Snyk scanning concepts
In Snyk, a project is a scannable external item. Each target you want to scan, such as a Kubernetes cluster or GitHub repository, may include more than one project.
Snyk scans different types of projects in different ways.
For Open Source projects, Snyk accesses the manifest and the build configuration files to identify Open Source dependencies.
When you scan a Dockerfile, Snyk views the FROM statement to identify the base image and predict potential vulnerabilities once that container has been built. Note that scanning a Dockerfile is not equivalent to a container scan (which is done via the CLI or in the CI/CD pipeline).
Snyk scans infrastructure files for analysis and to show the side-by-side code review interface. Snyk does not retain the file.
Snyk caches repository code for a one-time analysis and retains the file path, line, and column to any identified issues.
Copy link