In this section of the IaC Scanning Tools Guide, we will be doing a comparison of Checkov, tfsec, and Terrascan, comparing key features and examining the test results from our vulnerabilities test. You can explore the other parts of this guide below.
Jump to section:
Comparing Checkov vs. tfsec vs. Terrascan
General Comparison
Below you’ll find a matrix to compare these three tools.
Our Test Results
Check the results of our tests with the number of violations detected by each tool below.
Conclusion
In this blog post, we examined three of the most popular tools to scan your infrastructure. These are Checkov, tfsec, and Terrascan. We saw the benefits and key features of each tool. We also viewed how to get started with each along with some use cases for scanning Terraform and Kubernetes files. We also examined how to create custom policies for each of these tools.
We’ve seen how to use these tools in isolation using the CLI. If you’re interested in using one of these tools or a combination within your CI/CD pipelines, then take a look at env0 for seamless integration.
Finally, the choice of which tool to use depends on your use case. If you are looking for a tool that covers more than just Terraform, then you would narrow your seach to Checkov and Terrascan. If you prefer using Rego to build custom policies then Terrascan or tfsec would be your options. If you’re looking for a simple and fast solution to scan your Terraform code then tfsec would be a good choice for you. You can also opt to use more than one tool together.
References
- aquasecurity/tfsec: Security scanner for your Terraform code
- bridgecrewio/checkov: Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew
- tenable/terrascan: Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure
- IaC static analysis tools for Terraform
- Complete guide for picking the right tool for Terraform Security Code Analysis (revolgy.com)
In this section of the IaC Scanning Tools Guide, we will be doing a comparison of Checkov, tfsec, and Terrascan, comparing key features and examining the test results from our vulnerabilities test. You can explore the other parts of this guide below.
Jump to section:
Comparing Checkov vs. tfsec vs. Terrascan
General Comparison
Below you’ll find a matrix to compare these three tools.
Our Test Results
Check the results of our tests with the number of violations detected by each tool below.
Conclusion
In this blog post, we examined three of the most popular tools to scan your infrastructure. These are Checkov, tfsec, and Terrascan. We saw the benefits and key features of each tool. We also viewed how to get started with each along with some use cases for scanning Terraform and Kubernetes files. We also examined how to create custom policies for each of these tools.
We’ve seen how to use these tools in isolation using the CLI. If you’re interested in using one of these tools or a combination within your CI/CD pipelines, then take a look at env0 for seamless integration.
Finally, the choice of which tool to use depends on your use case. If you are looking for a tool that covers more than just Terraform, then you would narrow your seach to Checkov and Terrascan. If you prefer using Rego to build custom policies then Terrascan or tfsec would be your options. If you’re looking for a simple and fast solution to scan your Terraform code then tfsec would be a good choice for you. You can also opt to use more than one tool together.
References
- aquasecurity/tfsec: Security scanner for your Terraform code
- bridgecrewio/checkov: Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew
- tenable/terrascan: Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure
- IaC static analysis tools for Terraform
- Complete guide for picking the right tool for Terraform Security Code Analysis (revolgy.com)