Configure integration to find security issues in Kubernetes configuration files (current IaC)

This page applies to current IaC only.

Snyk tests and monitors Kubernetes configurations stored in your source code repositories and provides information, tips, and tricks to better secure a Kubernetes environment. This helps to catch misconfigurations before they are pushed to production, as well as provide fixes for vulnerabilities.

Supported Git repositories and Kubernetes file formats

Snyk scans your Kubernetes configuration files in JSON and YAML format when they are imported from your integrated Git repository.

Configure Snyk to scan Kubernetes configuration files

Prerequisites for scanning Kubernetes configuration files

Configure Snyk to scan Kubernetes configuration files

  • Log in to the Snyk Web UI (app.snyk.io), and navigate to the relevant Group and Organization that you want to manage. Integrations are managed per Organization.

  • To enable Snyk to detect Kubernetes configuration files, in the Infrastructure as Code settings, toggle the setting to enable Snyk to detect Infrastructure as code files.

  • If needed, review and adjust the Infrastructure as code Severity settings on the Kubernetes tab in the example. Check to select the file types to scan, CloudFormation, Terraform, or both, and from the pulldown selection, choose the severity level for each Deployment.

Select Severity settings for IaC scans
Select Severity settings for IaC scans

The number of tests you can run per product is based on your account plan. For details, see the plans and pricing page,

Last updated

More information

Snyk privacy policy

© 2024 Snyk Limited | All product and company names and logos are trademarks of their respective owners.