Security Rules used by Snyk Code
Last updated: June, 2022
Important! Snyk Security Rules list is updated continuously. This list is constantly growing, and the rules within it may change, in order to provide you with the best protection and security solutions for your code.
The following table lists the security rules that are used by Snyk Code when scanning your source code for vulnerabilities:
Notes:
  • No. & Rule Name column - __ contains consecutive numbers for each rule, and the Snyk name of the rule.
  • CWE(s) column - the CWE numbers covered by this rule.
  • OWASP Top 10/SANS 25 column - indicates if and to which OWASP Top 10 items (2021 edition) the rule belongs, and if it is included in SANS 25.
  • Supported Languages column - lists the programming languages to which this specific rule applies. Note that there might be two rules with the same name that apply to different languages.
No. & Rule Name
CWE(s)
OWASP Top 10/SANS 25
Supported Languages
(1) Use of Hardcoded Credentials
(798) Use of Hard-coded Credentials
OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
PHP
(259) Use of Hard-coded Password
SANS/CWE Top 25
Ruby
Go
Java
JavaScript, TypeScript
Python
C# & ASP.NET (Beta)
(2) Use of Password Hash With Insufficient Computational Effort
(916) Use of Password Hash With Insufficient Computational Effort
OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
Python
JavaScript, TypeScript
C# & ASP.NET (Beta)
Java
Go
PHP
(3) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
(614) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
PHP
JavaScript, TypeScript
Ruby
C# & ASP.NET (Beta)
Java
Export as PDF
Copy link
Edit on GitHub