Infrastructure as Code scanning
Infrastructure as Code (IaC) scanning is a security testing practice that analyzes IaC configurations to identify misconfigurations, security vulnerabilities, and compliance issues before deployment. By scanning IaC templates such as Terraform, CloudFormation, Kubernetes manifests, and other configuration files, teams can detect security risks early in the development process.
With Harness Security Testing Orchestration (STO), you can perform IaC scanning using integrated scanners. STO enhances the scanning process by normalizing results, deduplicating findings, and formatting them into actionable insights.
Set up IaC Scanning with Harness STO
You can use any of the integrated scanners that perform IaC scanning. Select any of the scanners below for detailed configuration steps.
Supported Scanners for IaC
Below is the list of scanners supported for IaC in Harness STO:
If the scanner you use for IaC is not listed, you can explore additional scanners that are compatible with the Custom Scan step. If the Custom Scan step does not support the scanner you need, you can use the Custom Ingestion step to ingest and process your scan results.
Next steps
After running a security scan, you can take the following actions:
- View Scan Results: See the security scan results in the pipeline execution. View scan results.
- Remediate Issues with AI: Use AI-based suggestions to fix identified vulnerabilities. Use AI to fix security issues.
- Exempt issues: Manage and exempt specific issues based on requirements. Exemption workflows
- Enforce Policies: Apply OPA policies for control and governance. Enforce OPA policies.