Infrastructure as Code Security

Join the Preview!

Infrastructure as Code (IaC) Security is in Preview. To request access, complete the form.

Request Access
IaC misconfiguration side panel showing details for the high severity IMDSv1 Enabled issue, including a security summary, code snippet, detection timestamps, and remediation steps.

Infrastructure as Code (IaC) Security automatically analyzes your Terraform files for security misconfigurations. With IaC Security, you can:

  • Scan Terraform files for security misconfigurations
  • Surface IaC misconfigurations in the Code Security Vulnerabilities tab
  • Group and filter findings by severity, triage status, and other facets
  • View detailed remediation guidance and code snippets for each finding
  • Track finding status and history for triage and resolution
  • Configure scanning exclusions
IaC Security supports GitHub for version control and Terraform for infrastructure as code.

Getting started

  1. Set up IaC Security in your environment
  2. Configure scanning exclusions to reduce false positives or ignore expected results
  3. Review and triage findings in the Code Security Vulnerabilities tab

Further reading

Additional helpful documentation, links, and articles: