IaC

The IaC (Infrastructure as Code) Analyzer is a comprehensive security solution designed to analyze infrastructure definitions, configuration templates, and deployment scripts for security misconfigurations, compliance violations, and deviation from best practices across multiple IaC platforms and tools. It provides deep IaC security analysis by scanning infrastructure code for common security misconfigurations, overly permissive access controls, and dangerous default configurations that could expose systems to attack. The analyzer offers specialized Terraform analysis capabilities, understanding HashiCorp Configuration Language (HCL) syntax and Terraform-specific security patterns to identify issues like insecure resource configurations, inadequate state file protection, and module security problems. It includes robust CloudFormation analysis for AWS infrastructure templates, detecting security issues in resource definitions, parameter handling, and stack configurations that could lead to security vulnerabilities or compliance violations. The platform provides Kubernetes manifest security analysis, examining YAML configurations for container security issues, network policy problems, and cluster security misconfigurations that could compromise containerized workloads. Additionally, it ensures IaC compliance by monitoring adherence to security frameworks, regulatory requirements, and organizational policies, while promoting IaC best practices through automated analysis of code quality, documentation standards, and operational excellence patterns. Through continuous scanning and intelligent policy enforcement, IaC Analyzer enables organizations to implement secure infrastructure deployments, maintain compliance across cloud environments, and prevent security misconfigurations from reaching production systems.

Sightline: Terraform Vulnerabilities Analysis

The Terraform Vulnerabilities Analysis sightline provides insights into Infrastructure-as-Code (IaC) vulnerabilities.

Widgets:

• Total Terraform Vulnerabilities

• Critical Terraform Vulnerabilities

• High Terraform Vulnerabilities

• Medium Terraform Vulnerabilities

• Low Terraform Vulnerabilities

• Vulnerability Providers

Sightline: Terraform Vulnerabilities Impact Analysis

The Terraform Vulnerabilities Impact Analysis sightline provides insights into the breadth and impact of Terraform-related security issues across repositories. It goes beyond raw vulnerability counts to highlight which projects, teams, and systems are most affected, allowing organizations to focus remediation efforts where they matter most.

Widgets:

• Repositories with Terraform Vulnerabilities