SDKs overview
Deepcode, originally an AI-powered code analysis platform, was acquired by Snyk in 2020. Its core technology has since been integrated into Snyk Code, one of Snyk's primary offerings for identifying security vulnerabilities in proprietary codebases (Snyk Code overview). Consequently, direct Deepcode-branded SDKs are no longer maintained as separate entities. Developers interact with Deepcode's underlying static analysis capabilities through Snyk's developer tools, which include a command-line interface (CLI), various integrated development environment (IDE) plugins, and integrations for continuous integration/continuous delivery (CI/CD) pipelines.
These tools provide the programmatic interfaces and libraries necessary to incorporate automated security scanning into the software development lifecycle. The Snyk platform supports a broad range of programming languages and frameworks, enabling developers to scan their code for security issues, receive remediation guidance, and automate vulnerability checks directly within their existing workflows (Snyk Code getting started guide).
Official SDKs by language
As Deepcode's technology is integrated into Snyk Code, the official SDKs and libraries are now part of the broader Snyk ecosystem. The primary interface for programmatic interaction is the Snyk CLI, which offers language-agnostic capabilities for scanning code. Beyond the CLI, Snyk provides specific integrations and plugins tailored for various language ecosystems and development environments. The table below outlines the primary mechanisms and package names for interacting with Snyk Code's functionality across different programming languages.
| Language Ecosystem | Primary Interface / Package | Installation Command (CLI) | Maturity |
|---|---|---|---|
| JavaScript/TypeScript | Snyk CLI (npm package) | npm install -g snyk |
Stable |
| Python | Snyk CLI (pip package) | pip install snyk |
Stable |
| Java/Kotlin/Scala | Snyk CLI (Maven/Gradle integration) | (via build tool plugins or CLI) | Stable |
| Go | Snyk CLI (Go modules support) | go get github.com/snyk/snyk (for Go specific tools) |
Stable |
| C#/.NET | Snyk CLI (.NET Core support) | (via .NET CLI or Snyk CLI) | Stable |
| Ruby | Snyk CLI (Gemfile support) | gem install snyk |
Stable |
| PHP | Snyk CLI (Composer support) | (via Composer or Snyk CLI) | Stable |
| C/C++ | Snyk CLI (experimental support) | npm install -g snyk |
Beta/Experimental |
The Snyk CLI is the central tool for initiating scans, managing projects, and configuring security policies across all supported languages. For specific language ecosystems, Snyk provides deeper integrations, such as direct scanning of package managers (e.g., npm, pip, Maven, Gradle, Composer) and build system analysis (Snyk CLI supported languages).
Installation
The primary method for installing the tools that provide Deepcode's functionality (via Snyk Code) is through the Snyk Command Line Interface (CLI). The Snyk CLI can be installed using various package managers depending on your operating system and preferred development environment.
Node.js (Recommended for general use)
npm install -g snyk
This command installs the Snyk CLI globally using npm, the Node.js package manager (Snyk CLI installation guide). After installation, you will need to authenticate the CLI with your Snyk account:
snyk auth
This command will open your browser to log in to your Snyk account and authorize the CLI.
Homebrew (macOS)
brew tap snyk/tap
brew install snyk
Scoop (Windows)
scoop bucket add snyk https://github.com/snyk/scoop-snyk
scoop install snyk
Docker
For CI/CD environments or containerized workflows, the Snyk CLI is available as a Docker image:
docker pull snyk/snyk
docker run -it snyk/snyk auth
Other installation methods
Snyk also provides binaries for direct download, and instructions for integrating with various build tools and CI/CD platforms are available in the official documentation (Snyk documentation portal). For IDE integrations, developers can search for 'Snyk' in their IDE's marketplace (e.g., Visual Studio Code Marketplace, IntelliJ Plugins).
Quickstart example
This quickstart demonstrates how to use the Snyk CLI to scan a local project for code vulnerabilities, leveraging the Deepcode-powered analysis within Snyk Code.
Prerequisites
- Snyk CLI installed and authenticated (refer to the Installation section).
- A local project containing source code (e.g., a simple JavaScript application).
Steps
- Navigate to your project directory: Open your terminal or command prompt and change to the root directory of the project you want to scan.
cd my-javascript-app
- Run a code security scan: Execute the
snyk code testcommand. This command analyzes your proprietary code for security vulnerabilities.
snyk code test
The CLI will output the results directly in your terminal, detailing any identified vulnerabilities, their severity, and recommended remediation steps. For instance, a typical output might resemble:
✔ Tested 100 files for known vulnerabilities, no vulnerabilities found.
Project: my-javascript-app
License: Apache-2.0
Found 0 vulnerabilities
If vulnerabilities are found, the output will list them with details such as rule ID, severity, affected file, and line number. For a more comprehensive scan that also includes open-source dependencies, you can use snyk test:
snyk test
This command combines scans for both open-source dependencies (Snyk Open Source) and proprietary code (Snyk Code, Deepcode's contribution) (Snyk test command reference). The Snyk CLI can also integrate into various CI/CD pipelines to automate these scans as part of the build or deployment process, providing continuous security feedback (Snyk CI/CD integrations).
Community libraries
Given that Deepcode's technology is now integrated into the Snyk platform, most community-driven efforts focus on extending or integrating with Snyk's developer tools rather than standalone Deepcode libraries. The Snyk CLI and its underlying APIs serve as the primary programmatic interface, allowing community developers to build custom scripts, wrappers, and integrations.
Community contributions often manifest in areas such as:
- Custom reporting tools: Scripts that parse Snyk JSON output to generate custom reports or integrate with internal dashboards.
- CI/CD pipeline scripts: Specialized scripts for specific CI/CD environments (e.g., Jenkins, GitLab CI, GitHub Actions) that automate Snyk scans and policy enforcement.
- IDE extensions: While Snyk provides official IDE plugins, some community members might develop supplementary extensions for niche editors or specific workflows.
- Automation wrappers: Tools that orchestrate Snyk scans with other security or development tools, streamlining complex workflows.
Developers interested in contributing or finding community-developed resources typically refer to the Snyk GitHub organization, which hosts various open-source projects, examples, and tools related to the Snyk platform. While direct Deepcode-specific community libraries are not prevalent post-acquisition, the active Snyk developer community and extensive documentation provide a robust foundation for extending its capabilities (Snyk API documentation).
Community engagement is also fostered through Snyk's public issue trackers, forums, and developer events, where users can share custom integrations, scripts, and best practices for leveraging Snyk's security analysis capabilities.