Using Snyk IaC via web

View project vulnerabilities

Use Snyk IaC with the standard Snyk web interface to find and fix issues in configuration files.
  1. 1.
    In your Projects area, select the project to open
  2. 2.
    Snyk IaC displays information and issue cards for that project:
Information available shows standard Snyk project information (see Introduction to Snyk targets and projects), including:
  • Snapshot information showing when the project was last tested.
  • Overview, History and Settings information. For example, use the History section to view previous snapshots of projects.
  • Filters on the left of the screen.

Issue card details

Each issue card shows specific details about that issue:
Card details include:
  • The severity level (for example, H for high) and the name of the issue (for example, Non-encrypted S3 Bucket).
  • The ID of the security rule (e.g. SNYK-CC-TF-4): click the link to view more information in the Snyk Security Rules.
  • A snippet of your code showing the exact area that is vulnerable.
  • The exact path of the issue.
  • More details, such as:
    • a short description of the issue
    • the impact of the issue
    • the remediation advice to resolve the issue
  • Click Ignore to ignore this vulnerability (see Ignore Issues)

Notes

  • Terraform Cloud and Helm will not show a code snippet, but just the card details. Examples:
Helm
Terraform Cloud
  • In some cases that we can not identify the exact line of the vulnerable path in the file, we will not show a code snippet, but an info message and the card details. Example:
Export as PDF
Copy link
Edit on GitHub