diff --git a/provisioning/tools-versions.yml b/provisioning/tools-versions.yml
index c610d6f7a..b8cb75ab3 100644
--- a/provisioning/tools-versions.yml
+++ b/provisioning/tools-versions.yml
@@ -20,5 +20,6 @@ maven_version: "3.8.6"
 openssh_authorized_keys_url: "https://raw.githubusercontent.com/jenkins-infra/aws/main/ec2_agents_authorized_keys"
 packer_version: "1.8.2"
 ruby_version: "2.6.10"
+tfsec_version: "1.28.0"
 vagrant_version: "2.3.2"
 yq_version: "4.25.3"
diff --git a/provisioning/ubuntu-provision.sh b/provisioning/ubuntu-provision.sh
index c233fa794..b2f071090 100755
--- a/provisioning/ubuntu-provision.sh
+++ b/provisioning/ubuntu-provision.sh
@@ -450,6 +450,16 @@ function install_datadog() {
   systemctl disable datadog-agent
 }
 
+## Install Tfsec with ASDF
+function install_tfsec() {
+  # Ensure that ASDF is installed
+  install_asdf
+
+  # Install tfsec with ASDF and set it as default installation
+  install_asdf_plugin tfsec https://github.com/woneill/asdf-tfsec.git
+  install_asdf_package tfsec "${TFSEC_VERSION}"
+}
+
 ## Ensure that the VM is cleaned up
 function cleanup() {
   export HISTSIZE=0
@@ -482,6 +492,7 @@ function sanity_check() {
   && parallel --version \
   && python3 --version \
   && ruby -v \
+  && tfsec --version \
   && unzip -v \
   && vagrant -v \
   && yq --version \
@@ -519,6 +530,7 @@ function main() {
   install_ruby
   install_yq
   install_packer
+  install_tfsec
   cleanup
 }
 
diff --git a/provisioning/windows-provision.ps1 b/provisioning/windows-provision.ps1
index f57b5466b..c68eb6cb7 100644
--- a/provisioning/windows-provision.ps1
+++ b/provisioning/windows-provision.ps1
@@ -262,6 +262,7 @@ $downloads = [ordered]@{
             & "choco.exe" install chromium --yes --no-progress --limit-output --fail-on-error-output --version "${env:CHROMIUM_VERSION}";
             & "choco.exe" install datadog-agent --yes --no-progress --limit-output --fail-on-error-output;
             & "choco.exe" install vcredist2015 --yes --no-progress --limit-output --fail-on-error-output;
+            & "choco.exe" install tfsec --yes --no-progress --limit-output --fail-on-error-output --version "${env:TFSEC_VERSION}";
         };
         'sanityCheck'= {
             & "choco.exe";
@@ -270,6 +271,7 @@ $downloads = [ordered]@{
             & "$baseDir\ruby26\bin\bundle" -v;
             & "yq.exe" --version;
             & "packer.exe" --version;
+            & "tfsec.exe" --version;
         }
     };
 }