Snyk Documentation

Getting Started

This guide is designed to get you up and running with Snyk in 5 steps.

Step 1 - Sign up

Go to https://snyk.io/ and sign up using a social login. For Enterprise and Pro customers we can integrate with your Single Sign On provider.

 

Step 2 - Integrate & Test your projects

You can integrate with different systems : Source Control (GitHub repositories, Bitbucket Server and GitLab ), Platform As A Service (Heroku, Cloud Foundry, Pivotal Web Services, IBM Cloud), Serverless environments (AWS Lambda). 

The following describes the flow for Github, but it is similar for the other integrations - 

Navigate to the Integrations page and click to connect to GitHub,  grant Snyk the GitHub permissions and choose to give access to public and private repositories, or grant access to public repositories only.

Choose which repositories you want Snyk to test and monitor.

If you have Go, .Net, PHP or use a Source Control that Snyk doesn't integrate with today you can use the CLI to test your projects.

You can also run Snyk as part of your deployment pipeline by scripting the CLI or by using the Jenkins plugin.

 

Step 3 - View your results

Once your projects have imported you can view a summary on the projects page, showing the projects and the number of high, medium and low severity issues that were found in your direct and transitive dependencies. Click through to a particular project to get more information and details of the issues.

If you are a Pro or Enterprise Customer you also have the reporting module, which allows you to see all the issues across all your projects and how quickly issues are being fixed.

On all our paid plans you can also configure to scan and report on license issues.

 

Step 4 - Fix your Vulnerabilities & License Issues

For Javascript, Ruby and Java projects Snyk provides the ability to remediate your vulnerabilities via  fix pull/merge requests. To fix your issues navigate to a project page and click the fix the vulnerability button or to fix multiple issues click the Open a fix PR button.

If you are not responsible for the code base and are a Snyk Pro or Enterprise Customer you can use the Jira integration to pass the details to the relevant team.

 

Step 5 - Continuous Monitoring

Snyk can warn you when a new vulnerability is disclosed or a fix (upgrade or patch) is available that fixes an issue on your project. You can decide the test frequency by updating the frequency setting on the projects page.  The default is to test your project daily, but you can reduce the frequency to weekly, if your project is not critical.

With the Source Code Management integrations Snyk will also test your pull/merge requests to check that new dependencies do not introduce more vulnerabilities.

 

Congratulations, you are up and running!

 

Scaling up

If you want to use Snyk with your wider team Snyk can support enterprise wide rollouts. The Pro and Enterprise plans include support for Single Sign On, and the creation of groups and multiple organisations to organise your teams. 

 

Following up on your Risk

The Pro and Enterprise plans also include reporting, which allow you to track how well your teams are managing the remediation of vulnerabilities over time.