The Zscaler Infrastructure-as-Code (IaC) Scan extension in Visual Studio Code enables developers to identify security misconfigurations in their IaC templates. Developers can scan their IaC templates within Visual Studio Code IDE. The Zscaler IaC Scan extension supports scanning individual IaC files and directories in the workspace.
Features
Scans IaC templates with built-in policies for Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP) and Kubernetes resources.
Supports creating exemptions for policies within a template.
Highlights policy violations with severity for failed resources.
For extension support, contact Zscaler at cspm-support@zscaler.com
Setting Up the Login Flow for Zscaler IaC Scan
After successful installation of the extension, a Zscaler icon will appear within the Visual Studio Code IDE’s navigation menu on the left. Click on the Zscaler icon and the Sign In button appears.
a. Click Sign In
b. Access the Zscaler Iac Scan’s login command by pressing (cmd/CTRL + SHIFT + P) and search for "Zscaler IaC Scan: Login".
c. Select US Region
After selecting the region, enter the email address for the ZPC portal. This is the same address used to log into the ZPC Web Portal.
You are redirected to the Zscaler login page within a browser. Log in using your ZPC Credentials.
After successful login, you are redirected back to Visual Studio Code IDE where you must complete the login flow setup:
a. In the dialog window that appears, click Open Visual Studio Code.
b. On the Visual Studio Code IDE window, in the dialog window that appears, click Open.
You see the ZCP email address at the bottom of the window.
Accessing Zscaler IaC Scan Commands
Zscaler IaC Scan extension provides a set of commands. Press CTRL + SHIFT + P on Windows or CMD + SHIFT + P on macOS, then enter "Zscaler IaC Scan" to search for and access the commands.
Zscaler IaC Scan: Clear IaC Diagnostics Results - Clears all problems and warnings generated by the extension for the IaC resources.
Zscaler IaC Scan: Install/Update - Installs or updates the Zscaler IaC binary, which is used by the extension to run the IaC scans.
Zscaler IaC Scan: Logout - This command becomes available after you have successfully logged in.
Zscaler IaC Scan: Scan Complete Workspace - Scans all IaC files in the current Visual Studio Code workspace.
Zscaler IaC Scan: Scan File - Scans the currently opened file in the Visual Studio Code IDE editor. Scan File is also triggered automatically when you save the file.
Zscaler IaC Scan: Settings - Opens the Settings page.
Viewing Policy Violations
After running the scan on the workspace and files, policy violations are displayed in the PROBLEMS tab of the Visual Studio Code IDE window.
