Visual Studio extension
The Snyk Visual Studio extension provides analysis of your code and open source dependencies. Download the plugin at any time free of charge and use it with any Snyk account. Scan your code early in the development lifecycle to help you pass security reviews and avoid costly fixes later in the development cycle.
Snyk scans for vulnerabilities and returns results with security issues categorized by issue type and severity.
For open source, you receive automated algorithm-based fix suggestions for both direct and transitive dependencies.
This single plugin provides a Java vulnerability scanner, a custom code vulnerability scanner, and an open-source security scanner.
Snyk scans for the following types of issues:
In using the Visual Studio Code extension, you have the advantage of relying on the Snyk Vulnerability Database. You also have available the Snyk Code AI Engine.
This page explains installation of the Visual Studio extension. After you complete the steps on this page, you will continue by following the instructions in the other Visual studio extension docs:
The following are also available:
Supported languages, package managers, and frameworks
Install the extension
You can install the Snyk extension directly from the IDE; open Extensions > Manage Extensions.
Search for Snyk and select Download to download the Snyk Security - Code and Open Source Dependencies extension.
Once installed, use Snyk through the Extensions > Snyk menu (on Visual Studio versions older than 2019, Snyk is part of the top menu bar).
You can also open the Snyk tool window using View > Other Windows > Snyk.
Once the tool window opens, wait while the Snyk extension downloads the latest Snyk CLI version.
After you install the extension and the CLI you must authenticate. You can use the Connect Visual Studio to Snyk link. For more information and additional ways to authenticate see Visual Studio extension authentication.
If you need help, submit a request to Snyk Support.