vs tfsec
tfsec uses static analysis of your Terraform templates to spot potential security issues. Trivy uses tfsec internally to scan Terraform HCL files, but Trivy doesn't support some features provided by tfsec. This section describes the differences between Trivy and tfsec.
| Feature | Trivy | tfsec |
|---|---|---|
| Built-in Policies | ||
| Custom Policies | Rego1 | JSON and YAML |
| Policy Metadata2 | ||
| Show Successes | ||
| Disable Policies | ||
| Show Issue Lines | ||
| Support .tfvars | ||
| View Statistics | ||
| Filtering by Severity | ||
| Supported Formats | Dockerfile, JSON, YAML, Terraform, etc. | Terraform |
tfsec is designed for Terraform. People who use only Terraform should use tfsec. People who want to scan a wide range of configuration files should use Trivy.