Links

Getting started with Snyk Infrastructure as Code (IaC)

Get started with Snyk IaC to inspect, find, and fix issues in configuration files for Terraform, AWS CloudFormation, Kubernetes (including Helm), or Azure Resource Manager (ARM) environments.
This article describes a process using the Snyk Web UI. For details of using IaC with the Snyk CLI, see Snyk CLI for Infrastructure as Code. Note that ARM configuration files can only be scanned via the CLI.

Prerequisites

Ensure you have:
For more details, see:
ARM configuration files can only be scanned via the Snyk CLI. See Scan ARM configuration files.

Stage 1: Import projects

Import Projects to test with Snyk by choosing repositories for Snyk to test and monitor.
  1. 1.
    Select Projects from the Snyk Web UI.
  2. 2.
    In the Add projects drop-down menu, select the tool to add the Project from (for example, GitHub).
  3. 3.
    In Personal and Organization repositories, select the repositories to use.
  4. 4.
    Click Add selected repositories to import the selected repositories into your projects.
  5. 5.
    Select View import Log to see import log results (you can scan multiple types of configuration files simultaneously).
  6. 6.
    Project import completes.
Snyk Infrastructure as Code Projects have a recurring test interval of 1 week. Recurring tests can be disabled on the Settings tab of the Project's page by setting Test & Automated Pull Request Frequency to Test never.

Stage 2: View configuration file issues

View results for configuration files in imported Projects by selecting Projects from the menu on the left.
  • If Group by targets is selected: A list of Targets is displayed. Select a Target to expand its list of Projects.
  • If Group by none is selected: A list of all Projects is displayed.
Each Project entry shows information for a scanned configuration file, including the number of critical, high, medium, and low severity issues found. For example:
A list of Snyk IaC Projects
A list of Snyk IaC Projects
Select a Project to see more information, including details of the issues in the configuration file:
An example Snyk IaC Project with a list of issues
An example Snyk IaC Project with a list of issues
If you encounter any errors during import, see Importing projects FAQs.

Stage 3: View and fix config files

Act on the recommendations produced by Snyk IaC. IaC results appear as issues in each Project.
  1. 1.
    From a Project page, select an issue to see the details for that issue and specific recommendations from Snyk IaC.
  2. 2.
    Edit the configuration file to fix the issue identified, based on the recommendations, then commit the change.
  3. 3.
    Snyk automatically rescans the changed file, and you can see the change reflected in the issue display.
An example IaC issue within a Project
An example IaC issue within a Project

For more information

© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.