Stack Overflow
Stack Overflow

Questions tagged [snyk]

Snyk is a service that analyzes your code to help find and fix security vulnerabilities in your applications, containers, infrastructure-as-code, and cloud environments.

Snyk is a service that analyzes your code to help find and fix security vulnerabilities in your applications, containers, infrastructure-as-code, and cloud environments.

Useful Resources

Chat

If you're interested in DevSecOps and want to discuss security (or Snyk-focused) topics in more depth, please head to the DevSecOps Community Discord.

79 questions
1
vote
1 answer

Snyk and Automatic Pull request

Does Snyk send PRs automatically when integrating from the SCM (Github, Gitlab...) ? I tried the Fix PR with Snyk and that worked - now I'd like to automate the PR
Wesley Bentura
  • 45
  • 5
1
vote
1 answer

Snyk Suggests higher version of dependent starters than the spring boot version

We are using Snyk for vulnerability checks in our build pipelines. The spring boot version that is being used in the project is 2.6.6 and the versions of all other dependencies are hence inherited. During the vulnerability check, Snyk suggests to…
mukut bhattacharjee
  • 191
  • 10
1
vote
1 answer

Ignore snyk code quality issue with .snyk file

Snyk finds some code quality issue that should be ignored. I'm using Snyk CLI: "snyk code test" ✗ [High] Server-Side Request Forgery (SSRF) Path: project/src/main/java/com/MyClass.java, line 140 Info: Unsanitized input from an HTTP…
Nickname0222022022
  • 577
  • 1
  • 4
  • 22
1
vote
2 answers

Snyk CLI for docker scan azure pipeline

I need to run snyk scan for Azure container and set it to fail only when there are new vulnerabilities found as compared to previous image. I did follow the snyk-delta document to configure task in azure but the tasks are getting failed. Suggestions…
Vaybhaw
  • 11
  • 1
1
vote
1 answer

Snyk vulnerability scan not recognizing overriden nested package dependencies

I am running the snyk test command on my project to identify vulnerabilities with third party libraries and came across the following vulnerabilities in react-scripts@5.0.1 ->@svgr/webpack": "^5.5.0" Regular Expression Denial of Service (ReDoS) -…
svs
  • 23
  • 5
1
vote
1 answer

Performing multiplication on a string (from calling toFixed) and a number error

I get an error on typescript using Snyk Code Quality: Performing multiplication on a string (from calling toFixed) and a number (from number literal 10) will trigger an implicit coercion of the operands to number. If this is intended, consider…
ebanster
  • 886
  • 1
  • 12
  • 29
1
vote
1 answer

Could not detect supported target files in 'project directory'see documentation supported languages target, make sure you are in the right directory

I am new to Snyk and I have installed synk-cli and ran the command snyk monitor on the root directory of my project which contains two apps, client == reactJS, server== python(Django), I have authenticated my VS code to connect to my Snyk account…
Yusuf
  • 2,295
  • 7
  • 15
  • 34
1
vote
1 answer

integrating snyk with my azure pipeline security concerns

I am integrating Snyk with my Azure pipeline, but my concerns are: 1- is Snyk take a copy of my source code and save it on their servers, as I am connecting and giving authentication with an API key to my Azure pipeline? 2- what other options to…
M K
  • 13
  • 2
1
vote
1 answer

Snyk monitor command is failing

I am running below SNYK command for standard WAS application. snyk monitor --all-projects It is failing because there is a war-src module which contains ${project.version} tag and this version is mentioned in main pom.xml inside property tag...when…
Vinutha
  • 41
  • 9
1
vote
1 answer

What will be the BROKER_CLIENT_URL for Snyk broker setup for gitlab private instance

I am trying to setup Snyk broker for gitlab private instance and broker should run in docker container. docker run --restart=always -p 8000:8000 -e BROKER_TOKEN=secret-broker-token -e GITLAB_TOKEN=secret-gitlab-token -e…
George Paul
  • 23
  • 3
1
vote
1 answer

snyk container test from private repository

I'm trying to use snyk with a privately hosted repository that is managed using podman. snyk container test --username="user" --password="pass" --platform="linux/arm64" oci.example.com/image -d I've tried using oci.example.com/image:latest…
dza
  • 1,478
  • 2
  • 13
  • 24
1
vote
1 answer

unable to run snyk via node using bash wrapper script

I was able to run the iac scanner via snyk using these commands: $ npm install -g snyk $ snyk auth my-hash-api-token-key $ snyk iac test /path/to/my/terraform.tf I tried to wrapped those commands into one bash script using this…
Lagot
  • 639
  • 1
  • 9
  • 26
1
vote
1 answer

Running maven plugin from command line outside pom.xml

Below is the snyk plugin setup for maven. I have setup the plugin in pom.xml. I configured the maven set up in a pipeline. The below configuration has a secret API_TOKEN. Setting API_TOKEN as a variable in any file except the default pipeline file…
Subit Das
  • 15
  • 4
1
vote
1 answer

Snyk Security Scan task in Azure Pipeline

I am trying to use Snyk Security Scan task in Azure Pipeline (Classic). My Application runtime is .Net and framework is ASP.Net 4.4.1 . There is no issue regarding authentication as i had create valid service connection of Snyk. When i am running my…
shivam
  • 111
  • 2
  • 13
1
vote
1 answer

Dependabot/Snyk tool like for Rust and/or Elixir languages

We have used both Dependabot and Snyk to detect vulnerabilities in our GitHub hosted code repositories but they only support some (NodeJS, Java, JavaScript, Kotlin and Swift) of the current languages we are working on, so the question here is what…
gvasquez
  • 1,919
  • 5
  • 27
  • 41
1 2
3
4 5 6