Skip to content

Commit

Permalink
Updates references to Tenable
Browse files Browse the repository at this point in the history
  • Loading branch information
cesar-rodriguez committed May 16, 2022
1 parent b9ba040 commit dc76628
Show file tree
Hide file tree
Showing 16 changed files with 76 additions and 76 deletions.
2 changes: 1 addition & 1 deletion .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@
# This file designates required PR reviewers for this repository
# https://help.github.com/articles/about-codeowners/

* @accurics/terrascan-maintainers @bkizer-tenable @tenable/terrascan-maintainers @tenable/terrascan-devrel
* @bkizer-tenable @tenable/terrascan-maintainers @tenable/terrascan-devrel
4 changes: 2 additions & 2 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,5 +12,5 @@ information on using pull requests.

## Community Guidelines

This project follows
[Accurics by Terrascan Code of Conduct](https://github.com/accurics/terrascan/blob/master/code_of_conduct.md).
This project follows the
[Terrascan Code of Conduct](https://github.com/tenable/terrascan/blob/master/code_of_conduct.md).
6 changes: 3 additions & 3 deletions content/en/_index.html
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
<a class="btn btn-lg btn-primary mr-3 mb-4" href="{{< relref "/docs" >}}">
Learn More <i class="fas fa-graduation-cap ml-2"></i>
</a>
<a class="btn btn-lg btn-secondary mr-3 mb-4" href="https://github.com/accurics/terrascan">
<a class="btn btn-lg btn-secondary mr-3 mb-4" href="https://github.com/tenable/terrascan">
Download <i class="fas fa-download"></i> </a>
<center>
<script async src="https://cse.google.com/cse.js?cx=52d81aac5e2710292"></script>
Expand Down Expand Up @@ -40,8 +40,8 @@
{{% /blocks/feature %}}


{{% blocks/feature icon="fab fa-github" title="Contributions welcome!" url="https://github.com/accurics/terrascan" %}}
We do a [Pull Request](https://github.com/accurics/terrascan/pulls) contributions on **GitHub**. New users are always welcome!
{{% blocks/feature icon="fab fa-github" title="Contributions welcome!" url="https://github.com/tenable/terrascan" %}}
We do a [Pull Request](https://github.com/tenable/terrascan/pulls) contributions on **GitHub**. New users are always welcome!
{{% /blocks/feature %}}


Expand Down
4 changes: 2 additions & 2 deletions content/en/docs/Contribution guidelines/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ You can contribute in many ways:

### Report Bugs

Report bugs at https://github.com/accurics/terrascan/issues.
Report bugs at https://github.com/tenable/terrascan/issues.

If you are reporting a bug, please include:

Expand All @@ -41,7 +41,7 @@ articles, videos, and such.

### Submit Feedback

The best way to send feedback is to file an issue at https://github.com/accurics/terrascan/issues.
The best way to send feedback is to file an issue at https://github.com/tenable/terrascan/issues.

If you are proposing a feature:

Expand Down
8 changes: 4 additions & 4 deletions content/en/docs/Getting started/_index.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@ Terrascan is a static code analyzer for Infrastructure as Code. It can be instal

Quickly get started with these common first tasks:

- [Installing Terrascan](#installing-terrascan)
- [Scanning with Terrascan](#scanning-with-terrascan)
- [Installing Terrascan](#installing-terrascan)
- [Scanning with Terrascan](#scanning-with-terrascan)

## Installing Terrascan
Terrascan is a portable executable that does not strictly require installation, and is also available as a container image in Docker Hub. You can use Terrascan in two different methods based on your preference:
Expand All @@ -22,7 +22,7 @@ Terrascan is a portable executable that does not strictly require installation,
2. [Using a Docker container](#using-a-docker-container)

### Native executable
Terrascan's [release page](https://github.com/accurics/terrascan/releases) includes latest version of builds for common platforms. Download and extract the package for your platform. Follow instructions that apply to your platform:
Terrascan's [release page](https://github.com/tenable/terrascan/releases) includes latest version of builds for common platforms. Download and extract the package for your platform. Follow instructions that apply to your platform:

#### macOS and Linux
Download the latest version of builds for macOS and enter the following command.
Expand Down Expand Up @@ -62,7 +62,7 @@ Terrascan is also available as a Docker image in Docker Hub and can be used as f
$ docker run --rm tenable/terrascan version
```

If you want to use the Docker image for the rest of this "Getting Started" guide, please refer to the following command. Note the volume `(-v)` that is being mapped to the docker, and modify it if necessary to suit your environment.
If you want to use the Docker image for the rest of this "Getting Started" guide, please refer to the following command. Note the volume `(-v)` that is being mapped to the docker, and modify it if necessary to suit your environment.

``` Bash
$ alias terrascan="docker run --rm -it -v "$(pwd):/iac" -w /iac tenable/terrascan"
Expand Down
8 changes: 4 additions & 4 deletions content/en/docs/Integrations/Atlantis.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ workflows:
```
### Script configuration
Modify the `terrascan-remote-scan.sh` script according your environment. The script is [located here](https://github.com/accurics/terrascan/tree/master/scripts). Open the script with your any editor of your choice and review the following six settings which is found at the top of the file:
Modify the `terrascan-remote-scan.sh` script according your environment. The script is [located here](https://github.com/tenable/terrascan/tree/master/scripts). Open the script with your any editor of your choice and review the following six settings which is found at the top of the file:

```
TERRASCAN_SERVER=192.168.1.55
Expand Down Expand Up @@ -113,7 +113,7 @@ In code repository, usage is exactly the same as atlantis, add a comment `atlant
##### To use the default built-in container image:

```
docker pull accurics/terrascan_atlantis
docker pull tenable/terrascan_atlantis
```

##### To build your own container image:
Expand All @@ -128,15 +128,15 @@ docker run \
--env-file=<.env-file> \
-p 4141:4141 \
-v <pwd>/config_data/:/etc/terrascan/ \
accurics/terrascan_atlantis server \
tenable/terrascan_atlantis server \
--gh-user="$USERNAME" --gh-token="$TOKEN" --gh-webhook-secret="$SECRET" \
--repo-allowlist="$REPO_ALLOWLIST" \
-c /etc/terrascan/config.toml
```

The syntax of the Atlantis server command here is same as in [atlantis docs](https://www.runatlantis.io/docs/), except for an optional `-c` flag which can be used to specify the file path for the toml config to be used by Terrascan. Another way to provide the toml config filepath would be the TERRASCAN_CONFIG environment variable. You need to provide all the environment variables that terraform requires to operate with your respective cloud providers.

> **Note**: As a good practice, Terrascan recommends use of a [specific tag](https://hub.docker.com/r/accurics/terrascan_atlantis/tags) of the container image rather than the latest tag.
> **Note**: As a good practice, Terrascan recommends use of a [specific tag](https://hub.docker.com/r/tenable/terrascan_atlantis/tags) of the container image rather than the latest tag.
[comment]: <> (Moved the workflow yaml note to above where its mentioned)

Expand Down
28 changes: 14 additions & 14 deletions content/en/docs/Integrations/argocd.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ title: "Argo CD"
linkTitle: "Argo CD"
weight: 20
description: >
Terrascan can be configured as an Argo CD job during the application sync process using ArgoCD’s resource hook.
Terrascan can be configured as an Argo CD job during the application sync process using ArgoCD’s resource hook.
---

## Terrascan can be integrated with Argo CD in two ways
Expand Down Expand Up @@ -46,7 +46,7 @@ spec:
- name: ssh-key-secret
secret:
secretName: ssh-key-secret
#add a secret for git config file
#add a secret for git config file
- name: ssh-config
secret:
secretName: ssh-config-secret
Expand Down Expand Up @@ -148,7 +148,7 @@ fi
For private repositories, the private following keys must be added as kubernetes secret:
- `private key` and ssh `config` as Secret
- `known_hosts`as ConfigMap

```
kubectl create secret generic ssh-key-secret \
--from-file=ssh-privatekey= < path to your private key > \
Expand All @@ -159,7 +159,7 @@ For private repositories, the private following keys must be added as kubernetes
```
kubectl create configmap ssh-known-hosts --from-file=< path to your known hosts file >
```
```
```
kubectl create configmap slack-notifications --from-file=< path to your notification script >
Expand All @@ -170,7 +170,7 @@ For private repositories, the private following keys must be added as kubernetes
```
kubectl create secret generic ssh-config-secret \
--from-file=< path to your ssh config file >
```
```
##### Example ssh config file
Expand Down Expand Up @@ -229,7 +229,7 @@ template:
value: yoursecretapikey
volumeMounts:
- mountPath: /data/certs
name: terrascan-certs-secret
name: terrascan-certs-secret
readOnly: true
- mountPath: /data/config
name: terrascan-config
Expand All @@ -256,23 +256,23 @@ template:
- name: ssh-key-secret
secret:
secretName: ssh-key-secret
#add a secret for git config file
#add a secret for git config file
- name: ssh-config
secret:
secretName: ssh-config-secret
#add a configmap for the ssh known_hosts file
- name: ssh-known-hosts
configMap:
name: known-hosts-config
#add a configmap for the terrascan config.toml file
#add a configmap for the terrascan config.toml file
- name: terrascan-config
configMap:
name: terrascan-config
#add a secret for the tls certificates
#add a secret for the tls certificates
- name: terrascan-certs-secret
secret:
secretName: terrascan-certs-secret
```
secretName: terrascan-certs-secret
```
**Service example**

```yaml
Expand Down Expand Up @@ -332,7 +332,7 @@ Host github.com
After making changes to the webhook deployment file, apply this yaml in your cluster.
You can also run terrascan admission controller server outside cluster, for more information and instructions on configuring terrascan as an admission controller webhook, see https://docs.accurics.com/projects/accurics-terrascan/en/latest/integrations/admission-controller-webhooks-usage.
You can also run terrascan admission controller server outside cluster, for more information and instructions on configuring terrascan as an admission controller webhook, see https://runterrascan.io/docs/integrations/k8s/.
#### Step 2: Create a Dockerfile
Expand Down Expand Up @@ -427,7 +427,7 @@ metadata:
generateName: terrascan-hook-
namespace: <YOUR APP NAMESPACE>
annotations:
argocd.argoproj.io/hook: PreSync
argocd.argoproj.io/hook: PreSync
spec:
ttlSecondsAfterFinished: 3600
template:
Expand Down Expand Up @@ -457,7 +457,7 @@ template:
- name: CLOUD_PROVIDER
value: <TYPE OF CLOUD PROVIDER> #If not provided default value is 'all'
- name: REMOTE_TYPE
value: <TYPE OF REMOTE> #If not provided default value is 'git'
value: <TYPE OF REMOTE> #If not provided default value is 'git'
args:
- sh
- /home/terrascan/bin/terrascan-remote-scan.sh
Expand Down
12 changes: 6 additions & 6 deletions content/en/docs/Integrations/cicd.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ Using Terrascan's SARIF output, the action can include issues found during the s


``` YAML

on: [push]

jobs:
Expand All @@ -34,7 +34,7 @@ jobs:
uses: actions/checkout@v2
- name: Run Terrascan
id: terrascan
uses: accurics/terrascan-action@main
uses: tenable/terrascan-action@main
with:
iac_type: 'terraform'
iac_version: 'v14'
Expand All @@ -53,21 +53,21 @@ jobs:
```
A detailed explanation of the action's input variables is available in the [terrascan-action](https://github.com/accurics/terrascan-action/) repository.
A detailed explanation of the action's input variables is available in the [terrascan-action](https://github.com/tenable/terrascan-action/) repository.
## GitLab CI
[GitLab CI](https://docs.gitlab.com/ee/ci/README.html) can use [Docker images](https://docs.gitlab.com/ee/ci/docker/using_docker_images.html) as part of a pipeline. We can take advantage of this functionality and use Terrascan's docker image as part of your [pipeline](https://docs.gitlab.com/ee/ci/pipelines/) to scan infrastructure as code.
To do this you can update your .gitlab-ci.yml file to use the "accurics/terrascan:latest" image with the ["bin/sh", "-c"] entrypoint. Terrascan can be found on "/go/bin" in the image and you can use any [Terrascan command line options](http://ubusvr:8000/getting-started/usage/#terrascan-commands) according to your needs. Here's an example .gitlab-ci.yml file:
To do this you can update your .gitlab-ci.yml file to use the "tenable/terrascan:latest" image with the ["bin/sh", "-c"] entrypoint. Terrascan can be found on "/go/bin" in the image and you can use any [Terrascan command line options](http://ubusvr:8000/getting-started/usage/#terrascan-commands) according to your needs. Here's an example .gitlab-ci.yml file:
``` YAML
stages:
- scan

terrascan:
image:
name: accurics/terrascan:latest
name: tenable/terrascan:latest
entrypoint: ["/bin/sh", "-c"]
stage: scan
script:
Expand Down Expand Up @@ -194,7 +194,7 @@ The `Dockerfile` is, of course, used to build the container. In this case, we s

``` SH
# Dockerfile
FROM accurics/terrascan:929e377
FROM tenable/terrascan:929e377

ENTRYPOINT []

Expand Down
6 changes: 3 additions & 3 deletions content/en/docs/Integrations/k8s.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ description: >

## Overview
Terrascan can be integrated with K8s [admissions webhooks](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/).
Admission controllers help you control resources created on a kubernetes cluster. By using Terrascan as an admission controller, resources violating security policies can be prevented from getting created in a Kubernetes cluster. For more details and instructions, [click here to see our blog](https://www.accurics.com/blog/terrascan-blog/kubernetes-security-terrascan-validating-admission-controller/).
Admission controllers help you control resources created on a kubernetes cluster. By using Terrascan as an admission controller, resources violating security policies can be prevented from getting created in a Kubernetes cluster.

> **Note on SSL certificates**: You can use valid SSL certificates or create self signed certificates and have your Kubernetes cluster trust it.
Expand All @@ -28,7 +28,7 @@ Create an instance of Terrascan. To scan K8s configurations, your Terrascan inst

1. Make sure Terrascan is accessible via HTTPS. Ensure your cloud firewall is configured to allow this.
2. Have a valid SSL certificate for the served domain name using one of the suggested methods below:
- Use a subdomain of your choice (e.g dev-terrascan-k8s.accurics.com) and create a valid certificate for this subdomain through your SSL certificate provider. You can use [Let's Encrypt](https://letsencrypt.org/) which is a free, simple to use certificate authority.
- Use a subdomain of your choice (e.g dev-terrascan-k8s.tenable.com) and create a valid certificate for this subdomain through your SSL certificate provider. You can use [Let's Encrypt](https://letsencrypt.org/) which is a free, simple to use certificate authority.
- Use a reverse-proxy to serve SSL requests; for example, use Cloudflare Flexible to get a certificate by a trusted-CA to your [self-signed certificate](https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs).
- Generate a self-signed certificate and configure your K8s cluster to trust it. To add a trusted CA to ca-pemstore, as demonstrated in [paraspatidar's blog post](https://medium.com/@paraspatidar/add-ssl-tls-certificate-or-pem-file-to-kubernetes-pod-s-trusted-root-ca-store-7bed5cd683d).
3. Use the Terrascan docker as demonstrated in this document, or run it from the sources.
Expand Down Expand Up @@ -78,7 +78,7 @@ You can specify the following configurations:
Run Terrascan docker image in your server using the following command:

``` Bash
sudo docker run -p 443:9443 -v <DATA_PATH>:/data -u root -e K8S_WEBHOOK_API_KEY=<API_KEY> accurics/terrascan server --cert-path /data/cert.pem --key-path /data/key.pem -c /data/config.toml
sudo docker run -p 443:9443 -v <DATA_PATH>:/data -u root -e K8S_WEBHOOK_API_KEY=<API_KEY> tenable/terrascan server --cert-path /data/cert.pem --key-path /data/key.pem -c /data/config.toml
```
Where,

Expand Down
50 changes: 25 additions & 25 deletions content/en/docs/Integrations/pre-commit-integration.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,11 @@ weight: 50
description: >
Integrating Terrascan with Pre-commit to detect vulnerabilities in your IaC before you commit them.
---
# Integrating Terrascan with Pre-commit
# Integrating Terrascan with Pre-commit

## Overview
Terrascan scan can be used as a pre-commit hook in order to automatically scan your IaC before every commit.
For more information about pre-commit hooks see https://pre-commit.com/#intro
## Overview
Terrascan scan can be used as a pre-commit hook in order to automatically scan your IaC before every commit.
For more information about pre-commit hooks see https://pre-commit.com/#intro

___

Expand All @@ -18,53 +18,53 @@ ___
* Ensure Terrascan is properly installed (See https://runterrascan.io/docs/getting-started/#installing-terrascan)
* Have Pre-commit package manager installed (See https://pre-commit.com/#install)
___
## Integration Method
## Integration Method
___
### Add config file
1. Add file called .pre-commit-config.yaml to root of repo you wish to scan with pre-commit. It should look like this:
### Add config file
1. Add file called .pre-commit-config.yaml to root of repo you wish to scan with pre-commit. It should look like this:
```yaml
repos:
- repo: https://github.com/accurics/terrascan
rev: <COMMIT/VERSION>
- repo: https://github.com/tenable/terrascan
rev: <COMMIT/VERSION>
hooks:
- id: terraform-pre-commit
args: [ '-i <IAC PROVIDER>'] #optional
args: [ '-i <IAC PROVIDER>'] #optional
```
**Note:**
The optional args line allows you to specify the IaC provider. For example,
The optional args line allows you to specify the IaC provider. For example,
```yaml
repos:
- repo: https://github.com/accurics/terrascan
rev: <COMMIT/VERSION>
- repo: https://github.com/tenable/terrascan
rev: <COMMIT/VERSION>
hooks:
- id: terraform-pre-commit
args: [ '-i k8s']
args: [ '-i k8s']
```
will cause
will cause
```bash
'terrascan scan -i k8s'
'terrascan scan -i k8s'
```
to run and thus scan kubernetes yaml files. You may exclude the args like so:
to run and thus scan kubernetes yaml files. You may exclude the args like so:
```yaml
repos:
- repo: https://github.com/accurics/terrascan
rev: <COMMIT/VERSION>
- repo: https://github.com/tenable/terrascan
rev: <COMMIT/VERSION>
hooks:
- id: terraform-pre-commit
```
which causes the default
which causes the default
```bash
'terrascan scan'
'terrascan scan'
```
to be run, scanning all IaC provider types.
to be run, scanning all IaC provider types.

___

Once you have everything installed, and add the appropriate config file to your repo,
Once you have everything installed, and add the appropriate config file to your repo,
```bash
'terrascan scan -i <IAC PROVIDER>'
'terrascan scan -i <IAC PROVIDER>'
```
everytime you attempt to commit your staged changes. You can also call the hook directly on all files using pre-commit run --all-files
everytime you attempt to commit your staged changes. You can also call the hook directly on all files using pre-commit run --all-files



Loading

0 comments on commit dc76628

Please sign in to comment.