| description |
|---|
Secure Infrastructure as Code (IaC) |
Infrastructure as Code (IaC) is the practice of managing and provisioning infrastructure with machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. It's a key practice in DevOps and is used in conjunction with cloud computing.
When it comes to security, IaC can both help and pose challenges.
IaC is a powerful tool for managing infrastructure, and it can significantly enhance security when used properly. However, it requires careful management to avoid introducing new security risks.
- Aqua tfsec (web): a static analysis security scanner for your Terraform code.
- Tenable terrascan (web): Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
- Bridgecrew Checkov (web): prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages.
- Regula (web): checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes security and compliance using Open Policy Agent/Rego.
- Terraform Compliance (web): is a lightweight, security and compliance focused test framework against terraform to enable negative testing capability for your infrastructure-as-code.
- Checkmarx kics (web): keeping infrastructure as code secure is an open source solution for static code analysis of Infrastructure as Code.
- Stelligent Cfn Nag: looks for patterns in CloudFormation templates that may indicate insecure infrastructure.
- ggshield (GitGuardian): find and fix hardcoded secrets and infrastructure-as-code misconfigurations.
- Ansible lint (web): ansible-lint checks playbooks for practices and behavior that could potentially be improved.