The Best Terraform Static Analysis Tools (Linters/Formatters)

We rank 8 Terraform linters, code analyzers, formatters, and more. Find and compare tools like Mega-Linter, Semgrep, trunk, and more. Please rate and review tools that you've used. This helps others find the best tools for their projects.

1 Terraform Tools

shisho

A lightweight static code analyzer designed for developers and security teams. It allows you to analyze and transform source code with an intuitive DSL similar to sed, but for code.

  • DeprecatedDeprecated
  • DeprecatedGo
  • DeprecatedcliDeprecatedservice
  • Deprecatedlinter
  • 75% upvoted

7 Multi-Language Tools

Mega-Linter

Mega-Linter can handle any type of project thanks to its 70+ embedded Linters, its advanced reporting, runnable on any CI system or locally, with assisted installation and configuration, able to apply formatting and fixes

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter
  • 68% upvoted

Semgrep

Sponsor

A fast, open-source, static analysis tool for finding bugs and enforcing code standards at editor, commit, and CI time. Its rules look like the code you already write; no abstract syntax trees or regex wrestling. Supports 17+ languages.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • MaintainedcliMaintainedservice
  • Maintainedlinter
  • 82% upvoted

trunk

Modern repositories include many technologies, each with its own set of linters. With 30+ linters and counting, Trunk makes it dead-simple to identify, install, configure, and run the right linters, static analyzers, and formatters for all your repos.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • MaintainedlinterMaintainedformatter
  • 88% upvoted

kics

Find security vulnerabilities, compliance issues, and infrastructure misconfigurations in your infrastructure-as-code. Supports Terraform, Kubernetes, Docker, AWS CloudFormation and Ansible

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter
  • 100% upvoted

SonarCloud

SonarCloud enables your team to deliver clean code consistently and efficiently with a code review tool that easily integrates into the cloud DevOps platforms and extend your CI/CD workflow. SonarCloud is free for open source projects.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedservice
  • Maintainedlinter
  • 56% upvoted

GitGuardian ggshield

ggshield is a CLI application that runs in your local environment or in a CI environment to help you detect more than 350+ types of secrets, as well as other potential security vulnerabilities or policy breaks affecting your codebase.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • MaintainedcliMaintainedservice
  • Maintainedlinter
  • 0% upvoted

SonarLint

SonarLint is a free IDE extension available for IntelliJ, VS Code, Visual Studio, and Eclipse, to find and fix coding issues in real-time, flagging issues as you code, just like a spell-checker. More than a linter, it also delivers rich contextual guidance to help developers understand why there is an issue, assess the risk, and educate them on how to fix it.

  • MaintainedMaintained
  • MaintainedMulti-Language
  • Maintainedcli
  • Maintainedlinter
  • 0% upvoted

Frequently Asked Questions

What are Terraform tools?

What are the best Terraform static analysis tools and linters?

The most popular Terraform tools ranked by user votes are: Mega-Linter, Semgrep, trunk, kics, shisho.

Which Terraform tools are free to use?

Tools with a free plan include trunk. On top of that, there are also a number of open source like Mega-Linter, Semgrep, trunk, kics, shisho, GitGuardian ggshield, SonarLint.

Related Tags

Our Sponsors

This website is completely open source. To fund our work, we fully rely on sponsors. Thanks to them, we can keep the site free for everybody. Please check out their offers below.

  • Bearer
  • BugProve
  • CodeScene
  • semgrep
  • Offensive 360