Stack Overflow
Stack Overflow

Questions tagged [snyk]

Snyk is a service that analyzes your code to help find and fix security vulnerabilities in your applications, containers, infrastructure-as-code, and cloud environments.

Snyk is a service that analyzes your code to help find and fix security vulnerabilities in your applications, containers, infrastructure-as-code, and cloud environments.

Useful Resources

Chat

If you're interested in DevSecOps and want to discuss security (or Snyk-focused) topics in more depth, please head to the DevSecOps Community Discord.

79 questions
18
votes
4 answers

upgrade to SnakeYaml 1.31 in spring-boot-starter-parent 2.7.3

Have springboot project in which wanted to either exclude snakeyaml 1.30 or upgrade it 1.31 inorder to avoid fortify issue reporting with snakeyaml 1.30 version there is security vulnerability
Syed Rafi
  • 825
  • 2
  • 12
  • 35
9
votes
2 answers

Snyk complains about fsevents missing from package-lock, but fsevents is not a requirement and snyk ignores --strict-out-of-sync=false

Cannot run snyk on any of my projects today, getting the same error everywhere. snyk test --strict-out-of-sync=false results in: Dependency fsevents was not found in package-lock.json. Your package.json and package-lock.json are probably out of…
user1456632
  • 638
  • 6
  • 17
8
votes
4 answers

Snyk test returns Failed to test pip project error

I'm running security scan with Snyk CLI for python project. Unfortunately snyk test command returns Failed to test pip project error. What am I missing, snyk test works just fine while scanning npm project ? $ snyk test…
Lukasz Dynowski
  • 11,169
  • 9
  • 81
  • 124
7
votes
1 answer

docker scan : - failed to get DockerScanID: bad status code "400 Bad Request"

I am trying to run docker scan : but it fails with error failed to get DockerScanID: bad status code "400 Bad Request" notes: I'm logged in to hub.docker.com I created a token in docker which I use in snyk.com I probably miss…
udo
  • 4,832
  • 4
  • 54
  • 82
6
votes
1 answer

Comparison between Snyk and Sonarcloud/SonarQube?

I need to do a comparison between the features and functionality of Snyk and Sonarcloud/Sonarqube and the only thing I can find is a speed comparison: https://snyk.io/blog/sast-tools-speed-comparison-snyk-code-sonarqube-lgtm/ ....does anyone know if…
mark11
  • 63
  • 3
5
votes
1 answer

Is it possible to solve org.jetbrains.kotlin:kotlin-stdlib vulnerability from OkHttp?

I'm using Snyk service to check my projects for vulnerabilities. Projects with OkHttp dependency have one common vulnerability: Vulnerable module: org.jetbrains.kotlin:kotlin-stdlib Introduced through: com.squareup.okhttp3:okhttp@4.10.0 You can…
Yevhen Vasyliev
  • 55
  • 3
5
votes
2 answers

IntelliJ IDE MissingApiTokenError: `snyk` requires an authenticated account. Please run `snyk auth` and try again

I have installed the snyk vulnerability analysis plugin on my IntelliJ IDE , but when i try to run the analysis , it gives me error as below : Although i understand it is asking me to provide some auth credentials for my snyk server , but i am not…
Saurabh Chaturvedi
  • 2,028
  • 2
  • 18
  • 39
4
votes
0 answers

Retrieving Snyk's vulnerability alerts in Splunk

How could one retrieve Snyk's vulnerabilities into Splunk? I am thinking the Splunk OpenTelemetry Collector could be a good integration point, but willing to know if someone has a parser before writing my own. Would love to hear suggestions on the…
Jonathan Gruber
  • 408
  • 1
  • 16
4
votes
1 answer

How can Snyk push notifications to MS Teams?

Snyk has native integrations to Slack, ServiceNow, Jira and others But no integration to MS Teams How can a team get Snyk notifications pushed to MS Teams?
Jonathan Gruber
  • 408
  • 1
  • 16
4
votes
1 answer

How can I plug Snyk vulnerability scans into JIRA so I get automatically created tickets when new vulns are discovered?

I'd like to configure my Snyk organization so that newly discovered vulnerabilities automatically generate a new ticket in Jira that I can assign to someone on my team to remediate. Any idea how I can do this?
rdegges
  • 32,786
  • 20
  • 85
  • 109
3
votes
1 answer

How to run multiple Snyk commands in a GitHub Actions workflow?

I'm setting up a GitHub Actions workflow to perform security scans on my Node.js project using Snyk. I want to run multiple Snyk commands within the same job of the workflow, but I'm not sure how to achieve this without redundant…
sujeet
  • 3,480
  • 3
  • 28
  • 60
3
votes
3 answers

How to sanitize api response server side?

I have an Express Request Handler that takes a request, which includes user form input (email), makes a request to another one of my (trusted) endpoints (via newFunctionWithRequest), and then returns data from that new response (newResponse). export…
grabury
  • 4,797
  • 14
  • 67
  • 125
2
votes
1 answer

Can snyk be configured to ignore all issues for a particular maven dependency?

I would like to clarify some moments regarding snyk ignore. Is it possible to configure .snyk file to ignore all kinds of issues for a particular maven dependency. https://docs.snyk.io/snyk-cli/commands/ignore ignore: '*': // all…
John Smith
  • 77
  • 7
2
votes
1 answer

Does Snyk offer management for Open Source License Compliance? If yes, is it possible to generate reports based on the licences being used?

Does Snyk offer management for Open Source License Compliance? If yes, is it possible to generate reports based on the licences being used? I was wondering if Snyk is able to offer any management and reporting capabilities to check compliance for…
Miklos Csecsi
  • 61
  • 7
2
votes
1 answer

Automatically open Jira ticket for issues in Snyk

I would like to be able to open tickets automatically from Snyk to Jira for new issues found. Based on new or existing vulnerabilities. And I would like to be able to create Jira tickets for issues already in the code. Looked at Snyk APIs and looked…
Jonathan Gruber
  • 408
  • 1
  • 16
1
2 3 4 5 6