Terraform Cloud (Run Tasks) - Administrator Guide - Cortex XSIAM - Cortex Cloud Posture Management - Cortex CLOUD - Cortex - Security Operations

Cortex XSIAM 3.x Documentation
Product
Cortex XSIAM
Creation date
2025-07-15
Last date published
2026-06-04
Category
Administrator Guide

Integrate Application Security with Terraform Cloud (Run Tasks) to enable dynamic, automated, and context-specific scans in your Terraform workspace. Application Security scans Terraform (TF) frameworks for misconfigurations based on default and custom policies whenever changes are triggered, ensuring seamless security checks. It identifies issues such as infrastructure-as-code (IaC) misconfigurations, Software Composition Analysis (SCA ) vulnerabilities, exposed secrets, and license non-compliance, depending on the security scanners that you have subscribed to.

You can monitor and remediate issues directly in the Application Security console. Run statuses and violation details can be tracked in both Application Security and Terraform Cloud through streamlined run task reviews. For more information about streamlined tasks, refer to https://www.hashicorp.com/blog/terraform-cloud-adds-streamlined-run-task-reviews.

Prerequisite

Before you begin:

  • Procure a Terraform cloud license that is either a trial license or a TF Cloud license at the TEAM & GOVERNANCE level

  • Terraform permissions: Grant the user or team the following permissions, depending on integration:

    • Manage Workspaces permissions at the organization level. These permissions are required to attach and manage the run task on workspaces or:

    • Administrator permissions on the workspace(s)

  • Create a Terraform Organization. For more information, refer to theTerraform documentation

  • Create a Terraform Workspace: For more information, refer to the Terraform documentation

Onboarding steps

  1. On your Terraform Cloud platform, create a Terraform api token.

    1. Select your user/profile iconUser Settings.

    2. Select the Tokens section from the left side menu.

    3. Click Create an API tokenprovide a descriptionCreate API token .

    4. Copy and save the token+ Done.

      Note

      Skip this step if you plan on using an existing token.

    For more information about Terraform API tokens, refer to the Terraform API Tokens documentation.

  2. On the Cortex XSIAM console.

    2. Search for and hover over Terraform Cloud (Run Tasks) and click Add, or Add Another Instance if an instance is already onboarded.

  3. Provide your Terraform user or team API token on the Configure Account step of the wizardNext.

  4. Select an organization from the Select Organization step of the wizardNext.

  5. On the Select Workspace step of the wizard.

    1. Select repositories from the Selection Options field.

      • Permit all existing repositories

      • Permit all existing and future repositories

      • Choose from repository list

    2. Select a run plan from the Run Stage field.

      • Pre-plan: The scan runs before Terraform generates the plan

      • Post-plan: The scan runs after Terraform generates the plan

      Note

      Application Security performs a scan of Terraform templates on selected workspaces based on the Run Stage.

    3. Click Save and then Close in the final verification step of the wizard.

  6. Verify integration and confirm that the your integrated Terraform Cloud (Run Tasks) instance has a status of Connected.

    1. On Data Sources & Integrations page, search for Terraform Cloud (Run Tasks).

    2. Hover over and select the resulting entry.

    3. Locate your instance and verify that the status is Connected.

  7. Next step: View scan results and mitigate issues.

Manage data source integrations

Manage integrations to align with evolving requirements and ensure they remain current.

  1. Navigate to SettingsData Sources & Integrations and use the Vendor filter to located the required integration.

  2. Select your vendor from the list.

    The integrated instances for the selected vendor are displayed.

  3. Right-click on an instance and select an option:

    • Edit instance: Redirects to the Select Repositories step of the integration wizard, where you can modify configurations for the selected instance. For more details, refer to the relevant integration guide

    • Delete instance: When confirmed, deletes the instance, including data from previous scans

    • Copy entire row – Copies all column values for the selected row to the clipboard.

Terraform workflow for Run Tasks enforcement

You can declaratively dictate which infrastructure misconfigurations or exposed secrets will trigger a Run Task failure during the terraform plan phase, blocking insecure infrastructure from being deployed via HCP Terraform.

Prerequisites: The HCP Terraform Run Task integration must already be established, and target Asset Groups must be defined.

Configuration: Use the cortexcloud_appsec_policy resource to define the finding types and conditions.

How it works: When HCP Terraform triggers the Run Task, Cortex Cloud evaluates the plan against the cicd_trigger actions defined in this policy to determine if the plan should be blocked.

For more information, refer to Manage resources.