Edit a Terrascan Scan Configuration
Important! Tenable is removing all Terrascan functionality from Tenable Nessus on September 30, 2025. For more information, see the Terrascan End of Support FAQ.
You can update the settings of a Terrascan scan configuration whenever you are not using it to perform a scan.
Before you begin:
-
Install Terrascan on your Nessus instance.
To edit a Terrascan scan configuration:
-
Under Resources in the left-side navigation pane, click Terrascan.
The Scans page appears.
-
In the scan table, roll over the scan you want to edit.
-
In the scan row, click the
button.
The scan configuration page appears.
-
Edit the scan configuration settings:
-
info
-
debug
-
warn
-
error
-
panic
-
fatal
-
all
-
arm
-
cft
-
docker
-
helm
-
k8s
-
kustomize
-
terraform
-
tfplan
-
human
-
json
-
yaml
-
xml
-
junit-xml
-
sarif
-
github-sarif
-
all
-
aws
-
azure
-
docker
-
gcp
-
github
-
k8s
-
git
-
s3
-
gcs
-
http
-
terraform-registry
-
Click Save.
Tenable Nessus Expert saves the new configuration options.
Setting | Description |
---|---|
Configuration Name | The name of the Terrascan scan configuration. |
Logging | |
Command Output Format | Determines the output logging format (separate from the actual scan results). You can chose json or console. |
Log Level |
Determines the output verbosity level: |
Verbose Violations | Determines whether the scan logs violations with details. |
Scanning | |
IAC Type |
Determines the Infrastructure as Code (IAC) type. |
Minimum Severity | Determines the minimum violation severity that Terrascan reports. You can choose low, medium, or high. |
Non-recursive | Determines whether the scan recurses into subdirectories of the repository. |
Output Format |
Determines the scan result output format: |
Output Passed Rules | Determines whether the scan results show passed rules. |
Policy Type |
The policy type or types to include in the scan: |
Remote Type |
Determines the remote repository type: Note: You need to make Git available on the Nessus host to select the Git type.
|
Remote URL |
The URL of the remote IAC registry. |
Remote URL Branch | The branch of the remote IAC registry. |