tfprovidercheck
« Back to VersTracker
Description:
CLI to prevent malicious Terraform Providers from being executed
Type: Formula  |  Latest Version: 1.0.7@0  |  Tracked Since: Oct 10, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: terraform security devops compliance iac
Install: brew install tfprovidercheck
About:
tfprovidercheck is a CLI tool designed to enhance security in Terraform workflows by verifying that only approved providers are used. It inspects the Terraform configuration and state to ensure providers match a predefined allowlist, preventing the execution of potentially malicious or unverified provider binaries. This helps organizations enforce compliance and reduce the risk of supply chain attacks in their infrastructure-as-code pipelines.
Key Features:
  • Validates Terraform providers against a configurable allowlist
  • Prevents execution of unapproved or potentially malicious providers
  • Integrates easily into CI/CD pipelines for automated security checks
  • Supports multiple enforcement modes (warn vs. block)
Use Cases:
  • Enforcing security policies for Terraform provider usage in CI/CD
  • Auditing existing Terraform configurations for compliance
  • Preventing supply chain attacks targeting infrastructure-as-code
Alternatives:
  • tfsec – tfsec scans Terraform code for security misconfigurations, whereas tfprovidercheck specifically validates the provider binaries themselves against an allowlist.
  • OPA (Open Policy Agent) – OPA is a general-purpose policy engine that can enforce provider policies, but requires writing Rego; tfprovidercheck offers a specialized, out-of-the-box solution for provider validation.
Version History
Detected Version Rev Change Commit
Oct 10, 2025 4:36pm 0 VERSION_BUMP 88e512aa
Sep 12, 2025 12:55am 0 VERSION_BUMP c035be6d