Terrascan | Feb 02, 2021

Introducing Terrascan 1.3.1: Improving Usability, Flexibility

Introducing Terrascan 1.3.1: Improving Usability, Flexibility

We are extremely excited about the release of the newest version of Terrascan, which adds many community requested features. It’s all about making Terrascan easier to use in a variety of use cases. Baked into it are 500+ security policies, as well as our newest Kubernetes policies.  Full details are available in our repository, and I highlight noteworthy improvements below.

The Highlights

New CLI Output

Terrascan 1.3 has a new concise, human readable output format. This is now the default output type when running Terrascan in CLI mode. The human readable format was designed with quick readability in mind. Therefore, certain data is hidden to reduce scrolling and information overload, and the summary is displayed last, right above the command line. Our old YAML and JSON outputs are of course still available, as well as verbose human readable output. This is what the new format looks like:

Terrascan 1.3.1 concise human readable output
Terrascan 1.3.1 concise human readable output

Rule Skipping

Sometimes, a best practice security policy doesn’t apply. Some machines are supposed to have port 22 exposed to the internet. There are legitimate use cases where an S3 bucket would be publicly readable. 

For these use cases, we introduced rule skipping. Simply tell Terrascan to skip a rule for a particular resource in your IaC files. For Terraform, you can insert a comment (#ts:skip=rule_name reason). For Kubernetes, you can add an annotation (terrascanSkip). Please see the readme on the repository home page for example usage. We also support suppressing rules for the entire scan, and not just a particular resource. As of 1.3, this feature is for the experts out there. We will build on this feature in future releases

More Improvements

The latest version of Terrascan includes the newest Kubernetes policies we recently published. We wrote about them in detail in our blog. These policies are the first of many we will publish in 2021; we are committed to publishing new policies every two weeks as we kick off the year. You can subscribe to our blog updates or watch our repository to be notified when the next batch comes out.

We have also updated our infrastructure to provide full support for Terraform v0.14. Among the several bug fixes introduced in Terrascan 1.3.0 and 1.3.1, we have introduced support for remote registry modules and will have more on that front soon.

What's Ahead

Productivity will still be our North Star as we continue to improve Terrascan in 2021. On our roadmap are cool new features that will empower development, DevOps, and security engineers to integrate Terrascan seamlessly into their workflows, regardless of what it may look like. That said, please don’t be shy about telling us what your workflow looks like 😉 !  You can use our GitHub issue tracker or better yet our community site.

Kubernetes Security: Protect Internal Traffic with Policy as Code (CVE-2021-25737 and CVE-2021-25740)

Automating Terraform Security with pre-commit-terraform and Terrascan

GitOps Security: Same tool, same policies, one Terrascan

We use cookies to ensure you get the best experience on our website. By continuing to browse this site, you acknowledge the use of cookies.