Snyk Code is based on a deep code semantic code analysis engine using AI to continuously learn from billions of lines of code and 100s of millions of code fixes in the global development community. The Snyk Code AI Engine continuously evolves the human-guided reinforced learning cycle lead by Snyk's security researchers and engineers. See this blog article for more details.
When files are provided for analysis, the engine determines which file to feed into which parser, in a language-independent common intermediate format. This format preserves and exposes characteristics of the scanned source code.
This technology allows Snyk Code to:
Support any programming language easily.
Support multi-language projects, spanning security scans over the different languages.
Unveil interfile issues, such as issue patterns spread over several source files, which are typically especially hard to track.
Find issue patterns using the Snyk Code engine, compiling the found issues as a report.
Snyk Code currently supports:
Beta support exists for Kotlin. Contact us for more details or with your further needs.
Language type and framework support
Snyk Code can work with a variety of relevant language types:
Optionally strong typed languages such as TypeScript.
Strong typed languages such as Java.
Contact Snyk for a full list of support for frameworks, libraries and vulnerability types
Snyk Code ignores minified JS files with 3 or less lines, and also ignores single files larger than 1MB.
To support a specific framework, Snyk Code needs to both support the relevant language, and to be trained on projects using the framework. The found patterns are then annotated by our security team and extended by curated content.
Most framework are supported "out of the box" as Snyk Code only need to be able to parse the code to analyze it. In some cases they might require specific rules, or it might require specific program analysis engine update or both. If you notice any gaps in a specific framework support contact our Support team with the details/examples and our team will work on it.
Express: Back-end web application framework for Node.js, released as free and open-source software. It has been called the de facto standard server framework for Node.js.
These are some of the explicitly supported frameworks for Java; those are in-additon to the general support for all frameworks.
Apache Camel: Open source framework for message-oriented middleware with a rule-based routing and mediation engine.
Apache Struts: Open-source, MVC framework for creating elegant, modern Java web applications.
Spring MVC: The Spring Web model-view-controller (MVC) framework.
Spring JDBC: The Spring JDBC data access layer, a simple ORM.
Jakarta XML Services: Framework to implement XML-based Web Services.
These are some of the explicitly supported frameworks for Python; those are in-additon to the general support for all frameworks.
Django: a framework for full-stack web application development and server development.
Flask a lightweight WSGI web application framework
These are some of the explicitly supported frameworks for C#; those are in-additon to the general support for all frameworks.
.NET framework: .NET is an open source developer platform, created by Microsoft and used to build a variety of application types. While .NET supports different languages, Snyk Code supports .NET using the C# interface.
ASP.NET (version 4.x): ASP.NET is a free and open source framework to build web apps and services using .NET. Snyk Code supports version 4.x.
.NET Core: Microsoft created .NET Core to make the .NET framework cross-platform and enable a number of scenarios. The .NET framework and .NET Core share many components and code can be exchanged. (Microsoft provides guidance when to choose which)
The framework support is always determined by the file extensions known to the engine. For example, the engine does not scan *.cshtml files, but scans the associated *.cshtml.cs files.