Trivy scans terraform infrastructure files for security issues.
Follow instructions on the Trivy page, eg:
sudo apt-get install wget apt-transport-https gnupg lsb-release
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy
Validate:
$ trivy -v
Version: 0.45.1
Usage:
trivy [global flags] command [flags] target
trivy [command]
trivy config ./ --severity HIGH --severity CRITICAL -o trivy-nogit.txt