The Snyk plugin for Jenkins is maintained and documented from within Jenkins. Regardless of the kinds of projects you mostly manage from Jenkins (freestyle or pipeline), install the Snyk security task on your Jenkins account with these steps. Once complete, the plugin is available for configuration for any of your freestyle projects and pipelines.
Note: steps supported solely by Jenkins are in high-level only. See Jenkins documentation for additional assistance.
Navigate to the Manage Jenkins=>Manage Plugins area of Jenkins to install the Snyk Security plugin for Jenkins. See the Jenkins documentation for additional information.
Navigate to Manage Jenkins=>Global Tool Configuration and click Snyk installations ... to add a Snyk installation.
Enter a unique name.
Ensure Install automatically is selected.
This ensures your plugin automatically upgrades when there are newer versions available.
From the Install with snyk.io section enter values for these fields:
Install automatically—default is selected. This ensures your plugin automatically updates when available.
Version—the plugin version you would like to install; we recommend leaving the default latest to stay up-to-date with our Snyk CLI changes.
Update policy interval (hours)—this is a Jenkins parameter by which Jenkins checks the version of the installed plugin based on the value of this parameter and the frequency of your builds, updating the installation as necessary as part of the Snyk security task step if no other builds have triggered update checks already for that installation during that time interval. We recommend a policy of 24 hour intervals.
Save the changes.
From the Snyk app, retrieve your Snyk API token:
From your Snyk account, navigate to Settings=>General.
If you are a member of an organization, copy the OrganizationAPI key; if yours is a personal account, then copy the Personal access token.
Return to your Jenkins account. From the Credentials area in Jenkins, enter your Snyk API token to enable Snyk to communicate with Jenkins, accessing your project, scanning and monitoring it.
Use these values:
Kind—Snyk API token
Scope—GlobalToken—Snyk API token as retrieved from your Snyk account
ID—Enter a name for the token
Description—optional free text
For more information about global credentials, see the Jenkins documentation.