top of page


Public·13 members

Terrascan: A Tool for Detecting Compliance and Security Violations in Infrastructure as Code

Terrascan: A Tool for Detecting Compliance and Security Violations in Infrastructure as Code

Infrastructure as Code (IaC) is a popular approach for provisioning and managing cloud native infrastructure. It allows developers to define their infrastructure using code, such as Terraform, Kubernetes, AWS CloudFormation, and others. However, IaC also introduces new risks and challenges for security and compliance. How can you ensure that your IaC follows best practices and meets regulatory requirements? How can you prevent misconfigurations and vulnerabilities from being deployed to production?


One solution is to use Terrascan, an open source tool that scans IaC for compliance and security violations. Terrascan is based on the Open Policy Agent (OPA) engine, which allows you to write custom policies using the Rego query language. Terrascan also provides over 500 out-of-the-box policies that cover common standards such as the CIS Benchmark. Terrascan can detect issues such as insecure network configurations, exposed secrets, unencrypted data, and more.

Terrascan is easy to install and use. You can run it locally or integrate it with your CI/CD pipeline. You can also use it as a web service or a command line tool. Terrascan supports multiple IaC formats, such as Terraform, Kubernetes, Helm, Kustomize, AWS CloudFormation, Azure Resource Manager (ARM), Google Cloud Deployment Manager (GDM), and Serverless Framework.

Terrascan is a project by Accurics, a company that provides cloud security solutions. Accurics also offers a free cloud service that monitors provisioned cloud infrastructure for configuration changes that introduce posture drift, and enables reverting to a secure posture. You can sign up for a free account at

If you want to learn more about Terrascan, you can visit its official website at, where you can find documentation, tutorials, examples, and community resources. You can also check out its GitHub repository at, where you can contribute to the project or report issues.

Terrascan is a powerful tool for ensuring that your IaC is secure and compliant. By using Terrascan, you can mitigate risk before provisioning cloud native infrastructure and avoid costly breaches and fines.How to Install Terrascan

There are several ways to install Terrascan on your system. The easiest way is to use a pre-compiled binary that is available for Linux, MacOS, and Windows. You can download the latest release from After downloading the file, you need to unzip it and move it to a directory in your PATH. For example, on Linux, you can run the following commands:


tar -xzf terrascan_1.11.0_Linux_x86_64.tar.gz

sudo mv terrascan /usr/local/bin/

Another way to install Terrascan is to use a package manager such as Homebrew or Scoop. For example, on MacOS, you can run the following command:

brew install terrascan

You can also install Terrascan from source using Go. You need to have Go 1.14 or higher installed on your system. You can then run the following command:

go get -u

To verify that Terrascan is installed correctly, you can run the following command:

terrascan version

You should see the output similar to this:

version: v1.11.0

commit: 7b6c8f8

date: 2022-04-21T16:42:25Z


- Apache License 2.0


  • About

    Welcome to the group! You can connect with other members, ge...

    bottom of page