Tenable advances open source capabilities and expand cloud-native support

Tenable announced the new features of Terrascan, the open source cloud native security analyzer that supports developers secure Infrastructure as Code(IaC). The new capabilities allow businesses to include security into their DevOps tooling, pipelines, and supply chains, reducing risk before infrastructure is deployed.

“It’s now more critical than ever for developers to have tools that can detect compliance and security violations across their entire cloud systems, including IaC,” said Nico Popp chief product officer, Tenable.

He added, “Just as IaC opens the door to programmatically embed policy checks earlier in the development lifecycle, Terrascan detects compliance and security violations across IaC to mitigate risk before provisioning. We are committed to ensuring Terrascan remains open and available to all development teams and are excited to contribute to its growth.”

Among other advances, Terrascan now features:

• The ability to identify security risks in more IaC and container definition formats
• Integration with all major container registries, including to identify vulnerabilities in container images referenced by IaC
• More flexible developer workflows, including the programmatic enforcement of security policies before changes are committed into the code repository and before they are applied to the runtime environment
• Improved ability to filter and prioritize findings according to user needs
• Deeper integration with external dashboards and reporting frameworks
• A new graphical user interface to simplify the creation and testing of new policies

Terrascan provides a scalable solution for ensuring that cloud infrastructure configurations follow changing security best practices. It aids in the detection of vulnerabilities such as missing or misconfigured encryption on resources and communications, as well as unintended cloud service exposure. Terrascan significantly improves the value of IaC, which is used by enterprises to define and manage cloud infrastructure, while also enhancing security by allowing teams to identify and eliminate risk before infrastructure is deployed.