Skip to content

Fix 9 critical IaC security vulnerabilities in Terraform Azure configuration #117

Fix 9 critical IaC security vulnerabilities in Terraform Azure configuration

Fix 9 critical IaC security vulnerabilities in Terraform Azure configuration #117

Triggered via pull request May 11, 2026 15:28
Status Success
Total duration 1m 15s
Artifacts

IACS-Checkmarx-kics.yml

on: pull_request
Run KICS scan
1m 0s
Run KICS scan
Fit to window
Zoom out
Zoom in

Annotations

10 warnings
[MEDIUM] App Service Not Using Latest TLS Encryption Version: terraform/azure/app_service.tf#L19
Ensure App Service is using the latest version of TLS encryption
[MEDIUM] App Service HTTP2 Disabled: terraform/azure/app_service.tf#L23
App Service should have 'http2_enabled' enabled
[MEDIUM] App Service HTTP2 Disabled: terraform/azure/app_service.tf#L18
App Service should have 'http2_enabled' enabled
[MEDIUM] App Service Authentication Disabled: terraform/azure/app_service.tf#L12
Azure App Service authentication settings should be enabled
[MEDIUM] App Service Authentication Disabled: terraform/azure/app_service.tf#L31
Azure App Service authentication settings should be enabled
[MEDIUM] AKS Private Cluster Disabled: terraform/azure/aks.tf#L1
Azure Kubernetes Service (AKS) API should not be exposed to the internet
[MEDIUM] AD Admin Not Configured For SQL Server: terraform/azure/sql.tf#L9
The Active Directory Administrator is not configured for a SQL server
[HIGH] RDP Is Exposed To The Internet: terraform/azure/networking.tf#L64
Port 3389 (Remote Desktop) is exposed to the internet
[HIGH] MySQL Server Public Access Enabled: terraform/azure/sql.tf#L47
MySQL Server public access should be disabled
[HIGH] Default Azure Storage Account Network Access Is Too Permissive: terraform/azure/storage.tf#L13
Default Azure Storage Account network access should be set to Deny