Skip to content

DEMO (do not merge): intentionally insecure terraform example #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
karlllewis wants to merge 1 commit into
base: main
Choose a base branch
from

examples(tf): intentionally insecure demo (open SG and public S3)

678a067
Select commit
Loading
Failed to load commit list.
Draft

DEMO (do not merge): intentionally insecure terraform example #20

examples(tf): intentionally insecure demo (open SG and public S3)
678a067
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / Trivy failed Aug 14, 2025 in 6s

14 new alerts including 2 critical severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 2 critical
  • 10 high
  • 1 medium
  • 1 low

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 39 in examples/terraform/main.bad.tf

See this annotation in the file changed.

Code scanning / Trivy

Security groups should not allow unrestricted ingress to SSH or RDP from any IP address. High

Artifact: examples/terraform/main.bad.tf
Type: terraform
Vulnerability AVD-AWS-0107
Severity: HIGH
Message: Security group rule allows unrestricted ingress from any IP address.
Link: AVD-AWS-0107

Check failure on line 48 in examples/terraform/main.bad.tf

See this annotation in the file changed.

Code scanning / Trivy

Security groups should not allow unrestricted ingress to SSH or RDP from any IP address. High

Artifact: examples/terraform/main.bad.tf
Type: terraform
Vulnerability AVD-AWS-0107
Severity: HIGH
Message: Security group rule allows unrestricted ingress from any IP address.
Link: AVD-AWS-0107

Check failure on line 57 in examples/terraform/main.bad.tf

See this annotation in the file changed.

Code scanning / Trivy

Security groups should not allow unrestricted ingress to SSH or RDP from any IP address. High

Artifact: examples/terraform/main.bad.tf
Type: terraform
Vulnerability AVD-AWS-0107
Severity: HIGH
Message: Security group rule allows unrestricted ingress from any IP address.
Link: AVD-AWS-0107

Check failure on line 66 in examples/terraform/main.bad.tf

See this annotation in the file changed.

Code scanning / Trivy

A security group rule should not allow unrestricted egress to any IP address. Critical

Artifact: examples/terraform/main.bad.tf
Type: terraform
Vulnerability aws-vpc-no-public-egress-sgr
Severity: CRITICAL
Message: Security group rule allows unrestricted egress to any IP address.
Link: aws-vpc-no-public-egress-sgr

Check failure on line 67 in examples/terraform/main.bad.tf

See this annotation in the file changed.

Code scanning / Trivy

A security group rule should not allow unrestricted egress to any IP address. Critical

Artifact: examples/terraform/main.bad.tf
Type: terraform
Vulnerability aws-vpc-no-public-egress-sgr
Severity: CRITICAL
Message: Security group rule allows unrestricted egress to any IP address.
Link: aws-vpc-no-public-egress-sgr

Check failure on line 81 in examples/terraform/main.bad.tf

See this annotation in the file changed.

Code scanning / Trivy

Unencrypted S3 bucket. High

Artifact: examples/terraform/main.bad.tf
Type: terraform
Vulnerability AVD-AWS-0088
Severity: HIGH
Message: Bucket does not have encryption enabled
Link: AVD-AWS-0088

Check notice on line 81 in examples/terraform/main.bad.tf

See this annotation in the file changed.

Code scanning / Trivy

S3 Bucket Logging Low

Artifact: examples/terraform/main.bad.tf
Type: terraform
Vulnerability s3-bucket-logging
Severity: LOW
Message: Bucket has logging disabled
Link: s3-bucket-logging

Check warning on line 81 in examples/terraform/main.bad.tf

See this annotation in the file changed.

Code scanning / Trivy

S3 Data should be versioned Medium

Artifact: examples/terraform/main.bad.tf
Type: terraform
Vulnerability AVD-AWS-0090
Severity: MEDIUM
Message: Bucket does not have versioning enabled
Link: AVD-AWS-0090

Check failure on line 81 in examples/terraform/main.bad.tf

See this annotation in the file changed.

Code scanning / Trivy

S3 encryption should use Customer Managed Keys High

Artifact: examples/terraform/main.bad.tf
Type: terraform
Vulnerability AVD-AWS-0132
Severity: HIGH
Message: Bucket does not encrypt data with a customer managed key.
Link: AVD-AWS-0132

Check failure on line 80 in examples/terraform/main.bad.tf

See this annotation in the file changed.

Code scanning / Trivy

S3 Buckets not publicly accessible through ACL. High

Artifact: examples/terraform/main.bad.tf
Type: terraform
Vulnerability AVD-AWS-0092
Severity: HIGH
Message: Bucket has a public ACL: "public-read"
Link: AVD-AWS-0092

Check failure on line 85 in examples/terraform/main.bad.tf

See this annotation in the file changed.

Code scanning / Trivy

S3 Access block should block public ACL High

Artifact: examples/terraform/main.bad.tf
Type: terraform
Vulnerability AVD-AWS-0086
Severity: HIGH
Message: Public access block does not block public ACLs
Link: AVD-AWS-0086

Check failure on line 86 in examples/terraform/main.bad.tf

See this annotation in the file changed.

Code scanning / Trivy

S3 Access block should block public policy High

Artifact: examples/terraform/main.bad.tf
Type: terraform
Vulnerability AVD-AWS-0087
Severity: HIGH
Message: Public access block does not block public policies
Link: AVD-AWS-0087

Check failure on line 87 in examples/terraform/main.bad.tf

See this annotation in the file changed.

Code scanning / Trivy

S3 Access Block should Ignore Public ACL High

Artifact: examples/terraform/main.bad.tf
Type: terraform
Vulnerability AVD-AWS-0091
Severity: HIGH
Message: Public access block does not ignore public ACLs
Link: AVD-AWS-0091

Check failure on line 88 in examples/terraform/main.bad.tf

See this annotation in the file changed.

Code scanning / Trivy

S3 Access block should restrict public bucket to limit access High

Artifact: examples/terraform/main.bad.tf
Type: terraform
Vulnerability AVD-AWS-0093
Severity: HIGH
Message: Public access block does not restrict public buckets
Link: AVD-AWS-0093