Security teams can get a quick start with Snyk free by scanning their code and open source dependencies using the Web UI, Snyk CLI or through integrations for IDEs, CI/CD and curated containers. This helps to prevent issues during development, boosting developer empowerment and improving team motivation. Snyk’s vulnerability database is updated regularly to keep users ahead of threats, and the platform’s flexible controls and visibility make it easy for developers to automate scanning at the points in their workflow that are most efficient.
Snyk scans GitHub repositories, Docker and Artifactory registry repositories, the code in IDEs and their builds, as well as in containers and cloud deployments. It identifies vulnerabilities and provides actionable fix advice. It also detects licensing violations across open-source libraries and runs a code audit for compliance with enterprise policies.
To scan code, snyk can integrate with IDEs through plugins and CI/CD workflows through integrations or the Snyk CLI. It can also be integrated into the build process of a Maven or Gradle project through an add-on. This enables it to scan for vulnerabilities while the build is running, giving security a ‘build-in’ security check.
Snyk places a premium on data privacy and encrypts all sensitive information. The type of data that Snyk accesses and stores varies depending on the product used, how it is configured and the integrations in place. This is described in the Data Retention policy for each Snyk product.