Continuous Terraform security and compliance

Enforce security and compliance policies in your Terraform modules to prevent misconfigured cloud resources from being deployed.

Why

Terraform security 101

Infrastructure as code (IaC) frameworks like Terraform make it easy to scale infrastructure quickly and consistently across providers and cloud environments. It also poses new risks as additional layers of configuration are introduced, as well as opportunities to shift cloud security left.

Terraform security risks

Because Terraform modules are built with functionality and performance in mind, security is often overlooked. Having missing or misconfigured variables in IaC modules, you may be inadvertently deploying vulnerable cloud resources.

Codified security opportunity

Terraform enables you to embed cloud security earlier and leverage automation and code to secure it. By scanning your Terraform modules earlier in the development lifecycle you can actually prevent misconfigurations from being deployed.

How it works

Best practices for Terraform security

Terraform code static analysis

Automated Terraform scanning is essential to enforcing policies that are necessary for a solid cloud security posture.

Securing Terraform continuously

Embed Terraform scanning into your automated build pipeline to ensure new changes don’t introduce cloud security issues.

Actionable Terraform policies

For Terraform security scanning to provide actionable feedback, fixes should be delivered into your development lifecycle as code.

Bridgecrew is designed to enforce cloud security policies as early as possible and as part of every Terraform code review.

  • Integrate directly with your Terraform repositories to instantly start scanning for security issues.
  • Keep your Terraform modules compliant with continuous scanning as part of your CI/CD pipelines.
  • Fix issues with a single click by opening a pull request that includes the code to address policies

Security where code happens

Get started with Bridgecrew for free

Terraform security resources

Bridgecrew for Terraform Tutorial

Learn how to get started with Bridgecrew for Terraform by integrating with GitHub and embedding continuous Terraform scanning into your workflow.

State of Terraform Security

In our recent research report, we dug into the open source Terraform ecosystem and found that nearly 1 in 2 modules violates a security policy or best practice. 

Terraform security training tool

To help engineers learn how to spot Terraform misconfigurations and fix Terraform security issues, we built TerraGoat, a vulnerable-by-design training tool.