A static analysis security scanner for your CloudFormation code

cfsec is a developer-first security scanner for CloudFormation templates. It uses static analysis to parse your yaml or json files to ensure security issues can be detected before your infrastructure changes take effect.

Designed to run locally or in your CI pipelines, developer-friendly output and fully documented checks mean detection and remediation can take place as quickly and efficiently as possible.

Frequently asked questions

Answers to the questions most commonly asked

Getting Started