The Total Economic Impact of CloudBees - commissioned study shows cost savings of $30.9 million using CloudBees for CI/CD →

Integrating Snyk with Codeship

Written by: Kelly Andrews
2 min read

At Codeship, we’re pleased to be able to integrate with several third-party products across a variety of areas to ensure your CI/CD workflows are that much smoother. For example, Snyk is an automated solution that checks for security vulnerabilities with your dependencies and ensures your dependencies are up to date.

Starting with Snyk and Codeship is fast and easy. The Snyk documentation does a great job of providing more information, in addition to our setup instructions below.

Codeship Pro

Let's start with the Codeship Pro setup. To begin, you need to add your SNYK_TOKEN to the encrypted environment variables that you encrypt and include in your codeship-services.yml file.

CLI configuration

To use Snyk in your CI/CD process, you’ll need to add the Snyk CLI to a service in your codeship-services.yml file.

To add the Snyk CLI, you will need to add the following command to the Dockerfile for the service you want to run Snyk on:

RUN npm install -g snyk

Note that this requires the Dockerfile to also have Node and NPM available, in order to use the Snyk CLI.

Running a scan

Once your Snyk token is loaded via your environment variables and you have defined a service that installs the Snyk CLI, you can run a Snyk scan during your CI/CD pipeline. Simply pass the Snyk CLI commands via the service you have it installed in.

We will combine the Snyk authentication and Snyk scan commands into a script file that we call from a step:

- name: Snyk
  service: app
  command: snyk.sh

Inside this snyk.sh script, you will have something similar to:

snyk auth
snyk test

Note that the above snyk auth command will use the SNYK_TOKEN environment variable you set earlier for authentication.

Codeship Basic

Let's move on to integrating Snyk with Codeship Basic. To begin, you need to add your SNYK_TOKEN to your to your project’s environment variables.

You can do this by navigating to Project Settings and then clicking on the Environment tab.

CLI configuration

To use Snyk in your CI/CD process, you’ll need to install the Snyk CLI via your project’s setup commands:

npm install -g snyk

Running a scan

Once your Snyk token is loaded via your environment variables and you have installed the Snyk CLI, you can run a Snyk scan during your CI/CD pipeline.

You will need to add the following commands to your project’s setup and test commands:

snyk auth
snyk test

Note that the above snyk auth command will use the SNYK_TOKEN environment variable you set earlier for authentication.

All Blog Articles

Stay up to date

We'll never share your email address and you can opt out at any time, we promise.

Related Content

The DevOps Performance Paradox: A Call to Arms for Organizations

Blog
4 min read

Feature Flags vs. Feature Management: A Technical Deep Dive for SREs

Blog
7 min read

Analyzing CloudBees CI's High Availability: Performance, Bottlenecks, and Conclusions

Blog
6 min read

Unlocking ROI: The Financial Impact of CloudBees Based on an Independent Consulting Study

Blog
4 min read

CloudBees CI add-on for Amazon EKS blueprints

Blog
6 min read

CloudBees CD/RO v2024.03.0 Release Brings IPv6 Support, DSL Git Synchronization CLI, and Enhanced Security

Blog
3 min read

From code to customer.

Continuously advancing your business.

© 2024 CloudBees, Inc., CloudBees® and the Infinity logo® are registered trademarks of CloudBees, Inc. in the United States and may be registered in other countries. Other products or brand names may be trademarks or registered trademarks of CloudBees, Inc. or their respective holders.