SupportAPI docsProduct updatesSign up for free
Search…
Snyk User Documentation
Introducing Snyk
Implementing Snyk in your teams
Getting started
Snyk Web UI
Snyk CLI
Snyk API
Snyk for IDEs
Snyk Apps
Snyk Integrations
SNYK PRODUCTS
Snyk Open Source
Snyk Code
Snyk Container
Snyk Infrastructure as Code
USING SNYK
Snyk Broker
User and group management
Fixing and prioritizing issues
Reports
Snyk Tools
SNYK INFO
Disclosing vulnerabilities
How Snyk handles your data
Snyk Partner workshops
Atlassian Integrations
AWS Integrations
Snyk Integrations
Snyk Account
CircleCI
Scan Terraform with the Snyk Orb
Add the Snyk Orb to your CircleCI Config
Adjusting Snyk IAC Scan parameters
Securing Kubernetes Workloads on AWS
Docker
Dynatrace
GCP
GitHub
Microsoft Azure
Oracle Cloud Infrastructure
Red Hat
SpringOne
Powered By GitBook
Add the Snyk Orb to your CircleCI Config
In the CircleCI Academy Orbs module you learned about Orbs, packages of configuration that simplify your builds. Snyk's Orb exposes the Snyk CLI, allowing you to find and fix known vulnerabilities in app dependencies, container images, and infrastructure as code.

Add the Snyk Orb to your CircleCI configuration YML

In your fork of the learn-iac repo, open the .circleci/config.yml file. Add the Snyk Orb to the top replacing @x.y.z with the latest version of the Snyk Orb from the Orb Registry.
1
version: 2.1
2
​
3
orbs:
4
snyk: snyk/[email protected]
5
​
6
jobs:
7
...
Copied!
Adding the Orb exposes the snyk commands and jobs to your workflow. Consider your requirements when choosing where in the workflow to add them.

Add the Scan IAC Job to the Workflow

For this example, add the snyk/scan-iac job before the gke-create-cluster job to check Terraform files are correctly configured before creating the cloud infrastructure. The args parameter points to which files to check for misconfigurations and can also be used to pass other Snyk CLI arguments.
1
workflows:
2
build_test:
3
jobs:
4
- run_tests
5
- build_docker_image
6
- snyk/scan-iac:
7
args: part03/iac_gke_cluster/
8
- gke_create_cluster:
9
requires:
10
- run_tests
11
- build_docker_image
12
- snyk/scan-iac
Copied!
Snyk Infrastructure as Code can also check Kubernetes and AWS CloudFormation files for misconfigurations. Learn more in the Snyk IAC documentation.
When ready, commit and merge your changes to trigger the workflow run.

Working with results

When the workflow runs, the output will be displayed in your CircleCI project run. The job fails because issues are found in the main.tf file scanned.
Snyk Orb output in the CircleCI UI
Visit Understanding configuration scan issues in the Snyk Docs to learn more about interpreting the output of the Snyk IAC CLI powering the Snyk Orb.

Viewing results in the Snyk UI

Import your fork of the learn-iac repo to the Snyk UI using the GitHub integration. Visit the Snyk IAC documentation to learn how. Once imported, you'll see the manifest files in the Snyk UI.
Clicking on the main.tf file will show you an in-line view of the issues found, with additional information such as the impact of the configuration and how to fix it.
In the next section we'll show how you can tune this analysis to adjust the test's pass/fail criteria.
Previous
Scan Terraform with the Snyk Orb
Next
Adjusting Snyk IAC Scan parameters
Last modified 8d ago
Export as PDF
Copy link
Edit on GitHub
Contents
Add the Snyk Orb to your CircleCI configuration YML
Add the Scan IAC Job to the Workflow
Working with results
Viewing results in the Snyk UI