# IaC Scanner Configuration

### IaC Scanner Configuration

The IaC Flaws Scanner is configured in the YAML file `conf/xygeni.iac.yml`.

### IaC Detectors Configuration

Detectors are configured with different YAML files located under the `conf/iac` directory of the xygeni scanner. There is a sample `_template.yml_` file that could be used for creating your own detectors.

{% hint style="info" %}
To avoid scanner updates overwriting your configurations, you may define a directory where custom detectors could be loaded with the `--custom-detectors-dir` command-line argument.
{% endhint %}

### IaC Detectors <a href="#detectors" id="detectors"></a>

The following formats are supported, among others:

* [Terraform](https://developer.hashicorp.com/terraform/language), a cloud-agnostic configuration system to detail the infrastructure setup. Detectors for resources on major cloud providers (AWS, Azure, Google Cloud…​) are provided.
* [CloudFormation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-resource-specification-format.html), a managed AWS service with a common language for modelling and provisioning AWS resources.
* [Azure Resource Manager (ARM)](https://learn.microsoft.com/azure/azure-resource-manager/management/overview), a language for Azure resources, and the more developer-friendly [Bicep](https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/file).
* [Kubernetes](https://kubernetes.io/docs/concepts/overview/), either for workloads based on [Pods](https://kubernetes.io/docs/concepts/workloads/pods/) syntax or [Helm charts](https://helm.sh/docs/topics/charts/).
* [Docker](https://docs.docker.com/get-started/overview/), either the [Dockerfile](https://docs.docker.com/engine/reference/builder/) and [docker-compose](https://docs.docker.com/compose/compose-file/) (YAML file defining services, networks and volumes for a Docker-based application)

{% hint style="info" %}
Some detectors use the [Xygeni Policy Language (XYPOL)](https://docs.xygeni.io/xydocs/concepts/xypol.html) for declaring what is considered a flaw. Useful for adding custom flaw detectors.
{% endhint %}

Please read the documentation  on [IaC detectors available](#iac-available-detectors).