Create a Terrascan Scan Configuration

Note: You can only create a Terrascan scan configuration in Nessus Expert. If you do not have Nessus Expert, you need to run the Terrascan executable from the command line interface (CLI) to gather scan results.

Nessus Expert allows you to create a Terrascan scan configuration, similar to other scan configurations in Nessus. However, you manage Terrascan scan configurations separately, under the Terrascan tab.

To create a new scan configuration with Terrascan:

  1. Under Resources in the left-side navigation pane, click Terrascan.

    The Terrascan > About page appears.

  2. Below Terrascan, click the Scans tab.

    The Terrascan > Scans page opens.

  3. In the upper-right corner, click the New Scan button.

    The New Terrascan Configuration page appears.

  4. Set up the new scan configuration:

    Setting Description
    Configuration Name The name of the Terrascan scan configuration.
    Logging
    Command Output Format Determines the output logging format (separate from the actual scan results). You can choose json or console.
    Log Level

    Determines the output verbosity level:

    • info

    • debug

    • warn

    • error

    • panic

    • fatal

    Verbose Violations Determines whether the scan logs violations with details.
    Scanning
    IAC Type

    Determines the Infrastructure as Code (IAC) type.

    • all

    • arm

    • cft

    • docker

    • helm

    • k8s

    • kustomize

    • terraform

    • tfplan

    Minimum Severity Determines the minimum violation severity that Terrascan reports. You can choose low, medium, or high.
    Non-recursive Determines whether the scan recurses into subdirectories of the repository.
    Output Format

    Determines the scan result output format:

    • human

    • json

    • yaml

    • xml

    • junit-xml

    • sarif

    • github-sarif

    Output Passed Rules Determines whether the scan results show passed rules.
    Policy Type

    The policy type or types to include in the scan:

    • all

    • aws

    • azure

    • docker

    • gcp

    • github

    • k8s

    Remote Type

    Determines the remote repository type:

    • git

    • s3

    • gcs

    • http

    • terraform-registry

    Note: You need to make Git available on the Nessus host to select the Git type.
    Remote URL

    The URL of the remote IAC registry.

    Remote URL Branch The branch of the remote IAC registry.
  5. Click Save.

    Nessus Expert saves the new scan configuration, and you can now select it from the Terrascan > Scans page.

What to do next:

  • Launch a Terrascan scan.

  • Download a Terrascan scan's results.

  • Manage the Terrascan scan's histories and results.

  • Edit a Terrascan scan configuration.

  • Delete a Terrascan scan configuration.