Snyk for GitHub

Fix vulnerabilities in Node & npm dependencies with a click.

get it

Reviews

Discussion

You need to become a Contributor to join the discussion - Find out how.
Guy PodjarnyMaker@guypod · Founder, Snyk
Mikael, thanks for hunting us! We're extremely excited to launch Snyk out of beta today, and to introduce this new GitHub integration. Over the course of Snyk's beta we've processed over 340,000 tests, and 76% of our users found vulnerabilities in their apps. The new GitHub integration makes it easier than ever to address those issues, and so enjoy the goodness of npm without compromising your security. You can check out our blog post here: https://snyk.io/blog/out-of-beta/ But here are some inline details too! Snyk’s new GitHub Integration lets you easily: - Test all your repos for vulnerable dependencies with one click. This will find the dependencies in your GitHub project, match them against our open source vulnerability DB (https://snyk.io/vuln), and make it easy to understand the details and impact of each item. - Fix the issues with a “Fix” button. Once you integrate a project with Snyk, you'll find a "Fix Vulnerabilities" button at the top right. This button creates a pull request with the upgrades and patches needed to fix the vulnerable dependencies. - Prevent new issues by running Snyk’s test directly in your repo’s Pull Requests. Once you fix current vulnerabilities, this lets you catch new vulnerable dependencies before they enter your system. - Alert you about new disclosed vulnerabilities in your dependencies - including submitting a fix PR. New vulnerabilities are disclosed regularly. Snyk remembers your dependencies and sends you both an email and a fix pull-request, letting you respond easily and quickly, before attackers can exploit the security flaw. Try it out, and let us know what you think on @snyksec or support@snyk.io !
Lior Kesos@lior_kesos
Looks sharp, I should probably integrate this to mean.io . A good strategy would be to open PR's to popular frameworks like mean.io, metero, sails, mean,js, hapi etc.. etc..
Doron Passov@doron_passov · Senior Product Manager
Looks like a great concept ! Will give it a try !
Hobbs, Corey@chobberoni · BD @ GitHub
Great tool! I think their GitHub integration page is here: https://github.com/integrations/.... Tried it out and it's pretty slick :)
Riyadh Al Nur@riyadhalnur · Full-stack Software Engineer @ HyperLab
How is this different and/or better than SourceClear?
Guy PodjarnyMaker@guypod · Founder, Snyk
@riyadhalnur in many ways, primarily: - Snyk is focused on fixing the issues,not just finding them - Snyk is attuned to how you work in GitHub. It's extremely easy to get started and adds practically no overhead for staying secure over time - Snyk comes to you. We keep as much of the functionality as possible inside your existing GitHub and CLI workflows, not requiring you to regularly visit or learn to use a separate tool and product