Scribd
Upload
14 views

Qualys Iac Security Integration Vscode

The document discusses a VSCode extension from Qualys that allows scanning IaC templates for security issues before cloud resources are deployed. It provides instructions on installing the extension and performing scans on Terraform files directly from VSCode to catch issues earlier in the development process.

Uploaded by

2230023
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views

Qualys Iac Security Integration Vscode

The document discusses a VSCode extension from Qualys that allows scanning IaC templates for security issues before cloud resources are deployed. It provides instructions on installing the extension and performing scans on Terraform files directly from VSCode to catch issues earlier in the development process.

Uploaded by

2230023
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Qualys VSCode Extension for IaC Security

In the current continuous integration and continuous deployment (CICD) environment,


the security scans are conducted on cloud resources after deployment. As a result, you
secure your cloud resources post deployment to respective Cloud accounts.
With an introduction of Infrastructure as Code (IaC) security feature as a VSCode
extension by Qualys CloudView, you can now secure your IaC templates before the cloud
resources are deployed in your cloud environments. The IaC Security feature will help you
shifting cloud security and compliance posture to the left, allowing evaluation of cloud
resource for misconfigurations much early during development phase.
The Qualys IaC Security VSCode extension empowers DevOps teams to build
Infrastructure as Code (IaC) scans into their existing CI/CD processes. By integrating scans
in this manner, cloud misconfigurations are detected and remediated earlier in the SDLC
to catch and eliminate security flaws.
For supported templates, other integrations, and features of Cloud IaC Security, refer to
CloudView User Guide and CloudView API User Guide.

Pre-requisite
Ensure that you have the required subscription and permissions as stated below.
· Visual Studio Code version 1.64.0 or higher.
· Valid subscription for Qualys CloudView (Cloud Security Assessment) app.
· Enabled API access and a role is assigned with all the necessary permissions.

Install the Qualys IaC VSCode Extension


You can install the Qualys IaC VSCode extension from VSCode Extension Marketplace.
Follow the below steps to set up the extension.

1. To install the extension from the VSCode marketplace, open VSCode.

Copyright 2022 by Qualys, Inc. All Rights Reserved.


Qualys VSCode Extension for IaC Security

2. Click the last icon on the left side of the page.

3. Enter Qualys in the search bar to search for all the Qualys extensions.
4. Click the Qualys IaC VSCode extension in the extensions list.

5. Click Install to install the extension in your VSCode. You can see the installed
extension in the Installed tab when you navigate to Organization Settings >
Extension.

2
Qualys VSCode Extension for IaC Security

The installation is now complete.

Getting Started with the Extension


To get started with the Qualys IaC Security Visual Studio Code extension,
1 Open the command palette with Ctrl + Shift + P,
2 Type Qualys to see all the available Qualys commands. Select Qualys IaC
configuration to bring up the settings page.
3 Fill in the input fields such as Platform URL, Username, Password, etc.

3
Qualys VSCode Extension for IaC Security

Available Commands
The following commands are available from the command palette.
• Qualys IaC Scan
• Performs a scan on a Terraform file opened on Visual Studio Code editor
• Qualys IaC configuration
• Adjust Qualys IaC configuration for a particular project

Run A Scan
You can use the Qualys IaC Security extension as a pre-deployment task in your project
pipeline. After installing, you can see the Qualys IaC Scan option when you open the
context menu.

4
Qualys VSCode Extension for IaC Security

To run a simple static scan, choose the Qualys IaC Scan option from context menu or use
shortcut key (Ctrl + Shift + Q).

5
Qualys VSCode Extension for IaC Security

Qualys IaC Scan Result


After the scan is complete, you can view output for details on the job execution.
The Summary displays the details of the Terraform file that is scanned, errors (failures),
scan time, and job details.

You might also like