Getting started with Snyk Open Source

Use Snyk Open Source to scan and fix vulnerabilities in your application's Open Source libraries, for a supported language and package manager, such as Java.
This process describes getting started using the Snyk Web UI with a Git-based source repository.


Ensure you have:
See the Getting started section for more details.

View vulnerabilities

You can view vulnerability results for imported Projects. The Projects tab appears by default after import, showing vulnerability information for Snyk Projects you've imported, grouped into Targets.
You can expand a Target to see vulnerability information for Projects, including the number of issues found, grouped by severity level:
List of projects in Snyk Web UI.
Projects overview
Click an entry to open the issues view for that entry, including the module where it was introduced, how to fix it, plus more details about the vulnerability itself.
Open source project overview in Snyk Web UI.
Open source project overview
See View Project information for more details.

Fix vulnerabilities

For some languages, Snyk can fix vulnerabilities using fix pull/merge requests (see What languages do we support Fix Pull Request or Merge Requests).
Navigate to the Issues view for a project:
The Issues tab in an open source project in Snyk Web UI.
Issues tab in open source project
To fix vulnerabilities:
  1. 1.
    Click Fix this vulnerability to raise a fix PR for that issue (or click Fix these vulnerabilities to fix multiple issues).
  2. 2.
    The Open a Fix PR screen opens and indicates the selected vulnerabilities.
  3. 3.
    Check or uncheck the issues you want to fix or remove from this fix.
  4. 4.
    Scroll to the bottom of the screen and click Open a Fix PR.
  5. 5.
    Snyk acts on the PR and displays a results screen.
  6. 6.
    Optionally, select the Files changed tab to see details of the changes made.
The files changed tab in GitHub after triggering Fix PR for an open source project.
Files changed tab in GitHub after triggering Fix PR for an open source project
See Fix your vulnerabilities for more details.