Catch Terraform Security Issues Before They Hit Production — With a Single API Call

tags: terraform, devsecops, security, iac You've just pushed a Terraform change. The plan looks clean. The apply succeeds. Three weeks later, someone runs a routine audit and finds your EC2 instance has been exposed to the entire internet since day one — because a security group was accidentally left wide open. This is not a hypothetical. It's a pattern that shows up repeatedly in post-mortems, and it almost always comes down to the same root cause: nobody checked the HCL before it shipped. TerraGuard is a REST API that does exactly that check — static analysis of Terraform code for security misconfigurations and hardcoded secrets, with no tooling to install and no pipeline plugins to configure. What TerraGuard Does TerraGuard exposes two analysis endpoints: POST /analyze — scans HCL for security misconfigurations (open ingress rules, overly permissive IAM policies, unencrypted storage, etc.) POST /secrets — detects hardcoded credentials, API keys, passwords, and tokens in Terraform re