Eclipse plugin
Use this documentation to get started with the Eclipse plugin.
Snyk offers IDE integrations that allow you to use the functionality of Snyk in your Integrated Development Environment. This page describes the Snyk Eclipse plugin. For information about all of the IDE plugins and their use, see Snyk for IDEs in the docs.
The Snyk Eclipse plugin provides analysis of your code, containers, and Infrastructure as Code configurations.
Snyk scans for vulnerabilities, open source license issues, code quality, and infrastructure misconfigurations and returns results with security issues categorized by issue type and severity.
For open source, you receive automated, algorithm-based fix suggestions for both direct and transitive dependencies. This single plugin provides a Java vulnerability scanner or an open-source security scanner.
Snyk scans for the following types of issues:
- Open Source Security - security vulnerabilities and license issues in both the direct and in-direct (transitive) open-source dependencies pulled into the Snyk Project. See also the
Open Source docs. - Code Security and Code Quality - security vulnerabilities and quality issues in your code. See also the Snyk Code docs.
- Infrastructure as Code (IaC) Security - configuration issues in your IaC templates: Terraform, Kubernetes, CloudFormation, and Azure Resource Manager. See also the Snyk Infrastructure as Code docs.
After you have installed and configured the Eclipse plugin, every time you run it, open a file, or autosave, Snyk scans the manifest files, proprietary code, and configuration files in your project. Snyk delivers actionable vulnerability, license, code quality, or misconfiguration issue details and displays the results natively within the Eclipse UI.
This page explains supported environments, support, and giving feedback and provides installation instructions. After you complete the steps on this page, you will continue by following the instructions in the other Eclipse plugins docs:
- Eclipse Marketplace (recommended): https://marketplace.eclipse.org/content/snyk-security-code%E2%80%8B-open-source%E2%80%8B-iac-configurations
- Preview update site (CI/CD, on commit): https://storage.googleapis.com/snyk-eclipse-plugin-test/preview/repository/
Signing Information for Jars
If you want to verify the correct provenance of your download, please verify the signing details from the Eclipse dialog with this data.
.png?alt=media)
The signing key details to verify the integrity and origin of the download plugin
The plugin runs on
- macOS
- Linux
- Windows
- 2022-06
- 2022-03
- 2021-12
- 2021-09
- 2021-06
- 2021-03
- For Snyk Open Source, the Eclipse plugin supports the languages and package managers supported by Snyk Open Source and the CLI except C/C++. See Open Source - Supported languages and package managers.
- For Snyk IaC, the Eclipse plugin supports the following IaC templates: Terraform, Kubernetes, CloudFormation, and Azure Resource Manager.
Navigate to the Marketplace from your running Eclipse instance. Search for Snyk and click Install.
Eclipse Marketplace search showing Snyk plugin and Install button
When prompted accept the license agreement add the Snyk Security certificate to complete the installation (this happens only once).
Add Snyk Security certificate
Restart the Eclipse instance:
Restart Eclipse
Once Eclipse is restarted, the Snyk Wizard should run; this will setup your Snyk API endpoint and authentication token:
Once the Snyk configuration wizard runs; follow the instructions to set up your Snyk API:
Snyk configuration wizard
Once the Snyk is configured, navigate to Eclipse Preferences to ensure that Snyk now appears in the list:
Eclipse preferences showing Snyk.
When you open the preferences you can opt out of downloading the CLI through the plugin and thus use your own installation of the CLI.