Infrastructure as code (IaC) is the process of managing, provisioning, and programmatically defining cloud-native infrastructure.
Different technologies, such as TerraForm, Kubernetes YAML files, CloudFormation templates, Helm Charts, etc. are used to define and manage the infrastructure during development. As stacks become more and more complex, misconfiguration may occur that can create breach paths.
While security teams use different tools to detect misconfiguration at runtime, it can be very overwhelming. In reality, a lot of these misconfigurations have to be manually mitigated because of the lack of context on the cloud architecture. Because of this, the security teams need to interact with the development team to understand and resolve these misconfigurations, which can be tedious and cannot be scaled.
With Accurics, you can improve on your manual process checking. Accurics can continuously monitor your IaCs, identify the newly introduced violations, and also fix them before the changes are deployed.
Accurics provides options to perform the analysis of the code from various repositories and handle the violations. On the Web Console, you can connect to your code repositories and perform the analysis of your code.
Accurics supports scanning of the code from various repositories, such as Github, Bitbucket, Gitlab, Azure DevOps, AWS code commit, and also GitHub Enterprise, Gitlab Enterprise, and Bitbucket Server.
Before you initiate the scanning of the code repositories, you need to onboard your repositories to Accurics. Onboarding repositories include connecting the repository service provider and selecting the required repositories from the connected account.
This section explains the process of connecting to various code repositories.