Infrastructure as Code Security (IaC)

Overview

Arnica's IaC Security engine provides real-time visibility and remediation for misconfigurations and security risks in Infrastructure-as-Code files like Terraform, Docker, etc. As part of Arnica’s pipelineless security platform, this capability protects your cloud infrastructure from being deployed insecurely — before it ever leaves the developer’s hands.

Misconfigurations in IaC can open the door to data breaches, privilege escalation, or service outages often without developers realizing it until it's too late. Common risks include:

  • Publicly exposed cloud resources

  • Weak security group rules

  • Missing encryption or logging settings

  • Insecure Docker image practices, and more.

Arnica automatically detects these issues in real-time at the moment of code change (on code push, and Pull/Merge Request), giving your team a chance to fix them before they hit production.

IaC Types Support Matrix

Platform

Terraform (for AWS, GCP, Azure and OCI)

CloudFormation (including AWS SAM)

Azure Resource Manager (ARM)

Serverless framework

Helm charts

Kubernetes

Dockerfile

Kustomize

Ansible

Bicep

ARM

OpenTofu template files

Last updated

Was this helpful?