Where does Terrascan fit in the development lifecycle?

Terrascan specializes in scanning infrastructure as code such as Terraform for policy violations. It can be used in manual or automated workflows throughout the development process, on developer desktops, in pre-commit hooks or pipelines, and during deployment.

As a standalone command-line tool, Terrascan is very flexible and can be used anywhere that you can run it. It is good for manual verification of policy compliance as well as automated reporting for compliance purposes or decisions governing whether to promote or deploy.

We have a variety of topics in the Integrations area of the forum which go into detail about how and where integrations with specific tools can be used.

If you can’t find your specific tool of interest, or you are looking for recommendations about a particular approach, please speak up!