Setting up IaC Remediation for Cloud Security Management

Use the following instructions to enable Infrastructure as Code (IaC) remediation for Cloud Security Management (CSM). IaC remediation is available for CSM Misconfigurations and CSM Identity Risks.

Set up the GitHub integration

Follow the instructions for creating a GitHub app for your organization.

To use IaC remediation, you must give the Github App Read & Write permissions for Contents and Pull Requests. These permissions can be applied to all or select repositories.

Enable IaC remediation for your repositories

After you set up the GitHub integration, enable IaC remediation for the repositories in your GitHub account.

  1. On the CSM Setup page, expand the Source Code Integrations section.
  2. Click Configure for the GitHub account you want to configure.
  3. To enable IaC:
    • All repositories: Toggle Enable Infrastructure as Code (IaC) Remediation to the on position.
    • Single repository: Toggle the IAC Remediation option for the specific repository to the on position.

Further reading

Additional helpful documentation, links, and articles:

Setting up Cloud Security ManagementDOCUMENTATION more more CSM MisconfigurationsDOCUMENTATION more more CSM Identity RisksGUIDE more more