An inbound firewall rule allows traffic from /0.

Explanation

Network security rules should not use very broad subnets.

Where possible, segments should be broken into smaller subnets and avoid using the /0 subnet.

Possible Impact

The port is exposed for ingress from the internet

Suggested Resolution

Set a more restrictive cidr range

Insecure Example

The following example will fail the google-compute-no-public-ingress check.

resource "google_compute_firewall" "bad_example" {
	source_ranges = ["0.0.0.0/0"]
}

Secure Example

The following example will pass the google-compute-no-public-ingress check.

resource "google_compute_firewall" "good_example" {
	source_ranges = ["1.2.3.4/32"]
}

Getting Started
Provider Checks
Config
GitHub Actions