The following plugin provides functionality available through Pipeline-compatible steps. Read more about how to integrate steps into your Pipeline in the Steps section of the Pipeline Syntax page.

For a list of other such plugins, see the Pipeline Steps Reference page.

Snyk Security Plugin

snykSecurity: Invoke Snyk Security task

  • additionalArguments : String (optional)
  • failOnError : boolean (optional)
  • failOnIssues : boolean (optional)
  • monitorProjectOnBuild : boolean (optional)
  • organisation : String (optional)
  • projectName : String (optional)
  • severity : String (optional)
  • snykInstallation : String (optional)
  • snykTokenId : String (optional)
  • targetFile : String (optional)

step([$class: 'SnykStepBuilder']): Invoke Snyk Security task

  • additionalArguments : String (optional)

    Additional runtime arguments that will be used to invoke the Snyk CLI. See the Snyk CLI help page for more details.

    Use the standalone double-dash -- to pass arguments to the build tool invoked by the Snyk CLI. For example:

    • -- -Pprofile -Dkey=value for Maven projects.
    • -- --configuration runtime for Gradle projects.
    • -- -Dkey=value for SBT projects.
  • failOnError : boolean (optional)

    Whether the step should fail if Snyk fails to scan the project due to an error. Errors include scenarios like: failing to download Snyk's binaries, improper Jenkins setup, bad configuration and server errors.

  • failOnIssues : boolean (optional)

    The "When issues are found" selection specifies if builds should be failed or continued based on issues found by Snyk.

    • if "Fail the build, if severity at or above" is selected, the Jenkins build will fail if Snyk detects issues of provided level or higher.
    • if "Let the build continue" is selected, the Jenkins build will continue even if Snyk detects issues in the project.

    The corresponding CLI option for severity parameter: --severity-threshold

  • monitorProjectOnBuild : boolean (optional)

    Monitor the project on every build by taking a snapshot of its current dependencies on Snyk.io. Selecting this option will keep you notified about newly disclosed vulnerabilities and remediation options in the project.

  • organisation : String (optional)

    The Snyk organisation in which this project should be tested and monitored. Leave empty to use your default organisation.

    The corresponding CLI option for this parameter: --org

  • projectName : String (optional)

    A custom name for the Snyk project created for this Jenkins project on every build. Leave empty for the project's name to be detected in the manifest file.

    The corresponding CLI option for this parameter: --project-name

  • severity : String (optional)
  • snykInstallation : String (optional)

    Ensures that the selected version of Snyk tools are installed. In addition, the Snyk tools will be added at the start of the PATH environment variable during builds.

    If no Snyk installations have been defined in the Jenkins system config, then none of the above steps will take place.

  • snykTokenId : String (optional)

    This needs to be the ID of an existing "Snyk API Token" credential. The token will be used to authenticate with Snyk.

    If you prefer to provide the Snyk API Token another way, such using alternative credential bindings, you'll need to provide a SNYK_TOKEN build environment variable.

  • targetFile : String (optional)

    The path to the manifest file to be used by Snyk. Leave empty for Snyk to auto-detect the manifest file in the project's root folder.

    The corresponding CLI option for this parameter: --file


Was this page helpful?

Please submit your feedback about this page through this quick form.

Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?

    


See existing feedback here.