Get started with Snyk Code to find, prioritize and fix potential vulnerabilities in your proprietary code.
- A Snyk account.
- Snyk Open Source or Snyk Container installed (as currently Snyk Code is distributed as an add-on).
- One of the following supported source code management systems (SCMs): GitHub cloud, BitBucket cloud, Gitlab cloud.
Snyk Code is disabled by default, so you must enable it for each organization:
- Log in to Snyk.io.
- Select Settings > Snyk Code.
- Under Detect issues in your code, change Disabled to Enabled:
- Click Save changes.
Choose a source code integration, to allow Snyk to work on a project.
- Log in to Snyk.io.
- Select Integrations > Source control.
- Click the source control system (for example, GitHub) to integrate with Snyk:
- Fill in the account credentials as prompted (or authenticate with your account in GitHub), to grant Snyk access permissions for integration.
Add projects to test with Snyk, by choosing repositories for Snyk to test and monitor.
- Select Projects from snyk.io.
- Select the tool to add the project from (for example GitHub):
- In Personal and Organization repositories, select the repositories to use:
- Click Add selected repositories to import the selected repositories into your projects. This sets Snyk to run a regular check (daily by default) for your proprietary code vulnerabilities.
- A progress bar appears: click View log to see log results.
- Project import completes.
You can now view vulnerability results for imported projects.
- Select Projects, then click on the imported project entry, to see vulnerability information for that project, including the number of high, medium and low severity issues found:
- Click on a project to see more information, including the exploitable code snippet and a description of the code flaw that may lead to this vulnerability if not fixed:
Click Full Details on an issue to view more details about it, such as:
- Data Flow: The issue's taint flow from the source (the user input) to the sink (the operation that needs to receive clean input and can be exploited otherwise).
- Remediation Strategy: An area that focuses on how to fix the problem with more details, references and code samples related to it.
For more information
- Developer-first SAST with Snyk Code
- SAST vs DAST