search
SupportSnyk LearnAPI referenceProduct updatesSign up for free
githubEdit

Using FIPS-validated cryptography

hashtag
Availability of FIPS-validated cryptography in Snyk

Support for use of FIPS-validated cryptography is limited to the Windows and Linux operating systems.

Operating System
FIPS support

Windows

Linux

Alpine

macOS

hashtag
FIPS-validated cryptography support and use in the Snyk CLI and Snyk Language Server

To optimize the developer experience, Snyk is combining the Snyk Language Server and the Snyk CLI. As a first step, Snyk is bringing FIPS binaries under one application. Later also non-FIPS CLI binaries will be used for Snyk Language Server.

The Snyk Language Server can now be executed as a CLI command.

> snyk language-server

# instead of 
> snyk-ls

As a consequence, instructions for using FIPS-validated cryptography are the same for the CLI and the Language Server.

hashtag
Prerequisites for FIPS-cryptography in the CLI and Snyk Language Server

Linux operating systems

On Linux, Snyk supports FIPS-validated cryptography through OpenSSL and its validated FIPS provider.

Ensure that your Linux system has OpenSSL installed and configured to meet FIPS validation requirements. For information about how to accomplish this, see the documentation from the OpenSSL projectarrow-up-right.

Windows operating systems

On Windows, Snyk supports FIPS-validated cryptography through the Windows CNG API.

To enable FIPS on Windows, use the Windows FIPS policyarrow-up-right.

For testing, FIPS can be enabled using the following registry key HKLM\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy by setting the value of Enabled to 1.

hashtag
Download FIPS-enabled binaries

Snyk binaries are available with and without FIPS support. They are all hosted on downloads.snyk.io, differentiated by their Base URL.

FIPS Base URL: https://downloads.snyk.io/fips/

Regular Base URL: https://downloads.snyk.io/

All instructions on how to install and use Snyk remain the same. The only required change is using the appropriate Base URL.

hashtag
Example of downloading and running the FIPS-enabled Snyk CLI

The example that follows uses a Microsoft Marinerarrow-up-right image to download and run the FIPS-enabled Snyk CLI.

hashtag
Troubleshooting FIPS-cryptography in the Snyk CLI

not in FIPS mode errors indicate that the underlying cryptography library is not in FIPS mode. To solve these issues ensure that the prerequisites are met.

hashtag
FIPS-validated cryptography support and use in IDE Integrations

hashtag
Visual Studio Code

To make use of FIPS-validated cryptography in the Snyk Visual Studio Code integration, do the following:

hashtag
Eclipse

To make use of FIPS-validated cryptography in the Snyk Eclipse integration, do the following:

hashtag
JetBrains

To make use of FIPS-validated cryptography in the Snyk JetBrains integration, do the following:

hashtag
Visual Studio

To make use of FIPS-validated cryptography in the Snyk Visual Studio integration do the following:

hashtag
FIPS-validated cryptography support and use in CI/CD Integrations

FIPS in CI/CD Integrations is available only by using a FIPS-enabled CLI directly.

hashtag
FIPS-validated cryptography support and use in Package Repositories

The Artifactory Gatekeeper plugin uses the Snyk API and runs on a Java VM. To make use of FIPS-validated cryptography, configure the Java Runtime to use a FIPS-validated JCE (Java Cryptography Extension)arrow-up-right.

PreviousSecuring data at restNextCode execution warning for Snyk CLI

Last updated

Was this helpful?