checkov
terragrunt
checkov | terragrunt | |
---|---|---|
63 | 68 | |
7,670 | 8,768 | |
1.2% | 1.1% | |
9.9 | 9.8 | |
2 days ago | 5 days ago | |
Python | Go | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
checkov
-
Ditched Terraform for OpenTofu. Why Devs Everywhere Are Making the Same Move (cheatsheet included)
Checkov https://www.checkov.io A static analysis tool to scan infrastructure code for misconfigs, secrets, and best practice violations.
-
Custom Security Checks for AWS Cloud Control Provider with Checkov
PR #6647
-
DevOps in 2025: the future is automated, git-ified, and kinda scary but fun.
Checkov infrastructure-as-code misconfig detection
-
Boas Práticas de Segurança e Qualidade no Terraform.
Link do repo
-
Top Terraform/OpenTofu tools to Use in 2025
Link: https://github.com/bridgecrewio/checkov
-
Terraform Cookbook: Development Environment Recipe
Checkov: static analysis for IaC
-
Building Web Applications Using Amazon EKS : AWS Project
Prior to deploying kubernetes manifest files to EKS Cluster, supplementary steps need to be added to prevent security and misconfiguration issue by using both *Checkov *and Trivy . Also, we will use seperate ArgoCD account from admin user that we’ve used in the previous lab. This will follow ArgoCD RBAC rule to secure ArgoCD and EKS cluster ultimately.
-
Automating Snowflake Resource Deployment using Terraform and GitHub Actions
The workflow also includes a step for infrastructure code scan to scan Terraform code. This uses Checkov action against infrastructure-as-code, open source packages, container images, and CI/CD configurations to identify misconfigurations, vulnerabilities, and license compliance issues.
-
Cloud Security and Resilience: DevSecOps Tools and Practices
1. Checkov: https://github.com/bridgecrewio/checkov Checkov is a static code analysis tool that helps developers prevent cloud misconfigurations during the development phase by scanning Terraform, CloudFormation, Kubernetes, and more.
-
A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons
Checkov Owner/Maintainer: Prisma Cloud by Palo Alto Networks (acquired in 2021) Age: First released on GitHub on March 31st, 2021 License: Apache License 2.0
terragrunt
-
Ditched Terraform for OpenTofu. Why Devs Everywhere Are Making the Same Move (cheatsheet included)
Terragrunt https://terragrunt.gruntwork.io A thin wrapper that helps organize your infrastructure into reusable modules — even works with OpenTofu.
-
Master terraform in 15 steps with a real project and some mild chaos
Terragrunt if you want to go deeper down the rabbit hole
- Simplifiez votre infra avec les Stacks Terragrunt
-
Top Terraform/OpenTofu tools to Use in 2025
Link: https://terragrunt.gruntwork.io
-
Provision EKS Cluster with Terraform, Terragrunt & GitHub Actions
name: Deploy on: push: branches: - main pull_request: branches: - main jobs: terraform: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v2 - name: Setup SSH uses: webfactory/[email protected] with: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} - name: Setup Terraform uses: hashicorp/setup-terraform@v2 with: terraform_version: 1.5.5 terraform_wrapper: false - name: Setup Terragrunt run: | curl -LO "https://github.com/gruntwork-io/terragrunt/releases/download/v0.48.1/terragrunt_linux_amd64" chmod +x terragrunt_linux_amd64 sudo mv terragrunt_linux_amd64 /usr/local/bin/terragrunt terragrunt -v - name: Apply Terraform changes run: | cd dev terragrunt run-all apply -auto-approve --terragrunt-non-interactive -var AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID -var AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY -var AWS_REGION=$AWS_DEFAULT_REGION cd bastion-ec2 ip=$(terragrunt output instance_public_ip) echo "$ip" echo "$ip" > public_ip.txt cat public_ip.txt pwd env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
-
The main steps I follow when kicking off Node.js projects
Terraform. I use it to manage infrastructure. It simplifies many things if at least a few people work on a project. As the project grows, it becomes massive, and maybe for better state management, you will need tools like Terragrunt to keep infrastructure-related code simple. If you use AWS as a cloud provider, you can also use AWS CDK. It’s a nice tool with Typescript support, but it’s available only for AWS, and if you need something from a different cloud infrastructure, the code will be much more complex than Terraform. That’s why I prefer the Terraform even for AWS.
-
Building Auth0 Actions in TypeScript
You need to ensure your Action code is built before you attempt a terrform plan or apply. In our case we are using terragrunt which has a helpful before_hook, setup in the terragrunt.hcl file as follows:
-
Show HN: Burrow is a globally distributed, serverless HTTP proxy
https://github.com/hashicorp/terraform/issues/19932
My understanding is that people that have this as a first-class concern use something like Terragrunt to dynamically generate the HCL as needed.
https://terragrunt.gruntwork.io/
For Burrow here, I was was focused on shipping something and didn't want to spend time on generating that code just yet. But the project has gotten some attention so if this is a recurring request I'll probably do it.
Note that I intentionally chose the 17 AWS regions that are default enabled in every new AWS account, so it should only be if you want to customize it that this becomes important.
A Cloudformation Stacks based deployment to achieve multi-region would be another good (and perhaps better) option here. I could add that to the Makefile, with inspiration from your link there.
-
Tenv v2.0: The Importance of Explicit Behavior for Version Manager
Terragrunt started to use OpenTofu as the default IAC tool, however, this was not a major release; instead, it was provided as a patch and users didn't expect to have any differences in the behavior. The original problem may be found here.
-
Terragrunt Tutorial – Getting Started & Examples
Next, head over to the Terragrunt GitHub page to download it.
What are some alternatives?
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
atmos - 👽 Terraform Orchestration Tool for DevOps. Keep environment configuration DRY with hierarchical imports of configurations, inheritance, and WAY more. Native support for Terraform and Helmfile.
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
terratest - Terratest is a Go library that makes it easier to write automated tests for your infrastructure code.
kics - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
terraform-cdk - Define infrastructure resources using programming constructs and provision them using HashiCorp Terraform