Why IaC Scanners Alone Won’t Cut It and Welcoming Our AI Overlords

The rapid adoption of Infrastructure-as-Code (IaC) in modern DevSecOps practices has brought with it a much-needed way to secure our as-code infrastructure configurations–both from human error and misconfigurations, known vulnerabilities, and even exposures due to poor IAM and GitOps practices.

In this talk, we will run through the most popular open source IaC security scanners that every DevSecOps professional should utilize, everything from Checkov, Terrascan, through Kics among others. These scanners provide comprehensive static code analysis for platforms like Terraform, AWS CloudFormation, and Kubernetes, identifying security risks and compliance violations in IaC templates.

But what if we could supercharge these excellent tools with the help of AI to extend detection capabilities and enable more rapid remediation? We’ll wrap up with a live demo for how to leverage advanced machine learning algorithms and AI to incorporate decades of domain expertise to deliver advanced detection rules, enable the identification of novel vulnerabilities and anomalous behavior, and other potential security risks based on existing data and known patterns.



Aviram Shmueli

Currently the Chief Research & Innovation Officer and Co-Founder of Jit, the Continuous Security Platform for Developers, Aviram is a software engineer and a security researcher at heart. He has ...