Fairwinds | Blog

New Fairwinds Insights Release: Terraform Scanning

Written by Liz Coolman | Feb 14, 2023 5:50:44 PM

When it comes to security issues, time is of the essence. Platform Engineering teams need to be able to catch issues as early in the deployment process as possible and, at the same time, be empowered to take action immediately. 

Detect Security Issues Sooner with Terraform Scanning 

A recent release expands Fairwinds Insights’ Infrastructure-as-Code (IaC) features and shift-left security mindset with Terraform scanning. Insights users can now use IaC scanning to check Terraform files for configuration issues that could put your workloads and cloud infrastructure at risk. 

Terraform scanning generates Action Items after checking your files against a range of best practices, such as: 

  • Configuring your Amazon Web Services (AWS) EKS cluster to encrypt Kubernetes Secret data at rest. This guards against someone with access to the Kubernetes etcd database gaining access to Kubernetes Secret data.

  • Configuring your Google Cloud Platform (GCP) GKE cluster to auto-repair nodes. This automatically replaces Kubernetes nodes that stop responding or run out of disk space.

  • Ensuring your AWS or GCP storage buckets do not allow public access to objects. This verifies that S3 or GCS buckets do not allow unfettered access to their files.

By integrating at the pull request stage — whether through Fairwinds’ GitHub integration or in your favorite CI platform — delivery teams benefit from an immediate feedback loop so they can fix issues faster. Additionally, leaders can use policy enforcement to gate pipelines or merge requests based on scan results. 

For Insights users who already use IaC scanning, taking advantage of Terraform scanning is easy! To enable Terraform scanning with the CI integration, simply upgrade the CI script to the latest version. Those using auto-scan don’t need to take any further action; this feature is already enabled. 

Not using Fairwinds Insights yet? Try out our free tier for environments up to 20 nodes, two clusters, and one repo.