Safeguard
Tag

terraform

Safeguard articles tagged "terraform" — guides, analysis, and best practices for software supply chain and application security.

31 articles

Cloud Security

Catching Terraform Misconfigurations Before They Ever Reach Apply

Trivy replaced tfsec in 2023 and Checkov ships thousands of policies — here's how to wire open-source Terraform scanners into CI/CD before terraform apply runs.

Jul 16, 20266 min read
Compliance & Frameworks

Automating cloud compliance checks in Terraform and CloudFormation pipelines

Terrascan went fully archived in November 2025. Here's how to gate CIS and SOC 2 checks in Terraform/CloudFormation pipelines with tools still standing.

Jul 14, 20266 min read
Cloud Security

Scanning Terraform and CloudFormation before you ever run apply

tfsec merged into Trivy in 2024 and OPA hit CNCF graduated status in 2021 — here's how to scan Terraform and CloudFormation before deploy, with a working Conftest policy.

Jul 14, 20266 min read
Cloud Security

The S3 bucket security hardening checklist

AWS blocked public access by default in April 2023, yet misconfigured buckets still leak data — here's a concrete checklist and Terraform to close the gaps.

Jul 14, 20267 min read
Cloud Security

A guide to scanning Terraform IaC for misconfigurations before deployment

tfsec folded into Trivy in February 2023. Sentinel gates plans in Terraform Enterprise. Here's how to catch misconfigured infrastructure before it's ever provisioned.

Jul 12, 20266 min read
Cloud Security

Detecting and remediating Terraform and CloudFormation drift

Terraform's own drift check can return an ambiguous exit code — here's how declared IaC state quietly diverges from live cloud resources, and how to catch it.

Jul 11, 20267 min read
Cloud Security

Policy-as-code for Terraform: testing before you ever run apply

Checkov, OPA, and tflint each catch different Terraform mistakes — chained into CI before apply, they turn a review comment into a hard gate.

Jul 11, 20266 min read
Cloud Security

Shifting Infrastructure-as-Code security left across the SDLC

Terrascan went archived in November 2025 and tfsec folded into Trivy in 2024 — IaC scanning is consolidating fast, and where you run it matters as much as which tool you pick.

Jul 8, 20266 min read
Cloud Security

The most common infrastructure-as-code security risks, with Terraform examples

AWS S3 buckets are private by default, yet public-bucket findings still top every cloud posture scan — because Terraform's own access-block resource defaults to open.

Jul 8, 20266 min read
Cloud Security

Infrastructure Drift Detection: A Practical Guide for 2026

When running infrastructure diverges from your Terraform, your security scans start auditing a fiction. Here's how to detect, understand, and reconcile configuration drift.

Jul 6, 20265 min read
Cloud Security

Terraform Security Best Practices: Hardening Your IaC in 2026

Terraform provisions your entire cloud, which makes it your largest attack surface as code. Here are the practices that keep state, modules, and providers from becoming the breach.

Jul 5, 20265 min read
Concepts

What Is Infrastructure as Code (IaC) Security?

Infrastructure as Code (IaC) security is the practice of scanning and hardening the machine-readable files that define your cloud infrastructure — before they provision anything. Here's how it catches misconfigurations at the source.

Jul 2, 20266 min read
terraform — Safeguard Blog