Getting started with IaC+ and cloud scans

Use IaC+ to find, view, and fix issues in cloud configuration files for Terraform, Kubernetes (except Helm, coming soon), AWS CloudFormation, and Azure Resource Manager (ARM) in your Git repositories.

Use Snyk IaC cloud scans to find, view, and fix issues in deployed cloud resource configurations for AWS, Azure, and Google Cloud.

This page explains using IaC+ and cloud scans in the Snyk Web UI. For information about using IaC+ with the Snyk CLI, see Test your IaC files.

Prerequisites for IaC+ and cloud scans

To start using IaC+ you must have the following:

• A Snyk account. For details, see Create a Snyk account.

• Belong to an Organization that has Snyk IaC on the enterprise plan.

• An existing Terraform, CloudFormation, or Azure Resource Manager environment to work in, or deployed AWS, Azure, or Google Cloud account to onboard.

• Integration with your Git repository as for other Snyk products. For details, see Git repositories (SCMs).

Import IaC+ SCM repositories

You will start by importing SCM repositories as Projects you want to scan with Snyk. In these steps, you choose repositories for Snyk to test and re-test:

1. Log in to Snyk and on your dashboard, select Projects from the navigation.

2. On the Projects page, from the Add projects dropdown, select the SCM from which to add the Projects; for example, select GitHub.

3. From the list of Personal and Organization repositories, select the Git repositories you want to use.

4. Click Add selected repositories to add the selected repositories to Snyk. The import completes and the Projects page displays the Snyk Projects that have been added.

View IaC+ SCM projects

On the Projects page, ensure Group by targets is selected and navigate to the Target (Git repository) that contains the files for IaC+ to test.

You will see a single Infrastructure as Code issues Project. IaC+ generates only one Project in each repository, unlike current IaC, which generates one Project for each configuration file.

Configure recurring scans (daily, weekly, or never)

By default, IaC+ SCM Projects are scheduled for weekly scans. On an IaC+ SCM Project Settings page, you can configure an IaC+ SCM Project to have recurring scans be daily, weekly, or never.

Import cloud environments

Navigate to your Organization Settings (cog icon) > Cloud environments.

The cloud environments table displays the following information for each environment:

To import a cloud environment, select the Add environment drop-down and select the cloud provider. Follow the steps in AWS Integration: Web UI, Google Cloud Integration: Web UI, or Azure Integration: Web UI to create the environment.

You can also import an environment using the Snyk API:

• AWS Integration: API

• Google Cloud Integration: API

• Azure Integration: API

View IaC+ and cloud issues

Click on the Infrastructure as Code Issues Project link to open a view of the cloud issues page, filtered to include only issues from the IaC+ environment that corresponds to your Project.

Issues are grouped by rule. Expand the rule and select an issue to open its issue card. Each issue card has information about the following:

• The resource, including the location, cloud platform, such as aws, a link to the SCM file for fast fixes, and the input type, such as tf_hcl for Terraform HCL.

• The environment, providing details on the IaC+ environment that corresponds to your Project.

• The rule that failed, including a link to the Snyk security rules for additional information, such as specific remediation steps.

• The reason why your developers should fix this misconfiguration.