Snyk used in GitHub projects

SAP / fosstars-rating-core

A framework for defining ratings for open source projects. In particular, the framework offers a security rating for open source projects that may be used to assess the security risk that comes with open source components.

https://sap.github.io/fosstars-rating-core/

Apache License 2.0

58 stars 27 forks source link

Snyk used in GitHub projects #717

Closed sourabhsparkala closed 1 year ago

sourabhsparkala commented 2 years ago

The GitHub project uses Snyk for code analysis and sometimes creates PR with the suggestion

Things to do:

Check if information can be extracted from GitHub PRs, if Snyk is used in the project.
Check if Snyk configuration exists within the project.

For more information can be found in https://snyk.io/blog/getting-started-snyk-for-secure-python-development/

ManjunathMS35 commented 1 year ago

Snyk can be a SAST tool and a dependency checker:

The information if a GitHub project uses Snyk can be found by checking the,

Existence of policy file (.snyk), which can be in root directory or any folder
Commits done by snyk-bot
Snyk Action config in .github folder
CI yaml config file containing Snyk CLI scans config

Sample Golang open source repos: https://github.com/gofiber/fiber , https://github.com/openfga/openfga , https://github.com/Unity-Technologies/go-svrquery