Banner generated with AI assistance · MK ScorpioSec
IaC security research — applied findings from real-world infrastructure analysis.
| Study | Description | Status |
|---|---|---|
| TerraGoat gap analysis | 187 undocumented findings across Checkov, Trivy, and pq-audit. Running only the official scanner shows 23% of actual exposure. | ready |
Each study applies the full MK ScorpioSec research pipeline:
- Static analysis with multiple tools (not just the "official" one)
- Cross-tool gap matrix: what each scanner covers vs. misses
- Post-quantum cryptography layer via pq-audit
- Raw evidence published with every finding
Tools developed or maintained by MK ScorpioSec and used in this research:
| Tool | Description | License |
|---|---|---|
| pq-audit | Post-quantum cryptography audit framework — 10-layer scan (code, cloud, deps, config, certs, network, containers, api, compliance, web3) with BROKEN_NOW / SNDL_VULNERABLE classification | Apache 2.0 |
Third-party tools used across studies:
| Tool | Vendor | License |
|---|---|---|
| Trivy | Aqua Security | Apache 2.0 |
| Checkov | Bridgecrew / Palo Alto | Apache 2.0 |
| TruffleHog | Truffle Security | AGPL-3.0 |
Security disclosure: GitHub Security Advisories
I don't hunt threats. I am the threat.