diff --git a/cli/kubernetes.go b/cli/kubernetes.go
index 32e0dc5..697fd59 100644
--- a/cli/kubernetes.go
+++ b/cli/kubernetes.go
@@ -42,12 +42,13 @@ func loadKubernetesResources(filename string, log assertion.LoggingFunction) []a
 	return resources
 }
 
-func (l KubernetesLinter) ValidateKubernetesResources(report *assertion.ValidationReport, resources []assertion.Resource, rules []assertion.Rule, tags []string) {
+func (l KubernetesLinter) ValidateKubernetesResources(resources []assertion.Resource, rules []assertion.Rule, tags []string) []assertion.Violation {
 
 	valueSource := assertion.StandardValueSource{Log: l.Log}
 	filteredRules := assertion.FilterRulesByTag(rules, tags)
 	resolvedRules := assertion.ResolveRules(filteredRules, valueSource, l.Log)
 
+	allViolations := make([]assertion.Violation, 0)
 	for _, rule := range resolvedRules {
 		l.Log(fmt.Sprintf("Rule %s: %s", rule.Id, rule.Message))
 		for _, resource := range assertion.FilterResourcesByType(resources, rule.Resource) {
@@ -55,12 +56,11 @@ func (l KubernetesLinter) ValidateKubernetesResources(report *assertion.Validati
 				l.Log(fmt.Sprintf("Ignoring resource %s", resource.Id))
 			} else {
 				_, violations := assertion.CheckRule(rule, resource, l.Log)
-				for _, violation := range violations {
-					report.Violations[violation.Status] = append(report.Violations[violation.Status], violation)
-				}
+				allViolations = append(allViolations, violations...)
 			}
 		}
 	}
+	return allViolations
 }
 
 func (l KubernetesLinter) Validate(report *assertion.ValidationReport, filenames []string, ruleSet assertion.RuleSet, tags []string, ruleIds []string) {
@@ -69,7 +69,10 @@ func (l KubernetesLinter) Validate(report *assertion.ValidationReport, filenames
 		if assertion.ShouldIncludeFile(ruleSet.Files, filename) {
 			l.Log(fmt.Sprintf("Processing %s", filename))
 			resources := loadKubernetesResources(filename, l.Log)
-			l.ValidateKubernetesResources(report, resources, rules, tags)
+			violations := l.ValidateKubernetesResources(resources, rules, tags)
+			for _, violation := range violations {
+				report.Violations[violation.Status] = append(report.Violations[violation.Status], violation)
+			}
 			report.FilesScanned = append(report.FilesScanned, filename)
 		}
 	}
diff --git a/cli/security_group.go b/cli/security_group.go
index 24f2511..64e356d 100644
--- a/cli/security_group.go
+++ b/cli/security_group.go
@@ -48,12 +48,13 @@ func loadSecurityGroupResources(log assertion.LoggingFunction) []assertion.Resou
 	return resources
 }
 
-func (l SecurityGroupLinter) ValidateSecurityGroupResources(report *assertion.ValidationReport, resources []assertion.Resource, rules []assertion.Rule, tags []string) {
+func (l SecurityGroupLinter) ValidateSecurityGroupResources(resources []assertion.Resource, rules []assertion.Rule, tags []string) []assertion.Violation {
 
 	valueSource := assertion.StandardValueSource{Log: l.Log}
 	filteredRules := assertion.FilterRulesByTag(rules, tags)
 	resolvedRules := assertion.ResolveRules(filteredRules, valueSource, l.Log)
 
+	allViolations := make([]assertion.Violation, 0)
 	for _, rule := range resolvedRules {
 		l.Log(fmt.Sprintf("Rule %s: %s", rule.Id, rule.Message))
 		for _, resource := range assertion.FilterResourcesByType(resources, rule.Resource) {
@@ -61,18 +62,20 @@ func (l SecurityGroupLinter) ValidateSecurityGroupResources(report *assertion.Va
 				l.Log(fmt.Sprintf("Ignoring resource %s", resource.Id))
 			} else {
 				_, violations := assertion.CheckRule(rule, resource, l.Log)
-				for _, violation := range violations {
-					report.Violations[violation.Status] = append(report.Violations[violation.Status], violation)
-				}
+				allViolations = append(allViolations, violations...)
 			}
 		}
 	}
+	return allViolations
 }
 
 func (l SecurityGroupLinter) Validate(report *assertion.ValidationReport, filenames []string, ruleSet assertion.RuleSet, tags []string, ruleIds []string) {
 	rules := assertion.FilterRulesById(ruleSet.Rules, ruleIds)
 	resources := loadSecurityGroupResources(l.Log)
-	l.ValidateSecurityGroupResources(report, resources, rules, tags)
+	violations := l.ValidateSecurityGroupResources(resources, rules, tags)
+	for _, violation := range violations {
+		report.Violations[violation.Status] = append(report.Violations[violation.Status], violation)
+	}
 }
 
 func (l SecurityGroupLinter) Search(filenames []string, ruleSet assertion.RuleSet, searchExpression string) {
diff --git a/cli/terraform.go b/cli/terraform.go
index 2880676..a3b1412 100644
--- a/cli/terraform.go
+++ b/cli/terraform.go
@@ -89,12 +89,13 @@ func loadTerraformResources(filename string, log assertion.LoggingFunction) []as
 	return resources
 }
 
-func (l TerraformLinter) ValidateTerraformResources(report *assertion.ValidationReport, resources []assertion.Resource, rules []assertion.Rule, tags []string) {
+func (l TerraformLinter) ValidateTerraformResources(resources []assertion.Resource, rules []assertion.Rule, tags []string) []assertion.Violation {
 
 	valueSource := assertion.StandardValueSource{Log: l.Log}
 	filteredRules := assertion.FilterRulesByTag(rules, tags)
 	resolvedRules := assertion.ResolveRules(filteredRules, valueSource, l.Log)
 
+	allViolations := make([]assertion.Violation, 0)
 	for _, rule := range resolvedRules {
 		l.Log(fmt.Sprintf("Rule %s: %s", rule.Id, rule.Message))
 		for _, resource := range assertion.FilterResourcesByType(resources, rule.Resource) {
@@ -102,12 +103,11 @@ func (l TerraformLinter) ValidateTerraformResources(report *assertion.Validation
 				l.Log(fmt.Sprintf("Ignoring resource %s", resource.Id))
 			} else {
 				_, violations := assertion.CheckRule(rule, resource, l.Log)
-				for _, violation := range violations {
-					report.Violations[violation.Status] = append(report.Violations[violation.Status], violation)
-				}
+				allViolations = append(allViolations, violations...)
 			}
 		}
 	}
+	return allViolations
 }
 
 func (l TerraformLinter) Validate(report *assertion.ValidationReport, filenames []string, ruleSet assertion.RuleSet, tags []string, ruleIds []string) {
@@ -115,7 +115,10 @@ func (l TerraformLinter) Validate(report *assertion.ValidationReport, filenames
 	for _, filename := range filenames {
 		if assertion.ShouldIncludeFile(ruleSet.Files, filename) {
 			resources := loadTerraformResources(filename, l.Log)
-			l.ValidateTerraformResources(report, resources, rules, tags)
+			violations := l.ValidateTerraformResources(resources, rules, tags)
+			for _, violation := range violations {
+				report.Violations[violation.Status] = append(report.Violations[violation.Status], violation)
+			}
 			report.FilesScanned = append(report.FilesScanned, filename)
 		}
 	}