The DevSecOps Continuous Integration Toolchain is now able to validate Infrastructure as Code sources (such as Terraform definitions).

Infrastructure as Code (IaC) is used heavily to define infrastructure and tailor environments from development, testing and quality assurance to production environments.

This specialized code should be subject to the same cautious management as application source code to prevent the risk of incorporating vulnerabilities into the target infrastructure.

DevSecOps Continuous Integration for IaC can help

The DevSecOps Continuous Delivery service provides a new DevSecOps toolchain that is specialized to account for Infrastructure as Code, such as Terraform definitions source.

It includes all the expected DevSecOps best practices, including evidence collection, quality gates, artifact signing, automated tests, static code scans, vulnerability checks and more.

A new template is available in the toolchain catalog to create a Continuous Integration toolchain to develop your infrastructure code:

This template provides a default sample that illustrates the simple use-case of creating an IBM Key Protect for IBM Cloud service instance and implementing a unit-test using Terratest and an acceptance test using Jest.
The DevSecOps Continuous Integration for Infrastructure as Code (IaC) pipeline comes with predefined stages implemented using default scripts. For example:

See the docs for more details:

Note: Selected stages can be customized to fit your need.

Get started

You can create your first DevSecOps Continuous Integration for Infrastructure as Code toolchain directly from the toolchain catalog or by following this link and this tutorial

IBM Cloud has already made available a complete set of DevSecOps toolchain templates for your cloud-native application development. Learn more about it here.

Report a problem or look for help

Get help directly from the IBM Cloud development teams by joining us on Slack.


More from devops

IBM Cloud Continuous Delivery Now Supports Event Notifications

2 min read - We are pleased to announce that IBM Cloud Continuous Delivery now includes a tool integration with IBM Cloud Event Notifications. This integration allows administrators to configure toolchains to send notifications of events in a toolchain or a tool integration to other users or human destinations. In addition, these event notifications can be sent to other applications (such as IBM Cloud Functions) to build logic by using event-driven programming using webhooks, for example. With the new Event Notifications integration, toolchain administrators…

New Java, Python and Node SDKs and APIs for IBM Cloud Continuous Delivery

2 min read - We are pleased to announce the general availability of new language support for Toolchains-as-Code capabilities in IBM Cloud Continuous Delivery. The new IBM Cloud Continuous Delivery Java, Python and Node.js SDKs allow developers to programmatically interact with the IBM Cloud Toolchain and Tekton Pipeline API services and add to the Go language support that was previously available. In a previous blog article, we discussed the benefits of managing your Toolchains- and Pipelines-as-Code, which include the following: Easier management of multiple…

Deploy Resources and Toolchains with Terraform

3 min read - The journey to modernize our delivery pipeline continues. Learn how we moved to a Tekton CI/CD pipeline that is deployed using Schematics-managed Terraform (Toolchain as Code). The IBM Cloud solution tutorial Apply end-to-end security to a cloud application, like many, comes with code and a related GitHub repository. As a reader, you can either follow all the steps and manually create services and deploy the application, or you can take a shortcut and use an automation. Over time, the automation…

IBM Cloud Continuous Delivery Is Now IBM Cloud for Financial Services Validated

2 min read - We are pleased to announce that IBM Cloud Continuous Delivery is now IBM Cloud for Financial Services Validated. IBM Cloud for Financial Services Validated designates that a service has evidenced compliance to the controls of the IBM Cloud Framework for Financial Services and can be used to build solutions that might themselves be validated. Through the shared responsibility model of the framework and the surrounding standardized processes, financial institutions and ecosystem partners get benefits like the following: Less time spent…