On This Page
The SecureCloud what-if analysis is a tool meant for devops administrators using IaC (infrastructure as code) deployment methods. It analyzes the security impact of your proposed changes before implementing them in your cloud infrastructure.
This is achieved by providing SecureCloud with a machine-readable plan of your intended infrastructure change using the SecureCloud asynchronous API and receiving as response a header containing the URL of the results.
Using a second API call, the analysis results can then be retrieved at the results URL received in the first API response. The response from the second API call contains the status of the analysis process and upon successful completion, the results can be reviewed.
The analysis can be run as a manual process or implemented as a “preflight hook” in your CI/CD pipeline, in which you can condition whether or not to apply the planned changes, based on the results of the analysis. You can invoke the SecureCloud “what-if” analysis API from a bash script and integrate it into any CI/CD tool that can execute bash scripts, using simple curl and jq tools.
What's Included in the Analysis?
The what-if analysis assesses the following types of risk:
Cloud policy violations - see Cloud Security Policy
Permissive access - see Public Cloud Network Permissions
Risky ports - see Public CloudRisky Ports
There are links to the KC for instructions on implementing the what-if analysis:
What-If Analysis for Terraform
What-If Analysis for CloudFormation
- View instructions for What-If Analysis for Terraform
- View instructions for What-If Analysis for CloudFormation
Main Menu > Configuration > CI/CD Integration