Getting started with Snyk IaC in the Web UI (Integrated IaC)
Feature availability This feature is in closed beta, and requires allowing Snyk to clone an entire git repository for security analysis. To enable this feature, you will need to opt-in to this feature in writing with your account team via email or Slack.
Use Snyk Integrated Infrastructure as Code to inspect, find, and fix issues in cloud configuration files for Terraform and AWS CloudFormation and Azure Resource Manager (ARM) in your Git repositories, with support for Kubernetes coming soon.
You can test your IaC files in Git repositories found via SCM integrations with Integrated IaC, much like you would with Current IaC. There are some differences, which are summarized in the following table.
Current IaC support
Integrated IaC support
Terraform (single file)
Yes
Yes
Terraform (modules)
No
Yes
Terraform (variables)
No
Yes
CloudFormation
Yes
Yes
Azure Resource Manager
Yes
Yes
Kubernetes manifests
Yes
Coming soon
Helm charts
Yes
Coming soon
Prerequisites
To start using Integrated IaC, you need the following:
A Snyk account (go to https://snyk.io/ and sign up - see Create a Snyk account for details).
An existing Terraform, CloudFormation, or Azure Resource Manager environment to work in.
Integration with your Git repository as for other Snyk products; see Git repository (SCM) integrations for more details.
Stage 1: Import projects
If you want to add a new Integrated IaC project from an SCM repository that you've already imported, you will need to re-import the repository. This will not affect any existing projects that you have.
Import Projects to test with Snyk by choosing repositories for Snyk to test and monitor.
Select Projects from the Snyk Web UI.
In the Add projects drop-down menu, select the tool to add the Project from (for example, GitHub).
In Personal and Organization repositories, select the repositories to use.
Click Add selected repositories to import the selected repositories into your projects.
Project import completes.
Stage 2: View Integrated IaC projects
On the Projects page, navigate to the appropriate target (git repository) that contains IaC files for Snyk to test. You will see a single "Infrastructure as Code issues" project - Snyk Integrated IaC will only generate one project per repository, unlike Current IaC, which will generate one project per IaC file.
Stage 3: View Integrated IaC issues on the Cloud Issues UI
Clicking on the "Infrastructure as Code Issues" link will take you to a filtered view of the Cloud Issues UI, to include only issues from the corresponding Integrated IaC Environment that aligns with your Project.
Expanding the grouped issues, and selecting a given issue will open an Issue Card, that includes information on:
The resource - including the location, cloud platform (such as "aws") with a link to the SCM file in question for faster fixes, as well as the input type (such as "tf_hcl" for Terraform HCL).
The environment - providing details on the Integrated IaC environment that corresponds to your Git repository.
The rule that failed - including a link to Snyk's security rules documentation for additional information, such as specific remediation steps.
Why your developer should fix this particular misconfiguration.
Last updated
Was this helpful?