Problem scenario
You know that many sources recommend you scan IaC code as part of modern security recommended practices. (Page 293 of Terraform: Up & Running, 2nd Edition by Yevgeniy Brikman (O'Reilly), Copyright 2019, 978-1-492-04690-5 recommends using Snyk.) You tried to create a new pipeline in Azure DevOps. You tried to add a Snyk task. But you were not able to. Why in Azure DevOps do you not see a Snyk option for a task to add to a pipeline?
Solution
Root cause
You have not installed the Visual Studio Marketplace Item for Snyk yet.
Procedures
- Log into the Azure Portal.
- Go here: https://marketplace.visualstudio.com/items?itemName=Snyk.snyk-security-scan
- Click "Get it free"
- Choose your Azure DevOps organization. Click "Install".
- Click "Proceed to Organization"
- Now you can run Snyk scans as tasks in your pipelines.