🗂️ Navigation
📁 Infrastructure as Code
📋 IaC Validation
🔧 Conftest

Conftest

Write tests against structured configuration data.

Visit Website →

Overview

Conftest is a testing framework for configuration files. It allows you to write tests for your Kubernetes manifests, Terraform code, serverless configurations, and more, using the Rego query language from Open Policy Agent. It is a general-purpose tool for applying policy-as-code to any structured data format.

✨ Key Features

  • Test any structured data file (JSON, YAML, HCL, etc.)
  • Uses the Rego language for writing policies
  • Integrates easily into CI/CD pipelines
  • Flexible input and output options
  • Shareable policies

🎯 Key Differentiators

  • Pure focus on testing configuration files, making it very versatile.
  • Excellent as a general-purpose policy testing tool in a CI pipeline.
  • Simple and straightforward CLI interface.

Unique Value: A simple, flexible framework for writing tests for any configuration file using the power of OPA and Rego.

🎯 Use Cases (4)

Writing custom policy checks for configuration files Unit testing Helm charts Validating Terraform JSON plans Enforcing organizational standards on any configuration data

✅ Best For

  • Writing Rego policies to test Kubernetes YAML files for specific labels, annotations, or security settings in a CI pipeline.

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Users looking for a tool with a large library of pre-built security rules (Conftest is a framework, not a pre-packaged scanner).

🏆 Alternatives

Open Policy Agent Regula Terrascan

While OPA is the engine, Conftest provides the user-friendly CLI and framework for easily applying it to test local configuration files in a development or CI workflow.

💻 Platforms

Desktop

✅ Offline Mode Available

🔌 Integrations

Kubernetes Terraform Helm GitHub Actions Tekton

💰 Pricing

Contact for pricing
Free Tier Available

Free tier: Conftest is completely free and open-source.

Visit Conftest Website →

🔄 Similar Tools in IaC Validation

Checkov

An open-source static analysis tool for scanning infrastructure as code (IaC) files for misconfigura...

Contact

Terrascan

An open-source static code analyzer for IaC that helps detect security and compliance violations....

Contact

tfsec

An open-source static analysis tool for finding security misconfigurations in Terraform code....

Contact

KICS

An open-source static analysis tool that finds security vulnerabilities, compliance issues, and misc...

Contact

Open Policy Agent (OPA)

An open-source, general-purpose policy engine that unifies policy enforcement across the stack....

Contact

TFLint

A linter for Terraform that focuses on best practices, style conventions, and detecting potential er...

Contact