Add the Snyk Orb to your CircleCI Config
In the CircleCI Academy Orbs module you learned about Orbs, packages of configuration that simplify your builds. Snyk's Orb exposes the Snyk CLI, allowing you to find and fix known vulnerabilities in app dependencies, container images, and infrastructure as code.
In your fork of the learn-iac repo, open the
.circleci/config.yml file. Add the Snyk Orb to the top replacing @x.y.z with the latest version of the Snyk Orb from the Orb Registry.Adding the Orb exposes the
snyk commands and jobs to your workflow. Consider your requirements when choosing where in the workflow to add them.For this example, add the
snyk/scan-iac job before the gke-create-cluster job to check Terraform files are correctly configured before creating the cloud infrastructure. The args parameter points to which files to check for misconfigurations and can also be used to pass other Snyk CLI arguments.workflows:
build_test:
jobs:
- run_tests
- build_docker_image
- snyk/scan-iac:
args: part03/iac_gke_cluster/
- gke_create_cluster:
requires:
- run_tests
- build_docker_image
- snyk/scan-iac
Snyk Infrastructure as Code can also check Kubernetes and AWS CloudFormation files for misconfigurations. Learn more in the Snyk IAC documentation.
When ready, commit and merge your changes to trigger the workflow run.
When the workflow runs, the output will be displayed in your CircleCI project run. The job fails because issues are found in the
main.tf file scanned.Snyk Orb output in the CircleCI UI
Visit Understanding configuration scan issues in the Snyk Docs to learn more about interpreting the output of the Snyk IAC CLI powering the Snyk Orb.
Import your fork of the
learn-iac repo to the Snyk UI using the GitHub integration. Visit the Snyk IAC documentation to learn how. Once imported, you'll see the manifest files in the Snyk UI.Clicking on the
main.tf file will show you an in-line view of the issues found, with additional information such as the impact of the configuration and how to fix it.In the next section we'll show how you can tune this analysis to adjust the test's pass/fail criteria.
Last modified 5mo ago