Infralint is a powerful command-line tool for linting, security scanning, and reporting on infrastructure-as-code (IaC) such as Terraform and CloudFormation. It supports a variety of linters and security checkers, making it an essential tool for maintaining high-quality infrastructure code, with a focus on best practices and security.
Managing infrastructure code in a secure and scalable way is essential, especially with the rise of cloud-native technologies. Infralint was developed to automate the process of ensuring that your infrastructure code adheres to best practices by utilizing various linters and security scanners, generating detailed reports to highlight issues.
Infralint ensures that your infrastructure is both secure and follows the necessary guidelines by default using Checkov, while also supporting other popular linters such as TFLint and TFSec. The tool is designed to work with IaC frameworks like Terraform and CloudFormation, giving you comprehensive coverage.
This project supports Python versions specified in the pyproject.toml file:
[tool.poetry.dependencies]
python = ">=3.10,<4.0"
Ensure you are using Python 3.10 or above.
Ensure Python Version
python --version
Create and Activate Virtual Environment
Create:
python -m venv myenv
Activate:
myenv\\Scripts\\activate
source myenv/bin/activate
Install Infralint
pip install infralint
Ensure Python Version
python --version
Install Infralint
python -m pip install infralint
To configure Infralint, follow these steps:
You can export the default config by running infralint export-config.
The default configuration file will be exported to ~/.infralint/config.yaml.
By default, Checkov is the main linter used, but you can enable TFLint and TFSec as needed if you have them installed.
Edit the config.yaml file to enable/disable linters and set the report output format.
Here’s the default config.yaml
Before running Infralint, you need to set up the default configuration file. You can automatically export the default configuration to the ~/.infralint/config.yaml directory by running the following command:
infralint export-config
linters:
tflint:
enabled: false
tfsec:
enabled: false
checkov:
enabled: true
framework: terraform # Default framework can also be Cloudformation
output:
format: json
save_to: ./reports/report.json
color_scheme:
CRITICAL: "#FF6F61"
HIGH: "#FFA07A"
MEDIUM: "#FFD700"
LOW: "#90EE90"
INFO: "#B0C4DE"
Infralint integrates with OpenAI to provide enhanced insights on infrastructure issues. This includes determining the severity of issues and providing additional context and resolution suggestions for critical and high-severity issues. These insights can be particularly useful in understanding the nature of the problems and how to resolve them.
To enable OpenAI insights, you will need an API key from OpenAI
export OPENAI_API_KEY="your-openai-api-key"When a linter detects an issue, Infralint sends a request to OpenAI to analyze the issue and provide:
Severity: The issue’s severity level (CRITICAL, HIGH, MEDIUM, or LOW). Context and Resolution: For critical and high-severity issues, additional context and resolution suggestions will be provided.
These insights are added to the linting report and can be viewed in the Infralint Dashboard.
To avoid repeated API calls and improve performance, OpenAI responses are cached locally. The cache is created in the user’s home directory under ~/.infralint/openai_cache.json. This means if the same issue is analyzed multiple times, the tool will retrieve the result from the cache instead of querying OpenAI again.
Note: The cache key is generated based on the issue description and the framework used, so identical issues will have the same result retrieved from the cache.
API Limits: Depending on your OpenAI subscription, you may have limits on the number of requests. Using the cache can help minimize the number of API calls. Performance: Querying OpenAI can add some additional time to the analysis, especially for large codebases or complex issues. The caching system helps mitigate this for repeated runs. Error Handling: If an error occurs while querying OpenAI (e.g., invalid API key, connection issues), the tool will log the error and continue running without OpenAI insights.
Here are some useful commands to interact with Infralint:
infralint run <path>: Run the linters on the specified path and generate a report.infralint export-config - exports default configFor detailed information about changes in each version, see the Changelog.
If you encounter any issues or have any suggestions, please feel free to send them to dev@darrenrabbitt.com. Thank you for your support!
FAQs
Linting, security scanning, and reporting on infrastructure code
We found that infralint demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious Go packages are impersonating popular libraries to install hidden loader malware on Linux and macOS, targeting developers with obfuscated payloads.
Security News
Bybit's $1.46B hack by North Korea's Lazarus Group pushes 2025 crypto losses to $1.6B in just two months, already surpassing all of 2024's $1.49B total.
Security News
OpenSSF has published OSPS Baseline, an initiative designed to establish a minimum set of security-related best practices for open source software projects.