IaC Scanner Configuration

The IaC Flaws Scanner is configured in the YAML file conf/xygeni.iac.yml.

IaC Detectors Configuration

Detectors are configured with different YAML files located under the conf/iac directory of the xygeni scanner. There is a sample _template.yml_ file that could be used for creating your own detectors.

To avoid scanner updates overwriting your configurations, you may define a directory where custom detectors could be loaded with the --custom-detectors-dir command-line argument.

IaC Detectors

The following formats are supported, among others:

Terraform, a cloud-agnostic configuration system to detail the infrastructure setup. Detectors for resources on major cloud providers (AWS, Azure, Google Cloud…) are provided.
CloudFormation, a managed AWS service with a common language for modelling and provisioning AWS resources.
Azure Resource Manager (ARM), a language for Azure resources, and the more developer-friendly Bicep.
Kubernetes, either for workloads based on Pods syntax or Helm charts.
Docker, either the Dockerfile and docker-compose (YAML file defining services, networks and volumes for a Docker-based application)

Some detectors use the Xygeni Policy Language (XYPOL) for declaring what is considered a flaw. Useful for adding custom flaw detectors.

Please read the documentation on IaC detectors available.

PreviousIaC Scanner NextAnomaly Detection

Last updated 1 month ago