What does Snyk access when scanning a project?

You can currently use Snyk either via our CLI, or our GitHub, BitBucket, GitLab or PaaS and Serverless integrations. We don't access or store any knowledge about your source code, but only look at package.json (for npm or Yarn repos), Gemfile.lock (for RubyGems repos) or pom.xml (for Maven repos) for our tests. 

We keep a record of your latest dependencies, so we can notify you when a dependency is affected by a newly disclosed vulnerability. 

More details can be found in section 9 of our Terms and conditions