Getting started with Snyk Infrastructure as Code (IaC)

This page explains how to get started with Snyk IaC to inspect, find, and fix issues in configuration files for Terraform, AWS CloudFormation, Kubernetes (including Helm), and Azure Resource Manager (ARM) environments. The process explained here uses the Snyk Web UI. You can use IaC with the Snyk CLI. For details, see Snyk CLI for Infrastructure as Code. To learn more about IaC in the Snyk Web UI, See Using Snyk IaC with the Web UI.

The bottom of this page includes specific documentation for Integrated IaC, a new version of Snyk IaC that is currently in closed beta. Reach out to your Snyk account team if you have questions.

Prerequisites for Snyk IaC

Ensure you have:

A Snyk account (go to https://snyk.io/ and sign up; see Create a Snyk account for details.
An existing Terraform, CloudFormation, Kubernetes, or ARM environment to work in.
A Git repository you have integrated with Snyk as for other Snyk products; see Git repository (SCM) integrations for more details.

For more information about IaC and supported environments, see:

ARM configuration files can only be scanned via the Snyk CLI. See Scan ARM configuration files.

Stage 1: Import Projects

Import Projects to test with Snyk by choosing repositories for Snyk to test and monitor.

Select Projects from the Snyk Web UI.
In the Add projects drop-down menu, select the tool to add the Project from, for example, GitHub.
In Personal and Organization repositories, select the repositories to use.
Click Add selected repositories to import the selected repositories into your Projects.
Select View import Log to see import log results. You can scan multiple types of configuration files simultaneously. Project import completes.

For Snyk Infrastructure as Code Projects, the recurring test interval is one week. You can disable recurring tests on the Settings tab of the Project's page; Set Test & Automated Pull Request Frequency to Test never.

Stage 2: View configuration file issues

View results for configuration files in imported Projects by selecting Projects from the menu on the left.

If Group by targets is selected: A list of Targets is displayed. Select a Target to expand its list of Projects.
If Group by none is selected: A list of all Projects is displayed.

Each Project entry shows information for a scanned configuration file, including the number of critical, high, medium, and low-severity issues found, for example:

Select a Project to see more information, including details of the issues in the configuration file:

An example Snyk IaC Project with a list of issues

If you encounter any errors during import, see Importing projects FAQs.

Stage 3: View and fix config files

Act on the recommendations produced by Snyk IaC, which are included in the IaC results that appear as issues in each Project.

From a Project page, select an issue to see the details for that issue and specific recommendations from Snyk IaC.
Edit the configuration file to fix the issue identified, based on the recommendations, then commit the change.
Snyk automatically rescans the changed file; see the change reflected in the issue display.

PreviousSnyk Infrastructure as Code NextUsing Snyk IaC with the Web UI

Last updated 2 years ago

Was this helpful?