Getting started with IaC+ and cloud scans
Release status Snyk IaC+ is now in closed beta and is no longer accepting new customers for participation. See Getting started with current IaC for details about the functionality available.
Use IaC+ to find, view, and fix issues in cloud configuration files for Terraform, Kubernetes (except Helm, coming soon), AWS CloudFormation, and Azure Resource Manager (ARM) in your Git repositories.
Use Snyk IaC cloud scans to find, view, and fix issues in deployed cloud resource configurations for AWS, Azure, and Google Cloud.
This page explains using IaC+ and cloud scans in the Snyk Web UI. For information about using IaC+ with the Snyk CLI, see Test your IaC files.
Prerequisites for IaC+ and cloud scans
To start using IaC+ you must have the following:
A Snyk account. For details, see Getting started.
Snyk IaC on the enterprise plan.
An existing Terraform, CloudFormation, or Azure Resource Manager environment to work in, or deployed AWS, Azure, or Google Cloud account to onboard.
Integration with your Git repository. For details, see Git repositories (SCMs).
Import IaC+ SCM repositories
IaC+ SCM integrations use the Snyk Workspaces capability to support multi-file analysis. Use the Integration Settings for your Group and Organization to enable Snyk Workspaces.
If you want to scan a new SCM repository with IaC+ and you have already imported that repository, you must re-import the repository. This will not affect any of your existing Projects.
You will start by importing SCM repositories as Projects you want to scan with Snyk. In these steps, you choose repositories for Snyk to test and re-test:
Log in to Snyk and on your dashboard, select Projects from the navigation.
On the Projects page, from the Add projects dropdown, select the SCM from which to add the Projects; for example, select GitHub.
From the list of Personal and Organization repositories, select the Git repositories you want to use.
Click Add selected repositories to add the selected repositories to Snyk. The import completes and the Projects page displays the Snyk Projects that have been added.
View IaC+ SCM projects
On the Projects page, ensure Group by targets is selected and navigate to the Target (Git repository) that contains the files for IaC+ to test.
You will see a single Infrastructure as Code issues Project. IaC+ generates only one Project in each repository, unlike current IaC, which generates one Project for each configuration file.
Configure recurring scans (daily, weekly, or never)
By default, IaC+ SCM Projects are scheduled for weekly scans. On an IaC+ SCM Project Settings page, you can configure an IaC+ SCM Project to have recurring scans be daily, weekly, or never.
Import cloud environments
Navigate to your Organization Settings (cog icon) > Cloud environments.
The cloud environments table displays the following information for each environment:
To import a cloud environment, select the Add environment drop-down and select the cloud provider. Follow the steps in AWS Integration: Web UI, Google Cloud Integration: Web UI, or Azure Integration: Web UI to create the environment.
You can also import an environment using the Snyk API:
View IaC+ and cloud issues
Click on the Infrastructure as Code Issues Project link to open a view of the cloud issues page, filtered to include only issues from the IaC+ environment that corresponds to your Project.
Issues are grouped by rule. Expand the rule and select an issue to open its issue card. Each issue card has information about the following:
The resource, including the location, cloud platform, such as aws, a link to the SCM file for fast fixes, and the input type, such as
tf_hcl
for Terraform HCL.The environment, providing details on the IaC+ environment that corresponds to your Project.
The rule that failed, including a link to the Snyk security rules for additional information, such as specific remediation steps.
The reason why your developers should fix this misconfiguration.
Last updated