ReddRadar
Agent skill
iac-scanner
Scans Infrastructure as Code for security misconfigurations. Wraps tfsec for Terraform and Checkov for multi-cloud IaC. Use when user asks to "scan Terraform", "IaC security", "infrastructure scan", "tfsec", "checkov", "Terraformセキュリティ", "インフラスキャン".
Stars
163
Forks
31
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/development/iac-scanner-naporin0624-claude-web-audit-plu
SKILL.md
IaC Scanner
Wrapper for tfsec and Checkov to scan Infrastructure as Code.
Prerequisites
bash
# tfsec (Terraform focused)
brew install tfsec
# or
go install github.com/aquasecurity/tfsec/cmd/tfsec@latest
# Checkov (multi-cloud)
pip install checkov
# or
brew install checkov
Usage
bash
# Scan with auto-detection
npx iac-scanner .
# Force specific scanner
npx iac-scanner . --scanner tfsec
npx iac-scanner . --scanner checkov
# JSON output
npx iac-scanner . --json
# Check available scanners
npx iac-scanner --check
# Scan specific framework
npx iac-scanner . --framework terraform
npx iac-scanner . --framework kubernetes
npx iac-scanner . --framework cloudformation
Supported Frameworks
| Scanner | Frameworks |
|---|---|
| tfsec | Terraform |
| Checkov | Terraform, CloudFormation, Kubernetes, ARM, Serverless, Helm |
Output Format
json
{
"tool": "tfsec",
"scanPath": ".",
"scanDate": "2024-01-15T10:30:00Z",
"findings": [
{
"id": "aws-s3-enable-bucket-encryption",
"severity": "high",
"message": "Bucket does not have encryption enabled",
"resource": "aws_s3_bucket.data",
"file": "main.tf",
"line": 15,
"resolution": "Enable bucket encryption"
}
],
"summary": {
"total": 5,
"critical": 1,
"high": 2,
"medium": 1,
"low": 1
}
}
Common Misconfigurations
| Category | Example |
|---|---|
| Encryption | S3 bucket without encryption |
| Access Control | Public S3 bucket, open security groups |
| Logging | Missing CloudTrail, no access logs |
| Network | VPC without flow logs, open CIDR |
| IAM | Overly permissive policies, wildcard actions |
| Secrets | Hardcoded credentials in config |
Exit Codes
0: No issues found1: Issues detected2: Tool not installed or error
Didn't find tool you were looking for?