Snyk Blog

Instant security information with the Snyk security badge

Written by:
Brian Vermeer
Brian Vermeer
wordpress-sync/Snyk-badge-twitter

August 4, 2020

0 mins read

We are excited to announce the Snyk security badge for open source libraries that offers instant security information. This newly introduced item for library maintainers gives users better visibility into the security details. With this badge, you can instantly see whether a library has any vulnerabilities and the level of severity.

At Snyk we know that developers have many things they need to worry about—performance, maintainability, scalability, accessibility, and security are just a few examples. Choosing the right library to depend on is one of the more difficult choices. Snyk provides scanning and security information to help developers keep their projects secure and with this new security badge that displays a library’s security score, the task of choosing the right library becomes an easy one.

How do I get a security badge

The Snyk security badge can be generated for JavaScript, Java, and Python packages. You can generate a badge for JavaScript packages publicly available on npm, Java artifacts available on maven central, or Python packages available on PyPI.

Check our badge creator and incorporate the HTML on your website. The badge includes a link to a detailed security information page explaining what the vulnerabilities are.

Update: Aug 14 — If you don't specify a version below, the badge automatically resolves to the latest published version.

Update: Sep 14 — We also support PHP composer packages now.

snyk-badge-creator-page

Badge scores explained

Badges are generated with a score from A to F where A is the highest score and F the lowest. The color-coded letters indicate how secure a library is.

security-badge-scores

The score is a very simple but intuitive indication of how the library is doing security-wise.

Calculating the score is quite simple. Snyk distinguishes three severity levels—low, medium, and high. Every low vulnerability gets 1 point, every medium vulnerability 2 points, and every high vulnerability is awarded 4 points.

Accumulating all scores gives the following badge score:

0 point = A1 point = B2 - 3 points = C4 - 5 points = D6 -  9 points = E10 or more = F

This means that you only get a green A score badge if your library is free from vulnerabilities. The severity of a vulnerability also plays a huge part in calculating the score. Scores are updated on a daily basis so the badge represents the current status of the library.

Open source security is cool

Are you a maintainer for a JavaScript, Java, or Python package? Make it easy for developers to choose your package over others by providing instant security information.

And don’t forget that scanning your projects with Snyk is free!

Live Hack: Exploiting AI-Generated Code

Gain insights into best practices for utilizing generative AI coding tools securely in our upcoming live hacking session.

Register now

Posted in:Vulnerability Insights, Open Source Security
wordpress-sync/Snyk-badge-twitter

How to Build a Security Champions Program

Snyk interviewed 20+ security leaders who have successfully and unsuccessfully built security champions programs. Check out this playbook to learn how to run an effective developer-focused security champions program.

See the playbook
Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo

Product

What is Snyk?Snyk Code (SAST)Snyk Open Source (SCA)Snyk ContainerSnyk Infrastructure as CodeSnyk AppRisk (ASPM)Developer Security PlatformApplication securitySoftware supply chain securitySecure AI-generated code DeepCode AIPricingDeployment optionsIntegrationsIDE pluginsGit SecurityCI/CD pipelines securitySnyk CLISnyk LearnSnyk for JavaScript

Resources

DocumentationSnyk API DocsAPI statusDisclosed vulnerabilitiesSupport portal & FAQ’sBlogSecurity fundamentalsResources for security leadersResources for ethical hackersVulnerability DatabaseSnyk OSS AdvisorSnyk Top 10VideosCustomer resources

Company

AboutCustomersCareersEventsSnyk for governmentPress kitSecurity & trustLegal termsPrivacyFor California residents: Do not sell my personal informationWebsite Terms of Use

Connect

Book a live demoContact usSupportReport a new vuln

Security

Application SecurityContainer SecuritySupply Chain SecurityJavaScript SecurityOpen Source SecurityAWS SecuritySecure SDLCSecurity postureSecure codingEthical HackingAI in cybersecurityCode CheckerPythonEnterprise CybersecurityJavaScriptSnyk With GitHubSnyk vs VeracodeSnyk vs Checkmarx

© 2024 Snyk Limited
Registered in England and Wales

logo-devseccon