A static analysis security scanner for your Terraform code
tfsec is a developer-first security scanner for Terraform templates. It uses static analysis and deep integration with the official HCL parser to ensure security issues can be detected before your infrastructure changes take effect. Designed to run locally and in your CI pipelines, developer-friendly output and fully documented checks mean detection and remediation can take place as quickly and efficiently as possible
Chose an option that you need help with or search above
Browse checks for the AWS provider
Browse checks for the Azure provider
Browse checks for the Google Cloud provider
Browse checks for the Digital Ocean provider
Answers to the questions most commonly asked
tfsec runs on Window, MacOS and Linux, for more information on how to install you can check the installation guide
Yes! tfsec is a great addition to your CI. You can include it in Travis and CircleCI builds using wget and the latest release or if you’re using GitHub Actions you can quickly run checks with either of our ready made Actions.
It’s free! Just get the latest version and run it against your code!
All tfsec checks have a code to identify them. You can check the documentation for more information about what the check failure means and how to resolve it.