Pre-Commit IaC Scanning
Compare 46 pre-commit iac scanning tools to find the right one for your needs
π§ Tools
Compare and find the best pre-commit iac scanning for your needs
Kubescape
An open-source Kubernetes security posture management tool that scans YAML files, Helm charts, and live clusters.
Open Policy Agent (OPA)
An open-source, general-purpose policy engine that can be used for scanning IaC.
GitGuardian
A platform for automated secrets detection and remediation.
tfsec
A fast, open-source static analysis scanner for Terraform code to find security misconfigurations.
Trivy
Versatile open-source security scanner from Aqua Security that finds vulnerabilities, IaC misconfigurations, and secrets.
Checkov
Open-source IaC scanner that finds misconfigurations in Terraform, CloudFormation, Kubernetes, and more.
Prisma Cloud
A comprehensive Cloud Native Application Protection Platform (CNAPP).
Terrascan
Open-source static code analyzer for IaC that helps detect security issues and compliance violations.
KICS
Open-source IaC scanner from Checkmarx that supports a wide range of platforms and offers extensive queries.
TFLint
A linter for Terraform that focuses on best practices, style conventions, and detecting potential errors.
Steampipe
Open-source tool that maps cloud APIs to PostgreSQL tables, enabling SQL-based querying for security and compliance.
CloudQuery
An open-source tool for building a cloud asset inventory that can be used for policy-as-code checks.
Cloudanix
A unified platform for code, cloud, identity, and workload security.
ggshield
A CLI tool for secrets detection that also includes IaC scanning capabilities to find misconfigurations.
oak9
Dynamically secure Infrastructure as Code (IaC) and deployed cloud-native workloads.
Orca Security
A comprehensive, agentless CNAPP that provides shift-left security, including pre-commit IaC scanning.
Wiz
A comprehensive CNAPP that includes IaC scanning as part of its full lifecycle cloud security solution.
CrowdStrike Falcon Cloud Security
A CNAPP from a leader in endpoint security, offering both agentless and agent-based protection, including IaC scanning.
Snyk IaC
A developer-focused IaC security tool that scans for misconfigurations and provides context and remediation advice.
Lacework
A CNAPP that uses a Polygraph Data Platform to automate cloud security, including IaC security.
Sysdig Secure
A CNAPP that uses deep runtime insights from Falco to secure the entire cloud-native lifecycle, including IaC scanning.
Datadog Cloud Security Management
A security and observability platform that includes IaC scanning as part of its cloud security offering.
Datadog Cloud Security
A cloud security platform that includes IaC scanning, CSPM, and CWPP, leveraging observability data for context.
Rapid7 InsightCloudSec
Comprehensive cloud security posture management (CSPM) and workload protection (CWPP).
Prisma Cloud (by Palo Alto Networks)
A comprehensive CNAPP that includes IaC scanning, CSPM, CWPP, and more, building on the open-source Checkov engine.
GitLab IaC Scanning
A built-in security scanning feature within the GitLab CI/CD platform for analyzing IaC files.
Zscaler Posture Control
A CNAPP that integrates CSPM, CIEM, and IaC scanning to provide a unified view of cloud risk.
Microsoft Defender for Cloud
A comprehensive CNAPP and CSPM solution that provides security for Azure, AWS, and GCP, including IaC scanning.
Veracode IaC Security
An IaC scanning solution integrated into Veracode's comprehensive application security platform.
HashiCorp Sentinel
An embedded policy-as-code framework within the HashiCorp Enterprise platform, used to enforce policies on Terraform runs.
SpectralOps
A security tool that scans code, configuration, and IaC for hardcoded secrets and misconfigurations.
Checkmarx IaC Security
The enterprise offering built upon the open-source KICS engine, integrated into the Checkmarx One platform.
Tenable.cs
A CNAPP from Tenable that provides security from code to cloud, built on the open-source Terrascan engine.
Bridgecrew
Automate cloud security from code to cloud.
Qualys Cloud Platform
A comprehensive security and compliance platform that includes IaC scanning as part of its cloud security module.
Prowler
An open-source tool for AWS security assessment, auditing, hardening, and incident response, with some IaC capabilities.
CloudSploit
An open-source tool for scanning cloud accounts for security risks and misconfigurations.
cfn-lint
An AWS-maintained linter for CloudFormation templates that checks for errors and best practices.
Regula
An open-source tool that checks Terraform, CloudFormation, and Kubernetes configs for misconfigurations using Rego.
pre-commit-terraform
A framework and collection of git hooks for automating checks on Terraform code before commit.
cfn-nag
An open-source tool that scans CloudFormation templates for patterns that may indicate insecure infrastructure.
Yor
An open-source tool that automatically adds tags to IaC files, linking them to code owners and repositories.
Terratest
A Go library for writing automated tests for IaC, including security and compliance tests.
Driftctl
An open-source tool to detect differences between your IaC state and your live cloud environment (drift).
Check-jsonschema
A general-purpose CLI tool for validating JSON/YAML files against a schema, useful for custom IaC validation.
KubeLinter
A static analysis tool from StackRox/Red Hat that checks Kubernetes YAML files for security and best practices.