Snyk Vulnerability Scanner
Snyk’s Vulnerability Scanner helps you find and fix security vulnerabilities in your projects. Within a few seconds, the extension will provide a list of all the different types of security vulnerabilities identified together with actionable fix advice. Using the engine behind Snyk Open Source Security, we find known vulnerabilities in both the direct and in-direct (transitive) open source dependencies you are pulling into the project.
1. Software requirements
2. How to install the extension?
Step 2.1 The Snyk extension can be installed directly from IDE. To install it open Extensions > Manage Extensions menu.
Search for Snyk
Step 2.2. Once installed, open the Snyk tool window by going to View > Other Windows as shown in the screenshot below.
Step 2.3. Once the tool window appears, wait while Snyk extension downloads the latest Snyk CLI version.
Step 2.4.. By now you should have the extension installed and the Snyk CLI downloaded. Time to authenticate. The first way is to click "Connect Visual Studio to Snyk" link.
Authentication can be triggered by pressing the “Authenticate” button. If for some reason the automated way doesn’t work or input user API token by hand.
Step 2.5. You will be taken to the website to verify your identity and connect the IDE extension. Click the Authenticate button.
3. How to use the extension?
Step 3.1. Open your solution and run Snyk scan. Depending on the size of your solution, time to build a dependency graph, it might take from less than a minute to a couple of minutes to get the vulnerabilities.
Step 3.2. You could filter vulnerabilities by name or by severity.
Step 3.3. Users could configure Snyk extension by Project settings.
4. Known Caveats
4.1 Could not detect supported target files
Solution Open Visual Studio Options to go to the Project Settings of the Snyk extension and check Scan all projects.
Thank you for reaching that far :)
It either means you’ve successfully run a scan with the Visual Studio extension or you’ve encountered an issue. Either way we would love to hear about it - so go ahead and use the above contacts. We are looking forward to hearing from you!
Close this repository to local machine:
Restore Nuget packages: