Self assessments performed by development, security, and operations teams provides them with the knowledge they need to improve.
Regula is an open-source static code analysis tool for Terraform maintained by Fugue. It checks for misconfigurations terraform, cloudformation, and kubernetes files. Which can be useful when you wish to test a variety of different infrastructure as code files for misconfigurations.
brew tap fugue/regula brew install regula
Getting started with regula is as simple as
regula run . to scan the current directory recursively. Regula will immediately begin to scan your IaC and identify the locations of those misconfigurations.
FG_R00069: DynamoDB tables should be encrypted with AWS or customer managed KMS keys [Medium] https://docs.fugue.co/FG_R00069.html : aws_dynamodb_table.dynamodb_table in remotestate/main.tf:38:1
FG_R00018: CloudFront distributions should have geo-restrictions specified [Medium] https://docs.fugue.co/FG_R00018.html : aws_cloudfront_distribution.distribution in s3_static_site/main.tf:5:1