Security Group Risk is the number of policy violations associated to an instance that could make the instance vulnerable to network attacks.
Lumeta considers the following factors in calculating the Security Group violation:
Lists instances having ingress and egress to the internet.