The IaC misconfigurations table provides a consolidated view of all IaC misconfiguration issues. Each row represents an issue created when a scanner finding matches a unified policy, linking the misconfiguration to a specific detection rule, file, repository, and the policy that triggered the issue.
Visible columns (default)
Column | Description |
|---|---|
Severity | The severity level assigned to the misconfiguration: Critical, High, Medium, Low, Informational, or Unknown. Severity is determined by the detection rule and may be overridden by a matched unified policy |
Name | The descriptive name of the misconfiguration (such as Container is privileged misconfiguration detected in code). The Name column serves as the primary identifier for the issue |
File Path | The path to the IaC template file containing the misconfiguration, including the affected line range (such as |
Branch | The repository branch where the misconfiguration was detected (such as |
Created | The timestamp when the issue was first detected |
Framework | The IaC framework of the affected template: Terraform, CloudFormation, or Kubernetes |
Prioritization Labels | Contextual labels that indicate risk-amplifying factors such as deployment status, internet exposure, or application criticality |
Hidden columns (available via column picker)
Column | Description |
|---|---|
Data Source | The VCS provider where the repository is hosted (GitHub, GitLab, Bitbucket, Azure DevOps, and variants) |
Last Updated | The timestamp of the most recent update to the issue |
Alert Description | A detailed description of the misconfiguration and the recommended configuration |
Asset ID | The internal identifier of the IaC asset |
Detection Method | The scanner that detected the misconfiguration (CAS_IAC_SCANNER) |
Alert Source | The originating scanner source |
Git User | The Git author associated with the commit that introduced the misconfiguration |
Finding ID | The unique identifier of the underlying finding |
Issue ID | The internal issue identifier used for API operations and cross-referencing |
Manual Fix Suggestion | The recommended manual remediation steps, including code samples |
Rule ID | The detection rule identifier (such as |
Code Lines | The specific line range within the file where the misconfiguration occurs |
Domain Provider | The cloud provider domain associated with the misconfiguration |
Code Block | The source code snippet containing the misconfigured resource |
Code Highlights | The specific lines within the code block that are flagged |
Domain | The security domain classification (such as POSTURE) |
Assignee | The user assigned to remediate the issue |
Assignee Name | The display name of the assigned user |
Resolution Status | The current resolution state: New, In Progress, or Resolved |
Resolution Comment | The comment provided when the resolution status was changed |
Original Severity | The severity assigned by the detection rule before any policy override |
Provider Link | A direct link to the file in the VCS provider |
Is Fixable | Indicates whether an automated fix pull request is available for the misconfiguration |
Rule ID Link | A link to the detection rule documentation |
Finding Category | The category classification of the finding (such as Application Security) |
Subcategory | The subcategory classification of the finding |
Tags | User-defined or system-generated tags applied to the issue |
Filter and sort the table:
Use the filter bar at the top of the IaC Misconfigurations table to narrow results by any filterable column. Common filtering strategies include:
By severity: Filter to Critical and High severity to focus on the most impactful misconfigurations
By framework: Filter to a specific IaC framework (such as Terraform) to scope remediation to a single technology stack
By branch: Filter to the main or production branch to focus on misconfigurations that affect production-bound code
By resolution status: Filter to New to identify untriaged misconfigurations, or to In Progress to monitor active remediation
By Is Fixable: Filter to True to identify misconfigurations with available automated fix pull requests