Visual Studio extension configuration
To analyze projects the plugin uses the Snyk CLI, which requires environment variables:
PATH: specify the path to needed binaries, for example, to Maven
JAVA_HOME: specify the path to the JDK you want to use for analysis of Java dependencies
https_proxy: set if you are behind a proxy server, using the value in the format
http://username:password@proxyhost:proxyportNote: the leading
http://in the value does not change to
You can set the variables using the Web UI or on the command line using the
After the plugin is installed, you can set the following configurations for the extension:
- Token: Enter the token the extension uses to connect to Snyk. You can manually replace it, if you need to switch to another account.
- Custom endpoint: Specify the custom Snyk API endpoint for your organization. Use this field for Single Tenant setups as well instead of https://app.snyk.io.
- Ignore unknown CA: Ignore unknown certificate authorities.
- Organization: Specify the ORG_ID to run Snyk commands tied to a specific organization. Snyk recommends using the ORG_ID. If you specify the ORG_NAME, that is, the organization slug name, the value must match the URL slug as displayed in the URL of your org in the Snyk UI: https://app.snyk.io/org/[orgslugname]. If not specified, the Preferred Organization (as defined in your account settings) is used to run tests.
- Send usage analytics: To help Snyk improve the extension, let your Visual Studio send Snyk information about how the extension is working.
- Project settings: Specify any additional Snyk CLI parameters.
- Scan all projects: Auto-detect all projects in the working directory, enabled by default.
- Executable settings: You can opt out of downloading the CLI through the plugin and thus use your own installation of the CLI.
- When Automatically manage needed binaries is checked, the plugin automatically downloads the CLI and keeps the CLI updated.
- When Automatically manage needed binaries is unchecked, you must provide a valid path to the CLI. Use this option if downloading the CLI is not possible due to your network configuration (for example, due to firewall rules) and you need to obtain the CLI through other means. Snyk recommends recommends always using the most recent version of the CLI.VS Code extension executable settings
- Solution Settings: Set additional
snyk testCLI options for the Open Source scanning. For unmanaged C/C++ scanning, use the CLI option
--unmanagedto find vulnerabilities in open source packages. This requires Scan all projects to be disabled. The
--unmanagedoption works only for unmanaged C/C++ scanning; do not use this option for other languages. Additional parameters do not apply to Snyk Code or IaC.
VS Extension Solution Settings with --unmanaged
In the settings, you can also choose which results you want to receive:
- Open Source vulnerabilities
- Snyk Code Security vulnerabilities
- Snyk Code Quality issues