Announcements
Cloud
May 24, 2021 By Steven Weaver 2 min read

The expansion of Code Risk Analyzer extends scanning capabilities.

In November 2020, IBM introduced the Code Risk Analyzer to IBM Cloud Continuous Delivery to help “shift left” security. Code Risk Analyzer identifies multiple classes of security risks by scanning source files. Misconfiguration of infrastructure and cloud service dependencies can put enterprise applications and data at risk. Now, Code Risk Analyzer will look for these issues by scanning Terraform Infrastructure as Code (IaC) files. 

Code Risk Analyzer helps developers find and remediate security and legal vulnerabilities that are potentially introduced into their source code and provides feedback directly in their Git artifacts (for example, pull/merge requests). Code Risk Analyzer is provided as a set of Tekton tasks, which can be easily incorporated into delivery pipelines.

DevSecOps for Infrastructure

IBM Cloud Schematics provides powerful tools to automate your cloud infrastructure provisioning and management process and the configuration and operation of your cloud resources and the deployment of your app workloads. To do so, Schematics leverages open source projects, such as Terraform. Terraform allows infrastructure to be expressed as code in a simple, human-readable language. It reads configuration files and provides an execution plan of changes that can be reviewed for safety and then applied and provisioned.

Infrastructure as Code (IaC) provides development teams with the opportunity to manage infrastructure definitions in Git repos and deploy with DevOps  pipelines, just like any other code. IaC modules can be reused between workloads and across multi-regions and accounts.

With this new expansion of Code Risk Analyzer, we can extend our scanning capabilities to help prevent misconfiguration of cloud accounts and compliance with regulations through scanning of IaC before it is deployed. The new IaC capability in Code Risk Analyzer scans ibm-terraform files and helps you ensure that they meet National Institute of Standards and Technology (NIST) frameworks. Today, it supports 57 compliance goals, covering 18 NIST checks, and the list is growing. 

With this new capability, you can now scan the compliance of your Infrastructure as Code and make sure that any planned changes to your account are compliant with NIST regulations. You can control this process from IBM Cloud Continuous Delivery toolchains and consume the output both in your Git repository and in your IBM Cloud Continuous Delivery PipelineRun dashboard. You can create gates that block the deployment of the IaC when misconfigurations are found and remediate misconfigurations as soon as they are created:

More information

For more details on the new capability within Code Risk Analyzer, please see the following resources:

In addition, you can get help directly from the IBM Cloud development teams by joining us on Slack.

Steven Weaver
Product Manager

More from Announcements
July 2, 2024

Success and recognition of IBM offerings in G2 Summer Reports  

2 min read - IBM offerings were featured in over 1,365 unique G2 reports, earning over 230 Leader badges across various categories.   This recognition is important to showcase our leading products and also to provide the unbiased validation our buyers seek. According to the 2024 G2 Software Buyer Behavior Report, “When researching software, buyers are most likely to trust information from people with similar roles and challenges, and they value transparency above other factors.”  With over 90 million visitors each year and hosting more than 2.6…

June 24, 2024

Manage the routing of your observability log and event data 

4 min read - Comprehensive environments include many sources of observable data to be aggregated and then analyzed for infrastructure and app performance management. Connecting and aggregating the data sources to observability tools need to be flexible. Some use cases might require all data to be aggregated into one common location while others have narrowed scope. Optimizing where observability data is processed enables businesses to maximize insights while managing to cost, compliance and data residency objectives.  As announced on 29 March 2024, IBM Cloud® released its next-gen observability…

June 21, 2024

Unify and share data across Netezza and watsonx.data for new generative AI applications

3 min read - In today's data and AI-driven world, organizations are generating vast amounts of data from various sources. The ability to extract value from AI initiatives relies heavily on the availability and quality of an enterprise's underlying data. In order to unlock the full potential of data for AI, organizations must be able to effectively navigate their complex IT landscapes across the hybrid cloud.   At this year’s IBM Think conference in Boston, we announced the new capabilities of IBM watsonx.data, an open…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters