tfsec

Code scanner

A tool for identifying potential misconfigurations in Terraform code during the software development process

Tfsec is now part of Trivy

GitHub

7k stars
70 watching
542 forks
Language: Go
last commit: 8 days ago
Linked from 5 awesome lists

awsazurecicompliancedevopsdevsecopsdigitaloceangogoogle-cloud-platformhacktoberfestinfrastructure-as-codelintermisconfigurationscannersecuritystatic-analysisterraformterraform-securityvulnerability-scanners

Backlinks from these awesome lists:

Related projects:

Repository Description Stars
tenable/terrascan Detects security vulnerabilities and compliance issues in infrastructure code before provisioning cloud-native infrastructure. 4,779
reviewdog/action-tfsec Automates security testing of Terraform configurations on GitHub pull requests. 72
tcosolutions/betterscan A toolchain that scans source code and infrastructure IaC for security risks and provides a unified report. 831
hxsecurity/terraformgoat A multi-cloud deployment tool designed to test and demonstrate the vulnerability of cloud infrastructure configurations 541
zupit/horusec Identifies security flaws in software projects through static code analysis 1,154
security-code-scan/security-code-scan Detects vulnerabilities in C# and VB.NET code 942
controlplaneio/kubesec Analyzes Kubernetes resources for security vulnerabilities 1,255
cloudposse-archives/tfmask Utility to filter sensitive output from terraform plan and apply executions 202
aquasecurity/cloudsploit A tool designed to detect security risks in cloud infrastructure accounts 3,372
0xdones/tfgen Terraform code generator for consistent and maintainable configuration files 82
securityftw/cs-suite An automated tool suite to assess and improve cloud security across multiple platforms 1,145
trimstray/otseca Tool to scan and gather information about a system's configuration and components. 487
checkmarx/kics A tool for detecting security vulnerabilities and compliance issues in infrastructure-as-code projects 2,117
stelligent/cfn_nag A tool to automatically scan and enforce security best practices in CloudFormation templates. 1,260
gosecure/dtd-finder Identifies and generates XXE payloads from local DTDs found in file systems. 615