What is Snyk?
Snyk (pronounced sneak) is a platform to secure your source code, Containers, and IaC, It scans your code and tells what vulnerabilities are in your code. We can Integrate Snyk in different IDEs to check your code. In another word, we can say it is Grammarly for your code.
Steps to Scan your IaC
Prerequisite
- Node v12 or higher.
- Snyk CLI.
If you don’t have Snyk you can go to the references section to install it.
While running the snyk test we can see the results on the terminal and Snyk dashboard in the below part I am showing the test results in both types on CLI and UI.
The image below shows how we can scan IaC using snyk.
There is a terraform script for creating an instance and for checking the Vulnerability using snyk so on the terminal type the command snyk iac test .
Here in the below image, you can see it finds some vulnerabilities showing in priority level low, medium, and high. So here the high Severity Issues is Credentials are configured via provider attributes. It also shows which file and line of code have issues and how we can solve them.
If you want to show this test result on Snyk Dashboard or UI you can use this command
snyk iac test --report
As you can see in the above image this provides a link to open the snyk test result in the dashboard.
Here you can see the projects section on the right side it shows some vulnerability that is found in the terraform script and its also provide a snyk id which is useful to see the type of vulnerability and how we can remediate the issue.
It also provides the score according to the high, medium, and low in the range of 1-1000. The high severity range is between 900-1000 and the below range is medium and low severity.
Reference
- https://docs.snyk.io/snyk-cli/install-the-snyk-cli
- https://docs.snyk.io/products/snyk-infrastructure-as-code
- https://support.snyk.io/hc/en-us/articles/360004183317-What-version-of-Node-is-required-for-Snyk-
