Questions tagged [snyk]

Snyk is a service that analyzes your code to help find and fix security vulnerabilities in your applications, containers, infrastructure-as-code, and cloud environments.

Useful Resources

Website: https://snyk.io/
Registration/Login: https://app.snyk.io/login (free)
What is Snyk?: https://snyk.io/product/
Snyk blog (useful security information): https://snyk.io/blog/
Community Discord
Snyk Events: https://snyk.io/events/

Chat

If you're interested in DevSecOps and want to discuss security (or Snyk-focused) topics in more depth, please head to the DevSecOps Community Discord.

79 questions

vote

1 answer

ERROR npm install No valid versions available for https-proxy-agent-snyk-fork

Running the npm install for deploying purpose, I am getting the below error + npm install npm ERR! code ENOVERSIONS npm ERR! No valid versions available for https-proxy-agent-snyk-fork The log file contains the below log http fetch GET 200…

asked Oct 10 '19 at 14:41

Rutvik Joshi

vote

1 answer

Jenkins Snyk Task Not Finding Vulnerabilities Found via Snyk Web Scan

Running Snyk from their web page against a Github repo, finds 7 High Severity issues in the pom.xml file. I've configured Jenkins to run against the same project with the Snyk plug-in, but just get: Snyk installation is UP-TO-DATE Testing for known…

security jenkins snyk

asked Aug 12 '19 at 14:40

Paul Croarkin

14,496
14
79
118

vote

0 answers

Permission error when using Snyk for gradle wrapper in GitLab

I am trying to integrate Snyk into my GitLab CI pipeline. I install it with npm, authenticate with my personal token and run snyk test. I get the following error which prevents me from getting the results: Testing…

java gradle npm gitlab snyk

asked Jun 06 '18 at 11:47

Mike J.

vote

1 answer

snyk dependencies download issue

I am trying to install the dependencies of respec project of w3c and I am getting this error npm WARN prepublish-on-install As of npm@5, `prepublish` scripts are deprecated. npm WARN prepublish-on-install Use `prepare` for build steps and…

javascript npm-install w3c snyk respect-validation

asked Feb 18 '18 at 09:54

Ayush Mahajan

votes

1 answer

How to solve ReDOS pointed out by snyk

I'm new to frontend programming. I'm charged to check vulnerabilities on an app. I'm using Snyk which point out this portion of code as code security vulnerability: const re = new RegExp('(' + query.replace(/[-\/\\^$*+?.()|[\]{}]/g, '\\$&') + ')',…

javascript angular regexp-replace snyk

asked May 01 '23 at 18:37

Zik 3r

votes

0 answers

NTIA minimum SBOM requirement tool

I am trying to generate SBOM for Java, Python, ios(Swift) and Android (kotlin) project. I need to follow the NTIA guidelines for minimum element for SBOM (https://www.ntia.doc.gov/files/ntia/publications/sbom_minimum_elements_report.pdf). These…

snyk

asked Apr 25 '23 at 17:00

bostonjava

votes

2 answers

How to stay on top of OWASP dependencycheck reports

We are using OWASP dependency check. It's a great tool, but it reports lots of vulnerabilities. A big proportion of them is false positives. We can suppress them using the suppression file, but with microservices, we have to do it in each repo,…

security owasp build-dependencies snyk

asked Apr 20 '23 at 16:01

Lukas

13,606
9
31
40

votes

0 answers

Issue running Snyk test against a fresh firebase project

I am trying to get started with Snyk on my existing Firebase project and running into this error when trying snyk test: Dependency firebase-admin was not found in package-lock.json. Your package.json and package-lock.json are probably out of sync.…

firebase snyk

asked Mar 03 '23 at 18:43

GeneRator

votes

2 answers

Snyk disabling an automatic test

I'm totally surprised but I looks like it's not possible to disable Snyk automatic tests. In my case Snyk integrated with bitbucket. Snyk analyze code each time new commit is merged. I want to test repository once per week and this mode is set. I…

security snyk

asked Feb 21 '23 at 09:27

RedBluff

votes

1 answer

Ignore all instances of certain software license

I have a .snyk file with a number of entries like these: 'snyk:lic:maven:org.clojure:tools.analyzer.jvm:EPL-1.0': - '*': reason: 'ignore license issue' expires: '2100-01-15T00:00:000Z' …

licensing snyk

asked Jan 03 '23 at 21:56

Brett Rowberry

1,030
8
21

votes

0 answers

Using Snyk-Delta for Azure container image scan

I am trying to configure synk-delta to fail SNYK security scan task only if new vulnerabilities are being introduced in ACR. We need to run snyk scan for Azure container and set it to fail only when there are new vulnerabilities found as compared to…

azure-devops snyk

asked Dec 22 '22 at 05:54

Vaybhaw

votes

1 answer

How can I add a snyk badge to my private repository?

I want to add badges to a the readme file showing the green or red badges for the vulnerabilities detected by snyk. I am using snyk and have integrated it with my GitHub account. Accroding to the snyk documentation, they only support badges for…

github snyk

asked Dec 15 '22 at 07:51

Jayanta Basumatary

votes

1 answer

Snyk server can be installed in a machine without internet?

I have been using sonarqube and now i want to use snyk but dont know if it is possible to install it in an machine locally and without internet access. Snyk server can be install in an local machine and without internet access?

snyk

asked Dec 13 '22 at 15:06

Wonser

votes

1 answer

Snyk finds vulnaribilities in Simple Injector

In our .NET 6 apis we are using Simple Injector for dependency injection. With the latest version of Simple Injector, we observed that Snyk found five high-priority vulnerabilities and two medium vulnerabilities…

dependency-injection simple-injector snyk

asked Oct 21 '22 at 07:46

Thomas Limburg

votes

0 answers

Information regarding XSS vulnerabilities reported by Snyk

In a need to introduce Test Management to help our QA engineering team , we are looking for some tools and have come across Kiwi TCMS . We are considering of onboarding the software to help our QA team , at the same time we are curious to know if…

npm xss kiwi-tcms snyk

asked Sep 28 '22 at 11:17

JoshuaAtEriks

Prev 1 2 3

5 6 Next