Our great sponsors
-
kics
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
-
checkov
Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
The ones I remember being alright from a bunch of trials/PoC we did at my job were Snyk https://snyk.io/product/infrastructure-as-code-security/ and The one Gitlab Ultimate uses, https://github.com/Checkmarx/kics
I just had a brief chat with one of the developers of Checkov and it sounds nice (and open source). I haven't had a chance to play with it, but if you want to it's at https://www.checkov.io/
Beyond Snyk and Checkov - I have also used https://github.com/aquasecurity/tfsec at a few organizations both for use locally and in CI (PR Review Checks)