Topics on this page
Getting started
Add source control integration
Choose a source code integration to allow Open Source Security by Snyk to work on a project.
- Open the Trend Micro Cloud One console (https://cloudone.trendmicro.com) and select Open Source Security by Snyk.
- On the page that appears, select Head to Snyk.
- Select Integrations > Source control.
-
Select the source control system (for example, GitHub) to integrate with Snyk:
-
Enter the account credentials (or authenticate with your account in GitHub) to grant Snyk access permissions for integration.
Add Projects
Add projects to test with Open Source Security by Snyk by choosing repositories to test and monitor.
- In Open Source Security by Snyk, select Projects.
-
Select the tool you're using to add the project (for example GitHub):
-
In the Personal and Organization repositories area, select the repositories to use:
-
Select Add selected repositories to import the selected repositories into your projects. This also:
- Sets Snyk to run a regular check (daily by default) for vulnerabilities.
- Creates a webhook so when you change code, Snyk tests your pull/merge requests to check that new dependencies do not introduce more vulnerabilities.
-
A progress bar appears. Select View log to see log results.
- Project import completes.
View vulnerabilities
You can now view vulnerability results for imported projects. The Projects tab appears by default after import, showing vulnerability information for project you've imported.
-
Select an imported project to see vulnerability information for that project, including the number of issues found, grouped by severity level:
-
Select an entry to open the issues view for that entry, including the module, where it was introduced, the remediation to fix it, plus more details about the vulnerability itself:
