Terrascan
UnclaimedDetect compliance and security violations across Infrastructure as Code (IaC) to mitigate risk.
Visit WebsiteFreeVisit Website
TL;DR - Terrascan
- Scans Infrastructure as Code (IaC) for security and compliance violations.
- Includes 500+ out-of-the-box policies and supports custom policies via OPA/Rego.
- Integrates with popular IaC tools like Terraform, Kubernetes, and CloudFormation.
Pricing: Free forever
Best for: Individuals & startups
Score: 72/100
Pros & Cons
Pros
- Infrastructure as Code security scanner
- Policy as code approach
- Multi-IaC support (Terraform, K8s, etc.)
- Open-source and free
- CI/CD integration ready
Cons
- Configuration required
- False positives possible
- Policy writing needed
- Learning curve for rules
- May slow CI pipelines
Key Features
IaC securityPolicy as codeCompliance scanningMulti-platformCI/CD integrationOpen source
Pricing Plans
Open Source
Free
- Free Apache 2.0 license
- 500+ built-in rules
- CIS benchmarks
- IaC security scanning
- Community support
About Terrascan
By Toolradar Team·
Terrascan is an open-source security scanner designed to detect compliance and security violations in Infrastructure as Code (IaC) configurations. It helps organizations ensure that security best practices and compliance requirements are observed before provisioning cloud-native infrastructure, supporting popular IaC tools like Terraform, Kubernetes, Argo CD, Atlantis, and AWS CloudFormation.
The tool comes with over 500 out-of-the-box policies, allowing users to scan their IaC against common policy standards such as the CIS Benchmark. For advanced users, Terrascan leverages the Open Policy Agent (OPA) engine, enabling the creation of custom policies using the Rego query language. This flexibility makes it suitable for developers, DevOps engineers, and security teams looking to integrate security early into their development lifecycle and maintain secure cloud infrastructure.
Reviews
No reviews yet. Be the first to review Terrascan!
Best Terrascan Alternatives
Top alternatives based on features, pricing, and user needs.
Explore More
Terrascan FAQ
What is Terrascan?
Terrascan is an open-source IaC security scanner with 500+ policies for compliance and security.
Is Terrascan free?
Yes, Terrascan is open-source and free.
What frameworks does Terrascan support?
Terrascan scans Terraform, Kubernetes, Helm, CloudFormation, Dockerfiles, and more.
Source: runterrascan.io