Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Join the Preview!
Static Infrastructure as Code (IaC) scanning is in Preview. To request access, complete the form.
Request AccessStatic Infrastructure as Code (IaC) scanning integrates with version control systems, such as GitHub, to detect misconfigurations in cloud resources defined by Terraform. The scanning results are displayed in two primary locations: within pull requests during code modifications and on the Explorers page within Cloud Security Management.
When you click on a finding, the side panel reveals additional details, including a short description of the IaC rule related to the finding and a preview of the offending code.
Supported providers
- Version control system: GitHub
- Infrastructure as code tool: Terraform
Setup
Set up the GitHub integration
Follow the instructions for creating a GitHub app for your organization.
To use IaC scanning, you must give the GitHub App Read & Write
permissions for Contents
and Pull Requests
. These permissions can be applied to all or select repositories.
Enable IaC scanning for your repositories
After you set up the GitHub integration, enable IaC scanning for the repositories in your GitHub account.
- On the CSM Setup page, expand the Source Code Integrations section.
- Click Configure for the GitHub account you want to configure.
- To enable IaC scanning:
- All repositories: Toggle Enable Infrastructure as Code (IaC) Scanning to the on position.
- Single repository: Toggle the IAC Scanning option for the specific repository to the on position.