Terrascan
IaC scanner detecting security issues across Terraform, Kubernetes, Helm, Docker, and cloud APIs via OPA/Rego policies.
Why it is included
Mature Rego-based policy set and server mode for admission-style use cases.
Best for
Policy-as-code teams standardizing on Rego for cloud configs.
Strengths
- Rego policies
- Server mode
- Multi-cloud resource support
Limitations
- Tenable product family changes—track upstream
Good alternatives
Checkov · Trivy · OPA
Related tools
Security & Privacy
Checkov
Static analysis for Terraform, CloudFormation, Kubernetes, Docker, and more—hundreds of built-in policy checks.
Security & Privacy
Open Policy Agent (OPA)
General-purpose policy engine with Rego: unify authorization and config decisions across K8s, APIs, Terraform plans, and CI.
Security & Privacy
Kyverno
Kubernetes-native policy engine using YAML (no Rego) for validate, mutate, generate, and image verification rules.
Security & Privacy
Trivy
All-in-one scanner for container images, IaC, Kubernetes manifests, SBOMs, and VM OS packages with CI integrations.
Security & Privacy
Kubescape
Kubernetes security scanner for misconfigurations, RBAC, compliance frameworks (NSA/CIS), and image vulnerabilities.
Security & Privacy
kubeaudit
CLI to audit Kubernetes manifests and clusters for security misconfigurations (capabilities, read-only root, privileged, etc.).