Accurics Announces Argo Integration for Open Source Terrascan
May 06, 2021

Accurics announced that its open source project Terrascan, which enables teams to detect compliance and security violations across Infrastructure as Code (IaC), now integrates with the Argo Project.

This integration, coupled with the new Terrascan admission controller feature to enforce CNCF’s Open Policy Agent policies across the software development lifecycle, significantly enhances cloud security as developers adopt a GitOps approach.

Argo, an open source GitOps engine for Kubernetes, synchronizes Kubernetes clusters, making it easier to specify, schedule and coordinate the running of complex workflows and applications on Kubernetes. Terrascan can scan repositories for violations, and its integration with Argo brings these capabilities to the cluster through automated processes that extend from the source code to the controller. The automatic process ensures that the full pipeline, from development to end-user machine, is secure and fully aligned.

“Optimal security in cloud native infrastructure requires constant innovation at different levels of the architecture, with seamless integration, revitalized support, and ongoing deployments,” said Om Moolchandani, co-founder, CTO & CISO at Accurics. “As the Kubernetes ecosystem expands and developers adopt GitOps with Infrastructure as Code and Deployment as Code, they need security tools that fit into these automated, codified workflows where experts cannot review every finding. Kubernetes clusters need advances such as Terrascan, and Accurics is proud to be at the forefront of this vital movement with regular advances in security to harness the full potential of this technology and enable self-healing cloud-native infrastructure.”

This follows the release of Terrascan's admission controller, a new capability to apply Policy as Code (PaC) uniformly across the software development lifecycle. PaC has gained popularity for establishing guardrails in the development process, enabling the detection of misconfigurations in Kubernetes manifests ahead of production. It’s critical for these policies to also govern deployments in runtime, since the production environment can be modified directly through the CSP or Kubernetes controller. However, PaC tools used in pipelines and in production are typically quite distinct, with different implementations, policy libraries, and control/reporting architectures. Leveraging Terrascan as an IaC scanner alongside Terrascan’s admission controller, on the other hand, consistently enforces the same policies across build and deployment of the application.

Additionally, Accurics recently released Terrascan integration with Atlantis, a popular open source Terraform automation platform that leverages an organization’s code repository, such as Git, to streamline and automate Terraform workflows. With integration directly into Atlantis, Terrascan ensures that scan results are reported as part of the same pull request workflow, providing a welcome level of security for this powerful approach to managing complex cloud infrastructure across multiple teams. Building on advanced automation, Terrascan can also fail the automated build if a particularly severe vulnerability is identified.

Share this

Industry News

June 22, 2021

Red Hat announced new end-to-end Kubernetes-native decision management capabilities as part of the latest release of Red Hat Process Automation.

June 22, 2021

GitLab announces the next iteration of its single application with its 14 release.

June 22, 2021

Transposit introduced new platform capabilities which are developer-friendly, but built for all.

June 22, 2021

Plutora transitioned to an expanded data-centric platform, added additional metrics to monitor and manage value stream flow, and deepened its integrations with Agile planning tools.

June 22, 2021

Opsera announces its native Salesforce CI/CD release automation functionality.

June 21, 2021

Render announced the general availability of autoscaling.

June 21, 2021

Grafana Labs acquired k6, the Stockholm-based startup behind the open source load testing tool for engineering teams.

June 17, 2021

Bitrise announced the release of its new enterprise-grade Mobile DevOps platform.

June 17, 2021

Perforce Software announces a partnership with Microsoft to deliver the free Enhanced Studio Pack, providing development tools in a click-to-start model on the Azure cloud.

June 17, 2021

Tigera announced the availability of Calico Cloud in the Microsoft Azure Marketplace.

June 16, 2021

Red Hat announced the general availability of Red Hat’s migration toolkit for virtualization to help organizations accelerate open hybrid cloud strategies by making it easier to migrate existing workloads to modern infrastructure in a streamlined, wholesale manner.

June 16, 2021

BrowserStack announced it has secured $200 million in Series B funding at a $4 billion valuation.

June 16, 2021

Harness announced significant platform updates that address gaps in today's developer and DevOps market.

June 15, 2021

Broadcom announced new capabilities for Value Stream Management (VSM) in its ValueOps software portfolio, seamlessly combining the proven investment planning features of Clarity™ with the advanced Agile management capabilities of Rally® software.

June 15, 2021

Copado announced its Summer 21 Release, opening up its platform for true multi-cloud DevOps for enterprise SaaS and low-code development.