Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

query(terraform): unrestricted_security_group_ingress #7310

Open
chrisisbeef opened this issue Jan 14, 2025 · 0 comments
Open

query(terraform): unrestricted_security_group_ingress #7310

chrisisbeef opened this issue Jan 14, 2025 · 0 comments
Labels
aws PR related with AWS Cloud community Community contribution query New query feature terraform Terraform query

Comments

@chrisisbeef
Copy link

Platform

Terraform

Provider

AWS

Description

It seems like this query is a bit too broad which makes it noisy, for http/https ports specifically I don't think this should report, especially not as a high severity. That being said, sensitive ports like telnet, ssh, database, etc should definitely report for unrestricted ingress rules. Should we update the rule to not report on ports 80/443 specifically, or allow configuration to declare "non-sensitive ports" that this query could use to be tuned and reduce noise?

@chrisisbeef chrisisbeef added community Community contribution query New query feature labels Jan 14, 2025
@chrisisbeef chrisisbeef changed the title query(<platform>): unrestricted_security_group_ingress query(Terraform): unrestricted_security_group_ingress Jan 14, 2025
@github-actions github-actions bot added terraform Terraform query aws PR related with AWS Cloud labels Jan 14, 2025
@chrisisbeef chrisisbeef changed the title query(Terraform): unrestricted_security_group_ingress query(terraform): unrestricted_security_group_ingress Jan 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
aws PR related with AWS Cloud community Community contribution query New query feature terraform Terraform query
Projects
None yet
Development

No branches or pull requests

1 participant