Snyk tests and monitors CloudFormation files from source code repositories. It gives advice on how to better secure cloud environments by catching misconfigurations before they are pushed to production along with assistance on how best to fix them.
Supported Git repositories and file formats
Snyk currently scans CloudFormation files in
YAML format when imported from an integrated Git repository. Scan a CloudFormation module repository by either importing the repo that holds the module from an SCM or by using the directory itself with the
snyk iac test command.
Scanning CloudFormation provides security feedback on everything that is statically configured in the module. To benefit from recurring/scheduled testing, it's best practice to import custom modules directly from an SCM.
Configure Snyk to scan your CloudFormation configuration files
You must be an administrator for the organization you're configuring in Snyk.
Ensure you’ve already integrated your Git repository; if you haven’t done this yet, check out the Git repository (SCM) integrations.
Integrations are managed per organization.
Enable Snyk to detect Infrastructure as code files as follows:
If needed, review and adjust settings in the Infrastructure as code settings area: