Snyk IaC Security Checks GitHub action
2 min readDec 10, 2023
“Snyk IaC Security Checks” is a reusable workflow for scanning Infrastructure as Code (IaC) files using Snyk.
- It identifies security vulnerabilities, provides a detailed report, and can update pull requests with scan results.
- Integrating into your GitHub Actions workflows as part of the CI/CD pipeline is easy.
- It allows determining how to acct on venerability detection to continue or failure pipeline.
- It allows to define the level of severity to fail the pipeline.
Usage
To use this workflow in your GitHub Actions, add the following step to your workflow file:
Example usage:
- name: Snyk Infrastructure as Code scan
id: snyk-iac-scan
uses: Gershon-A/snyk-iac-code-security-checks@v1.0.1
continue-on-error: true
with:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
SNYK_ORG_ID: ${{ secrets.SNYK_ORG_ID }}
SEVERITY_THRESHOLD: "critical"
FILE: "example-*"
update_pr_with_scan_results: true
Options:
If update_pr_with_scan_results set to true, the action will add a comment to the PR with the scan results.
Add permissions to the workflow to allow the action to add comments to the PR:
permissions:
issues: write
pull-requests: writeComment example:
GitHub repository: https://github.com/Gershon-A/snyk-iac-code-security-checks
Marketplace: Snyk Infrastructure as Code security · Actions · GitHub Marketplace