Support
API docs
Product updates Sign up for free

Git repository cloning for SCM integrations

Feature availability This feature is in Early Access for GitHub, GitHub Enterprise, GitLab, Bitbucket Server, Bitbucket Cloud App, Bitbucket Cloud (Legacy), and Azure Repos integrations.

To enable this feature, you must use Snyk Preview. See Enable Git repository cloning.

Full Git repository cloning allows Snyk to provide more reliable and accurate results when scanning your source code through the SCM integrations, helping you develop fast and stay secure.

How Git cloning supports more reliable results

Traditionally, Snyk has accessed repository contents using SCM APIs, which impose primary and secondary rate limits, and content limits. For example, the GitHub.com APIs are rate-limited to allow only a certain number of requests per hour, and there is a limit on the number of tree entries that can be retrieved from the Git database.

When repository contents are retrieved over these APIs, these limitations inhibit Snyk’s providing a complete analysis in a number of ways, especially across a very large number of repositories, or for repositories containing more than 100,000 files, sometimes referred to as monorepos.

Through cloning, these limitations are removed.

How Git cloning supports more accurate results

The accuracy of results is improved in a number of ways through cloning. Since Snyk can access a complete view of a source code repository at a specific commit SHA, including repositories containing more than 100,000 files, the analysis is also more complete through cloning.

Snyk data ingestion

When Git repository cloning is enabled, Snyk will ingest, through configured SCM integrations, a temporary snapshot of repository contents at a given commit and all commit metadata (including the commit message, authors, and timestamp).

For more information on Snyk data processing and safeguards concerning Git repo cloning, see Cache retention period related to vulnerability source data and Safeguards Snyk puts in place to ensure data is secure.

By enabling this feature, you agree that your Git repository is a Protected Asset as defined in the contract between your company and Snyk.

Git repository cloning protocols

Repositories are cloned using HTTPS. SSH-based clones are currently unavailable.

Flows used in Git repository cloning

PR checks, import, and recurring tests will all make use of Git repository cloning for all Projects imported using an SCM integration.

Snyk Broker interactions

Brokered connections are supported when Git operations are allowed through Broker.

This will override restrictions from accept.json. For more information, see Clone capability with Broker for Docker.

Limitations

Git repository cloning does not support scanning Projects located under the following glob pattern paths:

'**/fixtures',
'**/tests',
'**/__tests__',
'**/test',
'**/__test__',
'**/ci',
'**/node_modules',
'**/bower_components'

The above paths are not supported even when using exclude folders during Project imports.

PreviousOpening fix and upgrade pull requests from a fixed GitHub accountNextSnyk GitHub Enterprise integration

Last updated

More information

Snyk privacy policy

© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.