Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

3. Terrascan: A static code analyser for Infrastructure as Code.

4. Checkov/tfsec: [Need to finalise any one]

Code Block
Checkov:
  🔘 Checkov is a static code analysis tool for infrastructure-as-code.
  🔘 It scans cloud infrastructure provisioned using:
     - Terraform
     - Terraform plan
     - Cloudformation
     - AWS SAM
     - Kubernetes
     - Helm charts
     - Kustomize
     - Dockerfile
     - Serverless
  🔘 Detects security and compliance misconfigurations using graph-based scanning.

Code Blocktfsec: 🔘 tfsec uses static analysis of your terraform code to spot potential misconfigurations. 🔘
Checks for misconfigurations across all major (and some minor) cloud providers

Code Block
tfsec:
🔘 Hundreds of built-in rules
🔘 Scans modules (local and remote)
🔘 Evaluates HCL expressions as well as literal values
🔘 Evaluates Terraform functions e.g. concat()
🔘 Evaluates relationships between Terraform resources
🔘 Compatible with the Terraform CDK
🔘 Applies (and embellishes) user-defined Rego policies
🔘 Supports multiple output formats: CLI, JSON, SARIF, CSV, CheckStyle, and JUnit.
🔘 Configurable (via CLI flags and/or config file)
🔘 Very fast, capable of quickly scanning huge repositories
🔘 Plugins for popular IDEs available (JetBrains, VSCode and Vim)
🔘 Community-driven


5. Terraform: An IAC tool for creations of various resources on Cloud

...