WHAT IS FORTIFYFOX?
As Infrastructure as Code (IaC) increases in popularity, security around code configurations becomes ever more important.
For instance, is activity logging and encryption enabled in the configurations? Are critical services configured to allow for automated failover?
FortifyFox’s Template Scanner examines your IaC configurations and identifies vulnerabilities in accordance with established industry compliance standards.
FortifyFox gives developers the opportunity to address identified risks prior to deployment, potentially saving effort and costs in subsequent downtime and redeployments.
FortifyFox currently supports analysis of AWS CloudFormation templates.
IT'S EASY TO USE!
All you need to do is upload your AWS CloudFormation template, then choose your desired security standard.
FortifyFox will scan your configurations and report back on non-compliances and their suggested resolutions.
AUTO RESOLUTION
Ready in Q1 2023
FortifyFox provides the option to auto-resolve non-compliances against a selected list of security requirements. This feature will update your IaC configurations on your behalf and save the changes as new versions. A report clearly details the changes made so you have complete understanding and control over how Auto-resolution assists you.
ALERT CONFIGURABILITY
Ready in Q1 2023
FortifyFox gives you the ability to suppress selected alerts and save the configuration as a scan profile if you so choose. This is particularly useful when you want to focus on specific resources in the design and build phases and temporarily ignore alerts that are not of immediate concern to you.
When you are ready to deploy, you can revert the scanner to its standard settings and check against the full list of compliance requirements.
