🏭 Manufacturing Infrastructure as Code › IaC Compliance

IaC Compliance

Compare 52 iac compliance tools to find the right one for your needs

🔧 Tools

Compare and find the best iac compliance for your needs

Wiz

The Cloud Security Platform.

An agentless cloud security platform that provides a comprehensive view of your cloud risks across your entire cloud environment.

View tool details →

Spacelift

The most flexible and collaborative CI/CD for Infrastructure as Code.

A CI/CD platform for IaC with built-in policy and compliance features.

View tool details →

CrowdStrike Falcon Cloud Security

One platform to stop cloud breaches.

A comprehensive cloud security platform that provides breach protection for the entire cloud estate, from workloads to infrastructure.

View tool details →

Orca Security

The Agentless-First Cloud Security Platform.

An agentless cloud security platform that provides workload and data protection, cloud security posture management (CSPM), and vulnerability management.

View tool details →

Fugue by Snyk

Cloud security for developers.

A cloud security posture management (CSPM) tool with IaC capabilities.

View tool details →

Open Policy Agent

Policy-based control for cloud native environments.

An open-source, general-purpose policy engine.

View tool details →

SpectralOps

Automated code security.

A developer-first platform for finding and fixing security issues in code.

View tool details →

Datadog Cloud Security Management

Full-stack security, from development to production.

A cloud security solution from Datadog that includes CSPM, CWP, and IaC scanning.

View tool details →

Snyk IaC

Developer-first security for Infrastructure as Code.

A tool that helps developers find and fix security issues in IaC files like Terraform, CloudFormation, and Kubernetes.

View tool details →

Sysdig Secure

Cloud security, powered by runtime insights.

A cloud-native security platform that provides threat detection, compliance, and vulnerability management.

View tool details →

Deepfactor

Next-gen application security for cloud native.

A runtime application security platform that includes IaC scanning.

View tool details →

CloudQuery

The open-source cloud asset inventory powered by SQL.

An open-source tool that extracts, transforms, and loads your cloud infrastructure data into a PostgreSQL database, allowing you to query it with SQL.

View tool details →

Steampipe

Query your cloud, code, and more with SQL.

An open-source tool that instantly translates APIs into a PostgreSQL database, allowing you to query your cloud infrastructure with SQL.

View tool details →

Lightspin

The Contextual Cloud Security Platform.

A CNAPP that provides a contextual view of cloud security risks.

View tool details →

oak9

Security as Code. Built by developers, for developers.

An Infrastructure as Code security platform that is designed for developers.

View tool details →

Prowler

The most-used open source tool for AWS security.

An open-source security tool for AWS, Azure, and GCP that performs security assessments, audits, and incident response.

View tool details →

SentinelOne Singularity Cloud

Autonomous security for the cloud.

A cloud security platform that provides autonomous threat protection for cloud workloads and environments.

View tool details →

Trivy

The most popular open source security scanner.

A comprehensive open-source security scanner for vulnerabilities in container images, filesystems, and Git repositories, as well as for IaC misconfigurations.

View tool details →

Fugue

Cloud Security and Compliance.

A cloud security posture management (CSPM) platform that helps you secure your cloud environment from development to runtime.

View tool details →

GitHub Advanced Security

Find and fix vulnerabilities with ease.

A suite of security features for GitHub that helps you find and fix vulnerabilities in your code.

View tool details →

JupiterOne

The Cyber Asset Attack Surface Management Platform.

A platform that creates a graph-based model of your cyber assets and their relationships, allowing you to understand and manage your attack surface.

View tool details →

Kyverno

Kubernetes Native Policy Management.

A policy engine designed for Kubernetes that can validate, mutate, and generate configurations using policies.

View tool details →

tfsec

Security scanner for your Terraform code.

An open-source static analysis tool for finding security misconfigurations in Terraform templates.

View tool details →

Lacework

The data-driven cloud security platform.

A cloud security platform that uses data and automation to provide visibility, threat detection, and compliance across multi-cloud environments.

View tool details →

Pulumi CrossGuard

Policy as Code for the Cloud.

A policy as code solution for the Pulumi platform.

View tool details →

Bridgecrew by Prisma Cloud

Developer-first cloud security.

A developer-first cloud security platform with a focus on IaC.

View tool details →

SonarCloud

Clean code. Delivered.

A cloud-based code quality and security service.

View tool details →

Datadog Cloud Security Posture Management

Continuously monitor your cloud environment for misconfigurations.

A CSPM solution that scans your cloud environments for misconfigurations and compliance risks, and provides remediation guidance.

View tool details →

Checkov

Policy-as-code for everyone.

An open-source static analysis tool for scanning Infrastructure as Code (IaC) files for misconfigurations and security vulnerabilities.

View tool details →

Prisma Cloud by Palo Alto Networks

The most complete Cloud-Native Application Protection Platform (CNAPP).

A comprehensive cloud security platform that includes IaC scanning and compliance.

View tool details →

Aqua Security

The Cloud Native Security Platform.

A comprehensive cloud-native security platform that provides security from code to cloud and back.

View tool details →

Rapid7 InsightCloudSec

Unified cloud security and compliance.

A cloud-native security platform for unified visibility and control.

View tool details →

Sysdig

Secure Every Second.

A cloud-native security and monitoring platform that provides a unified view of risk, health, and performance for cloud and container environments.

View tool details →

Zscaler Posture Control

Unified CNAPP to secure your cloud.

A cloud-native application protection platform (CNAPP) for unified cloud security.

View tool details →

HashiCorp Sentinel

Policy as Code for Infrastructure.

A policy as code framework for HashiCorp products.

View tool details →

TFLint

A Pluggable Terraform Linter.

An open-source linter for Terraform that checks for errors, best practice improvements, and potential bugs.

View tool details →

GitLab Ultimate

The DevSecOps Platform.

A complete DevOps platform that includes integrated security capabilities, including IaC scanning.

View tool details →

Veracode

The application security platform.

A comprehensive application security platform that helps organizations secure their software.

View tool details →

KICS

Keeping Infrastructure as Code Secure

An open-source static analysis tool that finds security vulnerabilities, compliance issues, and infrastructure misconfigurations in IaC.

View tool details →

Tenable Cloud Security

Secure your cloud from code to cloud.

A cloud security platform that provides visibility and control over cloud environments, including IaC security.

View tool details →

Qualys Cloud Platform

The all-in-one platform for IT, security and compliance.

A comprehensive security and compliance platform with IaC scanning.

View tool details →

Tenable.cs

Secure the entire cloud-native stack.

A cloud-native application protection platform (CNAPP) that helps you secure your cloud from code to cloud.

View tool details →

Terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

An open-source static code analyzer for IaC that helps detect security vulnerabilities and compliance violations.

View tool details →

Checkmarx One

The enterprise application security platform.

A comprehensive application security platform that includes IaC scanning with KICS.

View tool details →

Checkmarx IaC Security

Secure your infrastructure as code.

A solution that scans your IaC for security vulnerabilities, compliance issues, and misconfigurations.

View tool details →

Bridgecrew

Automated cloud security for DevOps.

A cloud security platform that helps developers secure their infrastructure from code to cloud.

View tool details →

KICS by Checkmarx

Keeping Infrastructure as Code Secure

An open-source solution for static analysis of IaC.

View tool details →

Turbot Pipes

Query everything. Code your controls. Automate your operations.

An open-source tool for querying and managing your cloud environment.

View tool details →

Open Policy Agent (OPA)

Policy-based control for cloud native environments.

An open-source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack.

View tool details →

Cloud Custodian

Rules engine for cloud security, cost optimization, and governance.

An open-source rules engine for managing public cloud accounts.

View tool details →

Accurics

Policy as Code for the Modern Infrastructure.

A cloud security platform that enables cyber resilience through policy as code.

View tool details →

Regula

A tool that evaluates infrastructure as code for security and compliance.

An open-source policy engine for checking IaC against security and compliance rules.

View tool details →