Instant security information with the Snyk security badge
We are excited to announce the Snyk security badge for open source libraries that offers instant security information. This newly introduced item for library maintainers gives users better visibility into the security details. With this badge, you can instantly see whether a library has any vulnerabilities and the level of severity.
At Snyk we know that developers have many things they need to worry about—performance, maintainability, scalability, accessibility, and security are just a few examples. Choosing the right library to depend on is one of the more difficult choices. Snyk provides scanning and security information to help developers keep their projects secure and with this new security badge that displays a library’s security score, the task of choosing the right library becomes an easy one.
How do I get a security badge
Check our badge creator and incorporate the HTML on your website. The badge includes a link to a detailed security information page explaining what the vulnerabilities are.
Update: Aug 14
If you don’t specify a version below, the badge automatically resolves to the latest published version.
Update: Sep 14
We also support PHP composer packages now.
Badge scores explained
Badges are generated with a score from A to F where A is the highest score and F the lowest. The color-coded letters indicate how secure a library is.
The score is a very simple but intuitive indication of how the library is doing security-wise.
Calculating the score is quite simple. Snyk distinguishes three severity levels—low, medium, and high. Every low vulnerability gets 1 point, every medium vulnerability 2 points, and every high vulnerability is awarded 4 points.
Accumulating all scores gives the following badge score:
0 point = A
1 point = B
2 – 3 points = C
4 – 5 points = D
6 – 9 points = E
10 or more = F
This means that you only get a green A score badge if your library is free from vulnerabilities. The severity of a vulnerability also plays a huge part in calculating the score. Scores are updated on a daily basis so the badge represents the current status of the library.
Open source security is cool
And don’t forget that scanning your projects with Snyk is free!