Terrascan – Detect Compliance And Security Violations Across Infrastructure As Code To Mitigate Risk Before Provisioning Cloud Native Infrastructure
Detect compliance and stability violations across Infrastructure as Code to mitigate chance just before provisioning cloud native infrastructure.
- GitHub Repo: https://github.com/accurics/terrascan
- Documentation: https://docs.accurics.com
- Discuss: https://neighborhood.accurics.com
Features
- 500+ Guidelines for protection greatest methods
- Scanning of Terraform 12+ (HCL2)
- Scanning of Kubernetes (JSON/YAML), Helm v3, and Kustomize v3
- Support for AWS, Azure, GCP, Kubernetes and GitHub
Setting up
Terrascan’s binary for your architecture can be observed on the releases webpage. Here is an illustration of how to set up it:
$ curl --area https://github.com/accurics/terrascan/releases/obtain/v1.2./terrascan_1.2._Darwin_x86_64.tar.gz --output terrascan.tar.gz
$ tar -xvf terrascan.tar.gz
x CHANGELOG.md
x LICENSE
x README.md
x terrascan
$ install terrascan /usr/neighborhood/bin
$ terrascanIf you have go put in, Terrascan can be put in with go get
$ export GO111MODULE=on
$ go get -u github.com/accurics/terrascan/cmd/terrascan
go: downloading github.com/accurics/terrascan v1.2.
go: identified github.com/accurics/terrascan/cmd/terrascan in github.com/accurics/terrascan v1.2.
...
$ terrascan
Set up through brew
Homebrew end users can install by:
$ brew install terrascanDocker
Terrascan is also out there as a Docker graphic and can be employed as follows
$ docker operate accurics/terrascanBuilding Terrascan
Terrascan can be constructed locally. This is beneficial if you want to be on the most up-to-date variation or when building Terrascan.
$ git clone git@github.com:accurics/terrascan.git
$ cd terrascan
$ make establish
$ ./bin/terrascanAcquiring begun
To scan your code for safety issues you can operate the pursuing (defaults to scanning Terraform).
$ terrascan scanTerrascan will exit 3 if any problems are observed.
The following commands are readily available:
$ terrascan
Terrascan
An superior IaC (Infrastructure-as-Code) file scanner composed in Go.
Secure your cloud deployments at design time.
For much more facts, please pay a visit to https://www.accurics.com
Utilization:
terrascan [command]
Accessible Instructions:
support Help about any command
init Initialize Terrascan
scan Scan IaC (Infrastructure-as-Code) information for vulnerabilities.
server Operate Terrascan as an API server
Flags:
-c, --config-route string config file route
-h, --support support for terrascan
-l, --log-amount string log amount (debug, data, alert, error, stress, deadly) (default "information")
-x, --log-type string log output form (console, json) (default "console")
-o, --output-variety string output style (json, yaml, xml) (default "yaml")
-v, --version variation for terrascan
Use "terrascan [command] --enable" for additional details about a command.Documentation
To master a lot more about Terrascan examine out the documentation https://docs.accurics.com the place we incorporate a getting started out guidebook, Terrascan’s architecture, a breakdown of it really is commands, and a deep dive into guidelines.
Creating Terrascan
To study a lot more about producing and contributing to Terrascan refer to the contributing tutorial.
