🗂️ Navigation
📁 GitOps
📋 GitOps Security
🔧 tfsec

tfsec

Security scanner for your Terraform code.

Visit Website →

Overview

tfsec is a static analysis security scanner for Terraform code. It is designed to be fast and easy to use, running checks to spot potential security issues before they are deployed. tfsec includes a large number of built-in checks for AWS, Azure, and Google Cloud, and can be easily integrated into CI/CD pipelines to provide rapid feedback to developers. It was created by Aqua Security.

✨ Key Features

  • Static analysis of Terraform code
  • Large library of built-in checks for AWS, Azure, GCP
  • Very fast scanning
  • Integration with IDEs (VS Code) and CI/CD pipelines
  • Support for custom checks
  • Includes links to documentation for remediation

🎯 Key Differentiators

  • Specialized for Terraform, providing deep and accurate checks
  • Extremely fast performance
  • Excellent developer experience with clear output and links to docs

Unique Value: Provides the fastest and one of the most accurate open-source solutions for finding security misconfigurations specifically within Terraform code, enabling rapid feedback in developer workflows.

🎯 Use Cases (4)

Finding security misconfigurations in Terraform code before it is applied. Enforcing security policies for cloud infrastructure. Automating Terraform security checks in a GitOps workflow. Providing immediate feedback to developers in their IDE.

✅ Best For

  • Using the tfsec GitHub Action to comment on pull requests with any identified security issues.
  • Running as a pre-commit hook to prevent insecure Terraform code from being committed.

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Scanning non-Terraform IaC (use Checkov or KICS for that).
  • Runtime security analysis.

🏆 Alternatives

Checkov Terrascan KICS

While broader tools scan many IaC types, tfsec's deep focus on Terraform allows it to have more specific and accurate checks for that ecosystem.

💻 Platforms

CLI

✅ Offline Mode Available

🔌 Integrations

Terraform GitHub Actions VS Code CircleCI Jenkins

💰 Pricing

Contact for pricing
Free Tier Available

Free tier: The tool is completely free.

Visit tfsec Website →

🔄 Similar Tools in GitOps Security

Snyk

A developer-first security platform for securing code, dependencies, containers, and Infrastructure ...

Contact

Checkov

An open-source static analysis tool for scanning infrastructure as code (IaC) to find misconfigurati...

Contact

Trivy

A simple and comprehensive vulnerability scanner for containers, IaC, and more....

Contact

KICS

An open-source solution for static analysis of IaC, finding security vulnerabilities, compliance iss...

Contact

Terrascan

An open-source static code analyzer for Infrastructure as Code, scanning for security vulnerabilitie...

Contact

Open Policy Agent (OPA)

An open source, general-purpose policy engine that enables unified, context-aware policy enforcement...

Contact