Customizing Terrascan policies

Both Terrascan and Accurics allow users to customize policies via OPA, the Open Policy Agent.

With Terrascan, each policy is associated with a Rego file which defines how violations are identified in the code, and a JSON file which provides metadata about the policy such as a description, default severity, category, etc. Examples are available in the Terrascan repository. Simply place these files into the policy path specified when you run Terrascan.

More information about Terrascan policies is available in the docs.