Skip to content

Snyk Code

Snyk Code is a developer-first static application security testing (SAST) solution. By scanning code in real-time and providing actionable insights directly in the developer workflow across IDEs, repositories, and CI/CD pipelines, you can identify and address vulnerabilities early on. The AI-based engine results in fewer false positives for your developers, improving code quality and security.

Type: Data Flow Analysis

Supported version: 1.1298.3

Legal Notice

  • Terms: SNYK TERMS OF SERVICE

Disclaimer

This project provides wrappers and scripts to integrate with Snyk Code, but does not include the tool itself. Therefore, you are responsible for reviewing and complying with the product's license and terms of use.

Requirements

  • A Snyk account (a free plan is sufficient).

  • An existing Snyk CLI installation.

  • An active internet connection.

Key Considerations

  • Data retention policy (Snyk documentation):

    • Snyk stores project metadata and analysis results (e.g., filenames and vulnerability locations).
    • Snyk does not store your source code.

  • Limited usage:

    • The free plan is limited to 100 Snyk Code tests per month.

Snyk Auth Token

Authentication via snyk auth (OAuth) creates a temporary session that will expire, requiring periodic re-authentication.

For persistent access, this integration requires a long-lived Auth Token:

  • Navigate to your Account settings > General > Auth Token to obtain your token.

  • Store the token in the tool's configuration directory:

    mkdir -p  ~/.codesectools/config/SnykCode
echo <your-auth-token-here> > ~/.codesectools/config/SnykCode/auth_token.txt