IaC Code Security Inspector

Avoid misconfigurations, insecure coding and configuration patterns through an automated solution for checking the integrity and applicability of IaC code that is to be deployed on an infrastructure. 

Keywords: IaC, code quality, infrastructure, misconfigurations 

Benefits: 

• Identifies possible vulnerabilities and improvements 

• Available through a REST API service for third party integration 

• Supports a large variety of IaC scans including xOpera TOSCA, Ansible Lint and hadolint  

Result Description: An analyser of the IaC and the application code (when available), using SAST tools and offering a form of Static Analysis Security Testing (SAST) by checking the IaC code against the known cybersecurity issues (misconfigurations, use of non-secure libraries, non-secure configuration patterns) consistency checks and other quality verifications according to identified best practices. 

Unique Value Proposition: automatic static code inspection / The verification tool will check the IaC code for errors and report back to the user with a set of error reports and also recommendations where inefficiencies are in his code. The main selling point of the solution is that this step in the deployment process can be fully automated and integrated into the deployment pipeline or done manually as a once off process for a selected part of the IaC code.  

IP: Open source tool providing warnings about potential security issues of the IaC configuration and suggestions for possible corrections of the existing code.