Usage

In depth look into the many options Terrascan supports

For steps to install locally, or run Terrascan from docker, see this section.

Building Terrascan

Terrascan is a Go binary that you can build locally. This is useful if you want to be on the latest version, or when modding Terrascan.

$ git clone git@github.com:tenable/terrascan.git
$ cd terrascan
$ make build
$ ./bin/terrascan

Using Terrascan

This section provides an overview of the different ways you can use Terrascan:

  1. Command line mode provides list of Terrascan commands with descriptions.
  2. Server mode using Terrascan as API server

See Configuring Terrascan to learn more about Terrascan’s configuration file.

See In-File Instrumentation to learn how to granularly customize your scan based on particular resources and rules. For example, by skipping certain rules or resources.

Integrations

Terrascan can be integrated into various platforms and configured to validate policies to provide run time security. Currently Terrascan supports the following integrations:

  1. Kubernetes (K8s) Admissions webhooks
  2. ArgoCD
  3. Atlantis
  4. Github and GitLab or CI/CD pipelines

Command Line Options

Run Terrascan in terminal. Read about flags and command line arguments.

Server mode

Run Terrascan as an API server

In-file Instrumentation

Terrascan can be instrumented using special commands inside your IaC files (Terraform, K8s and dockerfile)

Configuration File

Configure Terrascan via it’s configuration file.


Last modified May 16, 2022 : Updates references to Tenable (dc76628)