🗂️ Navigation
📁 GitOps
📋 GitOps Security
🔧 Terrascan

Terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

Visit Website →

Overview

Terrascan is an open-source static code analysis tool that helps developers detect security and compliance issues in their Infrastructure as Code. It supports a wide range of IaC providers, including Terraform, Kubernetes, Docker, and more. Terrascan comes with over 500 policies for security best practices across various cloud providers and compliance standards. It is designed to be integrated into the development lifecycle to provide early feedback on IaC security.

✨ Key Features

  • Scans Terraform, Kubernetes, Docker, and other IaC
  • Over 500 built-in policies for security best practices
  • Support for compliance standards like CIS, PCI-DSS, GDPR
  • Extensible with custom policies written in Rego (OPA)
  • CI/CD integration
  • Can scan provisioned cloud resources via API

🎯 Key Differentiators

  • Uses OPA/Rego for policies, making it highly extensible
  • Can scan both IaC and running cloud environments
  • Broad support for different IaC types and cloud providers

Unique Value: Enables organizations to enforce security and compliance policies across their IaC, integrating seamlessly into developer and GitOps workflows to prevent risks before deployment.

🎯 Use Cases (3)

Ensuring Terraform code is compliant with PCI DSS before deployment. Scanning Kubernetes YAML files for security misconfigurations. Integrating security checks into a GitOps workflow with Argo CD.

✅ Best For

  • Using as a pre-commit hook to prevent insecure code from being committed.
  • Running as a step in a CI pipeline to fail builds that have compliance violations.

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Dynamic or runtime security analysis, vulnerability scanning of application dependencies.

🏆 Alternatives

Checkov tfsec KICS

Provides a strong out-of-the-box experience for compliance-focused scanning compared to other tools that may require more customization for specific frameworks.

💻 Platforms

CLI API

✅ Offline Mode Available

🔌 Integrations

GitHub Actions Jenkins CircleCI ArgoCD AWS, Azure, GCP

💰 Pricing

Contact for pricing
Free Tier Available

Free tier: The open-source tool is completely free.

Visit Terrascan Website →

🔄 Similar Tools in GitOps Security

Snyk

A developer-first security platform for securing code, dependencies, containers, and Infrastructure ...

Contact

Checkov

An open-source static analysis tool for scanning infrastructure as code (IaC) to find misconfigurati...

Contact

Trivy

A simple and comprehensive vulnerability scanner for containers, IaC, and more....

Contact

KICS

An open-source solution for static analysis of IaC, finding security vulnerabilities, compliance iss...

Contact

Open Policy Agent (OPA)

An open source, general-purpose policy engine that enables unified, context-aware policy enforcement...

Contact

Kyverno

A policy engine designed for Kubernetes that can validate, mutate, and generate configurations using...

Contact