Static code analysis tool for terraform [closed]

About

Asked 30/1, 2018 at 10:42 Answered 15/2, 2021 at 18:35

Is there any static code analysis tool for terraform? I tried tflint. But it doesn't support output of module or attributes of resources. any other suggestion please

Tarango answered 30/1, 2018 at 10:42 Comment(2)

What are you wanting out of the static analysis? – Verret 30/1, 2018 at 11:3

blog.christophetd.fr/… – Faradism 22/10, 2021 at 21:42

Terrascan is another static analysis tool in addition to TFLint. Terrascan is more focused on security checks for AWS resources.

Duke answered 24/5, 2018 at 3:41 Comment(0)

Checkov is another terraform static analysis tool. Scanning multi-cloud resources for security miss configurations and supports terraform>=0.12

Sandlin answered 18/12, 2019 at 8:0 Comment(0)

There is also TFsec, which is pretty good.

I'm working on a product that allows you to try a bunch of these scanners pretty easily and help integrate with your CI/CD called Soluble to determine which scanner works best for your environment. Always appreciate feedback.

Boldt answered 15/2, 2021 at 18:35 Comment(0)

-2

you may also checkout enterprise grade solutions (google you will find them) similar to aquasec solution. I would create a comparison table, pros and cons and then consider the best.

Dishpan answered 30/8, 2020 at 10:3 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags