The IaC drift detection table provides a consolidated view of all drift findings. Each row represents a drift finding created when the scanner detects a discrepancy between the resource configuration defined in an IaC template and the actual configuration of the corresponding deployed cloud resource.
Property | Description |
|---|---|
Severity | The level of risk associated with the drift finding. Values: Informational, Low , Medium, High, Critical, Unknown |
Name | The specific name or title of the finding, clearly identifying the detected security issue resulting from the configuration drift |
Code IaC Resource | The name of the IaC resource (code asset) in the repository that corresponds to the drifted Cloud Resource. This is the source of truth that failed to prevent the drift |
Cloud Resource | The specific type of the live cloud asset that experienced drift (such as AWS Internet Gateway, Azure Security Group) |
Framework | The Infrastructure as Code (IaC) framework or language used to define the original code asset (such as CloudFormation, Terraform) |
Repository | The version control repository where the problematic IaC code or configuration files reside |
AppSec Policy ID | The ID of the Application Security policy that created the drift issue |
Data Source | The version control system from which the original data for the IaC asset was pulled (such as GitHub, GitLab) |
Cloud Provider | The cloud service provider hosting the drifted resource (such as AWS, Azure, GCP) |
Branch | The specific branch in the version control repository containing the IaC definition |
SLA | The deadline or status of the issue remediation timeline based on the organization's Service Level Agreement. For more information, refer to Service Lead Agreements (SLA) |
File Path | The full directory path to the specific IaC file within the repository |
Status | The current lifecycle state of the drift issue. Values: Approaching, On Track, Overdue |
Created | The timestamp when the issue was created |
Backlog Status | Indicates whether the issue is classified as pre-existing technical debt (Backlog) or a newly introduced misconfiguration (New). For more information, refer to Backlog baseline |
Assignee | The individual responsible for addressing and resolving the issue |
Business Application | The business application associated with the drifted IaC resource and the corresponding cloud asset. For more information about business applications, refer to Defining Business Applications |
Filter and sort the table
Use the filter bar at the top of the IaC Drift Detection table to narrow results by any filterable column. Common filtering strategies include:
By severity: Filter to Critical and High severity to focus on drift findings with the greatest security impact
By cloud provider: Filter to a specific cloud provider (such as AWS) to scope drift remediation to a single cloud environment