This talk will cover using tfsec to scan .tf and .tf.json files to guard against misconfigurations . It will also cover using the the tfsec VSCode extension and GitHub actions to shift-left and catch issues early.
As more and more teams are using infrastructure as code to ensure they have consistent, repeatable deployment of infrastructure, it is becoming increasingly important to guard against mis-configurations creeping into the release.
This talk will cover using tfsec to scan .tf and .tf.json files for such issues. It will also cover using the the tfsec VSCode extension and GitHub actions to shift left and catch issues early.
- Introduction to why tfsec exists and the background (<5mins)
- Scanning your files - with demo
- tfsec advanced features (~10mins)
- Custom checks (satisfying your companies compliance requirements)
- Ignoring checks (expiry, workspace filtering)
- Shifting left (~10mins)
- VSCode extension
- GitHub actions
- Questions (~5mins)
The attendee will leave with an understanding that there are risks to misconfiguration and they will learn about a tool that can support them. Even if they go on to use another static analysis tool, they will have been prompted to be more vigilant.
A Leadership Guide to Multi-Cloud Success for the Department of Defense
A Leadership Guide to Multi-Cloud Success for Federal Agencies
Using Terraform Enterprise to Support 3000 Users at Booking.com
Database Provisioning Evolution at GoPay with Terraform and Ansible