Skip to content

Developer Friendly Tools for IaC Security

Rapid developer feedback and CI/CD checks for IaC help your team move faster in the cloud with confidence.

  • Pre-commit IaC checks. Open-source command line tools check IaC templates committing to a Git repository.
  • IaC security in CI/CD. Catch IaC issues in CI/CD using the Regula Docker image or prebuilt binaries.
  • IaC security in Git workflows. Whether you use GitHub, GitLab, or a private repo, Regula works with your team’s approach.

Use the same policies for IaC and runtime with Regula and Fugue

Security for Terraform and AWSCloudFormation

Validate Terraform and AWS CloudFormation infrastructure as code against your custom enterprise policies and pre-built rules.

  • Evaluate Terraform HCL and plan files—whether it’s a single project locally, or many across multiple repositories.
  • Evaluate Terraform modules to avoid the risk of cascading vulnerabilities propagating to many configurations.
  • Evaluate AWS CloudFormation templates—whether YAML, JSON, composed by hand, or generated by the AWS CDK.

Hundreds of Pre-Built Rules—and Powerful Custom Rule Capabilities

Cloud engineering and security teams need pre-built rules for common use cases—and the ability to develop custom rules that address their unique use case and security requirements. Regula delivers with:

  • Hundreds of best-in-class cloud infrastructure rules maintained by Fugue’s team of cloud security experts.
  • Rules that can to detect IaC vulnerabilities that span multiple resources, not just single-resource issues
  • Rule development using Rego, the language of Open Policy Agent—the open standard for policy as code

Getting Started with Regula for IaC Security

Check out the Regula docs site and run Regula’s open source rules against your Git repository using the Regula CLI. This takes about five minutes, and no information is shared with Fugue

Or, try running Regula in a Docker container to check one or more Terraform or CloudFormation configurations using this simple command:

If you're ready to see for yourself how you can secure your entire cloud development lifecycle with one set of policies using Fugue and Regula, schedule a 1:1 workshop with one of our solutions architects.

Get Started with Fugue Today

Prevent cloud misconfiguration and ensure continuous compliance with enterprise security policies.