Azure Pipelines integration using the Snyk Security Scan task

Snyk enables security across the Microsoft Azure ecosystem, including Azure Pipelines, by automatically finding and fixing application and container vulnerabilities.

The Snyk Security Scan task is available for all languages supported by Snyk and Azure DevOps.

Ready-to-use tasks for Azure Pipelines can be inserted quickly and directly from the Azure interface, enabling you to customize and automate your pipelines with no extra coding. Among the tasks included is the Snyk task.

You can include the Snyk task in your pipeline to test for security vulnerabilities and open-source license issues as part of your routine work. In this way, you can test and monitor your application dependencies and container images for security vulnerabilities. When the testing is done you can review and work with results directly from the Azure Pipelines output, as well as from the Snyk interface.

For setup and use details, see the following pages:

• How the Snyk Security Scan task works

• Install the Snyk extension for your Azure pipelines

• Add the Snyk Security Task to your pipelines

• Snyk Security Scan task parameters and values

• Custom API endpoints

• Example of a Snyk task to test a node.js (npm)-based application

• Simple example of a Snyk task to test an application

• Example of a Snyk task for a container image pipeline

• Simple example of a Snyk task to test a container image

• Example of a Snyk test to test application code

• Simple example of a Snyk task to run code test