📋 Infrastructure Policy

Checkov

Prevent cloud misconfigurations during build time.

An open-source static analysis tool for scanning infrastructure as code (IaC) for misconfigurations.

For more tool information ➜

Styra Declarative Authorization Service (DAS)

The unified authorization platform, powered by OPA.

An enterprise management plane for Open Policy Agent (OPA) to operationalize authorization and policy.

For more tool information ➜

Trivy

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more.

A comprehensive, easy-to-use open-source security scanner.

For more tool information ➜

GitGuardian

The code security platform for the DevOps generation.

A platform focused on detecting and remediating secrets in code, with IaC misconfiguration scanning.

For more tool information ➜

Spacelift

The most flexible and compliant CI/CD for Infrastructure as Code.

A specialized CI/CD platform for IaC that includes integrated policy as code enforcement.

For more tool information ➜

env0

The complete platform for managing Infrastructure as Code.

An automation platform for IaC that provides governance, cost management, and policy enforcement.

For more tool information ➜

Wiz

Secure everything you build and run in the cloud.

A CNAPP platform that provides full-stack visibility and security risk context, from code to cloud.

For more tool information ➜

Orca Security

Agentless Cloud Security and Compliance for AWS, Azure, and GCP.

An agentless CNAPP that provides comprehensive visibility into cloud risks without per-asset integration.

For more tool information ➜

CrowdStrike Falcon Cloud Security

Unified, code to cloud security.

A CNAPP that extends CrowdStrike's leading endpoint security to protect the entire cloud estate.

For more tool information ➜

Snyk IaC

Developer-first IaC security. Find and fix misconfigurations in Terraform, CloudFormation, Kubernetes, and more.

Scans IaC files for misconfigurations and security vulnerabilities, integrating into developer workflows.

For more tool information ➜

HashiCorp Sentinel

Policy as Code for Security, Compliance, and Operational Governance.

An embedded policy-as-code framework integrated with the HashiCorp Enterprise products.

For more tool information ➜

Lacework

The data-driven cloud security platform.

A CNAPP that uses anomaly detection to provide visibility and threat detection across cloud environments.

For more tool information ➜

Datadog Cloud Security Management

Unified security and observability.

Integrates security into the Datadog observability platform, providing posture management and threat detection.

For more tool information ➜

Prisma Cloud (by Palo Alto Networks)

The most complete Cloud-Native Application Protection Platform (CNAPP).

A comprehensive CNAPP that secures applications from code to cloud, including robust IaC security.

For more tool information ➜

Sysdig Secure

Secure your cloud from source to run.

A CNAPP built on a foundation of deep runtime visibility, powered by Falco.

For more tool information ➜

Pulumi Policy as Code

Define and enforce policies on your cloud infrastructure.

An integrated policy as code solution for the Pulumi IaC platform.

For more tool information ➜

Aqua Security

Stop cloud native attacks.

A CNAPP focused on securing the entire lifecycle of container-based and cloud-native applications.

For more tool information ➜

Terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning.

An open-source static code analyzer for IaC that helps detect security issues and enforce policies.

For more tool information ➜

tfsec

Security scanner for your Terraform code.

An open-source static analysis tool for finding security misconfigurations in Terraform code.

For more tool information ➜

Open Policy Agent (OPA)

Policy-based control for cloud native environments.

An open-source, general-purpose policy engine that enables unified, context-aware policy enforcement.

For more tool information ➜

Checkmarx KICS

Keeping Infrastructure as Code Secure.

An open-source solution for static analysis of IaC, finding security vulnerabilities, compliance issues, and misconfigurations.

For more tool information ➜

Regula

Checks infrastructure as code for security and compliance.

An open-source tool that evaluates Terraform and CloudFormation for misconfigurations using Rego.

For more tool information ➜

CloudQuery

The open source cloud asset inventory powered by SQL.

An open-source tool that extracts, transforms, and loads cloud configuration into a database for analysis.

For more tool information ➜