Question 1

How do I ignore warnings in tfsec?

Accepted Answer

Add a comment like #tfsec:ignore:<rule> to the offending line or module block in your Terraform code. You can also set expiration dates with formats like exp:2025-01-02 to ensure ignored issues are revisited.

Question 2

Should I use tfsec or Trivy for Terraform security scanning?

Accepted Answer

Trivy is recommended for new projects as it includes tfsec's Terraform scanning engine plus support for more languages and features. Tfsec is being phased out, so Trivy offers better long-term support and ecosystem integration.

Question 3

How to run tfsec in a Docker container?

Accepted Answer

Use docker run --rm -it -v "$(pwd):/src" aquasec/tfsec /src. Multiple Docker images are available, such as aquasec/tfsec for Alpine or aquasec/tfsec-ci for CI builds with customizable commands.

Question 4

Does tfsec work with Terraform CDK?

Accepted Answer

Yes, tfsec is compatible with the Terraform CDK, as mentioned in the README. It can scan the generated Terraform code for misconfigurations, though direct CDK analysis might be limited to the Terraform output.

Question 5

What output formats does tfsec support?

Accepted Answer

Tfsec supports multiple formats including JSON, SARIF, CSV, CheckStyle, JUnit, text, and GIF via the --format flag. This flexibility aids integration with tools like GitHub Security Alerts for reporting.

Question 6

Can tfsec scan remote Terraform modules?

Accepted Answer

Yes, tfsec scans both local and remote Terraform modules, evaluating resource relationships and HCL expressions to detect misconfigurations across modular infrastructure code.

Question 7

Is tfsec still maintained given the migration to Trivy?

Accepted Answer

Tfsec remains available but is no longer the focus of engineering efforts; active development has shifted to Trivy. Critical fixes might be provided, but new features and updates are limited, so migration is advised.

Tfsec

What is Tfsec?

Overview

Use Cases

Best For

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions