May 24, 2021 By Steven Weaver 2 min read

The expansion of Code Risk Analyzer extends scanning capabilities.

In November 2020, IBM introduced the Code Risk Analyzer to IBM Cloud Continuous Delivery to help “shift left” security. Code Risk Analyzer identifies multiple classes of security risks by scanning source files. Misconfiguration of infrastructure and cloud service dependencies can put enterprise applications and data at risk. Now, Code Risk Analyzer will look for these issues by scanning Terraform Infrastructure as Code (IaC) files. 

Code Risk Analyzer helps developers find and remediate security and legal vulnerabilities that are potentially introduced into their source code and provides feedback directly in their Git artifacts (for example, pull/merge requests). Code Risk Analyzer is provided as a set of Tekton tasks, which can be easily incorporated into delivery pipelines.

DevSecOps for Infrastructure

IBM Cloud Schematics provides powerful tools to automate your cloud infrastructure provisioning and management process and the configuration and operation of your cloud resources and the deployment of your app workloads. To do so, Schematics leverages open source projects, such as Terraform. Terraform allows infrastructure to be expressed as code in a simple, human-readable language. It reads configuration files and provides an execution plan of changes that can be reviewed for safety and then applied and provisioned.

Infrastructure as Code (IaC) provides development teams with the opportunity to manage infrastructure definitions in Git repos and deploy with DevOps  pipelines, just like any other code. IaC modules can be reused between workloads and across multi-regions and accounts.

With this new expansion of Code Risk Analyzer, we can extend our scanning capabilities to help prevent misconfiguration of cloud accounts and compliance with regulations through scanning of IaC before it is deployed. The new IaC capability in Code Risk Analyzer scans ibm-terraform files and helps you ensure that they meet National Institute of Standards and Technology (NIST) frameworks. Today, it supports 57 compliance goals, covering 18 NIST checks, and the list is growing. 

With this new capability, you can now scan the compliance of your Infrastructure as Code and make sure that any planned changes to your account are compliant with NIST regulations. You can control this process from IBM Cloud Continuous Delivery toolchains and consume the output both in your Git repository and in your IBM Cloud Continuous Delivery PipelineRun dashboard. You can create gates that block the deployment of the IaC when misconfigurations are found and remediate misconfigurations as soon as they are created:

More information

For more details on the new capability within Code Risk Analyzer, please see the following resources:

In addition, you can get help directly from the IBM Cloud development teams by joining us on Slack.

More from Announcements

IBM Hybrid Cloud Mesh and Red Hat Service Interconnect: A new era of app-centric connectivity 

2 min read - To meet customer demands, applications are expected to be performing at their best at all times. Simultaneously, applications need to be flexible and cost effective, and therefore supported by an underlying infrastructure that is equally reliant, performant and secure as the applications themselves.   Easier said than done. According to EMA's 2024 Network Management Megatrends report only 42% of responding IT professionals would rate their network operations as successful.   In this era of hyper-distributed infrastructure where our users, apps, and data…

IBM named a Leader in Gartner Magic Quadrant for SIEM, for the 14th consecutive time

3 min read - Security operations is getting more complex and inefficient with too many tools, too much data and simply too much to do. According to a study done by IBM, SOC team members are only able to handle half of the alerts that they should be reviewing in a typical workday. This potentially leads to missing the important alerts that are critical to an organization's security. Thus, choosing the right SIEM solution can be transformative for security teams, helping them manage alerts…

IBM and MuleSoft expand global relationship to accelerate modernization on IBM Power 

2 min read - As companies undergo digital transformation, they rely on APIs as the backbone for providing new services and customer experiences. While APIs can simplify application development and deliver integrated solutions, IT shops must have a robust solution to effectively manage and govern them to ensure that response times and costs are kept low for all applications. Many customers use Salesforce’s MuleSoft, named a leader by Gartner® in full lifecycle API management for seven consecutive times, to manage and secure APIs across…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters