The Snyk Eclipse plugin provides analysis of your code, containers, and infrastructure as code configurations.
Snyk scans for the following types of issues:
- Open Source Security - security vulnerabilities and license issues in both the direct and in-direct (transitive) open-source dependencies pulled into the Snyk Project. See also the
Open Source docs.
- Code Security and Code Quality - security vulnerabilities and quality issues in your code. See also the Snyk Code docs.
- Infrastructure as Code (IaC) Security - configuration issues in your IaC templates: Terraform, Kubernetes, CloudFormation, and Azure Resource Manager. See also the Snyk Infrastructure as Code docs.
The Eclipse plugin provides automated, algorithm-based fix suggestions for both direct and transitive dependencies. This single plugin provides a Java vulnerability scanner and an open-source security scanner.
After you have installed and configured the Eclipse plugin, every time you run it, open a file, or autosave, Snyk scans the manifest files, proprietary code, and configuration files in your project. Snyk delivers actionable vulnerability, license, code quality, or misconfiguration issue details and displays the results natively within the Eclipse UI.
This page explains supported environments, support, and giving feedback and provides installation instructions. After you complete the steps on this page, you will continue by following the instructions in the other Eclipse plugins docs:
- Eclipse Marketplace (recommended): https://marketplace.eclipse.org/content/snyk-security-code%E2%80%8B-open-source%E2%80%8B-iac-configurations
- Preview update site (CI/CD, on commit): https://storage.googleapis.com/snyk-eclipse-plugin-test/preview-2.1/repository/
Signing Information for Jars
If you want to verify the correct provenance of your download, verify the signing details from the Eclipse dialog with this data.
The signing key details to verify the integrity and origin of the download plugin
The plugin runs on
- For Snyk Open Source, the Eclipse plugin supports the languages and package managers supported by Snyk Open Source and the CLI except C/C++. See Open Source - Supported languages and package managers.
- For Snyk IaC, the Eclipse plugin supports the following IaC templates: Terraform, Kubernetes, CloudFormation, and Azure Resource Manager.
You can use the Eclipse plugin in the following environments:
- Linux: AMD64 and ARM64
- Windows: 386 and AMD64
- MacOS: AMD64 and ARM64
Navigate to the Marketplace from your running Eclipse instance. Search for Snyk and click Install.
Eclipse Marketplace search showing Snyk plugin and Install button
When you are prompted, accept the license agreement and add the Snyk Security certificate to complete the installation (this happens only once).
Restart the Eclipse instance:
Once Eclipse is restarted, the Snyk Wizard should run; this will set up your Snyk API endpoint and authentication token.
Once the Snyk configuration wizard runs; follow the instructions to set up your Snyk API:
Snyk configuration wizard
Once the Snyk is configured, navigate to Eclipse Preferences to ensure that Snyk now appears in the list:
Eclipse preferences showing Snyk.
When you open the preferences you can opt out of downloading the CLI through the plugin and thus use your own installation of the CLI.