Detecting Terraform Vulnerabilities with Checkov: An Insecure vs Secure Comparison Demo

IaC security should be verified before you apply. Checkov lets you detect Terraform vulnerabilities through static analysis. Using five AWS resources (S3, Security Group, RDS, IAM, CloudTrail), this demo reproduces the journey from 37 FAILEDs to 111 PASSEDs in a public repository.

Detecting Terraform Misconfigurations with Trivy: A Comparison Demo with Checkov

Following our Checkov demo, we scanned the same Terraform code with Trivy. Checkov found 37 issues; Trivy found 27. Where does the gap come from? We compare severity classification, IAM wildcard handling, and check ID systems using actual scan results.