Terrascan is an open-source static code analyzer for Infrastructure as Code (IaC) that helps detect compliance and security violations across multiple IaC tools, including Terraform. It scans Terraform configurations against a set of predefined policies to identify potential security risks, misconfigurations, and compliance issues before deployment. Terrascan can be integrated into CI/CD pipelines, providing early detection of vulnerabilities in the development lifecycle. It supports custom policies, allowing organizations to enforce their specific security and compliance requirements. The tool covers various cloud providers and can be extended to support additional policy types.
Learn more from the following resources: