iac-security
Safeguard articles tagged "iac-security" — guides, analysis, and best practices for software supply chain and application security.
49 articles
Comparing Terraform security scanners: Snyk IaC, Checkov, tfsec
Snyk IaC, Checkov, and tfsec take different approaches to Terraform scanning — and one of them stopped getting new checks in 2023. Here's how they actually compare.
The cost of cloud misconfiguration breaches
New breach-cost data shows cloud misconfigurations now cost millions per incident and take months to detect — here's what's driving the trend and how to close the gap.
Snyk and HashiCorp Terraform Cloud partnership
Snyk's HashiCorp Terraform Cloud integration gates IaC risk at plan time — here's what it covers, what it misses, and how reachability closes the gap.
What is IaC Security
IaC security scans Terraform, CloudFormation, and Kubernetes code before deployment—catching misconfigurations before they become breaches.
What is Terraform Security
Terraform security means finding and fixing risks in IaC code, state files, and providers before they become live cloud misconfigurations.
What is Configuration Drift
Configuration drift silently pulls live systems away from their secure baseline — and it's behind some of the largest cloud data exposures on record.
How to scan Terraform for misconfigurations with Checkov
A hands-on guide to running Checkov against Terraform, triaging findings, writing custom policies, and blocking IaC misconfigurations before they merge.
How to encrypt a Terraform state file
A step-by-step guide to encrypting a Terraform state file using an S3 backend, KMS keys, and IAM controls to keep infrastructure secrets safe.
Infrastructure as Code Security Tools, Compared
Infrastructure as code security tools catch misconfigured cloud resources before they're ever provisioned — here's how the main options differ and where each one fits.
What is Drift Detection
Drift detection catches unauthorized config changes in real time. See how it works, why it fails in most orgs, and real breaches it could have stopped.
What Is KICS? Checkmarx's Open Source IaC Scanner Explained
Checkmarx KICS is a free, open source static analysis tool for infrastructure-as-code that scans Terraform, CloudFormation, Kubernetes manifests, and more for misconfigurations before they're ever deployed.
Best Infrastructure as Code (IaC) security scanning tools
A practical, no-hype comparison of IaC security scanning tools — Checkov, tfsec/Trivy, Terrascan, Snyk IaC, KICS, and cfn-guard — with real strengths and limitations.