CoGuard scans more than individual configuration files.

We understand the connections between different software configurations and can ensure configurations and policies are evaluated within the context of deployment. We have a simple way of defining custom rules that allow clients the ability to extend and customize using a Python API. Integrations can be completed using existing DevOps tool stack.

It's your workflow. It is entirely up to you. Your security policies can enforce a clean CoGuard report as a pre-requisite for a deployment or not.

Many clients choose to adjust the script in their CI/CD pipeline to have the most severe security vulnerabilities stop deployment (level 4 and 5) until fixed. Remediation steps are provided by CoGuard.

Best practices for configurations are dynamic and change over time as new security recommendations are added.

For example, with the Log4Shell vulnerability CoGuard would have identified the configuration files on the respective hosts, on the cloud and on premise, enabling you to remediate this issue instantly, without having to manually search for the respective files.

Allowing you to disable the vulnerable configurations, eliminating the configuration settings causing the vulnerability, while the team waits for the update or patch.

While we consider IaC best practice for many reasons, CoGuard picks you up where you are at in your journey of better IT infrastructure, from simple individual configuration checks to more complicated cross-dependency policy enforcement.

Neither.

Our primary mission is to change the way people secure and set up infrastructure. Ideally, all scanning should be done in advance, using each and every configuration file (similar like static analysis for code).