▸ Blog
Compliance engineering, Terraform security, and infrastructure-as-code.
Why Every Terraform Change Is a Compliance Event
May 12, 2026
Most teams treat Terraform plans as deployment artifacts. They're actually compliance evidence. Here's how to map every resource change to a SOC 2 control before it hits production.
Automating SOC 2 Evidence Collection with Terraform
April 28, 2026
Manual evidence collection is the bottleneck in every SOC 2 audit. We built a pipeline that maps Terraform state to control IDs and generates auditor-ready attestations automatically.
Designing an AI Agent Gate for Infrastructure Changes
April 15, 2026
AI coding agents are writing Terraform now. How do you enforce compliance when the author is non-human? The agent gate pattern — policy-as-code meets AI safety.