iac-security

Name: iac-security
Rating: 5 (4 reviews)
Author: roodlicht

IaC misconfig scanning and cloud-aware review for Terraform, CloudFormation, Ansible and Pulumi. Covers tool orchestration (checkov/tfsec/kics/cfn-nag), policy-as-code (OPA/Conftest), CIS benchmark mapping, IAM over-permission detection, drift monitoring.

4stars

Updated 20 days ago

View on GitHub ↗License: NOASSERTION

How to add

/plugin marketplace add roodlicht/accans-sec-skills

The exact command may vary by repository. Check the README on GitHub.

For the skill author

Drop this on your repo README

Shows your skill is listed on Skillteca, generates a backlink and trackable traffic.

[![Listada na Skillteca](https://www.skillteca.com.br/api/badge/iac-security/svg)](https://www.skillteca.com.br/skills/iac-security?utm_source=badge&utm_medium=readme&utm_campaign=badge)

#test

Related skills

See all in DevOps e Infra →

internal-comms

143.8k

Resources to assist in writing various internal communications, adhering to company-preferred formats. Claude should utilize this skill for status reports, leadership updates, newsletters, FAQs, and other internal documents.

DevOps e Infraby anthropics

babysit

79.7k

Monitors a pull request or review cycle until it is ready to merge. This skill is used to track PR comments, reviews, and CI status until all actionable issues are resolved.

DevOps e Infra#aiby thedotmack

do

79.7k

Execute a phased implementation plan using subagents. Use when asked to execute, run, or carry out a plan — especially one created by make-plan.

DevOps e Infra#aiby thedotmack

smart-explore

79.7k

Token-optimized structural code search using tree-sitter AST parsing. Use this instead of reading full files when you need to understand code structure, find functions, or explore a codebase efficiently.

DevOps e Infra#aiby thedotmack

Category alert

Get new DevOps e Infra skills every Monday

One short email with only the new DevOps e Infra skills. 4 minutes of reading, no spam, unsubscribe with one click.

You confirm your email on the first send. No spam. Unsubscribe with one click.

IaC Security

When to use

This skill reviews Infrastructure-as-Code for misconfig: over-broad IAM, public storage, missing encryption, open security groups, logging off. It leans on the cloud-provider best practices plus CIS benchmarks and orchestrates the common scanners.

Activates on:

A request like "scan this Terraform for misconfigs", "checkov on our CloudFormation template", "is this S3 bucket policy OK", "review our Pulumi stack", "write a Conftest policy".
New or modified IaC

[Description truncada. Veja o README completo no GitHub.]

ShareX LinkedIn

Comments · No comments

No comments yet. Be the first.