SupportAPI docsProduct updatesSign up for free
Search…
Snyk User Documentation
Introducing Snyk
Getting started
Snyk CLI
Snyk API
Snyk for IDEs
Snyk Apps
Snyk Integrations
SNYK PRODUCTS
Snyk Open Source
Snyk Code
Snyk Container
Snyk Infrastructure as Code
Getting started with Snyk Infrastructure as Code (IaC)
Using Snyk IaC via web
Scan Terraform files
Scan CloudFormation files
Scan Kubernetes configuration files
Scan ARM configuration files
Snyk Infrastructure as code for self-hosted git (with Broker)
Snyk CLI for Infrastructure as Code
Jira Integration
View Infrastructure as Code issue reports
Build your own custom rules
Detect drift and manually created resources
Share CLI results with the Snyk Web UI
USING SNYK
Snyk Broker
User and group management
Fixing and prioritizing issues
Reports
More Snyk Tools
SNYK INFO
Disclosing vulnerabilities
How Snyk handles your data
SNYK TUTORIALS
Getting Started
Amazon Web Services
Atlassian
CircleCI
Docker
Dynatrace
GCP
GitHub
Microsoft Azure
Oracle Cloud Infrastructure
Red Hat
SpringOne
Powered By GitBook
Using Snyk IaC via web

View project vulnerabilities

Use Snyk IaC with the standard Snyk web interface to find and fix issues in configuration files.
  1. 1.
    In your Projects area, select the project to open
  2. 2.
    Snyk IaC displays information and issue cards for that project:
Information available shows standard Snyk project information (see Introduction to Snyk targets and projects), including:
  • Snapshot information showing when the project was last tested.
  • Overview, History and Settings information. For example, use the History section to view previous snapshots of projects.
  • Filters on the left of the screen.

Issue card details

Each issue card shows specific details about that issue:
Card details include:
  • The severity level (for example, H for high) and the name of the issue (for example, Non-encrypted S3 Bucket).
  • The ID of the security rule (e.g. SNYK-CC-TF-4): click the link to view more information in the Snyk Security Rules.
  • A snippet of your code showing the exact area that is vulnerable.
  • The exact path of the issue.
  • More details, such as:
    • a short description of the issue
    • the impact of the issue
    • the remediation advice to resolve the issue
  • Click Ignore to ignore this vulnerability (see Ignore Issues)

Notes

  • Terraform Cloud and Helm will not show a code snippet, but just the card details. Examples:
Helm
Terraform Cloud
  • In some cases that we can not identify the exact line of the vulnerable path in the file, we will not show a code snippet, but an info message and the card details. Example:
Previous
Getting started with Snyk Infrastructure as Code (IaC)
Next
Scan Terraform files
Last modified 16d ago
Export as PDF
Copy link
Edit on GitHub
Contents
View project vulnerabilities
Issue card details
Notes