iamzero vs terrascan

iamzero

Identity & Access Management simplified and secure. (by common-fate)

Source Code

iamzero.dev

Suggest alternative

Edit details

terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. (by tenable)

Source Code

runterrascan.io

Docs

Suggest alternative

Edit details

InfluxDB - Power Real-Time Data Analytics at Scale

Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

www.influxdata.com

featured

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

featured

iamzero		terrascan
	Project
4	Mentions	23
236	Stars	4,518
0.0%	Growth	2.3%
0.0	Activity	6.6
about 1 year ago	Latest Commit	21 days ago
Go	Language	Go
Apache License 2.0	License	Apache License 2.0

The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

iamzero

Posts with mentions or reviews of iamzero. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-08-11.

Is there a way to test policies without the AWS policy simulator? maybe an API or library?
2 projects | /r/aws | 11 Aug 2022
AWS IAM Recorder
2 projects | /r/aws | 12 Jan 2022

You probably want https://github.com/iann0036/iamlive or https://iamzero.dev/
IAM Zero: I built a tool which automatically suggests least-privilege IAM policies for AWS CDK infrastructure
2 projects | /r/aws | 26 Aug 2021

A few months ago I made some posts about tooling I built called IAM Zero to make least-privilege IAM policy generation easier [1] [2]. Since then, I have found a co-founder and we have been working full-time on making least-privilege policies easier with our open source tools.
IAM Zero: I released a tool which automatically suggests least-privilege IAM policies
1 project | /r/aws | 24 May 2021

The initial release has automatic least-privilege advisories for S3 and DynamoDB, and will be scaled out to support all AWS services prior to a stable release. IAM Zero currently supports applications and scripts written in Python with support for other languages coming soon. Support for generating infrastructure-as-code deployment roles and requesting roles through the AWS web console are on the roadmap.

terrascan

Posts with mentions or reviews of terrascan. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-05-01.

Cloud Security and Resilience: DevSecOps Tools and Practices
10 projects | dev.to | 1 May 2024

2. Terrascan: https://github.com/tenable/terrascan Terrascan detects security vulnerabilities and compliance violations across your IaC. Supports multiple cloud providers, ensuring that your infrastructure complies with security best practices.
A Deep Dive Into Terraform Static Code Analysis Tools: Features and Comparisons
6 projects | dev.to | 16 Apr 2024

Terrascan Owner/Maintainer: Tenable (acquired in 2022) Age: First release on GitHub on November 28th, 2017 License: Apache License 2.0
Top Terraform Tools to Know in 2024
19 projects | dev.to | 26 Mar 2024

‍Terrascan is a static code analysis tool that scans your Infrastructure-as-Code (IaC) for security vulnerabilities and compliance violations. It supports multiple platforms like (AWS, Azure, GCP, K8s, Atlantis, etc), including Terraform. Terrascan allows you to enforce security best practices, compliance policies, and governance across your IaC deployments.
How are you securing your Azure DevOps IaC pipelines?
1 project | /r/AZURE | 26 May 2023

Terrascan could also be useful : https://github.com/tenable/terrascan
Popular and recommended tools for vulnerability scanning
2 projects | /r/Terraform | 10 Mar 2023
Securing the software supply chain in the cloud
9 projects | dev.to | 10 Dec 2022

Terrascan - Scan for Infrastructure-as-Code vulnerabilities
Testing Terraform Code
2 projects | /r/Terraform | 9 Nov 2022

(https://runterrascan.io/) They seem to like it, don't have a ton of my own experience though.
Can you use Powershell to mimic behavior of Azure policy
2 projects | /r/AZURE | 7 Nov 2022
What product
1 project | /r/nessus | 17 Oct 2022

Nessus Expert - newer offering. Nessus Pro + terrascan + basic external attack surface mapping. Doesn’t scan from the internet, but shows you all your public domains, DNS, etc so you can pick what you want to scan/ fix
Implement DevSecOps to Secure your CI/CD pipeline
54 projects | dev.to | 27 Sep 2022

It is always a good practice to scan your Kubernetes deployment or Helm chart before deploying. We can use Checkov to scans Kubernetes manifests and identifies security and configuration issues. It also supports Helm chart scanning. We can also use terrascan and kubeLinter to scan the Kubernetes manifest.

What are some alternatives?

When comparing iamzero and terrascan you can also consider the following projects:

stratus-red-team - :cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud

checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

iamlive - Generate an IAM policy from AWS, Azure, or Google Cloud (GCP) calls using client-side monitoring (CSM) or embedded proxy

tfsec - Security scanner for your Terraform code [Moved to: https://github.com/aquasecurity/tfsec]

aws-sso-cli - A powerful tool for using AWS Identity Center for the CLI and web console.

kics - Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.

SkyArk - SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS

ThreatMapper - Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.

parliament - AWS IAM linting library

threagile - Agile Threat Modeling Toolkit

granted - The easiest way to access your cloud.

terraform-aws-secure-baseline - Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.

iamzero vs stratus-red-team terrascan vs checkov iamzero vs iamlive terrascan vs tfsec iamzero vs aws-sso-cli terrascan vs kics iamzero vs SkyArk terrascan vs ThreatMapper iamzero vs parliament terrascan vs threagile iamzero vs granted terrascan vs terraform-aws-secure-baseline

Compare iamzero vs terrascan and see what are their differences.

iamzero

terrascan

iamzero

terrascan

What are some alternatives?