Accurics Extends Terrascan Vulnerability Detection into the Kubernetes Runtime
Based on the Cloud Native Computing Foundation (CNCF) Open Policy Agent (OPA), the Terrascan open source static code analyzer was designed to scan for vulnerabilities and security compliance issues across Infrastructure as code (IaC) deployments during the development cycle.
What was still missing, however, was an admission control to extend scans through a single source for IaC across Kubernetes clusters in runtime. To that end, cloud native security provider Accurics has released an admission controller to do exactly this, for Kubernetes clusters, as well as for code layers managed with Helm and Kustomize.
Before the release of the Terrascan admission controller, DevOps teams could use Terrascan and other IaC security scanners to discover vulnerabilities in development and during the build process, but they had to deploy different admission controllers for their Kubernetes clusters separately, Amir Benvenisti, head of open source, Accurics, told The New Stack. These tools would have to be configured separately, and would likely use different security policies, he said.