Edit a Terrascan Scan Configuration

Important! Tenable is removing all Terrascan functionality from Tenable Nessus on September 30, 2025. For more information, see the Terrascan End of Support FAQ.

You can update the settings of a Terrascan scan configuration whenever you are not using it to perform a scan.

Before you begin:

• Install Terrascan on your Nessus instance.

To edit a Terrascan scan configuration:

1. Under Resources in the left-side navigation pane, click Terrascan.

   The Scans page appears.

2. In the scan table, roll over the scan you want to edit.

3. In the scan row, click the button.

   The scan configuration page appears.

4. Edit the scan configuration settings:

Setting	Description
Configuration Name	The name of the Terrascan scan configuration.
Logging
Command Output Format	Determines the output logging format (separate from the actual scan results). You can chose json or console.
Log Level	Determines the output verbosity level: info debug warn error panic fatal
Verbose Violations	Determines whether the scan logs violations with details.
Scanning
IAC Type	Determines the Infrastructure as Code (IAC) type. all arm cft docker helm k8s kustomize terraform tfplan
Minimum Severity	Determines the minimum violation severity that Terrascan reports. You can choose low, medium, or high.
Non-recursive	Determines whether the scan recurses into subdirectories of the repository.
Output Format	Determines the scan result output format: human json yaml xml junit-xml sarif github-sarif
Output Passed Rules	Determines whether the scan results show passed rules.
Policy Type	The policy type or types to include in the scan: all aws azure docker gcp github k8s
Remote Type	Determines the remote repository type: git s3 gcs http terraform-registry Note: You need to make Git available on the Nessus host to select the Git type.
Remote URL	The URL of the remote IAC registry.
Remote URL Branch	The branch of the remote IAC registry.

5. Click Save.

   Tenable Nessus Expert saves the new configuration options.