This message was deleted.
# general
s
This message was deleted.
m
You can use Trivy/Grype to scan for vulnerabilities in you programming language. And you can use Pulumi Policy as Code (CrossGuard https://www.pulumi.com/docs/guides/crossguard/) to check for best practices / compliance and security violations. There is also also AWSGuard support (https://www.pulumi.com/docs/guides/crossguard/awsguard/) I also thought about to transform some of the AquaSec rules (https://github.com/aquasecurity/defsec) from their engine they use in Trivy and tfsec.
🙌 1