diff options
| -rw-r--r-- | lsp/snyk_ls.lua | 84 |
1 files changed, 77 insertions, 7 deletions
diff --git a/lsp/snyk_ls.lua b/lsp/snyk_ls.lua index 32d0183d..75a121c6 100644 --- a/lsp/snyk_ls.lua +++ b/lsp/snyk_ls.lua @@ -2,28 +2,98 @@ --- --- https://github.com/snyk/snyk-ls --- ---- LSP for Snyk Open Source, Snyk Infrastructure as Code, and Snyk Code. +--- **[Snyk](https://snyk.io)** is a developer security platform that helps you find and fix +--- vulnerabilities in your code, open source dependencies, containers, and infrastructure as code. +--- +--- The Snyk Language Server provides real-time security scanning for: +--- - **Snyk Open Source**: Find and fix vulnerabilities in open source dependencies +--- - **Snyk Code**: Find and fix security vulnerabilities in your code +--- - **Snyk Infrastructure as Code**: Find and fix security issues in Kubernetes, Terraform, and other IaC files +--- +--- ## Authentication +--- +--- **Note**: Currently, only token-based authentication is supported in Neovim. +--- +--- 1. Get your API token from https://app.snyk.io/account +--- 2. Set the `SNYK_TOKEN` environment variable: +--- ```sh +--- export SNYK_TOKEN="your-token-here" +--- ``` +--- +--- ## Trusted Folders +--- +--- Snyk requires you to trust directories before scanning them. To avoid being prompted every time: +--- +--- ```lua +--- vim.lsp.config('snyk_ls', { +--- init_options = { +--- trustedFolders = { +--- '/Users/yourname/projects', -- Trust your projects directory +--- '/path/to/another/trusted/dir', +--- }, +--- }, +--- }) +--- ``` +--- +--- **Important**: Trust the top-level directory where you store your repositories, not individual repos. +--- For example, if you work on `/Users/yourname/projects/my-app`, trust `/Users/yourname/projects`. +--- Only trust directories containing code you trust to scan. +--- +--- ## Configuration +--- +--- Full configuration options available at https://github.com/snyk/snyk-ls#configuration-1 +--- +--- ### Advanced Configuration +--- +--- For **non-default multi-tenant or single-tenant setups**, you may need to specify: +--- +--- - `endpoint`: Custom Snyk API endpoint (e.g., `https://api.eu.snyk.io` for EU, or your single-tenant URL) +--- ``` ---@type vim.lsp.Config return { - cmd = { 'snyk-ls' }, + cmd = { 'snyk', 'language-server', '-l', 'info' }, root_markers = { '.git', '.snyk' }, filetypes = { + 'apex', + 'apexcode', + 'c', + 'cpp', + 'cs', + 'dart', + 'dockerfile', + 'elixir', + 'eelixir', 'go', 'gomod', + 'groovy', + 'helm', + 'java', 'javascript', - 'typescript', 'json', + 'kotlin', + 'objc', + 'objcpp', + 'php', 'python', 'requirements', - 'helm', - 'yaml', + 'ruby', + 'rust', + 'scala', + 'swift', 'terraform', 'terraform-vars', + 'typescript', + 'yaml', }, settings = {}, - -- Configuration from https://github.com/snyk/snyk-ls#configuration-1 init_options = { - activateSnykCode = 'true', + activateSnykOpenSource = 'true', -- Scan open source dependencies + activateSnykCode = 'false', -- Scan your code for vulnerabilities + activateSnykIac = 'true', -- Scan infrastructure as code + integrationName = 'Neovim', + integrationVersion = tostring(vim.version()), + token = os.getenv('SNYK_TOKEN') or vim.NIL, + trustedFolders = {}, -- Add your trusted directories here to avoid being prompted every time }, } |