InsightCloudSec Docs

Welcome to the InsightCloudSec Docs!

InsightCloudSec by Rapid7 (formerly DivvyCloud) is a Cloud-Native Security Platform that provides real-time analysis and automated remediation for continuous security and compliance for your multi-cloud environment.

For questions reach out to us through [email protected].

Take Me to the Docs!    Release Notes

Getting Started with IaC Security

Overview

To get started with IaC Security, all you need is to ensure you've met the IaC prerequisites. You can view a summary about the capabilities on our IaC Overview page. For a visual of the product and workflow check out the Workflow page.

IaC Security Interface

Accessing the IaC Security interface through the DivvyCloud platform is available under "Security → Infrastructure as Code".

Note: For new users the display defaults to a blank “Scan List” landing page with a prompt to “Create Configuration”.

Accessing IaC SecurityAccessing IaC Security

Accessing IaC Security

There are three distinct sections of the IaC Security interface:

  • Scan List - Lists all IaC completed configuration scans as well as their status, scan date, and duration. Review Viewing Scan Results for details on filtering, interacting, and interpreting scan results. The Viewing Scan Results page also includes information on Dynamic Analysis capabilities.
  • Configurations - Lists all IaC configurations as well as some scan statistics about each configuration. Review Managing Configurations for details on reviewing, creating, and editing IaC configurations.
  • On-Demand Scan - Allows users to use the IaC Analyzer to scan IaC templates on-demand and check for any issues in an existing IaC configuration. While this use case is less common, it can be helpful if you're interested in learning more about how the analyzer works. Review Using the IaC Analyzer (via the UI) for detailed steps about initiating and viewing IaC Security scans from within the UI.

📘

Compliance Automation At Scale

If you'd rather use the IaC analyzer via the API and leverage the full capability of IaC Security, review Using the IaC Analyzer (via API).

Using the IaC analyzer via API is our anticipated most common use case and will vary based on your environment and tooling. Note, however, that you will need a CI/CD environment that is integrated with your version control systems from which you can send requests to your DivvyCloud instance before this functionality is useful.

Otherwise, there are no special compatibility concerns as long as you can use scripts to make API requests to your DivvyCloud platform. We have created a Python script, which includes usage instructions in its docstring, that will help you get started with using IaC security in your CI/CD environment.

If you have questions or concerns about this approach reach out to us through [email protected].

Updated 2 months ago


Getting Started with IaC Security


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.