Skip to content

Quick Start

Using as a command line tool

The easiest way to run tfsecurity is to run it in the directory you want to scan.

tfsecurity

tfsecurity will traverse the directory till it finds a valid Terraform file; the directory it finds this file in will be considered to the working directory.

If you want to run on a specific location, this can be passed as an argument;

tfsecurity ./tf/prod

The exit status will be non-zero if tfsecurity finds problems, otherwise the exit status will be zero.

Use with Docker

As an alternative to installing and running tfsecurity on your system, you may run tfsecurity in a Docker container.

To run:

docker run --rm -it -v "$(pwd):/src" khulnasoft/tfsecurity /src

Using in CI

tfsecurity can be added to any CI pipeline as a command with the exit code dictating if it breaks the build.

We do provide a GitHub Action that will also upload the results to GitHub code scanning UI.

Passing Arguments

This page only covers the basics of what tfsecurity can do - much more is achievable using the arguments on the Parameters page.