With the introduction of infrastructure-as-code, we have the opportunity to catch security issues within the CI/CD before they manifest themselves in the cloud as part of GitOps. In this talk, we will dive into techniques for Terraform threat modeling. This includes static and dynamic analyses that can prevent supply chain attacks, detect privilege escalation, drift, etc. Find out what scan tools and techniques exist, and when to choose what technique. Learn about the stages of implementing IaC security automation, all while being part of the GitOps journey.