inframap
checkov
inframap | checkov | |
---|---|---|
7 | 55 | |
1,629 | 6,540 | |
2.3% | 1.3% | |
3.9 | 9.9 | |
8 months ago | 6 days ago | |
Go | Python | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
inframap
-
Top Terraform Tools to Know in 2024
Like Blast Radius, InfraMap generates visual graphs of your infrastructure based on Terraform state or configurations, offering a visual overview of your infrastructure, which is especially helpful for large and complex environments.
-
Monthly 'Shameless Self Promotion' thread - 2023/05
We also contribute to the open-source community with projects like InfraMap, that generate your infra diagram on the fly based on your tfstate or the most famous TerraCognita, a reverse Terraform.
-
Diagram as Code
Pretty cool. The biggest thing I think is missing from many popular diagramming tools is the ability to easily diff the architecture across changes. Although that can already be done with graphviz source files.
However, these days I prefer to just have diagrams generated from the source code itself, like:
- https://github.com/cycloidio/inframap
- https://graphviz.org/Gallery/directed/bazel.html
In order to make a compelling use case out of having to maintain a parallel definition like this, I think it needs to be able to contribute to analysis like formal verification or, despite them stating that it's not a goal, being able to create the described architecture. Or even generate something like a terraform plan. Otherwise it falls victim to the same problem as any other method of creating diagrams, that of them falling out of sync with the system.
They are a long way there already by providing a way to use a programming language backed by a large ecosystem of other tools that can be used to work with e.g. terraform, like python/go.
- How to install and use inframap?
-
Interactive Architecture Diagrams
I used https://github.com/cycloidio/inframap last week, was a good experience for me
-
Tools to Visualize your Terraform plan
Inframap reads your tfstate or HCL to generate a graph specific for each provider, showing only the resources that are most important/relevant.
-
PowerShell module to Visualize and Document Azure Infrastructure
Also if you want to easily visualize your HCL or TFState we did https://github.com/cycloidio/inframap which will allow you to visualize those in a more easy/readable way than just JSON.
checkov
-
Cloud Security and Resilience: DevSecOps Tools and Practices
1. Checkov: https://github.com/bridgecrewio/checkov Checkov is a static code analysis tool that helps developers prevent cloud misconfigurations during the development phase by scanning Terraform, CloudFormation, Kubernetes, and more.
-
A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons
Checkov Owner/Maintainer: Prisma Cloud by Palo Alto Networks (acquired in 2021) Age: First released on GitHub on March 31st, 2021 License: Apache License 2.0
-
Top Terraform Tools to Know in 2024
Checkov is another great tool that examines your Terraform files (.tf), parsing the configurations and evaluating them against a comprehensive set of predefined policies. It scans Terraform-managed infrastructure and detects misconfigurations that could lead to security issues or non-compliance with best practices and regulations.
-
A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev
Bridgecrew — Infrastructure as code (IaC) security powered by the open source tool - Checkov. The core Bridgecrew platform is free for up to 50 IaC resources.
-
10 Ways for Kubernetes Declarative Configuration Management
Kustomize: It provides a solution to customize the Kubernetes resource base configuration and differential configuration without template and DSL. It does not solve the constraint problem itself, but needs to cooperate with a large number of additional tools to check constraints, such as Kube-linter, Checkov and kubescape.
-
Top 10 terraform tools you should know about.
Checkov is a versatile static code analysis tool designed for infrastructure as code (IaC) and software composition analysis (SCA). It supports a wide range of technologies, including Terraform, CloudFormation, Kubernetes, Docker, and others, to detect security and compliance issues through graph-based scanning. Checkov also performs SCA scans, identifying vulnerabilities in open source packages and images by checking for Common Vulnerabilities and Exposures (CVEs). Additionally, it is integrated into Prisma Cloud Application Security, a platform that helps developers secure cloud resources and infrastructure-as-code files, enabling the identification, rectification, and prevention of misconfigurations throughout the development lifecycle.
-
Understanding Container Security
For your Dockerfiles, you can also scan them. There are lots of tools that can check your Dockerfiles. They will validate if Dockerfile is compliant with Docker best practices such as not using root user, making sure a health check exists, and not exposing the SSH port. You can use Snyk and Checkov.
-
Apim + function app & event grid
You could try https://www.checkov.io/
-
Terraform Security Best Practices
We use https://www.checkov.io/ for this, it's very simple to get started with and works really well as PR quality gate
-
How long have you guys actually had the title “platform engineer”? What other titles did you have before that, if any?
Once there is a CI pipeline for delivering infra changes you can add static code analysis tools (checkov) and even start testing changes (terratest)
What are some alternatives?
terraform - Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
tfsec - Security scanner for your Terraform code [Moved to: https://github.com/aquasecurity/tfsec]
terraformer - CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
diagrams - :art: Diagram as Code for prototyping cloud system architectures
tflint - A Pluggable Terraform Linter
terracognita - Reads from existing public and private cloud providers (reverse Terraform) and generates your infrastructure as code on Terraform configuration
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
rover - Interactive Terraform visualization. State and configuration explorer.
terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
excalidraw-converter - A command line tool for porting Excalidraw diagrams to Gliffy and draw.io.
kics - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.