Skip to content
/ iac-to-cloud-example-custom-rules Public

Snyk IaC to Cloud Custom Rules is in beta. This repository contains example custom rules to help you get started.

License

Apache-2.0 license
1 star 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

snyk-labs/iac-to-cloud-example-custom-rules

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

66 Commits
.github
.github
 
 
lib
lib
 
 
rules
rules
 
 
spec
spec
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
SUPPORT.md
SUPPORT.md
 
 
manifest.json
manifest.json
 
 

Repository files navigation

Snyk IaC to Cloud Example Custom Rules

Snyk IaC to Cloud Custom Rules is in beta. This repository contains example custom rules to help you get started.

Overview

Enforce Your Team’s Unique Security Controls Across the SDLC

IaC to Cloud Custom Rules enables AppSec teams to enforce security controls that are specific to their organization’s unique needs, by leveraging both pre-defined Snyk security rules and custom rules. With custom rules, AppSec teams can surface: Issues on cloud configurations across the SDLC, from IaC templates to deployed cloud environments Issues on any Terraform IaC configurations using Terraform providers - beyond cloud (AWS, Azure, Google Cloud) configurations, such as GitHub configurations.

Prerequisites

The following tools need to be installed and in your PATH:

IMPORTANT: you must have at least one cloud or integrated IaC environment already in your organization. This is necessary for Snyk Cloud to know about your organization.

Getting Started - Build, Bundle, and Test

1. Configuration Authentication - Set your organization's ID and API token

export SNYK_ORG_ID=<your organization ID>
export SNYK_TOKEN=<your API token>

2. Run the Rules Specs (Unit Tests) On Your Custom Rules

snyk iac rules test

Runs unit test and creates or overwrites expected output based on terraform in the /inputs/ folder:

snyk iac rules test --update-expected

3. Build, Bundle and Upload Your Custom Rules

This changes the manifest.json file with a push key (custom_rule_id and organization_id):

snyk iac rules push

For a list of related commands run snyk iac --help

4. Apply Custom Rules with Terraform Code (or Deployed Cloud Configurations)

tests what's in the input and compares with expected output:

snyk iac test --report spec/rules/*/inputs/*.tf

The snyk iac rules test command runs all the tests written in Rego.

5. Viewing Issues Created by Custom Rules

Using the link provided in the output from the previous snyk iac test command, view the issues created by the custom rules.

6. Delete Custom Rules Bundle

snyk iac rules push --delete

About

Snyk IaC to Cloud Custom Rules is in beta. This repository contains example custom rules to help you get started.

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

1 star

Watchers

5 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages