Getting started with Snyk: Free / Team plan
In this guide, we’ll look at how you can try a few scans to see the results.
Snyk has a number of tools and processes that help secure your entire software development lifecycle. With Snyk, you can scan while you’re coding. You can also monitor code when you’re not working on it. Snyk also provides visibility into issues across your projects with a git repository integration. And Snyk can integrate into CI/CD through integrations, the CLI, or curated containers.
For individuals and small teams, we recommend scanning in the local environment to get started.
The tool that best serves your tech stack, environment, and workflow will depend on your individual circumstances. See the tech stack implementation guides for more details.
To learn more about choosing the integration points within the software development lifecycle that work best for you and your current level of security maturity, see Ways to integrate Snyk at your company course in Snyk Training.
This guide explains how to test a sample or single project in your local development environment or by using the Snyk CLI.
Snyk free plan provides limited free tests per month. For unlimited tests, consider a paid plan.
You need a Snyk account to use Snyk functionality, even within your local environment. Create a free account to try out a project. If your organization is already using Snyk, you may be able to log in via single sign-on to be provisioned with a Snyk account (see Logging in to an existing account).
To scan a single project in your local development environment, you need to use a Snyk plugin or extension with your IDE. You also need to authenticate the plugin or extension with your Snyk account, demonstrated in this video.
Install IDE and authenticate to Snyk
When authenticating the IDE, you may see a warning about scanning folders you trust. Because Snyk is executing code, such as invoking the package manager to get dependency information, you’ll need to trust the folder you’re scanning to continue.
A scan with the Snyk IDE plugin or extension in a local project surfaces information about open source package issues, including fix advice.
Review open source dependency issues video
Scanning with the Snyk IDE plugin or extension in a local project also surfaces information about code issues, including example fixes.
Review code issues video
Some package managers rely on context from the local environment, so testing in the local environment or as part of the CI/CD pipeline provides the most accurate results.
You need to install the Snyk CLI. Once installed, you need to authenticate it to your Snyk account, demonstrated in this video.
Authenticate CLI video
A scan with Snyk test surfaces information about open source package issues, including fix advice, demonstrated in this video.
Snyk test video
A scan with Snyk code test runs a Static Code Analysis test on the code in that project, and returns the list of detected vulnerability issues, general information about the test, and a summary of the test findings.
A scan with Snyk container test returns a list of vulnerabilities in the container image, along with recommendations for upgrading the base image for one that is more secure.
A scan with Snyk iac test returns advice on how to resolve discovered issues in your Infrastructure as Code files.
- When you are ready to start scanning more applications, read the Preparing for implementation guide: Free / Team plan.
- To get specific recommendations for your tech stack, read the guide specific to your language.
- If you decide you want to expand Snyk usage throughout your business, and involve more teams in Snyk, read the Getting started with Snyk: Enterprise plan.
Last modified 7d ago