Skip to main content

Snyk

Snyk CLI scans and monitors your projects for security vulnerabilities.

🚀 Usage​

Add the following command to your CI configuration file:

fluentci run --wasm snyk iac test --severity-threshold=medium

Commands​

NameDescription
setupInstall Snyk
testScan vulnerabilities in your codebase
iac testScan vulnerabilities in your infrastructure as code
code testFind security issue using static code analysis
sbomGenerate or test an SBOM document in ecosystems supported by Snyk
log4shellScan for Log4Shell vulnerability
containerScan container images for vulnerabilities and generate an SBOM for a container image

Code examples​

Add fluentci-pdk crate to your Cargo.toml:

[dependencies]
fluentci-pdk = "0.2.1"

Use the following code to call a module function:

use fluentci_pdk::dag;

// ...

dag().call(
"https://pkg.fluentci.io/[email protected]?wasm=1",
"iac",
vec!["test", "--severity-threshold=medium"],
);

CI/CD Integration​

The following example shows how to integrate FluentCI with popular CI providers to scan vulnerabilities using Snyk:

ci.yml
name: ci
on:
push:
branches:
- main
jobs:
tasks:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Setup Fluent CI
uses: fluentci-io/setup-fluentci@v5
with:
wasm: true
plugin: snyk
args: |
iac test --severity-threshold=medium
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}