Links

Snyk Open Source

Introduction

Developers everywhere use open source code because it enables fast development. The vast majority of the code making up modern applications is open source code. But this growing reliance exposes organizations to security vulnerabilities and license issues.
Sometimes these issues are rooted deep in the code. Open source packages often reference other packages, and it is in these indirect dependencies that many vulnerabilities are found. Developers may not even realize which packages are being called.
Snyk Open Source allows you to find and fix vulnerabilities in the open source libraries used by your applications. It also allows you to find and address licensing issues in (or caused by) these open source libraries.
Snyk Open Source is available in many common languages and platforms. See Supported languages and package managers.
You can use Snyk Open Source in the Snyk Web UI, with the Snyk CLI, in your IDE, or with an API. See Getting started with Snyk Open Source​

Find and fix vulnerabilities

Use Snyk Open Source to find and fix vulnerabilities in your application's Open Source libraries. Snyk provides actionable fix advice for vulnerabilities and supports workflows to fix vulnerabilities using Pull Requests (see Fix vulnerabilities with Snyk Open Source).
Snyk Open Source also helps prioritize and report on the vulnerabilities discovered (see Manage issues).

Find and fix license issues

Snyk Open Source can also scan your projects for license compliance, checking against Snyk’s known licenses (see Licenses).
You can also use license policies to define how your company deals with license issues (see License policies).