Terrascan extends Policy as Code to Kubernetes
Accurics is excited to announce Terrascan v1.1.0, with Kubernetes (k8s) support! Cloud native apps and infrastructure are notoriously complex and difficult to secure with traditional tools. Kubernetes adds automation and orchestration that escalate those problems to another level. Practically speaking, security automation is mandatory. It’s not realistic to expect humans to comprehend such complex, dynamic environments.
Terrascan is an extensible open source tool that enables teams to detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. By adding k8s support to Terrascan, we’re ensuring that all teams, regardless of budget, have access to the tools they need to secure their cloud native apps and infrastructure well before they are ever deployed in the cloud.
Keep reading to learn how to get started, or view our quick-start video.
Using Terrascan with Kubernetes
Terrascan is available as a portable Go binary and a Docker container. To use it, simply run terrascan from a directory where your Kubernetes project lives. The command line interface is easy to run from a terminal, a script, from within a pipeline, and numerous other contexts.
$ terrascan scan -t k8s
Terrascan defaults to scanning YAML and JSON files in the current directory and subdirectories. If your project spans multiple directories, you can use the -d option one or more times to specify which directories to scan.
By default, output is sent to the terminal in YAML format.
The structured output includes a summary of the results as well as the details needed to prioritize and fix the findings. It’s suitable for humans to read, and for programmatic processing.
We’re just getting started, and we’re excited about the opportunity to help teams secure their cloud native apps and infrastructure. Join us in the community forums for more Terrascan tips and tricks, and stay tuned for more exciting announcements about new technologies and policies that cover even more of the cloud native landscape.