Snyk is a platform for testing software code. The Uleska Snyk tool supports vulnerability checking using Snyk's platform and their repository of vulnerable open-source libraries.
| Security Stage | SCA (Software Composition Analysis) |
| Type | Proprietary |
| Frameworks | Source code |
| Site | https://snyk.io |
Pre-requisites
| 1 | You'll need a Snyk account and an API token for that account |
How do I set it up?
Adding Snyk to your set of security tests is simple. You will add this testing tool to a version (security stage) that is set up to run static code analysis tests.
Create a connection to Snyk using your API token
You will need to add Snyk as a New Connection in your Uleska system:
- In the Uleska Platform, click on the Configuration menu and select the 'Connections' tab
- Click on 'Add Connection'
- From the drop down list, select 'Generic Api Connection'
- Add the URL for Snyk to your connection (https://snyk.io/)
- Add your API token as an "Access Token"
- No further details are required.
- Click 'Save'
Setting your application and version to run Snyk
- Navigate to the version you would like to test
- Click the "Test tools" tab to open it
- Find the Snyk tool
-
Click the blue cog and select your Snyk connection from the "Connection name" drop-down. You can also specify a number of other optional configuration values here such as:
- Package File: The file that Snyk should inspect for package information. If this is left blank, Snyk will try to automatically detect which package/manifest file to scan.
- Organisation: Specify a name to run Snyk commands tied to a specific organisation
- Policy path: Manually pass a path to a Snyk policy file contained in the application's source code
- Click 'Save'
- Click "Add tool"
- Click "Save" at the bottom of the page
Now, any time you click 'Test Now' for that version, or make a request over the Uleska API or CLI for that stage, the Snyk tool will be included to test your code and add any results to your vulnerabilities list.