We use cookies to ensure you get the best experience on our website.Read moreRead moreGot it

close
  • Products
    • Products
      • Snyk Open Source (SCA)
        Avoid vulnerable dependencies
      • Snyk Code (SAST)
        Secure your code as it’s written
      • Snyk Container
        Keep your base images secure
      • Snyk Infrastructure as Code
        Fix misconfigurations in the cloud
      • Snyk Cloud
        Build, deploy, and stay secure
    • Solutions
      • Application security
        Build secure, stay secure
      • Software supply chain security
        Mitigate supply chain risk
      • Cloud security
        Build and operate securely
    • Platform
      • What is Snyk?
        Developer-first security in action
      • Developer security platform
        Modern security in a single platform
      • Security intelligence
        Comprehensive vulnerability data
      • License compliance management
        Manage open source usage
  • Resources
    • Using Snyk
      • Documentation
      • Vulnerability intelligence
      • Product training
      • Customer success
      • Support portal & FAQ’s
    • learn & connect
      • Blog
      • Community
      • Events & webinars
      • DevSecOps hub
      • Developer & security resources
      • SnykCon
    • Listen to the Cloud Security Podcast, powered by Snyk
  • Company
    • About Snyk
    • Customers
    • Partners
    • Newsroom
    • Snyk Impact
    • Contact us
    • Jobs at Snyk We are hiring
  • Pricing
Log inBook a demoSign up
All articles
  • Application Security
  • Cloud Native Security
  • DevSecOps
  • Engineering
  • Partners
  • Snyk Team
  • Show more
    • Vulnerabilities
    • Product
    • Ecosystems
Product

Fix open source vulnerabilities directly from your Eclipse IDE

Brian VermeerJuly 25, 2019

We are excited to share that developers can now test and monitor their projects for open source vulnerabilities, natively from within their Eclipse IDE (integrated development environment) instance.

As a rule, software developers mainly work from their favorite IDE, and the IDE they prefer is usually one that integrates well with their existing workflow. At Snyk, we also believe tooling should integrate seamlessly with your existing software development process in order to be most efficient. 

For this reason, we have released a Snyk plugin that you can install directly from within Eclipse. Once installed, when you run the security scanning tool, Snyk analyzes the direct and indirect dependencies in your projects, identifies security vulnerabilities and license issues, and reports them back to you with essential details so that you can remediate them more quickly and smoothly.

The power of the Snyk CLI

To implement the Eclipse IDE plugin, we used our existing CLI capabilities to scan the projects in your workspace—enabling you thorough scans, remediation advice, and support for your projects regardless of language or package manager. 

The core business of Snyk is to find and fix vulnerabilities in your project’s dependencies. Through our CLI, Snyk scans your different projects, built through different ecosystems, from within your local development environment. Snyk then automatically detects the type of project you have (language and package manager), creates a dependency tree in order to analyze all direct and indirect dependencies and then validates these dependencies against our proprietary vulnerability database. Based on this analysis, we then show whether a direct or transitive dependency contains a vulnerability, and we also direct you to the most recommended fix available for the issue.

Seamlessly set Eclipse up with the Snyk plugin

Installing the Snyk Vulnerability Scanner for Eclipse is easy. Search for Snyk from the Eclipse Marketplace, click install, follow the instructions and you are good to go.

Once the plugin is installed, open the Snyk view:

Next, authenticate your Eclipse Snyk plugin installation with your Snyk account from the Snyk preferences window: 

Optionally,  add extra directories to the path if the package manager you use in your project is not part of the system path.

Native detection of vulnerabilities within Eclipse

Once configured, click the play button in the Snyk view to scan your entire workspace and receive results for all of the projects currently open.
Alternatively, right-clicka single project from the project root folder and click Snyk test.

For every project scanned, vulnerabilities that are found are displayed in the Snyk View tab. Results are grouped per project, under which every vulnerability occurrence is listed separately, displaying the direct dependency in your project that is affected by the vulnerability. 

Additionally displayed for indirect dependencies is the entire dependency path through which the vulnerability or issue was introduced. 

Finally, displayed from the Fix column is a suggested upgrade if one is available. Snyk always recommends the minimum upgrade possible for the direct dependency to eliminate the vulnerability with the least amount of risk. 

Making security part of your workflow

Just as plugins for unit testing and code quality seamlessly integrate and ease your workflow from within Eclipse, so is the Snyk plugin a powerful tool for developers in creating more secure software. By intercepting and avoiding vulnerable dependencies during the development process, directly from inside the Eclipse IDE, we “shift security left” without ever changing the way you work!.

Getting started

Add the new Snyk plugin from your Eclipse. Read more about the plugin in our Eclipse Snyk plugin overview. 

What’s next

Next steps: just as we offer for so many of our integrations, for Eclipse we too plan on adding an automated fix feature based on recommended fixes when vulnerabilities are found.

Discuss this blog on Discord

Join the DevSecOps Community on Discord to discuss this topic and more with other security-focused practitioners.

Go to Discord
Footer Wave Top
Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment
Develop Fast.
Stay Secure.
Snyk|Open Source Security Platform
Sign up for freeBook a demo

Product

  • Developers & DevOps
  • Vulnerability database
  • Pricing
  • Test with GitHub
  • API status
  • IDE plugins
  • What is Snyk?

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Japanese site
  • Audit services
  • Web stories

Company

  • About
  • Snyk Impact
  • Customers
  • Jobs at Snyk
  • Snyk for government
  • Legal terms
  • Privacy
  • Press kit
  • Events
  • Security and trust
  • Do not sell my personal information

Connect

  • Book a demo
  • Contact us
  • Support
  • Report a new vuln

Security

  • JavaScript Security
  • Container Security
  • Kubernetes Security
  • Application Security
  • Open Source Security
  • Cloud Security
  • Secure SDLC
  • Cloud Native Security
  • Secure coding
  • Python Code Examples
  • JavaScript Code Examples
Snyk|Open Source Security Platform

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Japanese site
  • Audit services
  • Web stories

Track our development

© 2022 Snyk Limited
Registered in England and Wales
Company number: 09677925
Registered address: Highlands House, Basingstoke Road, Spencers Wood, Reading, Berkshire, RG7 1NT.
Footer Wave Bottom