Skip to content

snyk.md

Latest commit

 

History

History
72 lines (56 loc) · 1.28 KB

snyk.md

File metadata and controls

72 lines (56 loc) · 1.28 KB

Snyk is a developer-first security platform that helps find and fix vulnerabilities in:

  • Open-source dependencies (SCA – Software Composition Analysis)
  • Container images (Docker, Kubernetes)
  • Infrastructure as Code (IaC) (Terraform, Kubernetes manifests, Helm charts)
  • Code scanning (SAST)

It integrates seamlessly into developer workflows (CLI, IDEs, GitHub, GitLab, Jenkins, etc.) to enforce shift-left security in the SDLC.

Setup

sudo apt update
sudo apt install npm
sudo npm install -g snyk
snyk --version

Now you have to make an account(there is free tier available)

snyk auth

Usage

Open-Source Dependency Scanning - Run in a project directory (with package.json, requirements.txt, pom.xml)

snyk test

Or to monitor continuosly

snyk monitor

Container Image Scanning

snyk container test <image-name>

Infrastructure as Code (IaC) Scanning

Scan Terraform, Kubernetes, or Helm configs

snyk iac test

Source Code (SAST) Scanning

snyk code test

Ignore Vulnerabilities

snyk ignore

Back to the section