How to Use Snyk

Getting started with Snyk

In this guide, you'll learn how to sign up for Snyk, scan your code for vulnerabilities, and fix them efficiently. By the end, you'll be able to integrate security into your development workflow seamlessly.

Step 1: Sign up and set up

1. Go to snyk.io.
2. Click on the “Sign up” button in the top right corner.
3. Choose to sign up using your GitHub, GitLab, Bitbucket, or email account.
4. Once signed up, follow the prompts to connect your repositories where your code resides.
5. On the dashboard, explore the user interface to familiarise yourself with the layout.

Step 2: Your first scan

1. From the dashboard, click on “Projects” in the left-hand menu.
2. Select “Add project” and choose the repository you want to scan.
3. Click “Import” to start the scanning process.
4. After the scan completes, you will see a list of vulnerabilities. Click on any vulnerability to see details and suggested fixes.
5. To auto-fix a vulnerability, click the “Fix” button next to the issue. Follow the prompts to apply the fix to your code.

Step 3: Get better results

1. Regularly scan your projects by scheduling automatic scans. Go to “Settings” and enable “Auto-scan” for your projects.
2. Use the “Integrations” section to connect Snyk with your CI/CD tools, like Jenkins or CircleCI, for continuous monitoring.
3. Explore the “Insights” tab to view trends and prioritise vulnerabilities based on their severity and exploitability.

Pro tip

Make use of the Snyk CLI (Command Line Interface) for local scans. Install it by running npm install -g snyk in your terminal. This allows you to scan your code directly from your development environment, saving time on manual uploads.

Common mistake to avoid

Many users forget to set up automatic scans after the initial setup. Ensure you enable auto-scan in the project settings to continuously monitor your code for vulnerabilities without needing to remember to do it manually.