Accurics scans the infrastructure code stored in target repositories to detect the resources and associated vulnerabilities. There are two different scan techniques used to do this.
- Deep scan
Deep scan is typically used for Terraform or Terragrunt. It is more thorough and reliable. The vulnerability detection capability is high. It can do resource mapping with or without Terraform state files. It can support translation of variables.
Deep scan supports Terraform IaC type.
- Linear scan
There could be a case when there is less or no information available about required variables, remote state file, or maybe the deep scan is failing due to unknown reasons. In such scenarios, the Linear Scan can help to yet perform the scan and detect violations. However, Linear Scan may not detect all the vulnerabilities as the deep scan does.
Linear scan supports Terraform, Kubernetics, Helm, Kustomize IaC types.
Scanning in UI :
Deep Scan is enabled by default for a Terraform IaC type. However, users can switch to Deep Scan or Linear Scan anytime while creating a new environment or by editing an existing environment. To do so, please refer to the steps mentioned below:
- Start creating a new environment or edit an existing environment
- On the IaC Repository setup page, click the button to open the Repository Configuration dialogue
- Uncheck the “Use DeepScan” checkbox as shown below to enable Linear Scan. Check the “Use DeepScan” to enable Deep Scan
Scanning in CLI :
Deep Scan and Linear Scan can also be performed using Accurics CLI.
- To perform a Deep Scan using accurics CLI, use following commands :
accurics init accurics plan
Prerequisite: This requires Terraform to be installed on the system. For more info on how to install Terraform
- To perform a Linear Scan using accurics CLI, use following command:
accurics scan <IaC type>