Features

Powerful features that make Terraform plan reviews faster, easier, and more effective.

What Sets Us Apart

The features that make the biggest difference in your Terraform reviews

Inline Diffs

Inline Diffs

Character-level highlighting shows exactly what changed within a value. Added text in green, removed text in red-spot changes instantly.

View examples
Firewall Rule Interpretation

Firewall Rule Interpretation

Renders Azure Firewall network and application rule collections as readable tables with protocols, ports, FQDNs, and actions clearly displayed.

View examples
NSG Rule Interpretation

NSG Rule Interpretation

Renders Network Security Group rules as readable tables, making security changes easy to audit at a glance.

View examples
Role Assignment Mapping

Role Assignment Mapping

Resolves cryptic GUIDs to human-readable names: Principal IDs become "Jane Doe", Role Definition IDs become "Reader", and Scope IDs become "rg-myresourcegroup". Includes Azure AD Groups, Service Principals, and App Roles.

View examples
Large Value Formatting

Large Value Formatting

Handles large text blocks (like JSON policies or scripts) by showing computed diffs with inline highlighting instead of raw text walls.

View examples
Resource Grouping

Resource Grouping

Groups related resources into parent sections with inline child tables, so reviewers see memberships, subnets, routes, and rules in context.

View examples
PR Rendering Optimization

PR Rendering Optimization

Designed and tested for rendering in pull request comments on Azure DevOps Services and GitHub. Reports look great where they matter most.

View examples
Friendly Resource Names

Friendly Resource Names

Displays friendly names for resources instead of complex resource ID strings. See "kv-tfplan2md" instead of a 200-character Azure resource ID.

Learn more
Azure DevOps Variable Groups

Azure DevOps Variable Groups

Shows all variables (regular and secret) in variable group changes with full metadata. Secret values displayed as "(sensitive / hidden)" while preserving names and attributes.

View examples
Static Code Analysis Integration

Static Code Analysis Integration

Native SARIF 2.1.0 support maps security findings from Checkov, TfLint, and Trivy directly to specific resources and attributes. Creates a unified report combining infrastructure changes with security insights.

View examples

Built-In Capabilities

Solid capabilities that improve readability and usability

Plan Summary

Plan Summary

High-level overview table showing counts of adds, changes, replaces, and destroys by resource type.

Learn more
Module Grouping

Module Grouping

Groups resources logically by their Terraform module hierarchy (e.g., module.network.module.monitoring).

Learn more
Collapsible Details

Collapsible Details

Hides verbose resource details inside expandable sections and lets you choose `auto`, `open`, or `closed` behavior with `--details`.

Learn more
Azure ID Noise Filter

Azure ID Noise Filter

Suppresses casing-only Azure resource ID changes by default, including AzAPI body-level ID noise, so real drift stands out.

Learn more
Tag Visualization

Tag Visualization

Renders resource tags with specific icons and formatting for easy scanning of metadata.

Learn more
Smart Iconography

Smart Iconography

Adds context-aware icons for common attributes like Locations (🌍), IPs (🌐), Ports (🔌), and booleans.

Learn more
Build Definition Tables

Build Definition Tables

Azure DevOps build definitions render as structured tables for variables, triggers, repositories, schedules, and jobs with secret protection.

Learn more
Built-In Templates

Built-In Templates

Two built-in report layouts, `default` and `summary`, now run on the pure C# rendering engine with no custom Scriban files to maintain.

Learn more
CI/CD Integration

CI/CD Integration

Native support and examples for GitHub Actions, Azure DevOps, and GitLab CI. Just pipe terraform output to the Docker container.

View integration guides
Provider Agnostic Core

Provider Agnostic Core

Works with any Terraform provider (AWS, GCP, etc.) using standard resource rendering. Azure gets specialized renderers.

View providers
Local Resource Names

Local Resource Names

In modules, displays just the local resource name (e.g., "hub") instead of the full module path for cleaner summaries.

Learn more

Also Included

Security and quality-of-life improvements

Sensitive Value Masking

Sensitive Value Masking

Automatically masks sensitive values across nested attributes, AzAPI bodies, variable groups, and JSON before/after fields.

Container Support

Container Support

2.1 MB FROM scratch container plus multi-platform NativeAOT binaries for Docker, direct downloads, and Homebrew installs.

Terraform Outputs

Terraform Outputs

Reports include dedicated output tables showing create, update, delete, sensitivity, and known-after-apply values.

Homebrew Install

Homebrew Install

Install and upgrade tfplan2md with Homebrew on macOS and Linux using the official tap.

Debug Output

Debug Output

Single --debug flag appends diagnostic info in a collapsed details block showing mappings, renderer selection, and failed lookups.

Dark/Light Mode

Dark/Light Mode

Website supports dark and light theme toggle for comfortable viewing in any environment.