{"id":13481737,"url":"https://github.com/terraform-linters/tflint","last_synced_at":"2026-02-07T08:07:36.263Z","repository":{"id":37386339,"uuid":"71487396","full_name":"terraform-linters/tflint","owner":"terraform-linters","description":"A Pluggable Terraform Linter","archived":false,"fork":false,"pushed_at":"2026-02-02T23:58:36.000Z","size":10564,"stargazers_count":5598,"open_issues_count":28,"forks_count":385,"subscribers_count":35,"default_branch":"master","last_synced_at":"2026-02-03T12:46:30.428Z","etag":null,"topics":["terraform","tflint"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/terraform-linters.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2016-10-20T17:29:15.000Z","updated_at":"2026-02-03T05:19:40.000Z","dependencies_parsed_at":"2023-11-13T21:29:07.293Z","dependency_job_id":"ab79d11e-c55c-4034-b95a-ca305ad2ab31","html_url":"https://github.com/terraform-linters/tflint","commit_stats":{"total_commits":1719,"total_committers":93,"mean_commits":"18.483870967741936","dds":0.4688772542175683,"last_synced_commit":"d45c65ab009caa37cf81a50d35d67b3f4957cf3f"},"previous_names":["wata727/tflint"],"tags_count":136,"template":false,"template_full_name":null,"purl":"pkg:github/terraform-linters/tflint","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-linters%2Ftflint","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-linters%2Ftflint/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-linters%2Ftflint/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-linters%2Ftflint/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/terraform-linters","download_url":"https://codeload.github.com/terraform-linters/tflint/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/terraform-linters%2Ftflint/sbom","scorecard":{"id":430791,"data":{"date":"2025-08-11","repo":{"name":"github.com/terraform-linters/tflint","commit":"38d62e08a903fb5a18778568f1a128af28f895b3"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.9,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Code-Review","score":1,"reason":"Found 1/7 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Mozilla Public License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'checks' permission set to 'write': .github/workflows/lint.yml:18","Info: topLevel 'contents' permission set to 'read': .github/workflows/build.yml:14","Warn: topLevel 'contents' permission set to 'write': .github/workflows/dependabot.yml:5","Warn: topLevel 'actions' permission set to 'write': .github/workflows/dependabot.yml:7","Info: topLevel 'contents' permission set to 'read': .github/workflows/docker.yml:12","Warn: topLevel 'packages' permission set to 'write': .github/workflows/docker.yml:13","Info: topLevel 'contents' permission set to 'read': .github/workflows/e2e.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/generate.yml:6","Info: topLevel 'contents' permission set to 'read': .github/workflows/goreleaser.yml:12","Info: found token with 'none' permissions: .github/workflows/homebrew.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/install_script.yml:12","Warn: no topLevel permission defined: .github/workflows/issues.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/lint.yml:12","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:11"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":8,"reason":"dependency not pinned by hash detected -- score normalized to 8","details":["Warn: third-party GitHubAction not pinned by hash: .github/workflows/issues.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/terraform-linters/tflint/issues.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:11: pin your Docker image by updating alpine:3.22 to alpine:3.22@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Info:  20 out of  20 GitHub-owned GitHubAction dependencies pinned","Info:   9 out of  10 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: checksums.txt.keyless.sig: https://github.com/terraform-linters/tflint/releases/tag/v0.58.1","Info: signed release artifact: checksums.txt.keyless.sig: https://github.com/terraform-linters/tflint/releases/tag/v0.58.0","Info: signed release artifact: checksums.txt.keyless.sig: https://github.com/terraform-linters/tflint/releases/tag/v0.57.0","Info: signed release artifact: checksums.txt.keyless.sig: https://github.com/terraform-linters/tflint/releases/tag/v0.56.0","Info: signed release artifact: checksums.txt.keyless.sig: https://github.com/terraform-linters/tflint/releases/tag/v0.55.1","Warn: release artifact v0.58.1 does not have provenance: https://api.github.com/repos/terraform-linters/tflint/releases/231950287","Warn: release artifact v0.58.0 does not have provenance: https://api.github.com/repos/terraform-linters/tflint/releases/220794908","Warn: release artifact v0.57.0 does not have provenance: https://api.github.com/repos/terraform-linters/tflint/releases/216307974","Warn: release artifact v0.56.0 does not have provenance: https://api.github.com/repos/terraform-linters/tflint/releases/208867876","Warn: release artifact v0.55.1 does not have provenance: https://api.github.com/repos/terraform-linters/tflint/releases/197928490"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/docker.yml:16"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (28) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":7,"reason":"3 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646","Warn: Project is vulnerable to: GO-2025-3770"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T03:16:53.220Z","repository_id":37386339,"created_at":"2025-08-19T03:16:53.220Z","updated_at":"2025-08-19T03:16:53.220Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29189675,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-07T07:37:03.739Z","status":"ssl_error","status_checked_at":"2026-02-07T07:37:03.029Z","response_time":63,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["terraform","tflint"],"created_at":"2024-07-31T17:00:54.961Z","updated_at":"2026-02-07T08:07:36.258Z","avatar_url":"https://github.com/terraform-linters.png","language":"Go","funding_links":[],"categories":["Go","Environment variables","Pre-commit time tools","terraform","Linting","Tools","Infrastructure","Testing Tools","Climbing","IaC Security Scanners"],"sub_categories":["Images","Terraform","Community providers","Chess :chess_pawn:","Terraform-Specific Scanners"],"readme":"# TFLint\n[![Build Status](https://github.com/terraform-linters/tflint/actions/workflows/build.yml/badge.svg?branch=master)](https://github.com/terraform-linters/tflint/actions)\n[![GitHub release](https://img.shields.io/github/release/terraform-linters/tflint.svg)](https://github.com/terraform-linters/tflint/releases/latest)\n[![Terraform Compatibility](https://img.shields.io/badge/terraform-%3E%3D%201.0-blue)](docs/user-guide/compatibility.md)\n[![License: MPL 2.0 + BUSL 1.1](https://img.shields.io/badge/License-MPL%202.0%20+%20BUSL%201.1-blue.svg)](#license)\n[![Go Report Card](https://goreportcard.com/badge/github.com/terraform-linters/tflint)](https://goreportcard.com/report/github.com/terraform-linters/tflint)\n[![Homebrew](https://img.shields.io/badge/dynamic/json.svg?url=https://formulae.brew.sh/api/formula/tflint.json\u0026query=$.versions.stable\u0026label=homebrew)](https://formulae.brew.sh/formula/tflint)\n\nA Pluggable [Terraform](https://www.terraform.io/) Linter\n\n## Features\n\nTFLint is a framework and each feature is provided by plugins, the key features are as follows:\n\n- Find possible errors (like invalid instance types) for Major Cloud providers (AWS/Azure/GCP).\n- Warn about deprecated syntax, unused declarations.\n- Enforce best practices, naming conventions.\n\n## Installation\n\nBash script (Linux):\n\n```console\ncurl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash\n```\n\nHomebrew (macOS):\n\n```console\nbrew install tflint\n```\n\nChocolatey (Windows):\n\n```cmd\nchoco install tflint\n```\n\nNOTE: The Chocolatey package is NOT directly maintained by the TFLint maintainers. The latest version is always available by manual installation.\n\n### Verification\n\n#### GitHub CLI (Recommended)\n\n[Artifact Attestations](https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds) are available that can be verified using the GitHub CLI.\n\n```console\ngh attestation verify checksums.txt -R terraform-linters/tflint\nsha256sum --ignore-missing -c checksums.txt\n```\n\n#### Cosign (Deprecated)\n\n\u003e [!WARNING]\n\u003e Cosign signatures are now deprecated. Please use GitHub CLI.\n\n[Cosign](https://github.com/sigstore/cosign) `verify-blob` command ensures that the release was built with GitHub Actions in this repository.\n\n```console\ncosign verify-blob --certificate=checksums.txt.pem --signature=checksums.txt.keyless.sig --certificate-identity-regexp=\"^https://github.com/terraform-linters/tflint\" --certificate-oidc-issuer=https://token.actions.githubusercontent.com checksums.txt\nsha256sum --ignore-missing -c checksums.txt\n```\n\n### Docker\n\nInstead of installing directly, you can use the Docker image:\n\n```console\ndocker run --rm -v $(pwd):/data -t ghcr.io/terraform-linters/tflint\n```\n\nTo download plugins, you can override the entrypoint to a shell (`sh`) to run `--init` and the main command in a single `docker run` command:\n\n```console\n docker run --rm -v $(pwd):/data -t --entrypoint /bin/sh ghcr.io/terraform-linters/tflint -c \"tflint --init \u0026\u0026 tflint\"\n```\n\n### GitHub Actions\n\nIf you want to run on GitHub Actions, [setup-tflint](https://github.com/terraform-linters/setup-tflint) action is available.\n\n## Getting Started\n\nFirst, enable rules for [Terraform Language](https://www.terraform.io/language) (e.g. warn about deprecated syntax, unused declarations). [TFLint Ruleset for Terraform Language](https://github.com/terraform-linters/tflint-ruleset-terraform) is bundled with TFLint, so you can use it without installing it separately.\n\nThe bundled plugin enables the \"recommended\" preset by default, but you can disable the plugin or use a different preset. Declare the plugin block in `.tflint.hcl` like this:\n\n```hcl\nplugin \"terraform\" {\n  enabled = true\n  preset  = \"recommended\"\n}\n```\n\nSee the [tflint-ruleset-terraform documentation](https://github.com/terraform-linters/tflint-ruleset-terraform/blob/main/docs/configuration.md) for more information.\n\nNext, If you are using an AWS/Azure/GCP provider, it is a good idea to install the plugin and try it according to each usage:\n\n- [Amazon Web Services](https://github.com/terraform-linters/tflint-ruleset-aws)\n- [Microsoft Azure](https://github.com/terraform-linters/tflint-ruleset-azurerm)\n- [Google Cloud Platform](https://github.com/terraform-linters/tflint-ruleset-google)\n\nIf you want to extend TFLint with other plugins, you can declare the plugins in the config file and easily install them with `tflint --init`.\n\n```hcl\nplugin \"foo\" {\n  enabled = true\n  version = \"0.1.0\"\n  source  = \"github.com/org/tflint-ruleset-foo\"\n}\n```\n\nSee also [Configuring Plugins](docs/user-guide/plugins.md).\n\nYou can discover plugins from other organizations on GitHub via the [`tflint-ruleset`](https://github.com/topics/tflint-ruleset) topic.\n\nIf you want to add custom rules that are not in existing plugins, you can build your own plugin or write your own policy in Rego. See [Writing Plugins](docs/developer-guide/plugins.md) or [OPA Ruleset](https://github.com/terraform-linters/tflint-ruleset-opa).\n\n## Usage\n\nTFLint inspects files under the current directory by default. You can change the behavior with the following options/arguments:\n\n```\n$ tflint --help\nUsage:\n  tflint --chdir=DIR/--recursive [OPTIONS]\n\nApplication Options:\n  -v, --version                                                 Print TFLint version\n      --init                                                    Install plugins\n      --langserver                                              Start language server\n  -f, --format=[default|json|checkstyle|junit|compact|sarif]    Output format\n  -c, --config=FILE                                             Config file name (default: .tflint.hcl)\n      --ignore-module=SOURCE                                    Ignore module sources\n      --enable-rule=RULE_NAME                                   Enable rules from the command line\n      --disable-rule=RULE_NAME                                  Disable rules from the command line\n      --only=RULE_NAME                                          Enable only this rule, disabling all other defaults. Can be specified multiple times\n      --enable-plugin=PLUGIN_NAME                               Enable plugins from the command line\n      --var-file=FILE                                           Terraform variable file name\n      --var='foo=bar'                                           Set a Terraform variable\n      --call-module-type=[all|local|none]                       Types of module to call (default: local)\n      --chdir=DIR                                               Switch to a different working directory before executing the command\n      --recursive                                               Run command in each directory recursively\n      --filter=FILE                                             Filter issues by file names or globs\n      --force                                                   Return zero exit status even if issues found\n      --minimum-failure-severity=[error|warning|notice]         Sets minimum severity level for exiting with a non-zero error code\n      --color                                                   Enable colorized output\n      --no-color                                                Disable colorized output\n      --fix                                                     Fix issues automatically\n      --no-parallel-runners                                     Disable per-runner parallelism\n      --max-workers=N                                           Set maximum number of workers in recursive inspection (default: number of CPUs)\n\nHelp Options:\n  -h, --help                                                    Show this help message\n```\n\nSee [User Guide](docs/user-guide) for details.\n\n## Debugging\n\nIf you don't get the expected behavior, you can see the detailed logs when running with `TFLINT_LOG` environment variable.\n\n```console\n$ TFLINT_LOG=debug tflint\n```\n\n## Developing\n\nSee [Developer Guide](docs/developer-guide).\n\n## Security\n\nIf you find a security vulnerability, please refer our [security policy](SECURITY.md).\n\n## License\n\nPlease note that although much of this project is licensed under MPL 2.0, some files in the `terraform` package are licensed under BUSL 1.1.\n\nFor the reasons stated above, the executable forms (release binaries) is bound by both licenses.\n\nSee also https://discuss.hashicorp.com/t/hashicorp-projects-changing-license-to-business-source-license-v1-1/57106/7\n\n## Stargazers over time\n\n[![Stargazers over time](https://starchart.cc/terraform-linters/tflint.svg)](https://starchart.cc/terraform-linters/tflint)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fterraform-linters%2Ftflint","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fterraform-linters%2Ftflint","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fterraform-linters%2Ftflint/lists"}