Snyk Security - Code,​ Open Source,​ IaC Configurations

Secure development for developers and teams

Snyk Security finds and fixes security vulnerabilities in your projects early in the development lifecycle to help you ace your security reviews and avoid a costly fix later down the line. If you’re an individual developer, open-source contributor, or maintainer at a large organization, Snyk helps you ship secure code, faster.

Snyk scans for issue types around:

• Open Source Security - security vulnerabilities in both the direct and in-direct (transitive) open-source dependencies you are pulling into the project.
• Code Security - security vulnerabilities identified in your own code.
• Infrastructure as Code (IaC) Security - configuration issues in your IaC templates (Terraform, Kubernetes, CloudFormation, and Azure Resource Manager)
• Code Quality - code quality issues in your own code

Secure your code
Comprehensive security for open-source dependencies—all in one plugin. Whether you’re looking for a Java vulnerability scanner or an open-source security scanner.

Fast, free and accurate results
Get security analysis of your code, containers, and configurations with a free Snyk account. Snyk scans for vulnerabilities and misconfigurations in seconds. When returning your results, Snyk Security categorizes security issues by issue type and severity.

Easy and actionable fixes in your IDE
Get instant context on the issue, impact, and fix guidance in line with code from within your favorite IDE.  For open-source, receive automated algorithm-based fix suggestions for both direct and transitive dependencies.

Snyk Security Supported Languages and Formats:

• For Snyk Open Source, the Eclipse plugin supports all the languages and package managers supported by Snyk Open Source and the CLI. See the full list.
• For Snyk Code, the Eclipse plugin supports all the languages and frameworks supported by Snyk Code.
• For Snyk IaC, the Eclipse plugin supports the following IaC templates: Terraform, Kubernetes, CloudFormation, and Azure Resource Manager

Speed up security
By fixing issues early, Snyk Security helps you ace security reviews later down the line and avoid time-intensive or costly fixes downstream in a build process.

Stay in flow
With automated and guided fixes in-line with code, Snyk provides the context and know-how to apply a fix while keeping you in your IDE.

Snyk Vulnerability Database
Snyk Security relies on the Snyk Vulnerability DB, the most comprehensive, accurate, and timely database for open source vulnerabilities. With 370% better coverage than the next largest publicly available database and 25 days faster vulnerability discovery than Github’s advisory DB. In the case of Javascript vulnerabilities, 92.5% were disclosed faster than the NVD.

How to install:

Navigate to the Marketplace from within your running Eclipse instance. Search for Snyk and click Install. If in doubt, we've provided detailed information on how to install the plugin and what happens after install in our documentation.

FAQ:

Q: What do I need to use Snyk Security?
A: Snyk plugins require an API token to connect Snyk’s security database with your IDE. If you haven’t already, sign up for a free Snyk account to get your token.

Q: How do I install Snyk Security?
A: Open the Eclipse Marketplace in the Help menu, search for ‘Snyk Security’ in the Marketplace tab and click Install. Once your IDE has reloaded you can authenticate with Snyk, from there your first security scan will automatically kick off.

Q: Why should I test in my IDE?
A: Testing your code within your IDE ensures you are identifying issues early on in development as opposed to finding them later in the process, when it is much more time intensive and costly to fix.

“If you aren't addressing problems during the developer workflow and you're finding them and dealing with them in QA, it will take you 10 times longer to fix. That’s where Snyk comes in.” Ryan Kimber, Founder and CEO, FormHero

Q: Is Snyk Security free?  
A: Yes! Anyone can use Snyk Security with a free Snyk account. First, install, and then authenticate with Snyk.
If you already have a Snyk account, you can connect your Snyk JetBrains plugin back to Snyk in a few clicks. If you’re new to Snyk, you can signup for a free account and follow the install instructions to authenticate from there. 

Q: Are there limitations on the number of tests I can run?
A: Free Snyk accounts give you 200 Open Source tests, 300 IaC tests, and 100 Code tests monthly. If you’re working on an open source project OR have any paid plan with Snyk, there are no limitations on tests.

Q: Can I run Snyk Security locally?
A: The plugin operates using the Snyk Language Server. Once Snyk Security is  installed, it will automatically download the latest version of the Snyk Language Server and use it to run scans.

Q: Does Snyk Security work in multiple IDEs?
A: Yes, Snyk also has plugins for all JetBrains IDEs, VS Code, and Visual Studio. You can see all Snyk IDE extensions available here.

Q: I have feedback on the plugin, how do I report it?
A: You can always use the official’s Snyk support channel to open a ticket.