Start using Snyk IaC
The information on this page applies to the original IaC and to IaC+, with some exceptions. If you are using the original IaC, follow the steps on this page. If you are using IaC+, see Getting started with IaC+.
Before using Snyk IaC, be sure you have the prerequisites as follows:
For more information about IaC and supported environments, see the following pages:
- 1.Log in to Snyk and on your dashboard, select Projects from the navigation.
- 2.On the Projects page, from the Add projects dropdown, select the SCM where the repositories and projects are that you want to scan, for example, select GitHub.
- 3.From the list of Personal and Organization repositories, select the Git respsitories and projects you want to import for scanning. You can select one or more repositories or projects in a repository.
- 4.Click Add selected repositories to import the selected SCM projects and repositories into Snyk.
- 5.Select View import Log to see the results on the import log. You can scan multiple types of configuration files simultaneously. The import completes and the Projects page displays the Snyk Project imported.
After you have imported an IaC Project, Snyk re-tests your Project once a week by default. You can de-activate recurring tests on the Settings tab of the Projects page; Set Test & Automated Pull Request Frequency to Test never.
On the Projects page, you can view the results for configuration files in the imported Projects.
In your Projects listing, select the Project to open to display detailed information about that Project.
List os Snyk Projects
Each Project detail page has a snapshot showing when the Project was last tested, the name of the user who imported the Project, and, on the Issues tab, the number of critical, high, medium, and low-severity issues found and issue cards for each scanned configuration file. You can also select the Overview, History, and Settings options. Choose History to see previous snapshots of the Project.
Snyk Project issue card
Each issue card shows information about the resource and the path by which it was introduced.
Issue card details
The information on the issue cards includes the following:
- The severity level, for example, H for high, and the name of the issue, for example, Non-encrypted S3 Bucket
- A snippet of your code showing the exact area that is vulnerable
- The exact path of the issue
- More details, such as:
- brief description of the issue
- impact of the issue
- remediation advice to resolve the issue
Click Full details to see a preview of the full code:
Preview of the full code
The steps to act on recommendations produced by Snyk IaC follow.
- 1.On a Project detail page, select an issue to see the details for that issue and specific recommendations from Snyk IaC.
- 2.Based on the recommendations, edit the configuration file to fix the issue identified and then commit the change. Snyk automatically rescans the changed file.
- 3.View the change reflected in the issue display.
Example of an IaC issues that has been fixed