Analysis tools logo

16 Configuration Management Static Analysis Tools

Type:
Any
10

DeepSource

  • Type: service

In-depth static analysis to find issues in verticals of bug risks, security, anti-patterns, performance, documentation and style. Native integrations with GitHub, GitLab and Bitbucket. Less than 5% false positives.

0

cfn-lint

  • Type: cli
1379

AWS Labs CloudFormation linter.

0

cfn_nag

  • Type: cli
756

A linter for AWS CloudFormation templates.

0

checkov

  • Type: cli
1656

Static analysis tool for Terraform files (tf>=v0.12), preventing cloud misconfigs at build time.

0

AWS CloudFormation Guard

  • Type: cli
452

Check local CloudFormation templates against policy-as-code rules and generate rules from existing templates.

0

cookstyle

  • Type: cli
92

Cookstyle is a linting tool based on the RuboCop Ruby linting tool for Chef cookbooks.

0

foodcritic

  • Type: cli
422

A lint tool that checks Chef cookbooks for common problems.

0

Puppet Lint

  • Type: cli
750

Check that your Puppet manifests conform to the style guide.

0

ShiftLeft Scan

  • Type: cli
  • Type: service
157

Scan is a free open-source DevSecOps platform for detecting security issues in source code and dependencies. It supports a broad range of languages and CI/CD pipelines.

0

ShiftLeft

  • Type: service

Identify vulnerabilities that are unique to your code base before they reach production. Leverages the Code Property Graph (CPG) to run its analyses concurrently in a single graph of graphs. Automatically finds business logic flaws in dev like hardcoded secrets and logic bombs

0

terraform-compliance

  • Type: cli
827

A lightweight, compliance- and security focused, BDD test framework against Terraform.

0

terrascan

  • Type: cli
725

Collection of security and best practice tests for static code analysis of Terraform templates.

0

tflint

  • Type: cli
1969

A Terraform linter for detecting errors that can not be detected by `terraform plan`.

0

tfsec

  • Type: cli
1948

Terraform static analysis tool that prevents potential security issues by checking cloud misconfigurations at build time and directly integrates with the HCL parser for better results. Checks for violations of AWS, Azure and GCP security best practice recommendations.

❤️ Sponsor this project

We are currently looking for partners who want to sponsor hosting and development of the project.

Check out our Github Sponsors page here

Missing an entry? Please let us know.