Getting started with Snyk Open Source

Support API docs Product updates Sign up for free

Search…

Get started with Snyk Open Source to inspect, find and fix vulnerabilities in your application's Open Source libraries.
This process describes getting started using the Snyk Web UI and a SCM (source code management) system.
You can also use an IDE tool or a CI/CD integration. See Integrations.
You can get started with the Snyk CLI; see Getting started with the CLI.
Prerequisites
Ensure you have:
A code project using open source packages, on a supported SCM system such as GitHub. See Git repository (SCM) integrations.
A supported language and package manager, such as Java. See Open Source language and package manager support.
A Snyk account (go to https://snyk.io/ and sign up - see Getting started).
Stage 1: Add source control integration
if you already have an integration set up, go to Step 3.
Choose a source code integration, to allow Snyk to work on a project.
1.Log in to the Snyk Web UI (app.snyk.io).
2.Select Integrations > Source control.
3.Click the source control system (for example, GitHub) to integrate with Snyk.
4.Fill in the account credentials as prompted (or authenticate with your account in GitHub), to grant Snyk access permissions for integration.
Stage 2: Add Projects
Add projects to test with Snyk, by choosing repositories for Snyk to test and monitor.
1.Select Projects from the Snyk Web UI.
2.Select the tool to add the project from (for example GitHub).
3.In Personal and Organization repositories, select the repositories to use.
4.Click Add selected repositories to import the selected repositories into your projects. This also:
1.Sets Snyk to run a regular check (daily by default) for vulnerabilities.
2.Creates a Webhook, so when you change code, Snyk tests your pull / merge requests, to check that new dependencies do not introduce more vulnerabilities.
5.A progress bar appears: click View log to see log results.
6.Project import completes.
If you see any errors during import, see Project import errors.
Stage 3: View vulnerabilities
You can now view vulnerability results for imported projects. The Projects tab appears by default after import, showing vulnerability information for project you've imported.
You can expand an imported project to see vulnerability information for that project, including the number of issues found, grouped by severity level:
.
Click on an entry to open the issues view for that entry, including the module, where it was introduced, and how to fix it, plus more details about the vulnerability itself:
See View project information for more details.
Stage 4: Fix vulnerabilities
For some languages, Snyk can fix your vulnerabilities using fix pull/merge requests.
See What languages do we support Fix Pull Requests or Merge Requests?​
Navigate to the Issues view for a project:
To fix vulnerabilities:
1.Click Fix this vulnerability to raise a fix PR for that issue (or click Fix these vulnerabilities to to fix multiple issues).
2.The Open a Fix PR screen opens and indicates the vulnerabilities you selected.
3.Check any additional issues you want to fix, or uncheck items to remove them from the fix.
4.Scroll down to the bottom of the screen and click Open a Fix PR.
5.Snyk now actions this PR, then a results screen appears.
6.Optionally, select the Files changed tab to see details of the changes made.
See Fix your vulnerabilities for more details.

SNYK PRODUCTS - Previous

Snyk Open Source

Open Source basics

Last modified 1mo ago

Export as PDF

Copy link

Edit on GitHub

Contents

Prerequisites

Stage 1: Add source control integration

Stage 2: Add Projects

Stage 3: View vulnerabilities

Stage 4: Fix vulnerabilities