Snyk Integration
Overview​
Snyk provides information around third party software vulnerabilities. By installing the Phylum/Snyk integration, users can augment Snyk data with Phylum's real-time software supply chain attack identification capabilities.
Installing​
The Phylum integration for Snyk can be installed here.
You will need to be authenticated with Snyk and will be prompted to do so if you are not already logged in.
Once you have authenticated, you will need to accept the permissions required to run the Phylum application. These permissions will grant Phylum access to your projects and dependencies list.
Listing Projects​
After installing the Phylum integration for Snyk, you can now list your Snyk projects by clicking the "List Projects" button.
Once you've installed the application, you will need to link your Snyk account to Phylum by clicking on the Enable
button in the interface.
If you aren't already authenticated with Phylum, you will be prompted to do so now.
Analyzing Results​
Phylum analyzes software packages as they are published into the open source ecosystem. In addition to providing information around software vulnerabilities and licenses, we can also provide information around real-time threats stemming from your software supply chain.
By clicking on a project you can view additional supply chain attack information related to your project dependencies.