Snyk vulnerability scanning is available directly within Visual Studio

Secure development in Visual Studio with Snyk Open Source

We’re pleased to announce our new extension for Visual Studio, making it easier for developers to stay both secure and compliant as they code within their favorite IDE. The extension supports Visual Studio 2015, 2017, and 2019.

Snyk’s new free extension for Visual Studio enables developers to easily find and fix both known vulnerabilities and license issues in their open source dependencies, helping them address security early on and ship secure code faster.

Snyk’s new free extension for Visual Studio enables developers to easily find and fix both known vulnerabilities and license issues in their open source dependencies

Visual Studio 2019 extension key features

Snyk’s Visual Studio 2019 extension identifies security vulnerabilities and license compliance issues in your open source dependencies. It runs automatically and highlights the issues within the IDE so they can be fixed quickly.

  • Easy to use: The extension can easily be installed either from within Visual Studio 2019 itself or via the marketplace. 
  • Comprehensive and actionable: Results show both security vulnerabilities and license issues, together with contextual and actionable remediation information. The extension supports all languages supported by the Snyk CLI: .NET, C#, Java, JavaScript, Python, Ruby, Swift, Objective-C, and Scala.
  • Accurate: The extension is based on the Snyk CLI, which in turn scans your dependencies and correlates finding with the Snyk Intel Vulnerability Database — the most comprehensive, timely, and accurate vulnerability database in the market. 

Getting started

So how do you get started? Easy. You can set up the extension from within Visual Studio 2019 in three simple steps: install, connect and scan!

First, go to Extensions → Manage Extensions from within your IDE, search for Snyk in the Visual Studio marketplace, and click the Download button to begin the installation process. 

When prompted, close Visual Studio, and in the installer window that pops up just hit the Modify button to install the extension.

Snyk can scan for vulnerabilities directly from Visual Code

Next, you need to connect the extension with your Snyk account (if you don’t have one already, create your free Snyk account). 

So open up Visual Studio again, and open the extension’s window by going to View → Other Windows → Snyk, and then click the Connect Visual Studio to Snyk link. A browser tab will open — simply follow the prompts to authenticate with your Snyk account.

Authenticate your Snyk account in Visual Studio

That’s it! All you have to do now is run a Snyk test. 

Click the Run scan button to commence Snyk’s security testing. Within a few seconds, the extension will provide a list of the security vulnerabilities identified in your project. Select one of the vulnerabilities to understand more about the issue and how to fix it.

blog-visual-studio-ext-vulns

Scan results contain a wealth of information to help facilitate a quick fix, including the severity level for the vulnerability (based on CVSS) and the title/type of vulnerability. Additional details about the vulnerability expose how it was introduced by information on available exploits in the wild while an overview of the vulnerability explains how it can be exploited.

In terms of remediation, the Snyk extension will help you fix the vulnerability by recommending the upgrade required. Snyk will always recommend the minimal path required to fix the specific issue to ensure minimal risk of breakage. 

The More about this issue link at the bottom of window leads you to the Snyk Intel Vulnerability Database where you can see additional details on the vulnerability such as its CVE, CWE, CVSS score, and more:

Launch the Snyk Intel Vulnerability Database directly from Visual Studio to dig deep into security vulnerabilities

Stay secure from the very start

Developing fast is a business requirement and using open source is key to maintaining a rapid development pace. But no one wants to be responsible for introducing a vulnerability or a license issue that results in a data breach or legal complications. 

But speed and security don’t have to be mutually exclusive. Scanning code from within the IDE helps developers find and fix issues early on in the development process, even before committing into the code repository, thus helping the organization mitigate risk while also saving valuable development time that would otherwise be wasted later in the process. Download the Snyk Visual Code extension and build securely.

Secure the SDLC for free

The development lifecycle doesn't end at your IDE. Secure your Git repos, CI/CD pipeline, and container registries for free with Snyk.