Scanning cloud Infrastructure as Code (IaC) using a static analysis tool as part of your DevOps workflows and CI?CD pipeline is a standard best practice. But, what tool should you use? Are there noticeable differences between the leading tools? In this talk we compare three of the most commonly used tools (Checkov, cfn_nag, and Terrascan) and share pros/cons to help you determine what should be in your toolchain.
Listen in to Parts 1 and 2 of this Cloud Security & DevSecOps Series:
Part 1 with Eric Johnson on Thurs May 6, Locking Down GitFlow with GitHub, GitLab, and Azure DevOps
Part 2 with Ben Allen on Thurs May 13, Setting the Gold Standard - Using CI pipelines to create validated OS images