### Infrastructure as Code (IaC) Scanning basic features

Infrastructure as Code (IaC) Scanning scans your IaC configuration files for known vulnerabilities. Currently, IaC scanning supports configuration files for Terraform, Ansible, AWS CloudFormation, and Kubernetes.

Different features are available in different GitLab tiers, as shown in the following table:  

Capability | In Free | In Ultimate
-- | -- | --
Configure IaC scanner | ✓ | ✓
Download JSON Report | ✓ | ✓
See new findings in merge request widget | X | ✓
Manage vulnerabilities | X | ✓
Access the Security Dashboard| X | ✓

https://docs.gitlab.com/ee/user/application_security/iac_scanning/

#### Download JSON Report

The JSON report file can be downloaded from the merge request widget.

![IaC Scanning free](./iac-scanning-free.png)  

Example project using Infrastructure as Code (IaC) Scanning: [Demo IaC Scanning](https://jihulab.com/ultimate-plan/demo/infrastructure-as-code-scanning/-/tree/2-test-new-policy-name)