docs: rename "Tfsec" references to "Trivy"

Josuto · Josuto · commit a408bd1491e2 · 2026-01-10T16:04:59.000+01:00
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -42,12 +42,12 @@ pnpm lint              # Lint and fix with ESLint
 
 ### Terraform Infrastructure
 
-**Pre-commit hooks**: Run `pre-commit install` and `pre-commit install --hook-type pre-push` after initial clone. Hooks automatically format Terraform, validate syntax, check security (tfsec), and prevent secret commits.
+**Pre-commit hooks**: Run `pre-commit install` and `pre-commit install --hook-type pre-push` after initial clone. Hooks automatically format Terraform, validate syntax, check security (Trivy), and prevent secret commits.
 
 **Prerequisites for deployment**:
 - Owned domain name (for SSL certificate)
 - AWS credentials configured
-- Required tools: Terraform 1.0+, TFLint, tfsec, detect-secrets, terraform-docs
+- Required tools: Terraform 1.0+, TFLint, Trivy, detect-secrets, terraform-docs
 
 **Format Terraform before committing**:
 ```bash
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -27,7 +27,7 @@ Before contributing, ensure you have:
 - **AWS Account** with appropriate IAM permissions
 - **Terraform** 1.0+ installed
 - **Pre-commit** framework installed
-- **TFLint**, **tfsec**, **terraform-docs**, **detect-secrets** installed
+- **TFLint**, **Trivy**, **terraform-docs**, **detect-secrets** installed
 - **Node.js** and **pnpm** for application development
 - **kubectl** and **helm** (for EKS contributions)
 
@@ -225,9 +225,9 @@ chore(deps): upgrade Terraform AWS provider to v5.0
 
 4. **Security scanning**:
    ```bash
-   # tfsec should run via pre-commit, but you can run manually:
-   tfsec infra-ecs/
-   tfsec infra-eks/
+   # Trivy should run via pre-commit, but you can run manually:
+   trivy infra-ecs/
+   trivy infra-eks/
    ```
 
 5. **Documentation generation**:
diff --git a/README.md b/README.md
@@ -271,7 +271,7 @@ Ready to get started? Choose the path that matches your goal:
 
 ## Developer Setup: Pre-commit Hooks
 
-This project uses pre-commit hooks to enforce code quality, security, and formatting standards before commits. The hooks automatically format Terraform files, validate syntax, check for security issues, and prevent secret commits.
+This project uses pre-commit hooks to enforce code quality, security, and formatting standards before commits and pushes to the remote repository. The hooks automatically format Terraform files, validate syntax, check for security issues, and prevent secret commits.
 
 ### Prerequisites
 
@@ -289,8 +289,8 @@ brew install pre-commit
 brew install tflint
 tflint --init  # Install TFLint AWS plugin
 
-# 3. Install tfsec (security scanner)
-brew install tfsec
+# 3. Install Trivy (security scanner)
+brew install trivy
 
 # 4. Install detect-secrets
 brew install detect-secrets
diff --git a/infra-ecs/docs/PREREQUISITES_AND_SETUP.md b/infra-ecs/docs/PREREQUISITES_AND_SETUP.md
@@ -11,7 +11,7 @@ Ensure you have the following before starting:
 - **Terraform 1.0+** installed locally ([Installation Guide](https://developer.hashicorp.com/terraform/downloads))
 - **AWS CLI** installed and configured ([Installation Guide](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html))
 - **(Optional) GitHub Repository** if you plan to use the included CI/CD workflows
-- **(Optional) Pre-commit Tools** for local development: TFLint, tfsec, detect-secrets, terraform-docs
+- **(Optional) Pre-commit Tools** for local development: TF validate, TF format, TFLint, Trivy, detect-secrets, terraform-docs
 
 ## 2. Required Configuration Changes
 
diff --git a/infra-ecs/docs/adr/README.md b/infra-ecs/docs/adr/README.md
@@ -40,7 +40,7 @@ Each ADR follows this structure:
 
 ## Relationship to Security Scanning
 
-These ADRs document **intentional design decisions** that security scanners (Trivy, tfsec) may flag as findings. Each ADR:
+These ADRs document **intentional design decisions** that security scanner (Trivy) may flag as findings. Each ADR:
 
 1. Acknowledges the security scanner finding
 2. Evaluates alternative approaches
diff --git a/infra-eks/docs/PREREQUISITES_AND_SETUP.md b/infra-eks/docs/PREREQUISITES_AND_SETUP.md
@@ -13,7 +13,7 @@ Ensure you have the following before starting:
 - **kubectl** installed for Kubernetes cluster management ([Installation Guide](https://kubernetes.io/docs/tasks/tools/))
 - **(Optional) Helm CLI** for package management ([Installation Guide](https://helm.sh/docs/intro/install/))
 - **(Optional) GitHub Repository** if you plan to use the included CI/CD workflows
-- **(Optional) Pre-commit Tools** for local development: TFLint, tfsec, detect-secrets, terraform-docs
+- **(Optional) Pre-commit Tools** for local development: TFLint, Trivy, detect-secrets, terraform-docs
 
 ## 2. Required Configuration Changes
 
