Scan Terraform with the Snyk Orb

This is an add-on module to the Infrastructure as Code 101 course in CircleCI Academy demonstrating how the Snyk Orb helps you easily scan for misconfigurations in your Terraform files.

Lab Meta

Difficulty: Intermediate

Time to Complete: 15 minutes

Introduction

Terraform makes creating and tearing down cloud infrastructure as easy as writing configuration files. In the Infrastructure as Code course in the CircleCI Academy, you created a workflow that uses Terraform to create a GKE cluster and deploy an application into it as part of a continuous delivery pipeline.

According to the NSA, misconfigurations are the top Cloud vulnerability. In this add-on module, you'll add Snyk Infrastructure as Code into the workflow to reinforce secure IaC development practices, ensuring your Terraform files aren't configured in ways that open up your cluster, and the applications running in them, to risks caused by cloud misconfiguration. Let's begin!

Pre-Requisites:

This lab assumes the following courses were completed in CircleCI Academy:

Infrastructure as Code 101 in the CircleCI Academy

It's highly recommended you complete the courses before proceeding.

Sample Code

We'll use the same code used in the Infrastructure as Code course. It can be found on GitHub.

Snyk Account and Token

You'll need a Snyk Account to use the Snyk Orb. Create a Snyk API Token, then set an Environment Variable in CircleCI called SNYK_TOKEN with its value.

When ready, continue to the next page.