docs(lab6): add IaC security scanning and comparative analysis

[fayz131]

Goal

The goal of this pull request is to perform Infrastructure-as-Code (IaC) security analysis on intentionally vulnerable Terraform, Pulumi, and Ansible configurations using multiple security scanning tools and compare their effectiveness.

Changes

• Implemented Terraform security scanning using:
  • tfsec
  • Checkov
  • Terrascan
• Performed Pulumi security scanning using KICS
• Performed Ansible security scanning using KICS
• Generated security analysis reports for all scans
• Created comparative analysis of IaC security tools
• Documented findings and remediation recommendations in labs/submission6.md

Testing

The following commands were executed using Docker containers:

Terraform scanning:

• tfsec scan
• Checkov Terraform scan
• Terrascan Terraform policy scan

Pulumi scanning:

• KICS Pulumi YAML security analysis

Ansible scanning:

• KICS Ansible playbook security analysis

Summary of results:

Terraform:

• tfsec findings: 53
• Checkov findings: 78
• Terrascan findings: 22

Pulumi (KICS):

• Total findings: 6
• High: 2
• Medium: 1
• Low: 0

Ansible (KICS):

• Total findings: 10
• High: 9
• Medium: 0
• Low: 1

Artifacts & Screenshots

Generated security reports included in this PR:

• labs/lab6/analysis/tfsec-results.json
• labs/lab6/analysis/tfsec-report.txt
• labs/lab6/analysis/checkov-terraform-results.json
• labs/lab6/analysis/checkov-terraform-report.txt
• labs/lab6/analysis/terrascan-results.json
• labs/lab6/analysis/terrascan-report.txt
• labs/lab6/analysis/kics-pulumi-results.json
• labs/lab6/analysis/kics-pulumi-report.html
• labs/lab6/analysis/kics-ansible-results.json
• labs/lab6/analysis/kics-ansible-report.html
• Terraform comparison and analysis files

---

Checklist

• [ ✅] PR title is clear and descriptive
• [✅ ] Documentation updated if needed
• [✅ ] No secrets, temporary files, or large binaries included