The Snyk integration allows Datadog Continuous Profiler to report on vulnerabilities in your Java libraries. The CVE Analysis (Common Vulnerabilities and Exposures) is performed using Snyk’s Intel Vulnerability DB.
Sign up for a Snyk account.
npm install --save-dev @datadog/datadog-ci snyk
snyk auth ”$YOUR_SNYK_TOKEN”
snyk test --print-deps --json > deps.json
If you have a repo with multiple projects, add
--file=<package file> to the Snyk command. For example,
--file=<pom.xml>. See the Snyk documentation for more information.
For the most accurate analysis, add version and service tags on your deployment. See Unified Service Tagging for more information.
Finally, upload the dependency graph to Datadog:
datadog-ci dependencies upload deps.json --source snyk --service <SERVICE> --release-version <VERSION>
By default, this command sends requests to Datadog US. To use Datadog EU, set the
DATADOG_SITE environment variable to
A minute or two after you deploy your service, the “Vulnerability” column on the Profiles page is populated with the highest classification of vulnerability for that service. Details about the CVE vulnerabilities for the service can be found in the Analysis tab on the sidebar (detailed view of the service).
Need help? Contact Datadog support.
Additional helpful documentation, links, and articles: