Continuous Terraform security and compliance

Enforce security and compliance policies in your Terraform modules to prevent misconfigured cloud resources from being deployed.

Laptop with continuous Terraform security and compliance

📣 Watch our live session with HashiCorp to learn about automating your Terraform Cloud security at scale.

Terraform security 101

Infrastructure as code (IaC) frameworks like Terraform make it easy to scale infrastructure quickly and consistently across providers and cloud environments. It also poses new risks as additional layers of configuration are introduced, as well as opportunities to shift cloud security left.

Computer with warning icon

Terraform security risks

Because Terraform modules are built with functionality and performance in mind, security is often overlooked. Having missing or misconfigured variables in IaC modules, you may be inadvertently deploying vulnerable cloud resources.

Codified security opportunity

Terraform enables you to embed cloud security earlier and leverage automation and code to secure it. By scanning your Terraform modules earlier in the development lifecycle you can actually prevent misconfigurations from being deployed.

Platform

Codified and automated Terraform security

Continuous Terraform and Terraform Cloud scanning

500+ policies across AWS, Azure, Kubernetes, and Google Cloud

Security-as-code fixes for infrastructure wherever it is

Get started

Start codifying your cloud security with Bridgecrew for Terraform and Terraform Cloud.

Bridgecrew for Terraform

Connect your VCS repositories containing Terraform code to instantly start scanning for security issues.

Address Terraform configuration issues fast with security-as-code fixes.

Codified cloud icon

Bridgecrew for Terraform Cloud

Embed hundreds of security and compliance policies on top of Sentinel—Terraform’s policy-as-code engine.

Keep Terraform modules compliant with continuous scanning as part of your Terraform Cloud workspace run.

Get started with Bridgecrew

Try it out for yourself or talk to a Terraform security expert

Terraform security resources

Bridgecrew for Terraform Tutorial

Learn how to get started with Bridgecrew for Terraform by integrating with GitHub and embedding continuous Terraform scanning into your workflow.

State of Terraform Security

In our recent research report, we dug into the open source Terraform ecosystem and found that nearly 1 in 2 modules violates a security policy or best practice. 

Terraform security training tool

To help engineers learn how to identify and address Terraform misconfigurations, we built TerraGoat, a vulnerable-by-design training tool.