When developing new software, a key element of improving security is providing security feedback as early and seamlessly as possible. One way to do this is embed security tools directly into the development environment. Recently, Aqua’s open source scanner Trivy has added this functionality, integrating with popular …
One of the great security benefits of the move to cloud native development is the increased use of Infrastructure as Code (IaC) to describe computing environments. Once things are described as code, we can shift left and secure our environments before they’re deployed. As a major new feature, the latest version of …
Coming from a software engineering background, we built tfsec to help developers like us scan their infrastructure-as-code (IaC) templates and prevent cloud misconfigurations from being deployed. Teams at the world’s leading organizations are now leveraging tfsec to “shift left” and introduce security earlier in the …