Skip to main content

Launching .NET support for GitHub, Bitbucket and GitLab

Written by:
Ariel Ornstein
Ariel Ornstein
wordpress-sync/Launching-NET-support-for-GitHub-Bitbucket-and-GitLab

February 4, 2019

0 mins read

We are excited to announce that we are now providing .NET source code management support. As of today, Snyk enables importing, scanning and monitoring of .NET projects directly within GitHub, GitLab, and Bitbucket without having to move away to Snyk.

Snyk is committed to helping developers secure their open source code, and we work hard to expand Snyk’s ecosystem and to support additional languages constantly. This launch expands our support to .NET which was already enabled thus far via our CLI and allowed testing projects locally or using it as part of the CI process.

What’s new?

As of today, developers can easily import, test and monitor .NET projects to Snyk directly from GitHub, BitBucket and GitLab.

We split the imported project by target frameworks. In this way, the display from our app clearly shows why each package is used and thereafter, how to apply fixes. Once you import your project, we create a Snyk project for each target framework that is supported by the app. With the relevant target framework in focus, developers can analyze results and begin triaging.

The following image displays how a .NET project is imported and split into the supported target frameworks:

wordpress-sync/Screen-Shot-2019-02-04-at-11.37.40

Once the project is imported, Snyk creates a fully structure dependency tree with direct and transitive dependencies in order to help developers identify the path by which each vulnerability was introduced. The tree is created for each target framework. This allows developers to better understand which packages and versions are used in their code, directly and indirectly.

The following image displays a dependency tree for a .NET Core project:

wordpress-sync/Screen-Shot-2019-02-04-at-11.39.19

Once the tree is ready, the project is tested for vulnerabilities against our Vulnerability database which offers comprehensive data unique to NuGet. If we find a vulnerable package we’ll then point you to the exact package.

After the initial test, we continue to monitor the project on an ongoing basis, based on your configurations. This keeps your code secure from newly discovered vulnerabilities related to the existing packages you use. We notify you when a new relevant vulnerability is discovered or introduced via a new pull request.

What’s next?

Today’s announcement is only the first item on Snyk’s roadmap for extending our offering to the .NET community, which includes remediation functionality, being able to scan more file types and adding integrations with Azure Repos.

For more information on how to use the new functionality, please refer to our .NET support document.

As always, we value our customers’ thoughts and are more than happy to hear your feedback.

Please don’t hesitate to drop us a note at support@snyk.io.

Stay secure!