Quick Start
Using as a command line tool
The easiest way to run tfsec
is to run it in the directory you want to scan.
tfsec
tfsec
will traverse the directory till it finds a valid Terraform file; the directory it finds this file in will be considered to the working directory.
If you want to run on a specific location, this can be passed as an argument;
tfsec ./tf/prod
The exit status will be non-zero if tfsec finds problems, otherwise the exit status will be zero.
Use with Docker
As an alternative to installing and running tfsec on your system, you may run tfsec in a Docker container.
To run:
docker run --rm -it -v "$(pwd):/src" aquasec/tfsec /src
Using in CI
tfsec
can be added to any CI pipeline as a command with the exit code dictating if it breaks the build.
We do provide a GitHub Action that will also upload the results to GitHub code scanning UI.
Passing Arguments
This page only covers the basics of what tfsec
can do - much more is achievable using the arguments on the Parameters page.