Infrastructure as Code (IaC)
Secure Infrastructure as Code (IaC)
Last updated
Was this helpful?
Secure Infrastructure as Code (IaC)
Last updated
Was this helpful?
Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure with machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. It's a key practice in DevOps and is used in conjunction with cloud computing.
When it comes to security, IaC can both help and pose challenges.
IaC is a powerful tool for managing infrastructure, and it can significantly enhance security when used properly. However, it requires careful management to avoid introducing new security risks.
Aqua (): a static analysis security scanner for your Terraform code.
Tenable (): Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
Bridgecrew (): prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages.
(): checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes security and compliance using Open Policy Agent/Rego.
(): is a lightweight, security and compliance focused test framework against terraform to enable negative testing capability for your infrastructure-as-code.
Checkmarx (): keeping infrastructure as code secure is an open source solution for static code analysis of Infrastructure as Code.
Stelligent : looks for patterns in CloudFormation templates that may indicate insecure infrastructure.
(): find and fix hardcoded secrets and infrastructure-as-code misconfigurations.
(): ansible-lint checks playbooks for practices and behavior that could potentially be improved.