Configure your integration to find security issues in your Terraform files (current IaC)
Last updated
Last updated
More information
Snyk privacy policy© 2024 Snyk Limited | All product and company names and logos are trademarks of their respective owners.
This page applies to current IaC only.
Snyk tests and monitors your Terraform files from your source code repositories, guiding you with advice on how you can better secure your cloud environment--catching misconfigurations before you push to production and helping you to fix them.
Snyk scans Terraform (.tf) files when they are imported from an integrated Git repository. You can scan a Terraform module repository by importing the repo that holds the module from an SCM or by scanning the directory itself using snyk iac test CLI command.
Scanning Terraform files gives you security feedback on everything that is statically configured in the module. To benefit from recurring and scheduled testing, follow best practices and import custom modules directly from an SCM.
See the Snyk blog post about the ability to interpolate variables: Snyk IaC public beta introduces Terraform plan analysis. This allows scanning of the Terraform Plan output via the CLI, enabling scanning of the entire Terraform deployment to include the output of the modules used to create the deployment.
You must be an administrator for the Organization you are configuring in Snyk.
Ensure you have already integrated your Git repository. For details, see Git repository (SCM) integrations.
Log in to your account and navigate to the relevant Group and Organization that you want to manage. Integrations are managed per Organization.
Toggle the setting to enable Snyk to detect Infrastructure as code files as shown:
If needed, review and adjust the Infrastructure as code Severity settings on the AWS tab in the example. Check to select the file types to scan, CloudFormation, Terraform, or both, and from the pulldown selection, choose the severity level for each API Gateway.
