Snyk IaC

Release status

IaC+ is in Early Access and available only for Enterprise plans.

To enable the feature, see Snyk Preview.

With Snyk Infrastructure as Code (IaC), you can secure cloud infrastructure configurations before and after deployment. There are two version of Snyk IaC available today:

  • Current IaC: The generally available version of Snyk IaC.

  • IaC+: A new version of Snyk IaC that is currently in early access. It includes more accurate results, an expanded security ruleset, and code-to-cloud capabilities.

With both versions of Snyk IaC, you can:

IaC+ is built on a new engine and ruleset that also powers Snyk IaC’s cloud scanning capabilities. IaC+ enables the following improvements vs. Current IaC:

  • Includes consistent support for languages - such as Azure Resource Manager - across all IaC workflows.

  • Adds multi-file analysis for Terraform (support for modules and variables files).

  • Utilizes an expanded security ruleset that is mapped to more than a dozen compliance standards (CIS Benchmarks, PCI, SOC 2, and more).

  • Supports custom rules with Rego that are managed in the Snyk platform, and work consistently across all IaC workflows.

  • Introduces projects (for SCM) that capture issues for an entire repository, instead of only for a single IaC file - in alignment with Snyk Code.

  • Supports recurring (daily or weekly) scans for IaC+ SCM projects.

  • Utilizes a new organization-wide Cloud Issues page for IaC+ and cloud issues that enables users to group issues by rule or resource, filter and inspect the configuration of relevant resources for a given issue, and take action on issues.

IaC+ also adds support for “code to cloud” use cases that work with Snyk IaC’s ability to onboard, scan, and test deployed cloud environments:

  • Fix Cloud issues directly in the IaC source code that was used to deploy the misconfigured cloud resources by linking a cloud issue to the underlying IaC template with an SCM source code link.

  • Suppress false positives in IaC tests by applying context from deployed infrastructure.

  • For Terraform - the same custom rule applies across the entire SDLC for all workflows (IaC to cloud).

  • View an inventory of IaC and cloud resources generated from your IaC files via the resources API.

For a list of supported IaC languages and cloud providers, see Supported IaC and cloud providers.

Last updated

More information

Snyk privacy policy

© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.