The following describes the Snyk task configuration fields on the configuration panel in Azure Pipelines, the associated parameters for Azure Pipelines integration, and the valid values.
Parameter: serviceConnectionEndpoint
Required: Yes
Default: none
Type: String / Azure Service Connection Endpoint of type SnykAuth / Snyk Authentication
Description: The Azure DevOps service connection endpoint where your Snyk API token is defined. Your admin defines this within your Azure DevOps project settings, assigning it using a unique string in order to differentiate between different connections.
The configuration panel displays all available Snyk service connections from a dropdown list like the following:
Snyk service connections
If multiple Snyk service connections are available from the dropdown list, ask your administrator which to use for the pipeline you are working with.
Parameter: testType
Required: Yes
Default: application
Type: string: "app" or "container" or "code"
Description: Determines the type of testing to perform, which also selects the dynamic fields to display as described on the rest of this page.
- Specifying "app" will perform analysis of your application's open-source dependencies (SCA)
- Specifying "container" will analyze container packages and detected application open-source packages (SCA)
- Specifying "code" will perform static analysis (SAST) on source code.
Parameter: dockerImageName
Required: Yes
Default: none
Type: String
Description: The name of the container image to test. This dynamic field appears when What do you want to test is set to Container Image. Set to Yes if container image test.
Parameter: dockerfilePath
Required: Yes
Default: none
Type: string
Description: The path to the Dockerfile corresponding to the dockerImageName
. This dynamic field appears when What do you want to test is set to Container Image. Set to Yes if container image test.
Parameter: targetFile
Required: No
Default: none
Type: string
Description: Applicable to application-type tests only. The path to the manifest file to be used by Snyk. Should be provided only if non-standard. This dynamic field appears when What do you want to test is set to Application.
Parameter: severityThreshold
Required: No
Default: "low"
Type: string: "low" or "medium" or "high" or "critical"
Description: The severity threshold to use when testing. By default, issues of all severity types are found. If not configured, the default severity is set to low.
Parameter: codeSeverityThreshold
Required: No
Default: "low"
Type: string: "low" or "medium" or "high"
Description: The Code severity threshold to use when testing. By default, issues of all severity types are found. If not configured, the default severity is set to low
.
Parameter: monitorWhen
Required: No
Default: "always"
Type: string: string: "always", "onIssuesFound", or "never"
Description: When to run snyk monitor to capture the dependency tree of the application or container image and monitor it within Snyk.
Parameter: failOnIssues
Required: Yes
Default: true
Type: Boolean
Description: Specifies whether pipeline jobs should be failed or continued based on issues found by Snyk.
Parameter: projectName
Required: No
Default: none
Type: string
Description: A custom name for the Snyk Project to be created on snyk.io.
Parameter: organization
Required: No
Default: none
Type: string
Description: ID of the Snyk Organization under which this Project should be tested and monitored.
Parameter: testDirectory
Required: No
Default: none
Type: string
Description: Alternate working directory. For example, if you want to test a manifest file in a directory other than the root of your repo, you would put in a relative path to that directory.
Parameter: additionalArguments
Required: No
Default: none
Type: string
Description: Additional Snyk CLI arguments to be passed in. See the CLI commands and options summary for details. Add --all-projects
as good practice (for example, for .NET), if no project has been found.
Parameter: ignoreUnknownCA
Required: No
Default: false
Type: boolean
Description: Use to ignore unknown or self-signed certificates during certificate validation, so self-signed certificates are automatically trusted.