Skip to content

Local Development

To get even faster feedback, developers should scan their code locally as they develop, using the CLI and IDE plugins. This provides an excellent developer experience as engineers get real-time feedback with code changes. Plugins are available for VS Code and Intellij

Reference PE documentation for CLI update link and IDE update link setup.

Snyk CLI

Follow the above CLI instructions update link to install Snyk, configure to point to your Snyk org, and then authenticate. Be familiar with the following Snyk CLI commands:

  • snyk test - open source vulnerability scanning
  • snyk code test - your custom code
  • snyk monitor - publishes results to Snyk, should only happen in pipeline

Snyk in IDE

Your IDE will continually scan your active repo. It will visually show various vulnerabilities, its severity, and ideas around how to resolve including solutions from the open source community.

Snyk in IDE


Checkpoint

  • Add Snyk plugin to your IDE and authenticate with Snyk App
  • Verify Snyk CLI is installed with $ snyk -v
  • Teams may opt to include Snyk CLI scans in your Git hooks. For example, teams may want to run a snyk test in a pre-push hook.
  • Now that Snyk is setup locally, we can use the results to identify vulnerabilities to resolve