Trunk: Our Choice For Linting TF Code

Using trunk, a megalinter, lets us lint our TF code, generate doc and more.

Author

Matt Gowie
August 26, 2025

Hey folks,

There are many tools to format, lint, and ensure the consistency of Terraform or OpenTofu (TF) code.

The tool that my team and I recommend to our clients is Trunk Code Quality.

This single tool allows us to do the following in our TF projects:

  1. Format our TF code with terraform fmt or tofu fmt within our IDE and ensure this is run on each commit. This is handled by the trunk tofu linter.

  2. Validate our TF code with terraform validate or tofu validate within our IDE and ensure this is run on each commit. Again, handled by the trunk tofu linter.

  3. Generate documentation for our TF code with terraform-docs and ensure it is kept up-to-date on each commit. This is handled by the trunk terraform-docs plugin, which I contributed.

  4. Run TFLint against our code to ensure it is written using best practices. This uses the trunk tflint linter.

  5. Run a TF security scan against our code to ensure we're not introducing any security vulnerabilities. The trunk trivy linter takes care of this.

In addition to running these in our IDE, we also run these checks in our CI/CD pipeline to ensure they're enforced for every PR. This is taken care of by the trunk-action GitHub action.

This is a LOT of checks that trunk is supporting for us. Consolidation on one tool to support all these workflows is a huge win in decreased complexity and increased consistency.

There are also additional benefits worth calling out:

  • Installing trunk is super easy. It's not dependent on python or similar runtimes, which is a big plus.

  • Trunk is config file driven. The config file for trunk pins each version and offers customization for each linter that you're using. I’ve found it a pleasure to work with.

  • It doesn't just support TF. The Trunk Code Quality tool is a megalinter: it supports prettier, markdownlint, actionlint, shellcheck, yamllint, and more. This means we don't need to mess around with installing and managing 10 linters for any project with multiple languages. We install trunk and it deals with all of that complexity for us.

We love this tool. I would highly recommend you check it out!

May your linters never complain,

Matt @ Masterpoint

PS If you want to know how my team can help you implement this kind of tooling, grab some time on my calendar here. If you’d care to hear me rant about Terraliths, I was on the Ned in the Cloud podcast a few months ago talking about that exact topic.