iac-security-scanner

Solid

Infrastructure as Code security scanning and policy enforcement for Terraform, CloudFormation, Kubernetes, and Pulumi

DevOps & Infrastructure 1,160 stars 71 forks Updated today MIT

Install

View on GitHub

Quality Score: 96/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# IaC Security Scanner Skill ## Purpose Infrastructure as Code security scanning and policy enforcement to identify misconfigurations, security vulnerabilities, and compliance violations in cloud infrastructure definitions before deployment. ## Capabilities ### Terraform Security Scanning - Scan Terraform configurations for security misconfigurations - Check for exposed resources (public S3 buckets, open security groups) - Validate encryption settings for data at rest and in transit - Detect hardcoded secrets in Terraform files - Analyze Terraform state files for sensitive data exposure ### CloudFormation Analysis - Scan CloudFormation templates for security issues - Check IAM policy configurations for least privilege - Validate network configuration security - Detect insecure default configurations ### Kubernetes Manifest Scanning - Analyze Kubernetes YAML manifests for security issues - Check pod security standards compliance - Validate resource limits and quotas - Detect privileged containers and host path mounts ### Pulumi Code Analysis - Scan Pulumi TypeScript/Python code for security issues - Check cloud resource configurations - Validate security best practices ### Policy Enforcement - Define and enforce custom security policies using OPA/Rego - Create guardrails for cloud resource configurations - Block deployments that violate security policies - Generate policy compliance reports ### Compliance Mapping - Map findings to compliance frameworks (CIS, NIST, SOC...

Details

Author
a5c-ai
Repository
a5c-ai/babysitter
Created
4 months ago
Last Updated
today
Language
JavaScript
License
MIT

Integrates with

Kubernetes · Infrastructure Terraform · Infrastructure

Similar Skills

Semantically similar based on skill content — not just same category

DevOps & Infrastructure Listed

iac-security

IaC misconfig scanning and cloud-aware review for Terraform, CloudFormation, Ansible and Pulumi. Covers tool orchestration (checkov/tfsec/kics/cfn-nag), policy-as-code (OPA/Conftest), CIS benchmark mapping, IAM over-permission detection, drift monitoring.

4 Updated 1 weeks ago
roodlicht
DevOps & Infrastructure Listed

iac-container-security

Audit infrastructure-as-code and container security including Terraform/OpenTofu/Pulumi configurations, Dockerfile hardening, Kubernetes manifests, base image hygiene, container scanning, secrets in IaC, IAM policies, network exposure, and runtime security context. Multi-cloud (AWS, GCP, Azure). Use this skill whenever the user asks about Terraform security, tfsec, Checkov, Trivy, Dockerfile hardening, distroless images, k8s securityContext, network policies, IAM least privilege, IaC secret scanning, or 'audit my infrastructure'. Trigger on phrases like 'scan my Dockerfile', 'review my Terraform', 'audit my k8s manifests', 'harden my containers', 'IaC security', 'base image hygiene', 'container CVEs', 'trivy scan'. Use this even when only one IaC layer is mentioned.

1 Updated 1 weeks ago
hlsitechio
DevOps & Infrastructure Featured

implementing-infrastructure-as-code-security-scanning

This skill covers implementing automated security scanning for Infrastructure as Code (IaC) templates using tools like Checkov, tfsec, and KICS. It addresses detecting misconfigurations in Terraform, CloudFormation, Kubernetes manifests, and Helm charts before deployment, establishing policy-based governance, and integrating IaC scanning into CI/CD pipelines to prevent insecure cloud resource provisioning.

13,115 Updated today
mukul975
DevOps & Infrastructure Solid

iac-checkov

Infrastructure as Code (IaC) security scanning using Checkov with 750+ built-in policies for Terraform, CloudFormation, Kubernetes, Dockerfile, and ARM templates. Use when: (1) Scanning IaC files for security misconfigurations and compliance violations, (2) Validating cloud infrastructure against CIS, PCI-DSS, HIPAA, and SOC2 benchmarks, (3) Detecting secrets and hardcoded credentials in IaC, (4) Implementing policy-as-code in CI/CD pipelines, (5) Generating compliance reports with remediation guidance for cloud security posture management.

335 Updated today
aiskillstore
DevOps & Infrastructure Solid

devops-iac-engineer

Implements infrastructure as code using Terraform, Kubernetes, and cloud platforms. Designs scalable architectures, CI/CD pipelines, and observability solutions. Provides security-first DevOps practices and site reliability engineering guidance.

27,705 Updated today
davila7