Join the Preview!

Static Infrastructure as Code (IaC) scanning is in Preview. To request access, complete the form.

Request Access

Static Infrastructure as Code (IaC) scanning integrates with version control systems, such as GitHub, to detect misconfigurations in cloud resources defined by Terraform. The scanning results are displayed in two primary locations: within pull requests during code modifications and on the Explorers page within Cloud Security Management.

Static IaC scanning supports GitHub for version control and Terraform for infrastructure as code.
CSM Explorers page displaying detected misconfigurations in cloud resources

When you click on a finding, the side panel reveals additional details, including a short description of the IaC rule related to the finding and a preview of the offending code.

Finding side panel highlighting undefined EBS volume encryption in Terraform code.

Further reading

Additional helpful documentation, links, and articles: