IaC custom rules

Snyk IaC includes a comprehensive list of security rules, covering AWS, Azure, GCP, and Kubernetes. These rules are based on security research, best practices, recognized standards, and benchmarks. They are actively maintained by Snyk’s security engineering team, and new rules are released on a regular basis.

These rules are intended to meet most of your needs on your first scan, but you may need to enforce additional security rules for your system, such as tagging standards.

Creating additional Snyk IaC Custom Rules

The IaC SDK helps security teams define their own rules, to be run by the Snyk CLI, providing feedback to developers.

Using this SDK, you can add your own custom rules to Snyk IaC to run alongside the standard provided rules, giving comprehensive security feedback to your development teams in one place.

This section provides initial instructions to help you use the Snyk Infrastructure as Code (IaC) SDK:

• Install the SDK

• Getting started with the SDK

• Use IaC custom rules with the Snyk CLI

• Integrating custom rules within a pipeline

• SDK reference

Snyk platform policies and Snyk IaC custom rules

The Snyk platform allows you to create your own policies to manage how you prioritize and triage the issues Snyk identifies during scanning. For example, you can define policies to change the priority of an issue from medium to high if it has specific attributes, or to bulk ignore issues if they meet certain criteria.

The Snyk IaC custom rules functionality enables you to define your own rules for misconfiguration checks that you would like to enforce. The result of a custom rule failing on a configuration file is generating an issue.