Infrastructure as Code (IaC) Scanning
DevGuard performs infrastructure as code (IaC) scanning to identify vulnerabilities in your project’s infrastructure configurations (e.g. Dockerfile or Helm-Chart) - Background Information
Handling Found Vulnerabilities: Practical Steps for Mitigation
When DevGuard’s IaC scanning detects potential security issues, such as the example provided below, it’s crucial to address these findings to prevent vulnerabilities in your infrastructure.
Steps to Fix
Analyze and Fix the Code
-
Review the Finding: Understand the nature of the issue reported by DevGuard. The tool will provide details about the vulnerability, including the file and line number.
-
Modify the Code: Make the necessary changes to the code to fix the identified issue. This may involve refactoring code, or developing security patches.
-
Test the Changes: After making modifications, thoroughly test the code to ensure that the issue is resolved and no new vulnerabilities are introduced.
Alternative Measures
If none of the above fixes are feasible:
- Risk Acceptance: Temporarily accept the risk using DevGuard’s risk management feature. Document the accepted risk by providing a justification. Use the UI or slash commands in the issue.
- Avoidance: Limit exposure by sandboxing or disabling affected functionality.