tfsec

Unclaimed

Security scanner for your Terraform code.

CI/CD Infrastructure as Code Vulnerability Scanning

Visit Website

FreeVisit Website

TL;DR - tfsec

Scans Terraform code for security vulnerabilities.
Identifies misconfigurations before deployment.
Integrates into CI/CD pipelines for proactive security.

Pricing: Free forever

Best for: Individuals & startups

Pros & Cons

Pros

Terraform security scanner
Static analysis for IaC
Many built-in rules
CI/CD integration ready
Open-source and free

Cons

Terraform specific only
False positives possible
Rule customization needed
Now part of Trivy (Aqua Security)
Migration to Trivy recommended

Key Features

Terraform securityStatic analysisCustom rulesCI/CD integrationMultiple formatsOpen source

Pricing Plans

Free

Terraform security scanning
Static analysis
CI/CD integration
Custom rules
MIT license
Open source

View full pricing

About tfsec

By Toolradar Team·Updated Feb 24, 2026

tfsec is a static analysis security scanner designed for Terraform code. It helps identify potential security vulnerabilities and misconfigurations in your infrastructure-as-code before deployment. By integrating tfsec into your development workflow, you can proactively address security issues, ensuring your cloud infrastructure is configured securely from the start. This tool is ideal for developers, DevOps engineers, and security teams working with Terraform. It provides clear, actionable feedback on security risks, helping to enforce security best practices and reduce the attack surface of cloud deployments. tfsec supports a wide range of cloud providers and security checks, making it a versatile addition to any secure development lifecycle.

How we evaluate tools →Source: aquasecurity.github.io