diff --git a/.github/workflows/test_terraform_modules.yaml b/.github/workflows/test_terraform_modules.yaml
index 5466539..91be23e 100644
--- a/.github/workflows/test_terraform_modules.yaml
+++ b/.github/workflows/test_terraform_modules.yaml
@@ -15,4 +15,4 @@ jobs:
     secrets: inherit
     with:
       k8s-controller: true
-      terraform-directories: '["terraform/charm"]'
+      terraform-directories: '["terraform/charm", "terraform/product"]'
diff --git a/.trivyignore b/.trivyignore
index 3e376a7..7b9c8be 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -31,6 +31,8 @@ CVE-2025-61723
 CVE-2025-61724
 CVE-2025-61725
 CVE-2025-68121
+CVE-2026-25679
+CVE-2026-27142
 # node
 CVE-2025-54419
 CVE-2025-9288
diff --git a/terraform/product/tests/main.tftest.hcl b/terraform/product/tests/main.tftest.hcl
new file mode 100644
index 0000000..a9dfe18
--- /dev/null
+++ b/terraform/product/tests/main.tftest.hcl
@@ -0,0 +1,68 @@
+# Copyright 2025 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+provider "juju" {
+  alias = "opencti_db"
+}
+
+run "setup_tests" {
+  module {
+    source = "./tests/setup"
+  }
+}
+
+run "basic_deploy" {
+  command = plan
+
+  variables {
+    model_uuid    = run.setup_tests.model_uuid
+    db_model_uuid = run.setup_tests.db_model_uuid
+    model_user    = run.setup_tests.model_user
+    db_model_user = run.setup_tests.db_model_user
+    opencti = {
+      channel = "latest/edge"
+      # renovate: depName="opencti"
+      revision = 83
+    }
+    opensearch = {
+      channel = "2/edge"
+      # renovate: depName="opensearch"
+      revision = 337
+    }
+    self_signed_certificates = {
+      channel = "latest/edge"
+      # renovate: depName="self-signed-certificates"
+      revision = 601
+    }
+    rabbitmq_server = {
+      channel = "3.9/edge"
+      # renovate: depName="rabbitmq-server"
+      revision = 190
+    }
+    redis_k8s = {
+      channel = "latest/edge"
+      # renovate: depName="redis-k8s"
+      revision = 42
+    }
+    s3_integrator = {
+      channel = "latest/edge"
+      # renovate: depName="s3-integrator"
+      revision = 188
+    }
+    s3_integrator_opensearch = {
+      channel = "latest/edge"
+      # renovate: depName="s3-integrator"
+      revision = 188
+    }
+    sysconfig = {
+      channel = "latest/edge"
+      # renovate: depName="sysconfig"
+      revision = 158
+    }
+  }
+
+  assert {
+    condition     = output.app_name == "opencti"
+    error_message = "opencti app_name did not match expected"
+  }
+}
diff --git a/terraform/product/tests/setup/main.tf b/terraform/product/tests/setup/main.tf
new file mode 100644
index 0000000..0debd19
--- /dev/null
+++ b/terraform/product/tests/setup/main.tf
@@ -0,0 +1,38 @@
+# Copyright 2025 Canonical Ltd.
+# See LICENSE file for licensing details.
+
+terraform {
+  required_version = "~> 1.12"
+  required_providers {
+    juju = {
+      version = "~> 1.0"
+      source  = "juju/juju"
+    }
+  }
+}
+
+provider "juju" {}
+
+resource "juju_model" "k8s_model" {
+  name = "tf-testing-${formatdate("YYYYMMDDhhmmss", timestamp())}"
+}
+
+resource "juju_model" "db_model" {
+  name = "tf-testing-db-${formatdate("YYYYMMDDhhmmss", timestamp())}"
+}
+
+output "model_uuid" {
+  value = juju_model.k8s_model.uuid
+}
+
+output "db_model_uuid" {
+  value = juju_model.db_model.uuid
+}
+
+output "model_user" {
+  value = "admin"
+}
+
+output "db_model_user" {
+  value = "admin"
+}