negative37.tf
rename to assets/queries/common/passwords_and_secrets/test/negative27.tf
diff --git a/assets/queries/common/passwords_and_secrets/test/negative38.tf b/assets/queries/common/passwords_and_secrets/test/negative28.tf
similarity index 100%
rename from assets/queries/common/passwords_and_secrets/test/negative38.tf
rename to assets/queries/common/passwords_and_secrets/test/negative28.tf
diff --git a/assets/queries/common/passwords_and_secrets/test/negative29.tf b/assets/queries/common/passwords_and_secrets/test/negative29.tf
deleted file mode 100644
index ca6ffa5c299..00000000000
--- a/assets/queries/common/passwords_and_secrets/test/negative29.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-provider "mailgun" {
-  api_key = "var.mailgun_api_key"
-}
diff --git a/assets/queries/common/passwords_and_secrets/test/negative29.yaml b/assets/queries/common/passwords_and_secrets/test/negative29.yaml
new file mode 100644
index 00000000000..c51ed1df46d
--- /dev/null
+++ b/assets/queries/common/passwords_and_secrets/test/negative29.yaml
@@ -0,0 +1,51 @@
+name: Example Workflow
+
+on: workflow_call
+
+jobs:
+  build-deploy:
+    permissions:
+      contents: read
+      pages: write
+      id-token: write
+
+    runs-on: ubuntu
+
+    steps:
+      - uses: actions/checkout@v4
+
+---
+
+name: Example Workflow
+
+on: workflow_call
+
+jobs:
+  build-deploy:
+    permissions:
+      contents: read
+      pages: write
+      id-token: read
+
+    runs-on: ubuntu
+
+    steps:
+      - uses: actions/checkout@v4
+
+---
+
+name: Example Workflow
+
+on: workflow_call
+
+jobs:
+  build-deploy:
+    permissions:
+      contents: read
+      pages: write
+      id-token: none
+
+    runs-on: ubuntu
+
+    steps:
+      - uses: actions/checkout@v4
diff --git a/assets/queries/common/passwords_and_secrets/test/negative30.tf b/assets/queries/common/passwords_and_secrets/test/negative30.tf
deleted file mode 100644
index 25083d09fd4..00000000000
--- a/assets/queries/common/passwords_and_secrets/test/negative30.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-provider "stripe" {
-  api_key = var.strip_restricted_api_key
-}
diff --git a/assets/queries/common/passwords_and_secrets/test/negative30.yaml b/assets/queries/common/passwords_and_secrets/test/negative30.yaml
new file mode 100644
index 00000000000..ed211b11eeb
--- /dev/null
+++ b/assets/queries/common/passwords_and_secrets/test/negative30.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: security-context-demo
+spec:
+  automountServiceAccountToken: false
+  securityContext:
+    runAsUser: 1000
+    runAsGroup: 3000
+    fsGroup: 2000
+  volumes:
+    - name: sec-ctx-vol
+      emptyDir: { }
+  containers:
+    - name: sec-ctx-demo
+      image: busybox
+      command: [ "sh", "-c", "sleep 1h" ]
+      volumeMounts:
+        - name: sec-ctx-vol
+          mountPath: /data/demo
+      securityContext:
+        allowPrivilegeEscalation: false
\ No newline at end of file
diff --git a/assets/queries/common/passwords_and_secrets/test/negative31.yaml b/assets/queries/common/passwords_and_secrets/test/negative31.yaml
index e31348aa535..9f4a78d1e74 100644
--- a/assets/queries/common/passwords_and_secrets/test/negative31.yaml
+++ b/assets/queries/common/passwords_and_secrets/test/negative31.yaml
@@ -1,4 +1,36 @@
-- hosts: all
-  remote_user: root
-  vars:
-    twilio_api_key: '{{ TWILIO_API_KEY }}'
+- name: 'aws_codebuild integration tests'
+  collections:
+    - amazon.aws
+  module_defaults:
+    group/aws:
+      aws_access_key: '{{ aws_access_key }}'
+      aws_secret_key: '{{ aws_secret_key }}'
+      security_token: '{{ security_token | default(omit) }}'
+      region: '{{ aws_region }}'
+  block:
+    - name: idempotence check rerunning same Codebuild task
+      aws_codebuild:
+        name: "{{ resource_prefix }}-test-ansible-codebuild"
+        description: Build project for testing the Ansible aws_codebuild module
+        service_role: "{{ codebuild_iam_role.iam_role.arn }}"
+        timeout_in_minutes: 30
+        source:
+          type: CODEPIPELINE
+          buildspec: ''
+        artifacts:
+          namespace_type: NONE
+          packaging: NONE
+          type: CODEPIPELINE
+          name: test
+        encryption_key: 'arn:aws:kms:{{ aws_region }}:{{ aws_account_id }}:alias/aws/s3'
+        environment:
+          compute_type: BUILD_GENERAL1_SMALL
+          privileged_mode: true
+          image: 'aws/codebuild/docker:17.09.0'
+          type: LINUX_CONTAINER
+          environment_variables:
+            - { name: 'FOO_ENV', value: 'other' }
+        tags:
+          - { key: 'purpose', value: 'ansible-test' }
+        state: present
+      register: rerun_test_output
diff --git a/assets/queries/common/passwords_and_secrets/test/negative32.yaml b/assets/queries/common/passwords_and_secrets/test/negative32.yaml
index d9ddd4e3a1c..355c7ea91a8 100644
--- a/assets/queries/common/passwords_and_secrets/test/negative32.yaml
+++ b/assets/queries/common/passwords_and_secrets/test/negative32.yaml
@@ -1,5 +1,5 @@
-- hosts: all
-  remote_user: root
-  vars:
-    paypal_access_token: '{{ PAYPAL_ACCESS_TOKEN }}'
-
+Conditions:
+  HasKmsKey: !Not [!Equals [!Ref ParentKmsKeyStack, '']]
+  HasSecretName: !Not [!Equals [!Ref ParentKmsKeyStack, '']]
+  HasPassword: !Not [!Equals [!Ref DBPassword, '']]
+Resources:
\ No newline at end of file
diff --git a/assets/queries/common/passwords_and_secrets/test/negative33.yaml b/assets/queries/common/passwords_and_secrets/test/negative33.yaml
index 00fd2e53a80..3b62384bc30 100644
--- a/assets/queries/common/passwords_and_secrets/test/negative33.yaml
+++ b/assets/queries/common/passwords_and_secrets/test/negative33.yaml
@@ -1,10 +1,48 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: envar-demo
-  labels:
-    purpose: demonstrate-envars
-spec:
-  containers:
-  - name: envar-demo-container
-    image: gcr.io/google-samples/node-hello:1.0
+Resources:
+  LambdaFunctionV2:
+    Type: 'AWS::Lambda::Function'
+    Properties:
+      Code:
+        ZipFile: |
+          'use strict';
+          const AWS = require('aws-sdk');
+          const response = require('cfn-response');
+          const iam = new AWS.IAM({apiVersion: '2010-05-08'});
+          exports.handler = (event, context, cb) => {
+            console.log(`Invoke: ${JSON.stringify(event)}`);
+            function done(err) {
+              if (err) {
+                console.log(`Error: ${JSON.stringify(err)}`);
+                response.send(event, context, response.FAILED, {});
+              } else {
+                response.send(event, context, response.SUCCESS, {});
+              }
+            }
+            if (event.RequestType === 'Delete') {
+              iam.deleteAccountPasswordPolicy({}, done);
+            } else if (event.RequestType === 'Create' || event.RequestType === 'Update') {
+              const params = {
+                MinimumPasswordLength: parseInt(event.ResourceProperties.MinimumPasswordLength, 10),
+                RequireSymbols: event.ResourceProperties.RequireSymbols === 'true',
+                RequireNumbers: event.ResourceProperties.RequireNumbers === 'true',
+                RequireUppercaseCharacters: event.ResourceProperties.RequireUppercaseCharacters === 'true',
+                RequireLowercaseCharacters: event.ResourceProperties.RequireLowercaseCharacters === 'true',
+                AllowUsersToChangePassword: event.ResourceProperties.AllowUsersToChangePassword === 'true',
+                HardExpiry: event.ResourceProperties.HardExpiry === 'true'
+              };
+              if (parseInt(event.ResourceProperties.MaxPasswordAge, 10) > 0) {
+                params.MaxPasswordAge = parseInt(event.ResourceProperties.MaxPasswordAge, 10);
+              }
+              if (parseInt(event.ResourceProperties.PasswordReusePrevention, 10) > 0) {
+                params.PasswordReusePrevention = parseInt(event.ResourceProperties.PasswordReusePrevention, 10);
+              }
+              iam.updateAccountPasswordPolicy(params, done);
+            } else {
+              cb(new Error(`unsupported RequestType: ${event.RequestType}`));
+            }
+          };
+      Handler: 'index.handler'
+      MemorySize: 128
+      Role: !GetAtt 'LambdaRole.Arn'
+      Runtime: 'nodejs12.x'
+      Timeout: 60
diff --git a/assets/queries/common/passwords_and_secrets/test/negative44.tf b/assets/queries/common/passwords_and_secrets/test/negative34.tf
similarity index 100%
rename from assets/queries/common/passwords_and_secrets/test/negative44.tf
rename to assets/queries/common/passwords_and_secrets/test/negative34.tf
diff --git a/assets/queries/common/passwords_and_secrets/test/negative45.dockerfile b/assets/queries/common/passwords_and_secrets/test/negative35.dockerfile
similarity index 100%
rename from assets/queries/common/passwords_and_secrets/test/negative45.dockerfile
rename to assets/queries/common/passwords_and_secrets/test/negative35.dockerfile
diff --git a/assets/queries/common/passwords_and_secrets/test/negative35.yaml b/assets/queries/common/passwords_and_secrets/test/negative35.yaml
deleted file mode 100644
index 3cec573147d..00000000000
--- a/assets/queries/common/passwords_and_secrets/test/negative35.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Config
-users:
-- name: cluster-admin
-  user:
-    auth-provider:
-      config: {}
-      name: gcp
-- name: google-oauth-access-token
-  user:
-    auth-provider:
-      config:
-        access-token: '{.credential.oauth_access_token_}'
-        cmd-args: config config-helper --format=json
-        cmd-path: /Users/dave/google-cloud-sdk/bin/gcloud
-        expiry: 2021-10-28T15:12:03.000Z
-        expiry-key: '{.credential.token_expiry}'
-        token-key: '{.credential.access_token}'
-      name: gcp
diff --git a/assets/queries/common/passwords_and_secrets/test/negative46.tf b/assets/queries/common/passwords_and_secrets/test/negative36.tf
similarity index 100%
rename from assets/queries/common/passwords_and_secrets/test/negative46.tf
rename to assets/queries/common/passwords_and_secrets/test/negative36.tf
diff --git a/assets/queries/common/passwords_and_secrets/test/negative47.yaml b/assets/queries/common/passwords_and_secrets/test/negative37.yaml
similarity index 100%
rename from assets/queries/common/passwords_and_secrets/test/negative47.yaml
rename to assets/queries/common/passwords_and_secrets/test/negative37.yaml
diff --git a/assets/queries/common/passwords_and_secrets/test/negative48.yaml b/assets/queries/common/passwords_and_secrets/test/negative38.yaml
similarity index 97%
rename from assets/queries/common/passwords_and_secrets/test/negative48.yaml
rename to assets/queries/common/passwords_and_secrets/test/negative38.yaml
index ceabd8a45aa..fde8a4bb5f2 100644
--- a/assets/queries/common/passwords_and_secrets/test/negative48.yaml
+++ b/assets/queries/common/passwords_and_secrets/test/negative38.yaml
@@ -1,5 +1,6 @@
 Type: AWS::Glue::Connection
-Properties:
+Resources:
+  Properties:
     CatalogId: "1111111111111"
     ConnectionInput:
       ConnectionProperties:
diff --git a/assets/queries/common/passwords_and_secrets/test/negative39.yaml b/assets/queries/common/passwords_and_secrets/test/negative39.yaml
index c51ed1df46d..e3d55dff65a 100644
--- a/assets/queries/common/passwords_and_secrets/test/negative39.yaml
+++ b/assets/queries/common/passwords_and_secrets/test/negative39.yaml
@@ -1,51 +1,27 @@
-name: Example Workflow
-
-on: workflow_call
-
-jobs:
-  build-deploy:
-    permissions:
-      contents: read
-      pages: write
-      id-token: write
-
-    runs-on: ubuntu
-
-    steps:
-      - uses: actions/checkout@v4
-
----
-
-name: Example Workflow
-
-on: workflow_call
-
-jobs:
-  build-deploy:
-    permissions:
-      contents: read
-      pages: write
-      id-token: read
-
-    runs-on: ubuntu
-
-    steps:
-      - uses: actions/checkout@v4
-
----
-
-name: Example Workflow
-
-on: workflow_call
-
-jobs:
-  build-deploy:
-    permissions:
-      contents: read
-      pages: write
-      id-token: none
-
-    runs-on: ubuntu
-
-    steps:
-      - uses: actions/checkout@v4
+AWSTemplateFormatVersion: "2010-09-09"
+Resources:
+  somecode:
+    Type: AWS::CodeBuild::Project
+    Properties:
+      Name: somecodename
+      Description: somecodedesc
+      TimeoutInMinutes: 10
+      QueuedTimeoutInMinutes: 10
+      ServiceRole: someservicerole
+      EncryptionKey: somekey
+      Artifacts:
+        Type: someartifact
+      Cache:
+        Type: somecache
+        Modes:
+          - mode1
+          - mode2
+      Environment:
+        ComputeType: somecomputetype
+        Image: someimage
+        Type: someenv
+        ImagePullCredentialsType: somepulltype
+      Source:
+        Type: somesource
+        Location: somelocation
+        GitCloneDepth: 1
diff --git a/assets/queries/common/passwords_and_secrets/test/negative40.yaml b/assets/queries/common/passwords_and_secrets/test/negative40.yaml
index ed211b11eeb..2ac3c5a5e9a 100644
--- a/assets/queries/common/passwords_and_secrets/test/negative40.yaml
+++ b/assets/queries/common/passwords_and_secrets/test/negative40.yaml
@@ -1,22 +1,26 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: security-context-demo
-spec:
-  automountServiceAccountToken: false
-  securityContext:
-    runAsUser: 1000
-    runAsGroup: 3000
-    fsGroup: 2000
-  volumes:
-    - name: sec-ctx-vol
-      emptyDir: { }
-  containers:
-    - name: sec-ctx-demo
-      image: busybox
-      command: [ "sh", "-c", "sleep 1h" ]
-      volumeMounts:
-        - name: sec-ctx-vol
-          mountPath: /data/demo
-      securityContext:
-        allowPrivilegeEscalation: false
\ No newline at end of file
+Type: AWS::Glue::Connection
+Resources:
+  Properties:
+    CatalogId: "1111111111111"
+    ConnectionInput:
+      ConnectionProperties:
+          CONNECTION_URL:
+            Fn::Join:
+              - ""
+              - - "mongodb://{{resolve:secretsmanager:arn:"
+                - Ref: AWS::Partition
+                - :secretsmanager:*:1111111111111:secret:/test/resources/docdb-test:SecretString:endpoint::}}/test
+          USERNAME:
+            Fn::Join:
+              - ""
+              - - "{{resolve:secretsmanager:arn:"
+                - Ref: AWS::Partition
+                - :secretsmanager:eu-west-1:*:secret:/test/resources/docdb-test:SecretString:username::}}
+          PASSWORD:
+            Fn::Join:
+              - ""
+              - - "{{resolve:secretsmanager:arn:"
+                - Ref: AWS::Partition
+                - :secretsmanager:us-east-?:*:secret:tiny::}}
+          JDBC_ENFORCE_SSL: true
+      ConnectionType: MONGODB
diff --git a/assets/queries/common/passwords_and_secrets/test/negative41.yaml b/assets/queries/common/passwords_and_secrets/test/negative41.yaml
index 9f4a78d1e74..a4a81ed903b 100644
--- a/assets/queries/common/passwords_and_secrets/test/negative41.yaml
+++ b/assets/queries/common/passwords_and_secrets/test/negative41.yaml
@@ -1,36 +1,160 @@
-- name: 'aws_codebuild integration tests'
-  collections:
-    - amazon.aws
-  module_defaults:
-    group/aws:
-      aws_access_key: '{{ aws_access_key }}'
-      aws_secret_key: '{{ aws_secret_key }}'
-      security_token: '{{ security_token | default(omit) }}'
-      region: '{{ aws_region }}'
-  block:
-    - name: idempotence check rerunning same Codebuild task
-      aws_codebuild:
-        name: "{{ resource_prefix }}-test-ansible-codebuild"
-        description: Build project for testing the Ansible aws_codebuild module
-        service_role: "{{ codebuild_iam_role.iam_role.arn }}"
-        timeout_in_minutes: 30
-        source:
-          type: CODEPIPELINE
-          buildspec: ''
-        artifacts:
-          namespace_type: NONE
-          packaging: NONE
-          type: CODEPIPELINE
-          name: test
-        encryption_key: 'arn:aws:kms:{{ aws_region }}:{{ aws_account_id }}:alias/aws/s3'
-        environment:
-          compute_type: BUILD_GENERAL1_SMALL
-          privileged_mode: true
-          image: 'aws/codebuild/docker:17.09.0'
-          type: LINUX_CONTAINER
-          environment_variables:
-            - { name: 'FOO_ENV', value: 'other' }
-        tags:
-          - { key: 'purpose', value: 'ansible-test' }
-        state: present
-      register: rerun_test_output
+---
+AWSTemplateFormatVersion: "2010-09-09"
+Description: >
+  Test values for GetAtt and Ref and conditions
+Parameters:
+  pSubnets:
+    Type: List<String>
+    Default: ''
+  pSubnet:
+    Type: String
+    Default: ''
+  pSsmSubnets:
+    Type: AWS::SSM::Parameter::Value<List<AWS::EC2::Subnet::Id>>
+    Default: ''
+Conditions:
+  cCreateSubnets: !Not [!Equals [!Ref pSubnets, '']]
+  cNotCreateSubnets: !Not [!Condition cCreateSubnets]
+  cUseSsmSubnets: !And [!Condition cNotCreateSubnets, !Not [!Equals [pSsmSubnets, '']]]
+Resources:
+  Subnet1:
+    Type: AWS::EC2::Subnet
+    Properties:
+      VpcId: 'vpc-1234567'
+      CidrBlock: 10.0.0.0/24
+  Subnet2:
+    Type: AWS::EC2::Subnet
+    Properties:
+      VpcId: 'vpc-1234567'
+      CidrBlock: 10.0.0.2/24
+  LoadBalancer:
+    Type: AWS::ElasticLoadBalancing::LoadBalancer
+    Properties:
+      Listeners:
+      -
+        InstancePort: '80'
+        LoadBalancerPort: '80'
+        Protocol: HTTP
+      Subnets:
+        Fn::If:
+        - cCreateSubnets
+        - - !Ref Subnet1
+          - !Ref Subnet2
+          - !Ref pSubnet  # extra check to validate singular parameter works
+        - Fn::If:
+          - cUseSsmSubnets
+          - !Ref pSsmSubnets
+          - !Ref pSubnets
+  LoadBalancer2:
+    Type: AWS::ElasticLoadBalancing::LoadBalancer
+    Properties:
+      Fn::If:
+      - cCreateSubnets
+      - Listeners:
+        -
+          InstancePort: '80'
+          LoadBalancerPort: '80'
+          Protocol: HTTP
+        Subnets:
+          - !Ref Subnet1
+          - !Ref Subnet2
+      - Fn::If:
+        - cUseSsmSubnets
+        - Listeners:
+          -
+            InstancePort: '80'
+            LoadBalancerPort: '80'
+            Protocol: HTTP
+          Subnets: !Ref pSsmSubnets
+        - Listeners:
+          -
+            InstancePort: '80'
+            LoadBalancerPort: '80'
+            Protocol: HTTP
+          Subnets: !Ref pSubnets
+  ### Test Custom Resources Don't fail
+  GetSubnets:
+    Type: AWS::CloudFormation::CustomResource
+    Properties:
+      ServiceToken: anArn
+  LoadBalancer3:
+    Type: AWS::ElasticLoadBalancing::LoadBalancer
+    Properties:
+      Listeners:
+      -
+        InstancePort: '80'
+        LoadBalancerPort: '80'
+        Protocol: HTTP
+      Subnets: !GetAtt GetSubnets.Subnets
+  ### Test getatt to another resource and a list getatt
+  SecurityGroup1:
+    Type: AWS::EC2::SecurityGroup
+    Properties:
+      GroupDescription: LoadBalancer Security Group
+  alb1:
+    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
+    Properties:
+      Scheme: internal
+      Subnets: !Ref pSubnets
+      LoadBalancerAttributes:
+      - Key: idle_timeout.timeout_seconds
+        Value: '50'
+      SecurityGroups:
+      - Ref: SecurityGroup1
+  alb2:
+    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
+    Properties:
+      Scheme: internal
+      Subnets: !Ref pSubnets
+      LoadBalancerAttributes:
+      - Key: idle_timeout.timeout_seconds
+        Value: '50'
+      SecurityGroups: !GetAtt alb1.SecurityGroups
+  ### Test CloudFormation resource for Get Atts
+  SubStack:
+    Type: AWS::CloudFormation::Stack
+    Properties:
+      TemplateURL: https://example.com
+  albCfn2:
+    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
+    Properties:
+      Scheme: internal
+      Subnets: !Ref pSubnets
+      LoadBalancerAttributes:
+      - Key: idle_timeout.timeout_seconds
+        Value: '50'
+      SecurityGroups:
+      - !GetAtt SubStack.Outputs.SecurityGroups
+  Listener:
+    Type: AWS::ElasticLoadBalancingV2::Listener
+    Properties:
+      Protocol:
+        Fn::GetAtt:
+        - SubStack
+        - Outputs.Protocol
+      LoadBalancerArn: !GetAtt SubStack.Outputs.LoadBalancerArn
+  KinesisStream:
+    Type: AWS::Kinesis::Stream
+    Properties:
+      ShardCount: 1
+  StreamConsumer:
+    Type: AWS::Kinesis::StreamConsumer
+    Properties:
+      ConsumerName: MyConsumer
+      StreamARN: !GetAtt KinesisStream.Arn
+  03EventSourceMapping:
+    Type: AWS::Lambda::EventSourceMapping
+    Properties:
+      BatchSize: 500
+      Enabled: true
+      EventSourceArn: !GetAtt StreamConsumer.ConsumerARN
+      FunctionName: !Ref LambdaFunctionArn
+      StartingPosition: LATEST
+  04EventSourceMapping:
+    Type: AWS::Lambda::EventSourceMapping
+    Properties:
+      BatchSize: 500
+      Enabled: true
+      EventSourceArn: !GetAtt StreamConsumer.StreamARN
+      FunctionName: !Ref LambdaFunctionArn
+      StartingPosition: LATEST
diff --git a/assets/queries/common/passwords_and_secrets/test/negative54.tf b/assets/queries/common/passwords_and_secrets/test/negative42.tf
similarity index 100%
rename from assets/queries/common/passwords_and_secrets/test/negative54.tf
rename to assets/queries/common/passwords_and_secrets/test/negative42.tf
diff --git a/assets/queries/common/passwords_and_secrets/test/negative42.yaml b/assets/queries/common/passwords_and_secrets/test/negative42.yaml
deleted file mode 100644
index 69a9a8c1317..00000000000
--- a/assets/queries/common/passwords_and_secrets/test/negative42.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-Conditions:
-  HasKmsKey: !Not [!Equals [!Ref ParentKmsKeyStack, '']]
-  HasSecretName: !Not [!Equals [!Ref ParentKmsKeyStack, '']]
-  HasPassword: !Not [!Equals [!Ref DBPassword, '']]
diff --git a/assets/queries/common/passwords_and_secrets/test/negative55.tf b/assets/queries/common/passwords_and_secrets/test/negative43.tf
similarity index 100%
rename from assets/queries/common/passwords_and_secrets/test/negative55.tf
rename to assets/queries/common/passwords_and_secrets/test/negative43.tf
diff --git a/assets/queries/common/passwords_and_secrets/test/negative43.yaml b/assets/queries/common/passwords_and_secrets/test/negative43.yaml
deleted file mode 100644
index 3b62384bc30..00000000000
--- a/assets/queries/common/passwords_and_secrets/test/negative43.yaml
+++ /dev/null
@@ -1,48 +0,0 @@
-Resources:
-  LambdaFunctionV2:
-    Type: 'AWS::Lambda::Function'
-    Properties:
-      Code:
-        ZipFile: |
-          'use strict';
-          const AWS = require('aws-sdk');
-          const response = require('cfn-response');
-          const iam = new AWS.IAM({apiVersion: '2010-05-08'});
-          exports.handler = (event, context, cb) => {
-            console.log(`Invoke: ${JSON.stringify(event)}`);
-            function done(err) {
-              if (err) {
-                console.log(`Error: ${JSON.stringify(err)}`);
-                response.send(event, context, response.FAILED, {});
-              } else {
-                response.send(event, context, response.SUCCESS, {});
-              }
-            }
-            if (event.RequestType === 'Delete') {
-              iam.deleteAccountPasswordPolicy({}, done);
-            } else if (event.RequestType === 'Create' || event.RequestType === 'Update') {
-              const params = {
-                MinimumPasswordLength: parseInt(event.ResourceProperties.MinimumPasswordLength, 10),
-                RequireSymbols: event.ResourceProperties.RequireSymbols === 'true',
-                RequireNumbers: event.ResourceProperties.RequireNumbers === 'true',
-                RequireUppercaseCharacters: event.ResourceProperties.RequireUppercaseCharacters === 'true',
-                RequireLowercaseCharacters: event.ResourceProperties.RequireLowercaseCharacters === 'true',
-                AllowUsersToChangePassword: event.ResourceProperties.AllowUsersToChangePassword === 'true',
-                HardExpiry: event.ResourceProperties.HardExpiry === 'true'
-              };
-              if (parseInt(event.ResourceProperties.MaxPasswordAge, 10) > 0) {
-                params.MaxPasswordAge = parseInt(event.ResourceProperties.MaxPasswordAge, 10);
-              }
-              if (parseInt(event.ResourceProperties.PasswordReusePrevention, 10) > 0) {
-                params.PasswordReusePrevention = parseInt(event.ResourceProperties.PasswordReusePrevention, 10);
-              }
-              iam.updateAccountPasswordPolicy(params, done);
-            } else {
-              cb(new Error(`unsupported RequestType: ${event.RequestType}`));
-            }
-          };
-      Handler: 'index.handler'
-      MemorySize: 128
-      Role: !GetAtt 'LambdaRole.Arn'
-      Runtime: 'nodejs12.x'
-      Timeout: 60
diff --git a/assets/queries/common/passwords_and_secrets/test/negative44.yml b/assets/queries/common/passwords_and_secrets/test/negative44.yml
new file mode 100644
index 00000000000..e441afac9df
--- /dev/null
+++ b/assets/queries/common/passwords_and_secrets/test/negative44.yml
@@ -0,0 +1,20 @@
+on: workflow_call
+
+stages:
+  - build
+
+variables:
+  GIT_PRIVATE_KEY: $GIT_PRIVATE_KEY
+
+jobs:
+  job_build:
+    stage: build
+    script:
+      - if [[ -z "${GIT_PRIVATE_KEY:-}" ]]; then
+          echo "Missing GIT_PRIVATE_KEY variable!"
+          exit 1
+        fi
+      - echo "Private key is set."
+
+    steps:
+      - uses: actions/checkout@v4
\ No newline at end of file
diff --git a/assets/queries/common/passwords_and_secrets/test/negative57.yml b/assets/queries/common/passwords_and_secrets/test/negative45.yml
similarity index 100%
rename from assets/queries/common/passwords_and_secrets/test/negative57.yml
rename to assets/queries/common/passwords_and_secrets/test/negative45.yml
diff --git a/assets/queries/common/passwords_and_secrets/test/negative58.yaml b/assets/queries/common/passwords_and_secrets/test/negative46.yaml
similarity index 100%
rename from assets/queries/common/passwords_and_secrets/test/negative58.yaml
rename to assets/queries/common/passwords_and_secrets/test/negative46.yaml
diff --git a/assets/queries/common/passwords_and_secrets/test/negative49.yaml b/assets/queries/common/passwords_and_secrets/test/negative49.yaml
deleted file mode 100644
index e3d55dff65a..00000000000
--- a/assets/queries/common/passwords_and_secrets/test/negative49.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-AWSTemplateFormatVersion: "2010-09-09"
-Resources:
-  somecode:
-    Type: AWS::CodeBuild::Project
-    Properties:
-      Name: somecodename
-      Description: somecodedesc
-      TimeoutInMinutes: 10
-      QueuedTimeoutInMinutes: 10
-      ServiceRole: someservicerole
-      EncryptionKey: somekey
-      Artifacts:
-        Type: someartifact
-      Cache:
-        Type: somecache
-        Modes:
-          - mode1
-          - mode2
-      Environment:
-        ComputeType: somecomputetype
-        Image: someimage
-        Type: someenv
-        ImagePullCredentialsType: somepulltype
-      Source:
-        Type: somesource
-        Location: somelocation
-        GitCloneDepth: 1
diff --git a/assets/queries/common/passwords_and_secrets/test/negative50.yaml b/assets/queries/common/passwords_and_secrets/test/negative50.yaml
deleted file mode 100644
index 17b6a0c2ff9..00000000000
--- a/assets/queries/common/passwords_and_secrets/test/negative50.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-Type: AWS::Glue::Connection
-Properties:
-    CatalogId: "1111111111111"
-    ConnectionInput:
-      ConnectionProperties:
-          CONNECTION_URL:
-            Fn::Join:
-              - ""
-              - - "mongodb://{{resolve:secretsmanager:arn:"
-                - Ref: AWS::Partition
-                - :secretsmanager:*:1111111111111:secret:/test/resources/docdb-test:SecretString:endpoint::}}/test
-          USERNAME:
-            Fn::Join:
-              - ""
-              - - "{{resolve:secretsmanager:arn:"
-                - Ref: AWS::Partition
-                - :secretsmanager:eu-west-1:*:secret:/test/resources/docdb-test:SecretString:username::}}
-          PASSWORD:
-            Fn::Join:
-              - ""
-              - - "{{resolve:secretsmanager:arn:"
-                - Ref: AWS::Partition
-                - :secretsmanager:us-east-?:*:secret:tiny::}}
-          JDBC_ENFORCE_SSL: true
-      ConnectionType: MONGODB
diff --git a/assets/queries/common/passwords_and_secrets/test/negative51.yaml b/assets/queries/common/passwords_and_secrets/test/negative51.yaml
deleted file mode 100644
index a4a81ed903b..00000000000
--- a/assets/queries/common/passwords_and_secrets/test/negative51.yaml
+++ /dev/null
@@ -1,160 +0,0 @@
----
-AWSTemplateFormatVersion: "2010-09-09"
-Description: >
-  Test values for GetAtt and Ref and conditions
-Parameters:
-  pSubnets:
-    Type: List<String>
-    Default: ''
-  pSubnet:
-    Type: String
-    Default: ''
-  pSsmSubnets:
-    Type: AWS::SSM::Parameter::Value<List<AWS::EC2::Subnet::Id>>
-    Default: ''
-Conditions:
-  cCreateSubnets: !Not [!Equals [!Ref pSubnets, '']]
-  cNotCreateSubnets: !Not [!Condition cCreateSubnets]
-  cUseSsmSubnets: !And [!Condition cNotCreateSubnets, !Not [!Equals [pSsmSubnets, '']]]
-Resources:
-  Subnet1:
-    Type: AWS::EC2::Subnet
-    Properties:
-      VpcId: 'vpc-1234567'
-      CidrBlock: 10.0.0.0/24
-  Subnet2:
-    Type: AWS::EC2::Subnet
-    Properties:
-      VpcId: 'vpc-1234567'
-      CidrBlock: 10.0.0.2/24
-  LoadBalancer:
-    Type: AWS::ElasticLoadBalancing::LoadBalancer
-    Properties:
-      Listeners:
-      -
-        InstancePort: '80'
-        LoadBalancerPort: '80'
-        Protocol: HTTP
-      Subnets:
-        Fn::If:
-        - cCreateSubnets
-        - - !Ref Subnet1
-          - !Ref Subnet2
-          - !Ref pSubnet  # extra check to validate singular parameter works
-        - Fn::If:
-          - cUseSsmSubnets
-          - !Ref pSsmSubnets
-          - !Ref pSubnets
-  LoadBalancer2:
-    Type: AWS::ElasticLoadBalancing::LoadBalancer
-    Properties:
-      Fn::If:
-      - cCreateSubnets
-      - Listeners:
-        -
-          InstancePort: '80'
-          LoadBalancerPort: '80'
-          Protocol: HTTP
-        Subnets:
-          - !Ref Subnet1
-          - !Ref Subnet2
-      - Fn::If:
-        - cUseSsmSubnets
-        - Listeners:
-          -
-            InstancePort: '80'
-            LoadBalancerPort: '80'
-            Protocol: HTTP
-          Subnets: !Ref pSsmSubnets
-        - Listeners:
-          -
-            InstancePort: '80'
-            LoadBalancerPort: '80'
-            Protocol: HTTP
-          Subnets: !Ref pSubnets
-  ### Test Custom Resources Don't fail
-  GetSubnets:
-    Type: AWS::CloudFormation::CustomResource
-    Properties:
-      ServiceToken: anArn
-  LoadBalancer3:
-    Type: AWS::ElasticLoadBalancing::LoadBalancer
-    Properties:
-      Listeners:
-      -
-        InstancePort: '80'
-        LoadBalancerPort: '80'
-        Protocol: HTTP
-      Subnets: !GetAtt GetSubnets.Subnets
-  ### Test getatt to another resource and a list getatt
-  SecurityGroup1:
-    Type: AWS::EC2::SecurityGroup
-    Properties:
-      GroupDescription: LoadBalancer Security Group
-  alb1:
-    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
-    Properties:
-      Scheme: internal
-      Subnets: !Ref pSubnets
-      LoadBalancerAttributes:
-      - Key: idle_timeout.timeout_seconds
-        Value: '50'
-      SecurityGroups:
-      - Ref: SecurityGroup1
-  alb2:
-    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
-    Properties:
-      Scheme: internal
-      Subnets: !Ref pSubnets
-      LoadBalancerAttributes:
-      - Key: idle_timeout.timeout_seconds
-        Value: '50'
-      SecurityGroups: !GetAtt alb1.SecurityGroups
-  ### Test CloudFormation resource for Get Atts
-  SubStack:
-    Type: AWS::CloudFormation::Stack
-    Properties:
-      TemplateURL: https://example.com
-  albCfn2:
-    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
-    Properties:
-      Scheme: internal
-      Subnets: !Ref pSubnets
-      LoadBalancerAttributes:
-      - Key: idle_timeout.timeout_seconds
-        Value: '50'
-      SecurityGroups:
-      - !GetAtt SubStack.Outputs.SecurityGroups
-  Listener:
-    Type: AWS::ElasticLoadBalancingV2::Listener
-    Properties:
-      Protocol:
-        Fn::GetAtt:
-        - SubStack
-        - Outputs.Protocol
-      LoadBalancerArn: !GetAtt SubStack.Outputs.LoadBalancerArn
-  KinesisStream:
-    Type: AWS::Kinesis::Stream
-    Properties:
-      ShardCount: 1
-  StreamConsumer:
-    Type: AWS::Kinesis::StreamConsumer
-    Properties:
-      ConsumerName: MyConsumer
-      StreamARN: !GetAtt KinesisStream.Arn
-  03EventSourceMapping:
-    Type: AWS::Lambda::EventSourceMapping
-    Properties:
-      BatchSize: 500
-      Enabled: true
-      EventSourceArn: !GetAtt StreamConsumer.ConsumerARN
-      FunctionName: !Ref LambdaFunctionArn
-      StartingPosition: LATEST
-  04EventSourceMapping:
-    Type: AWS::Lambda::EventSourceMapping
-    Properties:
-      BatchSize: 500
-      Enabled: true
-      EventSourceArn: !GetAtt StreamConsumer.StreamARN
-      FunctionName: !Ref LambdaFunctionArn
-      StartingPosition: LATEST
diff --git a/assets/queries/common/passwords_and_secrets/test/negative56.yml b/assets/queries/common/passwords_and_secrets/test/negative56.yml
deleted file mode 100644
index 7d7231940c9..00000000000
--- a/assets/queries/common/passwords_and_secrets/test/negative56.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-stages:
-  - build
-
-variables:
-  GIT_PRIVATE_KEY: $GIT_PRIVATE_KEY
-
-job_build:
-  stage: build
-  script:
-    - if [[ -z "${GIT_PRIVATE_KEY:-}" ]]; then
-        echo "Missing GIT_PRIVATE_KEY variable!"
-        exit 1
-      fi
-    - echo "Private key is set."
diff --git a/assets/queries/common/passwords_and_secrets/test/positive44.yaml b/assets/queries/common/passwords_and_secrets/test/positive44.yaml
index 507beda960c..9f2475cd19d 100644
--- a/assets/queries/common/passwords_and_secrets/test/positive44.yaml
+++ b/assets/queries/common/passwords_and_secrets/test/positive44.yaml
@@ -16,3 +16,4 @@ Parameters:
   SecretNamePrefix:
       Description: 'Used to create resource-based authorization policy for "secretsmanager:GetSecretValue" action. E.g. All Athena JDBC Federation secret names can be prefixed with "AthenaJdbcFederation" and authorization policy will allow "arn:${AWS::Partition}:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:AthenaJdbcFederatione*". Parameter value in this case should be "AthenaJdbcFederation". If you do not have a prefix, you can manually update the IAM policy to add allow any secret names.'
       Type: String
+Resources:
\ No newline at end of file
diff --git a/assets/queries/common/passwords_and_secrets/test/positive49.yml b/assets/queries/common/passwords_and_secrets/test/positive49.yml
index f071956afac..1ff80f95f46 100644
--- a/assets/queries/common/passwords_and_secrets/test/positive49.yml
+++ b/assets/queries/common/passwords_and_secrets/test/positive49.yml
@@ -1,14 +1,20 @@
+on: workflow_call
+
 stages:
   - build
 
 variables:
   GIT_PRIVATE_KEY: "heythisisaprivatekey!"
 
-job_build:
-  stage: build
-  script:
-    - if [[ -z "${GIT_PRIVATE_KEY:-}" ]]; then
-        echo "Missing GIT_PRIVATE_KEY variable!"
-        exit 1
-      fi
-    - echo "Private key is set."
+jobs:
+  job_build:
+    stage: build
+    script:
+      - if [[ -z "${GIT_PRIVATE_KEY:-}" ]]; then
+          echo "Missing GIT_PRIVATE_KEY variable!"
+          exit 1
+        fi
+      - echo "Private key is set."
+
+    steps:
+      - uses: actions/checkout@v4
\ No newline at end of file
diff --git a/assets/queries/common/passwords_and_secrets/test/positive8.json b/assets/queries/common/passwords_and_secrets/test/positive8.json
index 046356316dc..2fd45f3ca51 100644
--- a/assets/queries/common/passwords_and_secrets/test/positive8.json
+++ b/assets/queries/common/passwords_and_secrets/test/positive8.json
@@ -1,8 +1,10 @@
 {
-  "service-1": {
-    "password": "abcdefg"
-  },
-  "service-2": {
-    "password": "abcdefg"
+  "Resources": {
+    "service-1": {
+      "password": "abcdefg"
+    },
+    "service-2": {
+      "password": "abcdefg"
+    }
   }
 }
diff --git a/assets/queries/common/passwords_and_secrets/test/positive_expected_result.json b/assets/queries/common/passwords_and_secrets/test/positive_expected_result.json
index e613a39147e..6f9b4c07baf 100644
--- a/assets/queries/common/passwords_and_secrets/test/positive_expected_result.json
+++ b/assets/queries/common/passwords_and_secrets/test/positive_expected_result.json
@@ -50,13 +50,13 @@
   {
     "queryName": "Passwords And Secrets - Generic Password",
     "severity": "HIGH",
-    "line": 3,
+    "line": 4,
     "fileName": "positive8.json"
   },
   {
     "queryName": "Passwords And Secrets - Generic Password",
     "severity": "HIGH",
-    "line": 6,
+    "line":7,
     "fileName": "positive8.json"
   },
   {
@@ -404,7 +404,7 @@
   {
     "queryName": "Passwords And Secrets - Generic Private Key",
     "severity": "HIGH",
-    "line": 5,
+    "line": 7,
     "fileName": "positive49.yml"
   },
   {
diff --git a/assets/queries/terraform/azure/aks_disk_encryption_set_id_undefined/test/negative.tf b/assets/queries/terraform/azure/aks_disk_encryption_set_id_undefined/test/negative.tf
index d12a2cd5627..75a903f2c65 100644
--- a/assets/queries/terraform/azure/aks_disk_encryption_set_id_undefined/test/negative.tf
+++ b/assets/queries/terraform/azure/aks_disk_encryption_set_id_undefined/test/negative.tf
@@ -14,7 +14,7 @@ resource "azurerm_kubernetes_cluster" "negative" {
 }
 
 
-resource "azurerm_kubernetes_cluster" "negative" {
+resource "azurerm_kubernetes_cluster2" "negative" {
   name                = "example-aks1"
   location            = azurerm_resource_group.example.location
   resource_group_name = azurerm_resource_group.example.name