Cloud computing environments are increasingly defined and controlled by infrastructure-as-code (i.e. Terraform), containers and Kubernetes. With this shift, we are seeing an emerging trend that is familiar to those who have followed DevOps. Increasingly DevOps teams have placed a high priority on identifying and remediating security issues as early as possible in the development cycle. Similarly, cloud teams are pushing
to identify potential security problems earlier in the process – as containers and cloud resources are being designed, not after they are deployed. However, one of the major challenges is that most developers are security-aware but are not experts. Therefore, there is an increasing need for developer-friendly approaches that help identify security issues in code (application and cloud configurations).