Safeguard
Tag

iac-security

Safeguard articles tagged "iac-security" — guides, analysis, and best practices for software supply chain and application security.

49 articles

Buyer's Guides

Best Terraform security and compliance tools

A practical, no-hype comparison of Terraform security tools — Checkov, tfsec/Trivy, Terrascan, Sentinel, Snyk IaC, and more — plus how Safeguard fits in.

Nov 16, 20258 min read
Software Supply Chain Security

Terraform Registry module vulnerability trends

Registry-wide analysis shows a rising share of Terraform modules carry stale provider pins and insecure defaults — here's what's driving it and how to respond.

Nov 9, 20257 min read
Cloud Security

Terraform AWS provider misconfiguration trends

Terraform's AWS misconfiguration trends in 2026: how provider v4.0 migration gaps, wildcard IAM policies, and state drift keep exposing production infrastructure.

Nov 4, 20257 min read
Buyer's Guides

Best infrastructure drift detection tools

A practical buyer's guide to infrastructure drift detection tools, comparing Terraform Cloud, Spacelift, env0, driftctl-style OSS, and Safeguard.

Nov 4, 20259 min read
Cloud Security

OpenTofu and Terraform provider supply chain risk

Terraform and OpenTofu providers run unsandboxed with full pipeline credentials. Here's where the provider supply chain actually breaks down.

Nov 1, 20257 min read
Cloud Security

How Snyk IaC's static analysis engine parses Terraform HC...

A technical walkthrough of how Snyk IaC parses Terraform HCL into JSON, evaluates it with OPA/Rego policies, and maps violations back to source lines.

Sep 3, 20257 min read
Cloud Security

How Snyk IaC's 400+ rule library maps to CIS benchmarks a...

How Snyk IaC's 400+ rules trace to numbered CIS AWS, Azure, GCP, and Kubernetes benchmark controls — and where benchmark-mapped scanning stops short.

Sep 3, 20258 min read
Cloud Security

How to write a custom Snyk IaC rule in Rego using the Rul...

A technical walkthrough of Snyk's IaC Rules SDK: scaffolding, writing Rego deny rules, local testing, bundling, and org-wide enforcement via OCI registries.

Sep 2, 20258 min read
Cloud Security

How Snyk IaC scans a Terraform Plan JSON file to catch dr...

How Snyk IaC parses Terraform plan JSON's resource_changes to catch drift and misconfigurations before terraform apply — the mechanics, limits, and what it can't see.

Sep 2, 20257 min read
Cloud Security

How Snyk IaC correlates code-level misconfigurations with...

How Snyk's Cloud Context feature joins Terraform and CloudFormation misconfigurations to live AWS, Azure, and GCP resources — and where that correlation model breaks down.

Sep 1, 20257 min read
Infrastructure Security

Pulumi and Crossplane Security: IaC Beyond Terraform

Security considerations for Pulumi and Crossplane as infrastructure-as-code alternatives, including unique risks and hardening strategies.

Nov 5, 20237 min read
Cloud Security

Infrastructure as Code Security: Scanning Terraform, CloudFormation, and Kubernetes Manifests

IaC scanning catches misconfigurations before they reach production. This guide covers tools, techniques, and integration patterns for Terraform, CloudFormation, and Kubernetes.

Aug 22, 20227 min read
iac-security (Page 4) — Safeguard Blog