Snyk has a plugin for Jetbrains IDEs, for both Snyk Open Source and Snyk Code. Use this plugin to test your projects and get remediation advice and example code fixes during development within the IDE.
- Android Studio
- As the plugin is based on Snyk CLI, for Snyk Open Source the plugin supports all the ecosystems that are supported within the CLI.
- The plugin will automatically download the CLI in the background.
- If the CLI is already installed on the machine, the plugin will use the token provided to it, otherwise, you’ll need to provide the authentication token via the plugin authentication mechanism.
The installation is done via the IDE:
- Open the Preferences window from the IDE.
- Navigate to the Plugins tab.
- In the Plugins tab, search for Snyk.
- Select the Snyk Vulnerability Scanning plugin.
- Click on the Install button.
- Once installed, restart the IDE.
The first time it is needed, the plugin automatically downloads the CLI in the background.
- After the plugin installs, you are prompted to authenticate:
- Click Connect IntelliJ to Snyk. The plugin relies on the Snyk CLI, which authenticates you against Snyk’s web application:
- Click Authenticate when prompted by Snyk:
- After authentication you see a confirmation message for successful authentication.
- Close the browser window and return to the IDE.
The IDE then reads and saves the authentication on your local machine.
- In the IDE, you can select which Snyk products to use (Snyk Open Source, Snyk Code or both).
- You can start the analysis by pressing the Analyze now! button:
To trigger an analysis during your daily coding workflow, click either the run (play) button, or Run scan.
Analysis results: Snyk Open Source
Snyk Open Source analysis shows a list of vulnerabilities and licence issues found in the manifest file. For more detailed information, you can select a vulnerability / licence issue.
Analysis results: Snyk Code
Snyk Code analysis shows a list of security vulnerabilities and code issues found in your application code. For more details and examples fixes on how others fixed the issue, you just need to select the security vulnerability or the code security issue:
Filter by severity
Snyk delivers High, Medium and Low severities. You can filter for the severity you need by selecting the value from the dropdown as shown below. By default all levels are selected. You must select at least one.
Filter by issue type
Snyk delivers the following types of issues:
- Open Source Vulnerabilities: found in open source dependencies.
- Security vulnerabilities: found in your application’s source code.
- Quality issues: found in your application’s source code.
You can filter for each one of them by selecting the value from the dropdown as shown below. By default all three issue types are selected.
After the plugin is installed, you can set the following configurations for the plugin, using Preferences → Tools → Snyk:
- Token: the token that should be used for authentication with Snyk (can be generated via the Account Settings in Snyk App)
- Custom endpoint: custom endpoint for Snyk app to allow users to use the plugin with Snyk on-prem.
- Ignore unknown CA: for ignoring the SSL cert, when using the plugin with Snyk on-prem.
- Organization: the org to run Snyk test against (similarly to the --org param in the CLI).
- Additional parameters: additional CLI snyk test params, you’d like to run the test with.
- Snyk Open Source vulnerabilities: analyse the project for open source vulnerabilities through the CLI using the Snyk Open Source. Enabled by default.
- Snyk Code Security issues: analyse the project for security vulnerabilities in your application code using Snyk Code. Enabled by default.
- Snyk Code Quality issues: analyse the project for quality issues in your application code using Snyk Code. Disabled by default.