Hello CloudFormation and Terraform developers,
After the support of the Encryption at Rest and Permission domains, we are now happy to announce that SonarCloud covers the 5 major domains where security problems can be introduced in Infrastructure as Code AWS files:
- AWS S3 Buckets
- Permissions
- Encryption at Rest
- Encryption in Transit
- Traceability
These domains are covered for CloudFormation and Terraform for AWS and the full list of rules is visible here:
- https://rules.sonarsource.com/cloudformation: 27 rules
- https://rules.sonarsource.com/terraform: 26 rules
Note: if you are a SonarQube user, don’t worry we got you covered as the same features are available with the recently released SonarQube 9.2.
Alex