Skip to main content

Skyhigh Security is launching standalone documentation portals to support Japanese, German, and French languages. We are not supporting auto-translation. Stay tuned for further updates. Thanks for your support.

Skyhigh Security

About On-Demand Scans for DevOps

While Configuration Audit reports and makes sure that currently deployed infrastructure is compliant and secure, extending those checks to DevOps templates allows you to keep up with how new resources are deployed or existing ones are updated. On-Demand Scans for DevOps identify compliance issues and enforce remediation steps earlier in the cycle, which saves time and effort.

DevOps Scan Workflow

An On-Demand Scan for DevOps evaluates active Config Audit policies on the templates according to the scan configuration for the specified AWS S3 buckets or Azure Blob Containers. After the scan is complete, you can view the IaaS provider's DevOps template in the Analytics > Resources page using the filter Resource Type, or the specific template name in the table view.

You can also:

  • View different types of resources that are deployed by the template
  • Filter based on compliance status
  • View specific policies and incidents attributing to a template being non-compliant

Supported Templates

  • AWS CloudFormation
  • Azure Resource Manager
  • Terraform
  • Amazon ECS Fargate CloudFormation


  • Was this article helpful?