Best practices for CI toolchain IaC
The implementation of continuous integration (CI) toolchain for Infrastructure as Code (IaC) DevSecOps follows these practices.
- Runs a static code scanner on the infrastructure code repositories and performs Terraform linting checks on the infrastructure code.
- Runs compliance checks on the infrastructure code to detect secrets and security vulnerabilities.
- Builds artifacts on every Git commit.
- Stores the built artifacts metadata in the inventory repository.
- Automatically builds and validates any code that is merged into the target Git repository branch.
