Instant security information with the Snyk security badge

August 4, 2020 | in Open Source
| By Brian Vermeer

We are excited to announce the Snyk security badge for open source libraries that offers instant security information. This newly introduced item for library maintainers gives users better visibility into the security details. With this badge, you can instantly see whether a library has any vulnerabilities and the level of severity.

At Snyk we know that developers have many things they need to worry about—performance, maintainability, scalability, accessibility, and security are just a few examples. Choosing the right library to depend on is one of the more difficult choices. Snyk provides scanning and security information to help developers keep their projects secure and with this new security badge that displays a library’s security score, the task of choosing the right library becomes an easy one.

How do I get a security badge

The Snyk security badge can be generated for JavaScript, Java, and Python packages. You can generate a badge for JavaScript packages publicly available on npm, Java artifacts available on maven central, or Python packages available on PyPI.

Check our badge creator and incorporate the HTML on your website. The badge includes a link to a detailed security information page explaining what the vulnerabilities are.

Update: Aug 14
If you don’t specify a version below, the badge automatically resolves to the latest published version.

Update: Sep 14
We also support PHP composer packages now.

Badge scores explained

Badges are generated with a score from A to F where A is the highest score and F the lowest. The color-coded letters indicate how secure a library is. 

Snyk security badge with different scores

The score is a very simple but intuitive indication of how the library is doing security-wise.

Calculating the score is quite simple. Snyk distinguishes three severity levels—low, medium, and high. Every low vulnerability gets 1 point, every medium vulnerability 2 points, and every high vulnerability is awarded 4 points.

Accumulating all scores gives the following badge score:

0 point = A
1 point = B
2 – 3 points = C
4 – 5 points = D
6 –  9 points = E
10 or more = F

This means that you only get a green A score badge if your library is free from vulnerabilities. The severity of a vulnerability also plays a huge part in calculating the score. Scores are updated on a daily basis so the badge represents the current status of the library.

Open source security is cool

Are you a maintainer for a JavaScript, Java, or Python package? Make it easy for developers to choose your package over others by providing instant security information.

And don’t forget that scanning your projects with Snyk is free!