This add-on is operated by Snyk
Continuously find, fix and prevent known vulnerabilities in your apps
Last updated 03 October 2017
The Snyk add-on is currently in beta.
Table of Contents
Snyk is an add-on that helps you find and fix known security vulnerabilities in your Heroku app’s open-source dependencies.
When you provision Snyk, your Heroku app is added to the Snyk dashboard. Snyk automatically takes an inventory of your open-source dependencies and continuously monitors for new vulnerabilities that affect them. Snyk notifies you in real time whenever a vulnerability is identified, enabling you to respond quickly.
Snyk’s security reports include curated content that explains the nature of each identified vulnerability. Vulnerabilities are categorized by severity to help you prioritize your work to resolve them. When available, security reports also provide recommended steps for resolving vulnerabilities, along with patches that can be applied if a vulnerability cannot be resolved with a version upgrade.
In addition to providing continuous monitoring, Snyk scans every app deployment and immediately reports any new vulnerabilities that are introduced.
Advanced Snyk features include:
Open-source license monitoring. Snyk sets you up with a default policy that flags licenses in your dependencies that violate your legal requirements. You can tailor this policy to meet your specific needs.
Vulnerability insights. Snyk’s advanced reports provide valuable business insights into your vulnerabilities across your entire Heroku deployment. These include your vulnerabilities over time, your vulnerability window, and how quickly you are responding to new threats.
Early vulnerability notifications. For the most security-cautious organizations, Snyk provides early notifications for vulnerabilities that we control the disclosure on. For these vulnerabilities, you are notified before the vulnerability is disclosed publicly, giving you enough lead time to resolve the vulnerability before potential attackers are made aware of it.
Provisioning the add-on
If you have already provisioned Snyk for one of your Heroku apps and you want to add it to another, see Attaching the add-on instead.
Snyk can be attached to a Heroku application via the CLI:
A list of all plans available can be found here.
$ heroku addons:create snyk --app YOUR_APP_NAME_HERE Creating snyk on ⬢ YOUR_APP_NAME_HERE... free Welcome to Snyk Created snyk-globular-63403
Attaching the add-on to additional apps
After you provision the Snyk add-on for one of your Heroku apps, you can
attach it to additional apps. This way, all of your apps are aggregated into the same Snyk dashboard.
To attach Snyk to another Heroku app, specify the add-on instance name that was generated when you provisioned it. In the following example, the instance name is
$ heroku addons:attach snyk-globular-63403 --app OTHER_APP_NAME Attaching snyk-globular-63403 to ⬢ OTHER_APP_NAME... done Setting SNYK config vars and restarting ⬢ OTHER_APP_NAME... done
Snyk for Node.js
Snyk supports (and auto-detects) Node.js projects that use
package.json). Support for
yarn.lock) is coming soon.
Snyk for Ruby
Snyk supports (and auto-detects) Ruby projects that use
Snyk for Java
Snyk supports (and auto-detects) Java projects that use
gradle.build) is coming soon.
Snyk for Gradle (coming soon)
Support (and auto-detection) for Gradle projects using
gradle.build) is coming soon.
Snyk for Scala (coming soon)
Support (and auto-detection) for Scala projects using
build.sbt) is coming soon.
Snyk for Python (coming soon)
Support (and auto-detection) of Python 2 and Python 3 projects using
requirements.txt) is coming soon.
Applications with multiple package files
Snyk supports (and auto-detects) applications with multiple package files (any of those listed in Language-specific support). In order for auto-detection to work, all package files must be in the application’s root folder.
For more information on the features available within the Snyk dashboard, please see the docs at https://snyk.io/docs.
The Snyk dashboard allows you to:
- See all apps that are continuously monitored by Snyk
- See a high-level overview of the amount of vulnerabilities in your apps, organized by severity
- Zoom in to see the vulnerability report for each individual app
- In each report, zoom in on a specific vulnerability to get detailed information in the advisory
- When available, see remediation advice (such as a version upgrade), or download a patch that you can apply to resolve the vulnerability
You can access the dashboard via the CLI:
$ heroku addons:open snyk Opening snyk for sharp-mountain-4005
or by visiting the Heroku Dashboard and selecting the application in question. Select Snyk from the Add-ons menu.
Migrating between plans
Application owners should carefully manage the migration timing to ensure proper application function during the migration process.
heroku addons:upgrade command to migrate to a new plan.
$ heroku addons:upgrade snyk:newplan -----> Upgrading snyk:newplan to sharp-mountain-4005... done, v18 Your plan has been updated to: snyk:newplan
Removing the add-on
You can remove Snyk via the CLI:
This will destroy all associated data and cannot be undone!
$ heroku addons:destroy snyk -----> Removing snyk from sharp-mountain-4005... done, v20 (free)
All Snyk support and runtime issues should be submitted via one of the Heroku Support channels. Any non-support related issues or product feedback is welcome at email@example.com.