System Administration

Terrascan – Detect Compliance And Security Violations Across IaC

December 4, 2020
2 Min Read
Terrascan - Detect Compliance And Security Violations Across Infrastructure As Code To Mitigate Risk Before Provisioning Cloud Native Infrastructure

[sc name=”ad_1″]

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Features

  • 500+ Policies for security best practices
  • Scanning of Terraform 12+ (HCL2)
  • Scanning of Kubernetes (JSON/YAML), Helm v3, and Kustomize v3
  • Support for AWS, Azure, GCP, Kubernetes and GitHub

Installing

Terrascan’s binary for your architecture can be found on the releases page. Here’s an example of how to install it:

$ curl --location https://github.com/accurics/terrascan/releases/download/v1.2.0/terrascan_1.2.0_Darwin_x86_64.tar.gz --output terrascan.tar.gz
$ tar -xvf terrascan.tar.gz
  x CHANGELOG.md
  x LICENSE
  x README.md
  x terrascan
$ install terrascan /usr/local/bin
$ terrascan

If you have go installed, Terrascan can be installed with go get

$ export GO111MODULE=on
$ go get -u github.com/accurics/terrascan/cmd/terrascan
  go: downloading github.com/accurics/terrascan v1.2.0
  go: found github.com/accurics/terrascan/cmd/terrascan in github.com/accurics/terrascan v1.2.0
  ...
$ terrascan

Install via brew

Homebrew users can install by:

$ brew install terrascan

Docker

Terrascan is also available as a Docker image and can be used as follows

$ docker run accurics/terrascan

Building Terrascan

Terrascan can be built locally. This is helpful if you want to be on the latest version or when developing Terrascan.

$ git clone [email protected]:accurics/terrascan.git
$ cd terrascan
$ make build
$ ./bin/terrascan

Getting started

To scan your code for security issues you can run the following (defaults to scanning Terraform).

$ terrascan scan

Terrascan will exit 3 if any issues are found.

The following commands are available:

$ terrascan
Terrascan
An advanced IaC (Infrastructure-as-Code) file scanner written in Go.
Secure your cloud deployments at design time.
For more information, please visit https://www.accurics.com
Usage:
terrascan [command]
Available Commands:
help Help about any command
init Initialize Terrascan
scan Scan IaC (Infrastructure-as-Code) files for vulnerabilities.
server Run Terrascan as an API server
Flags:
-c, --config-path string config file path
-h, --help help for terrascan
-l, --log-level string log level (debug, info, warn, error, panic, fatal) (default "info")
-x, --log-type string log output type (console, json) (default "console")
-o, --output-type string output type (json, yaml, xml) (default "yaml")
-v, --version version for terrascan
Use "terrascan [command] --help" for more information about a command.

Documentation

To learn more about Terrascan check out the documentation https://docs.accurics.com where we include a getting started guide, Terrascan’s architecture, a breakdown of it’s commands, and a deep dive into policies.

Developing Terrascan

To learn more about developing and contributing to Terrascan refer to the contributing guide.


[sc name=”ad-in-article”]

Tags