Will It Vibe logoWill It Vibe?
TF-016Medium severity-8 points

Sensitive service port open to the internet

Part of Security, which counts for 30% of the overall score. When this check fires it deducts 8 points from that category, once per scan, no matter how many places it turns up.

What it detects

A security group ingress rule opens a database or admin port (for example 3306, 5432, 6379, 27017) to 0.0.0.0/0, exposing a backend service directly to the internet.

Why it matters

An ingress rule opening a database or admin port (such as 3306, 5432, 6379, or 27017) to 0.0.0.0/0 puts a backend service directly on the internet. These services are prime targets for credential stuffing and unauthenticated-access exploits, and many have had serious remote flaws. Backend ports should only be reachable from inside the network.

How to fix it

Scope the rule to the application security group or a private CIDR, never 0.0.0.0/0. Keep the database in a private subnet so the port is unreachable from outside the VPC regardless. For remote administration use a bastion or VPN rather than opening the port publicly.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Security checks