Build your own custom rules
Snyk IaC includes a comprehensive list of security rules, covering AWS, Azure, GCP & Kubernetes. These rules are based on security research, best practices and recognised standards and benchmarks. They are actively maintained by Snyk’s security engineering team and new rules are released on a regular basis.
These rules aim to meet the majority of your needs on your first scan, but you may need to enforce additional security rules for your system, such as tagging standards.

Creating additional Snyk IaC Custom Rules

The IaC SDK helps security teams define their own rules, to be run by the Snyk CLI giving feedback to developers.
Using this SDK, you can add your own custom rules to Snyk IaC, to run alongside the standard provided rules, giving comprehensive security feedback to your development teams in one place.
Initial instructions to get you started with the Snyk Infrastructure as Code (IaC) SDK:
End to end flow of writing your own custom rules to distributing and using them to scan files with the Snyk CLI

Snyk platform policies and Snyk IaC custom rules

Summary:
  • Snyk platform policies: manage issues
  • Snyk IaC custom rules: generate issues
The Snyk platform allows you to create your own policies, to manage how you prioritize and triage the issues Snyk identifies during scanning. For example, you can define policies to change the priority of an issue from medium to high if it has specific attributes, or to bulk ignore issues if they meet certain criteria.
The Snyk IaC custom rules functionality enables you to define your own rules for misconfiguration checks that you would like to enforce. The result of a custom rule failing on a configuration file will generate an issue.
\
Export as PDF
Copy link
Edit on GitHub
Contents