Set up tfsec for your Terraform
tfsec is a static analysis tool for your Terraform code.
It has different rules that you can enable against different major cloud providers.
Here’s some example output (taken from their README):
If your organization enables teams to use Terraform, enabling tfsec
is a good first line of defense for potential security issues.
Note: It seems like tfsec
is migrating to Trivy
. I haven’t evaluated Trivy
yet, but have used tfsec to good effect in the past.
Join the 80/20 DevOps Newsletter
If you're an engineering leader or developer, you should subscribe to my 80/20 DevOps Newsletter. Give me 1 minute of your day, and I'll teach you essential DevOps skills. I cover topics like Kubernetes, AWS, Infrastructure as Code, and more.
Not sure yet? Check out the archive.
Unsubscribe at any time.