An Ansible role that automates the installation of tfsec, a static security scanner for Terraform code, on Debian/Ubuntu and EL systems.
Ansible role for tfsec. Available on Ansible Galaxy.
This tool is designed for DevOps and security engineers who want to automate the deployment of tfsec across their infrastructure using Ansible. It simplifies the process of installing specific versions of tfsec, ensuring consistent security scanning of Terraform configurations in cloud environments.
This role requires no additional dependencies and automatically handles OS and architecture detection for binary downloads. Users should ensure Ansible is installed and properly configured on their control node. It is recommended to specify tfsec versions explicitly to maintain consistency across environments. The role currently supports Debian/Ubuntu and EL-based systems only.
Include the role in your Ansible playbook under roles: - darkwizard242.tfsec
Optionally set the tfsec_version variable to specify a desired tfsec release
Run the Ansible playbook against target hosts to install tfsec automatically- hosts: servers roles: - darkwizard242.tfsec
Installs the default version (1.28.14) of tfsec on target hosts using the Ansible role.
- hosts: servers roles: - darkwizard242.tfsec vars: tfsec_version: 0.18.0
Installs a specific version (0.18.0) of tfsec by overriding the default version in the Ansible playbook.
- hosts: servers roles: - darkwizard242.tfsec vars: tfsec_bin_path: /custom/path/tfsec
Customizes the installation path of the tfsec binary to a user-defined location.