What and Why
Snyk is replacing Veracode as the standard, supported security scanning tool. Its speed, capabilities, and developer-first experience are primary factors and benefits in this decision.
These scans take place throughout the SDLC and look at both your dependencies as well as source code to identify potential security vulnerabilities and risks.
Link to deck: Snyk Overview update link
Key Terms¶
- Vulnerabilities: software coding flaws or system misconfigurations through which attackers can directly gain unauthorized and privileged access to a system or network.
- Risks: potential legal liabilities where open-source licenses are inappropriately used.
- CVE: Common Vulnerabilities and Exposure is a database of publicly disclosed information security issues.
Software Composition Analysis (SCA)¶
Analyzes open-source components, their supporting libraries, and their direct and indirect dependencies. These items are then compared against the Snyk vulnerability database and if associated vulnerabilities are found Snyk will include them in its scan results.
Snyk SCA is performed by the snyk test
command (Snyk SCA docs).
Static Application Security Testing (SAST)¶
SAST focuses on the source code of an application and scans to identify problematic coding patterns.
Snyk SAST is by the snyk code test
command (Snyk SAST docs).