Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
- GitHub Repo: https://github.com/accurics/terrascan
- Documentation: https://docs.accurics.com
- Discuss: https://community.accurics.com
- 500+ Policies for security best practices
- Scanning of Terraform 12+ (HCL2)
- Scanning of Kubernetes (JSON/YAML), Helm v3, and Kustomize v3
- Support for AWS, Azure, GCP, Kubernetes and GitHub
Terrascan’s binary for your architecture can be found on the releases page. Here’s an example of how to install it:
$ curl --location https://github.com/accurics/terrascan/releases/download/v1.2.0/terrascan_1.2.0_Darwin_x86_64.tar.gz --output terrascan.tar.gz $ tar -xvf terrascan.tar.gz x CHANGELOG.md x LICENSE x README.md x terrascan $ install terrascan /usr/local/bin $ terrascan
If you have go installed, Terrascan can be installed with
$ export GO111MODULE=on $ go get -u github.com/accurics/terrascan/cmd/terrascan go: downloading github.com/accurics/terrascan v1.2.0 go: found github.com/accurics/terrascan/cmd/terrascan in github.com/accurics/terrascan v1.2.0 ... $ terrascan
Homebrew users can install by:
$ brew install terrascan
Terrascan is also available as a Docker image and can be used as follows
$ docker run accurics/terrascan
Terrascan can be built locally. This is helpful if you want to be on the latest version or when developing Terrascan.
$ git clone [email protected]:accurics/terrascan.git $ cd terrascan $ make build $ ./bin/terrascan
To scan your code for security issues you can run the following (defaults to scanning Terraform).
$ terrascan scan
Terrascan will exit 3 if any issues are found.
The following commands are available:
$ terrascan Terrascan An advanced IaC (Infrastructure-as-Code) file scanner written in Go. Secure your cloud deployments at design time. For more information, please visit https://www.accurics.com Usage: terrascan [command] Available Commands: help Help about any command init Initialize Terrascan scan Scan IaC (Infrastructure-as-Code) files for vulnerabilities. server Run Terrascan as an API server Flags: -c, --config-path string config file path -h, --help help for terrascan -l, --log-level string log level (debug, info, warn, error, panic, fatal) (default "info") -x, --log-type string log output type (console, json) (default "console") -o, --output-type string output type (json, yaml, xml) (default "yaml") -v, --version version for terrascan Use "terrascan [command] --help" for more information about a command.
To learn more about Terrascan check out the documentation https://docs.accurics.com where we include a getting started guide, Terrascan’s architecture, a breakdown of it’s commands, and a deep dive into policies.
To learn more about developing and contributing to Terrascan refer to the contributing guide.