Snyk Code
Overview
Snyk Code is a security tool that is fast and accurate and produces fewer false positives, making it easier for developers to remediate issues and build secure software.
You can scan your code using the following options:
Snyk Web UI (including PR checks)
The following table shows the Snyk Code features, including analysis, managing security issues in your code, and facilitating remediations within your development environment.
Deployment
AI Engine
Snyk Code is powered by a semantic, AI-based analysis engine and can analyze the following in your code:
API usage: Identifies multiple potential issues, including API misuses, null dereferences, and type mismatches, by modeling the use of memory in variables and references. This mechanism can also identify the use of insecure functions.
Coding issues: Finds problems such as dead code, branches that are predefined, and branches having the same code on each side.
Control flow: Identifies null dereference or race conditions by modeling each possible control flow in the application.
Data flow: Follows the flow of data within the application from the source to the sink. Combined with AI-based learning of external insecure data sources, data sinks, and sanitation functions, this enables a strong taint analysis.
Hardcoded secrets: Hardcoded secrets detection rules are invoked during SAST scans but do not act as a standalone secrets scanning tool. For an enhanced secrets solution, see our partnership with GitGuardian.
Point-to analysis: Identifies multiple potential issues, including buffer overruns, null dereferences, and type mismatches, by modeling memory use in variables and references.
Type inference: Determines the initial type and its changes. This is of special interest for dynamically typed languages.
Value ranges: Infers possible values for variables used to call functions to track off-by-one errors in arrays, division-by-zero errors, and null dereferences.
Supported integrations
Git repository: With repository monitoring integration, you can actively manage your Code Projects using the existing native import flow and tools at your disposal. You can view and prioritize security issues discovered in your source code. Additionally, you can initiate a retest of any Project and examine the historical snapshots to track changes over time. See Supported Git repositories.
Snyk Code analysis can be applied to every pull request you create in your Git repository before you merge it into the target branch. See PR Checks.
CLI and CI/CD: Using the CLI helps you find and fix security flaws in your code on your local machine or in your CI/CD.
APIs and extensibility: Query Code Projects and issues using the Snyk REST API.
Notifications: Integrate with Jira to export data to Jira issues.
Supported languages
Snyk Code supports many languages and frameworks.
What's next?
Last updated
