terrascan | Detect compliance and security violations | Security library

by accurics Go Version: 0.2.3 License: Apache-2.0

X-Ray Key Features Code Snippets Community Discussions(1)Vulnerabilities Install Support

kandi X-RAY | terrascan Summary

terrascan is a Go library typically used in Security, Docker, Terraform applications. terrascan has no bugs, it has no vulnerabilities, it has a Permissive License and it has medium support. You can download it from GitHub.

Terrascan is a static code analyzer for Infrastructure as Code. Terrascan allows you to:.

Support

Quality

Security

License

Reuse

Support

terrascan has a medium active ecosystem.

It has 2922 star(s) with 331 fork(s). There are 68 watchers for this library.

It had no major release in the last 12 months.

There are 95 open issues and 221 have been closed. On average issues are closed in 23 days. There are 18 open pull requests and 0 closed requests.

It has a neutral sentiment in the developer community.

The latest version of terrascan is 0.2.3

Quality

terrascan has 0 bugs and 0 code smells.

Security

terrascan has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

terrascan code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

terrascan is licensed under the Apache-2.0 License. This license is Permissive.

Permissive licenses have the least restrictions, and you can use them in most projects.

Reuse

terrascan releases are available to install and integrate.

Installation instructions, examples and code snippets are available.

It has 40101 lines of code, 985 functions and 588 files.

It has medium code complexity. Code complexity directly impacts maintainability of the code.

Top functions reviewed by kandi - BETA

kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of terrascan

Get all kandi verified functions for this library.

terrascan Key Features

No Key Features are available at this moment for terrascan.

terrascan Examples and Code Snippets

No Code Snippets are available at this moment for terrascan.

Community Discussions

Trending Discussions on terrascan

Super linter : Terrascan s3 bucket issue

QUESTION

Super linter : Terrascan s3 bucket issue

Asked 2021-Mar-02 at 08:45

I am facing the issue while adding super linter in the git actions for my terraform files.

The terrascan present in the super linter is giving the following error

results:
violations:

rule_name: s3EnforceUserACL description: S3 bucket Access is allowed to all AWS Account Users.
rule_id: AWS.S3Bucket.DS.High.1043
severity: HIGH
category: S3
resource_name:
resource_type: aws_s3_bucket
file: main.tf
line: 38
count:
low: 0
medium: 0
high: 1
total: 1

My terraform code for this s3 is

...

ANSWER

Answered 2021-Mar-02 at 08:45

You need to specify the Bucket Policy, either by:

aws_s3_bucket.policy parameter (so-called inline policy, note that this will skip the whole policy analysis)
aws_s3_bucket_policy dedicated resource

Reference: s3EnforceUserACL.rego

Source https://stackoverflow.com/questions/66117693

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install terrascan

Install
Scan
Integrate
Terrascan supports multiple ways to install and is also available as a Docker image. See Terrascan's releases page for the latest version of builds in all supported platforms. Select the correct binary for your platform.

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: