The previous parts covered application security — secrets, code vulnerabilities, and dependency CVEs. This part shifts to the infrastructure side. The Terraform in the repo describes the AWS resources the app would run on.
If that infrastructure is misconfigured, it doesn't matter how clean the application code is. IaC scanning catches those misconfigurations before terraform apply ever runs. Code