tflint

TFLint is a tool that checks Terraform configuration files for problems before you apply them to your cloud infrastructure. Terraform is a widely used tool for describing and managing cloud resources as code, and TFLint acts as a quality checker that runs against those descriptions. It can catch mistakes like specifying a virtual machine type that does not exist in a cloud provider's catalog, using syntax that has been removed in a newer Terraform version, or declaring variables that are never used.

The tool is built around a plugin system. The core program is a framework that does not contain many rules on its own. Instead, you install plugins that provide rule sets for specific cloud providers. Separate plugins exist for Amazon Web Services, Microsoft Azure, and Google Cloud Platform. A plugin for checking Terraform's own language syntax is bundled with TFLint and enabled by default. Additional plugins from the community or custom-built ones can be declared in a configuration file and installed with a single command.

Configuration lives in a file called .tflint.hcl in your project directory. You declare which plugins to use, which preset of rules to enable, and any rules you want to turn on or off. From the command line you can also override these settings with flags, run TFLint across an entire directory tree at once, or filter results to specific files.

Output can be formatted in several ways beyond the default readable text: JSON, JUnit XML, checkstyle XML, and SARIF are all available, which makes it easy to feed results into code review tools or CI pipelines. A GitHub Actions integration is available for running checks automatically on pull requests.

Installation options include downloading a binary directly, Homebrew on macOS, Chocolatey on Windows, and a Docker image. The project is licensed under MPL 2.0 for most code, with BUSL 1.1 applying to some parts.