If Snyk Code has been enabled for your organization, Snyk performs static application security testing (SAST) on projects that include code in a supported language from a supported source code management system.
Snyk accesses files in the current project directory to identify vulnerabilities that could be exploited to attack the application. Snyk tests the application by scanning the code without executing it, and reports on any vulnerabilities.
Snyk does not store code in the Snyk network or logs or use it for engine training purposes. The scan results do not contain original source code. The results include pointers to positions, plus meta-data on the version of the source code.