Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
- GitHub Repo: https://github.com/accurics/terrascan
- Documentation: https://docs.accurics.com
- Discuss: https://community.accurics.com
- 500+ Policies for security best practices
- Scanning of Terraform 12+ (HCL2)
- Support for AWS, Azure, and GCP
Terrascan's binary for your architecture can be found on the releases page. Here's an example of how to install it:
$ curl --location https://github.com/accurics/terrascan/releases/download/v1.0.0/terrascan_1.0.0_Darwin_x86_64.tar.gz --output terrascan.tar.gz
$ tar -xvf terrascan.tar.gz
x CHANGELOG.md
x LICENSE
x README.md
x terrascan
$ install terrascan /usr/local/bin
$ terrascan
If you have go installed, Terrascan can be installed with go get
$ export GO111MODULE=on
$ go get -u github.com/accurics/terrascan/cmd/terrascan
go: downloading github.com/accurics/terrascan v1.0.0
go: found github.com/accurics/terrascan/cmd/terrascan in github.com/accurics/terrascan v1.0.0
...
$ terrascan
Terrascan is also available as a Docker image and can be used as follows
$ docker run accurics/terrascan
Terrascan can be built locally. This is helpful if you want to be on the latest version or when developing Terrascan.
$ git clone [email protected]:accurics/terrascan.git
$ cd terrascan
$ make build
$ ./bin/terrascanTo scan your code for security issues you can run the following
$ terrascan scan -t aws
Terrascan will exit 3 if any issues are found.
The following commands are available:
$ terrascan
Terrascan
An advanced IaC (Infrastructure-as-Code) file scanner written in Go.
Secure your cloud deployments at design time.
For more information, please visit https://www.accurics.com
Usage:
terrascan [command]
Available Commands:
help Help about any command
init Initialize Terrascan
scan Scan IaC (Infrastructure-as-Code) files for vulnerabilities.
server Run Terrascan as an API server
Flags:
-c, --config-path string config file path
-h, --help help for terrascan
-l, --log-level string log level (debug, info, warn, error, panic, fatal) (default "info")
-x, --log-type string log output type (console, json) (default "console")
-o, --output-type string output type (json, yaml, xml) (default "yaml")
-v, --version version for terrascan
Use "terrascan [command] --help" for more information about a command.
To learn more about Terrascan check out the documentation https://docs.accurics.com where we include a getting started guide, Terrascan's architecture, a break down of it's commands, and a deep dive into policies.
To learn more about developing and contributing to Terrascan refer to the contributing guide.
Terrascan is licensed under the Apache 2.0 License.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent