tfsec

static analyzer for Terraform

WWW CVSWeb GITHub
  1. Package version
    tfsec-1.28.5
  2. Maintainer
    Pavel Korovin

tfsec uses static analysis of your Terraform code to spot potential
misconfigurations.

Features:
* Checks for misconfigurations across all major (and some minor) cloud providers
* Hundreds of built-in rules
* Scans modules (local and remote)
* Evaluates HCL expressions as well as literal values
* Evaluates Terraform functions e.g. concat()
* Evaluates relationships between Terraform resources
* Compatible with the Terraform CDK
* Applies (and embellishes) user-defined Rego policies
* Supports multiple output formats: lovely (default), JSON, SARIF, CSV,
CheckStyle, JUnit, text, Gif.
* Configurable (via CLI flags and/or config file)
* Very fast, capable of quickly scanning huge repositories
* Plugins for popular IDEs available (JetBrains, VSCode and Vim)
* Community-driven - come and chat with us on Slack!

  • lang/go