Set up tfsec for your Terraform

December 21, 2023

terraform security

tfsec is a static analysis tool for your Terraform code.

It has different rules that you can enable against different major cloud providers.

Here’s some example output (taken from their README): tfsec example output

If your organization enables teams to use Terraform, enabling tfsec is a good first line of defense for potential security issues.

Note: It seems like tfsec is migrating to Trivy. I haven’t evaluated Trivy yet, but have used tfsec to good effect in the past.

Master GitHub Actions with a Senior Infrastructure Engineer

As a senior staff infrastructure engineer, I share exclusive, behind-the-scenes insights that you won't find anywhere else. Get the strategies and techniques I've used to save companies $500k in CI costs and transform teams with GitOps best practices—delivered straight to your inbox.

Not sure yet? Check out the archive.

Unsubscribe at any time.