Comment on page
Scan infrastructure

Feature availability
IaC+ is a new version of Snyk IaC that includes more accurate results, an expanded security ruleset, and code to cloud capabilities. IaC+ is now in early access via Snyk Preview.
With Snyk Infrastructure as Code (IaC), you can secure cloud infrastructure configurations before and after deployment. There are two version of Snyk IaC available today:
Current IaC: The generally available version of Snyk IaC
IaC+: A new version of Snyk IaC that is currently in early access
With both versions of Snyk IaC, you can:
Write secure configurations for HashiCorp Terraform, AWS CloudFormation, Kubernetes, and Azure Resource Manager (ARM) - for IDE, SCM, CLI, and Terraform Cloud/Enterprise workflows.
View issues and receive fix advice so you can make changes directly to code, before applications reach production.
​Detect drift and manually created resources in your cloud.
Onboard, scan, and test deployed cloud environments for misconfigurations for AWS, Azure, and Google Cloud environments.
IaC+ is built on a new engine and ruleset that also powers Snyk IaC’s cloud scanning capabilities. IaC+ enables the following improvements vs. Current IaC:
Includes consistent support for languages - such as Azure Resource Manager - across all IaC workflows.
Adds multi-file analysis for Terraform (support for modules and variables files).
Utilizes an expanded security ruleset that is mapped to more than a dozen compliance standards (CIS Benchmarks, PCI, SOC 2, and more).
Supports custom rules with Rego that are managed in the Snyk platform, and work consistently across all IaC workflows.
Introduces projects (for SCM) that capture issues for an entire repository, instead of only for a single IaC file - in alignment with Snyk Code.
Supports recurring (daily or weekly) scans for IaC+ SCM projects.
Utilizes a new organization-wide Cloud Issues page for IaC+ and cloud issues that enables users to group issues by rule or resource, filter and inspect the configuration of relevant resources for a given issue, and take action on issues.
IaC+ also adds support for “code to cloud” use cases that work with Snyk IaC’s ability to onboard, scan, and test deployed cloud environments:
​Fix Cloud issues directly in the IaC source code that was used to deploy the misconfigured cloud resources by linking a cloud issue to the underlying IaC template with an SCM source code link.
Suppress false positives in IaC tests by applying context from deployed infrastructure.
For Terraform - the same custom rule applies across the entire SDLC for all workflows (IaC to cloud).
View an inventory of IaC and cloud resources generated from your IaC files via the resources API.
For a list of supported IaC languages and cloud providers, see Supported IaC and cloud providers.
Integrate with self-hosted container registries (Broker)
Supported IaC languages, cloud providers, and cloud resources
Last modified 27d ago