Terrascan

Terrascan detects security vulnerabilities and compliance violations across your Infrastructure as Code.

Object Representation (YAML)

id: String
name: String
tool_version: String
type: String
depends: [String]
tags: [String]
condition: Boolean
each: Array
verbosity: String
ignore_errors: Boolean
properties:
  command: String
  config_file_content: String
  config_file_path: String
  log_level: String
  log_type: String
  output_type: String
  iac_dir: String
  iac_file: String
  iac_type: String
  iac_version: String
  policy_type: [String]
  policy_path: String
  remote_url: String
  remote_type: String
  cwd: String
  args: String
  env:
    - name: String
      value: String

Fields

PropertyDetails
id *

String

A unique identifier for the step.

Can contain hyphens and underscores, but not spaces.

name *

String

A friendly name for the step. This name will appear in the pipeline designer and run output.

tool_version

String

The version to use. This version is only installed for the subprocess run by the step, and will not propagate to other operating system sessions.

type *

String

The type of the step. Can be pipeline or a step module type.

depends[]

[String]

A list of dependencies of this step.

This step will not be executed until all steps with ids in this list are finished executing.

tags[]

[String]

Tags are used to group related steps. Steps with the same tag can be retrieved using the findStepsByTag() helper function.

Can contain hyphens and underscores, but not spaces.

condition

Boolean

An expression which is evaluated before the step executes. If it evaluates to false, the step will be skipped. The step.result.status field will be "Skipped".

each

Array

An array of elements to execute the step once for each of them.

verbosity

String

Step event verbosity. Determines how much information about step execution is sent back to the application.

ignore_errors

Boolean

If true, errors in the step module will not halt pipeline execution, and subsequent steps will still be executed. The step.result.status field will be "Failed" if the step encounters an error.

properties.command *

String

The terrascan command to run. One of init, scan, or version.

properties.config_file_content

String

Inline terrascan config file content.

properties.config_file_path

String

Path to terrascan config file.

properties.log_level

String

Log level. One of debug, info, warn, error, panic, fatal.

properties.log_type

String

Log output type. One of console, json.

properties.output_type

String

Output format type. One of yaml, json, xml.

properties.iac_dir

String

Path to a directory containing one or more IaC files to scan.

properties.iac_file

String

Path to a single IaC file to scan.

properties.iac_type

String

IaC type. One of helm, k8s, kustomize, terraform.

properties.iac_version

String

IaC version (helm: v3, k8s: v1, kustomize: v3, terraform: v14, v12, v13)

properties.policy_type[]

[String]

Policy type. One of all, aws, azure, gcp, github, k8s.

properties.policy_path

String

-

properties.remote_url

String

URL pointing to a remote IaC repository.

properties.remote_type

String

Type of remote backend. One of git, s3, gcs, http.

properties.cwd

String

If provided, the terrascan will use this path as its working directory.

properties.args

String

Extra arguments that will be provided to terrascan command.

properties.env[]

[Object]

A list of environment variables that will be set for script execution.

properties.env[].name *

String

Environment variable name.

properties.env[].value *

String

Environment variable value.

Result Fields

The following are the step execution result fields available at steps.<step id>.result after a step executes.

KeyDetails
result.status

String

A string indicating the step execution status. Can be Succeeded, Failed, or Skipped.

result.exit_code

Number

Exit code of the terrascan process.

result.stdout

String

Stdout of the terrascan process.

result.stderr

String

Stderr of the terrascan process.

result.results

Object

The parsed JSON output of terrascan. Only available if the output_type property is json or yaml.