tfprovidercheck ☆

« Back to VersTracker

Description:
CLI to prevent malicious Terraform Providers from being executed

Type: Formula | Latest Version: 1.0.7@0 | Tracked Since: Oct 10, 2025

Links: Homepage | formulae.brew.sh

Category: Security

Tags: terraform security devops compliance iac

Install: brew install tfprovidercheck

About:
tfprovidercheck is a CLI tool designed to enhance security in Terraform workflows by verifying that only approved providers are used. It inspects the Terraform configuration and state to ensure providers match a predefined allowlist, preventing the execution of potentially malicious or unverified provider binaries. This helps organizations enforce compliance and reduce the risk of supply chain attacks in their infrastructure-as-code pipelines.

Key Features:

Validates Terraform providers against a configurable allowlist
Prevents execution of unapproved or potentially malicious providers
Integrates easily into CI/CD pipelines for automated security checks
Supports multiple enforcement modes (warn vs. block)

Use Cases:

Enforcing security policies for Terraform provider usage in CI/CD
Auditing existing Terraform configurations for compliance
Preventing supply chain attacks targeting infrastructure-as-code

Alternatives:

tfsec – tfsec scans Terraform code for security misconfigurations, whereas tfprovidercheck specifically validates the provider binaries themselves against an allowlist.
OPA (Open Policy Agent) – OPA is a general-purpose policy engine that can enforce provider policies, but requires writing Rego; tfprovidercheck offers a specialized, out-of-the-box solution for provider validation.

Version History

Detected	Version	Rev	Change	Commit
Oct 10, 2025 4:36pm		0	VERSION_BUMP	88e512aa
Sep 12, 2025 12:55am		0	VERSION_BUMP	c035be6d