Checkov is a command-line interface (CLI) that scans infrastructure as code (IaC) for misconfigurations and exposed secrets. Coverage includes Terraform®, Terraform plan, CloudFormation, Kubernetes®, Dockerfile, serverless and ARM templates and more.
Integrate as a guardrail for CI/CD pipelines.
Include graph-based analysis for context-aware policies.
Add custom policies in Python or YAML.
Yor tags IaC templates with attribution and ownership details, unique IDs that get carried across to cloud resources, improving root cause analysis, operational efficiency and financial attribution.
Automate tagging as a pre-commit hook or in a CI/CD pipeline.
Include tracing details to decrease mean time to resolution (MTTR).
Add custom tags for your own attribute needs.
The CI/CD Goat project offers a practical, engaging way to learn CI/CD security with 11 hands-on challenges in a real CI/CD environment. Participants can deepen their expertise across various security risks through scenarios that progressively increase in difficulty.
Tackle 11 targeted challenges in an authentic CI/CD setting.
Learn to mitigate the OWASP Top 10 CI/CD Security Risks through interactive, scenario-based exercises.
Enjoy a unique learning experience with each challenge themed after a character from “Alice in Wonderland.”
AirIAM scans AWS IAM for activity and generates a Terraform template with least-privilege access.
Reduce the attack surface by identifying unused users, roles and permissions.
Generate usage-based policies for least-privileged access.
Create Terraform code for IAM policies for version control and collaboration.
