Subscribe
Sign in
Start new thread
Snyk
p/snyk
Find & fix known vulnerabilities in Node.js/npm dependencies
Visit Product
Mikael Cho
Snyk for GitHub — Fix vulnerabilities in Node & npm dependencies with a click.
Featured
6
Replies
Guy Podjarny
Maker
Mikael, thanks for hunting us! We're extremely excited to launch Snyk out of beta today, and to introduce this new GitHub integration. Over the course of Snyk's beta we've processed over 340,000 tests, and 76% of our users found vulnerabilities in their apps. The new GitHub integration makes it easier than ever to address those issues, and so enjoy the goodness of npm without compromising your security. You can check out our blog post here: https://snyk.io/blog/out-of-beta/ But here are some inline details too! Snyk’s new GitHub Integration lets you easily: - Test all your repos for vulnerable dependencies with one click. This will find the dependencies in your GitHub project, match them against our open source vulnerability DB (https://snyk.io/vuln), and make it easy to understand the details and impact of each item. - Fix the issues with a “Fix” button. Once you integrate a project with Snyk, you'll find a "Fix Vulnerabilities" button at the top right. This button creates a pull request with the upgrades and patches needed to fix the vulnerable dependencies. - Prevent new issues by running Snyk’s test directly in your repo’s Pull Requests. Once you fix current vulnerabilities, this lets you catch new vulnerable dependencies before they enter your system. - Alert you about new disclosed vulnerabilities in your dependencies - including submitting a fix PR. New vulnerabilities are disclosed regularly. Snyk remembers your dependencies and sends you both an email and a fix pull-request, letting you respond easily and quickly, before attackers can exploit the security flaw. Try it out, and let us know what you think on @snyksec or support@snyk.io !
Corey Hobbs
Top Product
Great tool! I think their GitHub integration page is here: https://github.com/integrations/.... Tried it out and it's pretty slick :)
Riyadh Al Nur
How is this different and/or better than SourceClear?
Guy Podjarny
Maker
@riyadhalnur in many ways, primarily: - Snyk is focused on fixing the issues,not just finding them - Snyk is attuned to how you work in GitHub. It's extremely easy to get started and adds practically no overhead for staying secure over time - Snyk comes to you. We keep as much of the functionality as possible inside your existing GitHub and CLI workflows, not requiring you to regularly visit or learn to use a separate tool and product
Doron Passov
Looks like a great concept ! Will give it a try !
Lior Kesos
Looks sharp, I should probably integrate this to mean.io . A good strategy would be to open PR's to popular frameworks like mean.io, metero, sails, mean,js, hapi etc.. etc..