Will It Vibe logoWill It Vibe?
TF-013High severity-15 points

SSH open to the whole internet

Part of Security, which counts for 30% of the overall score. When this check fires it deducts 15 points from that category, once per scan, no matter how many places it turns up.

What it detects

A security group ingress rule opens port 22 to 0.0.0.0/0, exposing SSH to internet-wide brute-force and exploit scanning.

Why it matters

An ingress rule opening port 22 to 0.0.0.0/0 exposes SSH to the entire internet, where it is hit continuously by automated brute-force and exploit attempts. It only takes one weak key or a vulnerable SSH version for this to become a breach. SSH should never be world-open.

How to fix it

Restrict the SSH rule to a specific admin CIDR, a VPN range, or a bastion security group referenced by id. Better still, remove standing SSH access and use AWS Systems Manager Session Manager, which needs no open inbound port. If you keep SSH, require key-based auth and keep the source list narrow.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Security checks