Visual Studio extension

The Snyk Visual Studio extension provides analysis of your code and open-source dependencies. Download the plugin at any time free of charge and use it with any Snyk account. Scan your code early in the development lifecycle to help you pass security reviews and avoid costly fixes later in the development cycle.

Snyk scans for vulnerabilities and returns results with security issues categorized by issue type and severity.

For open source, you receive automated algorithm-based fix suggestions for both direct and transitive dependencies.

This single plugin provides a Java vulnerability scanner, a custom code vulnerability scanner, and an open-source security scanner.

Snyk scans for the following types of issues:

• Open Source Security - security vulnerabilities and license issues in both direct and indirect (transitive) open-source dependencies pulled into the Snyk Project.
  See also the Snyk Open Source docs.
• Code Security - security vulnerabilities. See also the Snyk Code docs.
  See also the Snyk Code docs.

In using the Visual Studio extension, you have the advantage of relying on the Snyk Vulnerability Database. You also have available the Snyk Code AI Engine.

This page explains installation of the Visual Studio extension. After you complete the steps on this page, you will continue by following the instructions in the other Visual studio extension docs, starting with Visual Studio extension configuration.

The following are also available:

• Bug tracker
• Github repository

The plugin runs on Windows.

Supported Visual Studio IDE versions

This extension version was explicitly built for compatibility with Visual Studio 2015, 2017, and 2019. These VS IDE versions are outdated and are reaching their End Of Life.

Due to their technical limitations, Snyk will not update this particular extension with new features in the future. It will remain fully functional for some time, but we encourage upgrading to VS 2022 to continue receiving updates.

VS 2022 has its compatible extension Snyk Security

Supported languages, package managers, and frameworks

Supported languages and frameworks include C#, JavaScript, TypeScript, Java, Go , Ruby, Python, PHP, Scala, Swift, Objective-C, unmanaged C/C++ and .NET.

• For Snyk Open Source: the Visual Studio extension supports all the languages and package managers supported by Snyk Open Source and the CLI. See the full list on the page Supported languages, frameworks, and feature availability overview, in the Open Source section.
• For Snyk Code: the Visual Studio extension supports all the languages and frameworks supported by Snyk Code.

Supported operating systems and architecture

Snyk plugins are not supported on any operating system that has reached End Of Life (EOL) with the distributor.

You can use the Snyk Visual Studio extension in the following environments:

• Windows: 386, AMD64, and ARM64
• MacOS: Visual Studio Windows plugin in a Windows virtual machine inside a Mac with an ARM64 processor

Install the extension

You can install the Snyk extension directly from the IDE; open Extensions > Manage Extensions.

Search for Snyk and select Download to download the Snyk Security extension.

After you install, use Snyk through the Extensions > Snyk menu. (On Visual Studio versions older than 2019, Snyk is part of the top menu bar).

You can also open the Snyk tool window using View > Other Windows > Snyk.

Once the tool window opens, wait while the Snyk extension downloads the latest Snyk CLI version.

After you install the extension and the CLI you must authenticate. You can use the Connect Visual Studio to Snyk link. For more information and additional ways to authenticate see Visual Studio extension authentication.

Support

If you need help, submit a request to Snyk Support.