Safeguard
Tag

snyk-iac

Safeguard articles tagged "snyk-iac" — guides, analysis, and best practices for software supply chain and application security.

10 articles

Infrastructure Security

Comparing Terraform security scanners: Snyk IaC, Checkov, tfsec

Snyk IaC, Checkov, and tfsec take different approaches to Terraform scanning — and one of them stopped getting new checks in 2023. Here's how they actually compare.

Jun 15, 20268 min read
Container Security

How Snyk IaC scans Kubernetes manifests and Helm charts f...

A technical walkthrough of how Snyk IaC parses Kubernetes manifests, renders Helm charts, and checks them against CIS benchmarks before deployment.

Sep 3, 20257 min read
Cloud Security

How to write a custom Snyk IaC rule in Rego using the Rul...

A technical walkthrough of Snyk's IaC Rules SDK: scaffolding, writing Rego deny rules, local testing, bundling, and org-wide enforcement via OCI registries.

Sep 2, 20258 min read
Cloud Security

How Snyk IaC's Terraform Cloud run tasks gate infrastruct...

How Snyk IaC uses Terraform Cloud's run tasks to scan plan output and block infrastructure changes before apply — the mechanics, enforcement levels, and limits.

Sep 2, 20257 min read
Cloud Security

How Snyk IaC correlates code-level misconfigurations with...

How Snyk's Cloud Context feature joins Terraform and CloudFormation misconfigurations to live AWS, Azure, and GCP resources — and where that correlation model breaks down.

Sep 1, 20257 min read
Cloud Security

How Snyk IaC's severity scoring weighs the exploitability...

A mechanical look at how Snyk IaC assigns Critical-to-Low severity to misconfigurations, and how exploitability factors like exposure and privilege requirements shape the rating.

Sep 1, 20257 min read
Cloud Security

How an organization's custom policy set overrides Snyk Ia...

How Snyk IaC's Rego-based custom rules layer onto, disable, or supplement default policies — and what that means for enforcing org-specific IaC standards.

Aug 31, 20257 min read
Cloud Security

How Snyk IaC detects overly permissive IAM policies in Te...

A mechanical walkthrough of how Snyk IaC parses Terraform and CloudFormation, normalizes IAM policies into one model, and flags wildcard actions, resources, and principals before deploy.

Aug 31, 20256 min read
Cloud Security

How Snyk IaC identifies unencrypted storage resources acr...

Snyk IaC flags unencrypted S3 buckets, Azure Storage, and GCP disks by parsing Terraform and CloudFormation for missing encryption attributes before deployment.

Aug 31, 20258 min read
Container Security

How Snyk IaC's admission-time Kubernetes scanning differs...

How Snyk IaC's static manifest scanning, the Snyk Controller's in-cluster monitoring, and true Kubernetes admission control mechanically differ — and why the gap between them matters.

Aug 30, 20257 min read
snyk-iac — Safeguard Blog