A static analysis security scanner for your Terraform code

tfsec is a developer-first security scanner for Terraform templates. It uses static analysis and deep integration with the official HCL parser to ensure security issues can be detected before your infrastructure changes take effect.

Designed to run locally and in your CI pipelines, developer-friendly output and fully documented checks mean detection and remediation can take place as quickly and efficiently as possible

Browse Checks

Chose an option that you need help with or search above


Browse checks for the AWS provider


Browse checks for the Azure provider


Browse checks for the Google Cloud provider

Digital Ocean

Browse checks for the Digital Ocean provider


Browse checks for the OpenStack provider


Browse checks for the Cloud Stack provider

Frequently asked questions

Answers to the questions most commonly asked

Getting Started
Provider Checks
GitHub Actions