Question 1

Is Terrascan still maintained?

Accepted Answer

No, Terrascan has been archived by Tenable and is no longer actively maintained. You can fork the repository for continued development, but there will be no official updates or support from the original team.

Question 2

How does Terrascan compare to Checkov?

Accepted Answer

Both are static IaC scanners, but Terrascan offers multi-provider support including Docker vulnerability scanning, while Checkov might have more active community development and updates since Terrascan is archived. Terrascan uses Rego for policies, whereas Checkov uses Python.

Question 3

How to exclude a policy in Terrascan scan?

Accepted Answer

You can skip policies using in-file instrumentation; for Terraform, add a comment like `# ts:skip=` within the resource block. For Kubernetes, use annotations in YAML files, or configure a global config file for exclusions.

Question 4

Does Terrascan support Helm v3 charts?

Accepted Answer

Yes, Terrascan explicitly supports scanning Helm v3 charts along with Kubernetes YAML, Kustomize, and other formats, as documented in the command-line usage examples on the project's site.

Question 5

Can Terrascan integrate with GitHub Actions?

Accepted Answer

Yes, Terrascan can be integrated into GitHub Actions using its CLI or Docker image. The documentation provides specific guides for CI/CD pipeline integrations, including setup steps and example configurations.

Question 6

What do Terrascan exit codes mean?

Accepted Answer

Terrascan uses specific exit codes to indicate scan results: 0 for no issues, 3 for violations only, 4 for errors only, 5 for both violations and errors, and 1 for command errors. This helps automate responses in CI/CD pipelines.

terrascan

What is terrascan?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions