Cloud Asset Management solution Firefly has released a new open-source solution called ValidIaC, which enables DevOps and Cloud Teams to validate, secure, and map Infrastructure-as-Code (IaC) with an all-in-one browser-based tool. Inspired by Komodor’s open-source project ValidKube that combines the best open-source tools to help ensure Kubernetes YAML best practices, Firefly built a sister project for the purpose of Infrastructure-as-Code.
ValidIaC combines several open-source projects and tools to allow developers to check their Terraform HCL (stay tuned for more IaC tools in the near future) code without changing context and from within the same workflow.
ValidIaC integrates four popular tools for Terraform to bring the combined value of each tool:
Lint – tflint, A Pluggable Terraform Linter that finds possible errors (like illegal instance types) and warns about deprecated syntax and unused declarations
Security – tfsec uses static analysis of your Terraform templates to spot potential security issues.
Cost – infracost, shows cloud cost estimates for Terraform, before making changes to the cloud.
Mapping – inframap reads your tfstate or HCL to generate a graph specific for each provider, showing only the resources that are most important/relevant.
Firefly plans to soon introduce support to more Infrastructure-as-Code tools, such as Pulumi, Cloudformation, etc.