How to run SAST (Static security testing) of your infrastructure as code

Iac (Infrastructure as code) needs also static security testing. Static testing is the evaluation and testing of the code itself before any deployment of builds focusing on security configuration, best practices, and vulnerabilities. IaC can and might be considered as an application. So same efforts for scanning the code must go to Terraform, Cloudformation, ARM, and other infra. In this video, I am showing you my vulnerable IaC lab where you will learn how to test your deployments before deployment even when you are not a cybersecurity professional. You will get a new DevSecOps superpower. Links Github: https://github.com/aquasecurity/tfsec https://github.com/bridgecrewio/checkov https://github.com/accurics/terrascan Links to the docs: https://snyk.io/product/infrastructure-as-code-security/ https://tfsec.dev/ https://www.checkov.io/1.Welcome/Quick%20Start.html Amazing article that we wrote with my former colleague: https://www.revolgy.com/insights/blog/complete-guide-for-picking-the-right-tool-for-terraform-security-code-analysis ==== Connect with me: https://www.linkedin.com/in/mareksottl/ Blog: https://www.sottlmarek.com/blog/ Subscribe here: https://www.youtube.com/channel/UCy0S_HftNM7Fy0ksEOUHc-Q?sub_confirmation=1

Видео How to run SAST (Static security testing) of your infrastructure as code автора PythonНовичковая альтернатива