Snyk for Visual Studio
The Visual Studio extension (Snyk’s Vulnerability Scanner) helps you find and fix security vulnerabilities in your projects. Within a few seconds, the extension will provide a list of all the different types of security vulnerabilities identified together with actionable fix advice. The extension combines the power of two Snyk products: Snyk Open Source and Snyk Code:
Install the extension
The Snyk extension can be installed directly from IDE. To install it open Extensions > Manage Extensions menu.
Search for Snyk
Once installed, open the Snyk tool window by going to View > Other Windows as shown in the screenshot below.
Once the tool window appears, wait while Snyk extension downloads the latest Snyk CLI version.
By now you should have the extension installed and the Snyk CLI downloaded. Time to authenticate. The first way is to click "Connect Visual Studio to Snyk" link.
Authenticate using "Connect Visual Studio to Snyk" link on Overview page.
Or authenticate via Options. Open Visual Studio Options and go to the General Settings of the Snyk extension.
Authentication can be triggered by pressing the “Authenticate” button. If for some reason the automated way doesn’t work or input user API token by hand.
If, however, the automated authentication doesn’t work for some reason, please reach out to us. We would be happy to investigate!
You will be taken to the website to verify your identity and connect the IDE extension. Click the Authenticate button.
Once the authentication has been confirmed, please feel free to close the browser and go back to the IDE extension. The Token field should have been populated with the authentication token. With that the authentication part should be done!
Open your solution and run Snyk scan. Depending on the size of your solution, time to build a dependency graph, it might take from less than a minute to a couple of minutes to get the vulnerabilities.
The extension provides the user with two kinds of results:
Open Source vulnerabilities
Snyk Code issues
Snyk Code analysis shows a list of security vulnerabilities and code issues found in the application code. For more details and examples of how others fixed the issue, select a security vulnerability or a code security issue. Once selected you will see the Snyk suggestion information in a panel.
The Snyk Suggestion panel shows the argumentation of the Snyk engine using for example variable names of your code and the line numbers in red. You can also see:
View analysis results
You could filter vulnerabilities by name or by severity.
Users could configure Snyk extension by Project settings.
After the plugin is installed, you can set the following configurations for the extension:
In the settings, you can also choose which results you want to receive:
Could not detect supported target files
Solution Open Visual Studio Options to go to the Project Settings of the Snyk extension and check Scan all projects.
How to find the log files
Logs could be found in user AppData directory:
Close this repository to local machine:
Restore Nuget packages:
Thank you for reaching that far :)
It either means you’ve successfully run a scan with the Visual Studio extension or you’ve encountered an issue. Either way we would love to hear about it - so go ahead and use the above contacts. We are looking forward to hearing from you!