Will It Vibe logoWill It Vibe?
K8S-028Low severity-4 points

Ingress has no TLS

Part of Security, which counts for 30% of the overall score. When this check fires it deducts 4 points from that category, once per scan, no matter how many places it turns up.

What it detects

An Ingress defines no tls block, so it serves plain HTTP and traffic between clients and the cluster edge is unencrypted.

Why it matters

An Ingress with no tls block serves plain HTTP at the cluster edge. Traffic between clients and the ingress, including credentials and session cookies, travels unencrypted and can be read or modified on the path. Most production ingresses should terminate TLS. This is a heuristic, since TLS may be terminated by an upstream load balancer.

How to fix it

Add a tls section to the Ingress referencing a certificate secret, and provision certificates with cert-manager or your platform certificate integration. Redirect HTTP to HTTPS at the ingress controller. If TLS is deliberately terminated upstream (at a cloud load balancer, for example), document that so the plain-HTTP Ingress is understood as intentional.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Security checks