complyform scan
Discover existing Terraform resources from state files or live cloud APIs.
complyform scan [options]Options
Section titled “Options”| Flag | Type | Default | Description |
|---|---|---|---|
--source | state|api | state | Scan source: local/remote state file or live cloud API |
--state | path (multi-value) | — | Path to state file. Repeat for multiple. Supports gs://, s3://, azure://, app.terraform.io/org/ws |
--discover | path | — | Recursive state file discovery in directory. Mutually exclusive with --state and --batch. Max 50 files. (SPEC-001) |
--discover-pattern | string | *.tfstate | Glob pattern for --discover |
--project | string | — | Cloud project ID (for --source=api) |
--org | string | — | Org ID — include org-level resources (for --source=api) |
--cloud | gcp|aws|azure | gcp | Target cloud provider |
--credentials | path | — | Per-invocation credential override |
--batch | path | — | Batch manifest YAML — up to 10 projects (Agency tier) |
--parallel | int | 1 | Concurrent scans in batch mode (max 5) |
--assess | bool | false | Chain scan + assess in one command. Passes through all assess flags. |
--frameworks | string | — | Used with --assess: comma-separated framework IDs |
Examples
Section titled “Examples”Scan a local state file:
complyform scan --state=terraform.tfstateScan a remote GCS state file (Pro+):
complyform scan --state=gs://my-bucket/terraform.tfstateScan a live GCP project via cloud API (Team+):
complyform scan --source=api --project=my-gcp-project --cloud=gcpDiscover state files in a monorepo (SPEC-001):
complyform scan --discover=./environments/Chain scan and assess in one command:
complyform scan --state=terraform.tfstate --assess --frameworks=soc2