From d86ce7a8b52dda0f1c655aacc33d1cf1778f5731 Mon Sep 17 00:00:00 2001 From: michelkaporin Date: Fri, 27 May 2022 12:24:04 +0000 Subject: [PATCH] docs: synchronizing README from snyk/user-docs --- README.md | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index ecfa8dacc..200b8dd68 100644 --- a/README.md +++ b/README.md @@ -18,11 +18,11 @@ You can find the Snyk Extension in the [Visual Studio Code Marketplace](https:// * Navigate to the [Snyk Extension on the Visual Studio Code Marketplace](https://marketplace.visualstudio.com/items?itemName=snyk-security.snyk-vulnerability-scanner) and follow the instructions for the Snyk extension. The docs from VS Code help you trigger the installation process from Visual Studio Code and guide you through the installation steps. * Browse for the extension as advised [Visual Studio code site](https://code.visualstudio.com/docs/editor/extension-gallery#\_browse-for-extensions) and search for Snyk, then install (as explained in the [installation instructions](https://code.visualstudio.com/docs/editor/extension-gallery#\_install-an-extension). -When the extension is installed you can find a Snyk icon in the sidebar ![](). +When the extension is installed you can find a Snyk icon in the sidebar ![](). The Snyk extension provides all the suggestions in a concise and clean view containing the information you need to decide how to fix or act on. -![Visual Studio Code extension results]() +![Visual Studio Code extension results]() ## Configuration @@ -54,14 +54,14 @@ To authenticate follow these steps: 1. Once the extension is installed, click on the Snyk Icon in the left navigation bar: - + 2. Click **Connect VS Code with Snyk**. The extension relies on the Snyk authentication API and asks you to authenticate your machine against the Snyk web application: - + 3. Click **Authenticate**. 4. After successful authentication, view the confirmation message. - + 5. Close the browser window and return to VS Code. VS Code is now reading and saving the authentication on your local machine. ### Switching accounts @@ -71,11 +71,11 @@ To re-authenticate with a different account, follow the steps below: 1. Run the provided `Snyk: Log Out` command. 2. Once logged out, click **Connect VS Code with Snyk** to authenticate with the different account. -![Snyk: Log Out](https://github.com/snyk/user-docs/raw/b37b310a269129608b8b10e8db7779706221a4b8/docs/.gitbook/assets/logging-out-command.png) +![Snyk: Log Out](https://github.com/snyk/user-docs/raw/HEAD/docs/.gitbook/assets/logging-out-command.png) Or you run `Snyk: Set Token` command and set your token in the text field manually. -![]() +![]() \\ @@ -87,14 +87,14 @@ Snyk Open Source requires the Snyk CLI, so it downloads in the background. Snyk Code analysis runs quickly without the CLI, so results may already be available. Otherwise, you see the following screen while Snyk scans your workspace for vulnerabilities: -![Snyk Code scan]() +![Snyk Code scan]() Snyk analysis runs automatically when you open a folder or workspace. * Snyk Code performs scans automatically on file saves. * Snyk Open Source does not automatically run on save by default, but you can enable it in settings: -![Snyk Open Source settings]() +![Snyk Open Source settings]() **Tip**: if you do not like to manually save while working, enable [AutoSave](https://code.visualstudio.com/docs/editor/codebasics#\_save-auto-save). @@ -102,11 +102,11 @@ Snyk analysis runs automatically when you open a folder or workspace. To manually trigger a scan, either Save or manually rescan using the rescan icon: -![Rescan icon]() +![Rescan icon]() If you only need the Code Quality, Code Security, or Open Source Security portion of the findings, you can easily disable the feature with the results you do not want to see or collapse the view: -![Configure Features](https://github.com/snyk/user-docs/raw/b37b310a269129608b8b10e8db7779706221a4b8/docs/.gitbook/assets/configure-features.png) +![Configure Features](https://github.com/snyk/user-docs/raw/HEAD/docs/.gitbook/assets/configure-features.png) ## Snyk Code advanced mode @@ -114,13 +114,13 @@ Snyk Code has "Advanced" mode that allows you to control how scan is performed. To manually perform the analysis, in the configuration of the extension you can enable Advanced Mode which enables you to control the scanning process: -![Advanced Mode](https://github.com/snyk/user-docs/raw/b37b310a269129608b8b10e8db7779706221a4b8/docs/.gitbook/assets/run-analysis\_advanced-mode.png) +![Advanced Mode](https://github.com/snyk/user-docs/raw/HEAD/docs/.gitbook/assets/run-analysis\_advanced-mode.png) ## View analysis results Snyk analysis shows a list of security vulnerabilities and code issues found in the application code. For more details and examples of how others fixed the issue, select a security vulnerability or a code security issue. Snyk suggestion information for the issue selected appears in a panel on the right side: -![Snyk suggestion information]() +![Snyk suggestion information]() ### Snyk analysis panel @@ -128,15 +128,15 @@ The Snyk analysis panel on the left of the preceding code screen shows how much The icons have the following meaning: -| ![]() Critical severity | May allow attackers to access sensitive data and run code on your application. | +| ![]() Critical severity | May allow attackers to access sensitive data and run code on your application. | | ------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------- | -| ![]() High severity | May allow attackers to access sensitive data on your application. | -| ![]() Medium severity | May allow attackers under some conditions to access sensitive data on your application. | -| ![]() Low severity | The application may expose some data allowing vulnerability mapping, which can be used with other vulnerabilities to attack the application. | +| ![]() High severity | May allow attackers to access sensitive data on your application. | +| ![]() Medium severity | May allow attackers under some conditions to access sensitive data on your application. | +| ![]() Low severity | The application may expose some data allowing vulnerability mapping, which can be used with other vulnerabilities to attack the application. | You can filter the issues by setting the severities you want to see using the `snyk.severity` setting. For example, set `"snyk.severity": { "critical": true, "high": true, "medium": true, "low": false }` to hide low severity issues. You can also apply the setting in the Settings UI. -![Severity settings]() +![Severity settings]() ### Snyk Code editor window @@ -144,7 +144,7 @@ The editor window in the middle of the results screen shows the code that is ins ### Snyk Code vulnerability window -![Snyk Suggestion panel]() +![Snyk Suggestion panel]() The Snyk Suggestion panel on the right of the results screen shows the recommendation of the Snyk engine using, for example, variable names of your code and the line numbers in red. You can also see the following: @@ -161,11 +161,11 @@ The editor window shows security vulnerabilities in open source modules while yo You can find security vulnerabilities in the npm packages you import and see the number of known vulnerabilities in your imported npm packages as soon as you require them: -![Vulnerabilities in npm package](https://github.com/snyk/user-docs/raw/b37b310a269129608b8b10e8db7779706221a4b8/docs/.gitbook/assets/oss-editor-vulnerability-count.png) +![Vulnerabilities in npm package](https://github.com/snyk/user-docs/raw/HEAD/docs/.gitbook/assets/oss-editor-vulnerability-count.png) Code inline vulnerability counts are also shown in your `package.json` file: -![package.json file](https://github.com/snyk/user-docs/raw/b37b310a269129608b8b10e8db7779706221a4b8/docs/.gitbook/assets/oss-editor-pjson.png) +![package.json file](https://github.com/snyk/user-docs/raw/HEAD/docs/.gitbook/assets/oss-editor-pjson.png) Find security vulnerabilities in your JavaScript packages from well-known CDNs. The extension scans any HTML files in your projects and displays vulnerability information about the modules you include from your favorite CDN. @@ -179,11 +179,11 @@ Find security vulnerabilities in your JavaScript packages from well-known CDNs. * yastatic.net * ajax.aspnetcdn.com -![Vulnerability from a CDN](https://github.com/snyk/user-docs/raw/b37b310a269129608b8b10e8db7779706221a4b8/docs/.gitbook/assets/oss-editor-html.png) +![Vulnerability from a CDN](https://github.com/snyk/user-docs/raw/HEAD/docs/.gitbook/assets/oss-editor-html.png) You can navigate to the most severe vulnerability by triggering the provided code actions. This opens a vulnerability window to show more details: -![Code action]() +![Code action]() ### Snyk Open Source vulnerability window