Git: Azure Repos & GitHub
Scan: Detect existing vulnerabilities in your projects by scanning the Azure Repos or GitHub. Each vulnerability is displayed with actionable details, including enriched content about the context in which it was introduced and the vulnerable function within the package, thereby accelerating triaging.
Prevent: Snyk ensures developers’ pull requests (PR) do not introduce new open source vulnerabilities. Each new pull request is scanned within Azure Repos or GitHub before being merged to verify that the PR does not introduce new vulnerabilities.
Fix: Snyk calculates the required fix for both direct and transitive dependencies and automatically populates a fix pull request with the required upgrades or patches, all from within the Azure Repos or GitHub workflow.
Monitor: Snyk monitors the imported projects on a daily basis and notifies developers whenever new vulnerabilities are disclosed. Policies can be defined to configure the vulnerability severity level that fails the merge.
Build: Azure Pipelines
Test: As part of the build process, Snyk scans your application dependencies for open source vulnerabilities.
Prevent: Snyk can gate the build process to prevent vulnerabilities from going through the build.
Monitor: Snyk saves a snapshot of the dependencies of the application, monitors it and sends notifications for new issues.
Container security: Azure Container Registry
Scan & monitor: Snyk scans all container images for vulnerabilities directly from within Azure Container Registry and monitors the images for any newly disclosed vulnerabilities.
Prevent: The build process for new container images is prevented if those images contain vulnerabilities that do not meet the policy that you configured.
Fix: Snyk provides actionable base image advice to enable you to eliminate as many vulnerabilities in your image as possible.
Serverless: Azure Functions
Scan: Snyk scans the applications running on Azure Functions to detect vulnerabilities and provide a detailed view of the security posture of the running applications.
Monitor: Regularly scans the running applications to alert whenever new vulnerabilities are discovered.
Prevent: Snyk gates your deployment to make sure no new vulnerabilities are introduced to the environment.