Snyk is Now Integrated with Chrome's Lighthouse
Snyk and Lighthouse
Lighthouse is an open-source automated tool from Google Chrome that tests websites against a suite of best-practices and metrics, providing a detailed report so developers can see exactly how they stack up, and how to improve. Lighthouse can be used as a browser extension, node module and now even powers the auditing functionality in the developer tools built directly into Google Chrome.
Lighthouse is a fantastic way for developers to spot problem areas that are all too easy to miss: things like accessibility and performance, which are critical, but also invisible. Security was already represented with tests for HTTPS support, but the Lighthouse team wanted to help developers be even more secure.
When you audit your site, Lighthouse looks for what libraries you’re using, and their versions. Then it checks against Snyk’s database to see if there are known security issues. If there are, your sites audit score will be docked, and you’ll be presented with information about the vulnerabilities, with a link to Snyk so that you can learn more and get the issues resolved.
You can try it out today in Google Chrome Canary—no extra install required, it’s baked in by default. It’ll be making it’s way to Google Chrome itself soon.
Increasing Awareness of Known Vulnerabilities
Lighthouse is a tool your front-end teams will likely be using already (or if they’re not, should be). And with the new Snyk integration, they’ll get critical information about potential security issues built into the rest of their auditing making it easier to take action.
While Lighthouse checks what was delivered (looking at the page itself), the best place to spot vulnerable libraries is before they ever make it to production. The earlier you find vulnerable libraries, the easier it is to address through fixing and upgrades.