Run an analysis with the JetBrains plugin
You can trigger snyk test using one of these methods:
automatic (default)
manual
A Snyk scan is triggered automatically when you opne your Project and when you save any supported files. This behavior can be turned off using the existing configuration.
To manually trigger snyk test , as illustrated in the following screen image:
Click the Snyk icon in the sidebar to open the Snyk panel.
Click the Run (play) button at the top of the plugin sidebar.
If the play button is grayed out, there is a scan in progress. Wait for it to complete before starting another scan.
Scan configuration
You may customize your scan behavior to reflect the security policy of your company or to focus on certain areas.
Severity filter
Snyk reports critical, high, medium, and low severities. There are two ways to control severity:
Use the plugin settings for the Scan configuration.
Use the small buttons with the severity icons at the top of the issues in the Snyk panel.
By default, all levels are selected. You must select at least one.
Snyk severity icons have the following meaning:
Critical severity
May allow attackers to access sensitive data and run code on your application.
High severity
May allow attackers to access sensitive data on your application.
Medium severity
May allow attackers under some conditions to access sensitive data on your application.
Low severity
The application may expose some data allowing vulnerability mapping, which can be used with other vulnerabilities to attack the application.
Filter by issue type
Snyk reports the following types of issues:
Open Source issues: found in open source dependencies. For details, see the section Snyk Open Source issues.
Code Security issues: found in your application’s source code. For details, see the section Snyk Code security vulnerabilities and quality issues.
Code Quality issues: found in your application source code. For details, see the section Snyk Code security vulnerabilities and quality issues.
Infrastructure as Code issues: found in infrastructure as code files. For details, see the section Snyk Infrastructure as Code issues.
Container issues: found in images sourced from Kubernetes workload files. For details, see the section Snyk Container issues.
There are two ways to show or hide specific issue types:
Use the plugin settings for the Scan configuration.
Use the filter button in the panel's sidebar, as illustrated in the screen image that follows
By default, all issue types shown are selected.
Net new issues versus all issues
Beginning with plugin version 2.10.0, it is possible to see only newly introduced issues.
This functionality reduces noise and allows you to focus only on current changes. This will prevent issues early, thus unblocking your CI/CD pipeline and speeding up your deliveries.
The logic uses your local Git repository or any folder to compare the current findings with those in a base branch or reference folder. Net new issues scanning (delta scanning) shows you the difference between the two branches or folders, highlighting only the new issues.
In plugin version 2.12.0 and later, you can choose any folder as your base for scanning.
To apply the filter and see only the new issues, use the toggle in the summary panel.
You can also enable the net new issues feature in the scan configuration settings. For newly created feature branches, there will be no reported issues. That is an intended state that developers would aim for, as illustrated in the screen image that follows:
Changing the base branch
The base branch is usually automatically determined for each Git repository.
You can change the base branch or base folder by following these steps, as illustrated in the screen image that follows:
Click on the top-level node in the issues tree.
Use the dropdown selection.
Choose any branch.
Click OK to save the selection.
Available Snyk issue types
Snyk Code security vulnerabilities and quality issues
Snyk Code analysis shows a list of security vulnerabilities and code quality issues found in your application code.
For more details and examples of fixes others used to fix the issue, select the security vulnerability or the code security issue.
Snyk Open Source issues
Snyk Open Source analysis shows a list of vulnerabilities and license issues found in all manifest files. To see more detailed information, select a vulnerability or license issue.
Snyk Infrastructure as Code issues
With every scan, Snyk IaC analysis shows issues in your Terraform, Kubernetes, AWS CloudFormation, and Azure Resource Manager (ARM) code. The scan is based on the Snyk CLI and is fast and friendly for local development. To see more detailed information, select an issue.
Snyk Container issues
The JetBrains plugin scans Kubernetes configuration files and searches for container images. Vulnerabilities are found quickly using the extracted container images and comparative analysis against the latest information from the Snyk Vulnerability Database.
Snyk Container analysis shows each of the security vulnerabilities that might affect your image. To see more detailed information, select a vulnerability.
A comparison table shows the severity levels, such as critical or high. This shows the difference in vulnerabilities between the current image and the image recommended by Snyk, with the same characteristics sorted by severity. This helps you decide if you want to upgrade your image to the recommended one and increase the level of confidence in the image you are running in production.
Last updated
Was this helpful?