Tenable has announced Nessus now includes Terrascan.
Terrascan is an open-source IaC security analyser that enables cloud developers to scan infrastructure code and find security issues as part of the software delivery process. With more than 500 out-of-the-box policies, it helps identify issues such as missing or misconfigured encryption on resources and communication, and inadvertent exposure of cloud services.
Terrascan enables cloud engineers to test infrastructure code against security policies early in the development process, when it’s least costly and disruptive to fix. It provides more confidence when “shifting left” and makes secure design an integral part of the DevOps process. As organizations move full steam ahead with their cloud, ‘as code’ and containerization projects, they increase their attack surface. Nessus with Terrascan lets them innovate and simultaneously address security concerns.
“Infrastructure as Code is about making development and cloud delivery programmatic and efficient. Adding Terrascan to Nessus will enable the Nessus community to more easily validate the configuration state of modern infrastructure before it gets deployed, giving cloud developers peace of mind, knowing that the process can be managed securely,” said Glen Pendley, chief technology officer, Tenable. “Terrascan will remain open source. We are not changing the model, and we value and are committed to the Terrascan community, with plans for additional development and investments to increase usability and accessibility.”