πŸ—‚οΈ Navigation
πŸ“ Infrastructure as Code
πŸ“‹ IaC Security

πŸ“‹ IaC Security

83 tools compared

πŸ“‚ Subcategories

πŸ“ IaC Compliance

27 tools

πŸ“ IaC SAST

11 tools

πŸ“ IaC Security Scanning

6 tools

πŸ“ Infrastructure Policy

23 tools

πŸ“ Pre-Commit IaC Scanning

11 tools

πŸ“ Terraform Security

5 tools

πŸ”§ Tools in IaC Security

Wiz

The Cloud Security Platform.

A comprehensive cloud security platform with IaC scanning.

For more tool information ➜

Kubescape

An open-source Kubernetes security platform.

A tool for risk analysis, security, compliance, and misconfiguration scanning in Kubernetes.

For more tool information ➜

Spacelift

The most flexible and sophisticated CI/CD for Infrastructure as Code.

A specialized CI/CD platform for IaC that provides automation, collaboration, and governance, with built-in security scanning.

For more tool information ➜

CrowdStrike Falcon Cloud Security

One platform to stop the breach, for any cloud.

A comprehensive CNAPP that extends CrowdStrike's leading endpoint protection to secure the entire cloud estate.

For more tool information ➜

Snyk IaC

Developer-first infrastructure as code security.

Finds and fixes misconfigurations in Terraform, CloudFormation, Kubernetes, and ARM templates within developer workflows.

For more tool information ➜

Open Policy Agent (OPA)

Policy-based control for cloud native environments.

An open-source, general-purpose policy engine.

For more tool information ➜

Spacelift

The most flexible and collaborative CI/CD for Infrastructure as Code.

A CI/CD platform for IaC with built-in policy and compliance features.

For more tool information ➜

Wiz

The #1 cloud security platform

Agentless CNAPP that provides full-stack visibility to rapidly identify and remove critical risks in cloud environments.

For more tool information ➜

Wiz

The Cloud Security Platform.

An agentless CNAPP that provides full-stack visibility of cloud risks, connecting IaC issues to runtime context.

For more tool information ➜

Terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning.

An open-source static code analysis tool for IaC that helps detect security and compliance violations.

For more tool information ➜

GitGuardian

The code security platform for the DevOps generation.

A platform for automated secrets detection and remediation.

For more tool information ➜

CrowdStrike Falcon Cloud Security

One platform to stop cloud breaches.

A unified cloud-native application protection platform (CNAPP).

For more tool information ➜

Orca Security

The pioneer of agentless cloud security

A comprehensive CNAPP that provides 100% visibility into cloud risks using a patented SideScanningβ„’ technology.

For more tool information ➜

GitGuardian IaC Security

Automated IaC security and compliance.

Scans infrastructure-as-code files for misconfigurations and security issues within the software development lifecycle.

For more tool information ➜

Checkov

Policy-as-code for everyone. Scan infrastructure as code for misconfigurations and vulnerabilities.

An open-source static analysis tool for scanning IaC to find misconfigurations before they're deployed.

For more tool information ➜

Orca Security

The Agentless-First Cloud Security Platform.

A comprehensive cloud security platform with IaC scanning.

For more tool information ➜

tfsec

Security scanner for your Terraform code.

An open-source static analysis tool for Terraform.

For more tool information ➜

Lacework

The data-driven cloud security platform

A CNAPP that uses a patented Polygraph Data Platform to provide automated threat detection and response.

For more tool information ➜

Orca Security

Agentless Cloud Security. Instant-On. 100% Coverage.

A comprehensive, agentless CNAPP that provides full-stack visibility into cloud environments, including IaC security.

For more tool information ➜

tfsec

A static analysis security scanner for your Terraform code.

An open-source tool that performs static analysis of Terraform code to spot misconfigurations and security issues.

For more tool information ➜

Fugue by Snyk

Cloud security for developers.

A cloud security posture management (CSPM) tool with IaC capabilities.

For more tool information ➜

Snyk IaC

Developer-first security for your infrastructure as code.

Finds and fixes security issues in Terraform, CloudFormation, Kubernetes, and ARM templates.

For more tool information ➜

Trivy

A comprehensive and versatile security scanner.

An open-source scanner for vulnerabilities, misconfigurations, secrets, and SBOM.

For more tool information ➜

Snyk

AI-powered Developer Security Platform

Finds and fixes vulnerabilities in code, open source, containers, and IaC.

For more tool information ➜

KICS

Keeping Infrastructure as Code Secure. An open-source solution for static code analysis of IaC.

An open-source static analysis tool from Checkmarx that finds security vulnerabilities and misconfigurations in IaC.

For more tool information ➜

Open Policy Agent

Policy-based control for cloud native environments.

An open-source, general-purpose policy engine.

For more tool information ➜

Prisma Cloud (Checkov)

The most comprehensive Cloud Native Application Protection Platform (CNAPP).

Secures applications from code to cloud, including IaC scanning with the open-source engine Checkov.

For more tool information ➜

Checkov

Policy-as-code for everyone. Scan cloud infrastructure configurations to find misconfigurations before they're deployed.

An open-source static analysis tool for Infrastructure-as-Code.

For more tool information ➜

Prisma Cloud by Palo Alto Networks

The most complete Cloud-Native Application Protection Platform (CNAPP)

Provides comprehensive security and compliance coverage for applications, data, and the entire cloud-native technology stack.

For more tool information ➜

SpectralOps

Automated code security.

A developer-first platform for finding and fixing security issues in code.

For more tool information ➜

Prisma Cloud

The Code-to-Cloudβ„’ platform that secures apps from design to runtime.

A comprehensive Cloud Native Application Protection Platform (CNAPP).

For more tool information ➜

Datadog Cloud Security Management

Full-stack security, from development to production.

Integrates security into the Datadog observability platform, providing IaC scanning, CSPM, and threat detection.

For more tool information ➜

Datadog Cloud Security Management

Full-stack security, from development to production.

A cloud security solution that's part of the Datadog observability platform.

For more tool information ➜

Lacework

The AI-powered Cloud Security Platform.

A data-driven CNAPP that uses machine learning to automate cloud security, from IaC scanning to threat detection.

For more tool information ➜

Terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

An open-source static code analysis tool for IaC.

For more tool information ➜

Snyk IaC

Developer-first security for Infrastructure as Code.

Find and fix security issues in Terraform, CloudFormation, Kubernetes, and ARM templates.

For more tool information ➜

KICS

Keeping Infrastructure as Code Secure.

An open-source IaC static analysis tool by Checkmarx.

For more tool information ➜

Tenable Cloud Security (Terrascan)

Identify and address cloud security risks with confidence.

A CNAPP solution that includes IaC scanning, CSPM, and workload protection, utilizing the open-source Terrascan engine.

For more tool information ➜

Sysdig Secure

Cloud security, powered by runtime insights.

A cloud-native security platform with a focus on runtime security.

For more tool information ➜

Aqua Security (tfsec, Trivy)

Stop cloud native attacks. From code to cloud and back.

A full-lifecycle CNAPP that secures applications from development to production, featuring IaC scanning via tfsec and Trivy.

For more tool information ➜

TFLint

A Pluggable Terraform Linter.

A static analysis tool focused on linting Terraform code.

For more tool information ➜

Checkov

Prevent cloud misconfigurations during build time.

An open-source static analysis tool for scanning infrastructure as code (IaC) for misconfigurations.

For more tool information ➜

Trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more.

A comprehensive, easy-to-use open-source security scanner.

For more tool information ➜

Styra Declarative Authorization Service (DAS)

The unified authorization platform, powered by OPA.

An enterprise management plane for Open Policy Agent (OPA) to operationalize authorization and policy.

For more tool information ➜

GitGuardian

The code security platform for the DevOps generation.

A platform focused on detecting and remediating secrets in code, with IaC misconfiguration scanning.

For more tool information ➜

Spacelift

The most flexible and compliant CI/CD for Infrastructure as Code.

A specialized CI/CD platform for IaC that includes integrated policy as code enforcement.

For more tool information ➜

env0

The complete platform for managing Infrastructure as Code.

An automation platform for IaC that provides governance, cost management, and policy enforcement.

For more tool information ➜

Wiz

Secure everything you build and run in the cloud.

A CNAPP platform that provides full-stack visibility and security risk context, from code to cloud.

For more tool information ➜

Orca Security

Agentless Cloud Security and Compliance for AWS, Azure, and GCP.

An agentless CNAPP that provides comprehensive visibility into cloud risks without per-asset integration.

For more tool information ➜

CrowdStrike Falcon Cloud Security

Unified, code to cloud security.

A CNAPP that extends CrowdStrike's leading endpoint security to protect the entire cloud estate.

For more tool information ➜

Snyk IaC

Developer-first IaC security. Find and fix misconfigurations in Terraform, CloudFormation, Kubernetes, and more.

Scans IaC files for misconfigurations and security vulnerabilities, integrating into developer workflows.

For more tool information ➜

Pulumi CrossGuard

Policy as Code for the Cloud.

A policy as code solution for the Pulumi platform.

For more tool information ➜

HashiCorp Sentinel

Policy as Code for Security, Compliance, and Operational Governance.

An embedded policy-as-code framework integrated with the HashiCorp Enterprise products.

For more tool information ➜

Lacework

The data-driven cloud security platform.

A cloud security platform that uses data and automation to drive security outcomes.

For more tool information ➜

Lacework

The data-driven cloud security platform.

A CNAPP that uses anomaly detection to provide visibility and threat detection across cloud environments.

For more tool information ➜

Datadog Cloud Security Management

Unified security and observability.

Integrates security into the Datadog observability platform, providing posture management and threat detection.

For more tool information ➜

tfsec

Security scanner for your Terraform code.

A static analysis security scanner for Terraform code.

For more tool information ➜

Bridgecrew by Prisma Cloud

Developer-first cloud security.

A developer-first cloud security platform with a focus on IaC.

For more tool information ➜

Prisma Cloud (by Palo Alto Networks)

The most complete Cloud-Native Application Protection Platform (CNAPP).

A comprehensive CNAPP that secures applications from code to cloud, including robust IaC security.

For more tool information ➜

Sysdig Secure

Secure your cloud from source to run.

A CNAPP built on a foundation of deep runtime visibility, powered by Falco.

For more tool information ➜

HashiCorp Sentinel

Policy as Code for Infrastructure.

A policy as code framework for HashiCorp products.

For more tool information ➜

Rapid7 InsightCloudSec

Unified cloud security and compliance.

A cloud-native security platform for unified visibility and control.

For more tool information ➜

Zscaler Posture Control

Unified CNAPP to secure your cloud.

A cloud-native application protection platform (CNAPP) for unified cloud security.

For more tool information ➜

Checkov

Policy-as-code for everyone.

An open-source static analysis tool for infrastructure as code.

For more tool information ➜

Pulumi Policy as Code

Define and enforce policies on your cloud infrastructure.

An integrated policy as code solution for the Pulumi IaC platform.

For more tool information ➜

Aqua Security

The Cloud Native Security Platform.

A comprehensive security platform for cloud-native applications.

For more tool information ➜

Prisma Cloud by Palo Alto Networks

The most complete Cloud-Native Application Protection Platform (CNAPP).

A comprehensive cloud security platform with IaC scanning capabilities.

For more tool information ➜

Qualys Cloud Platform

The all-in-one platform for IT, security and compliance.

A comprehensive security and compliance platform with IaC scanning.

For more tool information ➜

Tenable.cs

Secure the entire cloud-native stack.

A cloud-native security platform with IaC scanning.

For more tool information ➜

Terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

An open-source static code analyzer for Infrastructure as Code.

For more tool information ➜

Aqua Security

Stop cloud native attacks.

A CNAPP focused on securing the entire lifecycle of container-based and cloud-native applications.

For more tool information ➜

KICS by Checkmarx

Keeping Infrastructure as Code Secure

An open-source solution for static analysis of IaC.

For more tool information ➜

Checkmarx KICS

Keeping Infrastructure as Code Secure.

Open-source solution for static analysis of IaC, finding security vulnerabilities, compliance issues, and misconfigurations.

For more tool information ➜

CloudQuery

The open source cloud asset inventory powered by SQL.

An open-source tool that extracts, transforms, and loads cloud configuration into a database for analysis.

For more tool information ➜

Cloud Custodian

Rules engine for cloud security, cost optimization, and governance.

An open-source rules engine for managing public cloud accounts.

For more tool information ➜

Prowler

The most comprehensive, free tool for AWS security.

An open-source tool for AWS security assessment, auditing, hardening, and incident response.

For more tool information ➜

Open Policy Agent (OPA)

Policy-based control for cloud native environments.

An open-source, general-purpose policy engine that enables unified, context-aware policy enforcement.

For more tool information ➜

tfsec

Security scanner for your Terraform code.

An open-source static analysis tool for finding security misconfigurations in Terraform code.

For more tool information ➜

Checkmarx KICS

Keeping Infrastructure as Code Secure.

An open-source solution for static analysis of IaC, finding security vulnerabilities, compliance issues, and misconfigurations.

For more tool information ➜

Turbot Pipes

Query everything. Code your controls. Automate your operations.

An open-source tool for querying and managing your cloud environment.

For more tool information ➜

Regula

A tool that evaluates infrastructure as code for security and compliance.

An open-source tool for checking IaC against security and compliance policies.

For more tool information ➜

Terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning.

An open-source static code analyzer for IaC that helps detect security issues and enforce policies.

For more tool information ➜

Regula

Checks infrastructure as code for security and compliance.

An open-source tool that evaluates Terraform and CloudFormation for misconfigurations using Rego.

For more tool information ➜