Quick Start
Using as a command line tool
The easiest way to run tfsecurity
is to run it in the directory you want to scan.
tfsecurity
tfsecurity
will traverse the directory till it finds a valid Terraform file; the directory it finds this file in will be considered to the working directory.
If you want to run on a specific location, this can be passed as an argument;
tfsecurity ./tf/prod
The exit status will be non-zero if tfsecurity finds problems, otherwise the exit status will be zero.
Use with Docker
As an alternative to installing and running tfsecurity on your system, you may run tfsecurity in a Docker container.
To run:
docker run --rm -it -v "$(pwd):/src" khulnasoft/tfsecurity /src
Using in CI
tfsecurity
can be added to any CI pipeline as a command with the exit code dictating if it breaks the build.
We do provide a GitHub Action that will also upload the results to GitHub code scanning UI.
Passing Arguments
This page only covers the basics of what tfsecurity
can do - much more is achievable using the arguments on the Parameters page.