You can use Snyk to scan for vulnerabilities either locally via our CLI App, or through our GitHub, BitBucket, GitLab or PaaS and Serverless integrations. You can find an up-to-date list of integrations here.
We do not access or store any knowledge about your source code, but rather we only access and read your project's manifest files to build a dependency tree that we can use to query against our database of active vulnerabilities. To view a list of the manifest files we can read, click here.
A record of your latest dependencies is kept so we can notify you when a dependency is affected by a newly disclosed vulnerability.
More details can be found in section 9 of our Terms and conditions