Bridgecrew: Misconfigured Terraform Modules Are a Security Issue

misconfigured vs compliance Terraform modules

As many as half of all community-built Terraform modules available for download are misconfigured, opening the path for potential security breaches in infrastructure-as-code-driven systems, according to a new report from developer-focused security vendor Bridgecrew.

“Most of the market actually relies on public registry modules. And if they don’t have any controls in place to either analyze them systematically or by a human who has proficient knowledge of potential harmful misconfigurations in Terraform, those types of findings just get lost,” said Guy Eisenkot, a Bridgecrew co-founder and vice president of product, in an interview with The New Stack. “Some of those misconfigurations that eventually can result in data breaches can be very easily prevented using more secure modules.”


I co-authored this article with . The complete article can be found here.