After the Snyk Security Scan task is added to a pipeline, each time the pipeline runs, the Snyk task performs the following actions:
- Snyk tests application dependencies or container images for vulnerabilities and open-source license issues or application source code for security vulnerabilities and lists these vulnerabilities and issues.
- If Snyk finds vulnerabilities or license issues, it does one of the following (based on your configuration):
- Fails the pipeline
- Allows the pipeline to continue
After the snyk test is complete on the dependencies for an application or a container image, you can run snyk monitor. snyk monitor saves a snapshot of the Project dependencies in your snyk.io account, where you can see the dependency tree with all of the issues and be alerted if and when new issues are found in the dependencies.