Executed
iac-scan.executed
Verifies that IaC scanning was executed on the component. Fails if no scanner has written to .iac_scan.
Compatible Integrations
This guardrail works with the following integrations. Click to see how to use Executed with each collector.
Enable This Guardrail
Add the parent policy to your lunar-config.yml to enable this guardrail.
policies:
- uses: github://earthly/lunar-lib/policies/iac-scan@v1.0.0
include: [executed]
# with: ...
How This Guardrail Works
This guardrail is part of the IaC Scan Guardrails policy. It evaluates data collected by integrations and produces a pass/fail check with actionable feedback.
When enabled, this check runs automatically on every PR and in AI coding workflows, providing real-time enforcement of your engineering standards.
Learn How Lunar Works →Configuration Options
These inputs can be configured in your lunar-config.yml to customize
how the parent policy (and this guardrail) behaves.
| Input | Required | Default | Description |
|---|---|---|---|
min_severity
|
Optional |
high
|
Minimum severity to fail on (critical, high, medium, low) |
max_total_threshold
|
Required | — | Maximum total findings allowed (must be configured) |
IaC Scan Guardrails
This guardrail is part of the IaC Scan Guardrails policy, which includes 3 guardrails for security and compliance.
Ready to Automate Your Standards?
See how Lunar can turn your engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 100+ built-in guardrails.