IaC module
The IaC page lists every static-analysis finding from your Terraform, Kubernetes manifests, Helm charts, and Dockerfiles, scoped per scan.
Two views
The page has two stacked sections:
- Scans at the top: one row per scan, with branch, commit, and aggregate counts.
- Findings at the bottom: the flat list across all scans (or filtered to one).
Click a scan row to filter the findings list to just that scan.
Scan list columns
| Column | Notes |
|---|---|
| Repository | org/repo. |
| Branch | The git branch scanned. |
| Commit | Short SHA, links to the git provider. |
| Status | completed, failed, running. |
| Findings | Severity-grouped counts. |
| Files | How many files were scanned. |
| When | Relative timestamp. |
Findings list columns
| Column | Notes |
|---|---|
| Severity | CRITICAL / HIGH / MEDIUM / LOW. |
| Status | OPEN / IGNORED / RESOLVED. |
| Rule | E.g. TF-AWS-S3-PUBLIC. |
| Type | terraform, kubernetes, dockerfile, helm. |
| File | Path inside the repo. |
| Line | Line number, hyperlinked to the git provider. |
| Repository | Repo name. |
Filters
- Severity, Status.
- File type:
terraform,kubernetes,dockerfile,helm. - Repository: narrow to one repo.
- Branch: narrow to one branch (
mainis a common one).
PR integration
When a webhook is configured, every push and every pull-request event triggers a scan. The result appears as:
- A PR comment on GitHub / GitLab summarising findings, severity-grouped.
- A CI status check on the commit. Configurable to fail above a severity threshold.
The PR comment is updated on subsequent pushes, not duplicated.
Drift status
Each finding has a drift field. See the IaC concept for the three values. The CSPM page shows the same drift status from the runtime side.
Detail panel
The panel shows:
- The exact code excerpt with the offending line highlighted.
- A "Fixed code" suggestion (when deterministic).
- Equivalent runtime rule (links to a CSPM finding if one exists).
- References: provider docs, CIS, MITRE.