# IAC Scanning

Infrastructure as code (IaC) streamlines deployment processes by enabling developers to script and manage infrastructure configurations. Tools like [tfsec](https://www.techwithtyler.dev/devsecops/iac-scanning/tfsec) get used to scan code in real-time, enabling developers to preemptively identify security and compliance issues before being deployed.

Many of these tools integrate with IDEs (e.g., VS Code) but can also be set as a job in CI pipelines (e.g., .gitlab-ci.yml for GitLab). This ensures continuous checks throughout the development lifecycle, minimizing the risk of vulnerabilities and reinforcing the reliability and security of the deployed infrastructure.

Let's take a look at a typical deployment process and where these tools can fit into that. 

<figure><img src="https://2721275171-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8yu8YbDfwd1VqEdUxGyA%2Fuploads%2FNOtv8QqBMYAWCnbvMp4T%2Fimage.png?alt=media&#x26;token=58480416-8053-48e5-836b-e462e7cf7bbf" alt=""><figcaption></figcaption></figure>

{% content-ref url="iac-scanning/tfsec" %}
[tfsec](https://www.techwithtyler.dev/devsecops/iac-scanning/tfsec)
{% endcontent-ref %}