Accurics scans the infrastructure code stored in target repositories to detect the resources and associated vulnerabilities. Accurics uses Deep Scan and Linear Scan as scanning techniques to do this.
Deep scan is typically used for Terraform or Terragrunt. It is more thorough and reliable. The vulnerability detection capability is high. It can do resource mapping with or without Terraform state files. It can support the translation of variables.
Deep scan supports Terraform IaC type.
There could be a case when there is less or no information available about required variables, remote state file, or maybe the deep scan is failing due to unknown reasons. In such scenarios, the Linear Scan can help you perform the scan and detect violations. However, Linear Scan may not detect all the vulnerabilities as the Deep scan does.
Linear scan supports Terraform, Kubernetes, Helm, Kustomize IaC types.
Selecting the scanning option
By default, Deep Scan is enabled for a Terraform IaC type. However, you can switch to Linear Scan anytime while configuring the advanced settings of the repositories.
Perform the following steps to select the scanning option:
- Start creating a new connection or edit an existing connection. Choose to connect a repository.
For more information, see Onboarding Code Repositories.
- Select the Version Control option to directly integrate with your respective SCM tools, such as Github, Bitbucket, or Gitlab etc. and scan your infrastructure as code (IaC).
- Select the version control provider from available options.
- Select the repository.
- Click the Advance settings icon for the respository.
- Keep the Plan Based Setup option turned ON to enable Deep Scan or turn OFF the Plan Based Setup option to enable Linear Scan.
Selecting scanning option from Accurics CLI
You can also enable Deep Scan and Linear Scan using Accurics CLI. For more information about Accurics CLI commands, see Accurics CLI Parameters.
For Deep Scan, enter the following commands:
use accurics init accurics plan
For Linear Scan, enter the following command: