Scan Terraform with the Snyk Orb
This is an add-on module to the Infrastructure as Code 101 course in CircleCI Academy demonstrating how the Snyk Orb helps you easily scan for misconfigurations in your Terraform files.

Lab Meta

Difficulty: Intermediate
Time to Complete: 15 minutes

Introduction

Terraform makes creating and tearing down cloud infrastructure as easy as writing configuration files. In the Infrastructure as Code course in the CircleCI Academy, you created a workflow that uses Terraform to create a GKE cluster and deploy an application into it as part of a continuous delivery pipeline.
According to the NSA, misconfigurations are the top Cloud vulnerability. In this add-on module, you'll add Snyk Infrastructure as Code into the workflow to reinforce secure IaC development practices, ensuring your Terraform files aren't configured in ways that open up your cluster, and the applications running in them, to risks caused by cloud misconfiguration. Let's begin!

Pre-Requisites:

This lab assumes the following courses were completed in CircleCI Academy:
https://academy.circleci.com/infrastructure-as-code
academy.circleci.com
Infrastructure as Code 101 in the CircleCI Academy
https://academy.circleci.com/orbs-course
academy.circleci.com
Orbs in the CircleCI Academy
It's highly recommended you complete the courses before proceeding.

Sample Code

We'll use the same code used in the Infrastructure as Code course. It can be found on GitHub.
GitHub - datapunkz/learn_iac: Code examples for learn Infrastructure as Code Part01
GitHub

Snyk Account and Token

You'll need a Snyk Account to use the Snyk Orb. Create a Snyk API Token, then set an Environment Variable in CircleCI called SNYK_TOKEN with its value.
When ready, continue to the next page.
Last modified 1mo ago