Featuring Snyk
by Liran Tal
Text
Liran Tal
@liran_tal
leanpub.com/nodejssecurity/c/MEETUP
https://david-dm.org
http://bithound.io
npm outdated --long
hold your horses, has it too pal
$ npm install -g snyk
$ snyk test
https://snyk.io
$ snyk auth bfd71-fdabc8123-4981-bd8f7c
understanding the lifecycle of Travis CI build
before_install
install
before_script
script
after_success
after_failure
after_script
before_install: - npm install -g snyk
.travis.yml
# fail the build before_script: - snyk test # do not fail the build # you should have a good reason to do this after_script: - snyk test
$ snyk monitor
after_success: - snyk monitor
$ snyk wizard
# on CI - we protect before we # test to apply the policies before_script: - npm install -g snyk - snyk protect - snyk test
"scripts": { "test": "snyk test && npm test", "snyk-protect": "snyk protect", "prepublish": "npm run snyk-protect" }
package.json
By Liran Tal
DevSecOps Meetup #1
💚@nodejs Security WG member | Core team @meanjs, #dockly | Author: 📘Essential Node.js Security ✨ Engineering Manager @nielsen-oss | ❤️#opensource #javascript