The Snyk Eclipse plugin provides analysis of your code, containers, and infrastructure as code configurations.
Snyk scans for the following types of issues:
- Open Source Security - security vulnerabilities and license issues in both the direct and indirect (transitive) open-source dependencies pulled into the Snyk Project. See also the
Open Source docs. - Code Security - security vulnerabilities in your code. See also the Snyk Code docs.
- Infrastructure as Code (IaC) Security - configuration issues in your IaC templates: Terraform, Kubernetes, CloudFormation, and Azure Resource Manager. See also the Snyk Infrastructure as Code docs.
The Eclipse plugin provides automated, algorithm-based fix suggestions for both direct and transitive dependencies. This single plugin provides a Java vulnerability scanner and an open-source security scanner.
After you have installed and configured the Eclipse plugin, every time you run it, open a file, or autosave, Snyk scans the manifest files, proprietary code, and configuration files in your project (if not deactivated in the Snyk Settings). Snyk delivers actionable vulnerability, license, or misconfiguration issue details and displays the results natively within the Eclipse UI.
This page explains supported environments, support, and giving feedback and provides installation instructions. After you complete the steps on this page, you will continue by following the instructions in the other Eclipse plugins docs:
- Download the CLI and language server with the Eclipse plugin
- Authentication for the Eclipse plugin
- Configuration of the Eclipse plugin
- Environment variables for the Eclipse plugin
- Use the Snyk plugin to secure your Eclipse projects
- SAST scanning results (SAST, Snyk Code)
- Misconfiguration scanning results (Snyk Infrastructure as Code)
- Third-party dependency scanning (SCA, Snyk Open Source)
- Troubleshooting for the Eclipse plugin
Snyk plugins are not supported on any operating system that has reached End Of Life (EOL) with the distributor.
You can use the Eclipse plugin in the following environments:
- Linux: AMD64 and ARM64
- Windows: 386 and AMD64
- MacOS: AMD64 and ARM64
The latest plugin version may not be supported in all Eclipse versions. Thus, if you use an older Eclipse version, you may need to install an older plugin version. The following versions of Eclipse are supported by at least one plugin version:
- 2024-03
- 2023-12
- 2023-09
- 2023-06
- 2023-03
- For Snyk Open Source, the Eclipse plugin supports the languages and package managers supported by Snyk Open Source and the CLI except C/C++. For more information, see Supported languages, frameworks, and feature availability overview, Open Source section.
- For Snyk Code, the Eclipse plugin supports the languages and frameworks supported by Snyk Code. For more information, see Supported languages, frameworks, and feature availability overview, Snyk Code section.
- For Snyk IaC, the Eclipse plugin supports the following IaC templates: Terraform, Kubernetes, CloudFormation, and Azure Resource Manager.
- Eclipse Marketplace (recommended): https://marketplace.eclipse.org/content/snyk-security-code%E2%80%8B-open-source%E2%80%8B-iac-configurations
- Preview update site (CI/CD, on commit): https://static.snyk.io/eclipse/preview
- Stable update site (weekly): https://static.snyk.io/eclipse/stable
- Manual downloads: https://github.com/snyk/snyk-eclipse-plugin/releases
Signing Information for Jars
If you want to verify the correct provenance of your download, verify the signing details from the Eclipse dialog using this data.
 (2) (1) (1) (1) (1) (1) (1) (1) (1).png)
The signing key details to verify the integrity and origin of the download plugin
Navigate to the Marketplace from your running Eclipse instance. Search for Snyk and click Install.
Eclipse Marketplace search showing Snyk plugin and Install button
When you are prompted, accept the license agreement and add the Snyk Security certificate to complete the installation (this happens only once).
Restart the Eclipse instance:
Restart Eclipse
After Eclipse is restarted, the Snyk Wizard should run; this will set up your Snyk API endpoint and authentication token.
After the Snyk configuration wizard runs, follow the instructions to set up your Snyk API:
.png)
Snyk configuration wizard
After the Snyk plugin is configured, navigate to Eclipse Preferences to ensure that Snyk now appears in the list:
Eclipse preferences showing Snyk.
When you open the preferences, you can opt out of downloading the CLI through the plugin and thus use your own installation of the CLI.
Continue with the steps to Download the CLI and language server with the Eclipse plugin.
If you need help, submit a request to Snyk Support.