Terrascan

Terrascan is a static code analyzer for Infrastructure as Code (IaC). You can install and run Terrascan in several different ways. Companies most commonly use Terrascan in automated pipelines to identify policy violations before they provision insecure infrastructure. For more information, see the Terrascan documentation.

The Terrascan > About page allows you to install or uninstall the Terrascan executable in your Nessus instance. By default, Tenable Nessus does not have Terrascan installed.

The page also shows the following details for the Terrascan executable:

  • Status (Installed, Not Installed, Downloading, or Removing)

  • Version (for example, 1.13.2 or N/A if you have not installed Terrascan)

  • Path (for example, /opt/nessus/sbin/terrascan or N/A if you have not installed Terrascan)

Note: The Terrascan feature is available in Nessus Professional, Tenable Nessus Expert, and Nessus Essentials for Nessus versions 10.1.2 and newer. You can only create and launch scans with Tenable Nessus Expert. Terrascan is not available for Raspberry Pi 4 versions of Tenable Nessus.

Note: When installed, Terrascan pulls policies from its GitHub repository, retrieves a scan target repository, and scans the scan target repository locally on the Nessus host. Running Terrascan causes the Nessus host to consume more CPU and network resources than normal Nessus scanning. For more information, see the Terrascan documentation.

  1. Under Resources in the left-side navigation pane, click Terrascan.

    The About page appears.

  2. Under Terrascan Installation, do one of the following:

    • Select the Terrascan check box to install Terrascan.

    • Deselect the Terrascan check box to uninstall Terrascan.

  3. Click Save.

    • If you selected the check box, Terrascan beings installing and the Details for the Terrascan executable pane updates the Status to Downloading.

      Once you install Terrascan, Tenable Nessus updates the Status to Installed and shows the Terrascan executable's Version and file Path.

    • If you deselected the check box, Terrascan beings uninstalling and the Details for the Terrascan executable pane updates the Status to Removing.

      Once you uninstall Terrascan, Tenable Nessus updates the Status to Not Installed and removes the Terrascan executable's Version and file Path.

Note: You can only update the Terrascan executable if you have already installed it.

  1. Under Resources in the left-side navigation pane, click Terrascan.

    The Scans page appears.

  2. Click the About tab.

    The About page appears.

  3. In the top-right corner, click Check for Updates.

    Note: The Check for Updates button is only available when you have Terrascan installed.

    The Download Terrascan window appears.

  4. Click Continue.

    The window closes and the Status updates to Downloading.

    Once the download completes, the Status updates to Installed and the Details for the Terrascan executable pane shows the Terrascan executable's new Version.

Note: You need to have Terrascan version v1.15.1 IIRC installed for the Scans tab to appear.