IaC Security

Spacelift

The most flexible and sophisticated CI/CD for Infrastructure as Code.

A specialized CI/CD platform for IaC that provides automation, collaboration, and governance, with built-in security scanning.

View tool details →

Kubescape

An open-source Kubernetes security platform.

An open-source Kubernetes security posture management tool that scans YAML files, Helm charts, and live clusters.

View tool details →

Wiz

The Cloud Security Platform.

A leading CNAPP that provides full stack visibility and security for your cloud.

View tool details →

CrowdStrike Falcon Cloud Security

One platform to stop the breach, for any cloud.

Extends CrowdStrike's EDR leadership to cloud security.

View tool details →

Snyk IaC

Developer-first infrastructure as code security.

Finds and fixes misconfigurations in Terraform, CloudFormation, Kubernetes, and ARM templates within developer workflows.

View tool details →

Spacelift

The most flexible and collaborative CI/CD for Infrastructure as Code.

A CI/CD platform for IaC with built-in policy and compliance features.

View tool details →

Open Policy Agent (OPA)

Policy-based control for cloud native environments.

An open-source, general-purpose policy engine that can be used for scanning IaC.

View tool details →

Wiz

The Cloud Security Platform.

An agentless CNAPP that provides full-stack visibility of cloud risks, connecting IaC issues to runtime context.

View tool details →

Wiz

The #1 cloud security platform

A CNAPP that provides full stack visibility and security.

View tool details →

Terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning.

An open-source static code analysis tool for IaC that helps detect security and compliance violations.

View tool details →

GitGuardian

The code security platform for the DevOps generation.

A platform for automated secrets detection and remediation.

View tool details →

GitGuardian IaC Security

Automated IaC security and compliance.

Scans infrastructure-as-code files for misconfigurations and security issues within the software development lifecycle.

View tool details →

Orca Security

The pioneer of agentless cloud security

Provides comprehensive, agentless security and compliance for the cloud.

View tool details →

CrowdStrike Falcon Cloud Security

One platform to stop cloud breaches.

A comprehensive cloud security platform that provides breach protection for the entire cloud estate, from workloads to infrastructure.

View tool details →

Checkov

Policy-as-code for everyone. Scan infrastructure as code for misconfigurations and vulnerabilities.

An open-source static analysis tool for scanning IaC to find misconfigurations before they're deployed.

View tool details →

Orca Security

The Agentless-First Cloud Security Platform.

An agentless cloud security platform with IaC scanning.

View tool details →

tfsec

Security scanner for your Terraform code.

A fast, open-source static analysis scanner for Terraform code to find security misconfigurations.

View tool details →

Orca Security

Agentless Cloud Security. Instant-On. 100% Coverage.

A comprehensive, agentless CNAPP that provides full-stack visibility into cloud environments, including IaC security.

View tool details →

Lacework

The data-driven cloud security platform

Automates cloud security and compliance for multicloud environments.

View tool details →

tfsec

A static analysis security scanner for your Terraform code.

An open-source tool that performs static analysis of Terraform code to spot misconfigurations and security issues.

View tool details →

Fugue by Snyk

Cloud security for developers.

A cloud security posture management (CSPM) tool with IaC capabilities.

View tool details →

Snyk IaC

Developer-first security for your infrastructure as code.

Finds and fixes security issues in Terraform, CloudFormation, Kubernetes, and ARM templates.

View tool details →

Trivy

A comprehensive and versatile security scanner.

Versatile open-source security scanner from Aqua Security that finds vulnerabilities, IaC misconfigurations, and secrets.

View tool details →

Snyk

AI-powered Developer Security Platform

Finds and fixes vulnerabilities in code, open source, containers, and IaC.

View tool details →

KICS

Keeping Infrastructure as Code Secure. An open-source solution for static code analysis of IaC.

An open-source static analysis tool from Checkmarx that finds security vulnerabilities and misconfigurations in IaC.

View tool details →

Open Policy Agent

Policy-based control for cloud native environments.

An open-source, general-purpose policy engine.

View tool details →

Prisma Cloud (Checkov)

The most comprehensive Cloud Native Application Protection Platform (CNAPP).

Secures applications from code to cloud, including IaC scanning with the open-source engine Checkov.

View tool details →

Checkov

Policy-as-code for everyone. Scan cloud infrastructure configurations to find misconfigurations before they're deployed.

Open-source IaC scanner that finds misconfigurations in Terraform, CloudFormation, Kubernetes, and more.

View tool details →

Prisma Cloud by Palo Alto Networks

The most complete Cloud-Native Application Protection Platform (CNAPP)

Secures applications from code to cloud across multicloud environments.

View tool details →

SpectralOps

Automated code security.

A developer-first platform for finding and fixing security issues in code.

View tool details →

Prisma Cloud

The Code-to-Cloud™ platform that secures apps from design to runtime.

A comprehensive Cloud Native Application Protection Platform (CNAPP).

View tool details →

Datadog Cloud Security Management

Full-stack security, from development to production.

Integrates security into the Datadog observability platform, providing IaC scanning, CSPM, and threat detection.

View tool details →

Datadog Cloud Security Management

Full-stack security, from development to production.

A cloud security solution from Datadog that includes CSPM, CWP, and IaC scanning.

View tool details →

Terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Open-source static code analyzer for IaC that helps detect security issues and compliance violations.

View tool details →

Lacework

The AI-powered Cloud Security Platform.

A data-driven CNAPP that uses machine learning to automate cloud security, from IaC scanning to threat detection.

View tool details →

Snyk IaC

Developer-first security for Infrastructure as Code.

A tool that helps developers find and fix security issues in IaC files like Terraform, CloudFormation, and Kubernetes.

View tool details →

KICS

Keeping Infrastructure as Code Secure.

Open-source IaC scanner from Checkmarx that supports a wide range of platforms and offers extensive queries.

View tool details →

Tenable Cloud Security (Terrascan)

Identify and address cloud security risks with confidence.

A CNAPP solution that includes IaC scanning, CSPM, and workload protection, utilizing the open-source Terrascan engine.

View tool details →

Sysdig Secure

Cloud security, powered by runtime insights.

A cloud security platform with deep runtime insights.

View tool details →

Aqua Security (tfsec, Trivy)

Stop cloud native attacks. From code to cloud and back.

A full-lifecycle CNAPP that secures applications from development to production, featuring IaC scanning via tfsec and Trivy.

View tool details →

TFLint

A Pluggable Terraform Linter.

A linter for Terraform that focuses on best practices, style conventions, and detecting potential errors.

View tool details →

Steampipe

Query cloud APIs in real time using SQL.

An open-source tool that instantly queries cloud APIs using SQL, without needing to ETL data into a database.

View tool details →

Jit

The M-V-P of DevSecOps.

A DevSecOps platform that simplifies and automates security.

View tool details →

Deepfactor

Next-gen application security for cloud native.

A runtime application security platform that includes IaC scanning.

View tool details →

Steampipe

Query your cloud, APIs, and more with SQL.

Open-source tool that maps cloud APIs to PostgreSQL tables, enabling SQL-based querying for security and compliance.

View tool details →

CloudQuery

The open-source cloud asset inventory powered by SQL.

An open-source tool for building a cloud asset inventory that can be used for policy-as-code checks.

View tool details →

CloudQuery

The open-source cloud asset inventory powered by SQL.

An open-source tool that extracts, transforms, and loads your cloud infrastructure data into a PostgreSQL database, allowing you to query it with SQL.

View tool details →

Steampipe

Query your cloud, code, and more with SQL.

An open-source tool that instantly translates APIs into a PostgreSQL database, allowing you to query your cloud infrastructure with SQL.

View tool details →

Cloudanix

Code to Cloud Security Platform.

A unified platform for code, cloud, identity, and workload security.

View tool details →

Lightspin

The Contextual Cloud Security Platform.

A CNAPP that provides a contextual view of cloud security risks.

View tool details →

oak9

Security as Code for Cloud Native.

Dynamically secure Infrastructure as Code (IaC) and deployed cloud-native workloads.

View tool details →

Prowler

The most-used open source tool for AWS security.

An open-source security tool for AWS, Azure, and GCP that performs security assessments, audits, and incident response.

View tool details →

oak9

Security as Code. Built by developers, for developers.

An Infrastructure as Code security platform that is designed for developers.

View tool details →

ggshield

Find and fix secrets in your source code.

A CLI tool for secrets detection that also includes IaC scanning capabilities to find misconfigurations.

View tool details →

Prowler

Cloud security assessments, audits, incident response, continuous monitoring, hardening and forensics readiness.

An open-source security tool for AWS, Azure, and GCP that performs security assessments, audits, and hardening.

View tool details →

tfsec

Security scanner for your Terraform code.

Open-source static analysis for Terraform.

View tool details →

Trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more.

Finds vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more.

View tool details →

Runecast

Automated Proactive Audits.

Proactive security and compliance analysis for hybrid clouds.

View tool details →

Trivy

The All-in-One Security Scanner.

A comprehensive, open-source security scanner for vulnerabilities, misconfigurations, secrets, and SBOMs in IaC, containers, and more.

View tool details →

Open Policy Agent (OPA)

Policy-based control for cloud native environments.

Open-source, general-purpose policy engine.

View tool details →

oak9

Security as Code for Cloud-Native Applications.

An IaC security platform that helps developers build secure and compliant cloud native applications.

View tool details →

Lightspin by Cisco

Contextual Cloud Security.

A CNAPP that prioritizes risks using attack path analysis.

View tool details →

Checkov

Prevent cloud misconfigurations during build time.

An open-source static analysis tool for scanning Infrastructure as Code for misconfigurations and security vulnerabilities.

View tool details →

env0

The complete platform for managing Infrastructure as Code.

An automation platform for managing Terraform, Terragrunt, and other IaC workflows with governance and cost control.

View tool details →

Spacelift

The most flexible and compliant CI/CD for Infrastructure as Code.

A specialized CI/CD platform for Infrastructure as Code that provides automation, collaboration, and policy enforcement.

View tool details →

Styra Declarative Authorization Service (DAS)

The unified authorization platform, powered by OPA.

An enterprise management plane for Open Policy Agent (OPA) to operationalize authorization and policy.

View tool details →

Styra DAS

The Enterprise OPA Platform.

A management plane for Open Policy Agent (OPA) that provides centralized policy authoring, distribution, and monitoring.

View tool details →

GitGuardian

The code security platform for the DevOps generation.

A platform that helps you detect and remediate secrets in your code and monitor your software supply chain.

View tool details →

Wiz

Secure everything you build and run in the cloud.

A CNAPP that provides full stack visibility, risk prioritization, and security for cloud environments.

View tool details →

CrowdStrike Falcon Cloud Security

Unified, code to cloud security.

A CNAPP that extends CrowdStrike's leading endpoint security to protect the entire cloud estate.

View tool details →

Orca Security

Agentless Cloud Security and Compliance for AWS, Azure, and GCP.

An agentless CNAPP that provides comprehensive visibility and security for cloud environments without the need for per-asset agents.

View tool details →

Firefly

The Cloud Asset Management Platform.

A platform for managing cloud assets, discovering resources, and codifying infrastructure to manage drift and ensure governance.

View tool details →

SpectralOps

Automated code security for developers.

A developer-first security platform that scans code, configuration, and other assets for security issues.

View tool details →

Checkov

Policy-as-code for everyone.

An open-source static code analysis tool for scanning infrastructure as code (IaC) files for misconfigurations and security vulnerabilities.

View tool details →

GitHub Advanced Security

Find and fix vulnerabilities with ease.

A suite of security tools for GitHub repositories.

View tool details →

Orca Security

The Agentless Cloud Security Platform.

A comprehensive, agentless CNAPP that provides shift-left security, including pre-commit IaC scanning.

View tool details →

SentinelOne Singularity Cloud

Autonomous security for the cloud.

A cloud security platform that provides autonomous threat protection for cloud workloads and environments.

View tool details →

CrowdStrike Falcon Cloud Security

Stop cloud breaches.

A CNAPP from a leader in endpoint security, offering both agentless and agent-based protection, including IaC scanning.

View tool details →

Trivy

The most popular open source security scanner.

A scanner for vulnerabilities in container images, filesystems, and Git repositories, as well as for configuration issues.

View tool details →

Fugue

Cloud Security and Compliance.

A cloud security platform focused on IaC and CSPM.

View tool details →

Wiz

The Cloud Security Platform.

A comprehensive CNAPP that includes IaC scanning as part of its full lifecycle cloud security solution.

View tool details →

Kyverno

Kubernetes Native Policy Management.

A policy engine designed for Kubernetes that can validate, mutate, and generate configurations using policies.

View tool details →

JupiterOne

The Cyber Asset Attack Surface Management Platform.

A platform that creates a graph-based model of your cyber assets and their relationships, allowing you to understand and manage your attack surface.

View tool details →

SonarCloud

Clean code. Delivered.

A cloud-based code quality and security service.

View tool details →

Lacework

The data-driven cloud security platform.

A CNAPP that uses a Polygraph Data Platform to automate cloud security, including IaC security.

View tool details →

Datadog Cloud Security

Unified security and observability.

A cloud security platform that includes IaC scanning, CSPM, and CWPP, leveraging observability data for context.

View tool details →

Datadog Cloud Security Management

Detect threats in real time. Investigate security alerts. Secure your production environment.

A security and observability platform that includes IaC scanning as part of its cloud security offering.

View tool details →

Sysdig Secure

Cloud security powered by runtime insights.

A CNAPP that uses deep runtime insights from Falco to secure the entire cloud-native lifecycle, including IaC scanning.

View tool details →

Pulumi CrossGuard

Policy as Code for the Cloud.

A policy as code solution for the Pulumi platform.

View tool details →

Datadog Cloud Security Posture Management

Continuously monitor your cloud environment for misconfigurations.

A CSPM solution that scans your cloud environments for misconfigurations and compliance risks, and provides remediation guidance.

View tool details →

Snyk Infrastructure as Code

Find and fix security issues in your infrastructure as code.

A developer-first IaC security tool to find and fix misconfigurations.

View tool details →

Sentinel

Policy as Code for HashiCorp Products.

A policy as code framework from HashiCorp.

View tool details →

Snyk IaC

Developer-first infrastructure as code security.

A developer-focused IaC security tool that scans for misconfigurations and provides context and remediation advice.

View tool details →

Fugue

Cloud security posture management for the entire cloud development lifecycle.

A CNAPP that provides end-to-end security for cloud environments, from IaC to runtime.

View tool details →

Accurics by Tenable

Policy as Code for the Full Cloud Native Stack.

Provides security and governance from code to cloud.

View tool details →

Snyk IaC

Developer-first IaC security. Find and fix misconfigurations in Terraform, CloudFormation, Kubernetes, and more.

Developer-first IaC security tool that finds and fixes misconfigurations in Terraform, CloudFormation, Kubernetes, and more.

View tool details →

KICS by Checkmarx

Keeping Infrastructure as Code Secure.

An open-source static analysis tool for finding security vulnerabilities, compliance issues, and infrastructure misconfigurations in IaC.

View tool details →

Datadog Cloud Security Management

Unified security and observability.

A security and compliance solution that provides threat detection, posture management, and IaC scanning within the Datadog platform.

View tool details →

Snyk Infrastructure as Code

Developer-first security for your infrastructure as code.

Find and fix security issues in your Terraform, CloudFormation, Kubernetes, and ARM configurations.

View tool details →

Pulumi

Create, deploy, and manage infrastructure on any cloud using your favorite languages.

An IaC platform that allows you to use general-purpose programming languages to provision and manage cloud infrastructure.

View tool details →

tfsec

Security scanner for your Terraform code.

A static analysis tool for Terraform code.

View tool details →

Pulumi CrossGuard

Policy as Code for the Cloud.

Define and enforce policies on your cloud infrastructure using familiar programming languages.

View tool details →

Lacework

The data-driven cloud security platform.

A CNAPP that uses data and machine learning to provide automated threat detection, configuration compliance, and vulnerability management.

View tool details →

HashiCorp Sentinel

Policy as Code for Security, Compliance, and Operational Governance.

An embedded policy-as-code framework that integrates with the HashiCorp Enterprise platform.

View tool details →

Lacework

The data-driven cloud security platform.

A CNAPP that uses data and machine learning to secure cloud environments.

View tool details →

Datadog Cloud Security Management

Unified security and observability.

Detects threats and misconfigurations across the full cloud stack.

View tool details →

Snyk IaC

Developer-first IaC security.

A tool that helps developers find and fix security issues in IaC configurations like Terraform, CloudFormation, Kubernetes, and ARM templates.

View tool details →

Bridgecrew by Prisma Cloud

Developer-first cloud security.

A developer-first cloud security platform with a focus on IaC.

View tool details →

CloudSploit by Aqua

Cloud Security Auditing and Monitoring.

Open-source and commercial tool for cloud security posture monitoring.

View tool details →

Checkov

Policy-as-code for everyone.

An open-source static analysis tool for infrastructure as code.

View tool details →

Prisma Cloud (by Palo Alto Networks)

The most complete Cloud-Native Application Protection Platform (CNAPP).

Secures applications from code to cloud across multicloud environments.

View tool details →

Sysdig Secure

Secure your cloud from source to run.

A CNAPP built on a foundation of deep runtime visibility, powered by Falco.

View tool details →

Prisma Cloud by Palo Alto Networks

The most complete Cloud-Native Application Protection Platform (CNAPP).

A comprehensive cloud security platform with IaC scanning capabilities.

View tool details →

Pulumi Policy as Code

Define and enforce policies on your cloud infrastructure.

An integrated policy as code solution for the Pulumi IaC platform.

View tool details →

Aqua Security Platform

Stop cloud native attacks.

The industry's most integrated Cloud Native Application Protection Platform (CNAPP).

View tool details →

Aqua Security

The Cloud Native Security Platform.

Secures applications from code to cloud and back.

View tool details →

Aqua Security

The Cloud Native Security Platform.

A comprehensive security platform for cloud native applications.

View tool details →

Prisma Cloud

The comprehensive Cloud Native Application Protection Platform (CNAPP).

A unified security platform that protects applications from code to cloud, including IaC scanning, CSPM, and CWPP.

View tool details →

Sysdig

Secure and run cloud and containers with confidence.

A cloud security platform that provides deep visibility for securing and monitoring containers, Kubernetes, and cloud services.

View tool details →

Rapid7 InsightCloudSec

Unified cloud security and compliance.

A CNAPP from Rapid7 for cloud security and compliance.

View tool details →

Terrascan

Detect compliance and security violations across Infrastructure as Code.

An open-source static code analysis tool that helps you detect security and compliance violations in your IaC.

View tool details →

Zscaler Posture Control

Unified CNAPP to secure your cloud.

A cloud-native application protection platform (CNAPP) for unified cloud security.

View tool details →

Sysdig Secure

Secure your cloud from source to run.

A CNAPP built on runtime insights from Falco.

View tool details →

Zscaler Posture Control

The Zero Trust Exchange.

Provides unified CNAPP to secure cloud applications.

View tool details →

HashiCorp Sentinel

Policy as Code for Security, Compliance, and Operational Governance.

An embedded policy-as-code framework within the HashiCorp Enterprise platform, used to enforce policies on Terraform runs.

View tool details →

Veracode

The application security platform.

A comprehensive application security platform.

View tool details →

SpectralOps

Automated code security for developers.

A security tool that scans code, configuration, and IaC for hardcoded secrets and misconfigurations.

View tool details →

GitLab Ultimate

The DevSecOps Platform.

A complete DevOps platform with built-in IaC security.

View tool details →

Sysdig

Secure Every Second.

A cloud-native security and monitoring platform that provides a unified view of risk, health, and performance for cloud and container environments.

View tool details →

TFLint

A Pluggable Terraform Linter.

An open-source linter for Terraform that checks for errors, best practice improvements, and potential bugs.

View tool details →

SonarQube

The essential tool for code quality and security.

A platform for continuous inspection of code quality and security.

View tool details →

HashiCorp Sentinel

Policy as Code for Infrastructure.

A policy as code framework for HashiCorp products.

View tool details →

Rapid7 InsightCloudSec

Unified Cloud Native Security.

Comprehensive cloud security posture management (CSPM) and workload protection (CWPP).

View tool details →

Prisma Cloud (by Palo Alto Networks)

The industry’s most complete Cloud-Native Application Protection Platform (CNAPP).

A comprehensive CNAPP that includes IaC scanning, CSPM, CWPP, and more, building on the open-source Checkov engine.

View tool details →

GitLab IaC Scanning

Scan your Infrastructure as Code (IaC) configuration files for known vulnerabilities.

A built-in security scanning feature within the GitLab CI/CD platform for analyzing IaC files.

View tool details →

Zscaler Posture Control

Secure your cloud with a unified, 100% agentless platform.

A CNAPP that integrates CSPM, CIEM, and IaC scanning to provide a unified view of cloud risk.

View tool details →

Microsoft Defender for Cloud

Protect multi-cloud and hybrid environments with Microsoft Defender for Cloud.

A comprehensive CNAPP and CSPM solution that provides security for Azure, AWS, and GCP, including IaC scanning.

View tool details →

Veracode IaC Security

Secure your cloud-native applications with a unified platform.

An IaC scanning solution integrated into Veracode's comprehensive application security platform.

View tool details →

Tenable Cloud Security

Secure your cloud from code to cloud.

A cloud security platform that provides visibility and control over cloud environments, including IaC security.

View tool details →

Checkmarx IaC Security

Secure your infrastructure and applications from code to cloud.

The enterprise offering built upon the open-source KICS engine, integrated into the Checkmarx One platform.

View tool details →

Checkmarx IaC Security

Secure your infrastructure as code.

An enterprise-grade IaC security solution from Checkmarx.

View tool details →

Tenable.cs

Secure the entire cloud-native stack.

A CNAPP from Tenable that provides security from code to cloud, built on the open-source Terrascan engine.

View tool details →

Checkmarx One

The enterprise application security platform.

A comprehensive application security platform that includes IaC scanning with KICS.

View tool details →

KICS

Keeping Infrastructure as Code Secure

An open-source static analysis tool for IaC security.

View tool details →

Tenable.cs

Secure your cloud infrastructure from build to runtime.

A cloud-native application protection platform (CNAPP) from Tenable.

View tool details →

KICS

Keeping Infrastructure as Code Secure.

An open-source static analysis tool that scans IaC for security vulnerabilities, compliance issues, and misconfigurations.

View tool details →

Terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

An open-source static code analyzer for IaC.

View tool details →

Tenable Cloud Security (incorporating Terrascan)

See everything. Predict what matters. Act to address risk.

Provides unified visibility and security for the entire cloud attack surface.

View tool details →

Aqua Security

Stop cloud native attacks.

A comprehensive CNAPP that secures the entire lifecycle of cloud native applications, including IaC scanning and runtime protection.

View tool details →

Tenable.cs

Secure the entire cloud-native stack.

A cloud native security platform from Tenable.

View tool details →

Qualys Cloud Platform

The all-in-one platform for IT, security and compliance.

A cloud-based platform for IT, security, and compliance.

View tool details →

KICS by Checkmarx

Keeping Infrastructure as Code Secure

An open-source solution for static analysis of IaC.

View tool details →

Bridgecrew

Automated cloud security for DevOps.

A cloud security platform that helps developers secure their infrastructure from code to cloud.

View tool details →

Bridgecrew

The #1 developer-first cloud security platform.

Automate cloud security from code to cloud.

View tool details →

Qualys Cloud Platform

The only end-to-end solution for all aspects of cybersecurity.

A comprehensive security and compliance platform that includes IaC scanning as part of its cloud security module.

View tool details →

Checkmarx KICS

Keeping Infrastructure as Code Secure.

Open-source solution for static analysis of IaC, finding security vulnerabilities, compliance issues, and misconfigurations.

View tool details →

Prowler

The most comprehensive, free tool for AWS security.

An open-source tool for AWS security assessment, auditing, hardening, and incident response, with some IaC capabilities.

View tool details →

Turbot Pipes

Query everything. Code your controls. Automate your operations.

An open-source tool for querying and managing your cloud environment.

View tool details →

cfn-nag

A linter for AWS CloudFormation templates.

An open-source tool that scans CloudFormation templates for patterns that may indicate insecure infrastructure.

View tool details →

Accurics

Policy as Code for the Modern Infrastructure.

A cloud security platform that enables cyber resilience through policy as code.

View tool details →

pre-commit-terraform

A collection of pre-commit hooks for Terraform.

A framework and collection of git hooks for automating checks on Terraform code before commit.

View tool details →

Yor

Automated IaC tagging and tracing.

An open-source tool that automatically adds tags to IaC files, linking them to code owners and repositories.

View tool details →

Terratest

A Go library that makes it easier to write automated tests for your infrastructure code.

A Go library for writing automated tests for IaC, including security and compliance tests.

View tool details →

Driftctl

Detect, track and alert on infrastructure drift.

An open-source tool to detect differences between your IaC state and your live cloud environment (drift).

View tool details →

Check-jsonschema

A CLI for checking JSON and YAML files against a JSON Schema.

A general-purpose CLI tool for validating JSON/YAML files against a schema, useful for custom IaC validation.

View tool details →

Regula

A tool that evaluates infrastructure as code for security misconfigurations and compliance violations.

An open-source tool that checks Terraform, CloudFormation, and Kubernetes configs for misconfigurations using Rego.

View tool details →

Open Policy Agent (OPA)

Policy-based control for cloud native environments.

An open-source, general-purpose policy engine.

View tool details →

CloudSploit

Cloud security posture assessment.

An open-source tool for scanning cloud accounts for security risks and misconfigurations.

View tool details →

cfn-lint

Validate CloudFormation templates against the AWS CloudFormation Resource Specification.

An AWS-maintained linter for CloudFormation templates that checks for errors and best practices.

View tool details →

KubeLinter

A static analysis tool for Kubernetes YAML files and Helm charts.

A static analysis tool from StackRox/Red Hat that checks Kubernetes YAML files for security and best practices.

View tool details →

Terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning.

An open-source static code analyzer for IaC that helps developers build secure infrastructure from the start.

View tool details →

Horusec

An open source tool that orchestrates other security tools.

Orchestration tool for SAST, SCA, and IaC scanning.

View tool details →

Driftctl

Detect, track and alert on infrastructure drift.

Open-source tool to manage IaC drift.

View tool details →

Regula

Checks infrastructure as code for security and compliance.

An open-source tool that evaluates IaC against policies.

View tool details →

Open Policy Agent (OPA)

Policy-based control for cloud native environments.

An open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack.

View tool details →

Cloud Custodian

Rules engine for cloud security, cost optimization, and governance.

A YAML-based DSL to define policies for managing cloud resources.

View tool details →

Kyverno

Kubernetes Native Policy Management.

A policy engine designed for Kubernetes.

View tool details →

tfsec

Security scanner for your Terraform code.

An open-source static analysis tool for finding security misconfigurations in Terraform code.

View tool details →

Checkmarx KICS

Keeping Infrastructure as Code Secure.

An open-source solution for static analysis of IaC, finding security vulnerabilities, compliance issues, and misconfigurations.

View tool details →

Regula

Checks infrastructure as code for security and compliance.

An open-source tool that checks Terraform, CloudFormation, and Kubernetes configurations for security and compliance issues using Rego.

View tool details →

CloudQuery

The open source cloud asset inventory powered by SQL.

An open-source tool that extracts, transforms, and loads cloud asset configuration into SQL databases for analysis.

View tool details →

Mondoo

Security and Compliance as Code.

Policy-as-code platform for security and compliance.

View tool details →

Regula

A tool that evaluates infrastructure as code for security and compliance.

An open-source policy engine for checking IaC against security and compliance rules.

View tool details →

Cloud Custodian

Rules engine for cloud security, cost optimization, and governance.

An open-source tool for cloud security and governance.

View tool details →