Skip to content

terrascan

terrascan documentation

terrascan - GitHub

Configuration in Mega-Linter

Variable Description Default value
TERRAFORM_TERRASCAN_ARGUMENTS User custom arguments to add in linter CLI call
Ex: -s --foo "bar"
TERRAFORM_TERRASCAN_FILTER_REGEX_INCLUDE Custom regex including filter
Ex: (src|lib)
Include every file
TERRAFORM_TERRASCAN_FILTER_REGEX_EXCLUDE Custom regex excluding filter
Ex: (test|examples)
Exclude no file
TERRAFORM_TERRASCAN_FILE_EXTENSIONS Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all files
Ex: [".py", ""]
[".tf"]
TERRAFORM_TERRASCAN_FILE_NAMES_REGEX File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files
Ex: ["Dockerfile(-.+)?", "Jenkinsfile"]
Include every file
TERRAFORM_TERRASCAN_DISABLE_ERRORS Run linter but consider errors as warnings false

Mega-Linter Flavours

This linter is available in the following flavours

Flavor Description Embedded linters Info
all Default Mega-Linter Flavor 83 Docker Image Size (tag) Docker Pulls
terraform Optimized for TERRAFORM based projects 39 Docker Image Size (tag) Docker Pulls

Behind the scenes

How are identified applicable files

  • File extensions: .tf

Example calls

terrascan scan -i terraform -t all -f myfile.tf

Help content

Terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
For more information, please visit https://docs.accurics.com

Usage:
  terrascan [command]

Available Commands:
  init        Initialize Terrascan
  scan        Detect compliance and security violations across Infrastructure as Code.
  server      Run Terrascan as an API server
  version     Terrascan version

Flags:
  -c, --config-path string   config file path
  -l, --log-level string     log level (debug, info, warn, error, panic, fatal) (default "info")
  -x, --log-type string      log output type (console, json) (default "console")
  -o, --output string        output type (human, json, yaml, xml) (default "human")

Use "terrascan [command] --help" for more information about a command.

Installation on mega-linter Docker image

  • Dockerfile commands :
FROM accurics/terrascan:latest as terrascan
COPY --from=terrascan /go/bin/terrascan /usr/bin/
RUN terrascan init

Example success log

Results of terrascan linter (version 1.2.0)
See documentation on https://nvuillam.github.io/mega-linter/descriptors/terraform_terrascan/
-----------------------------------------------

[SUCCESS] .automation/test/terraform_terrascan/good/terraform_good_1.tf
    results:
        violations: []
        count:
            low: 0
            medium: 0
            high: 0
            total: 0

Example error log

Results of terrascan linter (version 1.2.0)
See documentation on https://nvuillam.github.io/mega-linter/descriptors/terraform_terrascan/
-----------------------------------------------

[ERROR] .automation/test/terraform_terrascan/bad/terraform_bad_1.tf
    results:
        violations:
            - rule_name: instanceWithNoVpc
              description: Instance should be configured in vpc. AWS VPCs provides the controls to facilitate a formal process for approving and testing all network connections and changes to the firewall and router configurations.
              rule_id: AWS.Instance.NetworkSecurity.Medium.0506
              severity: MEDIUM
              category: Network Security
              resource_name: instanceWithNoVpc
              resource_type: aws_instance
              file: terraform_bad_1.tf
              line: 1
            - rule_name: ec2UsingIMDSv1
              description: EC2 instances should disable IMDS or require IMDSv2
              rule_id: AC-AWS-NS-IN-M-1172
              severity: MEDIUM
              category: Network Security
              resource_name: instanceWithNoVpc
              resource_type: aws_instance
              file: terraform_bad_1.tf
              line: 1
        count:
            low: 0
            medium: 2
            high: 0
            total: 2