Snyk Blog

Adding Container and IaC security to the Snyk plugin for Jetbrains

Written by:
Georgi Mitev
Georgi Mitev
wordpress-sync/feature-snyk-jetbrains

March 3, 2022

0 mins read

We’re excited to announce that infrastructure as code (IaC) and container security are joining code and open source dependency security in the free Snyk plugin for JetBrains IDEs.

As of today, developers using JetBrains IDEs can secure their entire application with a click of a button. Snyk Security for JetBrains increases code security and reduces time spent on manual code reviews by empowering developers to find and fix issues within their JetBrains IDEs.

This is especially important for development and security teams trying to shift security left, into the hands of developers. Snyk makes it easy to find and fix security issues early on in development by building security natively into Jetbrains IDEs, giving developers fix guidance in-line with code, resulting in more secure code, containers, and configurations at the time of creation.

As noted in our previous article, Secure Coding with Snyk’s JetBrains IDE plugin, the Snyk plugin all Jetbrains IDEs plugin for custom code, open source dependencies, container, and IaC security issues.

Snyk plugin for JetBrains

JetBrains’ family of IDEs is highly regarded as one focused on developer productivity, with plugins available for every aspect of software development — from code quality and accuracy to tools to code security.

Snyk’s JetBrains plugin touches on all aspects of securing your application including:

  • Security vulnerabilities in open source dependencies (Snyk Open Source).

  • Security vulnerabilities and code quality issues in first party code (Snyk Code).

  • Configuration issues in your infrastructure as code such as Terraform, AWS CloudFormation, Kubernetes, and Azure Resource Manager (ARM)  (Snyk IaC)

  • Security vulnerabilities in your container images found in Kubernetes workload files (Snyk Container)

In addition to open source, code, container, and IaC security testing, you’ll be able to access Snyk Advisor insights to assess code quality when diving into the manifest files.

Getting started is simple.

  1. Install the Snyk Jetbrains plugin

  2. Connect your free Snyk account

  3. Start securing your code in your Jetbrains IDE

Finding and fixing IaC misconfigurations

IaC security within the Snyk Jetbrains plugin identifies configuration issues in your Terraform, Kubernetes, AWS CloudFormation, and Azure Resource Manager (ARM) code with every scan. Based on Snyk’s CLI, the scan is fast and friendly for local development. Privacy is never a concern as configuration files are never sent back to or uploaded to Snyk’s servers.

Let’s do a quick scan and get a close-up of what an IaC scan is providing us with:

Click on any of the IaC issues within the results tree to be led directly to the line of code where the issue is found. To help you focus on the riskiest issues first, as each issue is annotated with a severity icon — high, medium, and low — for simple prioritization.

wordpress-sync/blog-jetbrains-iac-container-vuln-iac

Finally, for quickly understanding and fixing the underlying issue Snyk’s plugin tells you:

  • Description: what the misconfiguration is

  • Impact: how the misconfiguration could potentially be exploited

  • Path: which path in the tree the issue occurs.

  • Remediation: how to fix the issue.

  • References: where you can investigate deeper from a variety of sources.

  • Ignore: If the issue needs to be ignored, you got you covered as well — there is a button to do so in the top right corner.

Millions of fixes have been applied from Snyk’s remediation advice swiftly and accurately. However, if you notice something that is not clear, feel free to contact us and we will be happy to look into it.

Now, with the IaC misconfiguration issues fixed, let’s have a look at the container images’ vulnerabilities.

Finding and fixing container images

Container security within the plugin scans Kubernetes configuration files and searches for container images. Vulnerabilities are found fast using the extracted container images and comparative analysis against the latest information from the Snyk Intel Vulnerability Database.

The end result is a list of security vulnerabilities report for the images you are planning to run in your clusters, with upgrade advice for base images where appropriate:

wordpress-sync/blog-jetbrains-iac-container-vuln-cont

You have the ability to go over each of the security vulnerabilities your image might be vulnerable to. In addition, I want to draw your attention to a couple of important functionalities:

  • Notice the colorful comparison table above with various severity levels (critical, high, etc.). Nicely sorted by severity, it provides the difference in vulnerabilities between the current image and the recommended by Snyk image with the same characteristics. This helps you to make a decision if you want to upgrade your image to the recommended one and increase the level of confidence in the image you are running in production.

  • If you want to upgrade the image, we’ve made it possible too, in the JetBrains’ way through the quick-fix functionality:

Additionally, a deeper integration with JetBrains annotations mechanism surfaces IaC and container issues in the problems tab for better visibility and experience.

Install the Snyk plugin in JetBrains

First, pull up JetBrains and navigate to Preferences > Plugins from within your IDE.

wordpress-sync/blog-jetbrains-iac-container-install
Navigate from Preferences to Plugins and search for “Snyk”.

Search for “Snyk”  in the JetBrains Marketplace, and click Install. After a few seconds, the Snyk plugin’s panel window should appear in your sidebar.

wordpress-sync/blog-jetbrains-iac-container-panel
The Snyk panel in your sidebar.

You will know the plugin is installed when you see Patch the dog’s friendly face!

Connect the JetBrains IDE with Snyk

The next step is to authenticate and connect Snyk to your IDE. 

Click the Test code now button which will lead you to Snyk’s web application and prompt you to authenticate and login in to your free account with Snyk. You can create your Snyk account here or login to an existing account in this window.

Return to the IDE after authenticating, and a scan will have automatically started:

wordpress-sync/blog-jetbrains-iac-container-scan
Scanning a project for vulnerabilities.

Next up for the Snyk JetBrains IDE plugin

With the addition of Snyk IaC and Snyk Container, we are making it possible to have access to all of the power of Snyk and use it with just a click of a button! You can scan open source dependencies, first-party code, the container images you are running in production, and the infrastructure as code you use to run the images in production.

Snyk is a developer security organization and IDEs are one of the ways we are shifting security on the left. In 2021, we built a good foundation to enable you to use Snyk within your favorite IDE. In 2022, we will bring you the full power of using Snyk and secure your application within your IDE in the most developer-friendly way. So stay tuned and see you soon!

Secure infrastructure from the source

Snyk automates IaC security and compliance in workflows and detects drifted and missing resources.

Book a live demoStart free

Posted in:Container Security, IaC Security
wordpress-sync/feature-snyk-jetbrains

Level Up Your CI/CD Pipelines

See how these 8 tips can help you catch security issues in the pipe BEFORE you push to production ⭐️

See the cheatsheet
Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo

Product

What is Snyk?Snyk Code (SAST)Snyk Open Source (SCA)Snyk ContainerSnyk Infrastructure as CodeSnyk AppRisk (ASPM)Developer Security PlatformApplication securitySoftware supply chain securitySecure AI-generated code DeepCode AIPricingDeployment optionsIntegrationsIDE pluginsGit SecurityCI/CD pipelines securitySnyk CLISnyk LearnSnyk for JavaScript

Resources

DocumentationSnyk API DocsAPI statusDisclosed vulnerabilitiesSupport portal & FAQ’sBlogSecurity fundamentalsResources for security leadersResources for ethical hackersVulnerability DatabaseSnyk OSS AdvisorSnyk Top 10VideosCustomer resources

Company

AboutCustomersCareersEventsSnyk for governmentPress kitSecurity & trustLegal termsPrivacyFor California residents: Do not sell my personal informationWebsite Terms of Use

Connect

Book a live demoContact usSupportReport a new vuln

Security

Application SecurityContainer SecuritySupply Chain SecurityJavaScript SecurityOpen Source SecurityAWS SecuritySecure SDLCSecurity postureSecure codingEthical HackingAI in cybersecurityCode CheckerPythonEnterprise CybersecurityJavaScriptSnyk With GitHubSnyk vs VeracodeSnyk vs Checkmarx

© 2024 Snyk Limited
Registered in England and Wales

logo-devseccon