Visual Studio extension
The Visual Studio extension (Snyk Security - Code and Open Source Dependencies) helps you find and fix security vulnerabilities in your projects. Within a few seconds, the extension provides a list of all the different types of security vulnerabilities identified together with actionable fix advice. The extension combines the power of two Snyk products: Snyk Open Source and Snyk Code.
Supported languages, package managers, and frameworks
Install the extension
You can install the Snyk extension directly from the IDE; open Extensions > Manage Extensions.
Search for Snyk and select Download to download the Snyk Security - Code and Open Source Dependencies extension.
Once installed, use Snyk via the Extensions > Snyk menu (on Visual Studio versions older than 2019, Snyk will be part of the top menu bar).
!(<https://github.com/snyk/user-docs/raw/HEAD/docs/.gitbook/assets/image (76) (1) (1).png>)
You can also open the Snyk tool window using View > Other Windows > Snyk.
Once the tool window opens, wait while the Snyk extension downloads the latest Snyk CLI version.
After you install the extension and the CLI you must authenticate. You can use the Connect Visual Studio to Snyk link. For more information and additional ways to authenticate see Authentication.
To analyze projects the plugin uses the Snyk CLI, which requires environment variables:
You can set the variables using the GUI or on the command line using the
Authenticate using Connect Visual Studio to Snyk link on Overview page.
You can also authenticate using Options. Open Visual Studio Options and go to the General Settings of the Snyk extension or use the Settings button in the toolbar.
If the automated method does not work, you can trigger authentication by pressing the Authenticate button or enter the user API token manually. You can also submit a request to Snyk support.
On the Snyk website, verify your identity and connect to the IDE extension. Click the Authenticate button.
Once the authentication has been confirmed, close the browser and go back to the IDE extension. The Token field has been populated with the authentication token and authentication is complete.
Open your solution and run Snyk scan. Depending on the size of your solution and the time needed to build a dependency graph, it takes less than a minute to a couple of minutes to get the vulnerabilities.
The extension provides the user with two kinds of results:
Open Source vulnerabilities
Snyk Code issues
Snyk Code analysis shows a list of security vulnerabilities and code issues found in the application code. For more details and examples of how others fixed the issue, select a security vulnerability or a code security issue and examine the Snyk suggestion information in the panel.
The Snyk suggestion panel shows the recommendation of the Snyk engine using, for example, variable names of your code and the line numbers in red. You can also see:
View analysis results
You can filter vulnerabilities by name or by severity.
Filter by name by typing the name of the vulnerability in the search bar.
Filter by severity by selecting one or more of the severities when you open the search bar filter.
Users can configure Snyk extension by Project settings.
Note that the “Scan all projects” option is enabled by default. It adds the
After the plugin is installed, you can set the following configurations for the extension:
This setting allows you to specify an organization slug name to run tests for that organization. The value must match the URL slug as displayed in the URL of your org in the Snyk UI:
If not specified, the Preferred Organization (as defined in your web account settings) is used to run tests.
In the settings, you can also choose which results you want to receive:
Could not detect supported target files
Solution Open Visual Studio Options to go to the Project Settings of the Snyk extension and check Scan all projects.
The system cannot find the file specified
Solution This issue related to CLI file. Close and open Snyk tool window for start CLI download.
The specified executable is not a valid application for this OS platform
Solution This issue related to CLI file and its integrity. Remove CLI from in
Snyk Code no supported code available
Solution Check .gitignore and .dcignore file rules. Check if there are any rules that exclude your project's source files.
How to find the log files
Logs can be found in the user AppData directory:
Clone this repository locally:
Restore Nuget packages:
Support and contact information
Need more help? Submit a request to Snyk support.
Share your experience.
Snyk continuously strives to improve the Snyk plugins experience. Would you like to share with us your feedback about the Snyk Visual Studio extension? Schedule a meeting.