Skip to main content

Snyk Scan Security

Snyk Security Scan is a powerful tool designed to identify and resolve vulnerabilities within your project's dependencies. Leveraging Snyk's extensive vulnerability database, this tool thoroughly analyzes libraries and frameworks used in your project, offering actionable insights to mitigate potential risks.

The Snyk Security Scan step integrates directly into Appcircle’s CI/CD workflows, allowing developers to automatically scan project dependencies for vulnerabilities with each build.

Prerequisites

Before running the Snyk Scan Security step, certain prerequisites must be completed. These prerequisites, detailed in the table below:

Prerequisite Workflow StepDescription
Git CloneFetches the repository to be built from the specified branch, ensuring that the Snyk CLI can run on the repository path.
Screenshot

Input Variables

Each component requires specific input variables for its operation. The input variables necessary for the Snyk Scan Security step are:

Screenshot
danger

Enter confidential information as a secret environment variable. Also, select the appropriate environment variable group in the Configuration.

Variable NameDescriptionStatus
$AC_REPOSITORY_DIRSpecifies the directory where the repository is cloned.Required
$AC_SNYK_ORGANIZATIONThe name of the Snyk organization under which this project should be tested and monitored.Required
$AC_SNYK_AUTH_TOKENYour Snyk authentication token.Required
$AC_SYK_CLI_COMMANDThe Snyk CLI command to execute. The default value is test.Optional
$AC_SNYK_SEVERITY_THRESHOLDSpecifies the minimum severity level of vulnerabilities to report. Options: low, medium, high.Optional
$AC_SNYK_FAIL_ON_ISSUESSpecifies whether the build should fail based on the Snyk test results. Options: yes, no.Optional
$AC_SNYK_CREATE_REPORTSpecifies whether to generate an HTML report. Options: yes, no.Optional
$AC_SNYK_MONITORIf enabled, imports the snapshot of dependencies to Snyk for continuous monitoring. Options: yes, no.Optional
$AC_SNYK_ADD_ARGAdditional arguments for the Snyk CLI command.Optional

Output Variables

The outputs resulting from the operation of this component are as follows:

Output VariableDescription
$AC_SNYK_REPORTThe Snyk report file containing the results of executed tests.
$AC_SNYK_MONITOR_EXPLORE_LINKThe link to explore and monitor the project's security status on Snyk.

To access the source code of this component, please use the following link:

Preview of GitHub - appcircleio/appcircle-snyk-scan-secure-component: Appcircle Snyk Scan Security Component