Scan Terraform with the Snyk Orb
This is an add-on module to the Infrastructure as Code 101 course in CircleCI Academy demonstrating how the Snyk Orb helps you easily scan for misconfigurations in your Terraform files.
Lab Meta
Difficulty: IntermediateTime to Complete: 15 minutes
Introduction
Terraform makes creating and tearing down cloud infrastructure as easy as writing configuration files. In the Infrastructure as Code course in the CircleCI Academy, you created a workflow that uses Terraform to create a GKE cluster and deploy an application into it as part of a continuous delivery pipeline.
According to the NSA, misconfigurations are the top Cloud vulnerability. In this add-on module, you'll add Snyk Infrastructure as Code into the workflow to reinforce secure IaC development practices, ensuring your Terraform files aren't configured in ways that open up your cluster, and the applications running in them, to risks caused by cloud misconfiguration. Let's begin!
Pre-Requisites:
Recommended Pre-Work
This lab assumes the following courses were completed in CircleCI Academy:
https://academy.circleci.com/infrastructure-as-code
academy.circleci.com
Infrastructure as Code 101 in the CircleCI Academy
https://academy.circleci.com/orbs-course
academy.circleci.com
Orbs in the CircleCI Academy
It's highly recommended you complete the courses before proceeding.
Sample Code
We'll use the same code used in the Infrastructure as Code course. It can be found on GitHub.
GitHub - datapunkz/learn_iac: Code examples for learn Infrastructure as Code Part01
GitHub
Snyk Account and Token
You'll need a Snyk Account to use the Snyk Orb. Create a Snyk API Token, then set an Environment Variable in CircleCI called SNYK_TOKEN with its value.
When ready, continue to the next page.
Last modified 1mo ago
Export as PDF
Copy link
Edit on GitHub