Infrastructure as Code (IaC) Security Analysis

The IaC Security Analysis workflow examines infrastructure configuration files for security misconfigurations and compliance violations. This workflow helps identify security issues in your infrastructure definitions before they’re deployed.

Overview

Workflow ID: iac
Primary Use Case: Security analysis of infrastructure configuration files
Output: SARIF and HTML security reports

Common Use Cases

1. Pre-Deployment Validation

CLI
GitHub Actions

# Validate infrastructure before deployment
fraim run iac --location ./terraform/ --confidence 8

2. CI/CD Pipeline Integration

CLI
GitHub Actions

# Automated IaC security scanning
fraim --show-logs false \
  run iac --location . \
  --confidence 8 \
  --output ./iac-security-reports/

3. Terraform Security Review

CLI
GitHub Actions

# Comprehensive Terraform analysis
fraim run iac --location . \
  --globs "*.tf" "*.tfvars" \
  --confidence 6

4. Kubernetes Manifest Analysis

CLI
GitHub Actions

# Kubernetes security analysis
fraim run iac --location ./k8s/ \
  --globs "*.yaml" "*.yml" \
  --confidence 7

5. Docker Security Analysis

CLI
GitHub Actions

# Container configuration analysis
fraim run iac --location . \
  --globs "Dockerfile" "docker-compose.yml" \
  --confidence 7

GitHub Actions Integration

Use the official Fraim GitHub Action:

name: IaC Security
on:
  pull_request:
    paths:
      - '**.tf'
      - '**.yaml'
      - '**.yml'

jobs:
  iac-security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      
      - name: Run Fraim IaC Security Scan
        uses: fraim-dev/fraim-action@423d9d6b3c80923557887930d80eec4ca22a5c24
        with:
          anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
          workflow: iac
          workflow_args: |
            {
              "confidence": 8,
              "chunk-size": 400,
              "max-concurrent-chunks": 5
            }

Available workflow_args

Argument	Type	Default	Description
`confidence`	integer (1-10)	`7`	Minimum confidence threshold for filtering findings
`chunk-size`	integer	`500`	Number of lines per chunk
`limit`	integer	`null`	Limit the number of files to scan
`globs`	array of strings	`null`	File patterns to include (uses workflow defaults if not provided)
`max-concurrent-chunks`	integer	`5`	Maximum number of chunks to process concurrently

Get Started

Workflows

Integrations

CLI

IaC

Infrastructure as Code (IaC) Security Analysis

Overview

Common Use Cases

1. Pre-Deployment Validation

2. CI/CD Pipeline Integration

3. Terraform Security Review

4. Kubernetes Manifest Analysis

5. Docker Security Analysis

GitHub Actions Integration

Available workflow_args

Get Started

Workflows

Integrations

CLI

​Infrastructure as Code (IaC) Security Analysis

​Overview

​Common Use Cases

​1. Pre-Deployment Validation

​2. CI/CD Pipeline Integration

​3. Terraform Security Review

​4. Kubernetes Manifest Analysis

​5. Docker Security Analysis

​GitHub Actions Integration

​Available workflow_args

Infrastructure as Code (IaC) Security Analysis

Overview

Common Use Cases

1. Pre-Deployment Validation

2. CI/CD Pipeline Integration

3. Terraform Security Review

4. Kubernetes Manifest Analysis

5. Docker Security Analysis

GitHub Actions Integration

Available workflow_args