Back to Search Results

CircleCI

By: Snyk

Learn More

Snyk integrates with CircleCI using a Snyk Orb, seamlessly scanning your application dependencies and Docker images for open source security vulnerabilities as part of the continuous integration/continuous delivery (CI/CD) workflow.

With the Snyk Orb, you can quickly add Snyk scanning to your CI/CD in order to test and monitor for open source vulnerabilities, based on your configurations. Results are then displayed from the CircleCI output view and can also be monitored on Snyk.io.

Features
  • Automate builds across multiple envrionments
  • Improve developer productivity
  • Connect best-in-class tools
  • Secure your pipeline
  • Cloud, self-hosted runner, or private server
Benefits
  • Seamlessly scan your application dependencies & Docker images for open source vulnerabilities
  • Easily create CI/CD workflows using a group of ready-to-use commands (Orbs)
  • With the Snyk Orb, you can quickly add Snyk scanning to your CI/CD to test and monitor
  • Results are displayed from the CircleCI output and can be monitored on Snyk.io
Prerequisites
  • Create a Snyk account and retrieve the Snyk API token from your Account settings.
  • Import the relevant repo into CircleCI.
  • Go to Settings -> Security -> Orb security settings and make sure you allow opt-in to third party Orbs.
  • Make sure your configuration (config.yml) file follows version 2.1.
  • Add the required environment variables to CircleCI (including the Snyk API token as SNYK_TOKEN).
How it Works
  • Add project to CircleCI and Add Snyk Orb to the configuration file (Snyk Orb is used when a build runs for scans) Snyk scans:
  • App dependencies or container images for vulnerabilities or OS license issues, and lists the vulnerabilities and issues
  • If Snyk finds vulnerabilities, it will fail the build or let the build complete
  • Option: If the build completes successfully and Monitor is set to True, then Snyk saves a snapshot of the project dependencies
  • From the Snyk Web UI you can view dependencies displaying all of the issues/receive alerts for new issues found in existing app
Demo Video

Version:
N/A

Integration Categories:
Continuous Integration

Support:
support@snyk.io

Snyk Products:
Snyk Code
Snyk Container
Snyk IaC
Snyk Open Source

Website

Contact