Case Study

Terraform Code Reviews: Supercharged with Conftest

Published 8:00 AM UTC Feb 26, 2020

Learn how Doordash automated away some mundane code review tasks for infrastructure code.

One of the biggest bottlenecks for creating and updating infrastructure with Terraform is often Code Reviews.

Doordash's Case Study

A developer would open a PR to add some new infrastructure, they'd ping security for review, they'd wait, they'd wait, they'd ping again, they'd get a review, their branch was out of date, they would update their branch, they'd require a new review, they'd ping security, etc. All of this to just update some Security Group rules in AWS.

To alleviate these pains, Doordash implemented some predefined security policies and used conftest to check for policy violations on each PR. If there were no policy violations, security approval was not required. This approach greatly increased the speed at which developers were able to deploy new infrastructure and gave the security team a great deal of time back.

What You'll Learn

In this talk, you'll see how Doordash deploys infrastructure, show a quick example policy in action, and share some basic recipes for automating away some of those mundane code reviews.

Slides

Sign up for the latest HashiCorp news

More resources like this one

3/15/2023
Presentation

Advanced Terraform techniques

2/3/2023
Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

2/1/2023
Case Study

Should My Team Really Need to Know Terraform?

1/20/2023
Case Study

Packaging security in Terraform modules

View all resources

The cloud operating model

Deutsche Bank

Get started in minutes with our cloud products

Explore partners and integrations

HashiConf ‘23 product announcements

Webinars, workshops, and training courses

Explore a brand new developer experience

The 9 pillars that guide us

Discover careers at HashiCorp