Accurics Announces Argo Integration for Open Source Terrascan
May 06, 2021

Accurics announced that its open source project Terrascan, which enables teams to detect compliance and security violations across Infrastructure as Code (IaC), now integrates with the Argo Project.

This integration, coupled with the new Terrascan admission controller feature to enforce CNCF’s Open Policy Agent policies across the software development lifecycle, significantly enhances cloud security as developers adopt a GitOps approach.

Argo, an open source GitOps engine for Kubernetes, synchronizes Kubernetes clusters, making it easier to specify, schedule and coordinate the running of complex workflows and applications on Kubernetes. Terrascan can scan repositories for violations, and its integration with Argo brings these capabilities to the cluster through automated processes that extend from the source code to the controller. The automatic process ensures that the full pipeline, from development to end-user machine, is secure and fully aligned.

“Optimal security in cloud native infrastructure requires constant innovation at different levels of the architecture, with seamless integration, revitalized support, and ongoing deployments,” said Om Moolchandani, co-founder, CTO & CISO at Accurics. “As the Kubernetes ecosystem expands and developers adopt GitOps with Infrastructure as Code and Deployment as Code, they need security tools that fit into these automated, codified workflows where experts cannot review every finding. Kubernetes clusters need advances such as Terrascan, and Accurics is proud to be at the forefront of this vital movement with regular advances in security to harness the full potential of this technology and enable self-healing cloud-native infrastructure.”

This follows the release of Terrascan's admission controller, a new capability to apply Policy as Code (PaC) uniformly across the software development lifecycle. PaC has gained popularity for establishing guardrails in the development process, enabling the detection of misconfigurations in Kubernetes manifests ahead of production. It’s critical for these policies to also govern deployments in runtime, since the production environment can be modified directly through the CSP or Kubernetes controller. However, PaC tools used in pipelines and in production are typically quite distinct, with different implementations, policy libraries, and control/reporting architectures. Leveraging Terrascan as an IaC scanner alongside Terrascan’s admission controller, on the other hand, consistently enforces the same policies across build and deployment of the application.

Additionally, Accurics recently released Terrascan integration with Atlantis, a popular open source Terraform automation platform that leverages an organization’s code repository, such as Git, to streamline and automate Terraform workflows. With integration directly into Atlantis, Terrascan ensures that scan results are reported as part of the same pull request workflow, providing a welcome level of security for this powerful approach to managing complex cloud infrastructure across multiple teams. Building on advanced automation, Terrascan can also fail the automated build if a particularly severe vulnerability is identified.

Share this

Industry News

May 19, 2022

Jellyfish announced the launch of Jellyfish Benchmarks, a way to add context around engineering metrics and performance by introducing a method for comparison.

May 19, 2022

Solo.io announced the addition and integration of Cilium networking into its Gloo Mesh platform, providing a complete application-networking solution for companies’ cloud-native digital transformation efforts.

May 19, 2022

Aqua Security announced multiple updates to Aqua Trivy, making it a unified scanner for cloud native security.

May 18, 2022

Red Hat unveiled updates across its portfolio of developer tools designed to help organizations build and deliver applications faster and more consistently across Kubernetes-based hybrid and multicloud environments.

May 18, 2022

Armory announced public early access to their new Continuous Deployment-as-a-Service product.

May 18, 2022

DataCore Software announced DataCore Bolt, enterprise-grade container-native storage software for DevOps.

May 17, 2022

DevOps Institute, a global professional association for advancing the human elements of DevOps, announced the release of the Upskilling IT 2022 report.

May 17, 2022

Replicated announced a host of new platform features and capabilities that enable their customers to accelerate enterprise adoption of their Kubernetes applications.

May 17, 2022

Codefresh announced that its flagship continuous delivery (CD) platform will be made accessible as a fully-hosted solution for DevOps teams seeking to quickly and easily achieve frictionless, GitOps-based continuous software delivery in the cloud.

May 16, 2022

Red Hat announced new capabilities and enhancements across its portfolio of open hybrid cloud solutions aimed at accelerating enterprise adoption of edge compute architectures through the Red Hat Edge initiative.

May 16, 2022

D2iQ announced a partnership with GitLab.

May 16, 2022

Kasten by Veeam announced the new Kasten by Veeam K10 V5.0 Kubernetes data management platform.

May 12, 2022

Red Hat introduced Red Hat Enterprise Linux 9, the Linux operating system designed to drive more consistent innovation across the open hybrid cloud, from bare metal servers to cloud providers and the farthest edge of enterprise networks.

May 12, 2022

Couchbase announced version 7.1 of Couchbase Server.

May 12, 2022

Copado added Copado Robotic Testing to Copado Essentials.