Recipe

Snyk Setup

Wire Snyk into a Meridian-monitored repo for continuous open-source vulnerability scanning.

Prerequisites

A GitHub, GitLab, or Bitbucket account with admin access to the target repo.
The repo must already be onboarded into Meridian.
Node.js 18+ if you plan to use the Snyk CLI locally.

Step 1 — Connect Snyk

Sign in at app.snyk.io with your Git provider. Authorize the Snyk OAuth app and select the repository Meridian is watching. Snyk will auto-detect package manifests and begin an initial scan.

Step 2 — Import Project

From the Snyk dashboard, click Add project and choose the target repo. Enable Daily monitoring and PR Checks so every pull request is tested against the Snyk vulnerability database before merge.

Step 3 — Verify in Meridian

Return to your Meridian dashboard. The repo's security card will show a Snyk Active badge within two minutes. Click the card to drill into the latest findings — Meridian surfaces critical and high-severity issues inline alongside your deployment history.

Optional — CLI Gate

Add a pre-commit hook that runs snyk test locally. Meridian will still run the cloud-side scan, but the CLI gate catches issues before they reach CI.

← Back to Docs