Infrastructure as Code (IaC)

About

Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure with machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. It's a key practice in DevOps and is used in conjunction with cloud computing.

When it comes to security, IaC can both help and pose challenges.

IaC is a powerful tool for managing infrastructure, and it can significantly enhance security when used properly. However, it requires careful management to avoid introducing new security risks.

Tools

• Aqua (): a static analysis security scanner for your Terraform code.

• Tenable (): Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

• Bridgecrew (): prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages.

• (): checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes security and compliance using Open Policy Agent/Rego.

• (): is a lightweight, security and compliance focused test framework against terraform to enable negative testing capability for your infrastructure-as-code.

• Checkmarx (): keeping infrastructure as code secure is an open source solution for static code analysis of Infrastructure as Code.

• Stelligent : looks for patterns in CloudFormation templates that may indicate insecure infrastructure.

• (): find and fix hardcoded secrets and infrastructure-as-code misconfigurations.

• (): ansible-lint checks playbooks for practices and behavior that could potentially be improved.