Table of contents

Getting started

Add source control integration

Choose a source code integration to allow Open Source Security by Snyk to work on a project.

  1. Open the Trend Micro Cloud One console (https://cloudone.trendmicro.com) and select Open Source Security by Snyk.
  2. On the page that appears, select Head to Snyk.
  3. Select Integrations > Source control.
  4. Select the source control system (for example, GitHub) to integrate with Snyk:

    Image of the Source control page

  5. Enter the account credentials (or authenticate with your account in GitHub) to grant Snyk access permissions for integration.

Add Projects

Add projects to test with Open Source Security by Snyk by choosing repositories to test and monitor.

  1. In Open Source Security by Snyk, select Projects.
  2. Select the tool you're using to add the project (for example GitHub):

    Image of the Projects page

  3. In the Personal and Organization repositories area, select the repositories to use:

    Image of the  Personal and Organization repositories area

  4. Select Add selected repositories to import the selected repositories into your projects. This also:

    • Sets Snyk to run a regular check (daily by default) for vulnerabilities.
    • Creates a webhook so when you change code, Snyk tests your pull/merge requests to check that new dependencies do not introduce more vulnerabilities.
  5. A progress bar appears. Select View log to see log results.

  6. Project import completes.

View vulnerabilities

You can now view vulnerability results for imported projects. The Projects tab appears by default after import, showing vulnerability information for project you've imported.

  1. Select an imported project to see vulnerability information for that project, including the number of issues found, grouped by severity level:

    Image of vulnerabilities page

  2. Select an entry to open the issues view for that entry, including the module, where it was introduced, the remediation to fix it, plus more details about the vulnerability itself:

    Image of vulnerabilities details page