Skip to main content

Snyk Integration

Overview

Snyk provides information around third party software vulnerabilities. By installing the Phylum/Snyk integration, users can augment Snyk data with Phylum's real-time software supply chain attack identification capabilities.

Installing

The Phylum integration for Snyk can be installed here.

Install The App

You will need to be authenticated with Snyk and will be prompted to do so if you are not already logged in.

Authenticate With Snyk

Once you have authenticated, you will need to accept the permissions required to run the Phylum application. These permissions will grant Phylum access to your projects and dependencies list.

Accept permissions and scopes

Listing Projects

After installing the Phylum integration for Snyk, you can now list your Snyk projects by clicking the "List Projects" button.

Listing Snyk Projects

Once you've installed the application, you will need to link your Snyk account to Phylum by clicking on the Enable button in the interface.

Enable with Phylum

If you aren't already authenticated with Phylum, you will be prompted to do so now.

Phylum Authenticate

Analyzing Results

Phylum analyzes software packages as they are published into the open source ecosystem. In addition to providing information around software vulnerabilities and licenses, we can also provide information around real-time threats stemming from your software supply chain.

By clicking on a project you can view additional supply chain attack information related to your project dependencies.

Anaylze Supply Chain Attacks