GitGuardian has added infrastructure-as-code (IaC) scanning to its code security platform to enhance the security of software development. The firm said the new feature will help security and development teams write, maintain, and run secure code, protecting the software development lifecycle (SDLC) against risks like tampering, code leakage and hardcoded credentials. The release reflects a growing industry focus on improving the cybersecurity of software development processes to help better protect widely used resources and supply chains from cyberthreats.
Initial IaC focus on Terraform and AWS, Azure and Google Cloud to follow
In a press release, GitGuardian stated that, while software-defined infrastructure unlocks speed and consistency for engineering teams, it is still fraught with risks. Gartner predicts that at least 99% of cloud security failures will be due to user fault and misconfigurations by 2023. Such errors propagate from code to cloud-native environments, exposing critical workloads and resources on the way, it added.