defsec
Trivy's misconfiguration scanning engine (by aquasecurity)
terraform-security-scan
Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec (by triat)
Our great sponsors
defsec | terraform-security-scan | |
---|---|---|
1 | 1 | |
206 | 110 | |
3.4% | - | |
8.8 | 4.6 | |
15 days ago | 8 months ago | |
Go | Shell | |
MIT License | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
defsec
Posts with mentions or reviews of defsec.
We have used some of these posts to build our list of alternatives
and similar projects.
-
Monokle 1.7.0 Integrates Open Policy Agent (OPA) Validation
This integration enables hints and warnings when your manifest violates a given policy. Kudos to our friends at Aquasec for sharing their security team’s rules with us. These rules are used in trivy and open sourced through the defsec project and now form part of Monokle, too!
terraform-security-scan
Posts with mentions or reviews of terraform-security-scan.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-04-28.
-
tfsec vs chekhov vs terrascan - What do pople recommend?
While I think the major problem is how the https://github.com/triat/terraform-security-scan action works in that it compiles tfsec from scratch on each run. There is a major issue to me with how the tfsec team manages their project it seems like instead of releasing new versions of their tool they will go back and retag new code. This has introduced issues where the tfsec will just randomly fail one day because of a bug, we've had it happen about 3 times in the last four months.