How Do You Run Snyk Scans as Part of Azure DevOps Pipelines?

Problem scenario
You know that many sources recommend you scan IaC code as part of modern security recommended practices. (Page 293 of Terraform: Up & Running, 2nd Edition by Yevgeniy Brikman (O'Reilly), Copyright 2019, 978-1-492-04690-5 recommends using Snyk.) You tried to create a new pipeline in Azure DevOps. You tried to add a Snyk task. But you were not able to. Why in Azure DevOps do you not see a Snyk option for a task to add to a pipeline?

Solution
Root cause
You have not installed the Visual Studio Marketplace Item for Snyk yet.

Procedures

  1. Log into the Azure Portal.
  2. Go here: https://marketplace.visualstudio.com/items?itemName=Snyk.snyk-security-scan
  3. Click "Get it free"
  4. Choose your Azure DevOps organization. Click "Install".
  5. Click "Proceed to Organization"
  6. Now you can run Snyk scans as tasks in your pipelines.

Leave a comment

Your email address will not be published. Required fields are marked *