Missing description for security group.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | networking |
| Provider | OpenStack |
| Vulnerability Type | omission |
Description#
Network security groups are defined without a description, making it difficult to identify their purpose and intent in the infrastructure as code. This omission hinders the ability to audit, debug, and manage security group configurations effectively.
Impact#
Lack of descriptive context can lead to misconfiguration, accidental exposure of resources, and challenges in incident response. Security teams may overlook unnecessary or overly permissive rules, increasing the risk of unauthorized access or compliance violations.
Resolution#
Add descriptions for all security groups