Snyk Code expands the Snyk cloud-native application security platform, supporting all elements for a modern software supply chain. For a cloud-native application, this provides security for:
Snyk Code: the application’s proprietary code.
Snyk Open Source: the open-source libraries it leverages.
Snyk Container: the container it runs in.
Snyk Infrastructure as Code: the infrastructure as code that provisions it.
Checks and reads for DeepCode/Snyk ignore specific files
.dcignore (if they exist).
Using the information obtained in step 1, we are filtering to get only the following source code files:
We are accessing only the files in the project directory. We do not go above the current project directory.
Files which size is less than 4 MB found in step 2 are bundled and the bundle is sent to Snyk.
Snyk Code is developer-first, embedding SAST as part of the development process, enabling developers to build software securely during development, not trying to find and fix problems after the code is compiled. Snyk Code works in the IDEs and SCMs developers use to build and review software and provides fast, actionable, meaningful results to fix issues in real-time.
Snyk Code is powered by machine learning based on an AI engine. This engine learns from millions of open-source commits and is paired with Snyk’s Security Intelligence database, creating a continually growing code security knowledge base.
The Snyk Code engine expresses rules that capture results of analysis, plus meta information such as explanations and examples.
Snyk Code is significantly faster and more accurate than other conventional SAST products:
The semantic analysis engine added via Snyk Code, trained on Snyk’s Vulnerability Database, reduces false positives to near-zero.
Due to our proprietary engine, Snyk Code is up to 50x faster than traditional SAST solutions, enabling security during the development process, with no delays.
Snyk Code includes secret detection capabilities that scan and highlight secrets like keys, credentials, PII, and sensitive information in your source code. Unlike tools that use entropy checks or regular expressions, Snyk Code uses machine learning and is able to learn from experience, improving the odds of accurately detecting secrets while minimizing false positives.
Snyk products all provide a developer-friendly experience, so Snyk Code helps developers to quickly understand the problem, learn the background, and how to approach it. Snyk Code helps you understand the dangerous code flow step-by-step.
For every issue, Code also provides a link to the lines in the relevant files, to view more details on the problem like the CWE, and how to approach it.
Snyk Code also provides rich curated additional information for many suggestions.
Snyk Code integrates with the cloud versions of:
You can seamlessly import and continuously monitor your repositories, and discover security flaws in the source code files in them using static analysis.
This integration allows you to:
Manage Code projects using your existing native import flow and tools
View and prioritize security issues found in the source code
Run a retest of a project and see history snapshots of a project
See Snyk Code language support for more information.
IDE integrations use Snyk Code’s fast analysis and response, allowing you to spot an issue, understand and learn more about it, and fix it, as you write the code before you check the code in. So you can find possible security flaws in your code as you write it, on a line-by-line basis.
Snyk Code supports a JetBrains plugin to support issue finding and fixing, directly from the IDE:
For more details, see JetBrains IDE Plugins.
Snyk Code supports a Visual Studio Code plugin to support issue finding and fixing, directly from the IDE:
For more details, see the Visual Studio Code extension for Snyk Code.