SupportAPI docsProduct updatesSign up for free
Search…
Snyk User Documentation
Introducing Snyk
Implementing Snyk in your teams
Getting started
Snyk Web UI
Snyk CLI
Snyk API
Snyk for IDEs
Snyk Apps
Snyk Integrations
Managing integrations
Snyk CI/CD Integration
AWS CodePipeline integration
Azure Pipelines integration
Bitbucket Pipelines integration
CircleCI integration
GitHub Actions integration
Jenkins integration
Terraform Cloud integration for IaC
Maven integration
TeamCity integration
Snyk Webhooks
Git repository (SCM) integrations
Notification and ticketing system integrations
Vulnerability management tools
Private registry gatekeeper plugins
Private registry integrations
Serverless integrations
Platform as a service integrations
SNYK PRODUCTS
Snyk Open Source
Snyk Code
Snyk Container
Snyk Infrastructure as Code
USING SNYK
Snyk Broker
User and group management
Fixing and prioritizing issues
Reports
Snyk Tools
SNYK INFO
Disclosing vulnerabilities
How Snyk handles your data
Snyk Partner workshops
Powered By GitBook
CircleCI integration
Snyk integrates with CircleCI using a Snyk Orb, seamlessly scanning your application dependencies and Docker images for open source security vulnerabilities as part of the continuous integration/continuous delivery (CI/CD) workflow.
CircleCI enables users to easily create CI/CD workflows using a group of ready-to-use commands (Orbs) that can be added to your configuration file.
With the Snyk Orb, you can quickly add Snyk scanning to your CI/CD in order to test and monitor for open source vulnerabilities, based on your configurations. Results are then displayed from the CircleCI output view and can also be monitored from Snyk.io.

Getting started

Getting started with CircleCI from scratch to a green build with Snyk is simple. See the following for information about the Snyk Orb:
  • ​Snyk Circle CI README - includes all the information that you need to set up your CI/CD with Snyk including a list of parameters and samples
  • ​A Circle CI blog post - discusses how to set up a secure pipeline with the Snyk Orb

Configure your CircleCI integration

Once you add a project to CircleCI and add the Snyk Orb to the configuration file, every time that a build runs, the Snyk Orb is also used and performs the following actions:

Scan

  1. 1.
    Scans app dependencies or container images for vulnerabilities or licensing issues, and lists the vulnerabilities and issues.
  2. 2.
    If Snyk finds vulnerabilities, it does one of the following (based on your configuration):
    • Fails the build
    • Lets the build complete

Monitor

Optionally, if the build completes successfully and MONITOR is set to True in the Snyk step, then Snyk saves a snapshot of the project dependencies from the Snyk Web UI, where you can view the dependency tree displaying all of the issues, and you can receive alerts for new issues found in the existing app version.

Prerequisites

  1. 1.
    Create a Snyk account and retrieve the Snyk API token from your Account settings.
  2. 2.
    Import the relevant repo into CircleCI.
  3. 3.
    Go to Settings -> Security -> Orb security settings and make sure you allow to opt-in to third party Orbs.
  4. 4.
    Make sure your configuration (config.yml) file follows version 2.1.
  5. 5.
    Add the required variables to CircleCI (including Snyk API token as API_TOKEN)

Getting Snyk Orb details from the CircleCI registry

From the Orbs registry, CircleCI displays a list of available Orbs customized for you directly, similar to the image that follows.
Snyk Orb for CircleCI
From this list, find and click the relevant #Snyk line to view the Snyk Orb information with examples, parameters, and values:
Snyk Orb information
Previous
Bitbucket Pipelines integration
Next
GitHub Actions integration
Last modified 8d ago
Export as PDF
Copy link
Edit on GitHub
Contents
Getting started
Configure your CircleCI integration
Scan
Monitor
Prerequisites
Getting Snyk Orb details from the CircleCI registry