In an effort to move shift Security ‘further left’ in a software development lifecycle, testing for security misconfigurations is critical. Detecting these misconfigurations earlier reduces the amount of time and effort required to fix any issues downstream and increases the velocity and release cadence by removing the potential need to apply these fixes later.
Tools such as cfn_nag look for patterns in CloudFormation templates that may indicate insecure infrastructure. Providing tools to developers enables them to run these tests locally, identifying and resolving any findings before committing the Infrastructure-as-code to source control.
Read more