Snyk Find and fix vulnerabilities in open source dependencies

Snyk helps you find, fix, and monitor known vulnerabilities in Node.js npm, Ruby, and Java dependencies, both on an ad hoc basis and as part of the CI (Build) system.

Specifications

  • Find known vulnerabilities while performing it snick  in a project or as wizard, either as part of the CI process.
  • Fix them vulnerabilities using  the snyk driver and the  snyk protection.
    • The snyk guide guides you in finding and repairing known vulnerabilities in your project. Recovery options include configuring your policy file for updates, auto-repair, and ignoring vulnerabilities. (npm only)
    • The snyk protection protects your code from vulnerabilities by applying code updates and optionally removing specific vulnerabilities.
  • The notification snyk monitor  logs dependency status and vulnerabilities to snyk.io so you can be notified when new vulnerabilities or patches / patches are discovered that affect your repositories.
    • Prevent the person νέων ευάλωτων εξαρτήσεων στο project σας εκτελώντας μια  snyk test as part of your CI for test failures when adding vulnerable Node.js or Ruby dependencies.

Installation

  1. Install the Snyk utility using  npm install -g snyk.
  2. Once installed, you will need to authenticate with your Snyk account:  snyk auth

For more details on authentication, take a look at  CLI authentication of Snyk.

Use

Package definition is optional. If no package is provided, Snyk will execute the command in the current task list, allowing you to try out non-public applications.

$ snyk test ✗ High severity vulnerability found on minimatch@0.3.0 - desc: Regular Expression Denial of Service - info: https://snyk.io/vuln/npm:minimatch:20160620 - from: ionic@2.1.17> gulp @ 3.8.8> liftoff@0.12.1> findup-sync@0.1.3> glob@3.2.11> minimatch@0.3.0 Upgrade direct dependency gulp@3.8.8 to gulp@3.8.11 (triggers upgrades to liftoff @ 2.2.0> findup-sync@0.3.0> glob@5.0.15> minimatch@3.0.2) ✗ Medium severity vulnerability found on moment@2.11.1 - desc: Regular Expression Denial of Service - info: https: // snyk.io/vuln/npm:moment:20161019 - from: ionic@2.1.17> moment@2.11.1 Upgrade direct dependency moment@2.11.1 to moment@2.15.2 ✗ Medium severity vulnerability found on send@0.10.1 - desc: Root Path Disclosure - info: https://snyk.io/vuln/npm:send:20151103 - from: ionic@2.1.17> serve-static@1.7.1> send@0.10.1 Upgrade direct dependency serve -static@1.7.1 to serve-static@1.8.1 (triggers upgrades to send@0.11.1)

 

Video guide

 

Application snapshots

 

Instructions on how to install and use the program, you will find here.

 

 

iGuRu.gr The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Sneak

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).