Skip to content
This repository has been archived by the owner on Nov 12, 2019. It is now read-only.

Operations

Jump to bottom
Jesse Houwing edited this page Nov 29, 2016 · 2 revisions

The snyk task can be configured to run Test, Protect and Monitor as part of your build workflow.

Task Configuration

Configuration

  • Project Folder - Path to the folder containing your package.json. Note: Your node modules must be installed prior to calling snyk. If your repository contains multiple modules, you can append /* to scan all projects directly under the specified folder.
  • Protect - Apply your existing .snyk policy and update/patch any known vulnerabilities. (requires an API token)
  • Test - Scan for new vulnerabilities.
  • Monitor - Register your project with Snyk.io to receive updates about new vulnerabilites. (requires an API token)
  • Only monitor for these branches - If you've setup one build for multiple branches, you can setup a branch filter to include/exclude certain branched. E.g. use master to only publish builds that were made from master, or releases/* for all builds in a release folder. Value is matched against Build.SourceBranchName.

Advanced

  • Authentication Type
  • None - Don't authenticate to Snyk.io. This will limit your available actions to Test.
  • Service Endpoint - Recommended Store your API token in a Service Endpoint. This is the most convenient and secure method.
  • Input - Provide the API token through a task-input. Only use if you cannot use a Service Endpoint. It's recommended to store the API Token as a build variable and set it to Secret.
  • Fail Build - Will fail the build if Test results in detected vulnerabilities. Will log Partially Succeeded otherwise.
  • Include Development Dependencies - Include your development dependencies as part of the scan.
  • Trust Policies - Applies and uses ignore rules from your dependencies's Snyk policies, otherwise ignore policies are only shown as a suggestion.
  • Organization - Include devDependencies (defaults to production only).
  • Additional Arguments - Pass any additional arguments when calling snyk (e.g. --debug).
  • Snyk location
  • Built-in - Use the version that's packaged with the extension.
  • Upgrade Snyk - Will try to update the built-in snyk version to the latest version.
  • System - Use the that's available in the systems path environment variable.
  • Path - Use the exact path provided as part of the task configuration.
  • Path to Snyk - Provide the full path to where snyk.cmd (win) or snyk (mac/linux) is located.

Icon

Clone this wiki locally