System Administration

Terrascan – Detect Compliance And Security Violations Across IaC

Terrascan - Detect Compliance And Security Violations Across Infrastructure As Code To Mitigate Risk Before Provisioning Cloud Native Infrastructure


Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.


  • 500+ Policies for security best practices
  • Scanning of Terraform 12+ (HCL2)
  • Scanning of Kubernetes (JSON/YAML), Helm v3, and Kustomize v3
  • Support for AWS, Azure, GCP, Kubernetes and GitHub


Terrascan’s binary for your architecture can be found on the releases page. Here’s an example of how to install it:

$ curl --location --output terrascan.tar.gz
$ tar -xvf terrascan.tar.gz
  x terrascan
$ install terrascan /usr/local/bin
$ terrascan

If you have go installed, Terrascan can be installed with go get

$ export GO111MODULE=on
$ go get -u
  go: downloading v1.2.0
  go: found in v1.2.0
$ terrascan

Install via brew

Homebrew users can install by:

$ brew install terrascan


Terrascan is also available as a Docker image and can be used as follows

$ docker run accurics/terrascan

Building Terrascan

Terrascan can be built locally. This is helpful if you want to be on the latest version or when developing Terrascan.

$ git clone [email protected]:accurics/terrascan.git
$ cd terrascan
$ make build
$ ./bin/terrascan

Getting started

To scan your code for security issues you can run the following (defaults to scanning Terraform).

$ terrascan scan

Terrascan will exit 3 if any issues are found.

The following commands are available:

$ terrascan
An advanced IaC (Infrastructure-as-Code) file scanner written in Go.
Secure your cloud deployments at design time.
For more information, please visit
terrascan [command]
Available Commands:
help Help about any command
init Initialize Terrascan
scan Scan IaC (Infrastructure-as-Code) files for vulnerabilities.
server Run Terrascan as an API server
-c, --config-path string config file path
-h, --help help for terrascan
-l, --log-level string log level (debug, info, warn, error, panic, fatal) (default "info")
-x, --log-type string log output type (console, json) (default "console")
-o, --output-type string output type (json, yaml, xml) (default "yaml")
-v, --version version for terrascan
Use "terrascan [command] --help" for more information about a command.


To learn more about Terrascan check out the documentation where we include a getting started guide, Terrascan’s architecture, a breakdown of it’s commands, and a deep dive into policies.

Developing Terrascan

To learn more about developing and contributing to Terrascan refer to the contributing guide.

About the author

Mazen Elzanaty

Add Comment

Click here to post a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: