...
Various open source tools used:
1. Slack Bot: For Push & success notification.
2. tflint: TFLint is a framework and each feature is provided by plugins, the key features are as follows:
Find possible errors (like illegal instance types) for Major Cloud providers (AWS/Azure/GCP).
Warn about deprecated syntax, unused declarations.
Enforce best practices, naming conventions.
3. Terrascan: A static code analyser for Infrastructure as Code.3
4. Terratest: A Go library that makes it easier to write automated tests for your infrastructure code. It provides a variety of helper functions and patterns for common infrastructure testing tasks, including testing Terraform code.
4 Checkov/tfsec: [Need to finalise any one]
| Code Block |
|---|
Checkov:
🔘 Checkov is a static code analysis tool for infrastructure-as-code.
🔘 It scans cloud infrastructure provisioned using:
- Terraform
- Terraform plan
- Cloudformation
- AWS SAM
- Kubernetes
- Helm charts
- Kustomize
- Dockerfile
- Serverless
🔘 Detects security and compliance misconfigurations using graph-based scanning.
|
| Code Block |
|---|
tfsec:
🔘 tfsec uses static analysis of your terraform code to spot potential misconfigurations.
🔘 Checks for misconfigurations across all major (and some minor) cloud providers
🔘 Hundreds of built-in rules
🔘 Scans modules (local and remote)
🔘 Evaluates HCL expressions as well as literal values
🔘 Evaluates Terraform functions e.g. concat()
🔘 Evaluates relationships between Terraform resources
🔘 Compatible with the Terraform CDK
🔘 Applies (and embellishes) user-defined Rego policies
🔘 Supports multiple output formats: CLI, JSON, SARIF, CSV, CheckStyle, and JUnit.
🔘 Configurable (via CLI flags and/or config file)
🔘 Very fast, capable of quickly scanning huge repositories
🔘 Plugins for popular IDEs available (JetBrains, VSCode and Vim)
🔘 Community-driven |
5. Terraform: An IAC tool for creations of various resources on Cloud
...