Kubernetes (k8s) support was added in Terrascan v1.1.0. For more information about v1.1.0, please see the release announcement.
- Open a shell/command prompt and
cdinto the directory for your kubernetes project.
- Run Terrascan. By default, Terrascan will scan the current directory and subdirectories. You can use the
-doption to specify a different directory, and you can use that option more than once if everything isn’t in one place. Depending on how you want to run Terrascan, run one of the following options:
If you’re running a native Terrascan binary:
terrascan scan -t k8s
If you want to run the Docker container in a *nix-style shell:
docker run --rm -v "$(pwd):/iac" -w /iac accurics/terrascan scan -t k8s
Note how we use the
-woptions to mount the current directory on the host into /iac in the container for scanning.
- Terrascan’s output will go to stdout, in YAML format by default. The structured output includes a summary of the results as well as the details needed to prioritize and fix the findings.
- If violations are found, Terrascan’s exit code will be non-zero. This can be useful when Terrascan is run from a script, since you may be able to avoid parsing the output if you only want to know whether or not violations were identified. When running under Docker, note that Docker’s exit code may differ from Terrascan’s.
Now that you can run Terrascan from the command line, it should be easy to run from your preferred scripts, CI/CD tools, IDEs, etc. Check out our integrations category for more examples.
Terrascan is specialized for scanning infrastructure as code. If you’re interested in capabilities such as dashboards, historical reporting, policy enforcement in the cloud runtime, and automated remediation workflows, please check out our other Accurics offerings.