CoGuard scans more than individual configuration files.

We understand the connections between different software configurations and can ensure configurations and policies are evaluated within the context of deployment. We have a simple way of defining custom rules that allow clients the ability to extend and customize using a Python API. Integrations can be completed using existing DevOps tool stack.

It's your workflow. It is entirely up to you. Your security policies can enforce a clean CoGuard report as a pre-requisite for a deployment or not.

Many clients choose to adjust the script in their CI/CD pipeline to have the most severe security vulnerabilities stop deployment (level 4 and 5) until fixed. Remediation steps are provided by CoGuard.

Best practices for configurations are dynamic and change over time as new security recommendations are added.

For example, Log4Shell as an example. CoGuard would have pointed you at the files on the respective hosts, on the cloud and on premise, enabling you to remediate this issue instantly, without having to manually search for the respective files.

Allowing you to disable the vulnerable configurations, eliminating the configuration settings causing the vulnerability, while the team waits for the update or patch.

While we consider IaC best practice for many reasons, CoGuard picks you up where you are at in your journey of better IT infrastructure, from simple individual configuration checks to more complicated cross-dependency policy enforcement.

Neither. While we have ways to detect configuration drift using agents or API access. Our primary mission is to change the way people secure and set up infrastructure.

Ideally, all scanning should be done in advance, using each and every configuration file (similar like static analysis for code).