iac-security-scanner

# IaC Security Scanner Skill ## Purpose Infrastructure as Code security scanning and policy enforcement to identify misconfigurations, security vulnerabilities, and compliance violations in cloud infrastructure definitions before deployment. ## Capabilities ### Terraform Security Scanning - Scan Terraform configurations for security misconfigurations - Check for exposed resources (public S3 buckets, open security groups) - Validate encryption settings for data at rest and in transit - Detect hardcoded secrets in Terraform files - Analyze Terraform state files for sensitive data exposure ### CloudFormation Analysis - Scan CloudFormation templates for security issues - Check IAM policy configurations for least privilege - Validate network configuration security - Detect insecure default configurations ### Kubernetes Manifest Scanning - Analyze Kubernetes YAML manifests for security issues - Check pod security standards compliance - Validate resource limits and quotas - Detect privileged containers and host path mounts ### Pulumi Code Analysis - Scan Pulumi TypeScript/Python code for security issues - Check cloud resource configurations - Validate security best practices ### Policy Enforcement - Define and enforce custom security policies using OPA/Rego - Create guardrails for cloud resource configurations - Block deployments that violate security policies - Generate policy compliance reports ### Compliance Mapping - Map findings to compliance frameworks (CIS, NIST, SOC...