SupportSnyk LearnAPI referenceProduct updatesSign up for free
Edit

Test your Integrated IaC files with Snyk CLI

To use the latest Integrated IaC, install Snyk CLI v1.1022.0 or later.

You can test your IaC files with Integrated IaC by using the Snyk CLI. There are some differences between Integrated IaC and the current IaC, which are summarized in the following table.

Current IaC support

Integrated IaC support

Terraform (single file)

Yes

Yes

Terraform (modules)

No

Yes

Terraform (plan)

Yes

Yes

CloudFormation

Yes

Yes

AWS CDK

Yes

Yes

Azure Resource Manager

Yes

Yes

Kubernetes

Yes

Coming soon

Although Integrated IaC provides better support for Terraform than the current IaC, line number information is not provided in scan results for the current IaC.

Stage 1: Test IaC files

Snyk Infrastructure as Code allows you to test your configuration files with the CLI. For information on how to use the snyk iac test command, see the snyk iac test command help.

An example of the output follows.

Snyk Infrastructure as Code

✔ Test completed.

Issues

Low Severity Issues: 1

  [Low] API Gateway access logging disabled
  Info:    Amazon Api Gateway access logging is not enabled. Audit records may not be available during investigation
  Rule:    https://snyk.io/security-rules/SNYK-CC-TF-138
  Path:    resource > aws_api_gateway_stage[denied] > access_log_settings
  File:    aws_api_gateway_stage_logging.tf
  Resolve: Set `access_log_settings` attribute

-------------------------------------------------------

Test Summary

  Organization: demo-org

✔ Files without issues: 0
✗ Files with issues: 1
  Invalid files: 0
  Ignored issues: 0
  Total issues: 1 [ 0 critical, 0 high, 0 medium, 1 low ]

The CLI for Integrated IaC can also scan Terraform modules, regardless of whether they are public or private. Run terraform init before running the snyk iac test command, and the CLI will read the generated .terraform files.

Stage 2: View IaC issues in the Snyk Web UI

You can use the snyk iac test CLI command to address known configuration issues.

To see these issues displayed in the Snyk Web UI, run the following CLI command:

snyk iac test myproject --report

An example of the output follows.

> snyk iac test myproject --report

Testing arm-file.tf...


Infrastructure as code issues:
  ✗ VM Agent is not provisioned automatically for Windows [Low Severity] [SNYK-CC-AZURE-667] in Compute
    introduced by resource > azurerm_virtual_machine[my_terraformvm] > os_profile_windows_config > provision_vm_agent


Organization:      my.org
Type:              Terraform
Target file:       arm-file.tf
Project name:      myproject
Open source:       no
Project path:      myproject

Tested arm-file.tf for known issues, found 1 issues

Your test results are available at: https://snyk.io/org/my.org/cloud/issues?environment_name=my.org

Follow the link in the CLI output to see your issues in the Snyk Web UI. To learn more about the cloud issues view, see View Cloud and Integrated IaC issues in the Snyk Web UI.

Stage 3: Fix IaC Issues

Act on the recommendations generated by Snyk IaC.

  1. After you have run a test, you can see all the relevant details about where that issue exists, as well as advice on how to remediate that issue.

  2. Fix the issue based on the remediation advice.

  3. Run another test to see if the issue has been resolved.

  4. Optional: View a list of all Integrated IaC and cloud context rules and adjust rule severity as needed. For more information, see Managing Cloud and Integrated IaC rules.

Get help

To get help, run snyk iac test --help or see the snyk iac test help in the documentation.

Get started with Terraform Cloud

To use Integrated IaC with Terraform Cloud, see Terraform Cloud for IaC.

PreviousGetting started with Integrated IaC in the Web UINextAdding cloud context to your Integrated IaC tests

Last updated

Was this helpful?

#4707: More info: Update pricing plans page

Change request updated