A static analysis security scanner for your CloudFormation code
cfsec is a developer-first security scanner for CloudFormation templates. It uses static analysis to parse your yaml or json files to ensure security issues can be detected before your infrastructure changes take effect. Designed to run locally or in your CI pipelines, developer-friendly output and fully documented checks mean detection and remediation can take place as quickly and efficiently as possible.
Answers to the questions most commonly asked
cfsec runs on Window, MacOS and Linux, for more information on how to install you can check the installation guide
Yes! cfsec is a great addition to your CI. You can include it in Travis and CircleCI builds using wget and the latest release or if you’re using GitHub Actions you can quickly run checks with either of our ready made Actions.
It’s free! Just get the latest version and run it against your code!
All cfsec checks have a code to identify them. You can check the documentation for more information about what the check failure means and how to resolve it.