How to use tfsec in the pipeline
Jun 2, 2021
TFLint is a framework and each feature is provided by plugins, the key features are as follows:
- Find possible errors (like illegal instance types) for Major Cloud providers (AWS/Azure/GCP).
- Warn about deprecated syntax, unused declarations.
- Enforce best practices, naming conventions.
Features
- Checks for sensitive data inclusion across all providers
- Checks for violations of AWS, Azure and GCP security best practice recommendations
- Scans modules (currently only local modules are supported)
- Evaluates expressions as well as literal values
- Evaluates Terraform functions e.g.
concat()
Official link https://tfsec.dev/docs/installation/
Steps for setup in the pipeline Itโs very easy to set up and run
Dockerfile
FROM homebrew/brewRUN brew update \
&& brew install tfsec
build the image
push it to your registry
Use that image in that particular stage on pipeline
Now need to run a command
tfsec
for more help
Sample
