Regula

Regula is an open-source static code analysis tool for Terraform maintained by Fugue. It checks for misconfigurations terraform, cloudformation, and kubernetes files. Which can be useful when you wish to test a variety of different infrastructure as code files for misconfigurations.

Installation

To install regula you can refer to their installation documentation as well as their release page.

brew tap fugue/regula
brew install regula

# Visit releases page
# https://github.com/fugue/regula/releases
sudo mv regula /usr/local/bin

# Visit releases page
# https://github.com/fugue/regula/releases
md C:\regula\bin
move regula.exe C:\regula\bin
setx PATH "%PATH%;C:\regula\bin"

Usage

Getting started with regula is as simple as regula run . to scan the current directory recursively. Regula will immediately begin to scan your IaC and identify the locations of those misconfigurations.

Findings

DynamoDB Encryption

FG_R00069: DynamoDB tables should be encrypted with AWS or customer managed KMS keys [Medium]
           https://docs.fugue.co/FG_R00069.html

  [1]: aws_dynamodb_table.dynamodb_table
       in remotestate/main.tf:38:1

CloudFront Geo-Restrictions

FG_R00018: CloudFront distributions should have geo-restrictions specified [Medium]
           https://docs.fugue.co/FG_R00018.html

  [1]: aws_cloudfront_distribution.distribution
       in s3_static_site/main.tf:5:1

Rego

Trivy & TFSec

Docs

DevSecOpsDocs

Title here

Regula

Installation

Usage

Findings

DynamoDB Encryption

CloudFront Geo-Restrictions

Regula

Installation#

Usage#

Findings#

DynamoDB Encryption#

CloudFront Geo-Restrictions#

Installation

Usage

Findings

DynamoDB Encryption

CloudFront Geo-Restrictions