In this blog, we will see installation and demo of security tool called "tfsec"

TFSec : It is a security scanner tool, which helps to find any misconfiguration in terraform code which leads to any security risks

Github link :


1.linux/Mac machine

2.Terraform code

Installation :

Install tfsec

we can install mac/linux,

in Linux use below command,

curl -s | bash

in mac use below command,

brew install tfsec

Run tfsec :

Go to the terraform script location and run "tfsec ." inside the directory

I have sample tf code to create a storage account in Azure cloud. Here is my

resource "azurerm_storage_account" "storageaccount" {

  name                     = "devopsartstrgtest"

  resource_group_name      = "devopsart-non-prod"

  location                 = "East US"

  account_tier             = "Standard"

  account_replication_type = "GRS"


It will give a nice output which says where are the places the misconfiguration and fix needs to apply.

In the above result it says, "CRITICAL Storage account uses an insecure TLS version" so need to update with right configuration and run it.

We can run docker by using below command,

docker run --rm -it -v "$(pwd):/src" aquasec/tfsec /src

That's all. We have installed tfsec and experimented with it. 

Few more functionalities with tfsec:

- We can create a new policy based on our requirements.

- We can set it to ignore any of the tf scripts by defining it in the tfscript.


- We can also set it to ignore with an expiration date, so the section will be enabled after the given date


You can try with this tool and give your comments!

Post a Comment

Previous Post Next Post