Seguridad de la infraestructura como código

2 views

Skip to first unread message

Juanje Ojeda Croissier

unread,

Dec 31, 2019, 9:38:25 AM12/31/19

to laspalma...@googlegroups.com

Buenas :-)

Les paso esta interesante herramienta para analizar posibles problemas de seguridad o mala configuración de infraestructuras:

https://github.com/bridgecrewio/checkov

Les copio la descripción:

Checkov is a static code analysis tool for infrastructure-as-code. It scans cloud infrastructure provisioned using Terraform and detects security and compliance misconfigurations.
Checkov is written in Python and provides a simple method to write and manage policies. It follows the CIS Foundations benchmarks where applicable.

Y las características principales:

50+ built-in policies cover security and compliance best practices for AWS, Azure & Google Cloud.
Policies support variable scanning by building a dynamic code dependency graph (coming soon).
Supports in-line suppression of accepted risks or false-positives to reduce recurring scan failures.
Output currently available as CLI, JSON or JUnit XML.

No la he probado aún, pero tiene buena pinta. Si alguien la conoce o la prueba, que comente su experiencia ;-)

Un saludo y feliz año.

Juanje

https://juanjeojeda.com

Reply all

Reply to author

Forward

0 new messages