Ensure you have:
- Access to a relevant container registry to use with Snyk.
Snyk supports registries including , Amazon Elastic Container Registry (ECR), Google Container Registry (GCR), Microsoft Azure Container Registry (ACR), and JFrog Artifactory.
Alternatively, access to Kubernetes if you select that as an integration.
- A Snyk account (go to https://snyk.io/ and sign up).
See Prerequisites for more details.
Choose a container registry integration, to connect the registry with Snyk:
- Log in to Snyk.io.
- Select Integrations.
- Select a Container registries entry.
- Click the entry to integrate with Snyk:
- Fill in the account credentials and other details as prompted, then save the changes, to integrate this entry with Snyk:
Add projects for your selected container, to start scanning with Snyk.
- Click Add Project, and select the integration registry entry to add from:
- Select the container repository and tags to import, then click Add selected repositories to import them into your projects:
Importing also sets Snyk to run a daily check on the repositories for vulnerabilities.
- A progress bar appears: click View log to see log results.
You can now see vulnerability results for imported projects.
- Select Projects, then click on the imported project entry under its registry record, to see vulnerability information for that project.
Here you can see a summary of the severity of the detected vulnerabilities.
- Click on an entry to see details of vulnerabilities found:
See Analysis and remediation for your images from the Snyk app for more details.
- Fix issues found, based on Snyk recommendations.
- Rebuild your image.
- Snyk automatically rescans your new image after it is pushed.
For more information
See Snyk Container.