Test your IaC files with the Snyk CLI

To use the latest IaC+, install Snyk CLI v1.1022.0 or later.
You can test your IaC files by using the Snyk CLI. There are some differences between IaC+ and the current IaC, which are summarized in the following table.
Current IaC support
IaC+ support
Terraform (single file)
Terraform (modules)
Terraform (plan)
Azure Resource Manager
Coming soon
Although IaC+ provides better support for Terraform than the current IaC, line number information is not provided in scan results for the current IaC.

Stage 1: Test IaC files

Snyk Infrastructure as Code allows you to test your configuration files with the CLI. For information on how to use the snyk iac test command, see the snyk iac test command help.
An example of the output follows.
Snyk Infrastructure as Code
✔ Test completed.
Low Severity Issues: 1
[Low] API Gateway access logging disabled
Info: Amazon Api Gateway access logging is not enabled. Audit records may not be available during investigation
Path: resource > aws_api_gateway_stage[denied] > access_log_settings
Resolve: Set `access_log_settings` attribute
Test Summary
Organization: demo-org
✔ Files without issues: 0
✗ Files with issues: 1
Invalid files: 0
Ignored issues: 0
Total issues: 1 [ 0 critical, 0 high, 0 medium, 1 low ]
The CLI for IaC can also scan Terraform modules, regardless of whether they are public or private. Run terraform init before running the snyk iac test command, and the CLI will read the generated .terraform files.

Stage 2: View IaC issues in the Snyk Web UI

You can use the snyk iac test CLI command to address known configuration issues.
To see these issues displayed in the Snyk Web UI, run the following CLI command:
snyk iac test myproject --report
An example of the output follows.
> snyk iac test myproject --report
Infrastructure as code issues:
✗ VM Agent is not provisioned automatically for Windows [Low Severity] [SNYK-CC-AZURE-667] in Compute
introduced by resource > azurerm_virtual_machine[my_terraformvm] > os_profile_windows_config > provision_vm_agent
Type: Terraform
Target file:
Project name: myproject
Open source: no
Project path: myproject
Tested for known issues, found 1 issues
Your test results are available at:
Follow the link in the CLI output to see your issues in the Snyk Web UI. To learn more about the cloud issues view, see View Cloud and IaC+ issues in the Snyk Web UI.

Stage 3: Fix IaC issues

Act on the recommendations generated by Snyk IaC+.
  1. 1.
    After you have run a test, you can see all the relevant details about where that issue exists, as well as advice on how to remediate that issue.
  2. 2.
    Fix the issue based on the remediation advice.
  3. 3.
    Run another test to see if the issue has been resolved.
  4. 4.
    Optional: View a list of all IaC+ and cloud context rules and adjust rule severity as needed. For more information, see Managing Cloud and IaC+ rules.

Get help

To get help, run snyk iac test --help or see the snyk iac test help in the documentation.

Get started with Terraform Cloud

To use IaC+ with Terraform Cloud, see Terraform Cloud for IaC.