iac-security-review
CommunitySecure IaC from misconfig to compliant deployment.
Software Engineering#cloudformation#kubernetes#terraform#iac#security-review#cloud-security#cis-benchmarks
Authorj4hr3n
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Security review of infrastructure-as-code to identify misconfigurations, over-permissioning, exposed resources, missing encryption, hard-coded secrets, and supply chain risks, ensuring alignment with CIS benchmarks and cloud security best practices.
Core Features & Use Cases
- Detect IaC type (Terraform/OpenTofu, Kubernetes manifests, CloudFormation, Helm charts) and categorize findings.
- Systematic review by security domains: IAM, Secrets, Network, Encryption, Storage, Logging, Resource Exposure, and Supply Chain.
- Produce actionable findings with risk ratings, remediation steps, and references to CIS benchmarks.
- Use Case: security audit of a Terraform module to surface overpermissive policies and unencrypted S3 buckets.
Quick Start
Review the provided IaC files with the defined 4-step procedure to identify misconfigurations and security gaps.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: iac-security-review Download link: https://github.com/j4hr3n/dotfiles/archive/main.zip#iac-security-review Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.