Blog | terraform

Latest Posts

Using Fugue to Protect Against the Apache Log4j Vulnerability on AWS

Becki Lee December 18, 2021

Richard Park also contributed to this post. The Apache Log4j vulnerability known as Log4Shell (CVE-2021-44228) is a serious vulnerability that allows an attacker to execute arbitrary code on any server running the popular Apache Log4j Java logging library. It has a CVSS score of 10, the highest possible value, and should be addressed immediately.

Regula v1.0 is Now Available — Open Source Infrastructure as Code Security

Drew Wright June 29, 2021

Today we announced the 1.0 release of Regula, Fugue’s open source policy engine for infrastructure as code (IaC) security. With this release, Regula now has hundreds of pre-built policies for checking IaC deployments for Amazon Web Services (AWS), Microsoft Azure, and Google Cloud, along with new tooling to make it easier to develop and test custom rules. Read about it at Help Net Security.

Regula Adds Support for AWS CloudFormation Security Checks

Drew Wright May 12, 2021

This week, Fugue announced support for AWS CloudFormation in Regula, the open-source policy engine for infrastructure as code (IaC). Regula has been gaining in popularity for performing pre-deployment security and compliance checks for Terraform, and we’re thrilled to extend Regula’s capabilities to address CloudFormation templates, including the Serverless Application Framework.

Creating an Automated Cloud Infrastructure Testing Tool with Terraform and PyTest

Drew Wright March 27, 2020

Recently, I was tasked with creating an automated testing tool for Fugue. Fugue monitors cloud resources for compliance and security, and we needed a way to verify that the full results of a Fugue scan were correct. My goal was to create an automated system that runs locally or in CI, deploys configurable infrastructure, scans it using Fugue, and verifies the results. This blog post walks through the design and implementation process for what became autotest, our internal automated testing tool.

Cloud Security in CI/CD Part I: Terraform, Github, CircleCI, and Fugue

Becki Lee March 2, 2020

Fugue allows you to easily and programmatically validate your cloud infrastructure for security and compliance. By integrating Fugue into your CI/CD pipeline, you can detect resource misconfiguration and compliance violations as part of every deployment.

Pre-deployment Policy Checks for Terraform using Open Policy Agent and Regula

Becki Lee February 6, 2020

We recently open sourced our tool Regula, which allows you to check your Terraform infrastructure as code for compliance prior to deployment. Regula can be used locally or as part of a CI/CD system, independently of Fugue or with Fugue.

Featured Posts

3 Big Amazon S3 Vulnerabilities You May Be Missing Drew Wright May 21, 2020

Cloud Security for Newly Distributed Engineering Teams Drew Wright March 19, 2020

Cloud Infrastructure Drift: The Good, the Bad, and The Ugly Drew Wright February 6, 2019

Fugue Developer

Free Cloud Security for Engineers

Visualize your cloud infrastructure
Run policy checks and get feedback
Detect change and eliminate misconfiguration

Category "terraform"

Latest Posts

Using Fugue to Protect Against the Apache Log4j Vulnerability on AWS

Regula v1.0 is Now Available — Open Source Infrastructure as Code Security

Regula Adds Support for AWS CloudFormation Security Checks

Creating an Automated Cloud Infrastructure Testing Tool with Terraform and PyTest

Cloud Security in CI/CD Part I: Terraform, Github, CircleCI, and Fugue

Pre-deployment Policy Checks for Terraform using Open Policy Agent and Regula

Featured Posts

Free Cloud Security for Engineers

Get Started with Fugue Today

Trending Topics

Cloud Security Posture Management

Infrastructure as Code and Security

AWS Cloud Security

Azure Cloud Security

Cloud Security for Google Cloud Platform

DevSecOps for Cloud Infrastructure Security

CIS AWS Foundations Benchmark

CIS Azure Foundations Benchmark

Fugue Best Practices Policy Framework

GDPR

HIPAA

ISO 27001

NIST 800-53

PCI

SOC 2 Cloud Compliance

Popular Blogs

Five Steps to a Secure Cloud Architecture

An Introduction to Cloud Security for Infosec Professionals

9 Questions You Should Ask About Your Cloud Security

Events

News

Fugue Extends Cloud Security Market Dominance in Customer Satisfaction, According to G2 Report

Snyk Acquires Fugue, Enters Cloud Security Market

Fugue Achieves AWS Security Competency Status

Fugue Leads Cloud Compliance Market in Customer Satisfaction, According to G2 Report

Fugue Leads Cloud Security Market in Customer Satisfaction, According to G2 Report

Fugue Adds Centralized Multicloud Security Visibility and Policy-Based Governance Capabilities

Fugue Adds AWS Well-Architected Framework to Its Policy as Code Engine for Full Life Cycle Cloud Security

Fugue and CWS Team Up to Close Enterprise Cloud Security Gaps with End-to-End Policy as Code Enforcement

Fugue Adds Kubernetes Security Checks to its SaaS Platform and Open Source Regula Project

Fugue Announces Unified Infrastructure as Code and Cloud Runtime Security

Resources

Submit a Ticket

Documentation

Pricing

API

Guarantee

Login

Contact Us

Security

Privacy Policy

Careers

Schedule Demo

Product Videos

Press

Events

Library

Category
"terraform"