All Posts

Release: Static analysis for Terraform

Release: Static analysis for Terraform

If you are using Terraform to manage your infrastructure, DeepSource is here to help you write the terraform files efficiently, free from security issues.

DeepSource now supports continuous static analysis for Terraform files, detecting 30+ security issues.

Using the Terraform analyzer

To start analyzing your Terraform files, just enable the terraform analyzer in your .deepsource.toml file, and you are good to go.

By default, DeepSource analyzes all your terraform files ending with .tf.

Sample configuration


version = 1

[[analyzers]]
name = "terraform"
enabled = true

Look at the docs for more details.

Issues detected by the Terraform analyzer

At the time of writing this, the analyzer detects 30+ security issues in your Terraform files, which includes AWS, AZURE and GCP specific issues apart from the general ones. Here's some of them to give you an idea:

General security issues:

  • Potentially sensitive data stored in block attribute
  • Potentially sensitive data stored in default value of variable

AWS specific security issues:

  • ACL defined for S3 Bucket allows public access
  • Use of an outdated SSL policy by a load balancer

GCP specific security issues:

  • Use of legacy ABAC permissions
  • Use of unencrypted storage bucket

AZURE specific security issues:

  • Use of password authentication instead of SSH keys
  • An inbound network security rule allowing traffic from /0

We're super excited about this release, and are actively working on adding other issues to ensure best practices are followed in writing the terraform files. Head over to the docs or tell us what you think!

Get started with DeepSource

DeepSource is free forever for small teams and open-source projects. Start analyzing your code in less than 2 minutes.

Newsletter

Read product updates, company announcements, how we build DeepSource, what we think about good code, and more.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.