### Main Execution Logic for Snyk Studio Setup Source: https://github.com/snyk/user-docs/blob/main/docs/integrations/snyk-studio-agentic-integrations/distribution-at-scale.md The main entry point for the Snyk Studio setup script. It iterates through supported IDEs, installs the Snyk extension if necessary, and configures Secure at Inception settings. It also handles the download of the 'jq' binary and tracks overall success or failure. ```bash # ============================================================================= # MAIN EXECUTION # ============================================================================= # Entry point that iterates through supported IDEs to: # 1. Install the Snyk extension, if not already installed # 2. Configure Secure at Inception settings # ============================================================================= main() { log_info "Starting Snyk Studio setup script" local user_home user_home="$(get_console_home)" # Define supported IDEs with their CLI paths and config file paths # Format: "IDE_NAME|CLI_PATHS|CONFIG_FILE_PATH" local ide_entries=( "cursor|/Applications/Cursor.app/Contents/Resources/app/bin|${user_home}/Library/Application Support/Cursor/User/settings.json" "windsurf|${user_home}/.codeium/windsurf/bin:/Applications/Windsurf.app/Contents/Resources/app/bin|${user_home}/Library/Application Support/Windsurf/User/settings.json" ) # Track if jq has been downloaded (only needed for config updates) local jq_downloaded=false # Track overall success/failure local ok=0 # Process each IDE for entry in "${ide_entries[@]}"; do # Parse the IDE entry into name, paths, and config file IFS='|' read -r name paths config_file <<< "$entry" log_info "Processing ${name}..." # Skip if this editor isn't installed on this machine if ! editor_installed "$name" "$paths"; then continue fi # Step 1: Install extension if not already installed if ! extension_installed "$name"; then if ! install_extension "$name" "$paths"; then log_error "Failed to install extension for ${name}" ok=1 continue fi fi # Step 2: Configure Secure at Inception settings # Download jq only once, when first needed if [[ "$jq_downloaded" != "true" ]]; then if ! download_jq_if_needed; then log_error "Failed to download jq binary. Cannot configure settings." ok=1 continue fi jq_downloaded=true fi if ! process_config_file "$name" "$config_file"; then log_error "Failed to configure settings for ${name}" ok=1 fi log_info "${name} processing complete" done if [[ $ok -eq 0 ]]; then log_info "Snyk Studio setup script completed successfully" else log_error "Snyk Studio setup script completed with errors" fi exit $ok } main "$@" ``` -------------------------------- ### Install and verify SDK with npm Source: https://github.com/snyk/user-docs/blob/main/docs/scan-with-snyk/snyk-iac/current-iac-custom-rules/install-the-sdk.md Use npm to install the SDK globally and verify the installation. ```bash npm install -g snyk-iac-rules ``` ```bash snyk-iac-rules --help ``` -------------------------------- ### snyk redteam setup Source: https://github.com/snyk/user-docs/blob/main/docs/developer-tools/snyk-cli/commands/redteam.md Launches an interactive web-based setup wizard to guide users through target configuration and generate a `redteam.yaml` file. ```APIDOC ## POST /redteam/setup ### Description Launches an interactive web-based setup wizard to assist in configuring the target endpoint and generating a `redteam.yaml` configuration file. ### Method POST ### Endpoint /redteam/setup ### Parameters No specific parameters are listed for this command, as it is interactive. ### Request Example ```bash snyk redteam setup ``` ### Response #### Success Response (200) - **configuration_file** (string) - The generated `redteam.yaml` file content. #### Response Example ```yaml target: settings: url: "https://example.com/api/chat" request_body_template: "{\"message\": \"{{prompt}}\"}" response_selector: "response" context: purpose: "Customer support chatbot" ``` ``` -------------------------------- ### Example eclipse.ini configuration Source: https://github.com/snyk/user-docs/blob/main/docs/developer-tools/snyk-ide-plugins-and-extensions/eclipse-plugin/troubleshooting-for-the-eclipse-plugin.md A sample eclipse.ini file showing the required -vm argument for pointing to a specific JDK installation. ```text -startup plugins/org.eclipse.equinox.launcher_1.6.200.v20210416-2027.jar --launcher.library plugins/org.eclipse.equinox.launcher.win32.win32.x86_64_1.2.200.v20210429-1609 -product org.eclipse.epp.package.jee.product -showsplash org.eclipse.epp.package.common --launcher.defaultAction openFile --launcher.appendVmargs -vmargs -Dosgi.requiredJavaVersion=11 -Xms256m -Xmx2048m --add-modules=ALL-SYSTEM --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/sun.nio.ch=ALL-UNNAMED -vm C:\\Program Files\\Java\\jdk-17.0.1\\bin ``` -------------------------------- ### Install SDK with Scoop Source: https://github.com/snyk/user-docs/blob/main/docs/scan-with-snyk/snyk-iac/current-iac-custom-rules/install-the-sdk.md Add the Snyk bucket and install the SDK on Windows. ```bash scoop bucket add snyk https://github.com/snyk/scoop-snyk ``` ```bash scoop install snyk-iac-rules ``` -------------------------------- ### Install Specific Snyk Version and Monitor in GitHub Actions Source: https://github.com/snyk/user-docs/blob/main/docs/developer-tools/snyk-ci-cd-integrations/github-actions-for-snyk-setup-and-checking-for-vulnerabilities/snyk-setup-action.md This example demonstrates installing a specific version of the Snyk CLI and using its output to verify the installed version before running a Snyk monitor command. Requires SNYK_TOKEN to be configured in secrets. ```yaml name: Snyk example on: push jobs: security: runs-on: ubuntu-latest steps: - uses: actions/checkout@master - uses: snyk/actions/setup@master id: snyk with: snyk-version: v1.391.0 - uses: actions/setup-go@v1 with: go-version: "1.13" - name: Snyk version run: echo "${{ steps.snyk.outputs.version }}" - name: Snyk monitor run: snyk monitor env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} ``` -------------------------------- ### Example: GitLab import configuration Source: https://github.com/snyk/user-docs/blob/main/docs/scan-with-snyk/snyk-tools/tool-snyk-api-import/kicking-off-an-import.md Configuration example for importing projects from GitLab. ```json { "targets": [ { "orgId": "******", "integrationId": "******", "target": { "id": 13, "branch": "master" }, }, { "orgId": "******", "integrationId": "******", "target": { "id": 2, "branch": "master" }, }, ] } ``` -------------------------------- ### Install SDK with Homebrew Source: https://github.com/snyk/user-docs/blob/main/docs/scan-with-snyk/snyk-iac/current-iac-custom-rules/install-the-sdk.md Configure the Snyk tap and install the SDK package. ```bash brew tap snyk/tap ``` ```bash brew install snyk-iac-rules ``` -------------------------------- ### Install Snyk CLI and Authenticate Source: https://github.com/snyk/user-docs/blob/main/docs/developer-tools/snyk-cli/scan-and-maintain-projects-using-the-cli/snyk-agent-red-teaming.md Install the Snyk CLI globally and authenticate your account to use Snyk services. Ensure Node.js is installed. ```bash npm install snyk -g snyk auth ``` -------------------------------- ### Install Bundler Gems Source: https://github.com/snyk/user-docs/blob/main/docs/developer-tools/snyk-cli/scan-and-maintain-projects-using-the-cli/snyk-cli-for-open-source/open-source-projects-that-must-be-built-before-testing-with-the-snyk-cli.md Build is required only if no `Gemfile.lock` file is present. Run `bundle install` to generate the lockfile and install gems. ```shell bundle install ``` -------------------------------- ### Install Snyk Studio via Gemini CLI Source: https://github.com/snyk/user-docs/blob/main/docs/integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/gemini-cli-guide.md Commands to install the Snyk Studio extension and verify the installation. ```sh gemini extensions install https://github.com/snyk/agentic-integration-wrappers ``` ```sh /extensions list ``` -------------------------------- ### Install snyk-to-html Source: https://github.com/snyk/user-docs/blob/main/docs/developer-tools/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-to-html.md Instructions for installing the snyk-to-html tool globally or locally. ```APIDOC ## Install snyk-to-html To install `snyk-to-html`, you must have the required permissions on your machine. If the installation fails, contact your IT administrator to request the required permissions. You can install `snyk-to-html` using npm: ```bash npm install snyk-to-html -g ``` To install the `snyk-to-html` plugin locally, clone the `snyk-to-html` GitHub repository and use the script: ```bash npm install npm run build node ./dist/index.js ``` ``` -------------------------------- ### Install snyk-broker-config CLI Source: https://github.com/snyk/user-docs/blob/main/docs/enterprise-setup/snyk-broker/universal-broker/basic-steps-to-install-and-configure-universal-broker.md Installs the configuration tool globally via npm. ```bash npm i -g snyk-broker-config ``` ```bash npm install -g snyk-broker-config ``` -------------------------------- ### Install snyk-api-import CLI Source: https://github.com/snyk/user-docs/blob/main/docs/scan-with-snyk/snyk-tools/tool-snyk-api-import/README.md Install the tool globally using npm or Yarn. ```bash npm install snyk-api-import@latest -g ``` ```bash yarn global add snyk-api-import ``` -------------------------------- ### Prerequisites and Setup Source: https://github.com/snyk/user-docs/blob/main/docs/developer-tools/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-scm-contributors-count/scripts-for-scm-contributors-count/azure-devops/azure-examples.md Instructions on how to set up authentication and gather necessary information before running the command. ```APIDOC ## Before running the command ### 1. Export SNYK_TOKEN (Optional) If you want to get the contributors only for repos that are already monitored by Snyk: * Ensure your token has Group level access or use a service account's token with Group level access. Refer to [Service accounts](../../../../../../../implementation-and-setup/enterprise-setup/service-accounts/) for more information. * Copy the token value. * Export the token in your environment: ```bash export SNYK_TOKEN= ``` ### 2. Get Azure DevOps Token and Org * **Azure DevOps Token**: Create a token if one does not exist, using this [guide](https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=preview-page). **Note**: Ensure your token has read access to the repositories. * **Azure DevOps Org Name**: Find your Org name in Azure, listed on the left pane on the [Azure DevOps site](https://dev.azure.com). ``` -------------------------------- ### Install Snyk Extension Source: https://github.com/snyk/user-docs/blob/main/docs/integrations/snyk-studio-agentic-integrations/distribution-at-scale.md Automates the installation of the Snyk extension, including directory setup and environment configuration for proxy support. ```bash install_extension() { local name="$1" paths="$2" local user_home extdir output rc user_path # Resolve user paths and create the extensions directory if needed user_home="$(get_console_home)" user_path="$(build_path "$paths")" # Extensions are stored in ~/.${editor_name}/extensions by convention extdir="${user_home}/.${name}/extensions" run_as_user /bin/mkdir -p "${extdir}" log_info "Installing Snyk extension for ${name}" # Get Zscaler certificate env var if applicable (for corporate proxies) local cert_env_var cert_env_var="$(get_zscaler_cert_env_var)" # Build the full installation command with all necessary environment setup # - cert_env_var: Zscaler certificate for HTTPS (if present) # - HOME: User's home directory for proper config resolution # - PATH: Include editor-specific paths # - --extensions-dir: Explicit extensions directory # - --force: Overwrite if already partially installed local install_cmd="${cert_env_var}HOME='${user_home}' PATH='${user_path}' '${EDITOR_CMD}' --extensions-dir '${extdir}' --install-extension '${INSTALL_EXTENSION_ID}' --force" # Execute the installation in a login shell for proper environment log_info "Running installation command: $install_cmd" output=$(run_as_user /bin/sh -lc "$install_cmd" 2>&1) || rc=$? # Check for success (exit code 0 or not set) if [[ -z "${rc:-}" || "${rc}" -eq 0 ]]; then log_info "Extension installed for ${name}" return 0 fi # Installation failed - log the error output log_error "Install failed (exit ${rc}) for ${name}:" printf '%s\n' "${output}" >&2 return 1 } ``` -------------------------------- ### Example: Bitbucket Server import configuration Source: https://github.com/snyk/user-docs/blob/main/docs/scan-with-snyk/snyk-tools/tool-snyk-api-import/kicking-off-an-import.md Configuration example for importing projects from Bitbucket Server, including specific file paths and exclusion globs. ```json { "targets": [ { "orgId": "******", "integrationId": "******", "target": { "repoSlug": "api-import-circle-test", "name": "Snyk api-import-circle-test", "projectKey": "PROJECT" }, "files": [ { "path": "package.json" }, { "path": "package/package.json" }, { "path": "Gemfile.lock" } ], "exclusionGlobs": "fixtures, test" }, ] } ``` -------------------------------- ### Database Entry Example Source: https://github.com/snyk/user-docs/blob/main/docs/snyk-api/using-specific-snyk-apis/snyk-apps-apis/tutorial-create-a-snyk-app/register-the-app-and-configure-user-authorization.md An example of how Snyk app installation data, including authentication tokens and expiry information, is stored in the database. ```json { "installs": [ { "date": "2021-12-28T19:15:02.043Z", "userId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "orgId": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "access_token": "xxxxxxxxxxxxxxxxxxxxxxxxxx", "expires_in": 3599, "scope": "apps:beta", "token_type": "bearer", "refresh_token": "yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy" }, ] } ``` -------------------------------- ### Example: GitHub and Azure Repos import configuration Source: https://github.com/snyk/user-docs/blob/main/docs/scan-with-snyk/snyk-tools/tool-snyk-api-import/kicking-off-an-import.md Configuration example for importing projects from GitHub, GitHub Enterprise, and Azure Repos. ```json { "targets": [ { "orgId": "******", "integrationId": "******", "target": { "name": "shallow-goof-policy", "owner": "api-import-circle-test", "branch": "master" }, "exclusionGlobs": "fixtures, test" } ] } ``` -------------------------------- ### Install Snyk MCP Server with pre-installed Snyk CLI Source: https://github.com/snyk/user-docs/blob/main/docs/integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/augment-code-guide.md Install the Snyk MCP Server using the absolute path to your Snyk CLI executable. If the 'snyk' command is not found, follow the Snyk CLI installation guide. ```bash /absolute/path/to/snyk mcp -t stdio ``` -------------------------------- ### Install and run SDK with Docker Source: https://github.com/snyk/user-docs/blob/main/docs/scan-with-snyk/snyk-iac/current-iac-custom-rules/install-the-sdk.md Pull the Docker image and execute commands by mounting the local directory. ```bash docker pull snyk/snyk-iac-rules ``` ```bash docker run --rm -v $(pwd):/app snyk/snyk-iac-rules {SDK command} ``` ```bash docker run --rm -v $(pwd):/app snyk/snyk-iac-rules template -r {rule_name} ``` -------------------------------- ### GET /self/apps/installs Source: https://github.com/snyk/user-docs/blob/main/docs/snyk-api/reference/apps.md Retrieves a list of application installations associated with the authenticated user. ```APIDOC ## GET /self/apps/installs ### Description Retrieves a list of application installations associated with the authenticated user. ### Method GET ### Endpoint /self/apps/installs ### Parameters None ### Request Example None ### Response #### Success Response (200) - **installs** (array) - A list of installation objects. #### Response Example ```json { "installs": [ { "install_id": "example_install_id", "app_id": "example_app_id" } ] } ``` ``` -------------------------------- ### GET /groups/{group_id}/apps/installs Source: https://github.com/snyk/user-docs/blob/main/docs/snyk-api/reference/apps.md Retrieves a list of application installations within a specified group. ```APIDOC ## GET /groups/{group_id}/apps/installs ### Description Retrieves a list of application installations within a specified group. ### Method GET ### Endpoint /groups/{group_id}/apps/installs ### Parameters #### Path Parameters - **group_id** (string) - Required - The unique identifier of the group. ### Request Example None ### Response #### Success Response (200) - **installs** (array) - A list of installation objects. #### Response Example ```json { "installs": [ { "install_id": "example_install_id", "app_id": "example_app_id" } ] } ``` ``` -------------------------------- ### Deployment Creation Prompt Source: https://github.com/snyk/user-docs/blob/main/docs/enterprise-setup/snyk-broker/universal-broker/basic-steps-to-install-and-configure-universal-broker.md Confirm credential storage and proceed to deployment creation. ```text Helpful tip ! Set TENANT_ID, INSTALL_ID as environment values to avoid pasting the values in for every command. Now using Tenant ID and Install ID . Do you want to create a new Deployment? (Y/N) ``` -------------------------------- ### GET /orgs/{org_id}/apps/installs Source: https://github.com/snyk/user-docs/blob/main/docs/snyk-api/reference/apps.md Retrieves a list of application installations within a specified organization. ```APIDOC ## GET /orgs/{org_id}/apps/installs ### Description Retrieves a list of application installations within a specified organization. ### Method GET ### Endpoint /orgs/{org_id}/apps/installs ### Parameters #### Path Parameters - **org_id** (string) - Required - The unique identifier of the organization. ### Request Example None ### Response #### Success Response (200) - **installs** (array) - A list of installation objects. #### Response Example ```json { "installs": [ { "install_id": "example_install_id", "app_id": "example_app_id" } ] } ``` ``` -------------------------------- ### GET /tenants/{tenant_id}/brokers/installs/{install_id}/deployments Source: https://github.com/snyk/user-docs/blob/main/docs/snyk-api/reference/universal-broker.md Retrieve a list of deployments for a specific broker install. ```APIDOC ## GET /tenants/{tenant_id}/brokers/installs/{install_id}/deployments ### Description Retrieves all deployments associated with the specified broker install. ### Method GET ### Endpoint /tenants/{tenant_id}/brokers/installs/{install_id}/deployments ### Parameters #### Path Parameters - **tenant_id** (string) - Required - The unique identifier of the tenant. - **install_id** (string) - Required - The unique identifier of the broker install. ``` -------------------------------- ### Create application file Source: https://github.com/snyk/user-docs/blob/main/docs/snyk-api/using-specific-snyk-apis/snyk-apps-apis/tutorial-create-a-snyk-app/configuring-express.js.md Create the source file for the application logic. ```bash touch ./src/app.ts ``` -------------------------------- ### Setup Snyk Agent Red Teaming Configuration Source: https://github.com/snyk/user-docs/blob/main/docs/developer-tools/snyk-cli/scan-and-maintain-projects-using-the-cli/snyk-agent-red-teaming.md Run the setup subcommand to interactively configure your target for Snyk Agent Red Teaming. This command guides you through defining the target, connection, application context, and test goals. ```bash snyk redteam --experimental setup ``` -------------------------------- ### Install and verify SDK with prebuilt binaries Source: https://github.com/snyk/user-docs/blob/main/docs/scan-with-snyk/snyk-iac/current-iac-custom-rules/install-the-sdk.md Extract and move the binary to a local bin directory for Intel-based macOS systems. ```bash $ tar xzf snyk-iac-rules_0.0.5_Darwin_x86_64.tar.gz $ sudo mv snyk-iac-rules /usr/local/bin ``` ```bash snyk-iac-rules --help ``` -------------------------------- ### MSBuild Project Configuration Examples Source: https://github.com/snyk/user-docs/blob/main/docs/scan-with-snyk/error-catalog.md Example project files demonstrating a conditional dependency that may cause scanning issues if external files are inaccessible. ```xml false ``` ```xml net8.0 ``` -------------------------------- ### Configure Snyk scan in buildspec.yaml Source: https://github.com/snyk/user-docs/blob/main/docs/developer-tools/snyk-ci-cd-integrations/aws-codepipeline-integration-by-adding-a-snyk-scan-stage.md Example configuration for a CodeBuild buildspec.yaml file to install the Snyk CLI, authenticate, and run security scans. ```yaml # buildspec.yaml version: 0.2 phases: build: commands: # install the latest Snyk CLI from GitHub Releases - latest_version=$(curl -Is "https://github.com/snyk/cli/releases/latest" | grep "^location" | sed 's#.*tag/##g' | tr -d "\r") - snyk_cli_dl_linux="https://github.com/snyk/cli/releases/download/${latest_version}/snyk-linux" - curl -Lo /usr/local/bin/snyk $snyk_cli_dl_linux - chmod +x /usr/local/bin/snyk # authenticate the Snyk CLI - snyk auth $SNYK_TOKEN # perform a Snyk SCA scan; continue if vulnerabilities are found - snyk test || true # upload a snapshot of the project to Snyk for continuous monitoring - snyk monitor ``` -------------------------------- ### Setup Snyk CLI in a Custom Environment Source: https://github.com/snyk/user-docs/blob/main/docs/developer-tools/snyk-ci-cd-integrations/github-actions-for-snyk-setup-and-checking-for-vulnerabilities/README.md Installs only the Snyk CLI using snyk/actions/setup, allowing the use of pre-installed development tools in the workflow. ```yaml name: Snyk example on: push jobs: security: runs-on: ubuntu-latest steps: - uses: actions/checkout@master - uses: snyk/actions/setup@master - uses: actions/setup-go@v1 with: go-version: '1.19' - name: Snyk test run: snyk test env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} ``` -------------------------------- ### Example: Google Container Registry import configuration Source: https://github.com/snyk/user-docs/blob/main/docs/scan-with-snyk/snyk-tools/tool-snyk-api-import/kicking-off-an-import.md Configuration example for importing projects from Google Container Registry. ```json { "targets": [ { "orgId": "******", "integrationId": "******", "target": { "name": "projectId/repository:tag" }, } ] } ``` -------------------------------- ### Install Snyk Broker for GitHub Enterprise with Helm Source: https://github.com/snyk/user-docs/blob/main/docs/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-enterprise-prerequisites-and-steps-to-install-and-configure-broker/github-enterprise-install-and-configure-using-helm.md Install the Snyk Broker chart for GitHub Enterprise, customizing environment variables for your specific setup. Ensure you replace placeholders like `` with your actual values. The `brokerServerUrl` should point to the Snyk Broker server for your region. ```bash helm install snyk-broker-chart snyk-broker/snyk-broker \ --set scmType=github-enterprise \ --set brokerToken= \ --set brokerServerUrl= \ --set scmToken= \ --set github= \ --set githubApi= \ --set githubGraphQl= \ --set enableEssentials=true \ --set brokerClientUrl=: \ -n snyk-broker --create-namespace ``` -------------------------------- ### View CLI Help for Connection Parameters Source: https://github.com/snyk/user-docs/blob/main/docs/enterprise-setup/snyk-broker/universal-broker/basic-steps-to-install-and-configure-universal-broker.md Displays available options and parameters for a specific integration type using the help flag. ```bash snyk-broker-config workflows connections create --type gitlab --help ``` -------------------------------- ### Configure Snyk MCP Server Source: https://github.com/snyk/user-docs/blob/main/docs/integrations/snyk-studio-agentic-integrations/getting-started-with-snyk-studio.md Use this JSON snippet to configure the Snyk MCP server in your coding assistant's setup. Ensure Node.js and npx are installed. ```json { "mcpServers": { "Snyk": { "command": "npx", "args": ["-y", "snyk@latest", "mcp", "-t", "stdio"], "env": {} } } } ``` -------------------------------- ### Initialize Neovim Configuration Directory Source: https://github.com/snyk/user-docs/blob/main/docs/developer-tools/snyk-ide-plugins-and-extensions/snyk-language-server/example-configurations-for-snyk-language-server.md Creates the necessary directory structure and init.lua file for Neovim configuration. ```bash mkdir -p ~/.config/nvim touch init.lua ``` -------------------------------- ### Snyk Infrastructure as Code Action - Basic Usage Source: https://github.com/snyk/user-docs/blob/main/docs/developer-tools/snyk-ci-cd-integrations/github-actions-for-snyk-setup-and-checking-for-vulnerabilities/snyk-infrastructure-as-code-action.md This example demonstrates the basic setup for the Snyk Infrastructure as Code Action to check for vulnerabilities in your Kubernetes manifest files. ```APIDOC ## Snyk Infrastructure as Code Action - Basic Usage ### Description This example demonstrates the basic setup for the Snyk Infrastructure as Code Action to check for vulnerabilities in your Kubernetes manifest files. ### Method Uses GitHub Actions workflow ### Endpoint `snyk/actions/iac@master` ### Parameters #### Environment Variables - **SNYK_TOKEN** (string) - Required - Your Snyk API token for authentication. ### Request Example ```yaml name: Example workflow for Snyk Infrastructure as Code on: push jobs: security: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - name: Run Snyk to check Kubernetes manifest file for issues uses: snyk/actions/iac@master env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} ``` ### Response This action typically outputs scan results to the console and can generate SARIF and JSON files based on configuration. ``` -------------------------------- ### Set up Broker for Existing Integration Source: https://github.com/snyk/user-docs/blob/main/docs/snyk-api/api-endpoints-index-and-tips/examples-for-the-update-existing-integration-endpoint.md Use this command to enable a broker for an existing integration. Ensure you replace API_KEY, orgId, and integrationId with your specific values. ```bash curl --include \ --request PUT \ --header "Content-Type: application/json; charset=utf-8" \ --header "Authorization: token API_KEY" \ --data-binary "{ \"type\": \"github\", \"broker\": { \"enabled\": true } }" \ 'https://api.snyk.io/v1/org/{orgId}/integrations/{integrationId}' ``` ```json { "id": "9a3e5d90-b782-468a-a042-9a2073736f0b", "brokerToken": "4a18d42f-0706-4ad0-b127-24078731fbed" } ``` -------------------------------- ### Initiate Universal Broker Connection Workflow Source: https://github.com/snyk/user-docs/blob/main/docs/enterprise-setup/snyk-broker/universal-broker/basic-steps-to-install-and-configure-universal-broker.md Start the connection creation process using the Snyk broker configuration tool. ```bash > snyk-broker-config workflows connections create Using https;//api.snyk.io (or https://api.REGION.snyk.io) Universal Broker Create Connection workflow Enter your Snyk Token ``` -------------------------------- ### Advanced Snyk Broker Docker Configuration Source: https://github.com/snyk/user-docs/blob/main/docs/SUMMARY.md Advanced configuration options for the Snyk Broker when installed using Docker. This example demonstrates setting additional environment variables for custom configurations. ```bash docker run --name snyk-broker -p 8080:8080 -e SNYK_BROKER_TOKEN=YOUR_BROKER_TOKEN -e SNYK_BROKER_URL=YOUR_BROKER_URL -e LOG_LEVEL=debug -e HTTP_PROXY=http://your-proxy.com:8080 snyk/snyk-broker:docker ``` -------------------------------- ### Install and Configure Snyk Broker CLI Source: https://github.com/snyk/user-docs/blob/main/docs/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/connect-your-development-tools.md Use the CLI tool to initialize the interactive workflow for creating broker connections. ```bash npm install -g snyk-broker-config ``` ```bash snyk-broker-config workflows connections create ``` -------------------------------- ### Basic Snyk Setup and Test in GitHub Actions Source: https://github.com/snyk/user-docs/blob/main/docs/developer-tools/snyk-ci-cd-integrations/github-actions-for-snyk-setup-and-checking-for-vulnerabilities/snyk-setup-action.md Use this snippet to install the Snyk CLI and run a basic Snyk test within a GitHub Actions workflow. Ensure SNYK_TOKEN is set in your repository secrets. ```yaml name: Snyk example on: push jobs: security: runs-on: ubuntu-latest steps: - uses: actions/checkout@master - uses: snyk/actions/setup@master - uses: actions/setup-go@v1 with: go-version: "1.13" - name: Snyk test run: snyk test env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} ``` -------------------------------- ### Quick Start Jira Sync Command Source: https://github.com/snyk/user-docs/blob/main/docs/scan-with-snyk/snyk-tools/tool-jira-tickets-for-new-vulns.md Use this command for a basic setup to sync Snyk projects and open Jira tickets. Ensure you replace placeholders with your actual Snyk Organization ID and API Token, and your Jira Project Key. ```bash ./snyk-jira-sync- --orgID= // Can find it under settings --token= // Snyk API Token. Service accounts work. --jiraProjectKey= // Jira project Key the tickets will be opened against ``` -------------------------------- ### Create controller directory structure Source: https://github.com/snyk/user-docs/blob/main/docs/snyk-api/using-specific-snyk-apis/snyk-apps-apis/tutorial-create-a-snyk-app/register-the-app-and-configure-user-authorization.md Use these shell commands to initialize the required directory and file structure for the authentication controllers. ```bash mkdir -p ./src/routes/auth; mkdir -p ./src/routes/callback; touch ./src/routes/auth/authController.ts touch ./src/routes/callback/callbackController.ts ``` -------------------------------- ### Recursively scan JAR files in subfolders (Windows Batch) Source: https://github.com/snyk/user-docs/blob/main/docs/developer-tools/snyk-cli/scan-and-maintain-projects-using-the-cli/scan-all-unmanaged-jar-files.md This Windows batch script scans all .jar files in subfolders starting from a specified workspace directory. It requires the Snyk CLI to be installed and uses the provided arguments for the workspace and a project name for the Snyk UI. ```batch REM Usage: REM For example: scanjar.bat "C:\workspace\app" "myapp" SET WORKSPACE=%1 SET REMOTE_REPO_URL=%2 for /R %WORKSPACE% %%f in (*.jar) do cmd /c snyk monitor --scan-unmanaged --remote-repo-url=%REMOTE_REPO_URL% --file=%%f --project-name=%%f ``` -------------------------------- ### Install jq and snyk-filter Source: https://github.com/snyk/user-docs/blob/main/docs/developer-tools/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-filter.md Installs jq and snyk-filter globally. Ensure jq is installed manually if node-jq has issues. This installation method may not work with Node.js versions greater than 12. ```bash # install jq ahead of time (ubuntu example) sudo apt-get install -y jq # tell node-jq to skip trying to install it on its own export NODE_JQ_SKIP_INSTALL_BINARY=true # tell node-jq where the existing jq binary is export JQ_PATH=$(which jq) # finally, install snyk-filter (does not work with node version > 12) sudo npm install -g ```