How would you implement infrastructure-as-code security scanning in a cloud environment at Berkeley Research Group?