Safeguard
Tag

iac-security

Safeguard articles tagged "iac-security" — guides, analysis, and best practices for software supply chain and application security.

49 articles

Infrastructure Security

Comparing Terraform security scanners: Snyk IaC, Checkov, tfsec

Snyk IaC, Checkov, and tfsec take different approaches to Terraform scanning — and one of them stopped getting new checks in 2023. Here's how they actually compare.

Jun 15, 20268 min read
Infrastructure Security

The cost of cloud misconfiguration breaches

New breach-cost data shows cloud misconfigurations now cost millions per incident and take months to detect — here's what's driving the trend and how to close the gap.

Jun 15, 20268 min read
Infrastructure Security

Snyk and HashiCorp Terraform Cloud partnership

Snyk's HashiCorp Terraform Cloud integration gates IaC risk at plan time — here's what it covers, what it misses, and how reachability closes the gap.

Apr 23, 20266 min read
Infrastructure Security

What is IaC Security

IaC security scans Terraform, CloudFormation, and Kubernetes code before deployment—catching misconfigurations before they become breaches.

Mar 12, 20267 min read
Infrastructure Security

What is Terraform Security

Terraform security means finding and fixing risks in IaC code, state files, and providers before they become live cloud misconfigurations.

Mar 12, 20266 min read
Infrastructure Security

What is Configuration Drift

Configuration drift silently pulls live systems away from their secure baseline — and it's behind some of the largest cloud data exposures on record.

Mar 11, 20267 min read
Infrastructure Security

How to scan Terraform for misconfigurations with Checkov

A hands-on guide to running Checkov against Terraform, triaging findings, writing custom policies, and blocking IaC misconfigurations before they merge.

Feb 13, 20269 min read
Infrastructure Security

How to encrypt a Terraform state file

A step-by-step guide to encrypting a Terraform state file using an S3 backend, KMS keys, and IAM controls to keep infrastructure secrets safe.

Feb 13, 20267 min read
Cloud Security

Infrastructure as Code Security Tools, Compared

Infrastructure as code security tools catch misconfigured cloud resources before they're ever provisioned — here's how the main options differ and where each one fits.

Feb 11, 20265 min read
Cloud Security

What is Drift Detection

Drift detection catches unauthorized config changes in real time. See how it works, why it fails in most orgs, and real breaches it could have stopped.

Jan 31, 20267 min read
DevSecOps

What Is KICS? Checkmarx's Open Source IaC Scanner Explained

Checkmarx KICS is a free, open source static analysis tool for infrastructure-as-code that scans Terraform, CloudFormation, Kubernetes manifests, and more for misconfigurations before they're ever deployed.

Jan 22, 20265 min read
Buyer's Guides

Best Infrastructure as Code (IaC) security scanning tools

A practical, no-hype comparison of IaC security scanning tools — Checkov, tfsec/Trivy, Terrascan, Snyk IaC, KICS, and cfn-guard — with real strengths and limitations.

Nov 16, 20259 min read
iac-security (Page 3) — Safeguard Blog