terraform-compliance
A lightweight, security-focused BDD test framework for Terraform that enables compliance and negative testing for infrastructure-as-code.
What is terraform-compliance?
terraform-compliance is a lightweight, open-source test framework that uses behavior-driven development (BDD) to validate Terraform infrastructure-as-code for security and compliance. It enables negative testing by checking Terraform plans against predefined policies, ensuring configurations meet standards before deployment. The tool focuses on preventing misconfigurations in cloud resources by translating security requirements into readable test scenarios.
DevOps engineers, security teams, and infrastructure developers who use Terraform to manage cloud infrastructure and need to enforce compliance and security policies in their CI/CD pipelines.
Developers choose terraform-compliance because it provides a free, open-source alternative to HashiCorp Sentinel for policy enforcement, with a BDD approach that makes tests accessible to both technical and non-technical stakeholders. Its pre-deploy validation and easy integration into existing workflows help catch security issues early without slowing down development.
Overview
a lightweight, security focused, BDD test framework against terraform.
Use Cases
Best For
- Enforcing security policies on AWS, Azure, or GCP Terraform configurations
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
