Skip to content

khulnasoft/tfsecurity

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

55 Commits
.github
.github
 
 
.vscode
.vscode
 
 
_examples
_examples
 
 
cmd
cmd
 
 
docs
docs
 
 
internal
internal
 
 
scripts
scripts
 
 
test
test
 
 
utils/gpg_keys
utils/gpg_keys
 
 
version
version
 
 
.codetypoignore
.codetypoignore
 
 
.gitignore
.gitignore
 
 
.golangci.yml
.golangci.yml
 
 
.goreleaser.yml
.goreleaser.yml
 
 
.goreleaser_github.yml
.goreleaser_github.yml
 
 
.pre-commit-hooks.yaml
.pre-commit-hooks.yaml
 
 
ARCHITECTURE.md
ARCHITECTURE.md
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
Dockerfile
Dockerfile
 
 
Dockerfile.ci
Dockerfile.ci
 
 
Dockerfile.scratch
Dockerfile.scratch
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
SIGNING.md
SIGNING.md
 
 
STRUCTURE_MIGRATION.md
STRUCTURE_MIGRATION.md
 
 
codescanning.png
codescanning.png
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
mkdocs.yml
mkdocs.yml
 
 
rules.md
rules.md
 
 
scanningalert.png
scanningalert.png
 
 
screenshot.png
screenshot.png
 
 
tfsecurity-to-trivy-migration-guide.md
tfsecurity-to-trivy-migration-guide.md
 
 
tfsecurity.png
tfsecurity.png
 
 

Repository files navigation

tfsecurity

GitHub release (latest by date) Go Report Card Slack

tfsecurity is a static analysis tool for Terraform that spot potential misconfigurations.

Features

  • Checks for misconfigurations across all major (and some minor) cloud providers
  • Hundreds of built-in rules
  • Scans modules (local and remote)
  • Evaluates HCL expressions as well as literal values
  • Evaluates Terraform functions e.g. concat()
  • Evaluates relationships between Terraform resources
  • Compatible with the Terraform CDK
  • Applies (and embellishes) user-defined Rego policies
  • Supports multiple output formats: lovely (default), JSON, SARIF, CSV, CheckStyle, JUnit, text, Gif.
  • Configurable (via CLI flags and/or config file)
  • Very fast, capable of quickly scanning huge repositories
  • Plugins for popular IDEs available
  • Community-driven - come and chat with us!

Recommended by Thoughtworks

Rated Adopt by the Thoughtworks Tech Radar:

For our projects using Terraform, tfsecurity has quickly become a default static analysis tool to detect potential security risks. It's easy to integrate into a CI pipeline and has a growing library of checks against all of the major cloud providers and platforms like Kubernetes. Given its ease of use, we believe tfsecurity could be a good addition to any Terraform project.

Example Output

Example screenshot

Installation

Install with brew/linuxbrew

About

khulnasoft.github.io/tfsecurity/

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases 4

v1.28.19 Latest
Mar 14, 2025
+ 3 releases

Packages

 
 
 

Contributors

Languages