Will It Vibe logoWill It Vibe?
TF-017Low severity-4 points

Unrestricted egress to the internet

Part of Security, which counts for 30% of the overall score. When this check fires it deducts 4 points from that category, once per scan, no matter how many places it turns up.

What it detects

A security group egress rule allows all protocols to 0.0.0.0/0. Wide-open egress removes a control against data exfiltration and command-and-control traffic. This is a best-practice heuristic and unrestricted egress is common, so it is kept at low severity.

Why it matters

An egress rule allowing all protocols to 0.0.0.0/0 lets a compromised instance send data anywhere and reach any command-and-control endpoint. Restricting egress is a real containment control against exfiltration. This is flagged at low severity because wide-open egress is common and is not itself an inbound exposure, so treat it as a hardening opportunity rather than an urgent hole.

How to fix it

Replace the catch-all egress with rules scoped to the destinations the workload needs, such as your VPC endpoints, package mirrors, and specific external APIs. Use prefix lists or destination security groups where you can. For sensitive workloads, route egress through a proxy or firewall so it can be logged and filtered.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Security checks