Set up tfsec for your Terraform

tfsec is a static analysis tool for your Terraform code.

It has different rules that you can enable against different major cloud providers.

Here’s some example output (taken from their README): tfsec example output

If your organization enables teams to use Terraform, enabling tfsec is a good first line of defense for potential security issues.

Note: It seems like tfsec is migrating to Trivy. I haven’t evaluated Trivy yet, but have used tfsec to good effect in the past.


Like what you've read?

If you're an engineering leader or developer, you should subscribe to my 80/20 DevOps Newsletter. Give me 1 minute of your day, and I'll teach you essential DevOps skills. I cover topics like Kubernetes, AWS, Infrastructure as Code, and more.

Not sure yet? Check out the archive.

Unsubscribe at any time.