Getting started with Snyk Infrastructure as Code (IaC)

Get started with Snyk IaC to inspect, find, and fix issues in configuration files for Terraform, AWS CloudFormation, Kubernetes (including Helm), or Azure Resource Manager (ARM) environments.
This article describes a process using the Snyk Web UI. For details of using IaC with the Snyk CLI, see Snyk CLI for Infrastructure as Code. Note that ARM configuration files can only be scanned via the CLI.
Prerequisites
Ensure you have:
A Snyk account (go to https://snyk.io/ and sign up - see Create a Snyk account for details).
An existing Terraform, CloudFormation, Kubernetes, or ARM environment to work in.
Integrated your Git repository as for other Snyk products - see Git repository (SCM) integrations for more details.
For more details, see:
​Configure your integration to find security issues in your Terraform files​
​Configure your integration to find security issues in your CloudFormation files​
​Configure your integration to find security issues in your Kubernetes configuration files​
ARM configuration files can only be scanned via the Snyk CLI. See Scan ARM configuration files.
Stage 1: Import projects
Import Projects to test with Snyk by choosing repositories for Snyk to test and monitor.
1.Select Projects from the Snyk Web UI.
2.In the Add projects drop-down menu, select the tool to add the Project from (for example, GitHub).
3.In Personal and Organization repositories, select the repositories to use.
4.Click Add selected repositories to import the selected repositories into your projects.
5.Select View import Log to see import log results (you can scan multiple types of configuration files simultaneously).
6.Project import completes.
Snyk Infrastructure as Code Projects have a recurring test interval of 1 week. Recurring tests can be disabled on the Settings tab of the Project's page by setting Test & Automated Pull Request Frequency to Test never.
Stage 2: View configuration file issues
View results for configuration files in imported Projects by selecting Projects from the menu on the left.
If Group by targets is selected: A list of Targets is displayed. Select a Target to expand its list of Projects.
If Group by none is selected: A list of all Projects is displayed.
Each Project entry shows information for a scanned configuration file, including the number of critical, high, medium, and low severity issues found. For example:
A list of Snyk IaC Projects
Select a Project to see more information, including details of the issues in the configuration file:
An example Snyk IaC Project with a list of issues
If you encounter any errors during import, see Importing projects FAQs.
Stage 3: View and fix config files
Act on the recommendations produced by Snyk IaC. IaC results appear as issues in each Project.
1.From a Project page, select an issue to see the details for that issue and specific recommendations from Snyk IaC.
2.Edit the configuration file to fix the issue identified, based on the recommendations, then commit the change.
3.Snyk automatically rescans the changed file, and you can see the change reflected in the issue display.
An example IaC issue within a Project
For more information
See Using Snyk IaC with the Web UI and Snyk CLI for Infrastructure as Code.

Snyk Infrastructure as Code

Using Snyk IaC with the Web UI

Last modified 4d ago