Getting started with Snyk Infrastructure as Code (IaC)

Get started with Snyk IaC to inspect, find, and fix issues in configuration files for Terraform, AWS CloudFormation, Kubernetes (including Helm), or Azure Resource Manager (ARM) environments.

This article includes specific documentation for Integrated IaC - a new version of Snyk IaC that is currently in closed beta - at the bottom of the page. Please reach out to your account team if you have questions.

This article describes a process using the Snyk Web UI. For details of using IaC with the Snyk CLI, see Snyk CLI for Infrastructure as Code.

Prerequisites

Ensure you have:

A Snyk account (go to https://snyk.io/ and sign up - see Create a Snyk account for details).
An existing Terraform, CloudFormation, Kubernetes, or ARM environment to work in.
Integrated your Git repository as for other Snyk products - see Git repository (SCM) integrations for more details.

For more details, see:

ARM configuration files can only be scanned via the Snyk CLI. See Scan ARM configuration files.

Stage 1: Import projects

Import Projects to test with Snyk by choosing repositories for Snyk to test and monitor.

Select Projects from the Snyk Web UI.
In the Add projects drop-down menu, select the tool to add the Project from (for example, GitHub).
In Personal and Organization repositories, select the repositories to use.
Click Add selected repositories to import the selected repositories into your projects.
Select View import Log to see import log results (you can scan multiple types of configuration files simultaneously).
Project import completes.

Snyk Infrastructure as Code Projects have a recurring test interval of 1 week. Recurring tests can be disabled on the Settings tab of the Project's page by setting Test & Automated Pull Request Frequency to Test never.

Stage 2: View configuration file issues

View results for configuration files in imported Projects by selecting Projects from the menu on the left.

If Group by targets is selected: A list of Targets is displayed. Select a Target to expand its list of Projects.
If Group by none is selected: A list of all Projects is displayed.

Each Project entry shows information for a scanned configuration file, including the number of critical, high, medium, and low severity issues found. For example:

Select a Project to see more information, including details of the issues in the configuration file:

An example Snyk IaC Project with a list of issues

If you encounter any errors during import, see Importing projects FAQs.

Stage 3: View and fix config files

Act on the recommendations produced by Snyk IaC. IaC results appear as issues in each Project.

From a Project page, select an issue to see the details for that issue and specific recommendations from Snyk IaC.
Edit the configuration file to fix the issue identified, based on the recommendations, then commit the change.
Snyk automatically rescans the changed file, and you can see the change reflected in the issue display.

For more information

See Using Snyk IaC with the Web UI and Snyk CLI for Infrastructure as Code.

PreviousSnyk Infrastructure as Code NextUsing Snyk IaC with the Web UI

Last updated 2 years ago

Was this helpful?