Awesome Terraform Compliance - tools, frameworks, and resources for implementing compliance, security, and governance controls in Terraform and OpenTofu infrastructure.
IaC threat modeler with STRIDE, MITRE ATT&CK, and PASTA frameworks. REST API, GraphQL, and Docker support for Terraform, CloudFormation, and Kubernetes.
High-performance open-source security scanner combining SAST, SCA, Secret Detection, and IaC analysis, built for developers and CI/CD pipelines.
Detect drift. Defend cloud.
Cloud (IaC) Security plugin for JetBrains IDEs (e.g., IntelliJ IDEA, PyCharm)
Argus brings “a hundred eyes” to your project, combining leading open source security tools into a scalable, automated, continuous security pipeline.
An enterprise-grade, agentless, and open-source cloud security platform for AWS, GCP, and Azure that combines CSPM, DSPM, CIEM, ASM, and vulnerability management with deterministic YAML policies and natural language querying.
Free Browser Based Infrastructure as Code security scanner - Scan Terraform, Kubernetes, Docker, CloudFormation files for vulnerabilities in your browser. 180+ security rules, GitHub repo scanning, PDF reports. Privacy-first, no uploads.
🛡️ The fastest Trivy Action for GitHub. Scan Containers, Filesystems, and IaC for vulnerabilities. Supports SBOM, SARIF, and Daily DB Caching.
One-command Ubuntu Server hardening to achieve cutting-edge security, with ZERO ongoing maintenance required.
Jenkins plugin for Xygeni - End to end software development and delivery security
Enterprise security audit plugin for Claude Code. One command (/security-audit) runs a 10-phase audit with auto-remediation and PDF reports. Auto-detects platform type — supports Express, Django, Next.js, Supabase, Firebase, Electron, React Native, WordPress, Stripe, Solidity, and more.
Terraform Sentinel AI is a local-first multi-agent platform that turns natural language infrastructure requests into secure, policy-aware Terraform using LangGraph, OpenRouter free-tier models, local vector retrieval, and Docker-based validation workflows.
Security-focused linter for Docker Compose files. Catches dangerous misconfigurations before they reach production. Grounded in OWASP and CIS Docker Benchmark.
Security-focused prompt library and Claude Code skill for automated IaC security reviews. Covers Terraform, Kubernetes, Docker, Ansible, CloudFormation, and CI/CD pipelines. Compliance mapping to CIS, NIST 800-53, PCI-DSS, SOC2, HIPAA, and GDPR.
K8s-native AI security platform that auto-generates fixes as pull requests — detect, correlate, remediate across all 7 CNAPP layers with human-in-the-loop review.
🛡️ A curated list of awesome DevSecOps tools, best practices, and resources for securing CI/CD pipelines. Covers SCA, SAST, DAST, IaC, and Container Security.
Production-grade AWS multi-account landing zone. Blast radius design, SCP composition, account vending, CloudTrail detection pipeline. Security architecture depth.
DevSecOps CI/CD pipeline scanner — Jenkins, GitHub Actions, GitLab, Azure Pipelines
Add a description, image, and links to the iac-security topic page so that developers can more easily learn about it.
To associate your repository with the iac-security topic, visit your repo's landing page and select "manage topics."