As Infrastructure as Code as an engineering practice increases in adoption, securing the infrastructure being provisioned increases in importance. The GitLab SAST offering is light in this area and needs to be further strengthened. ## MVC scanning capabilities - kubernetes - terraform - ansible - cloud formation ## Requirements 1. Make IaC security scanning a separate decision from static application security testing. 1. Make the distribution strategy for IaC the same as SAST or Secret Detection. 1. Support the same feature set as SAST. ### Potential Tools See original issue https://gitlab.com/gitlab-org/gitlab/-/issues/39695#potential-tools