Quick Tip: Snyk security scanner

I recently ran across a slick tool called Snyk at https://app.snyk.io. This tool will scan for security and license problems in your NodeJS dependencies. It also helps create pull requests to resolve any problems.

I started here following the GitLab integration instructions. Follow the instructions to create a GitLab Personal Access Token with API access. Then choose the projects you want to monitor.

I tried the VSCode extension Vuln Cost - Security Scanner, but it didn't install properly.

The command-line interface is pretty simple. One install option is with NPM like this.

npm install -g snyk

Usage requires you to authenticate. It will pop open a browser window.

snyk auth

Now you can scan your project.

snyk test

Go here for more information on the command options. The most common commands are these.

snyk auth
snyk test
snyk wizard
snyk protect
snyk monitor

Copyright © 2020 Code Green LLC