GitHub - alanrtao/tflint-ruleset-security-smells: Terraform linter implementing variants of rules from Rahman et al., 2019, "The Seven Sins: Security Smells in Infrastructure as Code Scripts".

Requirements

Install tflint and run tflint --init within your Terraform project repository

Move the .tflint.hcl file from this repository to your Terraform project repository
- Some sections in the config file are purely for demo purposes, you can remove them
- Specific rules within the plugin (see /rules or alternatively main.go) can be enabled or disabled manually
tflint

For more information refer to Terraform documentation
--no-color makes the output compatible to plain textlogs such as in Jenkins

No Hardcoded Secret: variable files with password-like names should not have default values set
Password Strength:
- Any expression containing password-like elements should evaluate to a string that:
  - Is at least 8 characters long
  - Contains capital & lower alphabet, digits, and special characters
Invalid IP Address Binding: checks whether IP Address is '0.0.0.0'
HTTP without TLS: checks whether URLs use HTTP without TLS (i.e., not HTTPS)

Name		Name	Last commit message	Last commit date
Latest commit History 27 Commits
.github		.github
rules		rules
.gitignore		.gitignore
.goreleaser.yml		.goreleaser.yml
.tflint.hcl		.tflint.hcl
Makefile		Makefile
README.md		README.md
go.mod		go.mod
go.sum		go.sum
main.go		main.go