Snyk is on a mission to help developers use open source and stay secure.
Snyk helps find, fix (and prevent!) known vulnerabilities in your Node.js, Java, Ruby, Python and Scala apps. Snyk is free for open source.
Snyk tracks vulnerabilities in over 800,000 open source packages, and helps protect over 25,000 applications.
83% of Snyk users found vulnerabilities in their applications, and new vulnerabilities are disclosed regularly, putting your application at risk.
More about Snyk
Snyk works in 4 key steps:
Snyk quickly scans all your repos for known vulnerabilities. You can choose whether to give access to your public and/or private repos. Snyk builds the transitive list of your dependencies, and matches them against Snyk's vulnerability database.
Finding vulnerabilities is important, but fixing them is even more!
Snyk finds the minimal changes needed to fix the issues and sends them back to your repo in a Pull Request. Snyk applies patches when upgrades are not possible.
Snyk runs tests on your PR to notify you when the PR introduces new vulnerabilities and prevent it from being merged.
New vulnerabilities impacting your apps get introduced daily. Snyk will continuously monitor for those and alert you so you can quickly respond.
Pricing and setup
For open-source projects and low volume testing of private projects
- Unlimited tests on open-source projects, 100 tests/month on private projects
- Weekly security tests and reports
- Remediation for open-source projects
- Community support