Presented by:


Moving applications and development to the cloud has delivered both operational benefits at scale. Faster release cycles and microservices architectures drive complexity and a need for speed that can only be solved by automation via Infrastructure-as-Code (IaC). However, deploying new tools creates new attack surfaces and IaC is no different.
Whether inadvertently exposing an S3 bucket or maliciously deploying tampered applications into production, the automation inherent to the IaC amplifies mistakes and facilitates lateral movement of attackers as much as it boosts developers’ release efficiency. Just as scanning for security vulnerabilities in source code is a de-facto best practice, proactively scanning IaC must also become automated in software delivery pipelines of security conscious organizations looking to shift left.