We use Checkov and tfsec static analysis tools to check for compliance with infrastructure policies.
To run these tools locally, first install them by running the following commands.
-
Install
checkov
brew install checkov
-
Install
tfsec
brew install tfsec
make infra-check-compliance
If you use pre-commit, you can optionally add checkov
to your own pre-commit hook by following the instructions here.