Tfsec

Features

Static Configuration Analysis - Scans Terraform and cloud configuration files to identify security vulnerabilities and compliance issues before deployment.
Static Analysis Engines - Implements a static analysis engine to identify security misconfigurations in infrastructure code without executing it.
Infrastructure Variable Resolution - Resolves external variable files to determine the final attribute state of cloud resources for accurate analysis.
Infrastructure Configuration Analysis - Analyzes Terraform configuration files to detect misconfigurations and compliance violations before deployment.
Policy Engines - Enforces security best practices and operational standards across multiple cloud-native environments using a policy engine.
Cloud Compliance Auditors - Automates the evaluation of cloud infrastructure against regulatory frameworks and security compliance benchmarks.
Infrastructure as Code Scanners - Identifies security risks and vulnerabilities in cloud infrastructure definitions via static analysis.
Infrastructure as Code Security - Scans Terraform and cloud configuration files to identify security misconfigurations before deployment.
Infrastructure Policy Enforcers - Provides the ability to define and apply organization-specific security requirements through a flexible policy language.
Security Pattern Matching - Evaluates infrastructure code structures against known signatures of security vulnerabilities and misconfigurations.
Relationship Analysis - Analyzes dependencies between cloud resources to detect security vulnerabilities that span multiple configuration blocks.
DevSecOps and Automation - Automates the integration of security analysis and alert uploads within DevSecOps pipelines.
CI/CD Pipeline Integrations - Provides native integration for automating security quality checks within CI/CD deployment workflows.
CI Pipeline Integrations - Integrates static security analysis and optimized logging directly into automated CI pipeline environments.
Infrastructure Development Kit Scanning - Analyzes Cloud Development Kit code and resource relationships to identify security flaws in programmatic infrastructure.
Custom Security Scan Extensions - Supports the definition of custom security policies and tailored checks to meet organizational requirements.
Infrastructure and Configuration - Static analysis for Terraform to prevent cloud misconfigurations.
Infrastructure as Code - Static analysis tool for identifying security issues in Terraform.
Application Security Testing - Static analysis tool for identifying infrastructure misconfigurations.

Open-source alternatives to Tfsec

Similar open-source projects, ranked by how many features they share with Tfsec.

bridgecrewio/checkov
bridgecrewio/checkov
8,798View on GitHub
Checkov is a static analysis tool and security scanner designed to identify misconfigurations in infrastructure as code, container images, and Kubernetes configurations. It functions as a cloud security posture tool, an SCA vulnerability scanner, and a secret scanning utility to prevent security breaches and version control leaks. The project distinguishes itself through deep graph analysis and variable resolution, allowing it to map relationships between interconnected resources and evaluate the final state of infrastructure attributes. It provides extensibility for defining custom security
Python
View on GitHub8,798
liamg/tfsec
liamg/tfsec
7,013View on GitHub
tfsec is a static analysis tool and security scanner for Terraform configuration files. It functions as an infrastructure as code security scanner and compliance linter designed to detect misconfigurations and vulnerabilities across multiple cloud providers before resources are deployed. The tool identifies security risks by analyzing infrastructure code and variable files to evaluate the final state of the environment. It supports custom policy enforcement and allows for the suppression of specific security warnings through inline comments. Its capabilities cover cloud security posture mana
Go
View on GitHub7,013
tenable/terrascan
tenable/terrascan
5,210View on GitHub
Terrascan is a static analysis tool designed to evaluate infrastructure-as-code configuration files for security vulnerabilities and compliance violations. By parsing these files into an intermediate representation, it identifies risks before cloud resources are provisioned, serving as a compliance auditor for cloud-native environments. The tool functions as a policy-as-code engine, allowing users to define and enforce custom security rules and industry benchmarks using a specialized query language. It distinguishes itself through its ability to integrate directly into development and deploym
Go
View on GitHub5,210
aquasecurity/tfsec
aquasecurity/tfsec
7,013View on GitHub
tfsec is a static analysis tool and infrastructure as code linter designed to detect security misconfigurations and compliance violations in Terraform infrastructure code. It functions as a cloud security posture tool and policy enforcement engine that evaluates configurations against established security benchmarks. The tool provides multi-cloud security auditing for providers including AWS, Azure, Google Cloud, and Kubernetes, as well as specialized scanning for DigitalOcean, OpenStack, CloudStack, and GitHub configurations. It identifies insecure settings such as public access or unencrypt
Go
View on GitHub7,013

See all 30 alternatives to Tfsec

tfsectfsec

Features

Open-source alternatives to Tfsec

bridgecrewio/checkov

liamg/tfsec

tenable/terrascan

aquasecurity/tfsec

Star history

Open-source alternatives to Tfsec

bridgecrewio/checkov

liamg/tfsec

tenable/terrascan

aquasecurity/tfsec