SA Bagus

Here is where we scan do the IAC scanning When Writing code :  Low context, default values can be evaluated When Terraform Plan :  Medium context, dynamic values from environment variables and CLI are resolved When Terraform Apply :  High context, the plan is resolved, and API interaction with production environment is performed Cloud Runtime :  Very high context where the end state of the environment is being laid out as runtime configuration even if there is a drift from the Terraform state that is being created on the apply stage.   IAC scanning prevention is from 1 to 2 layer,  for 4 cloud runtime mostly use CSPM tool. More comprehensive when can do in every layer Ref: https://bridgecrew.io/blog/terraform-plan-security-scanning-checkov/

 Cara install pip install checkov Buat file terraform seperti biasa Cara scan terraform plan -out tf .plan terraform show -json tf .plan > tf .json checkov -f tf .json Maka akan keluar result nya check security apa saja yang passed dan yang failed.