Welcome!

In this workshop, you’ll learn how to leverage infrastructure as code (IaC) and DevSecOps to automate, scale, and improve the security posture of your cloud infrastructure. We’ll create a pipeline that provides frequent, easy-to-digest improvements to ensure our configurations are secure and compliant from the build-time to runtime.

Using Bridgecrew, Checkov, VS Code, GitHub, Terraform Cloud, and Azure, we’ll get hands-on experience implementing an automated Terraform security and compliance workflow.

Learning Objectives

  • Get an overview of DevSecOps and Terraform infrastructure as code (IaC)
  • Scan IaC files for misconfigurations locally
  • Set up CI/CD pipelines to automate security scanning and policy enforcement
  • Fix IaC security errors and Azure resource misconfigurations with Bridgecrew

Let’s start with a few core concepts!