Home Security & Privacy Terraform Security Scanner

Terraform Security Scanner Cheat Sheet

Policy-as-code, static scanning, drift detection

Last Updated: November 21, 2025

Components

Tool Role
tfsec Static analysis
Sentinel Policy guards
Driftctl Detect drift

Commands

tfsec .
Lint configs
sentinel test
Run policies
driftctl diff
Compare state

Guidance

Automate across branches, integrate with PRs, and document risk acceptances.

Related Cheat Sheets

Vault Secrets Engines

Enable engines, generate dynamic credentials, and renew leases

Incident Response

Declare incidents, contain, communicate, and learn

Node.js Security

Audit dependencies, configure CSP, and lock env variables

Passwordless Authentication

Deploy magic links, WebAuthn passkeys, and OTP flows

💡 Pro Tip: Run scanners in CI, fail on high severity, and review exemptions.

Related Cheat Sheets

Browse all Security & Privacy →

← Back to Security & Privacy | Browse all categories | View all cheat sheets