Terrascan Server - integrate custom policies


We are testing terrascan for static analysis and want to use the server to test custom policies. I have attempted to copy custom policies into the pkg/policies/opa/rego/aws/ folder before install after git clone, but seems the binary creation isn't looking locally?

Anyone able to get this to work or any documentation I'm missing?

We will likely just be passing a tfplan.json file to the server endpoint, but need custom policies run.


Hi Jeff, welcome!

In general, the terrascan init command will download the latest policies from the official Terrascan repo into ~/.terrascan. The terrascan scan command will use the policies under ~/.terrascan. If you run terrascan scan before running terrascan init, it will automatically run the init before doing the scan. I think you want to install your new policies under ~/.terrascan, or use the -p option to point to the policy path where your custom policies are available.

Note that if you are running from a container you may need to take some extra steps when building the container image to prepare the policy directory.