tfsec is a static analysis security scanner for your Terraform code. Designed to run locally and in your CI pipelines, developer-friendly output and fully documented checks mean detection and remediation can take place as quickly and efficiently as possible. tfsec takes a developer-first approach to scanning your Terraform templates; using static analysis and deep integration with the official HCL parser it ensures that security issues can be detected before your infrastructure changes take effect. Checks for misconfigurations across all major (and some minor) cloud providers. Applies (and embellishes) user-defined Rego policies. Supports multiple output formats: CLI, JSON, SARIF, CSV, CheckStyle, and JUnit. Configurable (via CLI flags and/or config file). Very fast, capable of quickly scanning huge repositories. Plugins for popular IDEs available (JetBrains, VSCode and Vim).

Features

  • Hundreds of built-in rules
  • Scans modules (local and remote)
  • Evaluates HCL expressions as well as literal values
  • Evaluates Terraform functions
  • Evaluates relationships between Terraform resources
  • Compatible with the Terraform CDK

Project Samples

tfsec Screenshot 1

Project Activity

See All Activity >

Categories

Vulnerability Scanners, Static Code Analysis

License

MIT License

Follow tfsec

tfsec Web Site

Other Useful Business Software
Auth0 for AI Agents now in GA Icon
Auth0 for AI Agents now in GA

Ready to implement AI with confidence (without sacrificing security)?

Connect your AI agents to apps and data more securely, give users control over the actions AI agents can perform and the data they can access, and enable human confirmation for critical agent actions.
Start building today
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of tfsec!

Additional Project Details

Operating Systems

Linux

Programming Language

Go

Related Categories

Go Vulnerability Scanners, Go Static Code Analysis Tool

Registered

2022-03-31
Report inappropriate content