- https://github.com/bridgecrewio/checkov - It scans cloud infrastructure provisioned using Terraform, Terraform plan, Cloudformation, AWS SAM, Kubernetes, Helm charts,Kustomize, Dockerfile, Serverless, Bicep, OpenAPI or ARM Templates and detects security and compliance misconfigurations using graph-based scanning.
- https://github.com/aquasecurity/tfsec - uses static analysis of your terraform code to spot potential misconfigurations.
- https://github.com/terraform-linters/tflint-ruleset-aws
- https://github.com/terraform-compliance/cli
- https://github.com/open-policy-agent/conftest - helps you write tests against structured configuration data. Using Conftest you can write tests for your Kubernetes configuration, Tekton pipeline definitions, Terraform code, Serverless configs or any other config files.
- https://github.com/Cigna/confectionery - A library of rules for Conftest used to detect misconfigurations within Terraform configuration files
- https://github.com/28mm/blast-radius - a tool for reasoning about Terraform dependency graphs with interactive visualizations.
- https://yor.io/ - an open-source tool that helps to manage tags consistently across infrastructure as code frameworks such as Terraform, Cloudformation, Kubernetes, and Serverless Framework
- probr-core - analyzes the complex behaviours and interactions in your cloud resources to enable engineers, developers and operations teams identify and fix security related flaws at different points in the lifecycle. Currently supports k8s, AKS, Azure Storage.
- CRT - This tool queries the following configurations in the Azure AD/O365 tenant which can shed light on hard-to-find permissions and configuration settings in order to assist organizations in securing these environments.