DEVOPSdigest

Accurics announced that its open source project Terrascan, which enables teams to detect compliance and security violations across Infrastructure as Code (IaC), now integrates with the Argo Project.

This integration, coupled with the new Terrascan admission controller feature to enforce CNCF’s Open Policy Agent policies across the software development lifecycle, significantly enhances cloud security as developers adopt a GitOps approach.

Argo, an open source GitOps engine for Kubernetes, synchronizes Kubernetes clusters, making it easier to specify, schedule and coordinate the running of complex workflows and applications on Kubernetes. Terrascan can scan repositories for violations, and its integration with Argo brings these capabilities to the cluster through automated processes that extend from the source code to the controller. The automatic process ensures that the full pipeline, from development to end-user machine, is secure and fully aligned.

“Optimal security in cloud native infrastructure requires constant innovation at different levels of the architecture, with seamless integration, revitalized support, and ongoing deployments,” said Om Moolchandani, co-founder, CTO & CISO at Accurics. “As the Kubernetes ecosystem expands and developers adopt GitOps with Infrastructure as Code and Deployment as Code, they need security tools that fit into these automated, codified workflows where experts cannot review every finding. Kubernetes clusters need advances such as Terrascan, and Accurics is proud to be at the forefront of this vital movement with regular advances in security to harness the full potential of this technology and enable self-healing cloud-native infrastructure.”

This follows the release of Terrascan's admission controller, a new capability to apply Policy as Code (PaC) uniformly across the software development lifecycle. PaC has gained popularity for establishing guardrails in the development process, enabling the detection of misconfigurations in Kubernetes manifests ahead of production. It’s critical for these policies to also govern deployments in runtime, since the production environment can be modified directly through the CSP or Kubernetes controller. However, PaC tools used in pipelines and in production are typically quite distinct, with different implementations, policy libraries, and control/reporting architectures. Leveraging Terrascan as an IaC scanner alongside Terrascan’s admission controller, on the other hand, consistently enforces the same policies across build and deployment of the application.

Additionally, Accurics recently released Terrascan integration with Atlantis, a popular open source Terraform automation platform that leverages an organization’s code repository, such as Git, to streamline and automate Terraform workflows. With integration directly into Atlantis, Terrascan ensures that scan results are reported as part of the same pull request workflow, providing a welcome level of security for this powerful approach to managing complex cloud infrastructure across multiple teams. Building on advanced automation, Terrascan can also fail the automated build if a particularly severe vulnerability is identified.