Scan Node.js using Snyk

This template gives you a continuous integration (CI) pipeline that scans a Node.js project for security vulnerabilities using Snyk.

At a glance:

For Node.js projects

Uses Snyk and requires an account for security scanning

Requires Docker

How it works

This template:

Sets up the environment with Node.js and Snyk. Runs Snyk over your Node.js project for security vulnerabilities.

The runtime environment uses the official Synk Docker image with the latest Node.js version.

Next steps

After you select Use template, you’ll:

Connect your git repository. Modify the template commands, environment variables, secrets as needed for your project. SNYK_TOKEN in your pipeline secrets. Retrieve and storein your pipeline secrets. Configure the compute—run locally, on-premises, or in the cloud. Run the pipeline.

You can then play around with the pipeline settings. For example, run the pipeline locally while you iterate on the definition or set a schedule to trigger a nightly build.

If you need help, please check our documentation, raise an issue , or reach out to support.