Cirroscan is a static code analyzer for Infrastructure as Code. most often used in automated continuous integration continuous deployment (CI/CD) pipelines to identify policy violations before insecure infrastructure is provisioned. Terrascan provides out-of-the-box policies so that user can scan Infrastructure as Code against common policy standards such as the CIS Benchmark, SOC2, PCI DSS, HIPAA, NYDFS, and GDPR Benchmark. Also user can easily create custom policies