tfsec

tfsec is an open-source static analysis security scanner by Aqua Security that analyzes Terraform code to detect security misconfigurations, compliance violations, and policy breaches across major cloud providers including AWS, Azure, GCP, and Kubernetes by leveraging deep integration with the official HCL parser to identify risks before infrastructure changes take effect. The tool integrates seamlessly into local development workflows and CI/CD pipelines with IDE plugins for JetBrains, VSCode, and Vim, supporting custom check definitions through YAML/Rego policies and multiple output formats including JSON, SARIF, CSV, and JUnit to enable developers to detect and remediate security issues efficiently throughout the infrastructure as code development lifecycle.

Docs

All Integrations

Start Your Free 
Trial Today

Unify your security pipeline and orchestrate peace of mind with DefectDojo. We are security experts and here to help.

Overview

By Role

By Solution

Simple and transparent pricing.

Join the DefectDojo community

Resources

Company

Categories

Import Options

File Types

Integrations

tfsec

Start Your Free 
Trial Today

Categories

Import Options

File Types

Integrations

tfsec

Start Your Free Trial Today

Start Your Free 
Trial Today