Snyk

IaC Commands

Test Terraform, CloudFormation, Kubernetes, and ARM templates for security misconfigurations.

8 commands

Pro Tips

Use --rules to customize which rules are applied

Commands

Test IaC files

$ snyk iac test

Scan IaC files for misconfigurations.

Test specific file

$ snyk iac test main.tf

Test specific Terraform file.

Test with rules

$ snyk iac test --rules=./custom-rules/

Apply custom IaC rules.

SARIF output

$ snyk iac test --sarif > results.sarif

Output in SARIF format.

Scan Terraform plan

$ terraform plan -out=tfplan && terraform show -json tfplan | snyk iac test --scan=planned-values

Scan planned Terraform values for issues.

IaC report to Snyk

$ snyk iac test --report

Send IaC scan results to Snyk dashboard.

Detect IaC drift

$ snyk iac describe --only-unmanaged

Detect unmanaged cloud resources (drift detection).

Describe cloud resources

$ snyk iac describe --from=tfstate://terraform.tfstate

Compare cloud state with Terraform state for drift.