{"id":15045182,"url":"https://github.com/jenkinsci/snyk-security-scanner-plugin","last_synced_at":"2025-03-17T14:18:08.811Z","repository":{"id":39636248,"uuid":"98332701","full_name":"jenkinsci/snyk-security-scanner-plugin","owner":"jenkinsci","description":"Test and monitor your projects for vulnerabilities with Jenkins. This plugin is officially maintained by Snyk. ","archived":false,"fork":false,"pushed_at":"2024-08-29T12:00:44.000Z","size":1043,"stargazers_count":58,"open_issues_count":11,"forks_count":87,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-01T22:45:06.149Z","etag":null,"topics":["devsecops","jenkins-plugin","snyk"],"latest_commit_sha":null,"homepage":"https://plugins.jenkins.io/snyk-security-scanner/","language":"Java","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jenkinsci.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-07-25T17:29:07.000Z","updated_at":"2024-10-01T16:57:25.000Z","dependencies_parsed_at":"2024-08-29T13:28:46.872Z","dependency_job_id":"0ffdac8a-3f8b-45cd-b7f1-9a505e4d5525","html_url":"https://github.com/jenkinsci/snyk-security-scanner-plugin","commit_stats":null,"previous_names":[],"tags_count":67,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jenkinsci%2Fsnyk-security-scanner-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jenkinsci%2Fsnyk-security-scanner-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jenkinsci%2Fsnyk-security-scanner-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jenkinsci%2Fsnyk-security-scanner-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jenkinsci","download_url":"https://codeload.github.com/jenkinsci/snyk-security-scanner-plugin/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244047645,"owners_count":20389206,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devsecops","jenkins-plugin","snyk"],"created_at":"2024-09-24T20:51:33.302Z","updated_at":"2025-03-17T14:18:08.789Z","avatar_url":"https://github.com/jenkinsci.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Snyk Security\n\n[![Homepage](https://img.shields.io/jenkins/plugin/v/snyk-security-scanner.svg)](https://plugins.jenkins.io/snyk-security-scanner)\n[![Changelog](https://img.shields.io/github/release/jenkinsci/snyk-security-scanner-plugin.svg?label=changelog)](https://github.com/jenkinsci/snyk-security-scanner-plugin/releases)\n[![Installs](https://img.shields.io/jenkins/plugin/i/snyk-security-scanner.svg)](https://plugins.jenkins.io/snyk-security-scanner)\n[![Vulnerabilities](https://snyk.io/test/github/jenkinsci/snyk-security-scanner-plugin/badge.svg)](https://snyk.io/test/github/jenkinsci/snyk-security-scanner-plugin)\n\n[![Snyk](https://snyk.io/style/asset/logo/snyk-print.svg)](https://snyk.io)\n\nTest and monitor your projects for vulnerabilities with Jenkins. Officially maintained by [Snyk](https://snyk.io).\n\n## Usage\n\nTo use the plugin up you will need to take the following steps in order:\n\n1. [Install the Snyk Security Plugin](#1-install-the-snyk-security-plugin)\n2. [Configure a Snyk Installation](#2-configure-a-snyk-installation)\n3. [Configure a Snyk API Token Credential](#3-configure-a-snyk-api-token-credential)\n4. [Add Snyk Security to your Project](#4-add-snyk-security-to-your-project)\n5. [Run a Build and View Your Snyk Report](#5-view-your-snyk-security-report)\n\n## 1. Install the Snyk Security Plugin\n\n- Go to \"Manage Jenkins\" \u003e \"Manage Plugins\" \u003e \"Available\".\n- Search for \"Snyk Security\".\n- Install the plugin.\n\n## 2. Configure a Snyk Installation\n\n- Go to \"Manage Jenkins\" \u003e \"Global Tool Configuration\"\n- Add a \"Snyk Installation\"\n- Configure the Installation\n- Remember the \"Name\" as you'll need it when configuring the build step.\n\n### Automatic Installations\n\nThe plugin can download the latest version of Snyk's binaries and keep them up-to-date for you.\n\n\u003cblockquote\u003e\n\u003cdetails\u003e\n\u003csummary\u003e📷 Show Preview\u003c/summary\u003e\n\n![Snyk Installer Auto Update](docs/snyk_configuration_installation_auto-update_v2.png)\n\n\u003c/details\u003e\n\u003c/blockquote\u003e\n\n### Manual Installations\n\n- Download the following binaries. Choose the binary suitable for your agent's operating system:\n  - [Snyk CLI](https://github.com/snyk/snyk/releases/latest)\n  - [snyk-to-html](https://github.com/snyk/snyk-to-html/releases/latest)\n- Place the binaries in a single directory on your agent.\n  - Do not change the filename of the binaries.\n  - Make sure you have the correct permissions to execute the binaries.\n- Provide the absolute path to the directory under \"Installation\ndirectory\".\n\n\u003cblockquote\u003e\n\u003cdetails\u003e\n\u003csummary\u003e📷 Show Preview\u003c/summary\u003e\n\n![Snyk Installer Manual](docs/snyk_configuration_installation_manual_v2.png)\n\n\u003c/details\u003e\n\u003c/blockquote\u003e\n\n### Custom API Endpoints\n\nBy default, Snyk uses the https://snyk.io/api endpoint. \nIt is possible to configure Snyk to use a different endpoint by changing the `SNYK_API` environment variable:\n\n- Go to \"Manage Jenkins\" \u003e \"Configure System\"\n- Under \"Global Properties\" check the \"Environment variables\" option\n- Click \"Add\"\n- Set the name to `SNYK_API` and the value to the custom endpoint\n\nRefer to the [Snyk documentation](https://docs.snyk.io/snyk-cli/configure-the-snyk-cli#configuration-to-connect-to-the-snyk-api) for more information about API configuration.\n\n## 3. Configure a Snyk API Token Credential\n\n- [Get your Snyk API Token](https://support.snyk.io/hc/en-us/articles/360004037537-Authentication-for-third-party-tools)\n- Go to \"Manage Jenkins\" \u003e \"Manage Credentials\"\n- Choose a Store\n- Choose a Domain\n- Go to \"Add Credentials\"\n- Select \"Snyk API Token\"\n- Configure the Credentials\n- Remember the \"ID\" as you'll need it when configuring the build step.\n\n\u003cblockquote\u003e\n\u003cdetails\u003e\n\u003csummary\u003e📷 Show Preview\u003c/summary\u003e\n\n![Snyk API Token](docs/snyk_configuration_token_v2.png)\n\n\u003c/details\u003e\n\u003c/blockquote\u003e\n\n## 4. Add Snyk Security to your Project\n\nThis step will depend on if you're using Freestyle Projects or Pipeline Projects.\n\n### Freestyle Projects\n\n- Select a project\n- Go to \"Configure\"\n- Under \"Build\", select \"Add build step\" select \"Invoke Snyk Security Task\"\n- Configure as needed. Click the \"?\" icons for more information about each option.\n\n\u003cblockquote\u003e\n\u003cdetails\u003e\n\u003csummary\u003e📷 Show Preview\u003c/summary\u003e\n\n![Basic configuration](docs/snyk_buildstep.png)\n\n\u003c/details\u003e\n\u003c/blockquote\u003e\n\n### Pipeline Projects\n\nUse the `snykSecurity` step as part of your pipeline script. You can use the \"Snippet Generator\" to generate the code\nfrom a web form and copy it into your pipeline.\n\n\u003cblockquote\u003e\n\u003cdetails\u003e\n\u003csummary\u003e📷 Show Example\u003c/summary\u003e\n\n```groovy\npipeline {\n  agent any\n\n  stages {\n    stage('Build') {\n      steps {\n        echo 'Building...'\n      }\n    }\n    stage('Test') {\n      steps {\n        echo 'Testing...'\n        snykSecurity(\n          snykInstallation: '\u003cYour Snyk Installation Name\u003e',\n          snykTokenId: '\u003cYour Snyk API Token ID\u003e',\n          // place other optional parameters here, for example:\n          additionalArguments: '--all-projects --detection-depth=\u003cDEPTH\u003e'\n        )\n      }\n    }\n    stage('Deploy') {\n      steps {\n        echo 'Deploying...'\n      }\n    }\n  }\n}\n```\n\n\u003c/details\u003e\n\u003c/blockquote\u003e\n\nYou can pass the following parameters to your `snykSecurity` step.\n\n#### `snykInstallation` (required)\n\nSnyk Installation Name. As configured in \"[2. Configure a Snyk Installation](#2-configure-a-snyk-installation)\".\n\n#### `snykTokenId` (optional, default: *none*)\n\nSnyk API Token Credential ID. As configured in \"[3. Configure a Snyk API Token Credential](#3-configure-a-snyk-api-token-credential)\".\n\nIf you prefer to provide the Snyk API Token another way, such using alternative credential bindings, you'll need to\nprovide a \"SNYK_TOKEN\" build environment variable.\n\n#### `failOnIssues` (optional, default: `true`)\n\nWhether the step should fail if issues and vulnerabilities are found.\n\n#### `failOnError` (optional, default: `true`)\n\nWhether the step should fail if Snyk fails to scan the project due to an error. Errors include scenarios like: failing\nto download Snyk's binaries, improper Jenkins setup, bad configuration and server errors.\n\n#### `organisation` (optional, default: *automatic*)\n\nThe Snyk Organisation in which this project should be tested and monitored. See `--org`\nunder [Snyk CLI docs](https://snyk.io/docs/using-snyk/) for default behaviour.\n\n#### `projectName` (optional, default: *automatic*)\n\nA custom name for the Snyk project created for this Jenkins project on every build. See `--project-name`\nunder [Snyk CLI docs](https://snyk.io/docs/using-snyk/) for default behaviour.\n\n#### `targetFile` (optional, default: *automatic*)\n\nThe path to the manifest file to be used by Snyk. See `--file` under [Snyk CLI docs](https://snyk.io/docs/using-snyk/)\nfor default behaviour.\n\n#### `severity` (optional, default: *automatic*)\n\nThe minimum severity to detect. Can be one of the following: `low`, `medium`, `high`\n, `critical`. See `--severity-threshold` under [Snyk CLI docs](https://snyk.io/docs/using-snyk/) for default behaviour.\n\n#### `additionalArguments` (optional, default: *none*)\n\nSee [Snyk CLI docs](https://snyk.io/docs/using-snyk/) for information on additional arguments.\n\n## 5. View your Snyk Security Report\n\n- Complete a new build of your project.\n- Go to the build's page.\n- Click on \"Snyk Security Report\" in the sidebar to see the results.\n\n\u003cblockquote\u003e\n\u003cdetails\u003e\n\u003csummary\u003e📷 Show Preview\u003c/summary\u003e\n\n![Snyk Build Report](docs/snyk_build_report.png)\n\n\u003c/details\u003e\n\u003c/blockquote\u003e\n\nIf there are any errors you may not see the report. See [Troubleshooting](#troubleshooting).\n\n## Troubleshooting\n\n### Increase Logging\n\nTo see more information on your steps, you can increase logging and re-run your steps.\n\n- View the \"Console Output\" for a specific build.\n- Add a logger to capture all `io.snyk.jenkins` logs.\n  Follow [this article](https://support.cloudbees.com/hc/en-us/articles/204880580-How-do-I-create-a-logger-in-Jenkins-for-troubleshooting-and-diagnostic-information-)\n  .\n- Add `--debug` to \"Additional Arguments\" to capture all Snyk CLI logs. Debug output is available under \"Console Output\"\n  for your build.\n\n### Failed Installations\n\nBy default, Snyk Installations will download Snyk's binaries over the network from `downloads.snyk.io` and use `static.snyk.io` as a fallback. If this fails there\nmay be a network or proxy issue. If you cannot fix the issue, you can use a [Manual Installation](#2-configure-a-snyk-installation) instead.\n\n---\n\nMade with 💜 by Snyk\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjenkinsci%2Fsnyk-security-scanner-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjenkinsci%2Fsnyk-security-scanner-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjenkinsci%2Fsnyk-security-scanner-plugin/lists"}