tfsec VS gatekeeper-library

Compare tfsec vs gatekeeper-library and see what are their differences.

Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
tfsec gatekeeper-library
27 8
6,500 599
1.1% 1.5%
6.3 8.8
about 2 months ago 7 days ago
Go Open Policy Agent
MIT License Apache License 2.0
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

tfsec

Posts with mentions or reviews of tfsec. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-03-26.
  • Top Terraform Tools to Know in 2024
    19 projects | dev.to | 26 Mar 2024
    ‍Tfsec acts as a Terraform scanning tool. It is a security-focused linter for Terraform that scans code for security flaws, offering an additional layer of security assurance and helping to maintain a strong security posture.
  • DevSecOps with AWS- IaC at scale - Building your own platform - Part 1
    8 projects | dev.to | 21 Mar 2024
    ... #************************** Terraform ************************************* ARG TERRAFORM_VERSION=1.7.3 RUN set -ex \ && curl -O https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /usr/local/bin/ RUN set -ex \ && mkdir -p $HOME/.terraform.d/plugin-cache && echo 'plugin_cache_dir = "$HOME/.terraform.d/plugin-cache"' > ~/.terraformrc #************************* Terragrunt ************************************* ARG TERRAGRUNT_VERSION=0.55.1 RUN set -ex \ && wget https://github.com/gruntwork-io/terragrunt/releases/download/v${TERRAGRUNT_VERSION}/terragrunt_linux_amd64 -q \ && mv terragrunt_linux_amd64 /usr/local/bin/terragrunt \ && chmod +x /usr/local/bin/terragrunt #*********************** Terramate **************************************** ARG TERRAMATE_VERSION=0.4.5 RUN set -ex \ && wget https://github.com/mineiros-io/terramate/releases/download/v${TERRAMATE_VERSION}/terramate_${TERRAMATE_VERSION}_linux_x86_64.tar.gz \ && tar -xzf terramate_${TERRAMATE_VERSION}_linux_x86_64.tar.gz \ && mv terramate /usr/local/bin/terramate \ && chmod +x /usr/local/bin/terramate #*********************** tfsec ******************************************** ARG TFSEC_VERSION=1.28.5 RUN set -ex \ && wget https://github.com/aquasecurity/tfsec/releases/download/v${TFSEC_VERSION}/tfsec-linux-amd64 \ && mv tfsec-linux-amd64 /usr/local/bin/tfsec \ && chmod +x /usr/local/bin/tfsec \ && terragrunt --version #**********************Terraform docs ************************************ ARG TERRRAFORM_DOCS_VERSION=0.17.0 RUN set -ex \ && curl -sSLo ./terraform-docs.tar.gz https://terraform-docs.io/dl/v${TERRRAFORM_DOCS_VERSION}/terraform-docs-v${TERRRAFORM_DOCS_VERSION}-$(uname)-amd64.tar.gz \ && tar -xzf terraform-docs.tar.gz \ && chmod +x terraform-docs \ && mv terraform-docs /usr/local/bin/terraform-docs #********************* ShellCheck ***************************************** ARG SHELLCHECK_VERSION="stable" RUN set -ex \ && wget -qO- "https://github.com/koalaman/shellcheck/releases/download/${SHELLCHECK_VERSION?}/shellcheck-${SHELLCHECK_VERSION?}.linux.x86_64.tar.xz" | tar -xJv \ && cp "shellcheck-${SHELLCHECK_VERSION}/shellcheck" /usr/bin/ \ && shellcheck --version ...
  • What is the best `as Code` tool in 2023?
    4 projects | dev.to | 26 Jul 2023
    Great toolchain, including Infracost or tfsec.
  • Top 4 Infrastructure as Code Open-Source Tools for 2023
    3 projects | /r/webdevelopment | 3 May 2023
    TFSec is an open-source tool for scanning and detecting potential security vulnerabilities in Terraform code in both HCL and JSON.
  • Terraform Security Best Practices
    2 projects | /r/devops | 21 Mar 2023
    We use https://github.com/aquasecurity/tfsec we found checkov.io to be quite noisy
  • What are the best static analysis security testing tools for Terraform and infrastructure as code?
    3 projects | /r/devops | 31 Jan 2023
    Beyond Snyk and Checkov - I have also used https://github.com/aquasecurity/tfsec at a few organizations both for use locally and in CI (PR Review Checks)
  • Breve guia de sobrevivĂŞncia com Terraform
    11 projects | dev.to | 22 Dec 2022
  • My Cloud Resume Challenge Journey
    2 projects | dev.to | 30 Nov 2022
    Once I completed the main steps of the challenge, I went back to do some security modificaions including enabled DNSSEC, deploying WAF (I ended up removing this as the costs were quite high and instead set up account level throttling for my API) and running IAM Access Analyser to flag anything I'd over permissioned. I also set up Git commit signing and added a new Git Action workflow to run Tfsec any time I updated my terraform config files
  • Atlantis vs. Terraform Cloud / Terraform Enterprise – Comparison
    6 projects | dev.to | 14 Sep 2022
    Flexibility is one of the core advantages of Atlantis, as it allows easy integration with other Terraform-helper tools(e.g., tfsec, checkov, Infracost, or Terratag). It can work with Terraform wrappers, such as Terragrunt, out of the box and even add some of Terragrunt’s features to vanilla Terraform – like before and after hooks for every execution stage (init, plan, apply, etc.).
  • List of most useful Terraform open-source tools
    10 projects | news.ycombinator.com | 28 Aug 2022
    tfsec: https://github.com/aquasecurity/tfsec

gatekeeper-library

Posts with mentions or reviews of gatekeeper-library. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-04-10.
  • Multi-tenancy in Kubernetes
    13 projects | dev.to | 10 Apr 2023
    Here is a library or rules for the Open Policy Agent.
  • OPA Rego is ridiculously confusing - best way to learn it?
    6 projects | /r/kubernetes | 20 Sep 2022
  • Container security best practices: Comprehensive guide
    17 projects | dev.to | 16 Nov 2021
    Many more examples are available in the OPA Gatekeeper library project!
  • Expose Open Policy Agent/Gatekeeper Constraint Violations for Kubernetes Applications with Prometheus and Grafana
    9 projects | dev.to | 18 Jun 2021
    by default and exposes metrics on path ```/metrics``` . It can run locally on your development box as long as you have a valid Kubernetes configuration in your home folder (i.e. if you can run kubectl and have the right permissions). When running on the cluster a ```incluster``` parameter is passed in so that it knows where to look up for the cluster credentials. Exporter program connects to Kubernetes API every 10 seconds to scrape data from Kubernetes API. We've used [this](https://medium.com/teamzerolabs/15-steps-to-write-an-application-prometheus-exporter-in-go-9746b4520e26) blog post as the base for the code. ## Demo Let's go ahead and prepare our components so that we have a Grafana dashboard to show us which constraints have been violated and how the number of violations evolve over time. ### 0) Required tools - [Git](https://git-scm.com/downloads): A git cli is required to checkout the repo and - [Kubectl](https://kubernetes.io/docs/tasks/tools/) and a working K8S cluster - [Ytt](https://carvel.dev/ytt/): This is a very powerful yaml templating tool, in our setup it's used for dynamically overlaying a key/value pair in all constraints. It's similar to Kustomize, it's more flexibel than Kustomize and heavily used in some [Tanzu](https://tanzu.vmware.com/tanzu) products. - [Kustomize](https://kustomize.io/): Gatekeeper-library relies on Kustomize, so we need it too. - [Helm](https://helm.sh/): We will install Prometheus and Grafana using helm - Optional: [Docker](https://www.docker.com/products/docker-desktop): Docker is only optional as we already publish the required image on dockerhub. ### 1) Git submodule update Run ```git submodule update --init``` to download gatekeeper-library dependency. This command will download the [gatekeeper-library](https://github.com/open-policy-agent/gatekeeper-library) dependency into folder ```gatekeeper-library/library``` . ### 2) Install OPA/Gatekeeper If your K8S cluster does not come with Gatekeeper preinstalled, you can use install it as explained [here](https://open-policy-agent.github.io/gatekeeper/website/docs/install/). If you are familiar with helm, the easiest way to install is as follows: ```bash helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts helm install gatekeeper/gatekeeper --generate-name
  • Who is doing image scanning on an admission controller? (Open source)
    3 projects | /r/kubernetes | 12 Feb 2021
    Gatekeeper library has example policies for restricting image repositories: https://github.com/open-policy-agent/gatekeeper-library/tree/master/library/general
  • Mental models for understanding Kubernetes Pod Security Policy PSP
    4 projects | /r/kubernetes | 16 Jan 2021
    You should check out the Gatekeeper project. There's plenty of templates available for use without having to write a single line of rego for most use cases (e.g https://github.com/open-policy-agent/gatekeeper-library)

What are some alternatives?

When comparing tfsec and gatekeeper-library you can also consider the following projects:

trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

SonarQube - Continuous Inspection

checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

terraform-security-scan - Run a security scan on your terraform with the very nice https://github.com/aquasecurity/tfsec

terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. [Moved to: https://github.com/accurics/terrascan]

OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.

helm-charts - Prometheus community Helm charts

opa-scorecard

cli - a lightweight, security focused, BDD test framework against terraform.

conftest - Write tests against structured configuration data using the Open Policy Agent Rego query language

iam-policy-json-to-terraform - Small tool to convert an IAM Policy in JSON format into a Terraform aws_iam_policy_document

tflint - A Pluggable Terraform Linter