Snyk Documentation

Install the Snyk plugin

To install our plugin, first download the archived (.zip) distribution of the Snyk Security Artifactory plugin.

This archive contains the following structure, files and folders:

*plugins

snykSecurityPlugin.groovy—our plugin

snykSecurityPlugin.properties—the configuration file for the plugin

*lib—this is the folder that contains the dependencies for this plugin.

artifactory-snyk-security-core.jar

Install or upgrade the Snyk Security plugin with these steps. Once complete, Snyk automatically scans your artifacts every time you request to download them.

To install our Snyk plugin:

    1. Go to your Snyk account and navigate to Settings to locate, copy and save the following on the side:
      • service account token
      • the Organization ID for (any) one of your organizations
    2. Go to our repo in GitHub and navigate to the Releases.
    3. From the most current release, open the Assets section to download the artifactory-snyk-security-plugin-<version>.zip archive.
    4. Extract the folders and files and move the contents of the plugins folder to /artifactory/etc/plugins
    5. Right-click the snykSecurityPlugin.properties file to open and edit it with any text editor.
      The file contents appear as in the image:


      Note: When a backup file is created for the .properties file, Artifactory cannot recognize the difference between the original and the new file. Therefore, disable any backup features configured for the editor you choose before editing the file.
      The following properties can be configured in this file:

      • snyk.api.url—on-prem customers should update the URL of their Snyk API endpoint based on their Snyk deployment; other users need not configure a URL.
      • snyk.api.token—this property is mandatory and must be configured in order for Snyk to authenticate your account, before scanning your artifacts.
      • Snyk.api.organisation—this property is mandatory and must be configured in order for Snyk to authenticate your account, along with your API token. Because this plugin does not import any data to your Snyk account, you can use the ID from any of your organizations.
      • snyk.artifactory.scanner.vulnerability.threshold—default is *low*. Valid values include low, medium, high. Manually update the configuration based on your needs.snyk.artifactory.scanner.license.threshold—default is *low*. Valid values include low, medium, high. Manually update the configuration based on your needs.
    6. Paste the token and the organization ID in place of the sample values for each of the parameters.
    7. Copy and paste the plugin into `${ARTIFACTORY_HOME}/etc/plugins/`
    8. Restart your Artifactory server.
      Note: Refresh now or Reload is not sufficient. Artifactory must be restarted.
    9. Log in to your Artifactory instance and navigate to the System Logs to double-check Snyk has been installed successfully.