Overview of Terrascan vs. Accurics Community vs. Accurics Commercial

Accurics provides open source, free and commercial offerings for code to cloud security:

Terrascan is an open source offering which uses static analysis on infrastructure as code (IaC) definitions to validate conformance to security standards such as the CIS Benchmark regardless of which major cloud provider will ultimately host the infrastructure. It enforces over 500 policies, and because it is based on the Open Policy Agent (OPA) you can add custom policies as well. It uses a command-line interface (CLI), so it is easy to integrate into your scripts and pipelines, and there are a number of pre-built integrations as well.

Accurics Community edition is a free SaaS offering that extends the capabilities of Terrascan with:

  • A SaaS dashboard
  • Automated scans of both IaC and runtime infrastructure
  • Summary of runtime configuration changes that drift from the IaC baseline

Accurics commercial offerings enhance Community edition with:

  • Deeper scans
  • More policies and compliance standards
  • Guardrails to mitigate configuration drift at runtime
  • Advanced remediation options, including fully automated remediation and automated pull request workflows
  • Sophisticated threat modeling and breach path prediction capabilities
  • SaaS and self-hosted options