Example Terraform Security Report Summary
Overview
- Scanner: Checkov
- Scope:
sample/terraform-demo - Passed: 3
- Failed: 5
- Skipped: 1
Findings at a glance
| Severity | Count | Primary themes |
|---|---|---|
| Critical | 1 | hard-coded credentials |
| High | 3 | public admin ingress, unencrypted storage, over-broad IAM |
| Medium | 1 | missing recovery protection on storage |
Engineering interpretation
- One immediate stop-ship issue exists because static cloud credentials are present in the Terraform code.
- Two infrastructure hardening issues materially increase attack surface:
- public SSH exposure
- unencrypted EBS storage
- One resilience / recovery control is missing:
- S3 versioning is disabled
- One authorization design weakness exists:
- wildcard IAM permissions
Suggested release decision
- Production: block until Critical and High findings are resolved or explicitly waived.
- Non-production: allow only if the credentials issue is removed and the public admin exposure is corrected.