Structuring Infrastructure Automation with Harness IACM & Checkov – Real-World DevSecOps for IaC

Description

In this video I walk through how I actually think about applying security and governance to Infrastructure-as-Code automation using Terraform, Checkov, and Harness IACM. I’ve spent most of my career in security, operations, and DevSecOps, working with teams who are already deep into Terraform but are still living in the “Wild West” of ungoverned pipelines and after-the-fact CSPM alerts. This is my practical take on how to clean that up. What I cover: Why ungoverned Terraform / IaC pipelines are extremely dangerous (and how misconfigurations really get introduced) The difference between CSPM finding issues after the fact vs. using IaC automation to prevent them in the first place How to easily wire Checkov into a Terraform pipeline in Harness (including severity-based failure) Using Harness IACM to add approvals, auditability, and real governance around plan/apply How Harness AI can enrich scanner findings with pipeline context, Git metadata, and tickets to tighten the DevSecOps feedback loop If you’re running Terraform or OpenTofu at scale and you’re feeling the pain around security, compliance, and “who changed what, where, and when?”, this walkthrough should give you a concrete model to start from. Tools mentioned: Terraform, OpenTofu, Checkov, TFSec, Harness IACM, CSPM If you’d like a deeper dive or want to see this mapped to your environment, feel free to reach out or drop a comment. #terraform #infrastructureascode #devsecops #checkov #harness #iacm #security