Snyk CLI for Infrastructure as Code

Overview
To use the CLI you must first install it and then authenticate.
With Snyk Infrastructure as Code, you can test your configuration files directly from the CLI. See the following pages for details:
​Test your configuration files​
​IaC ignores using the .snyk policy file​
​Test your Terraform files with Snyk CLI​
​Test your CloudFormation files with Snyk CLI​
​Test your AWS CDK files with Snyk CLI​
​Test your Kubernetes files with Snyk CLI​
​Test your ARM files with Snyk CLI​
You can also test the following types of files:
​Kustomize files​
​Helm charts​
See Understanding the CLI output for information about using the reports.
Regularly testing IaC files
Currently, there is no equivalent command to snyk monitor for Snyk IaC because the CLI does not send IaC source files back to the platform for periodic testing.
For IaC CLI results to appear in the Snyk Web UI, you can use the snyk iac test --report command to capture a one-time snapshot. Optionally, run the command on a recurring schedule to regularly test your IaC.
Alternatively, you can add an SCM integration and Snyk will monitor and test a given git repository on a recurring basis.
​
Using Snyk behind a proxy
If you are using a proxy, see Proxy configuration for Snyk CLI.

For IaC scans specifically, you must also whitelist the *.snyk.io address, as explained on the page How can we whitelist Snyk IP addresses?​

Snyk Infrastructure as code for self-hosted git (with Broker)

Test your configuration files

Last modified 49m ago

Export as PDF

Copy link

Edit on GitHub

On this page

Overview

Regularly testing IaC files

Using Snyk behind a proxy