Snyk
Created 6 months ago
Snyk Language Server integrates with Snyk Open Source, Infrastructure as Code, and Code.
What is Snyk?
Enhance security posture by embedding [Snyk](https://snyk.io/) vulnerability scanning directly into agentic workflows.
Documentation
Supported features
The language server follows the Language Server Protocol and integrates with Snyk Open Source, Snyk Infrastructure as Code and Snyk Code. For the former two, it uses the Snyk CLI as a data provider, for the latter it is connecting directly to the Snyk Code API. Right now the language server supports the following actions: - Send diagnostics to client on opening a document if it's part of the current set of folders. - Starting a folder scan on startup and sending diagnostics. - Starting a workspace scan of all folders on command. - Cache diagnostics until saving or triggering a new workspace scan. - Invalidate caches on saving a document and retrieve saved document diagnostics anew. - Provides range calculation to correctly highlight Snyk Open Source issues in their file. - Provides formatted hovers with diagnostic details and follow-up links - Progress reporting to the client for background jobs - Notifications & Log messages to the client - Authentication when needed, using OAuth2 or Token authentication and opening a webpage if necessary - Copying the authentication URL to clipboard if there are problems opening a webpage - Automatic download of the Snyk CLI if none is found or configured to XDG_DATA_HOME - Selective activation of products according to settings transmitted - Scanning errors are reported as diagnostics to the Language Server Client - Code Lenses to navigate the Snyk Code dataflow from within the editor - Code Actions for in-editor commands, like opening a browser, doing a quickfix or opening a Snyk Learn lesson for the found diagnostic
Implemented operations# Language Server Protocol support
Requests
- initialize
- exit
- textDocument/codeAction
- textDocument/codeLens
- textDocument/didClose
- textDocument/didSave
- textDocument/hover
- textDocument/inlineValue
- shutdown
- workspace/didChangeWorkspaceFolders
- workspace/didChangeConfiguration
- workspace/executeCommand
- window/workDoneProgress/create (from server -> client)
- window/showMessageRequest
- window/showDocument
Notifications
- $/progress
- $/cancelRequest
- textDocument/publishDiagnostics
Custom additions to Language Server Protocol (server -> client)
- SDKs callback to retrieve configured SDKs from the client
- Folder Config Notification
- Custom Publish Diagnostics Notification
- MCP Server URL Notification to publish the listening address.
- Authentication Notification
- CLI Path Notification
- Trusted Folder Notification
- Scan Notification
- Summary Panel Status Notification
Server Config
{
"mcpServers": {
"snyk-server": {
"command": "npx",
"args": [
"snyk"
]
}
}
}