Codeac Codeac

Multi Cloud Support

Apply security best practices to your Terraform Infrastructure as Code and boost your DevSecOps pipeline to the next level.

Get started

Codeac Dashboard

Outdated SSL / TLS protocol

Terraform - Outdated SSL / TLS protocol

TLS 1.0 and 1.1 reached End of Life and were deprecated by several web browsers and cloud vendors. Using TLS 1.2 or newer is recommended for majority of applications. Codeac scans each change in your Infrastructure as Code repository and pinpoints potential security threads.

Run security check

Firewall Configuration

Allowing all IP addresses to access your network is considered as serious security problem which can publicly expose your resources and data. Codeac helps you automatically detect these occurrences in your Terraform templates so you can quickly remediate them before production deployment.

Scan network config

Azure Network Security Rule Fully Open

Secret Detection

Terraform - Sensitive attribute detection

Storing sensitive data in plain text directly in your Terraform templates is considered as a security issue. Leveraging cloud native services like Valut and Secrets Manager or encrypted files (KMS, PGP, SOPS) is preferred.

Eliminate manual, error-prone code reviews that require deep subject matter expertise on every team. Turn IaC security best practices into code fixes in your developers’ workflow.

Reduce risk

Save time and make informed decisions

Language breakdown

Get visibility into the actual health of your projects and track its quality evolution over time in many other supported languages. We have your full-stack covered:

Loved by developers

Join developers who trust Codeac to improve the quality of their code.

Decathlon
AstrumQ Interactive s.r.o.
uLékaře.cz, s.r.o.
 Spolek pro budování a implementaci sdílených open source nástrojů, z.s.
RELIGIS s.r.o.

Get started

Use your favorite version control system to sign-up.

Codeac needs your approval

Hey there, we’re glad seeing you chose Codeac to fight with the technical debt.

Before performing your first analysis we need to register a webhook for your repositories. This requires write permissions to your vcs which are used only for this case.

We do not perform any changes to your code.