Terrascan is a static code analyzer designed for Infrastructure as Code (IaC) security scanning and compliance validation. The tool performs static analysis on various IaC formats including Terraform, AWS CloudFormation, Azure Resource Manager templates, Kubernetes manifests, and Dockerfiles to identify security misconfigurations and compliance violations. Terrascan includes over 500 built-in security policies based on industry best practices and compliance frameworks. It can detect common security issues such as misconfigured cloud resources, insecure network configurations, and policy violations across multiple cloud platforms. The tool supports integration with CI/CD pipelines and can be executed locally or as part of automated workflows. It provides scanning capabilities for AWS, Azure, Google Cloud Platform, Kubernetes environments, and Docker containers. Terrascan generates detailed reports highlighting identified security issues and compliance violations, enabling teams to remediate problems before infrastructure deployment. The tool supports both command-line usage and integration with version control systems like GitHub for automated security checks.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A command-line security auditing tool that performs Lynis-based security assessments across AWS, GCP, Azure, and DigitalOcean cloud platforms.
KICS is an open-source Infrastructure as Code security scanner that detects vulnerabilities and misconfigurations through customizable queries and integrates with CI/CD pipelines.
A setuid implementation of user namespaces that enables running unprivileged containers without root privileges as a secure alternative to traditional container runtimes.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
HAWK is a multi-cloud antivirus scanning API that uses CLAMAV and YARA engines to detect malware in AWS S3, Azure Blob Storage, and GCP Cloud Storage objects.
A framework for analyzing container images, running scripts inside containers, and gathering information for static analysis and policy enforcement.
A deprecated Kubernetes workload policy enforcement tool that helped secure multi-tenant clusters through various security policies and configurations.
AWS Vault securely stores AWS IAM credentials in the operating system's keystore and generates temporary credentials for development environments.
FestIn discovers open S3 buckets associated with a domain using crawling and DNS reconnaissance techniques.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.