vs cfsec
cfsec uses static analysis of your CloudFormation templates to spot potential security issues. Trivy uses cfsec internally to scan both JSON and YAML configuration files, but Trivy doesn't support some features provided by cfsec. This section describes the differences between Trivy and cfsec.
| Feature | Trivy | cfsec |
|---|---|---|
| Built-in Policies | ||
| Custom Policies | Rego1 | |
| Policy Metadata2 | ||
| Show Successes | ||
| Disable Policies | ||
| Show Issue Lines | ||
| View Statistics | ||
| Filtering by Severity | ||
| Supported Formats | Dockerfile, JSON, YAML, Terraform, etc. | CloudFormation JSON and YAML |
cfsec is designed for CloudFormation. People who use only want to scan their CloudFormation templates should use cfsec. People who want to scan a wide range of configuration files should use Trivy.