| Key | Value |
|---|---|
| Goal | Setup Snyk dependency scanning in a CI/CD pipeline on a project |
| Duration | 1-2 hours |
Use the following steps to help you progress through the exercise (use your best judgment, these are not precise steps):
- Create a Snyk account
- Integrate Snyk dependency scanning in your project (you may need to make your project public)
- Setup a manual command to run Snyk at any time (like
npm run scan:dependencies) - Automate dependency scanning using your CI/CD pipeline
- Share the results with your mentor!
Use these questions to guide your curiosity during the exercise:
- What is SAST?
- What is DAST?
- What is CI/CD?
- Why is it important to scan your dependencies for security vulnerabilities?
Use the following questions to reflect on what you learned with this exercise and discuss with your mentor:
- What conclusion can you share with your mentor?
- What surprised you about this exercise?
- How did this exercise build upon the learning outcomes from this topic? What would you change about the exercise to better suit your context for the next apprentice?
- What did this leave you excited to dig further into?