With Snyk Infrastructure as Code, you can test your configuration files directly from the CLI.
You can scan both your Kubernetes and Terraform files using the CLI.
You can use the CLI as follows:
To test for an issue on a single Kubernetes YAML or JSON file:
snyk iac test <my-kubernetes-filepath>
For example, from the CLI enter the following:
snyk iac test deploy.yaml
the CLI also supports .json formatted files such as snyk iac test deploy.json
To test for an issue on a directory of files:
You can scan a directory of files recursively upto three levels deep.
For example, to scan all directories relative to your current path
snyk iac test
Or you can specify a specific folder to scan and recurse through
snyk iac test my-folder
To output the test format as JSON:
snyk iac test <my-configuration-filepath> --json
This can be helpful if you want to store a snapshot of the results locally, or process the results in another tool for reporting and further analysis.
For example, from the CLI enter the following:
snyk iac test deploy.yaml --json
To output the test format as SARIF:
SARIF is an open-standard for the output of static analysis tools.
You can view and save the results of your tests as a SARIF file for analysis in another tool.
snyk iac test deploy.yaml --sarif
Or to save this to a file output, you can run
snyk iac test deploy.yaml --sarif-file-output=snyk.sarif
To only display issues above a specific severity level:
snyk iac test <my-configuration-filepath> --severity-threshold=<low|medium|high>
For example, from the CLI enter the following:
snyk iac test deploy.yaml --severity-threshold=medium
This will only display to the terminal results that have a severity value of medium or higher.