System Administration

Terrascan – Detect Compliance And Security Violations Across IaC

Terrascan - Detect Compliance And Security Violations Across Infrastructure As Code To Mitigate Risk Before Provisioning Cloud Native Infrastructure

[sc name=”ad_1″]

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.


  • 500+ Policies for security best practices
  • Scanning of Terraform 12+ (HCL2)
  • Scanning of Kubernetes (JSON/YAML), Helm v3, and Kustomize v3
  • Support for AWS, Azure, GCP, Kubernetes and GitHub


Terrascan’s binary for your architecture can be found on the releases page. Here’s an example of how to install it:

$ curl --location --output terrascan.tar.gz
$ tar -xvf terrascan.tar.gz
  x terrascan
$ install terrascan /usr/local/bin
$ terrascan

If you have go installed, Terrascan can be installed with go get

$ export GO111MODULE=on
$ go get -u
  go: downloading v1.2.0
  go: found in v1.2.0
$ terrascan

Install via brew

Homebrew users can install by:

$ brew install terrascan


Terrascan is also available as a Docker image and can be used as follows

$ docker run accurics/terrascan

Building Terrascan

Terrascan can be built locally. This is helpful if you want to be on the latest version or when developing Terrascan.

$ git clone [email protected]:accurics/terrascan.git
$ cd terrascan
$ make build
$ ./bin/terrascan

Getting started

To scan your code for security issues you can run the following (defaults to scanning Terraform).

$ terrascan scan

Terrascan will exit 3 if any issues are found.

The following commands are available:

$ terrascan
An advanced IaC (Infrastructure-as-Code) file scanner written in Go.
Secure your cloud deployments at design time.
For more information, please visit
terrascan [command]
Available Commands:
help Help about any command
init Initialize Terrascan
scan Scan IaC (Infrastructure-as-Code) files for vulnerabilities.
server Run Terrascan as an API server
-c, --config-path string config file path
-h, --help help for terrascan
-l, --log-level string log level (debug, info, warn, error, panic, fatal) (default "info")
-x, --log-type string log output type (console, json) (default "console")
-o, --output-type string output type (json, yaml, xml) (default "yaml")
-v, --version version for terrascan
Use "terrascan [command] --help" for more information about a command.


To learn more about Terrascan check out the documentation where we include a getting started guide, Terrascan’s architecture, a breakdown of it’s commands, and a deep dive into policies.

Developing Terrascan

To learn more about developing and contributing to Terrascan refer to the contributing guide.

[sc name=”ad-in-article”]