Snyk CLI for IaC

Overview

To use the CLI, you must first install it and then authenticate.

With Snyk Infrastructure as Code, you can test your configuration files directly from the CLI. See the following pages for details:

Test your IaC files
Share CLI results with the Snyk Web UI
IaC ignores using the .snyk policy file
IaC exclusions using the command line
Understanding the IaC CLI test results (has information about reports)

Regularly testing IaC files

Snyk Infrastructure as Code has no equivalent command to snyk monitor because the CLI does not send IaC source files back to the platform for periodic testing.

For IaC CLI results to appear in the Snyk Web UI, use snyk iac test --report to capture a one-time snapshot. Optionally, run the command on a recurring schedule to regularly test your IaC files.

Alternatively, you can add an SCM integration, and Snyk will monitor and test a given Git repository on a recurring basis.

Using Snyk behind a proxy

If you are using a proxy, see Proxy configuration for Snyk CLI.

For IaC scans specifically, you must also whitelist the *.snyk.io address, as explained on the page How can we allowlist Snyk IP addresses?

PreviousAdvanced use of Snyk Container CLI NextTest your IaC files

Last updated 1 month ago

Was this helpful?