Safeguard
Tag

infrastructure-as-code

Safeguard articles tagged "infrastructure-as-code" — guides, analysis, and best practices for software supply chain and application security.

28 articles

Infrastructure Security

Snyk and HashiCorp Terraform Cloud partnership

Snyk's HashiCorp Terraform Cloud integration gates IaC risk at plan time — here's what it covers, what it misses, and how reachability closes the gap.

Apr 23, 20266 min read
Cloud Security

What is Cloud Misconfiguration

Cloud misconfiguration is the top cause of cloud breaches. Learn what it is, why it happens, real-world costs, and how to detect and prevent it.

Mar 14, 20267 min read
Infrastructure Security

What is Infrastructure as Code (IaC)

IaC turns infrastructure into versioned code, but one bad Terraform default can replicate a security hole across every environment it touches.

Mar 13, 20267 min read
Infrastructure Security

What is IaC Security

IaC security scans Terraform, CloudFormation, and Kubernetes code before deployment—catching misconfigurations before they become breaches.

Mar 12, 20267 min read
Infrastructure Security

What is Terraform Security

Terraform security means finding and fixing risks in IaC code, state files, and providers before they become live cloud misconfigurations.

Mar 12, 20266 min read
Infrastructure Security

What is AWS CloudFormation Security

What is CloudFormation security? A practical breakdown of IAM least privilege, drift detection, secret scanning, and template misconfigurations that cause breaches.

Mar 12, 20266 min read
Cloud Security

IaC Scanning Tools for Terraform and Beyond

IaC scanning tools catch misconfigured cloud resources before they're ever applied — the question is which ones actually understand Terraform's module graph instead of just its syntax.

Feb 18, 20265 min read
DevSecOps

What Is KICS? Checkmarx's Open Source IaC Scanner Explained

Checkmarx KICS is a free, open source static analysis tool for infrastructure-as-code that scans Terraform, CloudFormation, Kubernetes manifests, and more for misconfigurations before they're ever deployed.

Jan 22, 20265 min read
Engineering

Terraform Module Supply Chain Security

The dependency lockfile everyone commits only covers providers — your modules float free. Pinning, provenance, and the code-execution paths hiding inside terraform plan.

Dec 18, 20256 min read
Vulnerability Analysis

Terraform infrastructure-as-code misconfiguration explained

Terraform misconfigurations — not zero-days — cause most cloud breaches. Here's how they happen, real incidents they caused, and how to catch them pre-deploy.

Dec 3, 20257 min read
Cloud Security

How Snyk IaC's Terraform Cloud run tasks gate infrastruct...

How Snyk IaC uses Terraform Cloud's run tasks to scan plan output and block infrastructure changes before apply — the mechanics, enforcement levels, and limits.

Sep 2, 20257 min read
Cloud Security

How Snyk IaC's custom rule SDK structures resource-attrib...

A technical look at how Snyk IaC's Rego-based SDK normalizes Terraform, CloudFormation, Kubernetes, and ARM into one resource-attribute query model.

Sep 1, 20256 min read
infrastructure-as-code (Page 2) — Safeguard Blog