Organizations that have adopted infrastructure as code and self-service infrastructure platforms are looking for ways to give teams a maximum of autonomy while still enforcing good security practices and organizational policies. We've highlighted tfsec before and are moving it into the Adopt category in this Radar. For teams working on GCP, Terraform Validator could be an option when creating a policy library, a set of constraints that are checked against Terraform configurations.