🌍 Introduction

Terralint is a static analysis tool for Terraform code, helping developers maintain best practices, enforce policies, and catch misconfigurations before deployment. Unlike runtime tools that inspect live infrastructure, Terralint performs SAST (Static Application Security Testing) for infrastructure-as-code.

In this article, we’ll walk through how to install and use Terralint on a sample Terraform project, automate it with GitHub Actions, and wrap up with a short video demo.

⚙️ Installation

You can install Terralint via go install or by downloading the binary release.

go install github.com/tenable/terralint@latest

Or download the appropriate release from the Terralint GitHub Releases page.

Verify the installation:

terralint --help

🔍 Running Terralint

To lint a directory with Terraform files:

terralint lint ./path/to/terraform

You can also generate results in different formats (e.g., JSON, SARIF) for integration into other tools:

terralint lint --format json ./terraform

👨‍💻 Demo Code

We created a small Terraform project with intentional misconfigurations to demonstrate how Terralint works.

👉 GitHub Repo

Example Misconfiguration

resource "aws_security_group" "insecure_sg" {
  name        = "open-to-world"
  description = "Allows all inbound traffic"
  ingress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

Terralint flags this security group as dangerously permissive because it allows all traffic from any IP.

🤖 Automation with GitHub Actions

Terralint can be integrated into your CI/CD pipeline using GitHub Actions for automatic scanning on pull requests and pushes:

# .github/workflows/terralint.yml
name: Terralint Scan

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

jobs:
  terralint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: Install Go
        uses: actions/setup-go@v4
        with:
          go-version: '1.21'

      - name: Install Terralint
        run: go install github.com/tenable/terralint@latest

      - name: Run Terralint
        run: terralint lint ./terraform --format json

📹 Video Demo

A 5-minute walkthrough of Terralint, how to scan Terraform code, and CI integration is available here:

• YouTube Demo (English)
• TikTok version coming soon!

🎥 Video Language

English, with Spanish subtitles available.

🧾 Conclusion

Terralint helps teams enforce secure, consistent Terraform code. As a static analysis tool, it’s fast, easy to automate, and provides immediate feedback during development and in CI/CD pipelines.

By integrating Terralint into your DevOps workflow, you’ll reduce the risk of infrastructure misconfigurations before they reach production.