Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Using the Serverless Snyk Plugin

DZone's Guide to

Using the Serverless Snyk Plugin

The Serverless Snyk plugin is a plugin for the Serverless framework that helps you prevent vulnerable packages in your application using Snyk. Here's how to use it!

· Integration Zone ·
Free Resource

SnapLogic is the leading self-service enterprise-grade integration platform. Download the 2018 GartnerMagic Quadrant for Enterprise iPaaS or play around on the platform, risk free, for 30 days.

The Serverless Snyk plugin is a plugin for the Serverless framework that helps you prevent vulnerable packages in your application using Snyk.

In a Serverless environment, outdated server binaries are no longer the most glaring security risk. By offloading the management and maintenance of the server to dedicated and professional teams, that risk is greatly reduced. Instead, open-source packages become much attractive to attackers as their vulnerabilities are well-known, prevalent (we published 23 new Node.js vulnerabilities in October 2016 alone), and difficult to control from a development perspective.

A screenshot of a terminal window showing the Serverless Snyk plugin running

The Serverless Snyk plugin seamlessly fits into your Serverless workflow, adding Snyk protection into the deployment process. Scanning for known vulnerabilities, applying patches and upgrades, and monitoring dependencies for proactive alerting of new vulnerabilities can all be automatically run each time you deploy.

Setting up the Plugin

You can install the plugin in your Serverless app by running npm install serverless-snyk --save. Serverless handles configuration through a serverless.yml file, where you’ll need to add the plugin as well:

plugins:
  - serverless-snyk


With those two steps, the Serverless Snyk plugin is ready to start testing your application on each deploy.

Testing, though, is just the start. If you have a .snyk policy file (either thanks to the GitHub integration or from running snyk wizard), Serverless Snyk will automatically apply any stated upgrades and patches on each deploy.

You can also take a snapshot of your dependencies with each successful deploy if you include your API token (found in your dashboard when you sign up) in your Serverless application. (The API token also will help you avoid any API rate limits.)

The repository for the plugin includes step-by-step documentation, as well as information about configuring the plugin.

With the Serverless Snyk plugin automating away the risk of known vulnerabilities in your dependencies, you’ll be free to focus on building your application. We can’t wait to see what you come up with!

Download A Buyer's Guide to Application and Data Integration, your one-stop-shop for research, checklists, and explanations for an application and data integration solution.

Topics:
integration ,serverless ,snyk ,packages

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}