View analysis results from Visual Studio Code extension
Last updated
Last updated
More information
Snyk privacy policy© 2024 Snyk Limited | All product and company names and logos are trademarks of their respective owners.
Snyk analysis shows a list of security vulnerabilities and code issues in the application code. Select a security vulnerability or a code security issue to view more details and examples of how others fixed the issue. The Issue details panel appears in a tab on the right side of the screen.
The Snyk analysis panel on the left in the following screen image shows how much time the analysis took and a list of issues with the suggestions found for those issues.
Each issue contains a severity icon that has the following meaning:
May allow attackers to access sensitive data and run code on your application.
May allow attackers to access sensitive data on your application.
May allow attackers under some conditions to access sensitive data on your application.
The application may expose some data allowing vulnerability mapping, which can be used with other vulnerabilities to attack the application.
You may customize your scan behavior to reflect your company's security policy or to focus on certain areas.
Snyk reports critical, high, medium, and low severities. This can be adjusted in the Scan configuration settings.
By default, all levels are selected. You must select at least one.
Snyk reports the following types of issues:
Open Source issues: found in open source dependencies; for more details, see Snyk Open Source results.
Code Security issues: found in your application’s source code; for more details, see Snyk Code results.
Code Quality issues: found in your application source code (same structure as Code Security)
Infrastructure as Code issues: found in infrastructure as code files; Ffor more details, see Snyk IaC results.
The exact capabilities and available scanners depend on your plan. Be sure your Organization's admin enabled all Snyk products prior to configuring any of them in the IDE plugin.
Issues types that will be shown can be adjusted in the Scan configuration settings.
By default, all issue types shown are selected.
Starting with version 2.19.0, it is possible to see only newly introduced issues.
This functionality reduces noise and allows developers to focus on current changes only. Developers may prevent issues early, thus unlocking their CI/CD pipeline and speeding up delivery.
The logic uses a local Git repository and shows the difference between current findings minus those in a base branch.
This can be configured using plugin settings. It is turned off by default, so to turn it on, you must take manual action.
After this feature is enabled, Snyk reports only the delta findings.
For the newly created feature branches, there will be no reported issues. That is an intended state that developers would aim for, as shown in the following screen image.
The base branch is usually automatically determined for each Git repository.
In advanced cases, developers may change their base branch by following these steps (see the screen image that follows):
Click on the top level node in the Issues tree
Use text input to specify any branch name
Click Enter to save the selection
Critical severity
High severity
Medium severity
Low severity