Click the source control system (for example, GitHub) to integrate with Snyk.
4.
Fill in the account credentials as prompted (or authenticate with your account in GitHub), to grant Snyk access permissions for integration.
Stage 2: Add Projects
Add projects to test with Snyk, by choosing repositories for Snyk to test and monitor.
In the Snyk Web UI, first select Projects from the Snyk Web UI, then click Add Project, selecting where to add the project repos from (for example GitHub).
Add a repo
Select the repositories to use, then click Add selected repositories to import the selected repositories into your projects:
This also:
Sets Snyk to run a regular check (daily by default) for vulnerabilities.
Creates a Webhook, so when you change code, Snyk tests your pull / merge requests, to check that new dependencies do not introduce more vulnerabilities.
In Settings, optionally choose to: ****
Use Add custom file location to add any additional dependencies from custom paths.
Use Exclude folders to list up to 10 folders to exclude from scanning during the import; for example, to shorten scanning time.
Import progress
1.
A progress bar appears: click View last import log to see log results.
2.
Project import completes, with a status error message:
You can now view vulnerability results for imported projects. The Projects tab appears by default after import, showing vulnerability information for project you've imported.
You can expand an imported project to see vulnerability information for that project, including the number of issues found, grouped by severity level:
.
Click on an entry to open the issues view for that entry, including the module, where it was introduced, and how to fix it, plus more details about the vulnerability itself: