Snyk Scan Security
Snyk Security Scan is a powerful tool designed to identify and resolve vulnerabilities within your project's dependencies. Leveraging Snyk's extensive vulnerability database, this tool thoroughly analyzes libraries and frameworks used in your project, offering actionable insights to mitigate potential risks.
The Snyk Security Scan step integrates directly into Appcircle’s CI/CD workflows, allowing developers to automatically scan project dependencies for vulnerabilities with each build.
Prerequisites
Before running the Snyk Scan Security step, you must complete certain prerequisites, as detailed in the table below:
| Prerequisite Workflow Step | Description |
|---|---|
| Git Clone | Fetches the repository to be built from the specified branch, ensuring that the Snyk CLI can run on the repository path. |
Input Variables
This step contains some input variable(s). It needs these variable(s) to work. The table below gives explanation for this variable(s).
Please do not use sensitive variables such as Username, Password, API Key, or Personal Access Key directly within the step.
We recommend using Environment Variables groups for such sensitive variables.
| Variable Name | Description | Status |
|---|---|---|
$AC_REPOSITORY_DIR | Specifies the directory where the repository is cloned. | Required |
$AC_SNYK_ORGANIZATION | The name of the Snyk organization under which this project should be tested and monitored. | Required |
$AC_SNYK_AUTH_TOKEN | Your Snyk authentication token. | Required |
$AC_SYK_CLI_COMMAND | The Snyk CLI command to execute. The default value is test. | Optional |
$AC_SNYK_SEVERITY_THRESHOLD | Specifies the minimum severity level of vulnerabilities to report. Options: low, medium, high. | Optional |
$AC_SNYK_FAIL_ON_ISSUES | Specifies whether the build should fail based on the Snyk test results. Options: yes, no. | Optional |
$AC_SNYK_CREATE_REPORT | Specifies whether to generate an HTML report. Options: yes, no. | Optional |
$AC_SNYK_MONITOR | If enabled, imports the snapshot of dependencies to Snyk for continuous monitoring. Options: yes, no. | Optional |
$AC_SNYK_ADD_ARG | Additional arguments for the Snyk CLI command. | Optional |
Output Variables
The output(s) resulting from the operation of this component are as follows:
| Output Variable | Description |
|---|---|
AC_SNYK_REPORT | The Snyk report file containing the results of executed tests. |
AC_SNYK_MONITOR_EXPLORE_LINK | The link to explore and monitor the project's security status on Snyk. |
To access the source code of this component, please use the following link: