From 7c16632a631f75aad53fa4995d9172815dd3f13c Mon Sep 17 00:00:00 2001
From: carlospolop <carlospolop@gmail.com>
Date: Mon, 17 Nov 2025 16:31:36 +0100
Subject: [PATCH] f

---
 src/pentesting-ci-cd/terraform-security.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/pentesting-ci-cd/terraform-security.md b/src/pentesting-ci-cd/terraform-security.md
index a3e9bf83c..dd9d3fc7d 100644
--- a/src/pentesting-ci-cd/terraform-security.md
+++ b/src/pentesting-ci-cd/terraform-security.md
@@ -408,6 +408,21 @@ brew install tfsec
 tfsec /path/to/folder
 ```
 
+### [terrascan](https://github.com/tenable/terrascan)
+
+Terrascan is a static code analyzer for Infrastructure as Code. Terrascan allows you to:
+
+- Seamlessly scan infrastructure as code for misconfigurations.
+- Monitor provisioned cloud infrastructure for configuration changes that introduce posture drift, and enables reverting to a secure posture.
+- Detect security vulnerabilities and compliance violations.
+- Mitigate risks before provisioning cloud native infrastructure.
+- Offers flexibility to run locally or integrate with your CI\CD.
+
+```bash
+brew install terrascan
+terrascan scan -d /path/to/folder
+```
+
 ### [KICKS](https://github.com/Checkmarx/kics)
 
 Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with **KICS** by Checkmarx.