# Install terrascan with Homebrew, MacPorts, Nix, scoop

Detect compliance and security violations across Infrastructure as Code. Version 1.19.9 via Homebrew; verified 2026-05-24.

## Install

```sh
sudo av install brew:terrascan
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install terrascan
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install terrascan
```

  Evidence: MacPorts ports tree: sysutils/terrascan/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#terrascan
```

  Evidence: nixpkgs package indexes: pkgs/by-name/te/terrascan/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

### Windows

- Scoop (92%):

```sh
scoop install main/terrascan
```

  Evidence: Scoop official bucket manifest trees: bucket/terrascan.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:terrascan
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/terrascan>
- **Version:** 1.19.9
- **Source summary:** Detect compliance and security violations across Infrastructure as Code
- **Homepage:** <https://runterrascan.io/>
- **Repository:** <https://github.com/tenable/terrascan>
- **Upstream docs:** <https://github.com/tenable/terrascan#readme>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/tenable/terrascan/archive/refs/tags/v1.19.9.tar.gz>
- **Last updated:** 2026-05-24T01:41:05Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- terrascan (cli)
- terrascan (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.19.9
- Package-manager updated: 2026-05-24
- Local data: ok
- Upstream repository: https://github.com/tenable/terrascan
- Upstream latest detected: v1.19.9 (current)
## Project history and usage

Terrascan is an open-source static analyzer for Infrastructure as Code that checks cloud and Kubernetes configuration before deployment. Its official README describes scanning for misconfigurations, posture drift, security vulnerabilities, and compliance violations, with local CLI and CI/CD integration workflows.

### Project history

The project originated under Accurics and later moved under Tenable ownership, as reflected by changelog links that compare older releases under github.com/accurics/terrascan and later releases under github.com/tenable/terrascan. The current official repository is archived and states that it is no longer maintained.

### Adoption history

Terrascan became a package-manager-friendly IaC security tool because it distributed native release binaries, Docker images, and package recipes. The README documents Homebrew installation, AUR installation, and Docker usage, while the input metadata also lists MacPorts, Nix, and Scoop packages.

### How it is used

In the package-nerd niche, Terrascan was used as a local scanner in developer workstations and CI jobs before Terraform, Kubernetes, Helm, Kustomize, CloudFormation, ARM, Dockerfile, or GitHub infrastructure changes were applied. Its value was the ability to run policy checks from a normal shell command without adopting a hosted platform first.

### Why package nerds care

Terrascan is significant as part of the early wave of IaC security CLIs that package managers made easy to slot into pre-commit hooks, CI images, and ephemeral developer machines. Its archived status is now part of its history: packages may remain useful for reproducing older pipelines, but new deployments need to account for maintenance risk.

### Timeline

- 2020: v1.1.0 appears in the official changelog on September 16, 2020.
- 2021-2022: Changelog links show releases under the Accurics repository path.
- 2022: Later changelog entries move to the Tenable repository path.
- 2023: v1.18.3 appears in the official changelog on August 3, 2023.
- 2024: GitHub page lists v1.19.9 as latest release on September 18, 2024.
- 2026: Official repository is archived and marked no longer maintained.

### Related projects

- Terrascan sits in the same IaC and cloud-security package niche as Terraform policy scanners, Kubernetes manifest linters, and CI security gates.

### Sources

- <https://github.com/tenable/terrascan official README, archive notice, installation notes, and feature list.>
- <https://raw.githubusercontent.com/tenable/terrascan/master/CHANGELOG.md official changelog showing Accurics-to-Tenable release history.>
- source_facts.package-manager lists brew, macports, nix, and scoop packaging.


## Security Notes

infrastructure mutation or orchestration signal.

- **Geiger risk:** orange / medium
- infrastructure mutation or orchestration signal

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** terrascan
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** yes
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - terrascan: normalized package name match | nixpkgs package indexes: pkgs/by-name/te/terrascan/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- MacPorts - terrascan: normalized package name match | MacPorts ports tree: sysutils/terrascan/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
- Scoop - main/terrascan: normalized package name match | Scoop official bucket manifest trees: bucket/terrascan.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1


## Related links

- [Cloud CLI packages](https://www.automicvault.com/pkg/cloud-clis/) - Belongs to a cloud or infrastructure command family.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Developer build packages](https://www.automicvault.com/pkg/developer-build-tools/) - Matched build, compiler, generator, or developer workflow metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [checkov](https://www.automicvault.com/pkg/brew/checkov/) - Shares av.db curated category or tags: cli, compliance, infrastructure-as-code, kubernetes, security.
- [intercept](https://www.automicvault.com/pkg/brew/intercept/) - Shares av.db curated category or tags: cli, compliance, security, static-analysis.
- [kube-bench](https://www.automicvault.com/pkg/brew/kube-bench/) - Shares av.db curated category or tags: cli, compliance, kubernetes, security.
- [kubescape](https://www.automicvault.com/pkg/brew/kubescape/) - Shares av.db curated category or tags: cli, compliance, kubernetes, security.
- [terraform-iam-policy-validator](https://www.automicvault.com/pkg/brew/terraform-iam-policy-validator/) - Shares av.db curated category or tags: cli, compliance, security, terraform.
- [tfsec](https://www.automicvault.com/pkg/brew/tfsec/) - Shares av.db curated category or tags: cli, security, static-analysis, terraform.
- [bandit](https://www.automicvault.com/pkg/brew/bandit/) - Shares av.db curated category or tags: cli, security, static-analysis.
- [caracal](https://www.automicvault.com/pkg/brew/caracal/) - Shares av.db curated category or tags: cli, security, static-analysis.

## Combined YAML source

View the package source record on GitHub. [combined/terrascan.yml](https://github.com/automic-vault/db/blob/main/combined/terrascan.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
