Blog Engineering How to get GitOps right with infrastructure as code security
Published on June 10, 2021
4 min read

How to get GitOps right with infrastructure as code security

Learn how the GitLab and Indeni integration makes security a core component of your GitOps workflow.


In today's competitive digital era, it is imperative for organizations to undergo a digital transformation to effectively compete. For many, achieving a digital transformation means transitioning toward a DevOps model.

DevOps has been around for many years, and the development side of the house has benefitted from the core practices of DevOps. However, the infrastructure side of the house has been lagging behind, particularly when it comes to speed. With infrastructure as code (IaC) and GitOps, infrastructure teams have been able to apply the same disciplines and quality gates that are used to manage application code to the infrastructure - to deliver products faster, with more predictability and at scale.

Security slowing down delivery

While the GitOps concept promises faster and more frequent deployment, the last thing you want is to be slowed down by your legacy security programs. How often has your release stopped near the end of process because it failed the security gate? All too often security testing is tacked on at the end of delivery. Developers inevitably spend significant time and energy investigating these security issues, which delays the release. Uncovering issues late in the cycle is expensive and painful to fix, not to mention creating unnecessary stress.

The software development process has been shifting left to deliver better-quality software faster. By using IaC, you can adopt the same DevOps principle for the infrastructure. Learning from the development world, you should integrate security controls into the development lifecycle early and everywhere.

How to shift your IaC security checks left

The core of the partnership between Indeni and GitLab is about making security a key part of the GitOps practice. The Indeni Cloudrail and GitLab CI/CD integration brings IaC security into the tools that developers are familiar with and want to use.

GitOps workflow How GitLab CI/CD fits into the Indeni Cloudrail DevOps workflow.

The joint solution modernizes security programs with the shift-left approach and automates infrastructure compliance. Developers no longer need to get in line for security reviews. Instead, IaC will be automatically evaluated for security impacts. Security controls are integrated into the development lifecycle before deployment.

GitOps workflow Catching IaC security violations in GitLab CI/CD.

GitOps workflow Details of the IaC Security violation.

As shown in the example above, Indeni Cloudrail provides feedback in GitLab CI. This way, security risks relating to the infrastructure can be instantly remediated when they are made so developers can move fast. You can think of the shift security left approach as testing IaC continuously and preventing insecure infrastructure from being deployed.

Don't let those noisy security tools impede your GitOps practice

Security tools are notorious for being noisy with their many false positives. According to the Advanced Technology Academic Research Center (ATARC) Federal DevSecOps Landscape survey, too many false positives is the number one frustration with security testing. A noisy security tool can be counterproductive by inadvertently stopping the pipeline frustrating your developers.

What makes Indeni Cloudrail unique is its context-based analysis, which refers to its ability to understand the relationships among cloud resources, making in-depth security analyses possible. Cloudrail also factors in already existing resources in the cloud environment to gain a holistic view as part of its analysis. The end result is three times less noise than any comparable IaC security tools in the market. In essence, Cloudrail will only bother developers with problems that truly matter to the organization. Learn more about what makes Cloudrail unique in this blog post.

Why GitLab and Indeni are better together

By delivering a developer-centric security tool for IaC, security has a better chance of gaining acceptance in the developer community. Together, Indeni and GitLab equip developers with the right tools to support a GitOps model and help organizations with their digital transformation.

Watch the demo

Watch the Cloudrail demo to see the GitOps workflow for IaC security.

About Indeni

Indeni automates best practices for network security and cloud security. Its security infrastructure platform automates health and compliance checks for leading firewalls to maximize uptime and efficiency. Its Infrastructure-as-Code security analysis tool, Cloudrail, automates infrastructure compliance to prevent insecure cloud environments from being deployed.

Cover image by Dimitry Anikin on Unsplash

We want to hear from you

Enjoyed reading this blog post or have questions or feedback? Share your thoughts by creating a new topic in the GitLab community forum. Share your feedback

Ready to get started?

See what your team could do with a unified DevSecOps Platform.

Get free trial

New to GitLab and not sure where to start?

Get started guide

Learn about what GitLab can do for your team

Talk to an expert