Skip to content



This step performs an open source vulnerability scan on a Node project or Node module inside an MTA project through


  • Snyk account - have an account on
  • Snyk token - have a Snyk user token


name mandatory default possible values
buildDescriptorFile no ./package.json
dockerEnvVars no
dockerImage no node:lts-buster
dockerOptions no
dockerWorkspace no
exclude no []
monitor no true
scanType no npm npm, mta
script yes
snykCredentialsId yes Jenkins credentials id
snykOrg no
toHtml no false
toJson no false
  • buildDescriptorFile - The path to the build descriptor file, e.g. ./package.json.
  • dockerEnvVars - Environment variables to set in the container, e.g. [http_proxy: 'proxy:8080'].
  • dockerImage - Name of the docker image that should be used. Configure with empty value to execute the command directly on the Jenkins system (not using a container). Omit to use the default image (cf. default_pipeline_environment.yml) Overwrite to use custom Docker image.
  • dockerOptions - Docker only: Docker options to be set when starting the container (List or String).
  • dockerWorkspace - Kubernetes only: Specifies a dedicated user home directory for the container which will be passed as value for environment variable HOME.
  • exclude - Only scanType 'mta': Exclude modules from MTA projects.
  • monitor - Monitor the application's dependencies for new vulnerabilities.
  • scanType - The type of project that should be scanned.
  • script - The common script environment of the Jenkinsfile running. Typically the reference to the script calling the pipeline step is provided with the this parameter, as in script: this. This allows the function to access the commonPipelineEnvironment for retrieving, e.g. configuration parameters.
  • snykCredentialsId - Credentials for accessing the Snyk API.
  • snykOrg - Only needed for monitor: true: The organisation ID to determine the organisation to report to.
  • toHtml - Generate and archive a HTML report.
  • toJson - Generate and archive a JSON report.

Step configuration

We recommend to define values of step parameters via config.yml file.

In following sections of the config.yml the configuration is possible:

parameter general step/stage
buildDescriptorFile X
dockerEnvVars X
dockerImage X
dockerOptions X
dockerWorkspace X
exclude X
monitor X
scanType X
snykCredentialsId X X
snykOrg X
toHtml X
toJson X


The step depends on the following Jenkins plugins

The kubernetes plugin is only used if running in a kubernetes environment. Transitive dependencies are omitted.

The list might be incomplete.

Consider using the ppiper/jenkins-master docker image. This images comes with preinstalled plugins.

Side effects

Step uses dockerExecute inside.




snykExecute script: this, snykCredentialsId: 'mySnykToken'