Automating open source security scanning with Snyk and CircleCI

Written by:
Hayley Denbraver
Hayley Denbraver
wordpress-sync/snyk-default-blog-hero-image

August 16, 2019

0 mins read

At Snyk, we are committed to building developer-friendly security tools that seek to meet developers where they are already working. This includes broad language support and integration with tools and services that developers already use and love. In that spirit, we are excited to announce that Snyk has partnered with CircleCI to help you use open source and stay secure.

CircleCI empowers developers to automate their pipeline from commit to deploy. They also offer first-class Docker support. CircleCI provides fast performance, complete control, and unparalleled flexibility in creating your CI/CD pipeline. And now, it is easier than ever to use Snyk alongside CircleCI thanks to our new Snyk CircleCI Orb.

What is an Orb?

CircleCI Orbs are shareable packages of CircleCI configuration that you use in your builds.

Orbs define reusable commands, executors, and jobs so that commonly used pieces of configuration can be condensed into a single line of code.

Orbs can be used across multiple projects. For example, check out these Orbs that help you utilize AWS-s3 and Helm. Orbs are contributed by the community and by CircleCI partners (like Snyk!).

More about the Snyk Orb

Snyk is delighted to launch a CircleCI Orb to make it even easier for our users to incorporate Snyk into their CircleCI workflows. By utilizing this orb in your project workflows, Snyk tests, fixes and monitors your project for vulnerabilities in the app dependencies and Docker images, all with a single command. You can set thresholds for vulnerability tolerance in your app or Docker image (and fail the workflows when threshold is exceeded), apply proprietary Snyk patches, and save dependency snapshots on the snyk.io app for continuous monitoring and alerting. You can learn more about the orb in our GitHub repository.

Try it today!

Are you new to Snyk? Try it for free and see what vulnerabilities exist in your application.

Already a user? That’s awesome! Consider upgrading to a paid plan, which offers an API key, allowing you to take advantage of our orb.

You can learn more about the Snyk Orb here and download it today.

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo