cloudformation
Safeguard articles tagged "cloudformation" — guides, analysis, and best practices for software supply chain and application security.
7 articles
Automating cloud compliance checks in Terraform and CloudFormation pipelines
Terrascan went fully archived in November 2025. Here's how to gate CIS and SOC 2 checks in Terraform/CloudFormation pipelines with tools still standing.
Scanning Terraform and CloudFormation before you ever run apply
tfsec merged into Trivy in 2024 and OPA hit CNCF graduated status in 2021 — here's how to scan Terraform and CloudFormation before deploy, with a working Conftest policy.
Detecting and remediating Terraform and CloudFormation drift
Terraform's own drift check can return an ambiguous exit code — here's how declared IaC state quietly diverges from live cloud resources, and how to catch it.
Scanning AWS CloudFormation templates for misconfigurations
CloudFormation deploys exactly what you write, misconfigurations included. Here's how scanning catches IAM, S3, and security group errors before they ship.
Best Infrastructure as Code (IaC) security scanning tools
A practical, no-hype comparison of IaC security scanning tools — Checkov, tfsec/Trivy, Terrascan, Snyk IaC, KICS, and cfn-guard — with real strengths and limitations.
How Snyk IaC detects overly permissive IAM policies in Te...
A mechanical walkthrough of how Snyk IaC parses Terraform and CloudFormation, normalizes IAM policies into one model, and flags wildcard actions, resources, and principals before deploy.
Infrastructure as Code Security: Scanning Terraform, CloudFormation, and Kubernetes Manifests
IaC scanning catches misconfigurations before they reach production. This guide covers tools, techniques, and integration patterns for Terraform, CloudFormation, and Kubernetes.