Infrastructure as Code security scanning and policy enforcement for Terraform, CloudFormation, Kubernetes, and Pulumi
Infrastructure as Code security scanning and policy enforcement to identify misconfigurations, security vulnerabilities, and compliance violations in cloud infrastructure definitions before deployment.
{
"type": "object",
"properties": {
"iacPath": {
"type": "string",
"description": "Path to IaC files or directory"
},
"iacType": {
"type": "string",
"enum": ["terraform", "cloudformation", "kubernetes", "pulumi", "arm", "ansible"],
"description": "Type of IaC to scan"
},
"scanners": {
"type": "array",
"items": {
"type": "string",
"enum": ["checkov", "tfsec", "kics", "terrascan", "snyk"]
},
"description": "Scanners to use"
},
"complianceFrameworks": {
"type": "array",
"items": {
"type": "string",
"enum": ["CIS", "NIST", "SOC2", "PCI-DSS", "HIPAA", "GDPR"]
}
},
"customPolicies": {
"type": "string",
"description": "Path to custom OPA/Rego policies"
},
"severityThreshold": {
"type": "string",
"enum": ["CRITICAL", "HIGH", "MEDIUM", "LOW"]
},
"excludePaths": {
"type": "array",
"items": { "type": "string" }
}
},
"required": ["iacPath", "iacType"]
}
{
"type": "object",
"properties": {
"scanId": {
"type": "string"
},
"iacPath": {
"type": "string"
},
"scanTimestamp": {
"type": "string",
"format": "date-time"
},
"summary": {
"type": "object",
"properties": {
"totalFiles": { "type": "integer" },
"filesScanned": { "type": "integer" },
"passedChecks": { "type": "integer" },
"failedChecks": { "type": "integer" },
"skippedChecks": { "type": "integer" }
}
},
"findings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"checkId": { "type": "string" },
"severity": { "type": "string" },
"resourceType": { "type": "string" },
"resourceName": { "type": "string" },
"filePath": { "type": "string" },
"lineNumber": { "type": "integer" },
"description": { "type": "string" },
"remediation": { "type": "string" },
"complianceMapping": { "type": "array" }
}
}
},
"complianceReport": {
"type": "object"
},
"recommendations": {
"type": "array",
"items": { "type": "string" }
}
}
}