{ "info": { "author": "Cesar Rodriguez", "author_email": "therasec@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 2 - Pre-Alpha", "Intended Audience :: Developers", "License :: OSI Approved :: GNU General Public License v3 (GPLv3)", "Natural Language :: English", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6" ], "description": ".. highlight:: shell\n=========\nTerrascan\n=========\n\n\n.. image:: https://img.shields.io/pypi/v/terrascan.svg\n :target: https://pypi.python.org/pypi/terrascan\n\n.. image:: https://img.shields.io/travis/cesar-rodriguez/terrascan.svg\n :target: https://travis-ci.org/cesar-rodriguez/terrascan\n\n.. image:: https://readthedocs.org/projects/terrascan/badge/?version=latest\n :target: https://terrascan.readthedocs.io/en/latest/?badge=latest\n :alt: Documentation Status\n\n.. image:: https://pyup.io/repos/github/cesar-rodriguez/terrascan/shield.svg\n :target: https://pyup.io/repos/github/cesar-rodriguez/terrascan/\n :alt: Updates\n\n\nA collection of security and best practice tests for static code analysis of terraform_ templates using terraform_validate_.\n\n.. _terraform: https://www.terraform.io\n.. _terraform_validate: https://github.com/elmundio87/terraform_validate\n\n* GitHub Repo: https://github.com/cesar-rodriguez/terrascan\n* Documentation: https://terrascan.readthedocs.io.\n* Free software: GNU General Public License v3\n\n--------\nFeatures\n--------\nTerrascan will perform tests on your terraform templates to ensure:\n\n- **Encryption**\n - Server Side Encription (SSE) enabled\n - Use of AWS Key Management Service (KMS) with Customer Managed Keys (CMK)\n - Use of SSL/TLS and proper configuration\n- **Security Groups**\n - Provisioning SGs in EC2-classic\n - Ingress open to 0.0.0.0/0\n- **Public Exposure**\n - Services with public exposure other than Gateways (NAT, VGW, IGW)\n- **Logging & Monitoring**\n - Access logs enabled to resources that support it\n\n----------\nInstalling\n----------\nTerrascan uses Python and depends on terraform-validate and pyhcl. After installing python in your system you can follow these steps:\n\n $ pip install terrascan\n\n\n-----------------\nRunning the tests\n-----------------\nTo run execute terrascan.py as follows replacing with the location of your terraform templates:\n\n $ terrascan --location tests/infrastructure/success --tests all\n\nTo run a specific test run the following command replacing encryption with the name of the test to run:\n\n $ terrascan --location tests/infrastructure/success --tests encryption\n\nTo learn more about the options to the cli execute the following:\n\n $ terrascan -h\n\n--------------\nFeature Status\n--------------\nLegend:\n - `:heavy_minus_sign:` = test needs to be implemented\n - `:heavy_check_mark:` = test implemented\n - **blank** - N/A\n\n======================================== ====================== ====================== ====================== ======================\n Terraform resources Encryption Security Groups Public exposure Logging & Monitoring\n======================================== ====================== ====================== ====================== ======================\n aws_alb `:heavy_check_mark:` `:heavy_check_mark:`\n aws_alb_listener `:heavy_check_mark:`\n aws_ami `:heavy_check_mark:`\n aws_ami_copy `:heavy_check_mark:`\n aws_api_gateway_domain_name `:heavy_check_mark:`\n aws_cloudfront_distribution `:heavy_check_mark:` `:heavy_check_mark:`\n aws_cloudtrail `:heavy_check_mark:` `:heavy_check_mark:`\n aws_codebuild_project `:heavy_check_mark:`\n aws_codepipeline `:heavy_check_mark:`\n aws_db_instance `:heavy_check_mark:` `:heavy_check_mark:`\n aws_db_security_group `:heavy_check_mark:`\n aws_dms_endpoint `:heavy_check_mark:`\n aws_dms_replication_instance `:heavy_check_mark:` `:heavy_check_mark:`\n aws_ebs_volume `:heavy_check_mark:`\n aws_efs_file_system `:heavy_check_mark:`\n aws_elasticache_security_group `:heavy_check_mark:`\n aws_efs_file_system `:heavy_check_mark:`\n aws_elasticache_security_group `:heavy_check_mark:`\n aws_elastictranscoder_pipeline `:heavy_check_mark:`\n aws_elb `:heavy_check_mark:` `:heavy_check_mark:` `:heavy_check_mark:`\n aws_emr_cluster `:heavy_check_mark:`\n aws_instance `:heavy_check_mark:` `:heavy_check_mark:`\n aws_kinesis_firehose_delivery_stream `:heavy_check_mark:` `:heavy_check_mark:`\n aws_lambda_function `:heavy_check_mark:`\n aws_launch_configuration `:heavy_check_mark:`\n aws_lb_ssl_negotiation_policy `:heavy_minus_sign:`\n aws_load_balancer_backend_server_policy `:heavy_minus_sign:`\n aws_load_balancer_listener_policy `:heavy_minus_sign:`\n aws_load_balancer_policy `:heavy_minus_sign:`\n aws_opsworks_application `:heavy_check_mark:` `:heavy_minus_sign:`\n aws_opsworks_custom_layer `:heavy_minus_sign:`\n aws_opsworks_ganglia_layer `:heavy_minus_sign:`\n aws_opsworks_haproxy_layer `:heavy_minus_sign:`\n aws_opsworks_instance `:heavy_minus_sign:`\n aws_opsworks_java_app_layer `:heavy_minus_sign:`\n aws_opsworks_memcached_layer `:heavy_minus_sign:`\n aws_opsworks_mysql_layer `:heavy_minus_sign:`\n aws_opsworks_nodejs_app_layer `:heavy_minus_sign:`\n aws_opsworks_php_app_layer `:heavy_minus_sign:`\n aws_opsworks_rails_app_layer `:heavy_minus_sign:`\n aws_opsworks_static_web_layer `:heavy_minus_sign:`\n aws_rds_cluster `:heavy_check_mark:`\n aws_rds_cluster_instance `:heavy_check_mark:`\n aws_redshift_cluster `:heavy_check_mark:` `:heavy_check_mark:` `:heavy_check_mark:`\n aws_redshift_parameter_group `:heavy_minus_sign:` `:heavy_minus_sign:`\n aws_redshift_security_group `:heavy_check_mark:`\n aws_s3_bucket `:heavy_check_mark:` `:heavy_check_mark:`\n aws_s3_bucket_object `:heavy_check_mark:`\n aws_security_group `:heavy_check_mark:`\n aws_security_group_rule `:heavy_check_mark:`\n aws_ses_receipt_rule `:heavy_minus_sign:`\n aws_sqs_queue `:heavy_check_mark:`\n aws_ssm_maintenance_window_task `:heavy_check_mark:`\n aws_ssm_parameter `:heavy_check_mark:`\n======================================== ====================== ====================== ====================== ======================\n\n\n\n\n=======\nHistory\n=======\n\n0.1.0 (2017-11-26)\n------------------\n\n* First release on PyPI.\n\n\n", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/cesar-rodriguez/terrascan", "keywords": "terrascan", "license": "GNU General Public License v3", "maintainer": "", "maintainer_email": "", "name": "terrascan", "package_url": "https://pypi.org/project/terrascan/", "platform": "", "project_url": "https://pypi.org/project/terrascan/", "project_urls": { "Homepage": "https://github.com/cesar-rodriguez/terrascan" }, "release_url": "https://pypi.org/project/terrascan/0.1.0/", "requires_dist": [ "ply (==3.10)", "pyhcl (==0.3.9)", "terraform-validate (==2.5.0)" ], "requires_python": "", "summary": "Security and best practices tests for terraform", "version": "0.1.0" }, "last_serial": 3370204, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "9424a19c365585a6ed7c650ed5957927", "sha256": "9f12544216ab11405c11a11c7249c062442bf7141baad9f6eb898ca2a36dbf59" }, "downloads": -1, "filename": "terrascan-0.1.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "9424a19c365585a6ed7c650ed5957927", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 16610, "upload_time": "2017-11-28T06:52:00", "url": "https://files.pythonhosted.org/packages/2c/6b/e8aca50584559712a1696ddd2c336f0649275be05b1caeb34bd6d284b25d/terrascan-0.1.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "f4b3c799f5333cff027a0e7eca6e87c9", "sha256": "44284e01b76fc105a67b43c2be27f39c36cac5320c6b4f585e1b499334260792" }, "downloads": -1, "filename": "terrascan-0.1.0.tar.gz", "has_sig": false, "md5_digest": "f4b3c799f5333cff027a0e7eca6e87c9", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 20451, "upload_time": "2017-11-28T06:52:12", "url": "https://files.pythonhosted.org/packages/e4/b9/42834ec65c4863dfcf61057711be4c3d5e0f08921e0059f757156f736b83/terrascan-0.1.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "9424a19c365585a6ed7c650ed5957927", "sha256": "9f12544216ab11405c11a11c7249c062442bf7141baad9f6eb898ca2a36dbf59" }, "downloads": -1, "filename": "terrascan-0.1.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "9424a19c365585a6ed7c650ed5957927", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 16610, "upload_time": "2017-11-28T06:52:00", "url": "https://files.pythonhosted.org/packages/2c/6b/e8aca50584559712a1696ddd2c336f0649275be05b1caeb34bd6d284b25d/terrascan-0.1.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "f4b3c799f5333cff027a0e7eca6e87c9", "sha256": "44284e01b76fc105a67b43c2be27f39c36cac5320c6b4f585e1b499334260792" }, "downloads": -1, "filename": "terrascan-0.1.0.tar.gz", "has_sig": false, "md5_digest": "f4b3c799f5333cff027a0e7eca6e87c9", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 20451, "upload_time": "2017-11-28T06:52:12", "url": "https://files.pythonhosted.org/packages/e4/b9/42834ec65c4863dfcf61057711be4c3d5e0f08921e0059f757156f736b83/terrascan-0.1.0.tar.gz" } ] }