Snyk Security extension helps you find and fix security vulnerabilities in your projects. Within a few seconds, the extension will provide a list of all the different types of issues identified, bucketed into categories, together with actionable fix advice:
- Open Source Security - known vulnerabilities in both the direct and in-direct (transitive) open source dependencies you are pulling into the project.
- Operating system - Windows.
- Supported versions of Visual Studio: 2015, 2017, 2019. Compatible with Community, Professional and Enterprise.
Step 2.1. Double click on VSIX file and install the extension on the Visual Studio of choice. Select all the versions of Visual Studio on which you want to install Snyk extension (Extension can be installed on all Visual Studio versions at once).
Step 2.2. Once installed, open the Snyk tool window by going to View > Other Windows as shown in the screenshot below.
Step 2.3. Once the tool window appears, wait while Snyk extension downloads the latest Snyk CLI version.
Step 2.4.1. By now you should have the extension installed and the Snyk CLI downloaded. Time to authenticate. The first way is to click "Connect Visual Studio to Snyk" link.
Step 2.4.2. Or open Visual Studio Options to go to the General Settings of the Snyk extension.
Step 2.5. Authentication can be triggered by pressing the “Authenticate” button. If for some reason the automated way doesn’t work or input user API token by hand.
- If, however, the automated authentication doesn’t work for some reason, please reach out to us. We would be happy to investigate!
Step 2.6. You will be taken to the website to verify your identity and connect the IDE extension. Click the Authenticate button.
Step 2.7. You will be taken to the website to verify your identity and connect the IDE extension. Click the Authenticate button.
- Once the authentication has been confirmed, please feel free to close the browser and go back to the IDE extension. The Token field should have been populated with the authentication token. With that the authentication part should be done!
- Thank you for installing Snyk’s Visual Studio Extension! By now it should be fully installed. If you have any questions or you feel something is not as it should be, please don’t hesitate to reach out us.
- Let’s now see how to use the extension (continues on the next page).
Step 3.1. Open your solution and run Snyk scan. Depending on the size of your solution, time to build a dependency graph, it might take from less than a minute to a couple of minutes to get the vulnerabilities.
- Note that your solution will have to successfully build in order to allow the CLI to pick up the dependencies (and find the vulnerabilities).
- If you see only NPM vulnerabilities or vulnerabilities that are not related to your C#/.NET projects, that might mean your project is not built successfully and wasn’t detected by the CLI. Feel free to reach out to us (contacts at the end of the document) if you think something is not as expected, we are happy to help or clarify something for you.
Step 3.2. You could filter vulnerabilities by name or by severity.
- Filter by name by typing the name of the vulnerability in the search bar.
- Filter by severity by selecting one or more of the the severities when you open the search bar filter.
Step 3.3. Users could configure Snyk extension by Solution settings.
- Note that the “Scan all projects” option is enabled by default. It adds --all-projects option for Snyk CLI. This option scans all projects by default.
Solution Open Visual Studio Options to go to the Solution Settings of the Snyk extension and check Scan all projects.
- If you have any issues please reach out to support@snyk.io.
Thank you for reaching that far :)
It either means you’ve successfully run a scan with the Visual Studio extension or you’ve encountered an issue. Either way we would love to hear about it - so go ahead and use the above contacts. We are looking forward to hearing from you!
Close this repository to local machine:
git clone https://github.com/snyk/snyk-visual-studio-plugin.git
Restore Nuget packages:
nuget restore
Run build:
msbuild -t:Build
- This plugin works with projects written in .NET, Java, JavaScript, and many more languages. See the full list of languages and package managers Snyk supports
- Bug tracker