Tag: checkov

Automate Terraform configuration scan with Checkov and GitHub Actions

~ sourav kundu ~ Leave a comment

Terraform enables developers to create cloud resources via a few lines of code. Hence, these developers must write code that is easy to understand and follows security best practices. Moreover, following best practices becomes a habit if there is a system to keep that in check. Checkov is a proven static analysis tool that checks for standard best practices in your … Continue reading Automate Terraform configuration scan with Checkov and GitHub Actions

Static analysis with Checkov, Terraform, and Azure Pipelines

~ sourav kundu ~ Leave a comment

As the name suggests, Static analysis is the ability to scan software code to search and highlight deviations from specified standards. The purpose of static code analysis is to speed up the feedback process of developing software or infrastructure. In general, once code is merged/committed to a repository, failures/defects/bugs are identified during the following stages: … Continue reading Static analysis with Checkov, Terraform, and Azure Pipelines