Using Snyk IaC with the Web UI
- 1.In your Projects area, select the project to open
- 2.Snyk IaC displays information and issue cards for that project:
- Snapshot information showing when the project was last tested.
- Overview, History and Settings information. For example, use the History section to view previous snapshots of projects.
- Filters on the left of the screen.
Each issue card shows specific details about that issue:
Card details include:
- The severity level (for example, H for high) and the name of the issue (for example, Non-encrypted S3 Bucket).
- The ID of the security rule (e.g. SNYK-CC-TF-4): click the link to view more information in the Snyk Security Rules.
- A snippet of your code showing the exact area that is vulnerable.
- The exact path of the issue.
- More details, such as:
- a short description of the issue
- the impact of the issue
- the remediation advice to resolve the issue
Click Full details to see a preview of the full code:
- Terraform Cloud and Helm will not show a code snippet, but just the card details. They will also not have a Full details button to show the preview of the full code. Examples:
%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(2).png?alt=media)
%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(1)%20(3).png?alt=media)
Terraform Cloud
- In some cases that we can not identify the exact line of the vulnerable path in the file, we will not show a code snippet, but an info message and the card details. If able to, we will show the Full details button so that a preview of the full code can be seen. Example:
