Question 1

How to integrate Terrascan with GitHub Actions?

Accepted Answer

Use Terrascan's CLI in a GitHub Actions workflow step; install it via Docker or binary, then run 'terrascan scan' with appropriate flags and handle exit codes to fail the pipeline on violations. The documentation provides specific examples for automation.

Question 2

Terrascan vs Checkov for Terraform security?

Accepted Answer

Terrascan offers broader multi-IaC support and integrated container scanning, while Checkov is often praised for Terraform-specific depth and active maintenance. Since Terrascan is archived, Checkov might be safer for long-term projects requiring updates.

Question 3

Does Terrascan support scanning Azure Bicep files?

Accepted Answer

No, Terrascan only supports Azure Resource Manager (ARM) templates directly; to scan Bicep, you must compile it to ARM first, which adds an extra step and may not catch all issues in the Bicep source.

Question 4

How to exclude false positives in Terrascan scans?

Accepted Answer

Use in-file instrumentation like comments in Terraform or annotations in Kubernetes YAML to skip specific policies, or configure a Terrascan config file to globally suppress rules, though this requires manual setup and review.

Question 5

Can Terrascan scan Helm v2 charts?

Accepted Answer

No, Terrascan explicitly supports only Helm v3, as stated in the README; for Helm v2, you'd need to upgrade or use alternative tools, limiting compatibility with legacy deployments.

Question 6

Is Terrascan still maintained in 2024?

Accepted Answer

No, the repository was archived and is no longer maintained; while existing releases work, they won't receive updates, making it risky for production environments without forking or switching to active alternatives.

Terrascan

What is Terrascan?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions