snyk-security-scanning.md

1. Visit: https://snyk.io

2. Click the "Signup with GitHub" button/link:

3. Click the button to "Athorise Snyk":

4. Click to "Connect with GitHub":

5. Again click "Connect with GitHub":

6. By default Snyk requests access to both public and private repos, Select whatever is relevant to you and continue:

7. I selected only public repositories as I always follow the "principle of least privilege":

8. Confirm the access that Snyk is requesting:

9. Connect to Snyk to a GitHub Repository:

10. Select the desired repository: (in this case hapi-auth-jwt2 ...)

11. Add selected repo:

12. Wait for the repo to be imported by Snyk:

13. Once the repo has finished importing, refresh the page to see your dashboard:

14. From the Snyk dashboard. Click on the project you want to view:

15. Copy the Snyk "Badge" for inclusion in your project:

Badge Format:

[![Known Vulnerabilities](https://snyk.io/test/github/{username}/{repo}/badge.svg)](https://snyk.io/test/github/{username}/{repo})

Official Badge:

[![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json)

Flat Square:

[![Known Vulnerabilities](https://snyk.io/test/github/dwyl/hapi-auth-jwt2/badge.svg?targetFile=package.json&style=flat-square)](https://snyk.io/test/github/dwyl/hapi-auth-jwt2?targetFile=package.json)

Note: just having a 3rd party service telling you there aren't any know vulnerabilities does not guarantee that your app is "secure"! You still need to write good code that escapes all input and follows "best practice"! But the snyk badge & service is a useful early warning system.