tfsec VS enhancements

Compare tfsec vs enhancements and see what are their differences.

Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
tfsec enhancements
27 57
6,500 3,222
1.1% 1.4%
6.3 9.8
about 2 months ago 7 days ago
Go Go
MIT License Apache License 2.0
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

tfsec

Posts with mentions or reviews of tfsec. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-03-26.
  • Top Terraform Tools to Know in 2024
    19 projects | dev.to | 26 Mar 2024
    ‍Tfsec acts as a Terraform scanning tool. It is a security-focused linter for Terraform that scans code for security flaws, offering an additional layer of security assurance and helping to maintain a strong security posture.
  • DevSecOps with AWS- IaC at scale - Building your own platform - Part 1
    8 projects | dev.to | 21 Mar 2024
    ... #************************** Terraform ************************************* ARG TERRAFORM_VERSION=1.7.3 RUN set -ex \ && curl -O https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /usr/local/bin/ RUN set -ex \ && mkdir -p $HOME/.terraform.d/plugin-cache && echo 'plugin_cache_dir = "$HOME/.terraform.d/plugin-cache"' > ~/.terraformrc #************************* Terragrunt ************************************* ARG TERRAGRUNT_VERSION=0.55.1 RUN set -ex \ && wget https://github.com/gruntwork-io/terragrunt/releases/download/v${TERRAGRUNT_VERSION}/terragrunt_linux_amd64 -q \ && mv terragrunt_linux_amd64 /usr/local/bin/terragrunt \ && chmod +x /usr/local/bin/terragrunt #*********************** Terramate **************************************** ARG TERRAMATE_VERSION=0.4.5 RUN set -ex \ && wget https://github.com/mineiros-io/terramate/releases/download/v${TERRAMATE_VERSION}/terramate_${TERRAMATE_VERSION}_linux_x86_64.tar.gz \ && tar -xzf terramate_${TERRAMATE_VERSION}_linux_x86_64.tar.gz \ && mv terramate /usr/local/bin/terramate \ && chmod +x /usr/local/bin/terramate #*********************** tfsec ******************************************** ARG TFSEC_VERSION=1.28.5 RUN set -ex \ && wget https://github.com/aquasecurity/tfsec/releases/download/v${TFSEC_VERSION}/tfsec-linux-amd64 \ && mv tfsec-linux-amd64 /usr/local/bin/tfsec \ && chmod +x /usr/local/bin/tfsec \ && terragrunt --version #**********************Terraform docs ************************************ ARG TERRRAFORM_DOCS_VERSION=0.17.0 RUN set -ex \ && curl -sSLo ./terraform-docs.tar.gz https://terraform-docs.io/dl/v${TERRRAFORM_DOCS_VERSION}/terraform-docs-v${TERRRAFORM_DOCS_VERSION}-$(uname)-amd64.tar.gz \ && tar -xzf terraform-docs.tar.gz \ && chmod +x terraform-docs \ && mv terraform-docs /usr/local/bin/terraform-docs #********************* ShellCheck ***************************************** ARG SHELLCHECK_VERSION="stable" RUN set -ex \ && wget -qO- "https://github.com/koalaman/shellcheck/releases/download/${SHELLCHECK_VERSION?}/shellcheck-${SHELLCHECK_VERSION?}.linux.x86_64.tar.xz" | tar -xJv \ && cp "shellcheck-${SHELLCHECK_VERSION}/shellcheck" /usr/bin/ \ && shellcheck --version ...
  • What is the best `as Code` tool in 2023?
    4 projects | dev.to | 26 Jul 2023
    Great toolchain, including Infracost or tfsec.
  • Top 4 Infrastructure as Code Open-Source Tools for 2023
    3 projects | /r/webdevelopment | 3 May 2023
    TFSec is an open-source tool for scanning and detecting potential security vulnerabilities in Terraform code in both HCL and JSON.
  • Terraform Security Best Practices
    2 projects | /r/devops | 21 Mar 2023
    We use https://github.com/aquasecurity/tfsec we found checkov.io to be quite noisy
  • What are the best static analysis security testing tools for Terraform and infrastructure as code?
    3 projects | /r/devops | 31 Jan 2023
    Beyond Snyk and Checkov - I have also used https://github.com/aquasecurity/tfsec at a few organizations both for use locally and in CI (PR Review Checks)
  • Breve guia de sobrevivência com Terraform
    11 projects | dev.to | 22 Dec 2022
  • My Cloud Resume Challenge Journey
    2 projects | dev.to | 30 Nov 2022
    Once I completed the main steps of the challenge, I went back to do some security modificaions including enabled DNSSEC, deploying WAF (I ended up removing this as the costs were quite high and instead set up account level throttling for my API) and running IAM Access Analyser to flag anything I'd over permissioned. I also set up Git commit signing and added a new Git Action workflow to run Tfsec any time I updated my terraform config files
  • Atlantis vs. Terraform Cloud / Terraform Enterprise – Comparison
    6 projects | dev.to | 14 Sep 2022
    Flexibility is one of the core advantages of Atlantis, as it allows easy integration with other Terraform-helper tools(e.g., tfsec, checkov, Infracost, or Terratag). It can work with Terraform wrappers, such as Terragrunt, out of the box and even add some of Terragrunt’s features to vanilla Terraform – like before and after hooks for every execution stage (init, plan, apply, etc.).
  • List of most useful Terraform open-source tools
    10 projects | news.ycombinator.com | 28 Aug 2022
    tfsec: https://github.com/aquasecurity/tfsec

enhancements

Posts with mentions or reviews of enhancements. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-02-19.
  • Exploring cgroups v2 and MemoryQoS With EKS and Bottlerocket
    7 projects | dev.to | 19 Feb 2024
    0 is not the request we've defined. And that makes sense. Memory QoS has been in alpha since Kubernetes 1.22 (August 2021) and according to the KEP data was still in alpha as of 1.27.
  • Jenkins Agents On Kubernetes
    7 projects | dev.to | 4 Sep 2023
    Note: There's actually a Structured Authentication Config established via KEP-3331. It's in v1.28 as a feature flag gated option and removes the limitation of only having one OIDC provider. I may look into doing an article on it, but for now I'll deal with the issue in a manner that should work even with a bit older versions versions of Kubernetes.
  • Isint release cycle becoming a bit crazy with monthly releases and deprecations ?
    2 projects | /r/kubernetes | 11 Jul 2023
    Kubernetes supports a skew policy of n+2 between API server and kubelet. This means if your CP and DP are both on 1.20, you could upgrade your control plane twice (1.20 -> 1.21 -> 1.22) before you need to upgrade your data plane. And when it comes time to upgrade your data plane you can jump from 1.20 to 1.22 to minimize update churn. In the future, this skew will be opened to n+3 https://github.com/kubernetes/enhancements/tree/master/keps/sig-architecture/3935-oldest-node-newest-control-plane
  • Kubernetes SidecarContainers feature is merged
    7 projects | news.ycombinator.com | 10 Jul 2023
    KEP: https://github.com/kubernetes/enhancements/tree/master/keps/...

    TLDR: Introduce a restartPolicy field to init containers and use it to indicate that an init container is a sidecar container. Kubelet will start init containers with restartPolicy=Always in the order with other init containers, but instead of waiting for its completion, it will wait for the container startup completion.

    7 projects | news.ycombinator.com | 10 Jul 2023
    So, until now, a sidecar container was just the idea of running helper containers in you Kubernetes pod that were 'helpers' for something: connection to databases or vpns, mesh networking, pulling secrets or config, debugging... But they didn't have special status, they were just regular containers in your pod.

    This sometimes posed some problems because they weren't available for the full life cycle of the pod, notably on the init process. So if your init containers needed secrets, connections, networking... that was being provided via a sidecar container, you were going to have a hard time.

    With this change, among other things, sidecars containers are going to be available for the whole life cycle of the pod.

    There are other implications, probably, but I still haven't finished reading the KEP [0]. Check it out, and there you'll find its motivation and several interesting examples.

      0: https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/753-sidecar-containers
    7 projects | news.ycombinator.com | 10 Jul 2023
    The KEP (Kubernetes Enhancement Proposal) is linked to in the PR [1]. From the summary:

    > Sidecar containers are a new type of containers that start among the Init containers, run through the lifecycle of the Pod and don’t block pod termination. Kubelet makes a best effort to keep them alive and running while other containers are running.

    [1] https://github.com/kubernetes/enhancements/tree/master/keps/...

  • When you learn the Sidecar Container KEP got dropped from the Kubernets release. Again.
    2 projects | /r/kubernetes | 6 Apr 2023
    full Kubernetes Enhancement Proposal: https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/753-sidecar-containers/README.md
    2 projects | /r/kubernetes | 6 Apr 2023
  • Kubernetes 1.27 will be out next week! - Learn what's new and what's deprecated - Group volume snapshots - Pod resource updates - kubectl subcommands … And more!
    2 projects | /r/kubernetes | 4 Apr 2023
    If further interested, I may recommend checking out the KEP. I love how they document the decision making, and all these edge cases :).
  • Twitter to un-verify people who don’t pay $8/month starting on April Fools’ Day
    3 projects | /r/technology | 26 Mar 2023

What are some alternatives?

When comparing tfsec and enhancements you can also consider the following projects:

trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

SonarQube - Continuous Inspection

checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

terraform-security-scan - Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec

terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. [Moved to: https://github.com/accurics/terrascan]

kubeconform - A FAST Kubernetes manifests validator, with support for Custom Resources!

spark-operator - Kubernetes operator for managing the lifecycle of Apache Spark applications on Kubernetes.

cli - a lightweight, security focused, BDD test framework against terraform.

gatekeeper-library - 📚 The OPA Gatekeeper policy library

kubernetes-json-schema - Schemas for every version of every object in every version of Kubernetes

iam-policy-json-to-terraform - Small tool to convert an IAM Policy in JSON format into a Terraform aws_iam_policy_document

klipper-lb - Embedded service load balancer in Klipper