After you sign up for Snyk there are different tools available to help you during development.
Snyk has a couple of products that you can use for free
- Snyk Code (Code analysis or SAST)
- Snyk Open-Source (Dependencies analysis or SCA)
- Snyk Container (Container analysis)
- Snyk IAC (Infrastructure as Code analysis)
These products can be leveraged using different tools, so you can integrate it in your workflow as you desire.
After signing in to your Snyk account at https://app.snyk.io you can add your GitHub project for scanning. When your project is imported you will find it in you overview with the scan results like the example below.
Browse around to find security vulnerabilities in the different segments of your application.
Documentation about the GitHub integration.
Snyk CLI brings functionality of Snyk into your development workflow. You can run the CLI locally, or in your CI/CD pipeline to scan your projects for security issues, including security vulnerabilities and license issues.
You can install the CLI on your local machine in different ways
npm install snyk -g
brew tap snyk/tap
brew install snyk
scoop bucket add snyk https://github.com/snyk/scoop-snyk
scoop install snykAfter installing the CLI, you need to authenticate the CLI by running:
snyk auth
You can scan locally on your system
Code Analyses - snyk code test
Dependencies - snyk test
Container - snyk container test
There are many more commands. Check the summary for more information
For many IDE's there are plugins available to do the scanning inside you IDE.
Like :
Check the marketplace for your specific IDE if you want to install it.
