Parameters

tfsec can by run with no arguments and will act on the current folder.

For a richer experience, there are many additional command line arguments that you can make use of.

Argument Short Code Description
--allow-checks-to-panic -p Allow panics to propagate up from rule checking
--concise-output Reduce the amount of output and no statistics
--config-file [path to config file] Config file to use during run
--custom-check-dir [path to checks dir] Explicitly the custom checks dir location
--debug Enable verbose logging, same as --verbose but for people who prefer to say debug
--detailed-exit-code Produce more detailed exit status codes.
--exclude [comma,separated,rule,ids] -e Provide comma-separated list of rule IDs to exclude from run.
--exclude-path strings Path to exclude from parser, can be used multiple times
--exclude-downloaded-modules Remove results for downloaded modules in .terraform folder
--filter-results [comma,separated,riles,to,check] Filter results to return specific checks only (supports comma-delimited input).
--force-all-dirs Don't search for tf files, include everything below provided directory.
--format [default,json,csv,checkstyle,junit,sarif] -f Select output format: default, json, csv, checkstyle, junit, sarif
--gif Show a celebratory gif in the terminal if no problems are found (default formatter only)
--help -h help for tfsec
--ignore-hcl-errors Stop and report an error if an HCL parse error is encountered
--include-ignored Ignore comments with have no effect and all resources will be scanned
--include-passed Resources that pass checks are included in the result output
--no-color Disable colored output (American style!)
--no-colour Disable coloured output
--out [filepath to output to] Set output file
--run-statistics View statistics table of current findings.
--soft-fail -s Runs checks but suppresses error code
--sort-severity Sort the results by severity from highest to lowest
--tfvars-file strings Path to .tfvars file, can be used multiple times and evaluated in order of specification
--update Update to latest version
--verbose Enable verbose logging
--version -v Show version information and exit
--workspace [terraform workspace] -w Specify a workspace for ignore limits

This list can also be found by running tfsec --help