Features
STRIDE Detection IaC Support Rego Policy Engine AI Analysis Discovery & DFDs CI/CD Integration Output Formats Plugin System Threat Tracking Performance
Security Documentation
Documentation Get Started
Compatibility

Infrastructure as Code Support

Scan Terraform, CloudFormation, Docker, and Helm configurations to identify security threats. Full HCL 2 parsing, module resolution, and multi-format support.

Terraform

Full HCL 2 parsing, module resolution (local, registry, Git), variable interpolation, and dependency analysis for .tf and .tf.json files.

CloudFormation

AWS CloudFormation template parsing and threat detection for YAML and JSON templates.

Docker & Compose

Container configuration analysis for Dockerfiles and docker-compose.yml files.

Helm Charts

Chart scanning with value template rendering for Kubernetes Helm chart directories.

Supported IaC Formats

FormatFile TypesCapabilities
Terraform.tf, .tf.jsonFull HCL 2 parsing, module resolution (local, registry, Git), variable interpolation, dependency analysis
CloudFormation.yaml, .jsonAWS CloudFormation template parsing and threat detection
Docker / Docker ComposeDockerfile, docker-compose.ymlContainer configuration analysis
HelmHelm chart directoriesChart scanning with value template rendering

Terraform Support

ThreatMitigator provides comprehensive Terraform analysis:

  • Full HCL 2 parsing - Complete support for the HashiCorp Configuration Language
  • Module resolution - Resolves local modules, Terraform Registry modules, and Git-hosted modules
  • Variable interpolation - Understands variable references and default values
  • Dependency analysis - Maps resource dependencies and relationships
  • Multi-cloud providers - AWS, Azure, GCP, Oracle Cloud, and Alibaba Cloud resources

Example

1
2
3
4
5

# Scan Terraform files
threatmitigator scan terraform ./infra

# Scan with specific format
threatmitigator scan terraform ./infra --format yaml

CloudFormation Support

Full parsing of AWS CloudFormation templates in both YAML and JSON formats. Detects security threats across all supported AWS resource types.

Docker Support

Analyze Dockerfiles and Docker Compose configurations for security issues:

  • Base image vulnerabilities
  • Exposed ports
  • Privilege escalation risks
  • Secret handling in build layers

Helm Support

Scan Helm chart directories with value template rendering. ThreatMitigator evaluates templates with their values to detect security threats in the final rendered Kubernetes manifests.

Application Code Scanning

In addition to IaC, ThreatMitigator scans application source code:

LanguageDetection
PythonSecurity vulnerability scanning
GoNetwork connection discovery for DFD generation
RustNetwork connection discovery for DFD generation

Multi-Cloud Coverage

Single tool coverage across all major cloud platforms:

  • Amazon Web Services - EC2, S3, RDS, Lambda, IAM, and 100+ services
  • Microsoft Azure - Virtual Machines, Storage, SQL Database, App Service, and more
  • Google Cloud Platform - Compute Engine, Cloud Storage, BigQuery, Cloud Functions
  • Oracle Cloud Infrastructure - Compute, Object Storage, Autonomous Database
  • Alibaba Cloud - ECS, OSS, RDS, VPC, RAM

Consistent Methodology

ThreatMitigator applies the same STRIDE framework across all clouds and IaC formats, providing:

  • Consistent severity ratings across platforms
  • Standardized threat categories
  • Comparable security posture metrics
  • Unified reporting format
1
2

# Scan all IaC in a directory
threatmitigator scan terraform ./infra --format yaml

See it in action

Unified threat detection across all major IaC formats with a single tool.

Demo

Ready to Secure Your Infrastructure?

Join teams already using ThreatMitigator to identify security threats in their Terraform, CloudFormation, Docker, and Helm configurations.

Get Started Free View Documentation