Streamlining Security: Integrating Snyk with CircleCI

Streamlining Security: Integrating Snyk with CircleCI

Introduction:

In today’s fast-paced development landscape, security must be a top priority. Vulnerabilities and issues in your code can lead to disastrous consequences if left unchecked. This is where #Snyk and #CircleCI come into play. #Snyk is a powerful tool for identifying and addressing security vulnerabilities in your dependencies, while #CircleCI is a popular continuous integration and continuous delivery (CI/CD) platform. In this article, we will explore how to integrate #Snyk with #CircleCI to bolster your application’s security and streamline your development workflow.

Pre-requestisites:-

  • #Circleci application with #Github (project) configured.

  • #Github Repository with #Circleci full access.

  • #Synk account with full access

Step-1 :- First Create or Login to your Snyk account with your Github.

Step-2 :- Next Go to account setting and create Auth token which is used to connect to your #CI/CD pipeline as shown below.

Step-3 :- Click on show and copy the token.

Step-4 :- Now Login to your #Circleci and create a environment variable for Synk token in your circleci Context as shown below.

Step-5 :- Open your Circleci config file and then add the below job to your pipeline to integrate synk with your github repository.

version: 2.1

orbs:
  snyk: snyk/snyk@1.4.1

jobs:
  # snyk          
  snyk:
    docker:
      - image: YOUR DOCKER IMAGE
    working_directory: /tmp/workspace
    environment:
      ENV_FILE: /tmp/workspace/.circleenv
      DOCKER_BUILDKIT: "1"
      BUILDKIT_PROGRESS: plain       
    steps:
    - checkout  
    - attach_workspace:
          at: /tmp/workspace    

    - snyk/scan:
        token-variable: SNYK_TOKEN
        docker-image-name: YOUR DOCKER IMAGE
        target-file: "Dockerfile"
        fail-on-issues: false

workflows:
  version: 2
  main:
    jobs:
       - snyk:
          context: mahira

Step-6:- Commit your changes and push the code to the Github repository. Circleci will automatically trigger the changes and runs the pipeline.

Step-7 :- Go to the circleci projects and check whether the pipeline got triggered or not.

Step-8 :- Once the Job Completes, Go a head and check whether Synk will detect the vulnerabilities in code as shown like below.

Source-code Link :- github.com/MahiraTechnology/Mahira-medium.git

Conclusion:

Integrating #Snyk with #CircleCI is a crucial step in enhancing your application’s security posture. By automating vulnerability detection and remediation, you can catch issues early in the development process, reducing the risk of security breaches in production. This integration not only strengthens your code but also empowers your development teams to make security a fundamental part of their daily work. As you continue to build and deliver software, remember that security should never be an afterthought. With #Snyk and #CircleCI working together, you can stay one step ahead of potential threats and keep your applications safe and reliable.