List Your Product Join or Log In

Terrascan

Unclaimed Editor reviewed

Detect compliance and security violations across Infrastructure as Code (IaC) to mitigate risk.

Security DevOps Infrastructure as Code Testing & QA

FreeVisit Website

Tracked since2026

0 reviews tracked

The Bottom Line

Entry price

Free, no paid tier

Biggest pro

Infrastructure as Code security scanner

Biggest con

Configuration required

TL;DR - Terrascan

Scans Infrastructure as Code (IaC) for security and compliance violations.
Includes 500+ out-of-the-box policies and supports custom policies via OPA/Rego.
Integrates with popular IaC tools like Terraform, Kubernetes, and CloudFormation.

Pricing: Free forever

Best for: Individuals & startups

What is Terrascan?

Editorial review

Terrascan is an open-source security scanner designed to detect compliance and security violations in Infrastructure as Code (IaC) configurations. It helps organizations ensure that security best practices and compliance requirements are observed before provisioning cloud-native infrastructure, supporting popular IaC tools like Terraform, Kubernetes, Argo CD, Atlantis, and AWS CloudFormation. The tool comes with over 500 out-of-the-box policies, allowing users to scan their IaC against common policy standards such as the CIS Benchmark. For advanced users, Terrascan leverages the Open Policy Agent (OPA) engine, enabling the creation of custom policies using the Rego query language. This flexibility makes it suitable for developers, DevOps engineers, and security teams looking to integrate security early into their development lifecycle and maintain secure cloud infrastructure.

Available on: Web

LCLouis CorneloupUpdated May 26, 2026 · how we evaluateSourcerunterrascan.io ↗

Pros & Cons

Pros

Infrastructure as Code security scanner
Policy as code approach
Multi-IaC support (Terraform, K8s, etc.)
Open-source and free
CI/CD integration ready

Cons

Configuration required
False positives possible
Policy writing needed
Learning curve for rules
May slow CI pipelines

Key Features

IaC securityPolicy as codeCompliance scanningMulti-platformCI/CD integrationOpen source

Pricing Plans

Open Source

Free

Free Apache 2.0 license
500+ built-in rules
CIS benchmarks
IaC security scanning
Community support

Calculate your cost View full pricing

Reviews

Be the first to review Terrascan

Your take helps the next buyer. Verified LinkedIn reviewers get a badge.

Best Terrascan Alternatives

Top alternatives based on features, pricing, and user needs.

Aqua SecurityPaid

Cloud native security for containers and Kubernetes

$Infracost logo$

InfracostFreemium

Shift FinOps Left: Proactively find and fix cloud cost issues before deployment.

Security scanner for your Terraform code.

Infrastructure as code security

Open Policy AgentFree

Unify policy enforcement across your entire software stack with a high-performance policy engine.

See all Security tools →

Still deciding?

Most buyers shortlist 2 or 3 tools before committing. Pull a side-by-side comparison or browse the full alternatives shortlist below.

Terrascan vs Aqua SecurityHead-to-head: features, pricing, who wins Terrascan vs InfracostHead-to-head: features, pricing, who wins Terrascan vs tfsecHead-to-head: features, pricing, who wins

Explore More

Best Security Tools Best DevOps Tools Best Infrastructure as Code Tools Best Testing & QA Tools Best Free Security Best Free DevOps Best Free Infrastructure as Code Best Free Testing & QA

Terrascan FAQ

What is Terrascan?

Terrascan is an open-source IaC security scanner with 500+ policies for compliance and security.

Is Terrascan free?

Yes, Terrascan is open-source and free.

What frameworks does Terrascan support?

Terrascan scans Terraform, Kubernetes, Helm, CloudFormation, Dockerfiles, and more.

Source: runterrascan.io

Guides & Articles

Best Compliance Management Software in 2026

Expert guide

Best Secrets Management Tools in 2026

Expert guide

Best Observability Platforms in 2026

Expert guide