Cybersecurity
Infrastructure Scanner
Analyze Terraform, CloudFormation, and Kubernetes configs for security misconfigurations and CIS benchmark violations.
Estimated time: 1-3 min
Difficulty level: Intermediate
Privacy: Runs locally
5000ms CPU256MB RAM64KB in · 256KB outEducational, no sensitive data
Mode
🏗️HCL (Terraform)
Loading editor...
Paste Terraform, CloudFormation, or Kubernetes manifests. Max 256KB.Max 256KB
Compliance Mapping
SOC 2
65 controls
PCI-DSS
233 controls
HIPAA
45 controls
GDPR
28 controls
Security Categories
IAM & Access
Network
Data Protection
Logging
Encryption
Compute
Export
Download results as PDF, CSV, or JSON.
Run the tool to enable exports.
Learn About Infrastructure Security
What is Infrastructure as Code Security?
IaC security involves scanning Terraform, CloudFormation, and Kubernetes manifests for misconfigurations before deployment. It's a shift-left approach that catches security issues early in the development lifecycle.
Why Scan Infrastructure Code?
Cloud misconfigurations are a leading cause of data breaches. Scanning IaC catches issues like public S3 buckets, open security groups, and missing encryption before resources are deployed.
CIS Benchmarks
- CIS AWS - 100+ checks for AWS security
- CIS Azure - Azure-specific security controls
- CIS Kubernetes - Container security best practices
- CIS GCP - Google Cloud security standards
Common Misconfigurations
- Public S3 buckets or storage accounts
- Unrestricted inbound security group rules
- Unencrypted databases and volumes
- Overly permissive IAM policies