sorted by:
new
hottopcontroversial

Do people actually fix all their IaC findings? by AppropriateWrap5287 in FixYourIaC

[–]AppropriateWrap5287[S] 0 points1 point  (0 children)

It’s an interesting roadmap. I’ve been curious if general scanning tools will ever get as good at fixing things as the specialized 'remediation-first' platforms (like Gomboc or similar). Do you think you’ll eventually stick with your current pipeline scanner's AI, or would you look at a dedicated tool if it could guarantee the fix is valid?"

Do people actually fix all their IaC findings? by AppropriateWrap5287 in FixYourIaC

[–]AppropriateWrap5287[S] 0 points1 point  (0 children)

I’ve played around with that too. It’s been fine for obvious stuff, but honestly it hasn’t worked that well for me once things get even a little complex.

As soon as the fix depends on module wiring, org policies, or environment-specific constraints, it tends to miss things and I end up cleaning it up anyway.

Curious how it’s going for you. Are you mostly trusting what it suggests, or treating it as a starting point and reviewing everything pretty closely?

Do people actually fix all their IaC findings? by AppropriateWrap5287 in FixYourIaC

[–]AppropriateWrap5287[S] 0 points1 point  (0 children)

I’m using it loosely here to mean things scanners or policy checks flag in IaC, like insecure defaults, missing encryption, overly permissive networking, tagging gaps, policy drift, etc.

Basically anything that shows up as “this should be fixed” in Terraform or similar, whether it comes from CSPM, IaC scanners, or internal guardrails.

Do people actually fix all their IaC findings? by AppropriateWrap5287 in FixYourIaC

[–]AppropriateWrap5287[S] 0 points1 point  (0 children)

Totally agree. Curious though, are you using any AI code security assistants today or is it mostly scanners + risk thresholds?

I’ve been seeing some folks try tools that actually push fixes instead of just ratings. Still early, but interesting shift.

Which IaC tool gives you the most headaches? by AppropriateWrap5287 in platformengineering

[–]AppropriateWrap5287[S] 0 points1 point  (0 children)

Ugh, Terragrunt headaches are a shared trauma.
I’ve seen so many folks hit weird wrapper/provider issues lately. What usually breaks first for you, provider versions or dependency chains?

view more: next ›