Prerequisites
Before viewing and managing IaC assets, verify the following:
Prerequisite | Description |
|---|---|
License | An active Cortex Cloud license with Application Security entitlements |
RBAC role | The AppSec Admin or SOC Analyst role, or an equivalent custom role with asset inventory and issue management permissions |
VCS integration | At least one Version Control System (GitHub, GitLab, Bitbucket, Azure DevOps) integrated and active |
Scanner enablement | At least one repository with IaC scanning enabled and a completed scan resulting in discovered resources |
How to access IaC assets
To access IaC assets, go to Inventory, select → → .
The IaC Resources assets page includes a dashboard and an inventory table.
IaC resources dashboard
The dashboard includes three widgets. To focus the IaC asset inventory on a specific set of resources, select a value in a widget and then choose Filter in, or Filter out to exclude a specific resource from the results.
Cloud Providers: Displays the total amount of IaC resources categorized by connected cloud providers such as AWS and GCP and the number of IaC resources found in each provider
Frameworks: Displays connected frameworks such as Terraform and Kubernetes and the number of IaC resources found in each framework
Drifted Resources: Shows the total number of IaC resources with detected drift, broken down by cloud provider, where each provider displays its own drift count
IaC asset inventory
The following table describes the default exposed properties of the IaC Resource asset table. Select Menu Settings to view additional properties.
Property | Description |
|---|---|
Name | The logical name assigned to the resource within the IaC template code |
Resource type | The specific infrastructure category defined by the provider such as |
Framework | The IaC technology used to define the resource such as |
Cloud provider | The cloud service provider where the resource is intended to be deployed such as |
Repository | The name of the version control repository containing the IaC source file |
Provider | The Version Control System (VCS) platform hosting the repository such as |
File path | The specific directory path to the manifest or template file within the repository |
Branch | The specific branch of the repository where the IaC resource was detected |
Business application names | The business applications associated with the resource, which are automatically mapped based on the application assignment of the parent repository |
First observed | The date and time the IaC resource was initially discovered in the inventory |
Last observed | The date and time of the most recent scan that confirmed the presence of the resource |
Filter and prioritize IaC resources
To effectively reduce the infrastructure risk surface, apply the following high-priority filtering workflows:
Target critical infrastructure: Filter by Business Application Names to prioritize misconfigurations in resources that support essential services
Investigate drifted resources: Filter by Drifted Resources to identify infrastructure where the runtime configuration has diverged from the IaC template
Isolate deployed infrastructure: Filter by C2C Traced Assets (in the More Actions menu next to Filters) to identify IaC templates that are actively running in your cloud environment rather than dormant code
Scope by framework: Filter Frameworks to isolate specific technologies such as Kubernetes manifests for container security audits