Use Open Source and Stay Secure

Using Open Source packages from repositories like npm, Rubygems, and Maven is great for productivity, but can also leave you exposed. 83% of Snyk users found vulnerabilities in their applications, and new vulnerabilities are disclosed regularly, putting your application at risk.

Snyk helps you find, fix and prevent vulnerabilities in your Node.js, Ruby and Java dependencies quickly and easily, as well as keeping you vulnerability free on an ongoing basis. Snyk is free for Open Source, and offers a free trial for private repos - so you can start securing your applications with just a couple of clicks.

Snyk works in 4 key steps:

• Find vulnerabilities
• Fix vulnerabilities
• Prevent addition of new vulnerable packages
• Monitor to get alerted with newly disclosed vulnerabilities

Integration with your CI/CD pipeline

Snyk is readily available via our deep GitHub integration. Snyk Broker makes it possible to integrate with GitHub Enterprise. And Snyk even works with the CLI too!

For your convenience Snyk works with all your favorite CI/CD tools as well:

• TravisCI
• CircleCI
• Codeship
• Jenkins

Heck, we even have a Slack integration!
To find out more check here.

Find vulnerabilities in your repos

Quickly and easily check all your npm, Ruby and Maven repositories on Snyk's Your Github Repos page. You can choose whether to give access to just your public repos or to include your private repos as well. Snyk will identify the relevant repositories, calculate their dependencies, and match them up with Snyk's vulnerability database.

Vulnerabilities are classified into High/Medium/Low severity for easy prioritization. You can click through to see detailed test reports, and view information about the vulnerability and how it was introduced into your project.

Fix vulnerabilities

Snyk offers a single click remediation flow using GitHub Pull Requests.

Snyk will generate a Pull Request with the minimal changes needed to fix the issue and get back to writing code. Where possible, Snyk will find the minimal direct upgrade you can apply to get a non-vulnerable version of the package in question. If you can't upgrade, Snyk patches the vulnerability using Open Source patches from its vulnerability database which is hosted on GitHub.

Prevent adding vulnerable packages

Once you're free of vulnerabilities, you need to make sure you don't add new vulnerable packages as your application evolves. To help with that, Snyk integrates its test directly into your Pull Request tests, catching vulnerable packages before they truly enter your application.

Monitor and get alerted with newly disclosed vulnerabilities

New vulnerabilities are disclosed each week, uncovering previously unknown security holes in your application. Snyk helps you quickly respond to those issues by tracking and remembering your dependencies, and alerting you as soon as a new disclosure affects you.

You and your team will get an email or Slack notification with all the details, and Snyk will also submit a pull request with the fix straight to your project.

Committed to Security

Snyk is committed to helping you use Open Source and stay secure. Our dedicated team of Cyber Security experts continuously work to add and curate the most comprehensive database of known Open Source vulnerabilities. They don't stop with just finding the vulnerabilities, but they go the full depth, create patches and back port them in order to provide your applications with maximum remediation possibilities.

Ethics are important in Security. We religiously follow our responsible disclosure policy.