IaC
Analyzes infrastructure definitions, configuration templates, and deployment scripts for security misconfigurations and compliance violations across multiple IaC platforms including Terraform, CloudFormation, and Kubernetes manifests. It enforces security frameworks and best practices to prevent misconfigurations from reaching production.
Required Blueprints: GitHub, Azure DevOps, Azure, AWS, Bitbucket, Checkmarx
Sightlines
| Sightline | Description |
|---|---|
| Terraform Vulnerabilities Analysis | Provides insights into Infrastructure-as-Code (IaC) vulnerabilities detected in Terraform configurations. |
| Terraform Vulnerabilities Impact Analysis | Highlights which projects, teams, and systems are most affected by Terraform-related security issues, allowing organi... |
Explorer Node Types
Use these node types in Explorer or KAI to query resources surfaced by this analyzer:
sca.terraform.TerraformResource, sca.sbom.TerraformModule, sca.sbom.TerraformVulnerability, sca.deploymentmanager.IaCResource
Related Analyzers
- Repository — IaC files stored in source code repositories
- Secrets and PII — Hardcoded secrets in Terraform/CloudFormation
- Code — Security misconfigurations in IaC code
- AWS Compute — EC2/ECS resources created via CloudFormation
- AWS Storage — S3 buckets created via IaC