You'll need roughly 2 minutes to read this article.
Snyk is an automated way to check for security vulnerabilities with your dependencies.
By using Snyk you can be sure that your dependencies are up to date and secure.
Starting with Snyk and Codeship is fast and easy. The Snyk documentation does a great job of providing more information, in addition to the setup instructions below.
To start, you need to add your SNYK_TOKEN to the encrypted environment variables that you encrypt and include in your codeship-services.yml file.
To use Snyk in your CI/CD process, you’ll need to add the Snyk CLI to a service in your codeship-services.yml file.
To add the Snyk CLI, you will need to add the following command to the Dockerfile for the service you want to run Snyk on:
RUN npm install -g snyk
Note that this requires the Dockerfile to also have Node and NPM available, to use the Snyk CLI.
Once your Snyk token is loaded via your environment variables and you have defined a service that installs the Snyk CLI, you can run a Snyk scan during your CI/CD pipeline by passing the Snyk CLI commands via the service you have it installed in.
We will combine the Snyk authentication and Snyk scan commands into a script file that we call from a step:
- name: Snyk
service: app
command: snyk.sh
Inside this snyk.sh script, you will have something similar to:
snyk auth
snyk test
Note that the above snyk auth command will use the SNYK_TOKEN environment variable you set earlier for authentication.
To start, you need to add your SNYK_TOKEN to your to your project’s environment variables.
You can do this by navigating to Project Settings and then clicking on the Environment tab.
To use Snyk in your CI/CD process, you’ll need to install the Snyk CLI via your project’s setup commands:
npm install -g snyk
Once your Snyk token is loaded via your environment variables and you have installed the Snyk CLI, you can run a Snyk scan during your CI/CD pipeline.
You will need to add the following commands to your project’s setup and test commands
snyk auth
snyk test
Note that the above snyk auth command will use the SNYK_TOKEN environment variable you set earlier for authentication.
You can post on Stack Overflow using the tag #codeship or contact our Helpdesk.
We also have a couple of code examples and sample projects available.