pbnj / vscode-snyk Goto Github PK

Visual Studio Code extension for Snyk.io

Home Page: https://marketplace.visualstudio.com/items?itemName=pmbenjamin.vscode-snyk

License: Other

JavaScript 100.00%

snyk snyk-io vulnerabilities vulnerability vulnerability-scanners security security-tools package-json gemfile security-audit

vscode-snyk's Introduction

vscode-snyk

Unofficial Visual Studio Code extension for Snyk.io

DEPRECATION NOTICE

⚠️ This project is now deprecated. As an alternative, I recommend Snyk's official extension: Vuln Cost.

Check your Node.JS and Ruby dependencies against Snyk.io vulnerability database.

Note: This extension requires internet access to https://snyk.io/vuln/ and will not currently work offline.

Demo

Usage

This extension adds the Snyk Test command to check your package.json, npm-shrinkwrap, or Gemfile against the Snyk.io VulnDB inventory of known vulnerabilities.

In the command palette (CMD + SHIFT + P), type Snyk Test.

Features

If vulnerabilities are found, display an error with a count of vulnerable dependencies
If no vulnerabilities are found, display an info message
Detailed summary of vulnerable dependencies
Hyperlinked URLs directly to Snyk.io VulnDB for more information on remediation.

Release Notes

See CHANGELOG.md.

For more information

vscode-snyk's People

Contributors

Stargazers

Watchers

Forkers

hayleycd joris-snyk neerajsrijan

vscode-snyk's Issues

Action required: Greenkeeper could not be activated 🚨

🚨 You need to enable Continuous Integration on all branches of this repository. 🚨

To enable Greenkeeper, you need to make sure that a commit status is reported on all branches. This is required by Greenkeeper because it uses your CI build statuses to figure out when to notify you about breaking changes.

Since we didn’t receive a CI status on the greenkeeper/initial branch, it’s possible that you don’t have CI set up yet. We recommend using Travis CI, but Greenkeeper will work with every other CI service as well.

If you have already set up a CI for this repository, you might need to check how it’s configured. Make sure it is set to run on all new branches. If you don’t want it to run on absolutely every branch, you can whitelist branches starting with greenkeeper/.

Once you have installed and configured CI on this repository correctly, you’ll need to re-trigger Greenkeeper’s initial pull request. To do this, please delete the greenkeeper/initial branch in this repository, and then remove and re-add this repository to the Greenkeeper App’s white list on Github. You'll find this list on your repo or organization’s settings page, under Installed GitHub Apps.

VSCode 1.43.2

Hello!
Forgive me if I am not using the extension correctly but I cannot seem to get it to work on 1.43.2 which is the latest version as of 31/03/2020.

I am able to install the plugin and run 'Snyk Test' however there does not appear to be any output or indication that the scan has run/is running.

Here is the output from the Extension Host log:

[2020-03-31 12:23:48.059] [exthost] [info] ExtensionService#_doActivateExtension pmbenjamin.vscode-snyk {"startup":false,"extensionId":{"value":"pmbenjamin.vscode-snyk","_lower":"pmbenjamin.vscode-snyk"},"activationEvent":"onCommand:extension.snykTest"} [2020-03-31 12:23:48.059] [exthost] [info] ExtensionService#loadCommonJSModule file:///Users/Mikail.Tunc/.vscode/extensions/pmbenjamin.vscode-snyk-0.0.2/extension

Monorepo support

Is it possible to scan monorepos? e.g. scan all package.json in a lerna project

Snyk Test won't do anything

Hi,

I just installed the vscode-snyk and when I do Snyk Test, nothing gets done. I also installed vuln cost:
https://marketplace.visualstudio.com/items?itemName=snyk-security.vscode-vuln-cost

This brought up some Snyk options when I open command tool, but none of the commands work, all error like attached.

I have not signed up or logged into Snyk yet. Do I need to do that? How can I get it working?