Skip to main content

Automating open source security scanning with Snyk and CircleCI

Écrit par:
Hayley Denbraver

Hayley Denbraver

wordpress-sync/snyk-default-blog-hero-image

16 août 2019

0 minutes de lecture

At Snyk, we are committed to building developer-friendly security tools that seek to meet developers where they are already working. This includes broad language support and integration with tools and services that developers already use and love. In that spirit, we are excited to announce that Snyk has partnered with CircleCI to help you use open source and stay secure.

CircleCI empowers developers to automate their pipeline from commit to deploy. They also offer first-class Docker support. CircleCI provides fast performance, complete control, and unparalleled flexibility in creating your CI/CD pipeline. And now, it is easier than ever to use Snyk alongside CircleCI thanks to our new Snyk CircleCI Orb.

What is an Orb?

CircleCI Orbs are shareable packages of CircleCI configuration that you use in your builds.

Orbs define reusable commands, executors, and jobs so that commonly used pieces of configuration can be condensed into a single line of code.

Orbs can be used across multiple projects. For example, check out these Orbs that help you utilize AWS-s3 and Helm. Orbs are contributed by the community and by CircleCI partners (like Snyk!).

More about the Snyk Orb

Snyk is delighted to launch a CircleCI Orb to make it even easier for our users to incorporate Snyk into their CircleCI workflows. By utilizing this orb in your project workflows, Snyk tests, fixes and monitors your project for vulnerabilities in the app dependencies and Docker images, all with a single command. You can set thresholds for vulnerability tolerance in your app or Docker image (and fail the workflows when threshold is exceeded), apply proprietary Snyk patches, and save dependency snapshots on the snyk.io app for continuous monitoring and alerting. You can learn more about the orb in our GitHub repository.

Try it today!

Are you new to Snyk? Try it for free and see what vulnerabilities exist in your application.

Already a user? That’s awesome! Consider upgrading to a paid plan, which offers an API key, allowing you to take advantage of our orb.

You can learn more about the Snyk Orb here and download it today.

wordpress-sync/snyk-default-blog-hero-image

Vous voulez l’essayer par vous-même ?

500 devs to 1 security professional is the reality of today. The security pro’s role must transform into an aware, knowledgeable, supportive partner capable of empowering developers to make security decisions.