Scan for SOC2 Compliance
Cased can analyze your infrastructure as code to identify resources that may not be compliant with SOC2 controls, helping you to maintain a strong security and compliance posture.
Ensuring that your infrastructure is compliant with security standards like SOC2 is a continuous and tedious process. Cased’s compliance workflows will scan your IaC daily or weekly and open pull requests to fix compliance issues for you.
How it Works
Section titled “How it Works”Cased’s compliance checking is a multi-step process that combines static analysis with AI and LLM classification and code generation:
- Code Analysis: Cased scans your infrastructure as code and identifies resources and configurations that could have an impact on your compliance posture.
- Sub-agent Creation: For each potential issue, Cased creates a new sub-agent with context about the resource and the potential issue.
- Compliance Classification: Cased then uses an agent to analyze the sub-agent and to determine which, if any, compliance standards it might violate. The agent will add a “compliance_standards” tag to the sub-agent with the results of its analysis (e.g., “SOC2 CC6.1”).
- Review and fix: You can then review the sub-agents’ work in pull requests, prioritize them based on the compliance standards they affect, and take action to fix any issues.
Getting Started
Section titled “Getting Started”To get started with compliance checking, you’ll need to enable the infrastructure analysis for your projects. Once enabled, Cased will automatically begin to analyze your Terraform code and to create sub-agents for any potential compliance issues it finds.