In this session we will talk about shift-left cloud security by executing static IaC analysis in the SDLC as well as where IaC scan sits in the CI/CD pipeline. We will introduce languages and tools such as Rego, CodeQL and Semgrep and deep dive into the code used to check your cloud provisioning code with step-by-step examples. Be prepared for navigating through predicate logic, Abstract Syntax Tree and Control Flow Analysis!
