We are excited to share that developers can now test and monitor their projects for open source vulnerabilities, natively from within their Eclipse IDE (integrated development environment) instance.
As a rule, software developers mainly work from their favorite IDE, and the IDE they prefer is usually one that integrates well with their existing workflow. At Snyk, we also believe tooling should integrate seamlessly with your existing software development process in order to be most efficient.
For this reason, we have released a Snyk plugin that you can install directly from within Eclipse. Once installed, when you run the security scanning tool, Snyk analyzes the direct and indirect dependencies in your projects, identifies security vulnerabilities and license issues, and reports them back to you with essential details so that you can remediate them more quickly and smoothly.
The power of the Snyk CLI
To implement the Eclipse IDE plugin, we used our existing CLI capabilities to scan the projects in your workspace—enabling you thorough scans, remediation advice, and support for your projects regardless of language or package manager.
The core business of Snyk is to find and fix vulnerabilities in your project’s dependencies. Through our CLI, Snyk scans your different projects, built through different ecosystems, from within your local development environment. Snyk then automatically detects the type of project you have (language and package manager), creates a dependency tree in order to analyze all direct and indirect dependencies and then validates these dependencies against our proprietary vulnerability database. Based on this analysis, we then show whether a direct or transitive dependency contains a vulnerability, and we also direct you to the most recommended fix available for the issue.
Seamlessly set Eclipse up with the Snyk plugin
Installing the Snyk Vuln Scanner for Eclipse is easy. Search for Snyk from the Eclipse Marketplace, click install, follow the instructions and you are good to go.
发表回复