Release: Static analysis for Terraform
Detect security issues in Terraform files with static analysis
- By Srijan
- ·
- Product
- Releases
If you are using Terraform to manage your infrastructure, DeepSource is here to help you write the terraform files efficiently, free from security issues.
DeepSource now supports continuous static analysis for Terraform files, detecting 30+ security issues.
Using the Terraform analyzer
To start analyzing your Terraform files, just enable the terraform
analyzer in your .deepsource.toml
file, and you are good to go.
By default, DeepSource analyzes all your terraform files ending with .tf
.
Sample configuration
version = 1
[[analyzers]]
name = "terraform"
enabled = true
Look at the docs for more details.
Issues detected by the Terraform analyzer
At the time of writing this, the analyzer detects 30+ security issues in your Terraform
files, which includes AWS
, AZURE
and GCP
specific issues apart from the general ones. Here's some of them to give you an idea:
General security issues:
- Potentially sensitive data stored in
block attribute
- Potentially sensitive data stored in
default
value of variable
AWS specific security issues:
ACL
defined forS3 Bucket
allows public access- Use of an outdated
SSL
policy by a load balancer
GCP specific security issues:
- Use of legacy
ABAC
permissions - Use of unencrypted storage bucket
AZURE specific security issues:
- Use of password authentication instead of
SSH
keys - An inbound network security rule allowing traffic from
/0
We're super excited about this release, and are actively working on adding other issues to ensure best practices are followed in writing the terraform files. Head over to the docs or tell us what you think!