Toolkit » IHA089

┌──(root㉿IHA089)-[/Toolkit/Automation & Template-Based Scanning/YAML/JSON-based Automation Tools] └─#

Ansible

Ansible Ansible is the agentless automation engine that orchestrates tasks via YAML playbooks, defining idempotent workflows for config management, deployments, or scanning across heterogeneous systems. Write roles for reusable patterns, run via ansible-playbook CLI, and integrate with AWX for GUI orchestration in scaled ops. Open-source from Red Hat, it's the declarative director for sysadmins templating infrastructure as code with minimal overhead.

Terrascan

Terrascan Terrascan is the IaC scanner using YAML policy-as-code to validate Terraform and CloudFormation against custom rules for misconfigs like open ports or weak IAM. Define checks in Rego/YAML, scan dirs via CLI for SARIF outputs, and hook into PRs for gated merges. Open-source from Accurics, it's the policy patroller for cloud devs automating compliance in JSON/YAML configs.

Checkov

Checkov Checkov is the static IaC analyzer with YAML/JSON support for Terraform, scanning for 1000+ policies on AWS/GCP/Azure risks like public S3 or unbound services. Run via pip on repos for colorized outputs, extending with custom bridges to OPA for hybrid enforcement. Open-source from Bridgecrew, it's the shift-left sheriff for engineers templating security gates in code reviews.

Kics

Kics Kics is the multi-cloud IaC scanner templating queries in YAML for Terraform/K8s/CloudFormation, detecting vulns like IAM over-privs with SARIF exports for IDE integration. Compile Rego rules into its engine, scan via CLI for prioritized findings, and automate in CI for baseline checks. Open-source from Checkmarx, it's the query quester for analysts pattern-matching risks in YAML stacks.

Conftest

Conftest Conftest is the lightweight policy tester that validates YAML/JSON configs against Rego rules, ideal for K8s manifests or API schemas in pre-commit hooks. Define policies in files, run via Go binary on inputs for pass/fail verdicts, and output structured errors for feedback loops. Open-source from Styra, it's the config confessor for devs templating validations in declarative pipelines.

Helm

Helm Helm is the K8s package manager using YAML charts for templating deployments, automating releases with values files for env-specific overrides in scanning or app rolls. Create charts with helm create, package and install via CLI, and lint for syntax checks pre-deploy. Open-source from CNCF, it's the chart charioteer for operators automating YAML-based orchestration.

Jsonnet

Jsonnet Jsonnet is the data templating language that extends JSON with variables and functions for generating YAML/JSON configs dynamically, reducing duplication in IaC or dashboards. Write .jsonnet files, compile via CLI to outputs, and embed in pipelines for parameterized scans. Open-source from Google, it's the JSON juggler for engineers templating complex structures without boilerplate.

Cue

Cue Cue is the declarative config language with YAML/JSON validation, enforcing schemas and constraints via custom rules for error-free data in pipelines or manifests. Define cue files with #Schema, validate inputs via CLI, and generate outputs for consistent templating. Open-source from Cue project, it's the constraint composer for devs crafting robust data models in automation flows.

Dhall

Dhall Dhall is the functional config language with YAML/JSON import for type-safe templating, preventing injection via hashes and preventing drift in IaC or CI configs. Write .dhall files with imports, resolve via CLI to outputs, and type-check for safety. Open-source from Gabriel Gonzalez, it's the typed templater for sysadmins automating verifiable configs without YAML pitfalls.

Pulumi

Pulumi Pulumi uses YAML/JSON for stateful IaC templating in code, defining stacks with custom providers for cloud resources and scanning integrations. Author in its SDKs, preview changes via CLI, and deploy with diffs for controlled updates. Open-source core from Pulumi, it's the code-config hybrid for engineers blending templates with programmatic automation.