KaiMonkey – Vulnerable Terraform Infrastructure
KaiMonkey provides an example of vulnerable infrastructure to help cloud security, DevSecOps, and DevOps teams explore and understand common cloud security threats exposed via infrastructure as code.
The KaiMonkey project is sponsored by Accurics.
Accurics™ enables cyber resilience through self-healing as organizations embrace cloud-native infrastructure. The Accurics platform self-heals infrastructure by codifying security throughout the development lifecycle. It programmatically detects and resolves risks across Infrastructure as Code before infrastructure is provisioned, and maintains the posture in runtime by programmatically mitigating risks from changes.
KaiMonkey is an effort to provide a playground vulnerable infrastructure to cloud security, DevSecOps, and DevOps and help teams to analyze & strategize the approach to be taken to secure from code to cloud.
The project is intentionally vulnerable infrastructure as code which can help teams get familiar with IaC security issues and verify that their IaC scanner is working. We intend to maintain and enhance the project over time, to not only increase the types of problems represented but to add support for additional IaC and Cloud providers. Contributions are welcome.
To learn more about the security risks in KaiMonkey, you can leverage Terrascan, our open source tool to detect compliance and security violations before provisioning the infrastructure. You can also use the Accurics platform for an experience that extends beyond the command line with a SaaS console and pre-built integrations into your source code repositories, ticketing systems, CI/CD pipelines, etc.
Terrascan provides
- 500+ Policies for security best practices
- Scanning of Terraform 12+ (HCL2)
- Scanning of Kubernetes YAML/JSON
- Support for AWS, Azure, GCP, Kubernetes, and GitHub
Accurics provides
- 1800+ Policies for security best practices
- Scanning of many IaC and orchestration providers, such as Terraform, Kubernetes, Helm, Istio, Amazon CloudFormation, Azure Resource Manager, Google Cloud Deployment Manager, and more
- Support for AWS, Azure, GCP cloud environments
- Compliance reporting for standards such as GDPR, CIS, SOC2, HIPAA, etc.
- Deeper security analysis including breach path prediction and determination of blast radius
- Integration of scanning and remediation into your repos and pipelines, including automated fixes and pull or merge requests
- More information is available on our website.
Install
Copyright 2020 Accurics, Inc.
