Shifting Terraform security left

Shifting Terraform security left

How do you know if the HCL you're writing will result in secure infrastructure? How can you write tests to catch common problems? One of the advantages of infrastructure as code is that we can reason about the code before we run it. In this talk we'll look at the area of configuration security, discuss some of the issues around static analysis of Terraform and look at some open source tools that can help with testing your Terraform code.


Gareth Rushgrove

February 20, 2020