Professional Documents
Culture Documents
Resources
1 Integrations
4 Next Steps
Integrations
Integrations
Docker Visual Studio VS Code CircleCI Snyk API Harbor Quay Nucleus Security
IBM
WebStorm PyCharm buildah GitHub GitHub Enter BitBucket Snyk CLI npm Enterprise Pri Amazon ECR Kenna Security Brinqua Fortify SSC
prise Pipelines Cloud vate Registry
VMWare
PhpStorm GoLand Eclipse Bitbucket Bitbucket Azure Pip TeamCity Kubernetes Artifactory Google Container R Snyk API Jira Vulcan
Cloud Server elines Tanzu egistry
Docker
IntelliJ RubyMine Snyk CLI Azure Rep GitLab Concourse Jenkins RedHat Ope Docker Hu Azure Container Regi micro focus Slack RiskSense
os & others nshift b stry
*.csproj
*.vbproj
- Creates one project per target framework.
SCM *.fsproj
- Private dependencies not supported via SCM.
.NET Core: *.proj files
.NET Framework: *.proj file and packages.config
- CLI may provide more accurate resolution of .NET runtime dependencies (see
docs).
projects.assets.json (from .csproj, .vbproj, .fsproj)
CLI - CLI only supports a single framework, if using multiple target frameworks,
packages.config
Snyk will select the first target framework that is declared.
- Private dependencies only supported via CLI.
- Dependencies resolved at the module level rather than at the package level,
because Snyk does not have full access to project source code.
- Open Beta (Settings > Languages > Goprovides CLI-equivalent accuracy.
SCM go.mod
Note: This involves Snyk taking a temporary clone of the Git repository.
Cloned files are stored in an encrypted, isolated environment and deleted
immediately after the test.
- Snyk scans Go Modules projects in the CLI at the package level rather than
CLI on the module level, as we have full access to your project source code. go.mod
- You must have a go.mod file at the root of your project
Groovy
- Supported versions: Gradle 2.*, 3.*,4.*, 5.*, 6.*
build.gradle
SCM - Enable lockfiles in your project to improve the accuracy for Git imports.
gradle.lockfile
Kotlin
- Kotlin: build.gradle.kts files are not currently supported in Git.
- If using sub-projects, to scan all projects at once (recommended), use the -- build.gradle (Groovy)
CLI
all-sub-projects option.
Recommended
- build.gradle.kts (Kotlin DSL) only supported via CLI. build.gradle.kts (Kotlin)
SCM
- Supported versions: Maven 3.* pom.xml
Recommended
package.json
- Does not support Lerna.
package-lock.json (lockfileVersion: 2)
- JS version <=6.* - peer dependencies are not scanned by default.
CLI
- JS version >=7.* - peer dependencies scanned by default
If package-lock.json is unavailable,
- JS version 7.* - workspaces not yet supported.
Snyk will scan the node_modules folder
package.json
- Yarn version 1: Resolutions not supported.
yarn.lock
- Yarn version 2: Resolutions supported.
CLI
- Yarn workspaces: Use --all-projects or --yarn-workspaces with --detection-
If package-lock.json is unavailable,
depth flags. Nohoist is not supported.
Snyk will scan the node_modules folder
composer.json
CLI - No implementation considerations.
composer.lock
- CLI scans within the build pipeline → - Snyk PR tests being used →
provides a good “safety net” aka: “stop the bleeding”
Snyk API
- Do you prefer to have ultimate control?
- Do you prefer to automate and customise Snyk actions?
Snyk Tools
snyk-api-import:
https://github.com/snyk-tech-services/snyk-api-import/
Bulk removing projects from Snyk
bulk-delete:
https://github.com/snyk-playground/cx-tools/tree/main/bulk-delete
Delete projects in bulk based on the criteria you specify, such as organisations or project origin.
For example, the below command would bulk-delete on the following criteria:
- Snyk Open Source projects using the NPM or Gradle package manager
- Imported from GitHub
- Project is in one of the specified organisations: “test-org-1” or “test-org-2”
python3 snyk-bulk-delete.py --products opensource --sca-types "npm gradle" --orgs "test-org-1 test-org-2" --origins
github
Next Steps
Read more about "How to get started"
Get started Good practices for Good practices for SCM Snyk Python client for Snyk external tools
CI/CD implementation implementation bulk actions repository
Link Link
Link Link Link
Snyk Open Source Snyk Code Snyk Container Snyk IaC Developer Launch
Guide
- Support: https://support.snyk.io
Implementing Snyk Managing Snyk organisations Using Snyk to find and fix issues
Learn about the key decisions and tasks for Learn about the tasks for configuring and managing Learn about the tasks for using Snyk in the Web UI,
implementing Snyk with courses such as: Snyk with courses such as: in the CLI, or an IDE with courses such as:
- Ways to integrate Snyk at your company - Set up and Manage an Organization - Introduction to using Snyk in an IDE
- Project import strategies - Source Code Manager Configurations - Introduction to using Snyk with CI/CD
- Intro to Snyk for Administrators - Members and Permissions - Find and fix with Snyk Open Source
- Launch Snyk to your teams - Using Snyk Reports - Find and fix with Snyk Code
Chat
Chat live with Support agents on the Snyk website for fastest
response to technical questions
support@snyk.io
Email us to provide product feedback or
log a technical support case
Snyk Support Portal
https://support.snyk.io