Visual Studio Code extension authentication

To scan your Projects you must authenticate with Snyk.

Before authenticating, be sure you have set your region properly. For details, see Regional hosting and data residency, which has the list of regional URLs.

Snyk supports the following protocols for authentication:

For both methods, Snyk uses the Secret Storage API to store the token securely. This storage uses the system's keychain to manage the token.

Steps to authenticate using the OAuth 2.0 protocol

To authenticate follow these steps:

After the extension is installed, click the Snyk Icon in the navigation bar, and then click Connect & Trust Workspace:
Connect and turst workspace
The extension opens a new page in a default browser and asks you to log in to your Snyk account:

The next page asks for your authorization for the IDE to act on your behalf. Click Grant app access.

The IDE reads and saves the authentication on your local machine. Close the browser window and return to the IDE.

The analysis starts automatically. If you have problems, see OAuth 2.0 authentication does not work.

OAuth 2.0 tokens are not static and cannot be copied from Snyk account page.

This method is inferior to the OAuth method.

To authenticate follow these steps:

After the extension is installed, click the Snyk Icon in the navigation bar; then click the Settings icon, find Authentication Method, and change it to Token authentication:

To re-authenticate with a different account, follow these steps:

When authenticating with Snyk, users have the option to copy the authentication URL to their clipboard.

For Linux and Unix users, this requires that the xclip or xsel utility be installed.

Last updated 5 months ago

Was this helpful?