Skip to content

Commit

Permalink
Merge branch 'main' into feat/generate-change-log-script
Browse files Browse the repository at this point in the history
  • Loading branch information
@corneliu-petrescu
corneliu-petrescu committed May 30, 2024
2 parents 0d8e991 + b1659b7 commit 96bb42c
Show file tree
Hide file tree
Showing 21 changed files with 836 additions and 29 deletions.
8 changes: 4 additions & 4 deletions docs/SUMMARY.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -399,9 +399,6 @@
* [Jira integration](integrate-with-snyk/jira-and-slack-integrations/jira-integration.md)
* [Slack app](integrate-with-snyk/jira-and-slack-integrations/slack-app.md)
* [Slack integration](integrate-with-snyk/jira-and-slack-integrations/slack-integration.md)
* [Gatekeeper plugins](integrate-with-snyk/gatekeeper-plugins/README.md)
* [Artifactory Gatekeeper Plugin](integrate-with-snyk/gatekeeper-plugins/artifactory-gatekeeper-plugin.md)
* [Nexus Repository Manager Gatekeeper Plugin](integrate-with-snyk/gatekeeper-plugins/nexus-repository-manager-gatekeeper-plugin.md)
* [Package repository integrations](integrate-with-snyk/package-repository-integrations/README.md)
* [Artifactory Package Repository connection setup](integrate-with-snyk/package-repository-integrations/artifactory-package-repository-connection-setup/README.md)
* [Artifactory Registry for Maven](integrate-with-snyk/package-repository-integrations/artifactory-package-repository-connection-setup/artifactory-registry-for-maven.md)
Expand Down Expand Up @@ -439,7 +436,6 @@
* [Step 1: Download service account IaC template (API)](integrate-with-snyk/cloud-platforms-integrations/google-cloud-integration/google-cloud-integration-api/step-1-download-service-account-iac-template-api.md)
* [Step 2: Create the Google service account (API)](integrate-with-snyk/cloud-platforms-integrations/google-cloud-integration/google-cloud-integration-api/step-2-create-the-google-service-account-api.md)
* [Step 3: Create and scan a Cloud Environment for Google (API)](integrate-with-snyk/cloud-platforms-integrations/google-cloud-integration/google-cloud-integration-api/step-3-create-and-scan-a-snyk-cloud-environment-for-google-api.md)
* [Reporting and BI Integrations: Snowflake Data Share](integrate-with-snyk/reporting-and-bi-integrations-snowflake-data-share.md)
* [Event Forwarding](integrate-with-snyk/event-forwarding/README.md)
* [Amazon EventBridge](integrate-with-snyk/event-forwarding/amazon-eventbridge.md)
* [AWS CloudTrail Lake](integrate-with-snyk/event-forwarding/aws-cloudtrail-lake.md)
Expand Down Expand Up @@ -495,6 +491,9 @@
* [Scan open-source libraries and licenses](scan-with-snyk/snyk-open-source/scan-open-source-libraries-and-licenses/README.md)
* [Open-source license compliance](scan-with-snyk/snyk-open-source/scan-open-source-libraries-and-licenses/open-source-license-compliance.md)
* [Snyk License Compliance Management](scan-with-snyk/snyk-open-source/scan-open-source-libraries-and-licenses/snyk-license-compliance-management.md)
* [Gatekeeper plugins](scan-using-snyk/snyk-open-source/scan-open-source-libraries-and-licenses/gatekeeper-plugins/README.md)
* [Artifactory Gatekeeper Plugin](scan-using-snyk/snyk-open-source/scan-open-source-libraries-and-licenses/gatekeeper-plugins/artifactory-gatekeeper-plugin.md)
* [Nexus Repository Manager Gatekeeper Plugin](scan-using-snyk/snyk-open-source/scan-open-source-libraries-and-licenses/gatekeeper-plugins/nexus-repository-manager-gatekeeper-plugin.md)
* [Manage vulnerabilities](scan-with-snyk/snyk-open-source/manage-vulnerabilities/README.md)
* [Fix your vulnerabilities](scan-with-snyk/snyk-open-source/manage-vulnerabilities/fix-your-vulnerabilities.md)
* [Vulnerability fix types](scan-with-snyk/snyk-open-source/manage-vulnerabilities/vulnerability-fix-types.md)
Expand Down Expand Up @@ -740,6 +739,7 @@
* [Available Snyk Reports](manage-issues/reporting/available-snyk-reports.md)
* [Issue columns dictionary](manage-risk/reporting/issue-columns-dictionary.md)
* [Troubleshooting Snyk Reports](manage-issues/reporting/troubleshooting-snyk-reports.md)
* [Reporting and BI Integrations: Snowflake Data Share](manage-risk/reporting/reporting-and-bi-integrations-snowflake-data-share.md)
* [Legacy reports](manage-issues/reporting/legacy-reports/README.md)
* [Legacy reports overview](manage-issues/reporting/legacy-reports/legacy-reports-overview.md)
* [Legacy reports general actions](manage-issues/reporting/legacy-reports/legacy-reports-general-actions.md)
Expand Down
4 changes: 4 additions & 0 deletions docs/getting-started/supported-languages-and-frameworks/go.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@ Beginning on January 1 2023 Snyk no longer supports govendor Projects. As a gene
Now that Snyk no longer supports scanning of govendor Projects, a warning is issued and no results are provided.
{% endhint %}

{% hint style="info" %}
Before testing your Open Source Project for vulnerabilities, with limited exceptions, you must **build your Project**. For details, see [Open Source Projects that must be built before testing with the Snyk CLI](../../snyk-cli/scan-and-maintain-projects-using-the-cli/snyk-cli-for-open-source/open-source-projects-that-must-be-built-before-testing-with-the-snyk-cli.md).
{% endhint %}

Snyk supports testing and monitoring of Go Projects with dependencies managed by [Go Modules](https://golang.org/ref/mod) and [dep](https://github.com/golang/dep).

#### Open source policy
Expand Down
4 changes: 4 additions & 0 deletions docs/getting-started/supported-languages-and-frameworks/java-and-kotlin/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,10 @@ Snyk Code supports the following frameworks:

### Open source and licensing

{% hint style="info" %}
Before testing your Open Source Project for vulnerabilities, with limited exceptions, you must **build your Project**. For details, see [Open Source Projects that must be built before testing with the Snyk CLI](../../../snyk-cli/scan-and-maintain-projects-using-the-cli/snyk-cli-for-open-source/open-source-projects-that-must-be-built-before-testing-with-the-snyk-cli.md).
{% endhint %}

Snyk Open Source provides full support for Java and Kotlin, as outlined below.

{% hint style="info" %}
Expand Down
2 changes: 1 addition & 1 deletion ...-languages-and-frameworks/java-and-kotlin/best-practices-for-java-and-kotlin.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ For more information on package registry integrations, including Maven, see the
* [Artifactory Registry for Maven](../../../integrate-with-snyk/package-repository-integrations/artifactory-package-repository-connection-setup/artifactory-registry-for-maven.md)
* [Nexus Registry for Maven](../../../integrate-with-snyk/package-repository-integrations/nexus-repository-manager-connection-setup/nexus-repository-manager-for-maven.md)
* Nexus Container Registry: [Container security with Nexus integration](../../../integrate-with-snyk/snyk-container-integrations/container-security-with-nexus-integration.md)
* Gatekeeper plugins: [Artifactory Gatekeeper plugin](../../../integrate-with-snyk/gatekeeper-plugins/artifactory-gatekeeper-plugin.md) and [Nexus Repository Manager Gatekeeper plugin](../../../integrate-with-snyk/gatekeeper-plugins/nexus-repository-manager-gatekeeper-plugin.md)
* Gatekeeper plugins: [Artifactory Gatekeeper plugin](../../../scan-using-snyk/snyk-open-source/scan-open-source-libraries-and-licenses/gatekeeper-plugins/artifactory-gatekeeper-plugin.md) and [Nexus Repository Manager Gatekeeper plugin](../../../scan-using-snyk/snyk-open-source/scan-open-source-libraries-and-licenses/gatekeeper-plugins/nexus-repository-manager-gatekeeper-plugin.md)

## Language and package manager considerations

Expand Down
4 changes: 4 additions & 0 deletions docs/getting-started/supported-languages-and-frameworks/javascript/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,10 @@ Snyk Code supports the following frameworks:

### Open source and licensing

{% hint style="info" %}
Before testing your Open Source Project for vulnerabilities, with limited exceptions, you must **build your Project**. For details, see [Open Source Projects that must be built before testing with the Snyk CLI](../../../snyk-cli/scan-and-maintain-projects-using-the-cli/snyk-cli-for-open-source/open-source-projects-that-must-be-built-before-testing-with-the-snyk-cli.md).
{% endhint %}

Snyk Open Source provides full support for both npm and Yarn, as outlined below.

#### npm
Expand Down
21 changes: 10 additions & 11 deletions ...anguages-and-frameworks/javascript/best-practices-for-javascript-and-node.js.md
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
# Best practices for JavaScript and Node.js

| Product | Description |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Snyk Code** | Scan your code for security vulnerabilities using source code analysis. |
| <p><strong>Snyk Open Source</strong><br><br><span data-gb-custom-inline data-tag="emoji" data-code="2139">ℹ️</span> Some capabilities may be limited for some languages and package managers.</p> | <p></p><ul><li>Open Source vulnerability testing and monitoring (All plans).</li></ul><ul><li>Open Source dependency upgrade version bumping (All plans).</li></ul><ul><li>License Compliance (paid plans).</li></ul> |
| **Snyk Infrastructure as Code** | <p>Scan for configuration issues when you deploy your new applications using Kubernetes deployment files, Terraform, or Cloudformation templates. <br><span data-gb-custom-inline data-tag="emoji" data-code="1f517">🔗</span> <a href="../../../snyk-cli/scan-and-maintain-projects-using-the-cli/snyk-cli-for-iac/">Snyk CLI for Infrastructure as Code</a></p> |
| **Snyk Container** | Scan for issues with container images if you are building containers. |
| **Snyk Integrated IaC with cloud context** | <p></p><ul><li>Security from code to cloud and back.</li></ul><ul><li>Scan for runtime misconfiguration issues in your cloud and containers, detect infrastructure drift, and fix issues at their source.</li></ul><p><span data-gb-custom-inline data-tag="emoji" data-code="1f517">🔗</span> <a href="../../../scan-with-snyk/snyk-iac/iac+-code-to-cloud-capabilities/">Snyk Integrated IaC with cloud context</a></p> |
| Product | Description |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **Snyk Code** | Scan your code for security vulnerabilities using source code analysis. |
| <p><strong>Snyk Open Source</strong><br><br><span data-gb-custom-inline data-tag="emoji" data-code="2139">ℹ️</span> Some capabilities may be limited for some languages and package managers.</p> | <ul><li>Open Source vulnerability testing and monitoring (All plans).</li></ul><ul><li>Open Source dependency upgrade version bumping (All plans).</li></ul><ul><li>License Compliance (paid plans).</li></ul> |
| **Snyk Infrastructure as Code** | <p>Scan for configuration issues when you deploy your new applications using Kubernetes deployment files, Terraform, or Cloudformation templates.<br><span data-gb-custom-inline data-tag="emoji" data-code="1f517">🔗</span> <a href="../../../snyk-cli/scan-and-maintain-projects-using-the-cli/snyk-cli-for-iac/">Snyk CLI for Infrastructure as Code</a></p> |
| **Snyk Container** | Scan for issues with container images if you are building containers. |
| **Snyk Integrated IaC with cloud context** | <ul><li>Security from code to cloud and back.</li></ul><ul><li>Scan for runtime misconfiguration issues in your cloud and containers, detect infrastructure drift, and fix issues at their source.</li></ul><p><span data-gb-custom-inline data-tag="emoji" data-code="1f517">🔗</span> <a href="../../../scan-with-snyk/snyk-iac/iac+-code-to-cloud-capabilities/">Snyk Integrated IaC with cloud context</a></p> |

Use this guide to apply Snyk effectively in your technology stack.

Expand All @@ -17,8 +17,7 @@ Use this guide to apply Snyk effectively in your technology stack.
<figure><img src="https://lh6.googleusercontent.com/EYPCKsyukOq5A9wNpYka8tUBa5FbzGQXrbmG2klrIigOxTNSInsA_Znj6P0jpGnBv7yRHAaiTsF_GX9Y9Zr1xdE35eZljg_1crKgqHBkhoZrEbvpTsdZstjXdVZ1hVF4jNyTgfLWbALbvqtDFbuI_ys" alt="PR Checks for Git integrations"><figcaption><p>PR Checks for Git integrations</p></figcaption></figure>

* Snyk can monitor container images and their open source/Linux-based packages being used in production via Kubernetes integration to notify customers of known vulnerabilities for applications in production.\
:information\_source: **Snyk Enterprise plan only**\

:information\_source: **Snyk Enterprise plan only**\\
* Where a production integration does not exist, use the [snyk monitor](../../../snyk-cli/commands/monitor.md) CLI command to take a snapshot and monitor what is being pushed to production.\
:information\_source: **All Snyk plans**

Expand All @@ -35,7 +34,7 @@ If your Projects reference private dependencies in these repositories but you ar
For more information, see the following:

* Package registry integrations: [npm Teams and npm Enterprise](../../../integrate-with-snyk/package-repository-integrations/npm-teams-and-npm-enterprise-integration.md), [Artifactory Registry setup](../../../integrate-with-snyk/package-repository-integrations/artifactory-package-repository-connection-setup/) and [Nexus Repository Manager setup](../../../integrate-with-snyk/package-repository-integrations/nexus-repository-manager-connection-setup/).
* Gatekeeper plugins: [Artifactory Gatekeeper plugin](../../../integrate-with-snyk/gatekeeper-plugins/artifactory-gatekeeper-plugin.md) and [Nexus Repository Manager Gatekeeper plugin](../../../integrate-with-snyk/gatekeeper-plugins/nexus-repository-manager-gatekeeper-plugin.md)
* Gatekeeper plugins: [Artifactory Gatekeeper plugin](../../../scan-using-snyk/snyk-open-source/scan-open-source-libraries-and-licenses/gatekeeper-plugins/artifactory-gatekeeper-plugin.md) and [Nexus Repository Manager Gatekeeper plugin](../../../scan-using-snyk/snyk-open-source/scan-open-source-libraries-and-licenses/gatekeeper-plugins/nexus-repository-manager-gatekeeper-plugin.md)

## Language and package manager considerations

Expand All @@ -54,7 +53,7 @@ optionalDependencies are included by default for CLI and CI/CD, as well as Git i

Snyk can build a dependency tree with or without a lockfile. If a lockfile is present, this will be used.

* **Locally and CI/CD**: If a lockfile is not present and it is CLI/IDE, Snyk will look at `node_modules` to determine what’s installed.
* **Locally and CI/CD**: If a lockfile is not present and it is CLI/IDE, Snyk will look at `node_modules` to determine what’s installed.
* **Git integration**: If a lockfile is not present, Snyk will approximate what the tree will look like at build time. This is highly valuable for getting insights into Projects in development or what the next build will look like when there is no lockfile present

As a user of npm, you may ask, “Why Snyk?” when npm-audit is at hand anytime you are working with your dependencies. You get the following capabilities:
Expand Down
4 changes: 4 additions & 0 deletions docs/getting-started/supported-languages-and-frameworks/php.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@ Snyk Code supports the following frameworks:

### Open source and licensing

{% hint style="info" %}
Before testing your Open Source Project for vulnerabilities, with limited exceptions, you must **build your Project**. For details, see [Open Source Projects that must be built before testing with the Snyk CLI](../../snyk-cli/scan-and-maintain-projects-using-the-cli/snyk-cli-for-open-source/open-source-projects-that-must-be-built-before-testing-with-the-snyk-cli.md).
{% endhint %}

#### Open source policy

To manage licenses from your developer workflows through policy, see the following topics:
Expand Down
Loading

0 comments on commit 96bb42c

Please sign in to comment.