Introduction to IaC+
Feature availability
IaC+ is in Closed Beta and requires that you allow Snyk to clone an entire Git repository, for security analysis. To use IaC+, you must choose to use the feature in writing by email or a Slack message to your account team.
This page explains using IaC+ in the Snyk Web UI. For information about using IaC+ the Snyk CLI, see Test your IaC files with Snyk CLI.
Use IaC+ to find, view, and fix issues in cloud configuration files for Terraform, Kubernetes (except Helm, coming soon), AWS CloudFormation, and Azure Resource Manager (ARM) in your Git repositories.
You can scan your IaC files in Git repositories that are integrated with Snyk, much as you would with the original IaC. There are some differences, which are summarized in the following table.
| Original IaC support | IaC+ support |
Terraform (single file) | Yes | Yes |
Terraform (modules) | No | Yes |
Terraform (variables) | No | Yes |
CloudFormation | Yes | Yes |
Azure Resource Manager | Yes | Yes |
Kubernetes manifests | Yes | Yes |
Helm charts | Yes | Coming soon |
To start using IaC+ you must have the following:
- An existing Terraform, CloudFormation, or Azure Resource Manager environment to work in.
- Integration with your Git repository as for other Snyk products. For details, see Git repositories (SCMs).
If you want to add a new IaC+ Project from a Git repository that you have already imported, you must re-import the repository. This will not affect any of your existing Projects.
You will start by importing Projects you want to scan with Snyk. In these steps, you choose repositories for Snyk to test and re-test:
- 1.Log in to Snyk and on your dashboard, select Projects from the navigation.
- 2.On the Projects page, from the Add projects dropdown, select the SCM from which to add the Projects; for example, select GitHub.
- 3.From the list of Personal and Organization repositories, select the Git repositories you want to use.
- 4.Click Add selected repositories to add the selected repositories to Snyk. The import completes and the Projects page displays the Snyk Projects that have been added.
On the Projects page, ensure Group by targets is selected and navigate to the Target (Git repository) that contains the files for IaC+ to test.
You will see a single Infrastructure as Code issues Project. IaC+ generates only one Project in each repository, unlike the original IaC, which generates one Project for each configuration file.
IaC+ Project in your SCM repository
Click on the Infrastructure as Code Issues Project link to open a view of the IaC+ Issues UI, filtered to include only issues from the IaC+ environment that corresponds to your Project.
IaC+ Issues UI, filtered to show issues from the environment for your repository
Issues are grouped by rule. Expand the rule and select an issue to open its issue card. Each issue card has information about the following:
- The resource, including the location, cloud platform, such as aws, a link to the SCM file for fast fixes, and the input type, such as
tf_hclfor Terraform HCL. - The environment, providing details on the IaC+ environment that corresponds to your Project.
- The rule that failed, including a link to the Snyk security rules for additional information, such as specific remediation steps.
- The reason why your developers should fix this misconfiguration.
IaC+ issue card
Last modified 8d ago