Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
f
fast-island-38778
11/25/2022, 7:13 AMDoes Pulumi have a security scanner such as tfsec?
https://github.com/aquasecurity/tfsec
m
many-telephone-49025
11/26/2022, 11:20 AMYou can use Trivy/Grype to scan for vulnerabilities in you programming language. And you can use Pulumi Policy as Code (CrossGuard https://www.pulumi.com/docs/guides/crossguard/) to check for best practices / compliance and security violations.
There is also also AWSGuard support (https://www.pulumi.com/docs/guides/crossguard/awsguard/)
I also thought about to transform some of the AquaSec rules (https://github.com/aquasecurity/defsec) from their engine they use in Trivy and tfsec.