infrastructure-as-code
Safeguard articles tagged "infrastructure-as-code" — guides, analysis, and best practices for software supply chain and application security.
28 articles
Snyk and HashiCorp Terraform Cloud partnership
Snyk's HashiCorp Terraform Cloud integration gates IaC risk at plan time — here's what it covers, what it misses, and how reachability closes the gap.
What is Cloud Misconfiguration
Cloud misconfiguration is the top cause of cloud breaches. Learn what it is, why it happens, real-world costs, and how to detect and prevent it.
What is Infrastructure as Code (IaC)
IaC turns infrastructure into versioned code, but one bad Terraform default can replicate a security hole across every environment it touches.
What is IaC Security
IaC security scans Terraform, CloudFormation, and Kubernetes code before deployment—catching misconfigurations before they become breaches.
What is Terraform Security
Terraform security means finding and fixing risks in IaC code, state files, and providers before they become live cloud misconfigurations.
What is AWS CloudFormation Security
What is CloudFormation security? A practical breakdown of IAM least privilege, drift detection, secret scanning, and template misconfigurations that cause breaches.
IaC Scanning Tools for Terraform and Beyond
IaC scanning tools catch misconfigured cloud resources before they're ever applied — the question is which ones actually understand Terraform's module graph instead of just its syntax.
What Is KICS? Checkmarx's Open Source IaC Scanner Explained
Checkmarx KICS is a free, open source static analysis tool for infrastructure-as-code that scans Terraform, CloudFormation, Kubernetes manifests, and more for misconfigurations before they're ever deployed.
Terraform Module Supply Chain Security
The dependency lockfile everyone commits only covers providers — your modules float free. Pinning, provenance, and the code-execution paths hiding inside terraform plan.
Terraform infrastructure-as-code misconfiguration explained
Terraform misconfigurations — not zero-days — cause most cloud breaches. Here's how they happen, real incidents they caused, and how to catch them pre-deploy.
How Snyk IaC's Terraform Cloud run tasks gate infrastruct...
How Snyk IaC uses Terraform Cloud's run tasks to scan plan output and block infrastructure changes before apply — the mechanics, enforcement levels, and limits.
How Snyk IaC's custom rule SDK structures resource-attrib...
A technical look at how Snyk IaC's Rego-based SDK normalizes Terraform, CloudFormation, Kubernetes, and ARM into one resource-attribute query model.