Test and monitor your projects for vulnerabilities with Jenkins. Officially maintained by Snyk.
To use the plugin up you will need to take the following steps in order:
The plugin can download the latest version of Snyk's binaries and keep them up-to-date for you.
By default, Snyk uses the https://snyk.io/api endpoint.
It is possible to configure Snyk to use a different endpoint by changing the SNYK_API
environment variable:
SNYK_API
and the value to the custom endpointRefer to the Snyk documentation for more information about API configuration.
This step will depend on if you're using Freestyle Projects or Pipeline Projects.
Use the snykSecurity
step as part of your pipeline script. You can use the "Snippet Generator" to generate the code
from a web form and copy it into your pipeline.
pipeline {
agent any
stages {
stage('Build') {
steps {
echo 'Building...'
}
}
stage('Test') {
steps {
echo 'Testing...'
snykSecurity(
snykInstallation: '<Your Snyk Installation Name>',
snykTokenId: '<Your Snyk API Token ID>',
// place other optional parameters here, for example:
additionalArguments: '--all-projects --detection-depth=<DEPTH>'
)
}
}
stage('Deploy') {
steps {
echo 'Deploying...'
}
}
}
}
You can pass the following parameters to your snykSecurity
step.
snykInstallation
(required)Snyk Installation Name. As configured in "2. Configure a Snyk Installation".
snykTokenId
(optional, default: none)Snyk API Token Credential ID. As configured in "3. Configure a Snyk API Token Credential".
If you prefer to provide the Snyk API Token another way, such using alternative credential bindings, you'll need to provide a "SNYK_TOKEN" build environment variable.
failOnIssues
(optional, default: true
)Whether the step should fail if issues and vulnerabilities are found.
failOnError
(optional, default: true
)Whether the step should fail if Snyk fails to scan the project due to an error. Errors include scenarios like: failing to download Snyk's binaries, improper Jenkins setup, bad configuration and server errors.
organisation
(optional, default: automatic)The Snyk Organisation in which this project should be tested and monitored. See --org
under Snyk CLI docs for default behaviour.
projectName
(optional, default: automatic)A custom name for the Snyk project created for this Jenkins project on every build. See --project-name
under Snyk CLI docs for default behaviour.
targetFile
(optional, default: automatic)The path to the manifest file to be used by Snyk. See --file
under Snyk CLI docs
for default behaviour.
severity
(optional, default: automatic)The minimum severity to detect. Can be one of the following: low
, medium
, high
, critical
. See --severity-threshold
under Snyk CLI docs for default behaviour.
additionalArguments
(optional, default: none)See Snyk CLI docs for information on additional arguments.
If there are any errors you may not see the report. See Troubleshooting.
To see more information on your steps, you can increase logging and re-run your steps.
io.snyk.jenkins
logs.--debug
to "Additional Arguments" to capture all Snyk CLI logs. Debug output is available under "Console Output"By default, Snyk Installations will download Snyk's binaries over the network from downloads.snyk.io
and use static.snyk.io
as a fallback. If this fails there
may be a network or proxy issue. If you cannot fix the issue, you can use a Manual Installation instead.
Made with 💜 by Snyk