{"id":13498504,"url":"https://github.com/tenable/terrascan-action","last_synced_at":"2025-10-14T22:14:36.210Z","repository":{"id":37927023,"uuid":"335813449","full_name":"tenable/terrascan-action","owner":"tenable","description":"Terrascan GitHub action. Scan infrastructure as code including Terraform, Kubernetes, Helm, and Kustomize file for security best practices.","archived":false,"fork":false,"pushed_at":"2024-12-10T22:45:05.000Z","size":424,"stargazers_count":59,"open_issues_count":34,"forks_count":33,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-06-02T08:19:43.983Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tenable.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":".github/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-02-04T02:18:22.000Z","updated_at":"2025-05-28T18:47:58.000Z","dependencies_parsed_at":"2025-05-25T23:06:31.693Z","dependency_job_id":"727040bd-2bdf-486d-80d1-77b09ad3540a","html_url":"https://github.com/tenable/terrascan-action","commit_stats":null,"previous_names":["accurics/terrascan-action"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/tenable/terrascan-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tenable%2Fterrascan-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tenable%2Fterrascan-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tenable%2Fterrascan-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tenable%2Fterrascan-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tenable","download_url":"https://codeload.github.com/tenable/terrascan-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tenable%2Fterrascan-action/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261338998,"owners_count":23143900,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T21:00:33.269Z","updated_at":"2025-10-14T22:14:31.178Z","avatar_url":"https://github.com/tenable.png","language":"Shell","funding_links":[],"categories":["Official projects","Shell"],"sub_categories":["Repositories"],"readme":"# Terrascan GitHub Action\n[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=tenable_terrascan-action\u0026metric=alert_status)](https://sonarcloud.io/summary/new_code?id=tenable_terrascan-action)\n\nThis action runs Terrascan, the infrastructure as code (IaC) scanner for security best practices. It supports displaying the results of the scan in the GitHub repository's Security tab under [code scanning alerts](https://docs.github.com/en/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning), when the `sarif_upload` input variable is included.\n\n## Where to get help\n\n* To learn more about Terrascan's features and capabilities, see the documentation portal: https://runterrascan.io\n* Join our community on [Discord](https://discord.gg/ScUPMzyG3n)\n\n## Inputs for the GitHub Action\n### `iac_type`\n**Required** IaC type (helm, k8s, kustomize, terraform).\n\n### `iac_dir`\nPath to a directory containing one or more IaC files. Default `\".\"`.\n\n### `iac_version`\nIaC version (helm: v3, k8s: v1, kustomize: v3, terraform: v12, v14).\n\n### `non_recursive`\nDo not scan directories and modules recursively\n\n### `policy_path`\nPolicy path directory for custom policies.\n\n### `policy_type`\nPolicy type (all, aws, azure, gcp, github, k8s). Default `all`.\n\n### `skip_rules`\nOne or more rules to skip while scanning (example: \"ruleID1,ruleID2\").\n\n### `config_path`\nConfig file path.\n\n### `only_warn`\nThe action will only warn and not error when violations are found.\n\n### `sarif_upload`\nIf this variable is included, a sarif file named terrascan.sarif will be generated with the results of the scan.\n\n### `verbose`\nIf this variable is included, the scan will show violations with additional details (Rule Name/ID, Resource Name/Type, Violation Category)\n\n### `find_vulnerabilities`\nIf provided, the scan output will display vulnerabilities for Docker images present in the IaC files.\n\n### `scm_token`\nIf provided, Terrascan will use the provided access token to retrieve private repositories from your source code management system.\n\n### `webhook_url`\nIf this variable is included, the scan results and the normalized config will be sent to the specified URL. If the variable is set along with config_path, then configs from the config path will be ignored.\n\n### `webhook_token`\nIncluded this variable if the notification webhook url requires authentication.\n\n## Example usage\n\n```yaml\non: [push]\n\njobs:\n  terrascan_job:\n    runs-on: ubuntu-latest\n    name: terrascan-action\n    steps:\n    - name: Checkout repository\n      uses: actions/checkout@v2\n    - name: Run Terrascan\n      id: terrascan\n      uses: tenable/terrascan-action@main\n      with:\n        iac_type: 'terraform'\n        iac_version: 'v14'\n        policy_type: 'aws'\n        only_warn: true\n        #scm_token: ${{ secrets.ACCESS_TOKEN }}\n        #verbose: true\n        #sarif_upload: true\n        #non_recursive:\n        #iac_dir:\n        #policy_path:\n        #skip_rules:\n        #config_path:\n        #find_vulnerabilities:\n        #webhook_url:\n        #webhook_token:\n```\n\n## Integration with GitHub Code Scanning\n\nUsing the SARIF output option, the results of the scan will be displayed in the security tab of the repository being scanned. The example below shows how to accomplish this. More information on GitHub code scanning is available [here](https://docs.github.com/en/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-code-scanning#about-third-party-code-scanning-tools).\n\n![Image of code scanning results](code-scanning.png)\n\n```yaml\non: [push]\n\njobs:\n  terrascan_job:\n    runs-on: ubuntu-latest\n    name: terrascan-action\n    steps:\n    - name: Checkout repository\n      uses: actions/checkout@v2\n    - name: Run Terrascan\n      id: terrascan\n      uses: tenable/terrascan-action@main\n      with:\n        iac_type: 'terraform'\n        iac_version: 'v14'\n        policy_type: 'aws'\n        only_warn: true\n        sarif_upload: true\n        #non_recursive:\n        #iac_dir:\n        #policy_path:\n        #skip_rules:\n        #config_path:\n        #webhook_url:\n        #webhook_token:\n    - name: Upload SARIF file\n      uses: github/codeql-action/upload-sarif@v1\n      with:\n        sarif_file: terrascan.sarif\n```\n\n## Using Docker Image\n\nThis repository publishes the [tenable/terrascan-action](https://hub.docker.com/r/tenable/terrascan-action) Docker image. The image can be used to easily integrate Terrascan with the inputs accepted by GitHub Action into other CI/CD systems.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftenable%2Fterrascan-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftenable%2Fterrascan-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftenable%2Fterrascan-action/lists"}