Hi Pulumi! Looking at your stuff for the first time and it seems really powerful. I can't quite figure out something though. Does the scripts go straight to making the resources, or does it end up making a terraform or Cloud formation template that it uses? I have a scanner that scans my CTF stuff before deployment and want to be able to scan with my Pulumi stuff if I end up using it. Thanks for your help!

No tf or cf is created. Based on what providers you are using it does use a terraform provider behind the scenes but no tf or cf code is created. Pulumi directly interacts with the provider.

That's exactly what I need to know. Is there a way to flip an option to create a template instead of just creating the resources?

It does have associated code (if you haven't dealt with pulumi in greater details yet, yiu will need to write a pulumi program) based on what language you will end up using (ts, python etc).

Good info. Last question. Do you guys know of any security tools like a CSPM that does scanning against Pulumi scripts prior to deployment to check for any misconfigs?

Pulumi uses a different approach (than a config file approach that tf and cf use) with general purpose programming languages. These languages have matyre testing frameworks so a cf or tf scan tools will not work. But review this link to know more. Also not aware of any tool that spits tf or cf as output from a pulumi program. [Disclaimer. We have a commercial No Code tool.called qmcloud.io that uses pulumi in the backend and generates ts or if you want tf or cf] https://www.pulumi.com/docs/using-pulumi/testing/

There's also Policy as Code for Pulumi, which would replace your scanner. https://www.pulumi.com/docs/using-pulumi/crossguard/