Configure Snyk Code
Conditions
To use Snyk Code in an IDE, Snyk CLI, and Snyk API, you must perform the following actions
Snyk Code only scans and tests new repositories that are imported to Snyk. If a repository has already been imported, Snyk Code analysis will not be applied. To analyze repositories that have already been imported, you will need to re-import them.
Prerequisites for using Snyk Code in Snyk Web UI
Before scanning your code with Snyk Code, ensure the following:
You have completed the Quickstart.
Your repositories contain code in a supported language and platform.
Enable Snyk Code in Snyk Web UI
Prerequisites
To enable Snyk Code in your Organization, you need to be an Org Admin.
Enable Snyk Code
If you've already set up an integration for the first time and enabled Snyk Code, you can check if the setting is still valid before importing repositories.
Log in to the Snyk Web UI and select your Group and Organization.
Navigate to Settings > Snyk Code.
In the Enable Snyk Code section, change the setting to Enabled.
Click Save changes.
The next step is to integrate your Git repositories with Snyk.
Integrate Git repository with Snyk
After you have activated Snyk Code and imported repositories to Snyk for testing, you can view and work with the Snyk Code test results, which include vulnerabilities and fixes. See Manage code vulnerabiiites.
If your SCM is already integrated with your Snyk Account, and you do not want to add additional SCMs, you can skip this step and move to Import repository to Snyk.
If you are using Snyk Code with the API, but not the CLI, this step is mandatory.
After you enable Snyk Code in your Snyk Organization settings to work in the Web UI or with the API but not the CLI, you must integrate your account with the Git repository you want to test.
Then, you can import the required repositories to your Snyk account, and Snyk Code automatically analyzes them and displays the analysis results.
Snyk Code temporarily clones your repositories for code analysis. This requires appropriate permissions and HTTPS access to your SCM.
For more information on how data is stored in Snyk, see How Snyk handles your data. For more details about integrations, see Integrate with Snyk.
To integrate your SCM with your Snyk account:
1. In the Snyk Web UI, navigate to Settings > Integrations > Source control.
If you already have an integrated SCM, it is marked as Configured. If you want to use the configured SCM, continue with Import repository to Snyk.
2. From the available options, select the SCM system you want to integrate by clicking Edit settings.
The Source control integrations display only SCMs that are supported by Snyk Code.
3. On the integration page, enter your account credentials and save your details.
This grants Snyk access permissions for the integrated SCM.
For more information on integrating Snyk with each of the available SCMs, see Git repositories (SCMs).
After you have integrated the SCM with your Snyk account, you can import the repositories you want to scan using Snyk Code.
Import repositories to scan with Snyk Code
After you enable Snyk Code and integrate your Git repository with Snyk, you must import the repositories you want Snyk Code to scan for vulnerabilities.
Depending on your existing Snyk account and what you want to do:
If you do not have any repositories in your Snyk account, import your first repository to Snyk.
If you already have repositories in your Snyk account and do not want to import additional ones but want to scan your existing repositories with Snyk Code, you must re-import these repositories.
If you already have repositories in your Snyk account and want to import more repositories to scan with Snyk Code, import additional repositories to Snyk.
Before you import or re-import a repository to scan with Snyk Code, you can exclude certain directories and files from the import by using the .snyk file.
What's next?
Last updated