A static analysis security scanner for your Terraform code. Discover problems with your infrastructure before hackers do.
What is tfsec?
tfsec is a developer-first security scanner for Terraform templates. It uses static analysis and deep integration with the official HCL parser to ensure security issues can be detected before your infrastructure changes take effect. Designed to run locally and in your CI pipelines, developer-friendly output and fully documented checks mean detection and remediation can take place as quickly and efficiently as possible.
Built for CI and local use
Use our docker image or grab the binary and run it in your build pipelines. Simple, readable output and remediation information makes it quick and easy to find and fix security issues.
We run checks against AWS, Google Cloud and Azure. Additional "generic" checks have the potential to detect issues across all Terraform providers.
Full parser integration
Taking advantage of the official Hashicorp HCL parser means we can fully parse HCL expressions, thus having more detection power than traditional tools which rely on pattern matching.