🚧 DevGuard & this page is under active development. Visit the DevGuard Repo →
Risk Mitigation GuidesInfrastructure as Code (IaC)

Infrastructure as Code (IaC) Scanning

ℹ️

DevGuard performs infrastructure as code (IaC) scanning to identify vulnerabilities in your project’s infrastructure configurations (e.g. Dockerfile or Helm-Chart) - Background Information

Handling Found Vulnerabilities: Practical Steps for Mitigation

When DevGuard’s IaC scanning detects potential security issues, such as the example provided below, it’s crucial to address these findings to prevent vulnerabilities in your infrastructure.

Screenshot of an IaC finding in DevGuard

Steps to Fix

Analyze and Fix the Code

  1. Review the Finding: Understand the nature of the issue reported by DevGuard. The tool will provide details about the vulnerability, including the file and line number.

  2. Modify the Code: Make the necessary changes to the code to fix the identified issue. This may involve refactoring code, or developing security patches.

  3. Test the Changes: After making modifications, thoroughly test the code to ensure that the issue is resolved and no new vulnerabilities are introduced.

Alternative Measures

If none of the above fixes are feasible:

  • Risk Acceptance: Temporarily accept the risk using DevGuard’s risk management feature. Document the accepted risk by providing a justification. Use the UI or slash commands in the issue.
  • Avoidance: Limit exposure by sandboxing or disabling affected functionality.
Static Application Security Testing (SAST)Container Scanning