Detecting Kubernetes configuration files using Snyk Broker (Custom)
Kubernetes configuration files in Snyk Broker
By default, some file types used by Infrastructure-as-Code (IaC) are not enabled. To grant the Broker access to IaC files in your repository, for example, Kubernetes configuration files, you can add an environment variable ACCEPT_IAC with any combination of tf,yaml,yml,json,tpl.
Otherwise you can edit your accept.json, add the relevant IaC specific rules, and load the customized accept file into the container. Note that if a custom accept file (from a separate folder) is used (using ACCEPT environment variable), the ACCEPT_IAC mechanism cannot be used.
These are the instructions if you require a custom allow-list and want to add Kubernetes configuration files into the files Snyk can scan for.
Writing the configuration
You must grant the Broker access to particular files in the repository. This requires specific API permissions. These API permissions are slightly different depending on which source control system you are using. The configuration that follows is for the file extensions .yaml, .yml, and .json. This allows the Broker to access potential Kubernetes and CloudFormation files, but you may adapt the configuration as necessary. For example, you may wish to add configurations for .tf files in order to scan Terraform HCL files.
Find the appropriate accept.json sample file for your source control system and download it from the Broker repository.
Rename the file to accept.json and to the private array in the JSON file, add the following rules as appropriate to your SCM.