SupportAPI docsProduct updatesSign up for free
Search…
Snyk User Documentation
Introducing Snyk
Implementing Snyk in your teams
Getting started
Snyk Web UI
Snyk CLI
Snyk API
Snyk for IDEs
Snyk Apps
Snyk Integrations
SNYK PRODUCTS
Snyk Open Source
Snyk Code
Snyk Container
Snyk Infrastructure as Code
Getting started with Snyk Infrastructure as Code (IaC)
Using Snyk IaC via web
Scan Terraform files
Scan CloudFormation files
Scan Kubernetes configuration files
Scan ARM configuration files
Snyk Infrastructure as code for self-hosted git (with Broker)
Snyk CLI for Infrastructure as Code
Test your configuration files
IaC ignores using the .snyk policy file
Test your Terraform files with Snyk CLI
Test your CloudFormation files with Snyk CLI
Test your AWS CDK files with Snyk CLI
Test your Kubernetes files with Snyk CLI
Test your ARM files with Snyk CLI
Test your Kustomize files with Snyk CLI
Testing Helm charts with Snyk CLI
Understanding the IaC CLI test results
Snyk IaC CLI test results (v. 1.939.0 and later)
Snyk IaC CLI test results (v. 1.938.0 and earlier)
Jira Integration
View Infrastructure as Code issue reports
Build your own custom rules
Detect drift and manually created resources
Share CLI results with the Snyk Web UI
Disable IaC Scans
USING SNYK
Snyk Broker
User and group management
Fixing and prioritizing issues
Reports
Snyk Tools
SNYK INFO
Disclosing vulnerabilities
How Snyk handles your data
Snyk Partner workshops
Powered By GitBook
Snyk IaC CLI test results (v. 1.939.0 and later)
Note: The instructions in this section apply to any supported file format of Snyk Infrastructure as Code, including Terraform, Kubernetes, CloudFormation, and ARM.
Snyk CLI analyzes your configuration file for issues, and provides information and advices on how to resolve the discovered issues.
For example, when scanning a Terraform file, we enter the following command:
1
snyk iac test aws_api_gateway_stage_logging.tf
Copied!
Once the command run, the following results are received:
1
Snyk Infrastructure as Code
2
​
3
✔ Test completed.
4
​
5
Issues
6
​
7
Low Severity Issues: 1
8
​
9
[Low] API Gateway access logging disabled
10
Info: Amazon Api Gateway access logging is not enabled. Audit records may not be available during investigation
11
Rule: https://snyk.io/security-rules/SNYK-CC-TF-138
12
Path: resource > aws_api_gateway_stage[denied] > access_log_settings
13
File: aws_api_gateway_stage_logging.tf
14
Resolve: Set `access_log_settings` attribute
15
​
16
-------------------------------------------------------
17
​
18
Test Summary
19
​
20
Organization: demo-org
21
​
22
✔ Files without issues: 0
23
✗ Files with issues: 1
24
Invalid files: 0
25
Ignored issues: 0
26
Total issues: 1 [ 0 critical, 0 high, 0 medium, 1 low ]
Copied!
The results include a list of issues sorted by severity, where each issue consists of the following details:
  • Heading - the issue that was detected, and the severity level of that issue.
  • Info - a short description of the detected issue.
  • Rule - a link to the rule documentation.
  • Path - the property path within the configuration file, where the issue was identified. See the example below for more details.
For example**:** ****The path of the issue is specified as:
1
resource > aws_api_gateway_stage[denied] > access_log_settingsresource > aws_api_gateway_stage[denied] > access_log_settings
Copied!
In the following code, line 1 represents the content of the aws_api_gateway_stage block, called "denied", which is missing the access_log_settings field:
aws_api_gateway_stage_logging.tf
1
resource "aws_api_gateway_stage" "denied" {
2
xray_tracing_enabled = true
3
}
Copied!
  • File - the file where the issue is located.
  • Resolve - a short explanation on how to resolve the issue.
Previous
Understanding the IaC CLI test results
Next
Snyk IaC CLI test results (v. 1.938.0 and earlier)
Last modified 8d ago
Export as PDF
Copy link
Edit on GitHub