Getting Started with Snyk

About this guide

This guide will introduce you to Snyk by offering a step-by-step experience to accelerate your learning. We will provide an opinionated learning path to make sure you get the most out of Snyk.

Who should read this guide?

This guide is for anyone new to Snyk solutions. The guide focuses on hands-on activities with Snyk and the most common developer tools

What is Snyk?

Let's start with a quick overview of the Snyk solutions, including Snyk Open Source, Snyk Container, and Snyk Vulnerability database.

Snyk Open Source

Snyk Open Source enhances application security by enabling development teams to automatically find and fix known vulnerabilities and license violations in their open source dependencies and containers early in the SDLC. Unlike other security solutions in the market, Snyk Open Source is a developer-friendly tool that integrates seamlessly into development workflows, providing automated remediation and actionable security insight to help organizations identify and mitigate risk efficiently.

Snyk Container

Snyk Container is a developer-friendly approach to fixing vulnerabilities. Snyk Container enables organizations by delivering remediation advice that empowers developers to identify the best ways to address container vulnerabilities.

  • Base image selection - The goal of containers may be to ship only your code and its dependencies. However, the reality is that operating system libraries and other tools end up in containers. Snyk Container identifies alternate base image options that can significantly reduce vulnerabilities.

  • Coding and CLI - Scan early and often to identify issues before committing code and pushing containers downstream.

  • CI/CD gating - Integrations with CI/CD tools such as Jenkins, CircleCI, and Azure Pipelines help you prevent vulnerabilities from passing through build processes by adding automated Snyk tests.

  • Container registry integration - Find issues in stored container images and ensure ongoing protection in popular container registries like Docker Hub, AWS ECR, Azure ACR, Google GCR, and JFrog Artifactory.

  • Kubernetes environments - Detect and scan workloads as they launch or change in Kubernetes clusters. Prioritize issues using pod configuration details that indicate increased risk.

Snyk Vulnerability DB

A team of security experts and analysts manages Snyk's security database to ensure the database maintains high accuracy with a low false-positive rate.

  • All items in the database are analyzed and tested.

  • CVSS score and vector assigned to 100% of vulnerabilities

  • Hand curated content and summaries, including code snippets where applicable

  • The team also invests in proprietary research to discover new vulnerabilities.

Learn more about the data behind Snyk's open source and container solutions.