Tools/terraform-linters/tflint

tflint

A Pluggable Terraform Linter

The Lens

TFLint catches Terraform mistakes that terraform validate misses: invalid instance types, deprecated syntax, unused declarations, and provider-specific errors that would otherwise blow up at apply time. It's a linter built specifically for Terraform, open source and free.

It runs as a single binary, locally or in CI, and it's extensible through plugins, one per cloud provider, that add rules specific to AWS, Azure, or GCP resources. Setup is the binary plus the provider plugin you need. It's fast and focused on correctness and best practices rather than security posture.

Fully free, no paid tier. It's not a security scanner, so it complements rather than replaces Checkov or KICS. Run TFLint to catch Terraform errors and style issues, and run a security scanner alongside it for misconfigurations. Together they cover different halves of the problem.

The catch: it only knows Terraform. It won't touch your CloudFormation, Kubernetes, or other IaC, and it's not looking for security issues. Scope it correctly: it makes your Terraform cleaner and catches provider errors early, but it's one tool in a larger IaC quality stack.

Free vs Self-Hosted vs Paid

fully free

Self-hosted (free): TFLint under MPL-2.0, a single binary that lints Terraform for errors validate misses: invalid instance types, deprecated syntax, unused declarations, provider-specific mistakes. Extensible via per-provider plugins (AWS, Azure, GCP).

Commercial: None.

The call: A correctness and best-practices linter, not a security scanner. Run it alongside Checkov or KICS, which cover the security half.

Completely free and open source. No paid tier.

Self-hosting ops:trivial

Get tools like this every Wednesday

One featured tool, three on the radar. No fluff.

Score
58/100 · C+
Adoption21/30
Maintenance10/25
Community5/20
License12/15
Analysis10/10

About

Owner
Terraform Linters (Organization)
Stars
5,762
Forks
400

Explore Further

More tools in the directory