You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/blog/top-terraform-tools.md
+8-16Lines changed: 8 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,7 +15,7 @@ This post is maintained by Bytebase, an open-source database Management Software
15
15
16
16
| Update History | Comment |
17
17
| -------------- | ---------------- |
18
-
| 2025/03/12 | Initial version. |
18
+
| 2025/03/12 | Initial version. |
19
19
20
20
[HashiCorp Terraform](https://www.terraform.io/) lets you define both cloud and on-prem resources in human-readable configuration files that you can version, reuse, and share. You can then use a consistent workflow to provision and manage all of your infrastructure throughout its lifecycle.
21
21
@@ -24,7 +24,7 @@ However, when it comes to managing Terraform code, there are many tools that can
24
24
## Criteria
25
25
26
26
1.**Open Source**: The tool must be open source.
27
-
1.**Terraform**: The tool must support Terraform. However, hashicorp transitioned Terraform's license from MPL v2 to BSL, affecting versions beyond v1.5.7. These tools support Terraform v1.5.7 or earlier, and advocate to use opentofu instead.
27
+
1.**Terraform**: The tool must support Terraform. However, HashiCorp transitioned Terraform's license from MPL v2 to BSL, affecting versions beyond v1.5.7. These tools support Terraform v1.5.7 or earlier, and advocate to use [OpenTofu](https://opentofu.org/) instead.
28
28
29
29
## Digger
30
30
@@ -49,20 +49,14 @@ However, when it comes to managing Terraform code, there are many tools that can
49
49
50
50
[Checkov](https://www.checkov.io/) is a static code analysis tool for scanning infrastructure as code (IaC) files for misconfigurations that may lead to security or compliance problems.
51
51
52
-
Checkov includes more than 750 predefined policies to check for common misconfiguration issues. Checkov also supports the creation and contribution of custom policies.
53
-
54
-
It scans cloud infrastructure provisioned using **Terraform, Terraform plan, Cloudformation, AWS SAM, Kubernetes, Helm charts, Kustomize, Dockerfile, Serverless, Bicep, OpenAPI, ARM Templates, or OpenTofu** and detects security and compliance misconfigurations using graph-based scanning.
55
-
56
-
It performs Software Composition Analysis (SCA) scanning which is a scan of open source packages and images for Common Vulnerabilities and Exposures (CVEs).
57
-
58
-
Checkov also powers **Prisma Cloud Application Security**, the developer-first platform that codifies and streamlines cloud security throughout the development lifecycle. Prisma Cloud identifies, fixes, and prevents misconfigurations in cloud resources and infrastructure-as-code files.
52
+
Checkov includes more than 750 predefined policies to check for common misconfiguration issues. Checkov also supports the creation and contribution of custom policies. It scans cloud infrastructure provisioned using Terraform/OpenTofu, Terraform plan as well as other IaC solutions such as Cloudformation, Helm charts, Kustomize, Dockerfile, and etc. It detects security and compliance misconfigurations using graph-based scanning.
59
53
60
54
**License: Open Source (Apache 2.0)** - Checkov is developed by Bridgecrew, which was acquired by Palo Alto Networks. While Checkov itself is open source, it powers the commercial Prisma Cloud Application Security platform.
61
55
62
56
**Features**
63
57
64
58
- Over 1000 built-in policies for AWS, Azure and Google Cloud security and compliance
65
-
- Multi-platform scanning: Terraform, CloudFormation, Kubernetes, Dockerfile, Serverless, ARM, and more
59
+
- Multi-platform scanning: Terraform/OpenTofu, CloudFormation, Kubernetes, Dockerfile, and more
66
60
- CI/CD integration: Scans Argo Workflows, Azure Pipelines, GitHub Actions, GitLab CI and other pipeline files
67
61
- Context-aware policies with graph-based scanning
68
62
- Supports multiple policy formats (Python and YAML)
@@ -92,7 +86,7 @@ Check: CKV_AWS_21: "Ensure all data stored in the S3 bucket have versioning enab
92
86
93
87
[infracost.io](https://infracost.io/) is an open-source cost estimation tool for Terraform.
94
88
95
-
It enables a shift-left approach forcloud costs by providing cost estimates for Terraform before deployment. Additionally, it can check for FinOps best practicesin accordance with the Well-Architected Frameworks of cloud vendors, and your company's required tag keys/values. This not only saves your team money but also streamlines discussions about costs within the engineering workflow rather than it being a post-deployment consideration. Infracost works with AWS, Azure and Google.
89
+
It enables a shift-left approach forcloud costs by providing cost estimates for Terraform before deployment. Additionally, it can check for FinOps best practicesin accordance with the Well-Architected Frameworks of cloud vendors. Infracost works with AWS, Azure and Google Cloud.
96
90
97
91
**License: Open Source (MIT)** - Infracost is developed by Infracost Inc. and is available under the Apache 2.0 license. While the core Infracost CLI is open source, the company offers additional services through Infracost Cloud, which provides features like centralized management, budget enforcement, and policy automation.
98
92
@@ -112,7 +106,7 @@ It enables a shift-left approach for cloud costs by providing cost estimates for
112
106
113
107
It enables teams to build, deploy, manage and observe cloud infrastructure with Infrastructure as Code (IaC) tools such as Terraform, OpenTofu, Terragrunt, Kubernetes and others.
114
108
115
-
**License: Open Source (MPL 2.0)** - Terramate is developed by Terramate GmbH and is available under the Mozilla Public License 2.0. While the core Terramate CLI is open source, the company offers Terramate Cloud, a commercial platform that provides additional features such as observability, drift detection, asset inventory management, and policy enforcement.
109
+
**License: Open Source (MPL 2.0)** - Terramate is developed by Terramate GmbH and is available under the Mozilla Public License 2.0. While the core Terramate CLI is open source, the company offers Terramate Cloud, a commercial platform that provides additional features such as observability, drift detection, asset inventory management, and policy enforcement.
116
110
117
111
**Features**
118
112
@@ -128,11 +122,9 @@ It enables teams to build, deploy, manage and observe cloud infrastructure with
[Terragrunt](https://terragrunt.gruntwork.io/) is a flexible orchestration tool that allows Infrastructure as Code to scale.
132
-
133
-
It is a thin wrapper around Terraform that provides extra tools for working with multiple Terraform modules.
125
+
[Terragrunt](https://terragrunt.gruntwork.io/) is a flexible orchestration tool that allows Infrastructure as Code to scale. It is a thin wrapper around Terraform that provides extra tools for working with multiple Terraform modules.
134
126
135
-
**License: Open Source (MIT)** - Terragrunt is developed by Gruntwork and is available under the MIT License. While Terragrunt itself is open source, Gruntwork offers commercial support and additional services through their platform, which provides a comprehensive suite of infrastructure as code (IaC) tools and modules.
127
+
**License: Open Source (MIT)** - Terragrunt is developed by Gruntwork and is available under the MIT License. While Terragrunt itself is open source, Gruntwork offers commercial support and additional services through their platform, which provides a comprehensive suite of infrastructure as code (IaC) tools and modules.
0 commit comments