As network, storage, and compute resources are increasingly abstracted, their creation, deployment architecture, and provisioning are increasingly automated via configuration or code. A person need not physically connect network cables, install operating systems, or configure hardware/software resources through multiple interfaces; rather, the entire hardware/software infrastructure may be specified through code, called infrastructure-as-code (IaC).
Any person or organization that needs known-good computing environments for development, testing, deployment, or other purposes may use IaC. Additionally, any person or organization relying on cloud hosting is an ideal candidate for IaC thanks to the degree to which its techniques are well-suited to such environments.
Black Duck offers a tandem solution to IaC challenges: CodeSight™ SE, along with Coverity® SAST, both powered by our Rapid Scan Static for IaC scanning.
CodeSight SE helps developers write better code by alerting them to issues in source code, open source dependencies, API calls, cryptography, IaC, and more.
Rapid Scan is a fast, lightweight static analysis engine that can be used to scan web and mobile applications, microservices, and IaC configurations. Rapid Scan runs automatically, without additional configuration, with every Coverity scan and can also be run as part of full CI builds with conventional scan completion times. Rapid Scan can also be deployed as a standalone scan engine in Code Sight or via the command line interface, as well as in automated build pipelines.
Learn what tools and strategies make up an effective DevSecOps program
Download the reportLearn how to get end-to-end visibility in your DevSecOps program
Download the guideLearn how to accelerate software development without sacrificing security
Download the eBookLearn how to scale your DevSecOps program with a flexible SaaS AppSec platform
Download the guide