★Start Free★

Integrating with Snyk

Suggest Edits

Overview

Snyk integration enables you to use Snyk's Static Code Anaylsis (SAST) and Software Component Analysis (SCA) within Jit's platform.

Activating and disabling Snyk integration

To activate Snyk SAST & SCA

  1. From Snyk's platform, select Account Settings and copy your API token.
  2. From the Jit platform, select Secrets in the menu bar under Settings.
  3. Follow the instructions in Secrets to store this token as a secret called SNYK_TOKEN.
  4. Activate the SAST and SCA plan items from the My Plan page.
  5. Activate Snyk's SAST & SCA by adding the following snippet at the bottom of the jit-plan.yml file in your .jit repository, or in the repository where you manage Jit's configurations:
override:
  workflows:
    sca:
      jobs:
        software-component-analysis-snyk:
          enabled: true
    sast:
      jobs:
        static-code-analysis-snyk:
          enabled: true
  1. Disable other SAST & SCA jobs to prevent conflicts. Your jit-plan.yml overrides should look as follows:
override:
  workflows:
    sca:
      jobs:
        software-component-analysis:
          enabled: false
        software-component-analysis-go:
          enabled: false
        software-component-analysis-js:
          enabled: false
        software-component-analysis-snyk:
          enabled: true
    sast:
      jobs:
        static-code-analysis-csharp:
          enabled: false
        static-code-analysis-go:
          enabled: false
        static-code-analysis-java:
          enabled: false
        static-code-analysis-js:
          enabled: false
        static-code-analysis-kotlin:
          enabled: false
        static-code-analysis-python:
          enabled: false
        static-code-analysis-python-semgrep:
          enabled: false
        static-code-analysis-rust:
          enabled: false
        static-code-analysis-scala:
          enabled: false
        static-code-analysis-swift:
          enabled: false
        static-code-analysis-snyk:
          enabled: true

📘

Additional information

  • This code overrides the original Jit configuration by disabling Jit's SAST and SCA tools and enabling Snyk's.
  • You can add or delete this code any time you want to switch between Snyk's SAST and SCA tools and Jit's.
  • To only activate Snyk's SAST, delete the entire SCA block.
  • To only activate Snyk's SCA, delete the entire SAST block.

To disable Snyk SAST & SCA

Delete the above code from your .jit/jit-plan.yml. This reverts your plan back to Jit's tools for SAST and SCA.

Updated about 2 months ago