Terrascan is a static code analyzer for Infrastructure as Code (IaC). You can install and run Terrascan in several different ways. Companies most commonly use Terrascan in automated pipelines to identify policy violations before they provision insecure infrastructure. For more information, see the Terrascan documentation.

The Terrascan > About page allows you to install or uninstall the Terrascan executable in your Nessus instance. By default, Tenable Nessus does not have Terrascan installed.

The page also shows the following details for the Terrascan executable:

  • Status (Installed, Not Installed, Downloading, or Removing)

  • Version (for example, 1.13.2 or N/A if you have not installed Terrascan)

  • Path (for example, /opt/nessus/sbin/terrascan or N/A if you have not installed Terrascan)

Note: The Terrascan feature is available in Nessus Professional, Tenable Nessus Expert, and Nessus Essentials for Nessus versions 10.1.2 and newer. You can only create and launch scans with Tenable Nessus Expert. Terrascan is not available for Raspberry Pi 4 versions of Tenable Nessus.

Note: When installed, Terrascan pulls policies from its GitHub repository, retrieves a scan target repository, and scans the scan target repository locally on the Nessus host. Running Terrascan causes the Nessus host to consume more CPU and network resources than normal Nessus scanning. For more information, see the Terrascan documentation.

Once you install Terrascan on your Nessus Expert instance, the Scans tab becomes available from the Terrascan landing page. You can use the Scans tab for the following procedures:

Note: You need to have Terrascan version v1.15.1 IIRC installed for the Scans tab to appear.