The concept of Infrastructure as Code (IaC) is gaining popularity, allowing developers to manage and provision infrastructure through machine-readable definition files. This approach enables a declarative or imperative process, where the system executes the necessary commands to achieve the desired state. However, IaC also brings its own set of challenges, including security risks that can be exploited by bugs and vulnerabilities in the code. The Shared Responsibility Model between cloud providers and customers is crucial in addressing these concerns, with customers responsible for securing their platform and resource configurations within the cloud. To mitigate these risks, SonarSource has added rules to detect code smells, bugs, and vulnerabilities in IaC projects, providing a solution for secure coding practices.