Decide on Infrastructure & Software Static Analysis Tools
Infrastructure Considerations: (terraform, docker)
-
checkov (open source alternative by bridgecrew; works with github actions)
-
bridgecrew (managed service - acquired by Paloalto Networks)
-
tflint
-
tfsec
-
conftest
Software Static Analysis
-
Sonatype
-
Sonarqube
-
Snyk
-
WhiteSource
-
JFrog