In-file Instrumentation
Today, Terrascan supports these instrumentations:
- Rule Skipping
- Resource Prioritization
Rule Skipping
Rule skipping allows you to specify a rule that should not be applied to a particular resource.
Note: In-file instrumentation will skip the rule only for the resource it is defined in. The
skip_rules
parameter in the config file will skip the rule for the entire scan.
In Terraform
Use the syntax #ts:skip=RuleID optional_comment
inside a resource to skip the rule for that resource.
Example
In Kubernetes
Use the annotation
runterrascan.io/skip:[{\"rule\": \RuleID\", \"comment\": \"reason to skip the rule\"}]
inside a resource to skip the rule for that resource.
Example
In Dockerfile
Use the syntax #ts:skip=RuleID optional_comment
inside the dockerfile to skip the rule for that resource.
Example
Resource Prioritization
Resource prioritization allows you set maximum and minimum severities for violations in a given resource. Are you configuring a very sensitive resource? Set the minimum severity to High
, so low and medium violations will be escalated. Need to suppress all violations from a particular resource? Set the maximum severity to None
.
For maximum severity, meaningful options are Medium, Low, and None.
For minimum severity, meaningful options are High and Medium.
In Terraform
Use the syntax #ts:maxseverity=SEVERITY
, or #ts:minseverity=SEVERITY
inside a resource to skip the rule for that resource.
Example
In Kubernetes
Use the annotation
runterrascan.io/minseverity: SEVERITY
, or runterrascan.io/maxseverity: SEVERITY
inside a resource to skip the rule for that resource.
Example
In Dockerfile
Use the syntax #ts:maxseverity=SEVERITY
, or #ts:minseverity=SEVERITY
inside a dockerfile to skip the rule for that resource.
Example
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.