If Snyk is not completing monitoring correctly (or not triggered at all) when running your Azure pipeline(s), you may need to upgrade to the latest Snyk plugin version.
There are two processes to do this: one for the Classic Azure UI view and updating the YAML style pipeline directly.
Although Azure documentation indicates the customers won't be automatically upgraded from one major version to the next (in our case, v0 to v1), it seems that they are. The v0 YAML should work fine with v1, however, it is possible that the Classic UI does not properly upgrade due to the change in parameters from v0 to v1.
You need to upgrade to version 1.0.0 (or higher) and the way to do it is by selecting the v1 in the UI (Fail build if Snyk finds issues):
Here’s an equivalent one with the Fail build if Snyk finds the issues option unchecked:
Note: if 1.* does not appear in the
Task version field, you may need to manually upgrade their extension. This is done at the org level with Azure DevOps in Organization settings → Extensions.
YAML Style Pipeline
On the other hand, if you are not not using the classic UI in Azure, you need to use the v1 task in their pipeline. For example, in YAML, it looks something like this:
- task: SnykSecurityScan@1 inputs: serviceConnectionEndpoint: 'mySnykToken' testType: 'app' failOnIssues: false monitorWhen: 'always'
See the @1 in the first line. Previously, that would have been @0
The new parameter
monitorWhen: 'always' will make Snyk to always monitor the project is being run in the pipeline to publish the changes to the Snyk UI.
Note: if experiencing errors with using
SnykSecurityScan@1, you may need to manually upgrade their extension to version
1.0.0 or higher. This is done at the org level with Azure DevOps in Organization settings → Extensions.