See Snyk and GitHub in action at GitHub Universe
At Snyk, we are committed to building security tools that help developers shift security left to embrace security and quality as early, easily, and efficiently as possible.
With the recent beta release of GitHub Actions, we decided to look at how we could help GitHub users adopt better security controls for DevOps and CI/CD workflows. That’s why we’re excited to announce a set of GitHub Actions for checking your projects for vulnerabilities.
Here’s an example of using Actions to test a Node.js project:
The Actions above will run a one time vulnerability test on your Node.js project. If you want to setup ongoing monitoring of your code, you can use the monitor command, which creates a snapshot of the current dependencies, uploads results to the Snyk UI, and enables continuous monitoring.
In addition to Node.js, we currently have Actions to help you test your applications using:
Snyk at GitHub Universe
We hope you’re able to meet the Snyk team at GitHub Universe in San Francisco (Nov. 13-14). Come see how easy it is to find and fix known vulnerabilities throughout the SDLC for workflows and CI/CD builds directly in your GitHub repository. We’d love to hear your feedback on GitHub Actions at the show or at firstname.lastname@example.org.
If you don’t have a free Snyk account yet, we invite you to sign up now.