Get started with Snyk Code to find, prioritize and fix potential vulnerabilities in your proprietary code.
Snyk Code is disabled by default, so you must enable it for each organization:
- Log in to Snyk.io.
- Select Settings > Snyk Code.
- Under Detect issues in your code, change Disabled to Enabled:
- Click Save changes.
Choose a source code integration, to allow Snyk to work on a project.
- Log in to Snyk.io.
- Select Integrations > Source control.
- Click the source control system (for example, GitHub) to integrate with Snyk:
- Fill in the account credentials as prompted (or authenticate with your account in GitHub), to grant Snyk access permissions for integration.
See DevOps integrations & languages for more details
Add projects to test with Snyk, by choosing repositories for Snyk to test and monitor.
- Select Projects from snyk.io.
- Select the tool to add the project from (for example GitHub):
- In Personal and Organization repositories, select the repositories to use:
- Click Add selected repositories to import the selected repositories into your projects. This sets Snyk to run a regular check (daily by default) for your proprietary code vulnerabilities.
- A progress bar appears: click View log to see log results.
- Project import completes.
See Snyk projects for more details.
You can now view vulnerability results for imported projects. The Projects tab appears by default after import, showing vulnerability information for projects you've imported.
- Click on an imported project to see vulnerability information for that project, including the number of issues found, grouped by severity :
- Click on an entry to open the issues view for that entry. For each issue, this shows the exploitable code snippet and a description of the code flaw that may lead to this vulnerability if not fixed:
See View project information for more details.
Click Full Details on an issue to view more details about it, such as:
- Data Flow: The issue's taint flow from the source (the user input) to the sink (the operation that needs to receive clean input and can be exploited otherwise).
- Remediation Strategy: An area that focuses on how to fix the problem with more details, references and code samples related to it.