displayName
IaC Security Scanning
workflowKind
security
triggerType
event-driven
typicalCadence
per-pull-request
complexity
single-team
description
Scans Infrastructure-as-Code templates (Terraform, CloudFormation, Helm,
Pulumi) for misconfigurations, overly permissive IAM policies, unencrypted
storage, public network exposure, and CIS benchmark violations before
merge -- triaging findings by severity, suppressing accepted risks, and
blocking deployments with critical violations. Excludes IaC authoring and
drift remediation.