Get started with Snyk Open Source to inspect, find and fix vulnerabilities in your code.
You can also use an IDE tool or a CI/CD integration. See Integrations for more details.
Using the CLI tool
The Snyk CLI tool allows you to get started using the command line - for example, to install on npm:
npm install -g snyk
See Getting started with the CLI for details.
Ensure you have:
Choose a source code integration, to allow Snyk to work on a project.
- Log in to Snyk.io.
- Select Integrations > Source control.
- Click the source control system (for example, GitHub) to integrate with Snyk:
- Fill in the account credentials as prompted (or authenticate with your account in GitHub), to grant Snyk access permissions for integration.
See DevOps integrations & languages for more details
Add projects to test with Snyk, by choosing repositories for Snyk to test and monitor.
- Select Projects from snyk.io.
- Select the tool to add the project from (for example GitHub):
- In Personal and Organization repositories, select the repositories to use:
- Click Add selected repositories to import the selected repositories into your projects. This also:
- Sets Snyk to run a regular check (daily by default) for vulnerabilities.
- Creates a Webhook, so when you change code, Snyk tests your pull / merge requests, to check that new dependencies do not introduce more vulnerabilities.
You can now view vulnerability results for imported projects. The Projects tab appears by default after import, showing vulnerability information for project you've imported.
- Click on an imported project to see vulnerability information for that project, including the number of issues found, grouped by severity level:
- Click on an entry to open the issues view for that entry, including the module, where it was introduced, and the remediation to fix it, plus more details about the vulnerability itself:
See View project information for more details.
- Open the issues view for a project
Click Fix this vulnerability to upgrade (or patch) to fix an individual issue, or click Fix these vulnerabilities to to fix multiple issues at once.
- The Open a Fix PR screen opens and indicates the vulnerabilities you selected:
- Check any additional issues you want to fix, or uncheck items to remove them from the fix.
- Scroll down to the bottom of the screen and click Open a Fix PR.
- Snyk now actions this PR, then a results screen appears:
- Optionally, select the Files changed tab to see details of the changes made.
See Fixing vulnerabilities for more details.
For more information
See Snyk Open Source.