First we need to connect Snyk to GitHub so we can import our Repository. Do so by:
Logging in to Snyk.io. Sign up if you haven't already.
Navigating to Integrations -> Source Control -> GitHub
Fill in your Account Credentials to Connect your GitHub Account.
Now that Snyk is connected to your GitHub Account, import the Repo into Snyk as a Project.
Navigate to Projects
Click "Add Project" then select "GitHub"
Click on the Repo you forked.
When the Repo imports, Snyk has found the
package.json file where open source components for our Goof application are declared. We can see that they contain 60 vulnerabilities, including 31 High Severity ones! 😳
Before we start fixing Vulnerabilities, remember that our
PROD branch contains the Production-ready version of the code. In the next section, we'll implement a Snyk Gate designed to "stop the bleeding", preventing any new vulnerabilities from making it into that branch.