Security scanner for your Terraform code [Moved to:] (by tfsec)

Tfsec Alternatives

Similar projects and alternatives to tfsec

  • tflint

    tfsec VS tflint

    A Pluggable Terraform Linter

  • checkov

    tfsec VS checkov

    Prevent cloud misconfigurations during build-time for Terraform, CloudFormation, Kubernetes, Serverless framework and other infrastructure-as-code-languages with Checkov by Bridgecrew.

  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

  • pre-commit

    tfsec VS pre-commit

    A framework for managing and maintaining multi-language pre-commit hooks.

  • atlantis

    tfsec VS atlantis

    Terraform Pull Request Automation

  • terraform

    tfsec VS terraform

    Terraform enables you to safely and predictably create, change, and improve infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.

  • terrascan

    tfsec VS terrascan

    Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

  • pre-commit-terraform

    pre-commit git hooks to take care of Terraform configurations

  • OPS

    OPS - Build and Run Open Source Unikernels. Quickly and easily build and deploy open source unikernels in tens of seconds. Deploy in any language to any cloud.

  • conftest

    tfsec VS conftest

    Write tests against structured configuration data using the Open Policy Agent Rego query language

  • pre-commit-hooks

    tfsec VS pre-commit-hooks

    Some out-of-the-box hooks for pre-commit

  • rancher

    tfsec VS rancher

    Complete container management platform

  • Fiber

    tfsec VS Fiber

    ⚡️ Express inspired web framework written in Go

  • v2ray-core

    tfsec VS v2ray-core

    A platform for building proxies to bypass network restrictions. (by v2fly)

  • sops

    tfsec VS sops

    Simple and flexible tool for managing secrets

  • Go

    tfsec VS Go

    Algorithms implemented in Go for beginners, following best practices. (by TheAlgorithms)

  • quic-go

    tfsec VS quic-go

    A QUIC implementation in pure go

  • terratest

    tfsec VS terratest

    Terratest is a Go library that makes it easier to write automated tests for your infrastructure code.

  • go-admin

    tfsec VS go-admin

    基于Gin + Vue + Element UI的前后端分离权限管理系统脚手架(包含了:多租户的支持,基础用户管理功能,jwt鉴权,代码生成器,RBAC资源控制,表单构建,定时任务等)3分钟构建自己的中后台项目;文档: Demo: Antd beta版本: (by go-admin-team)

  • buildah

    tfsec VS buildah

    A tool that facilitates building OCI images.

  • ferry

    tfsec VS ferry

    本系统是集工单统计、任务钩子、权限管理、灵活配置流程与模版等等于一身的开源工单系统,当然也可以称之为工作流引擎。 致力于减少跨部门之间的沟通,自动任务的执行,提升工作效率与工作质量,减少不必要的工作量与人为出错率。 (by lanyulei)

  • terraform-provider-azurerm

    Terraform provider for Azure Resource Manager

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better tfsec alternative or higher similarity.

Suggest an alternative to tfsec

Reviews and mentions

Posts with mentions or reviews of tfsec. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-05-02.
  • Terraforming in 2021 – new features, testing and compliance
    12 projects | | 2 May 2021
    Here again more than one tool exists to assist. We will highlight two of the most popular ones here: tfsec and checkov. Both provide a predefined set of checks that they use to inspect your code, allowing to explicitly open exceptions (if you really want to) by annotating your code with comments, and adjust the configuration to ignore some modules, for example.
  • How FirstPort manage GitHub, using code stored in GitHub
    5 projects | | 27 Apr 2021
    An additional benefit of using a CI workflow is adding automated tests. In this scenario, I’ve added a step leveraging tfsec to scan for static code vulnerabilities. In the example below, tfsec warns against creating an Azure network security rule which is fully open. This will halt and fail the workflow unless I provide an ignore comment to accept the warning.
  • Terraform v15.0 with AWS (EKS deployment)
    7 projects | | 17 Apr 2021
    · Provision an EKS Cluster (AWS) · Terraform v15.0 · Terraform Registry · Pre-Commit · Terraform Pre-commit · Terraform-docs · Tflint · Tfsec
  • A way to restrict options for devs in AWS
    2 projects | | 2 Apr 2021
    Using terraform, create a skeleton directory that they can review for how EC2 instances should be created. Use tools like or other scanners/linters to validate that your developers followed this process and didn't uncheck something.
  • Terraform VMware vSphere Provider - is it worth it?
    1 project | | 12 Jan 2021
    I know tfsec ( which is pretty good for AWS resources but I think vSphere resources are not implemented.
  • Gopher Gold #15 - Wed Oct 14 2020
    16 projects | | 14 Oct 2020
    tfsec/tfsec (Go): 🔒🌍 Static analysis powered security scanner for your terraform code


Basic tfsec repo stats
7 months ago

tfsec/tfsec is an open source project licensed under MIT License which is an OSI approved license.

Less time debugging, more time building
Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
Find remote Go jobs at our new job board There are 5 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.