To test even earlier in the development lifecycle Snyk has a plugin for Jetbrains IDEs, supporting both IntelliJ and PyCharm, allowing you to test your projects and get remediation advice during development within the IDE.
- Android Studio
As the plugin is based on CLI, it supports all the ecosystems that are supported within the CLI.
The installation is done via the IDE:
- Open the Preferences window from the IDE
- Navigate to the Plugins tab
- In the Plugins tab, search for Snyk
- Select the Snyk Vulnerability Scanning plugin
- Click on the Install button
- Once installed, restart the IDE
- The plugin is based on Snyk CLI
- The plugin will automatically download the CLI in the background.
- If the CLI is already installed on the machine, the plugin will use the token provided to it, otherwise, you’ll need to provide the authentication token via the plugin configuration
To scan your projects, you need to follow the above steps:
- Make sure your project file (i.e. requirements.txt) is saved
- Open up the Snyk plugin from the bottom bar (see 1)
- Click on the Run scan link (see 2) / the play button
Once the scan is done, the plugins shows a list of vulnerabilities and license issues found in the manifest file. For more details, you can select a vulnerability / license issue:
Once the plugin is installed, you can set the following configurations for the plugin, via Preferences → Tools → Snyk:
- Token: the token that should be used for authentication with Snyk (can be generated via the Account Settings in Snyk App)
- Custom endpoint: custom endpoint for Snyk app to allow to use the plugin with Snyk on-prem
- Ignore unknown CA: for ignoring the SSL cert, when using the plugin with Snyk on-prem
- Organization: the org you’d like to run Snyk test against (similarly to the --org param in the CLI)
- Additional parameters: additional CLI snyk test params, you’d like to run the test with