0
0
Terraformcloud~10 mins

Terraform security scanning tools - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Terraform security scanning tools
Write Terraform code
Run security scanner
Scanner analyzes code
Report vulnerabilities
Fix issues in code
Re-run scanner to verify
Deploy safely
This flow shows how Terraform code is checked by security tools before deployment to find and fix risks.
Execution Sample
Terraform
terraform validate
terraform fmt
checkov -d .
tfsec .
Run Terraform validation, format code, then scan with Checkov and tfsec for security issues.
Process Table
StepActionToolResultNext Step
1Validate Terraform syntaxterraform validateSyntax OKRun formatter
2Format Terraform codeterraform fmtCode formattedRun Checkov scan
3Scan code for security issuesCheckovFound 2 issues: open security groupsFix issues
4Fix security group rulesManual editRules tightenedRun tfsec scan
5Scan code for security issuestfsecNo critical issues foundReady to deploy
6Deploy infrastructureterraform applyInfrastructure deployed safelyEnd
💡 Deployment proceeds only after security scans report no critical issues.
Status Tracker
VariableStartAfter Step 3After Step 4Final
security_group_rulesopen to allopen to all (issue found)restricted to ports 80,443restricted to ports 80,443
Key Moments - 2 Insights
Why do we run both Checkov and tfsec scans?
Checkov and tfsec catch different security issues; running both ensures broader coverage as shown in steps 3 and 5.
What happens if the scanner finds issues?
You must fix the issues manually (step 4) before re-running scans to ensure safe deployment.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what tool finds the first security issues?
ACheckov
Bterraform validate
Ctfsec
Dterraform fmt
💡 Hint
Check row 3 in the execution table where Checkov reports issues.
At which step are security group rules fixed?
AStep 3
BStep 4
CStep 2
DStep 5
💡 Hint
Look at the 'Action' column in step 4 for manual fixes.
If tfsec found critical issues at step 5, what would be the next step?
ADeploy infrastructure
BSkip deployment
CFix issues and re-run scans
DRun terraform fmt again
💡 Hint
Refer to the flow where issues require fixing before deployment.
Concept Snapshot
Terraform security scanning tools check your code for risks before deployment.
Common tools: Checkov and tfsec.
Run terraform validate and fmt first.
Fix issues found by scanners.
Re-scan until no critical issues remain.
Then deploy safely.
Full Transcript
Terraform security scanning tools help find risks in your infrastructure code before you deploy it. First, you write your Terraform code. Then, you run 'terraform validate' to check syntax and 'terraform fmt' to format the code. Next, you run security scanners like Checkov and tfsec. These tools analyze your code and report any security problems, such as open security groups. If issues are found, you fix them manually in your code. After fixing, you run the scanners again to confirm the issues are resolved. Once no critical issues remain, you deploy your infrastructure safely using 'terraform apply'. This process helps keep your cloud resources secure.