From the course: Building Your First DevSecOps Pipeline in AWS

Unlock the full course today

Join today to access over 24,500 courses taught by industry experts.

Infrastructure as code scanning in the pipeline

Infrastructure as code scanning in the pipeline - Amazon Web Services (AWS) Tutorial

From the course: Building Your First DevSecOps Pipeline in AWS

Start my 1-month free trial Buy for my team

Infrastructure as code scanning in the pipeline

We've talked about infrastructure as code and why it's important. Now let's talk about how we can test it for misconfigurations in our DevSecOps pipeline. Let's talk about what we want to accomplish when we security test IaC in DevSecOps. We want to run a scan that identifies misconfigurations in code that may lead to security vulnerabilities once deployed. Part of DevSecOps is to test early and often. We want to make sure that we test our IaC just like we would any other source code that we're using to build our application. So what makes a good scanning tool for IaC? It's similar to other tools in DevSecOps. The first is that it can be automated. It can be built into the pipeline, so it's run as a part of the build process and easily integrates with your CI/CD process that the DevSecOps team uses. A bonus is that it works with the IDE that the developers use. Anytime we can get closer to the developer, the better. A good example of an IaC scanner is Amazon CodeGuru. We used that…

Contents