Visual Studio Code extension

The Snyk Visual Studio Code plugin scans and provides analysis of your code, including open-source dependencies and infrastructure as code configurations. Download the plugin at any time free of charge and use it with any Snyk account. Scan your code early in the development lifecycle to help you pass security reviews and avoid costly fixes later in the development cycle.

Snyk scans for vulnerabilities and returns results with security issues categorized by issue type and severity.

For open source, you receive automated algorithm-based fix suggestions for both direct and transitive dependencies.

Results appear in context, in line with the code in your IDE.

This single plugin provides a Java vulnerability scanner, a custom code vulnerability scanner, and an open-source security scanner.

In using the Visual Studio Code extension, you have the advantage of relying on the Snyk Vulnerability Database. You also have available the Snyk Code AI Engine.

Snyk scans for the following types of issues:

• Open Source Security - security vulnerabilities and license issues in both direct and indirect (transitive) open-source dependencies pulled into the Snyk Project. See also the Open Source docs.

• Code Security - security vulnerabilities in your own code. See also the Snyk Code docs.

• Infrastructure as Code (IaC) Security - configuration issues in your IaC templates: Terraform, Kubernetes, CloudFormation, and Azure Resource Manager. See also the IaC docs.

This page explains the installation of the Visual Studio Code extension. After you complete the steps on this page, continue by following the instructions in the other Visual Studio Code extension docs:

• Visual Studio Code extension configuration

• Visual Studio Code extension authentication

• Run an analysis with Visual Studio Code extension

• View analysis results from Visual Studio Code extension

• Troubleshooting and known issues with Visual Studio Code extension

Supported languages, package managers, and frameworks

Supported languages and frameworks include C#, JavaScript, TypeScript, Java, Go, Ruby, Python, Ruby, PHP, Scala, Swift, Objective-C, Kubernetes, Terraform, CloudFormation, Azure Resource Manager (ARM)

• For Snyk Open Source, the VS Code extension supports all the languages and package managers supported by Snyk Open Source and the CLI.

• For Snyk Code, the VS Code extension supports all the languages and frameworks supported by Snyk Code. Before scanning your repositories with Snyk Code, ensure you have enabled Snyk Code.

See Supported languages and frameworks for more details.

Supported operating systems and architecture

You can use the Snyk Visual Studio Code extension in the following environments:

• Linux: AMD64 and ARM64

• Windows: 386 and AMD64

• macOS: AMD64 and ARM64

Install the extension

The Snyk Visual Studio Code extension is available for installation on the Visual Studio code marketplace.

Follow these steps to install:

• Open the settings or preferences in your IDE.

• Navigate to the Snyk Extension on the Visual Studio Code Marketplace and click Install. For more information, see the installation instructions.

• Configure the Snyk CLI (downloaded when the extension in installed); see Visual Studio Code extension configuration.

• Authenticate with Snyk; see Visual Studio Code extension authentication. For additional information, including how to authenticate using your API token, see Authenticate the CLI with your account.

• Navigate back to the IDE; the first scan starts automatically.

Support

If you need help, submit a request to Snyk Support.