terramate VS terrascan

initContainers: - args: - >- curl -L https://github.com/terramate-io/terramate/releases/download/v${TERRAMATE_VERSION}/terramate_${TERRAMATE_VERSION}_linux_x86_64.tar.gz | tar xz command: - sh - -c env: - name: TERRAMATE_VERSION value: 0.4.5 image: curlimages/curl name: get-terramate volumeMounts: - mountPath: /home/curl_user/ name: terramate workingDir: /home/curl_user/ extraVolumes: - name: terramate emptyDir: {} extraVolumeMounts: - name: terramate mountPath: /usr/local/bin/terramate subPath: terramate readOnly: true

‍Terramate is an open-source IaC orchestration tool for Terraform, OpenTofu, Pulumi, Cloudformation, and others, that streamlines and scales your IaC workflows.

Nice, this looks close to https://terramate.io/ stacks

You might want to take a look at Terramate. Compared to other tooling such as Terragrunt we're not a wrapper that will lock you in yet another syntax. Terramate is a code generator and orchestrator that helps you to generate native Terraform that can be executed in whatever environment of your choice.

Another option for Terragrunt could be Terramate. It comes with Code Generation that helps you to automatically generate files such as Terraform, Provider and Backend configurations in various stacks (directories). The upside is that it always generates native Terraform code.

This can be done with a tool such as Terramate or Terragrunt (afaik Terragrunt doesn't come with change detection).

I'd love to add Terramate to the list of alternatives to Terraform Cloud!

That sounds like something Terramate helps with. I've been using it exactly for that purpose (code generation) and it made everything so much easier!

2. Terrascan: https://github.com/tenable/terrascan Terrascan detects security vulnerabilities and compliance violations across your IaC. Supports multiple cloud providers, ensuring that your infrastructure complies with security best practices.

Terrascan Owner/Maintainer: Tenable (acquired in 2022) Age: First release on GitHub on November 28th, 2017 License: Apache License 2.0

‍Terrascan is a static code analysis tool that scans your Infrastructure-as-Code (IaC) for security vulnerabilities and compliance violations. It supports multiple platforms like (AWS, Azure, GCP, K8s, Atlantis, etc), including Terraform. Terrascan allows you to enforce security best practices, compliance policies, and governance across your IaC deployments.

Terrascan could also be useful : https://github.com/tenable/terrascan

Terrascan - Scan for Infrastructure-as-Code vulnerabilities

(https://runterrascan.io/) They seem to like it, don't have a ton of my own experience though.

Nessus Expert - newer offering. Nessus Pro + terrascan + basic external attack surface mapping. Doesn’t scan from the internet, but shows you all your public domains, DNS, etc so you can pick what you want to scan/ fix

It is always a good practice to scan your Kubernetes deployment or Helm chart before deploying. We can use Checkov to scans Kubernetes manifests and identifies security and configuration issues. It also supports Helm chart scanning. We can also use terrascan and kubeLinter to scan the Kubernetes manifest.