Snyk Scan Security
Snyk Security Scan is a powerful tool designed to identify and resolve vulnerabilities within your project's dependencies. Leveraging Snyk's extensive vulnerability database, this tool thoroughly analyzes libraries and frameworks used in your project, offering actionable insights to mitigate potential risks.
The Snyk Security Scan step integrates directly into Appcircle’s CI/CD workflows, allowing developers to automatically scan project dependencies for vulnerabilities with each build.
Prerequisites
Before running the Snyk Scan Security step, certain prerequisites must be completed. These prerequisites, detailed in the table below:
| Prerequisite Workflow Step | Description |
|---|---|
| Git Clone | Fetches the repository to be built from the specified branch, ensuring that the Snyk CLI can run on the repository path. |
Input Variables
Each component requires specific input variables for its operation. The input variables necessary for the Snyk Scan Security step are:
Enter confidential information as a secret environment variable. Also, select the appropriate environment variable group in the Configuration.
| Variable Name | Description | Status |
|---|---|---|
$AC_REPOSITORY_DIR | Specifies the directory where the repository is cloned. | Required |
$AC_SNYK_ORGANIZATION | The name of the Snyk organization under which this project should be tested and monitored. | Required |
$AC_SNYK_AUTH_TOKEN | Your Snyk authentication token. | Required |
$AC_SYK_CLI_COMMAND | The Snyk CLI command to execute. The default value is test. | Optional |
$AC_SNYK_SEVERITY_THRESHOLD | Specifies the minimum severity level of vulnerabilities to report. Options: low, medium, high. | Optional |
$AC_SNYK_FAIL_ON_ISSUES | Specifies whether the build should fail based on the Snyk test results. Options: yes, no. | Optional |
$AC_SNYK_CREATE_REPORT | Specifies whether to generate an HTML report. Options: yes, no. | Optional |
$AC_SNYK_MONITOR | If enabled, imports the snapshot of dependencies to Snyk for continuous monitoring. Options: yes, no. | Optional |
$AC_SNYK_ADD_ARG | Additional arguments for the Snyk CLI command. | Optional |
Output Variables
The outputs resulting from the operation of this component are as follows:
| Output Variable | Description |
|---|---|
$AC_SNYK_REPORT | The Snyk report file containing the results of executed tests. |
$AC_SNYK_MONITOR_EXPLORE_LINK | The link to explore and monitor the project's security status on Snyk. |
To access the source code of this component, please use the following link: