August 4, 20200 mins read
We are excited to announce the Snyk security badge for open source libraries that offers instant security information. This newly introduced item for library maintainers gives users better visibility into the security details. With this badge, you can instantly see whether a library has any vulnerabilities and the level of severity.
At Snyk we know that developers have many things they need to worry about—performance, maintainability, scalability, accessibility, and security are just a few examples. Choosing the right library to depend on is one of the more difficult choices. Snyk provides scanning and security information to help developers keep their projects secure and with this new security badge that displays a library’s security score, the task of choosing the right library becomes an easy one.
How do I get a security badge
Update: Aug 14 — If you don't specify a version below, the badge automatically resolves to the latest published version.
Update: Sep 14 — We also support PHP composer packages now.
Badge scores explained
Badges are generated with a score from A to F where A is the highest score and F the lowest. The color-coded letters indicate how secure a library is.
The score is a very simple but intuitive indication of how the library is doing security-wise.
Calculating the score is quite simple. Snyk distinguishes three severity levels—low, medium, and high. Every low vulnerability gets 1 point, every medium vulnerability 2 points, and every high vulnerability is awarded 4 points.
Accumulating all scores gives the following badge score:
0 point = A1 point = B2 - 3 points = C4 - 5 points = D6 - 9 points = E10 or more = F
This means that you only get a green A score badge if your library is free from vulnerabilities. The severity of a vulnerability also plays a huge part in calculating the score. Scores are updated on a daily basis so the badge represents the current status of the library.
Open source security is cool
And don’t forget that scanning your projects with Snyk is free!