tfsec uses static analysis of your terraform code to spot potential misconfiguration. For our projects using Terraform, tfsec has quickly become a default static analysis tool to detect potential security risks. It's easy to integrate into a CI pipeline and has a growing library of checks against all major cloud providers and platforms like Kubernetes. Given its ease of use, we believe tfsec could be an excellent addition to any Terraform project.
Source code and additional information can be found here: https://github.com/aquasecurity/tfsec