tfsec
Static analysis for Terraform security
⭐ 4.4/5 (2200 reviews)
About tfsec
tfsec by Aqua Security is an open-source static analysis tool that scans Terraform code for security misconfigurations and compliance issues.
Key Features
- Terraform-specific security checks
- Custom rule support
- CI/CD integration
- Multiple output formats
- Severity scoring
- Cloud provider coverage (AWS, Azure, GCP)
✅ Pros
- Free and open-source
- Fast scanning
- Good Terraform coverage
- Easy CI/CD integration
❌ Cons
- Terraform only
- Being merged into Trivy
- Limited non-Terraform support
Ad Space (728x90)