Dontopedia

tfsec

From Dontopedia, the open, paraconsistent wiki. (Last updated 2026-06-08.)

tfsec is static analysis tool specifically designed for Terraform.

47 facts·29 predicates·8 sources·8 in dispute

Mostly:rdf:type(8), belongs to many(3), domain(2)

Maturity scale raw canonical shape-checked rule-derived certified

Inbound mentions (22)

Other subjects in dontopedia point AT this entity as a value. These are inverse relationships — e.g. "X motherOf this subject" — and answer questions the forward facts can't. Grouped by predicate.

attestedByAttested by(2)

includesIncludes(2)

isScannedByIs Scanned by(2)

usedByUsed by(2)

usesToolUses Tool(2)

analyzedByAnalyzed by(1)

configuredByConfigured by(1)

excludesExcludes(1)

hasMemberHas Member(1)

hasStaticCodeAnalysisToolsHas Static Code Analysis Tools(1)

installsInstalls(1)

mentionsMentions(1)

performedByPerformed by(1)

requiresRequires(1)

scannedByScanned by(1)

toolTool(1)

usedWithUsed With(1)

Other facts (43)

The long tail: predicates that appear too rarely to warrant their own section. Filter or scroll to find a specific one. Each row links to its source.

43 facts
PredicateValueRef
Rdf:typeStatic Code Analysis Tool[1]
Rdf:typeStatic Code Analysis Tool[2]
Rdf:typeTool[3]
Rdf:typeCompliance Tool[4]
Rdf:typeCompliance Checking Tool[5]
Rdf:typeSecurity Tool[6]
Rdf:typeSecurity Scanner[7]
Rdf:typeSecurity Scanning Tool[8]
Belongs to ManyTool Category Security[3]
Belongs to ManyTool Category Cli[3]
Belongs to ManySecurity Tool[3]
DomainTerraform[2]
DomainTerraform[5]
Checks forsecurity issues[3]
Checks forcompliance violations[3]
Purposesecurity compliance checking[3]
PurposeTerraform Security Scanning[7]
PerformsSecurity Check[3]
PerformsCompliance Check[3]
Installed Viabrew[5]
Installed ViaBrew[7]
Used forTerraform[1]
Mentioned BeforeTurn 6025[1]
Mentioned Prior toTurn 6025[1]
SpecializationTerraform security[2]
Functionstatic analysis for Terraform[2]
Descriptionstatic analysis tool specifically designed for Terraform[3]
Attested byDocument Author[3]
Positionbaseline tool[2]
SupportsTerraform[3]
Uses Installation Methodbrew package manager[3]
Specifically Designed forTerraform[3]
UsesStatic Analysis[3]
Mentioned inResponse[4]
Instance ofCompliance Tool[4]
Package Managerbrew[5]
Accessibilitybrew install[5]
Can Be ConfiguredFail Build on Issues[6]
Has Example Command`tfsec path/to/your/terraform/config --exit-code`[6]
Runs onTerraform Config[7]
RequiresGo Environment[7]
Requires Path Argumenttrue[8]
Accepts Positional Argumenttrue[8]

Timeline

Timeline axis is valid_time — when each source says the fact was true in the world, not when Dontopedia learned about it. Retracted rows are kept for provenance; coloured stripes indicate the context kind.

typebeam/9a93d967-9cfb-4a6f-9cab-22ab0e0b3e16
ex:StaticCodeAnalysisTool
usedForbeam/9a93d967-9cfb-4a6f-9cab-22ab0e0b3e16
ex:terraform
mentionedBeforebeam/9a93d967-9cfb-4a6f-9cab-22ab0e0b3e16
ex:turn-6025
mentionedPriorTobeam/9a93d967-9cfb-4a6f-9cab-22ab0e0b3e16
ex:turn-6025
typebeam/c792cb9f-fe51-4c08-8dd5-84025719f449
ex:StaticCodeAnalysisTool
labelbeam/c792cb9f-fe51-4c08-8dd5-84025719f449
tfsec
domainbeam/c792cb9f-fe51-4c08-8dd5-84025719f449
Terraform
specializationbeam/c792cb9f-fe51-4c08-8dd5-84025719f449
Terraform security
functionbeam/c792cb9f-fe51-4c08-8dd5-84025719f449
static analysis for Terraform
typebeam/167cff10-65e5-4d88-9f84-a29c4eb4816c
ex:Tool
labelbeam/167cff10-65e5-4d88-9f84-a29c4eb4816c
TFSec
descriptionbeam/167cff10-65e5-4d88-9f84-a29c4eb4816c
static analysis tool specifically designed for Terraform
checksForbeam/167cff10-65e5-4d88-9f84-a29c4eb4816c
security issues
checksForbeam/167cff10-65e5-4d88-9f84-a29c4eb4816c
compliance violations
attestedBybeam/167cff10-65e5-4d88-9f84-a29c4eb4816c
ex:document-author
positionbeam/c792cb9f-fe51-4c08-8dd5-84025719f449
baseline tool
supportsbeam/167cff10-65e5-4d88-9f84-a29c4eb4816c
Terraform
purposebeam/167cff10-65e5-4d88-9f84-a29c4eb4816c
security compliance checking
usesInstallationMethodbeam/167cff10-65e5-4d88-9f84-a29c4eb4816c
brew package manager
belongsToManybeam/167cff10-65e5-4d88-9f84-a29c4eb4816c
ex:tool-category-security
specificallyDesignedForbeam/167cff10-65e5-4d88-9f84-a29c4eb4816c
Terraform
belongsToManybeam/167cff10-65e5-4d88-9f84-a29c4eb4816c
ex:tool-category-cli
belongsToManybeam/167cff10-65e5-4d88-9f84-a29c4eb4816c
ex:security-tool
usesbeam/167cff10-65e5-4d88-9f84-a29c4eb4816c
ex:static-analysis
performsbeam/167cff10-65e5-4d88-9f84-a29c4eb4816c
ex:security-check
performsbeam/167cff10-65e5-4d88-9f84-a29c4eb4816c
ex:compliance-check
typebeam/e8837f01-c4e2-426e-beb8-45f2a466a000
ex:ComplianceTool
mentionedInbeam/e8837f01-c4e2-426e-beb8-45f2a466a000
ex:response
labelbeam/e8837f01-c4e2-426e-beb8-45f2a466a000
tfsec
instanceOfbeam/e8837f01-c4e2-426e-beb8-45f2a466a000
ex:compliance-tool
typebeam/a419facc-81cf-45d5-958a-f43857b7b7b6
ex:ComplianceCheckingTool
installedViabeam/a419facc-81cf-45d5-958a-f43857b7b7b6
brew
packageManagerbeam/a419facc-81cf-45d5-958a-f43857b7b7b6
brew
accessibilitybeam/a419facc-81cf-45d5-958a-f43857b7b7b6
brew install
domainbeam/a419facc-81cf-45d5-958a-f43857b7b7b6
Terraform
canBeConfiguredbeam/5234c864-c1e1-4f57-ae6b-a148088ab40b
ex:fail-build-on-issues
hasExampleCommandbeam/5234c864-c1e1-4f57-ae6b-a148088ab40b
`tfsec path/to/your/terraform/config --exit-code`
typebeam/5234c864-c1e1-4f57-ae6b-a148088ab40b
ex:SecurityTool
typebeam/fa8dfba5-7228-406a-8fee-ba9f3bcd4800
ex:SecurityScanner
labelbeam/fa8dfba5-7228-406a-8fee-ba9f3bcd4800
TFSec
purposebeam/fa8dfba5-7228-406a-8fee-ba9f3bcd4800
ex:terraform-security-scanning
runsOnbeam/fa8dfba5-7228-406a-8fee-ba9f3bcd4800
ex:terraform-config
requiresbeam/fa8dfba5-7228-406a-8fee-ba9f3bcd4800
ex:go-environment
installedViabeam/fa8dfba5-7228-406a-8fee-ba9f3bcd4800
ex:brew
typebeam/22f81faa-621c-4e79-b436-a3c0d2c142a9
ex:Security-Scanning-Tool
requiresPathArgumentbeam/22f81faa-621c-4e79-b436-a3c0d2c142a9
true
acceptsPositionalArgumentbeam/22f81faa-621c-4e79-b436-a3c0d2c142a9
true

References (8)

8 references
  1. ctx:claims/beam/9a93d967-9cfb-4a6f-9cab-22ab0e0b3e16
    • full textbeam-chunk
      text/plain1 KBdoc:beam/9a93d967-9cfb-4a6f-9cab-22ab0e0b3e16
      Show excerpt
      [Turn 6025] Assistant: There are several static code analysis tools available for Terraform that can help you detect security issues, compliance violations, and other potential problems in your infrastructure as code. Besides `tfsec`, here
  2. ctx:claims/beam/c792cb9f-fe51-4c08-8dd5-84025719f449
    • full textbeam-chunk
      text/plain1 KBdoc:beam/c792cb9f-fe51-4c08-8dd5-84025719f449
      Show excerpt
      return "Sensitive data found but not checked in Vault" else: return "Config is secure" # Example usage config = """ variable "password" { default = "mysecretpassword" } resource "aws_s3_bucket" "example" { bucket =
  3. ctx:claims/beam/167cff10-65e5-4d88-9f84-a29c4eb4816c
  4. ctx:claims/beam/e8837f01-c4e2-426e-beb8-45f2a466a000
    • full textbeam-chunk
      text/plain1 KBdoc:beam/e8837f01-c4e2-426e-beb8-45f2a466a000
      Show excerpt
      How can I make this function more effective at detecting GDPR compliance issues and providing actionable recommendations for remediation, maybe by using a more advanced regex pattern or integrating with a compliance auditing tool? ->-> 10,2
  5. ctx:claims/beam/a419facc-81cf-45d5-958a-f43857b7b7b6
    • full textbeam-chunk
      text/plain1 KBdoc:beam/a419facc-81cf-45d5-958a-f43857b7b7b6
      Show excerpt
      [Turn 6031] Assistant: Yes, you can definitely integrate compliance checks directly into your CI/CD pipeline to ensure automatic enforcement of GDPR compliance and other security policies. This approach helps catch issues early in the devel
  6. ctx:claims/beam/5234c864-c1e1-4f57-ae6b-a148088ab40b
    • full textbeam-chunk
      text/plain1 KBdoc:beam/5234c864-c1e1-4f57-ae6b-a148088ab40b
      Show excerpt
      Similarly, `tfsec` and `terrascan` can be configured to fail the build on issues: ```sh tfsec path/to/your/terraform/config --exit-code terrascan scan --framework terraform --path path/to/your/terraform/config --exit-code ``
  7. ctx:claims/beam/fa8dfba5-7228-406a-8fee-ba9f3bcd4800
  8. ctx:claims/beam/22f81faa-621c-4e79-b436-a3c0d2c142a9
    • full textbeam-chunk
      text/plain1 KBdoc:beam/22f81faa-621c-4e79-b436-a3c0d2c142a9
      Show excerpt
      - terrascan scan --framework terraform --path path/to/your/terraform/config ``` #### Jenkins ```groovy pipeline { agent any stages { stage('Lint') { steps { sc

See also

Keep researching

Missing something or suspicious of what's here? Kick off a research session — a Claude agent will investigate, cite its sources, and file new facts into a dedicated context you can review before accepting into the shared view.