Create and test Rego policies for Terrascan in Visual Studio Code.
- Generates standardized JSON configuration used as input to Terrascan's policy engine.
- Generates a pre-populated Rego template using parameters from resources in your IaC files as input.
- Tests Rego policies against IaC files.
- Ability to sync policies with Tenable.cs.
Follow these steps to get started:
- Install the extension from the VS code marketplace
- Open an IaC template on VS Code.
- Highlight an IaC resource, right-click, and select
RegoEditor: Generate Config. - Select the IaC engine this template uses (e.g. terraform, cft, k8s, etc.). This generates a normalized JSON file including the highlighted resource and its parameters.
- Right-click the normalized JSON file and select
RegoEditor: Generate Rego. This creates a rule JSON and a Rego file. - Update relevant fields on the Rule JSON file according to your policy.
- Update the Rego file to enforce your policy.
- Right-click the Rego file and click on
RegoEditor: Scanto test your policy.
This extension supports multiple configuration options. To view the settings, open the command palette (Ctrl + Shift + P for Windows or CMD + Shift + P on Mac OS) and search for RegoEditor: Configuration.
From the configuration menu you should be able to customize:
- The counter suffixed to policies
- The default cloud provider
- Whether to show the helper text on newly created Rego files
- Credentials for syncing policies with Tenable.cs
Contributions are always welcome in the form of documentation, blogs, issues, and pull requests. More details on CONTRIBUTING.md.