Cloud misconfiguration detection- Runtime vs Static analysis

Planning, provisioning, and changing infrastructure are becoming vital to rapid cloud application development. Incorporating infrastructure-as-code into software development promotes transparency and immutability and helps prevent bad configurations upstream.In this session, we cover a simple method to write, test, and maintain infrastructure at scale using policy-as-code both in build and runtime. We will go over open source projects that analyze Terraform code and AWS accounts and compare the two approaches (detection vs static analysis) using the following projects:

Resources mentioned in this session:

Barak Schoster

Barak Schosteris CTO and Co-founder atBridgecrew, working from Israel Tel Aviv, Helping teams secure cloud infrastructure. Often contributing to open source projects includingCheckov,Prowler, and others. He has previously worked for RSA focused on cybersecurity machine learning and big data architecture as well as at Fortscale and IDF tech unit. When not writing code or talking about it, Barak loves to spend time at the beach and or after his kids at the park

Find Barak on twitter


The MyDevSecOps community is powered by Snyk Ltd. Our aim is to create a vendor-neutral space to share knowledge and best practices related to software security.

  • White Twitter Icon
  • White YouTube Icon