Configuration Management Static Analysis Tools
Configuration management (CM) is the process of systematically handling changes to a system in a way that it maintains integrity over time. It is a core practice in systems and software engineering that enables efficient and reliable delivery of products and services. It is also a key practice in IT service management (ITSM) that enables efficient and reliable delivery of IT services.
11 Configmanagement Tools
Checks playbooks for practices and behaviour that could potentially be improved.
AWS CloudFormation Guard
Check local CloudFormation templates against policy-as-code rules and generate rules from existing templates.
AWS Labs CloudFormation linter.
A linter for AWS CloudFormation templates.
Static analysis tool for Terraform files (tf>=v0.12), preventing cloud misconfigs at build time.
Cookstyle is a linting tool based on the RuboCop Ruby linting tool for Chef cookbooks.
A lint tool that checks Chef cookbooks for common problems.
Check that your Puppet manifests conform to the style guide.
A lightweight, compliance- and security focused, BDD test framework against Terraform.
Collection of security and best practice tests for static code analysis of Terraform templates.
A Terraform linter for detecting errors that can not be detected by
10 Multi-Language Tools
Secure DevOps kit for Azure (AzSK) provides security IntelliSense, Security Verification Tests (SVTs), CICD scan vulnerabilities, compliance issues, and infrastructure misconfiguration in your infrastructure-as-code. Supports Azure via ARM.
In-depth static analysis to find issues in verticals of bug risks, security, anti-patterns, performance, documentation and style. Native integrations with GitHub, GitLab and Bitbucket. Less than 5% false positives.
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code. Supports Terraform, Kubernetes, Docker, AWS CloudFormation and Ansible
Mega-Linter can handle any type of project thanks to its 70+ embedded Linters, its advanced reporting, runnable on any CI system or locally, with assisted installation and configuration, able to apply formatting and fixes
Tool to check the validity of Puppet metadata.json files.
Identify vulnerabilities that are unique to your code base before they reach production. Leverages the Code Property Graph (CPG) to run its analyses concurrently in a single graph of graphs. Automatically finds business logic flaws in dev like hardcoded secrets and logic bombs
A fast, open-source, static analysis tool for finding bugs and enforcing code standards at editor, commit, and CI time. Its rules look like the code you already write; no abstract syntax trees or regex wrestling. Supports 17+ languages.
Combination of multiple linters to install as a GitHub Action.
Terraform static analysis tool that prevents potential security issues by checking cloud misconfigurations at build time and directly integrates with the HCL parser for better results. Checks for violations of AWS, Azure and GCP security best practice recommendations.
Help make this list better