CI/CD pipelines provide automation and repeatability in the SDLC process and are an ideal place to inject and automate security practices. Snyk users can monitor their CI/CD pipelines for vulnerabilities by using the Synk CI/CD plugins or using the Snyk CLI directly. In or example, we have used GitHub actions to perform vulnerability and license compliance scans. The pipeline uploads the scan results to Snyk, and we continue to monitor the application for vulnerabilities and send notifications when fixes are available.
We will complete the following steps:
Review CI/CD results in Snyk UI