Skip to content

vs tfsec

tfsec uses static analysis of your Terraform templates to spot potential security issues. Trivy uses tfsec internally to scan Terraform HCL files, but Trivy doesn't support some features provided by tfsec. This section describes the differences between Trivy and tfsec.

Feature Trivy tfsec
Built-in Policies
Custom Policies Rego1 JSON and YAML
Policy Metadata2
Show Successes
Disable Policies
Show Issue Lines
Support .tfvars
View Statistics
Filtering by Severity
Supported Formats Dockerfile, JSON, YAML, Terraform, etc. Terraform

tfsec is designed for Terraform. People who use only Terraform should use tfsec. People who want to scan a wide range of configuration files should use Trivy.


  1. Terraform HCL files are not supported. 

  2. To enrich the results such as ID, Title, Description, Severity, etc.