DivvyCloud

Welcome to the DivvyCloud Docs!

DivvyCloud is a Cloud Security Posture Management (CSPM) platform that provides real-time analysis and automated remediation across leading cloud and container technologies.

For questions about documentation reach out to us [email protected]

Take Me to the Docs!    Release Notes

Getting Started with IAC Security

Overview

To get started with IaC Security, all you need is a working DivvyCloud installation, and a working Terraform project that uses Terraform 0.12 or higher. You can view a summary about the capabilities on our IAC Overview page along with complete prerequisites. For a visual of the product and workflow check out the IAC Workflow page.

Using IaC Security for automation and to analyze Terraform for compliance before deployment, and to do so at scale, you will also need a CI/CD environment that is integrated with your version control systems and from which you can send requests to your DivvyCloud instance.

There are no special compatibility concerns -- as long as you can use scripts (such as our provided Python script, which includes usage instructions in its docstring) to make API requests to your DivvyCloud platform, you can use IaC security in your CI/CD environment.

Configuring External Tooling

To use DivvyCloud's IaC Security in your CI/CD pipelines, we assume a few things:

  • You have Terraform code using Terraform version 0.12 or higher that you want to scan.
  • You manage that Terraform code in a version control system, such as Git.
  • Your CI/CD system has existing configuration to trigger builds when code is pushed to your Terraform-containing repository.
  • Your CI/CD environment needs to have the capacity to run terraform plan and send API requests to DivvyCloud.

If you have questions related to these requirements, reach out to us through any of the options provided on our Getting Support page.

Summary of Information

The complete IaC Security documentation featured under this page includes sections that provide details on various approaches and capabilities. A summary of those pages and the content is as follows:

Configuring DivvyCloud IAC Security

The Configuring DivvyCloud IAC Security documentation includes details about accessing the DivvyCloud IAC Security feature (through the platform) and the steps required to create an IAC configuration. It also includes details on editing existing configurations.

Using the IAC Analyzer (via API)

The Using the IAC Analyzer (via API) documentation includes details about what steps are required to connect your CI/CD pipeline to initiate scans through the DivvyCloud API. This is our anticipated most common use case and will vary based on your environment and tooling.

Using the IAC Analyzer (via the UI)

The Using the IAC Analyzer (via the UI) documentation includes detailed steps about initiating and viewing IAC Security scans from within the DivvyCloud UI. While this use case is less common, it can be helpful for you if you're interested in learning more about how the analyzer works.

Viewing Scan Results

The Viewing Scan Results documentation includes detailed steps to help you view, understand, and interpret your scan results. It includes information on viewing previous scans (these can originate from the API or the UI) and details on our Dynamic Analysis capabilities.

Updated 2 months ago


Other Helpful Pages

IAC Workflow
Insights

Getting Started with IAC Security


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.