Blog

Insights on infrastructure security, DevOps best practices, and product updates.

Product May 20, 2026

Introducing InfraAudit: AI-Powered Infrastructure Security Scanning

Today we're launching InfraAudit — a new way to detect security misconfigurations in your Kubernetes, Terraform, and Docker files before they reach production.

Every DevOps team reviews the same issues over and over: containers running as root, S3 buckets without encryption, security groups open to the world, CI/CD pipelines with hardcoded secrets. These aren't edge cases — they're the #1 cause of cloud breaches.

InfraAudit scans your infrastructure-as-code files and gives you actionable findings in seconds. No CLI to install, no agents to deploy. Paste code or connect your GitHub repo — that's it.

What's included:

  • 100+ security checks across Kubernetes, Terraform, CloudFormation, ARM, GCP, Docker, and CI/CD
  • Risk scoring (0-100) with severity breakdown
  • Compliance mapping to CIS, AWS Well-Architected, Azure Security, GCP, and Docker CIS
  • GitHub repo integration for automated scanning
  • JSON export for integration with your existing workflows

Start scanning for free — no credit card required. Sign up here →

Engineering May 15, 2026

Top 10 Kubernetes Security Misconfigurations We Detect

After building our scanning engine, these are the most common Kubernetes security issues we find in real-world manifests:

  1. Running as root — No securityContext.runAsNonRoot set
  2. Missing resource limits — No CPU/memory bounds on containers
  3. Using :latest tag — Non-deterministic image references
  4. No health probes — Missing liveness/readiness checks
  5. Privileged containers — Full host access granted
  6. Writable root filesystem — readOnlyRootFilesystem not set
  7. Secrets in plain text — Passwords in env vars instead of Secrets
  8. No NetworkPolicy — All pods can talk to all pods
  9. Host network/PID sharing — Breaking container isolation
  10. Cluster-admin bindings — Overly permissive RBAC

InfraAudit checks for all of these automatically. Try it free →

Tutorial May 10, 2026

Securing Your Terraform: AWS Infrastructure Hardening Checklist

A practical checklist for hardening your Terraform-managed AWS infrastructure:

  • Remote backend with locking — S3 + DynamoDB, never local state
  • S3 encryption — server_side_encryption_configuration on every bucket
  • RDS deletion protection — Prevent accidental terraform destroy
  • Security group lockdown — Never 0.0.0.0/0 on ingress
  • Provider version pinning — Prevent breaking upgrades
  • Sensitive variable marking — sensitive = true on secrets
  • Resource tagging — Environment, Team, Project on everything
  • Access logging — Enable on ALBs and CloudFront

Our Terraform scanner checks all of these automatically. Scan your .tf files free →

Stay Updated

Follow us for new posts on infrastructure security and DevOps best practices.