Back to all blog posts

Infrastructure-as-Code Security with oak9 & GitHub

Written by Aakash Shah, CTO & Co-Founder
October 11, 2021

It’s here! With over 56M developers on GitHub and 17K+ Terraform projects, now developers can use the oak9 GitHub Action to easily scan for infrastructure-as-code (IaC) security issues in the GitHub pipeline.

oak9 makes cloud infrastructure security easy for developers while eliminating the need for tradeoff between time and security. We’ve built this platform with developers in mind. This integration is part of our goal to seamlessly integrate into development workflows to make it easier for developers to build secure solutions at the velocity they desire.

As a developer, you can now catch security issues before they are merged & deployed and save significant time having to debug and fix them later. You will be notified, in real time, of security issues in your IaC while getting a better understanding of your security and compliance risks for your application.

Here are the highlights:

  • Integrate your code repository with your project in the oak9 console

  • Include oak9 security assessment as part of any workflow that you use in GitHub

  • Automatically start to find, fix and monitor your code for configuration errors in Terraform as seen in detail below:

  • View a high level summary in the GitHub action result page of any issues found, as well as a link back to the project in the oak9 console to view detailed results.

For example, any time new code is pushed, or a pull request is created, the new code can be automatically scanned by oak9 for design gaps. This check can be used to prevent code with design gaps from being merged into the main branch or deployed to the application environment. Here is an example of the results after the job is run.

Using oak9’s GitHub Action, you’ll be able to quickly scan for IaC security issues right in your GitHub pipeline. See how to setup your integration here: oak9 Github Action

Let us know what you want to see next by dropping us a line at