Get started with Snyk Open Source to inspect, find and fix vulnerabilities in your code.
You can also use an IDE tool or a CI/CD integration. See Integrations for more details.
Using the CLI tool
The Snyk CLI tool allows you to get started using the command line - for example, to install on npm:
npm install -g snyk
See Getting started with the CLI for details.
Ensure you have:
- A code project using open source packages, on a supported source code management system (such as GitHub), with a supported language & package manager (such as Java).
- A Snyk account (go to https://snyk.io/ and sign up).
See Prerequisites for more details.
Choose a source code integration, to allow Snyk to work on a project.
- Log in to Snyk.io.
- Select Integrations > Source control.
- Click the source control system (for example, GitHub) to integrate with Snyk:
- Fill in the account credentials as prompted (or authenticate with your account in GitHub), to grant Snyk access permissions for integration.
Add projects to test with Snyk, by choosing repositories for Snyk to test and monitor.
- Select Projects from snyk.io.
- Select the tool to add the project from (for example GitHub):
- In Personal and Organization repositories, select the repositories to use:
- Click Add selected repositories to import the selected repositories into your projects. This also:
- Sets Snyk to run a regular check (daily by default) for vulnerabilities.
- Creates a Webhook, so when you change code, Snyk tests your pull / merge requests, to check that new dependencies do not introduce more vulnerabilities.
You can now view vulnerability results for imported projects.
- Select Projects, then click on the imported project entry, to see vulnerability information for that project, including the number of high, medium and low severity issues found:
- Click on a project to see more information and details of the issues, including the module, where it was introduced, and the remediation to fix it, plus more details about the vulnerability itself:
See View issues and the dependency tree for more details.
- Click Fix this vulnerability to upgrade (or patch) to fix a specific vulnerability, or click Open a fix PR to to fix multiple issues.
- A preview screen appears, showing a proposed Pull Request (PR), allowing you to decide which vulnerabilities to include:
- Select issues, then scroll down and click Open a Fix PR.
- Snyk now actions this PR, then a results screen appears:
- Optionally, click Files changed to see details of the changes made.
For more information
See Snyk Open Source.