{"id":13690778,"url":"https://github.com/snyk/serverless-snyk","last_synced_at":"2025-05-02T11:31:32.459Z","repository":{"id":65374259,"uuid":"72240875","full_name":"snyk/serverless-snyk","owner":"snyk","description":"Serverless plugin for securing your dependencies with Snyk","archived":true,"fork":false,"pushed_at":"2021-04-22T07:32:57.000Z","size":25,"stargazers_count":41,"open_issues_count":4,"forks_count":4,"subscribers_count":7,"default_branch":"develop","last_synced_at":"2025-04-12T08:19:17.417Z","etag":null,"topics":["security","serverless","snyk","vulnerabilities"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/snyk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-10-28T20:46:24.000Z","updated_at":"2025-02-24T21:43:22.000Z","dependencies_parsed_at":"2023-01-20T01:15:43.574Z","dependency_job_id":null,"html_url":"https://github.com/snyk/serverless-snyk","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snyk%2Fserverless-snyk","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snyk%2Fserverless-snyk/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snyk%2Fserverless-snyk/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/snyk%2Fserverless-snyk/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/snyk","download_url":"https://codeload.github.com/snyk/serverless-snyk/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252030187,"owners_count":21683301,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["security","serverless","snyk","vulnerabilities"],"created_at":"2024-08-02T17:00:31.464Z","updated_at":"2025-05-02T11:31:32.187Z","avatar_url":"https://github.com/snyk.png","language":"JavaScript","funding_links":[],"categories":["Uncategorized"],"sub_categories":["Uncategorized"],"readme":"[![Snyk logo](https://snyk.io/style/asset/logo/snyk-print.svg)](https://snyk.io)\n\n[![Build Status](https://travis-ci.org/Snyk/serverless-snyk.svg?branch=master)](https://travis-ci.org/Snyk/serverless-snyk)\n[![Known Vulnerabilities](https://snyk.io/test/github/snyk/serverless-snyk/badge.svg)](https://snyk.io/test/github/snyk/serverless-snyk)\n\n***\n\n# Serverless Snyk Plugin\n\nAround 14% of npm packages carry a known vulnerability, and new vulnerabilities are being [discovered every day](https://snyk.io/vuln). The Serverless Snyk plugin helps you keep your application secure by allowing you to check the Node.js dependencies in your [Serverless](https://github.com/serverless/serverless) app for known vulnerabilities using [Snyk](https://snyk.io).\n\n[Read more about Serverless security and how vulnerable open source packages affect it on the Snyk blog.](https://snyk.io/blog/Serverless-Security-Vulnerabilities/)\n\nFor Serverless v1 only.\n\n## How do I use it?\n\n1. Fix any existing vulnerable packages using [Snyk's GitHub integration](https://snyk.io/docs/github/) or [Snyk wizard](https://snyk.io/docs/using-snyk/#wizard).\n\n2. Install the Serverless Snyk plugin using npm\n\n   `npm install serverless-snyk --save`\n\n   You should now have Serverless Snyk installed and ready to go. You can confirm that the plugin has been installed by running `serverless` from your command line. You should see the Snyk plugin in the list of installed plugins. \n\n3. Add the plugin to your Serverless config\n\n   Next, you'll need to add the plugin to your `serverless.yml` file:\n\n   ```yml\n   plugins:\n      - serverless-snyk\n   ```\n\n4. Optional: Get a Snyk API Key\n\n   To avoid running into API rate limits and to enable [continuous monitoring](#continuous-monitoring), you'll need to [sign up for a Snyk account](https://snyk.io/auth/github) (if you don't have one already) and copy the API token from your dashboard. Detailed instructions on how to include the API token in your configuration are included in the [setting an API key](#setting-an-api-key) section below.\n\nThat's it! Now when you deploy, the Serverless Snyk plugin will scan your application for known vulnerabilities.\n\n\n## Configuring\n\n### Setting an API key\nTo ensure you don't run into any API rate limits, or to enable continuous monitoring of the state of your application's security, you'll need to include a valid API token in your application.\n\nYou can do this by [signing up for an account](https://snyk.io/auth/github) (if you don't have one already) and copying the API token from your dashboard. \n\nSince the Serverless framework does not currently support environment variables, Serverless Snyk uses [dotenv](https://github.com/motdotla/dotenv) to store your token. You'll want to create a `.env` file in the root of your project, and then set a `snykAuth` variable with the value you copied from your dashboard:\n\n```\nsnykAuth=YOUR_API_TOKEN\n```\n\n### Deploying even if vulnerabilities are discovered\nBy default, Serverless Snyk will stop serverless from deploying if Snyk detects any vulnerabilities in your dependencies. Each vulnerability will also be outputted, and you'll be prompted to run `snyk wizard` to address the issues. \n\nIf you would like serverless to deploy your application even if Snyk finds known vulnerabilities, you can accomplish this by using a custom variable in your `serverless.yml` file.\n\n```yml\ncustom:\n  snyk:\n    breakOnVuln: false\n```\n\nSnyk will still run and report any vulnerabilities, but the deploy will now continue on successfully.\n\n### Continuous monitoring\nSnyk can take a snapshot of the current state of your dependencies each time you deploy, and proactively you of any newly discovered vulnerabilities that may impact them.\n\n**This feature requires an API token.** If you've included the the API token as [described above](#setting-an-api-key), the plugin will monitor your application by default.\n\nThere may be cases where you want to be authenticated to avoid API limits, but you don't want to monitor your application. You can turn off monitoring in the `serverless.yml` file:\n\n```yml\ncustom:\n  snyk:\n    monitor: false\n```\n\n### License\n\n[License: Apache License, Version 2.0](LICENSE)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsnyk%2Fserverless-snyk","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsnyk%2Fserverless-snyk","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsnyk%2Fserverless-snyk/lists"}