Arnica Documentation
  • Introduction
  • Getting Started
    • 🔑Sign Up
    • ▶️SCM Integrations
      • Azure DevOps
      • Bitbucket Cloud
      • Bitbucket Server & Datacenter
      • Github
        • GitHub Audit Logs
        • Github App Permissions
      • Gitlab
    • 📤ChatOps
      • Microsoft Teams
      • Slack
        • Adding Arnica to a New Channel
        • Interacting With the Arnica Slackbot
    • 🎫Ticket Management
      • 🐛Jira Integration
      • 📋ADO Boards Integration
    • 🧠Artificial Intelligence
      • Azure OpenAI
      • OpenAI ChatGPT
    • 🏨On Premise Integrations
  • Inventory
    • 💼Identities, Repositories & Organizations
    • 📇Software Bill of Materials (SBOM)
    • 🦄Prioritization & Product Ownership
  • Hardcoded Secrets
    • 🕵️Secret Detection
    • ⏪Realtime Secret Mitigation
    • 🥕Secrets Policy Settings
  • Code Risks
    • 🎼Static Application Security Testing (SAST)
      • Custom SAST Rules
    • 🧩Software Composition Analysis (SCA)
    • 🔡3rd Party Package Licenses
      • Override License Classifications
    • 🤹3rd Party Package Reputation
      • Identifying Low Rep Packages
      • How to Find Alternative Packages
    • ⛅Infrastructure as Code Security (IaC)
    • 🤖Code Risk Policy Settings
      • Developer Feedback On Push
      • Require Review Before Dismissal
      • 0 New High Severity Vulnerabilities
      • Enforce Remediation SLA
    • 🪄Code Risk Magic Links
    • 📦Code Risk Language and Framework Support
  • Platform Operations
    • 🚪Joining an Existing Org
    • ❌Deleting a Tenant
    • 🫂How do I invite members to my tenant?
      • New User Invitations
    • 👥Users & Roles
    • 🔇Deleting Integrations
    • ⌛Scheduled Jobs
      • How often do Jobs run?
    • 💸Billing
  • Security
    • 🎮Role Based Access Control (RBAC)
    • 🛡️Data Handling
    • 🏛️SSO Integration
      • Okta Integration
      • Entra ID Integration
Powered by GitBook
On this page
  • Overview
  • IaC Types Support Matrix

Was this helpful?

  1. Code Risks

Infrastructure as Code Security (IaC)

Overview

Arnica's IaC Security engine provides real-time visibility and remediation for misconfigurations and security risks in Infrastructure-as-Code files like Terraform, Docker, etc. As part of Arnica’s pipelineless security platform, this capability protects your cloud infrastructure from being deployed insecurely — before it ever leaves the developer’s hands.

Misconfigurations in IaC can open the door to data breaches, privilege escalation, or service outages often without developers realizing it until it's too late. Common risks include:

  • Publicly exposed cloud resources

  • Weak security group rules

  • Missing encryption or logging settings

  • Insecure Docker image practices, and more.

Arnica automatically detects these issues in real-time at the moment of code change (on code push, and Pull/Merge Request), giving your team a chance to fix them before they hit production.

IaC Types Support Matrix

Platform

Terraform (for AWS, GCP, Azure and OCI)

CloudFormation (including AWS SAM)

Azure Resource Manager (ARM)

Serverless framework

Helm charts

Kubernetes

Dockerfile

Kustomize

Ansible

Bicep

ARM

OpenTofu template files

PreviousHow to Find Alternative PackagesNextCode Risk Policy Settings

Last updated 5 days ago

Was this helpful?

⛅