Terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. As you embrace Infrastructure as Code (IaC) such as Terraform, Kubernetes, Argo CD, Atlantis and AWS CloudFormation, it is important to ensure that security best practices and compliance requirements are observed. Terracan provides 500+ out-of-the-box policies so that you can scan IaC against common policy standards such as the CIS Benchmark. It leverages the Open Policy Agent (OPA) engine so that you can easily create custom policies using the Rego query language. Monitor provisioned cloud infrastructure for configuration changes that introduce posture drift, and enables reverting to a secure posture. Detect security vulnerabilities and compliance violations.

Features

Follow the documentation to get scanning as quickly as possible!
Seamlessly scan infrastructure as code for misconfigurations
Detect security vulnerabilities and compliance violations
Mitigate risks before provisioning cloud native infrastructure
Offers flexibility to run locally or integrate with your CI\CD
500+ Policies for security best practices

Project Samples

Project Activity

See All Activity >

License

Apache License V2.0

Follow Terrascan

Terrascan Web Site

Other Useful Business Software

Forever Free Full-Stack Observability | Grafana Cloud

Our generous forever free tier includes the full platform, including the AI Assistant, for 3 users with 10k metrics, 50GB logs, and 50GB traces.

Built on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.

Create free account

Rate This Project

User Reviews

Be the first to post a review of Terrascan!

Additional Project Details

Operating Systems

Linux, Windows

Programming Language

Related Categories

Go Security Software, Go Cloud Services Software

Registered

2022-04-01

Similar Business Software

Aikido Security

Secure your code, cloud, and runtime in one central system. Aikido’s all-in-one security platform is loved by developers and security teams alike with full security visibility, insight in what matters most, and fast/automatic vulnerability fixes. Teams get security done with Aikido thanks...

See Software
Massdriver

At Massdriver, we believe in prevention, not permission, letting ops teams enforce guardrails while developers deploy confidently. Our platform encodes your non-negotiables into self-service modules built with your preferred IaC (Terraform, Helm, OpenTofu, etc.) standardizing infrastructure...

See Software
Reflectiz

Reflectiz is a web exposure management platform that helps organizations identify, monitor, and mitigate security, privacy, and compliance risks across their online environments. It provides full visibility and control over first, third, and fourth-party components like scripts, trackers, and...

See Software
Grafana Cloud

Grafana Labs delivers the leading AI-powered observability platform, built around Grafana—the world’s most widely adopted open source technology for dashboards and visualization. Recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Observability Platforms, Grafana Labs supports more...

See Software
Uniqkey

Uniqkey: Protect every login. Access with confidence. Uniqkey is Europe’s trusted password and access management platform - purpose-built for companies that demand security, simplicity, and control. Engineered by European cybersecurity experts, our platform combines military-grade...

See Software
groundcover

Cloud-based observability solution that helps businesses track and manage workload and performance on a unified dashboard. Monitor everything you run in your cloud without compromising on cost, granularity, or scale. groundcover is a full stack cloud-native APM platform designed to make...

See Software