Set up tfsec for your Terraform
tfsec is a static analysis tool for your Terraform code.
It has different rules that you can enable against different major cloud providers.
Here’s some example output (taken from their README):
If your organization enables teams to use Terraform, enabling
tfsec is a good first line of defense for potential security issues.
Note: It seems like
tfsec is migrating to
Trivy. I haven’t evaluated
Trivy yet, but have used tfsec to good effect in the past.
Like what you've read?
If you're an engineering leader or developer, you should subscribe to my 80/20 DevOps Newsletter. Give me 1 minute of your day, and I'll teach you essential DevOps skills. I cover topics like Kubernetes, AWS, Infrastructure as Code, and more.
Not sure yet? Check out the archive.
Unsubscribe at any time.