Snyk IaC
With Snyk Infrastructure as Code (IaC), you can secure cloud infrastructure configurations before and after deployment.
The version referred to as Current IaC in this documentation is the generally available version of Snyk IaC.
The version referred to as IaC+ has been in closed beta and continues to be used by customers in that closed beta. Other customers should refer to the Current IaC documentation. Additional information will be provided.
With both versions of Snyk IaC, you can:
Write secure configurations for HashiCorp Terraform, AWS CloudFormation, Kubernetes, and Azure Resource Manager (ARM) - for IDE, SCM, CLI, and Terraform Cloud/Enterprise workflows.
View issues and receive fix advice so you can make changes directly to code, before applications reach production.
Detect drift and manually created resources in your cloud.
Onboard, scan, and test deployed cloud environments for misconfigurations for AWS, Azure, and Google Cloud environments.
IaC+ is built on a new engine and ruleset that also powers Snyk IaC’s cloud scanning capabilities. IaC+ enables the following:
Includes consistent support for languages - such as Azure Resource Manager - across all IaC workflows.
Adds multi-file analysis for Terraform (support for modules and variables files).
Uses an expanded security ruleset that is mapped to more than a dozen compliance standards (CIS Benchmarks, PCI, SOC 2, and more).
Supports custom rules with Rego that are managed in the Snyk platform, and work consistently across all IaC workflows.
Introduces Projects (for SCM) that capture issues for an entire repository, instead of only for a single IaC file, in alignment with Snyk Code.
Supports recurring (daily or weekly) scans for IaC+ SCM Projects.
Uses a new organization-wide Cloud Issues page for IaC+ and cloud issues that enables users to group issues by rule or resource, filter and inspect the configuration of relevant resources for a given issue, and take action on issues.
IaC+ also adds support for “code to cloud” use cases that work with Snyk IaC’s ability to onboard, scan, and test deployed cloud environments:
Fix Cloud issues directly in the IaC source code that was used to deploy the misconfigured cloud resources by linking a cloud issue to the underlying IaC template with an SCM source code link.
Suppress false positives in IaC tests by applying context from deployed infrastructure.
For Terraform, apply the same custom rule across the entire SDLC for all workflows (IaC to cloud).
View an inventory of IaC and cloud resources generated from your IaC files using the API endpoint List resources.
For a list of supported IaC languages and cloud providers, see Supported IaC and cloud providers.
Last updated