Categories
Latest version
v0.4.1
Updated on
Jul 16, 2024
Total issues
160
Sample configuration
version = 1
[[analyzers]]
name = "terraform"
Stats
Anti-pattern
7
Bug risk
21
Performance
3
Security
128
Style
1
Detected password authentication instead of SSH keys TF-AZU005
Passwords can be brute-forced, are prone to human error with possibitlies of weak password creation. Moreover password policies may be frustrating. Using SSH keys reduces the brute force attack vector to significant degrees.
Legacy ABAC permissions are enabled TF-GCP005
In Kubernetes, RBAC is used to grant permissions to resources at the cluster and namespace level. RBAC allows you to define roles with rules containing a set of permissions. RBAC has significant security advantages and is now stable in Kubernetes, hence ABAC is not recommended. Refer https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control for more details.
Load balancer is exposed to the internet TF-AWS005
Warns against to prevent accidental exposure of internal assets.
Module doesn't comply with Terraform Standard Module Structure TF-L0048
Terraform's documentation outlines a Standard Module Structure. A minimal module should have a main.tf, variables.tf, and outputs.tf file. Variable and output blocks should be included in the corresponding file.
An outdated SSL policy is in use by a load balancer TF-AWS010
It is not recommended to use outdated/insecure TLS versions for encryption.