TFSec is a static security analysis tool that scans deep inside your Terraform code to ensure it complies with security best practices and will detect any code patterns that can lead to potential security vulnerabilities, which could leave you open to data breaches or other consequences.
Additional resources:
spacelift.io/blog/what-is-tfsec
spacelift.io/blog/integrating-security-tools-with-spacelift
Sign up for a free Spacelift account at hubs.li/Q01-ldv00
Not only does TFsec scan your code and highlight potential problems, but it also gives example-driven solutions to help you bring your code into compliance.
In this video, we will discuss the features of TFsec and show how we can use it to fix the code in our Terraform repository to ensure it meets the highest levels of security best practices.
We will discuss TFsec features such as:
* TFsec inbuilt checks
* Extending TFsec with custom checks
* Ignoring known code patterns with tfsec ignore
… and more
After that, we will go through a step-by-step, hands-on demo to show you how you can integrate this functionality with Spacelift to ensure that TFsec scans your code as part of your CI/CD pipeline and use Spacelift policies to fine-tune the behavior of our pipeline when TFsec flags potential issues.
We also highlight TFsec alternatives, such as Checkov, Terrascan, and Cloudrail, which can also be integrated with Spacelift stacks.
Chapters:
00:00 The importance of security scanning Terraform code
00:42 Introducing TFSec
01:22 Overview of TFsec Features
02:45 Demo: TFSec in action
07:54 Demo: Running TFSec in Spacelift
09:42 Demo: Using TFSec with Spacelift Plan Policies
12:26 Conclusions
More information on Spacelift:
Website: spacelift.io/
Twitter: spaceliftio
Linkedin: www.linkedin.com/company/spacelift-io/
#Terraform #DevOps #Spacelift