SupportAPI docsProduct updatesSign up for free
Search…
Snyk User Documentation
Introducing Snyk
Getting started
Snyk Web UI
Snyk CLI
Snyk API
Snyk for IDEs
Snyk Apps
Snyk Integrations
SNYK PRODUCTS
Snyk Open Source
Snyk Code
Snyk Container
Snyk Infrastructure as Code
Getting started with Snyk Infrastructure as Code (IaC)
Using Snyk IaC with the Web UI
Scan Terraform files
Scan CloudFormation files
Scan Kubernetes configuration files
Scan ARM configuration files
Snyk Infrastructure as code for self-hosted git (with Broker)
Snyk CLI for Infrastructure as Code
Jira Integration
View Infrastructure as Code issue reports
Build your own custom rules
Detect drift and manually created resources
Share CLI results with the Snyk Web UI
Disable IaC Scans per organization
Snyk Cloud
USING SNYK
Snyk Broker
User and group management
Fixing and prioritizing issues
Snyk reports
Snyk Tools
SNYK INFO
Disclosing vulnerabilities
How Snyk handles your data
Data residency at Snyk
Snyk feature release process
Snyk Partner workshops
Error Catalog
Powered By GitBook
Using Snyk IaC with the Web UI

Use Snyk IaC with the Snyk Web UI to find and fix issues in configuration files.
  1. 1.
    In your Projects area, select the project to open
  2. 2.
    Snyk IaC displays information and issue cards for that project:
Information available shows standard Snyk Project information (see Snyk Projects), including:
  • Snapshot information showing when the project was last tested.
  • Overview, History and Settings information. For example, use the History section to view previous snapshots of projects.
  • Filters on the left of the screen.

Each issue card shows specific details about that issue:
Card details include:
  • The severity level (for example, H for high) and the name of the issue (for example, Non-encrypted S3 Bucket).
  • The ID of the security rule (e.g. SNYK-CC-TF-4): click the link to view more information in the Snyk Security Rules.
  • A snippet of your code showing the exact area that is vulnerable.
  • The exact path of the issue.
  • More details, such as:
    • a short description of the issue
    • the impact of the issue
    • the remediation advice to resolve the issue
Click Full details to see a preview of the full code:
Click Ignore to ignore this vulnerability (see Ignore Issues)

  • Terraform Cloud and Helm will not show a code snippet, but just the card details. They will also not have a Full details button to show the preview of the full code. Examples:
Terraform Cloud
  • In some cases that we can not identify the exact line of the vulnerable path in the file, we will not show a code snippet, but an info message and the card details. If able to, we will show the Full details button so that a preview of the full code can be seen. Example:
Previous
Getting started with Snyk Infrastructure as Code (IaC)
Next
Scan Terraform files
Last modified 20d ago
Export as PDF
Copy link
Edit on GitHub
On this page
View project vulnerabilities
Issue card details
Notes