Getting started with Integrated IaC in the Web UI

This page describes a process using the Snyk Web UI. For details on using Integrated IaC with the Snyk CLI, see Test your Integrated IaC files with Snyk CLI.

Feature availability This feature is in closed beta, and requires allowing Snyk to clone an entire Git repository for security analysis. To enable this feature, you must opt-in to this feature in writing with your account team via email or Slack.

Use Snyk Integrated Infrastructure as Code to inspect, find, and fix issues in cloud configuration files for Terraform and AWS CloudFormation and Azure Resource Manager (ARM) in your Git repositories. Support for Kubernetes is coming soon.

You can test your IaC files in Git repositories found via SCM integrations with Integrated IaC, much like you would with the current IaC. There are some differences, which are summarized in the following table.

Current IaC support

Integrated IaC support

Terraform (single file)

Yes

Terraform (modules)

Yes

Terraform (variables)

Yes

CloudFormation

Yes

Azure Resource Manager

Yes

Kubernetes manifests

Yes

Coming soon

Helm charts

Yes

Coming soon

Prerequisites for Integrated IaC

To start using Integrated IaC, you need the following:

A Snyk account; go to https://snyk.io/ and sign up. See Create a Snyk account for details.
An existing Terraform, CloudFormation, or Azure Resource Manager environment to work in.
Integration with your Git repository as for other Snyk products; see Git repository (SCM) integrations for more details.

Stage 1: Import Projects

If you want to add a new Integrated IaC Project from an SCM repository that you have already imported, you must re-import the repository. This will not affect any of your existing Projects

Import Projects to test with Snyk by choosing repositories for Snyk to test and monitor.

Select Projects from the Snyk Web UI.
In the Add projects drop-down menu, select the SCM to add the Project from, for example, GitHub.
In Personal and Organization repositories, select the repositories to use.
Click Add selected repositories to import the selected repositories into your Projects. Project import completes.

Stage 2: View Integrated IaC Projects

On the Projects page, navigate to the appropriate target (Git repository) that contains IaC files for Snyk to test. You will see a single Infrastructure as Code issues Project. Snyk Integrated IaC generates only one Project per repository, unlike the current IaC, which generates one Project per IaC file.

Integrated IaC project for your SCM Git repository

Stage 3: View Integrated IaC issues in the Cloud Issues UI

Clicking on the Infrastructure as Code Issues link opens a filtered view of the Cloud Issues UI, to include only issues from the corresponding Integrated IaC environment that aligns with your Project.

Cloud Issues UI, filtered to the specific environment for your SCM Git repository

Expanding the grouped issue and selecting a given issue opens an Issue Card, that includes information on:

The resource - including the location, cloud platform (such as aws) with a link to the SCM file in question for faster fixes, as well as the input type (such as tf_hcl for Terraform HCL).
The environment - providing details on the Integrated IaC environment that corresponds to your Git repository.
The rule that failed - including a link to Snyk's security rules documentation for additional information, such as specific remediation steps.
Why your developer should fix this particular misconfiguration.

PreviousKey concepts in Integrated IaC with cloud context NextTest your Integrated IaC files with Snyk CLI

Last updated 2 years ago

Was this helpful?