terrascan: Detect compliance and security violations across Infrastructure as Code

by ddos ·

Terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud-native infrastructure.

Features

  • 500+ Policies for security best practices
  • Scanning of Terraform 12+ (HCL2)
  • Scanning of Kubernetes YAML/JSON
  • Support for AWS, Azure, GCP, Kubernetes, and GitHub

Architecture

Terrascan’s architecture is built to be modular to facilitate adding IaC languages and policies. At a high-level it is composed of the following architectural components: a command-line interface, API server, runtime, pluggable IaC providers, pluggable policy engine, notifier, and writer.

  • Command Line Interface = Provides CLI input to Terrascan.
  • API Server = Provider input to Terrascan through an API.
  • Runtime = Performs input validation and process inputs
  • IaC Providers = Converts IaC language into normalized JSON
  • Policy Engine = Applies policies against normalized JSON
  • Notifier = Providers webhooks for results of Terrascan scans.
  • Writer = Writes results into various formats like JSON, YAML, or XML.

Install & Use

Copyright 2020 Accurics, Inc.

Tags: Terrascan