Snyk Code

Overview

Snyk Code is a security tool that is fast and accurate and produces fewer false positives, making it easier for developers to remediate issues and build secure software.

You can scan your code using the following options:

The following table shows the Snyk Code features, including analysis, managing security issues in your code, and facilitating remediations within your development environment.

Feature Description

Feature	Description
Issue filtering, sorting, and grouping	To identify the most common problems, you can filter issues based on their severity, programming language, priority score, and other criteria. See Filter existing Projects.
Priority Score	Sort by and prioritize the more important issues by incorporating factors such as issue prevalence, ease of fix, and risk factor into a single risk score. See Priority score.
Data flow	Visualize the path of the issue from source to sink with a step-by-step flow. See Data flow.
Vulnerability	Learn more about the vulnerability through curated content that explains how the vulnerability was created, what the risk factors are, and popular mitigation strategies for it. See VManage code vulnerabilities
Fix analysis	Gain insight and context by examining examples with links to actual code that fixes the same issues in similar data flows. See Breakdown of Code analysis.
Create Jira issue	Track and export Snyk issues to your Jira project. See Create a Jira issue.
Ignore issues	Configure Snyk to ignore suggested fixes for an issue to suppress specific warnings. For example, you may have deliberately used hard-coded passwords to test your routines in test code, or you are aware of an issue but have decided not to fix it. See Ignore issues.
Exclude files from the import process	Check for `DeepCode/Snyk` ignore files `.gitignore` `.dcignore` and read them if they exist. Using the information in these files, Snyk filters to identify only the files with the supported extensions in the Project directory and not above the current Project directory. Snyk Code bundles these files that are smaller than 4 MB and sends them to Snyk. `,gitignore` exclusions are honored by the `snyk code test` CLI command. See also Exclude directories and files from the import process.
Interfile analysis	This is available for all languages supported by Snyk Code except Ruby.

Issue filtering, sorting, and grouping

To identify the most common problems, you can filter issues based on their severity, programming language, priority score, and other criteria.

See Filter existing Projects.

Priority Score

Sort by and prioritize the more important issues by incorporating factors such as issue prevalence, ease of fix, and risk factor into a single risk score.

See Priority score.

Data flow

Visualize the path of the issue from source to sink with a step-by-step flow.

See Data flow.

Vulnerability

Learn more about the vulnerability through curated content that explains how the vulnerability was created, what the risk factors are, and popular mitigation strategies for it.

See VManage code vulnerabilities

Fix analysis

Gain insight and context by examining examples with links to actual code that fixes the same issues in similar data flows.

See Breakdown of Code analysis.

Create Jira issue

Track and export Snyk issues to your Jira project.

See Create a Jira issue.

Ignore issues

Configure Snyk to ignore suggested fixes for an issue to suppress specific warnings. For example, you may have deliberately used hard-coded passwords to test your routines in test code, or you are aware of an issue but have decided not to fix it.

See Ignore issues.

Exclude files from the import process

Check for DeepCode/Snyk ignore files .gitignore .dcignore and read them if they exist. Using the information in these files, Snyk filters to identify only the files with the supported extensions in the Project directory and not above the current Project directory. Snyk Code bundles these files that are smaller than 4 MB and sends them to Snyk. ,gitignore exclusions are honored by the snyk code test CLI command.

Interfile analysis

This is available for all languages supported by Snyk Code except Ruby.

Deployment

Deployment	Description
Full SaaS solution	Get the most out of Snyk Code with a native Git repository integration, easy onboarding, and continuous updates. See Configure Snyk Code.
SaaS with a self-hosted Git server (requires Snyk Broker)	For customers with SCMs that are not publicly accessible from the internet and want to connect Snyk Code with their local self-hosted SCM. See Snyk Broker - Code Agent.
Local no-upload implementation (requires Snyk Code Local Engine)	For customers with a stricter upload policy. This deployment method requires more maintenance and receives slower updates than the SaaS options, but it does not require any code upload. See Snyk Code Local Engine.

Description

Full SaaS solution

Get the most out of Snyk Code with a native Git repository integration, easy onboarding, and continuous updates. See Configure Snyk Code.

SaaS with a self-hosted Git server (requires Snyk Broker)

For customers with SCMs that are not publicly accessible from the internet and want to connect Snyk Code with their local self-hosted SCM. See Snyk Broker - Code Agent.

Local no-upload implementation (requires Snyk Code Local Engine)

For customers with a stricter upload policy.

This deployment method requires more maintenance and receives slower updates than the SaaS options, but it does not require any code upload. See Snyk Code Local Engine.

AI Engine

Snyk Code is powered by a semantic, AI-based analysis engine and can analyze the following in your code:

API usage: Identifies multiple potential issues, including API misuses, null dereferences, and type mismatches, by modeling the use of memory in variables and references. This mechanism can also identify the use of insecure functions.
Coding issues: Finds problems such as dead code, branches that are predefined, and branches having the same code on each side.
Control flow: Identifies null dereference or race conditions by modeling each possible control flow in the application.
Data flow: Follows the flow of data within the application from the source to the sink. Combined with AI-based learning of external insecure data sources, data sinks, and sanitation functions, this enables a strong taint analysis.
Hardcoded secrets: Hardcoded secrets detection rules are invoked during SAST scans but do not act as a standalone secrets scanning tool, as this is done through our partnership with third-party tools. See our Snyk Learn lessons on GitGuardian and Nightfall AI.

Point-to analysis: Identifies multiple potential issues, including buffer overruns, null dereferences, and type mismatches, by modeling memory use in variables and references.
Type inference: Determines the initial type and its changes. This is of special interest for dynamically typed languages.
Value ranges: Infers possible values for variables used to call functions to track off-by-one errors in arrays, division-by-zero errors, and null dereferences.

Supported integrations

IDE
Git repository: With repository monitoring integration, you can actively manage your Code Projects using the existing native import flow and tools. You can view and prioritize security issues discovered in your source code. Additionally, you can initiate a retest of any Project and examine the historical snapshots to track changes over time. See Supported Git repositories.

Snyk Code analysis can be applied to every pull request you create in your Git repository before you merge it into the target branch. See PR Checks.

CLI and CI/CD: Using the CLI helps you find and fix security flaws in your code on your local machine or in your CI/CD.
APIs and extensibility: Query Code Projects and issues using the Snyk REST API.
Notifications: Integrate with Jira to export data to Jira issues.

Supported languages

Snyk Code supports many languages and frameworks.

What's next?

PreviousTroubleshoot fixing vulnerabilities with Snyk Open Source NextSnyk Code Local Engine

Last updated 1 month ago