-
Notifications
You must be signed in to change notification settings - Fork 509
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #288 from accurics/terrascan-v1.0-docs
Terrascan v1.0 docs
- Loading branch information
Showing
18 changed files
with
1,107 additions
and
127 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,26 +1,31 @@ | ||
# Changelog | ||
|
||
## 1.0.0 (UNRELEASED) | ||
Major updates to Terrascan and the underlying architecture. | ||
Major updates to Terrascan and the underlying architecture including: | ||
|
||
- Pluggable architecture written in Golang. We updated the architecture to be easier to extend Terrascan with additional IaC languages and support policies for different cloud providers and cloud native tooling. | ||
- Server mode. This allows Terrascan to be executed as a server and use it's API to perform static code analysis | ||
- Notifications hooks. Will be able to integrate for notifications to external systems (e.g. email, slack, etc.) | ||
- Uses OPA policy engine and policies written in Rego. | ||
|
||
## 0.2.3 (2020-07-23) | ||
* Introduces the '-f' flag for passing a list of ".tf" files for linting and the '--version' flag. | ||
- Introduces the '-f' flag for passing a list of ".tf" files for linting and the '--version' flag. | ||
|
||
## 0.2.2 (2020-07-21) | ||
* Adds Docker image and pipeline to push to DockerHub | ||
- Adds Docker image and pipeline to push to DockerHub | ||
|
||
## 0.2.1 (2020-06-19) | ||
* Bugfix: The pyhcl hard dependency in the requirements.txt file caused issues if a higher version was installed. This was fixed by using the ">=" operator. | ||
- Bugfix: The pyhcl hard dependency in the requirements.txt file caused issues if a higher version was installed. This was fixed by using the ">=" operator. | ||
|
||
## 0.2.0 (2020-01-11) | ||
* Adds support for terraform 0.12+ | ||
- Adds support for terraform 0.12+ | ||
|
||
## 0.1.2 (2020-01-05) | ||
* Adds ability to setup terrascan as a pre-commit hook | ||
- Adds ability to setup terrascan as a pre-commit hook | ||
|
||
## 0.1.1 (2020-01-01) | ||
* Updates dependent packages to latest versions | ||
* Migrates CI to GitHub Actions from travis | ||
- Updates dependent packages to latest versions | ||
- Migrates CI to GitHub Actions from travis | ||
|
||
## 0.1.0 (2017-11-26) | ||
* First release on PyPI. | ||
- First release on PyPI. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
from diagrams import Cluster, Diagram | ||
from diagrams.aws.compute import ECS | ||
from diagrams.aws.management import Cloudformation | ||
from diagrams.aws.integration import ConsoleMobileApplication | ||
from diagrams.azure.compute import VM | ||
from diagrams.gcp.compute import GCE | ||
from diagrams.programming.language import Bash | ||
from diagrams.onprem import iac | ||
from diagrams.onprem.compute import Server | ||
|
||
|
||
with Diagram("Terrascan architecture", show=False): | ||
cli = Bash("CLI") | ||
server = Server("API server") | ||
notifier = ConsoleMobileApplication("Notifier (Webhook)") | ||
writer = Bash("Writer (JSON, YAML, XML)") | ||
|
||
with Cluster("Runtime"): | ||
ECS("Input Validate") | ||
output = ECS("Output") | ||
ECS("Process") | ||
|
||
with Cluster("IaC Providers"): | ||
tf = iac.Terraform("Terraform") | ||
ansible = iac.Ansible("Ansible") | ||
cft = Cloudformation("CloudFormation") | ||
|
||
|
||
with Cluster("Policy Engine"): | ||
policy = [ | ||
VM("Azure"), | ||
GCE("GCP"), | ||
ECS("AWS") | ||
] | ||
|
||
server >> output >> tf >> policy >> notifier | ||
cli >> output >> ansible >> policy >> writer | ||
output >> cft >> policy | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,15 @@ | ||
# Architecture | ||
|
||
## Runtime | ||
Terrascan's architecture is built to be modular to facilitate adding IaC languages and policies. At a high level Terrascan is composed of the following architectural components: a command line interface, API server, runtime, pluggable IaC proviers, pluggable policy engine, notifier, and writter. | ||
|
||
* Command Line Interface = Provides CLI input to Terrascan. | ||
* API Server = Provider input to Terrascan through an API. | ||
* Runtime = Performs input validation and process inputs | ||
* IaC Providers = Converts IaC language into normalized JSON | ||
* Policy Engine = Applies policies against normalized JSON | ||
* Notifier = Providers webhooks for results of Terrascan scans. | ||
* Writter = Writes results into various formats like JSON, YAML, or XML. | ||
|
||
![Terrascan architecture](terrascan_architecture.png) | ||
|
||
## IaC Language Providers | ||
|
||
## Policy Engine |
Oops, something went wrong.