Security recipes for AI coding assistants, powered by Snyk.
Recipes combine Snyk's security ingredients -- Snyk's CLI & MCP server, along with Agentic skills, rules, hooks, and commands -- into ready-to-use security solutions for your development workflow.
Just like cooking, there's no single right way to combine these ingredients. A team that wants real-time inline feedback will reach for different recipes than one that needs a hard gate at commit time. This repository gives you a collection of recipes to pick from, combine, and customize to meet your security needs across your development environment and lifecycle.
These recipes are designed to be layered. For example, you might combine:
- A rule for real-time inline scanning as you code
- A hook as a safety net that fires at session end
- A git pre-commit hook as a final gate before code enters the repository
- A secure-dependency-advisor skill to evaluate package security before adoption
- A /snyk-fix command for on-demand remediation of existing issues
Start with the recipe that solves your most pressing need, then layer on more as your security posture matures.
These are generic examples, not rigid templates. Every team's security requirements, tech stack, and workflow are different. Feel free to:
- Modify scan thresholds and severity filters
- Add or remove workflow phases
- Adapt the recipes to coding assistants not yet covered
- Combine multiple recipes into your own custom workflows
Before using any recipe, you'll need:
- Snyk MCP Server -- Set up the Snyk MCP server in your coding assistant
- Snyk Authentication -- Run
snyk author set theSNYK_TOKENenvironment variable
If you have questions, need guidance choosing the right recipes for your team, or want to share feedback, reach out to your Snyk account team or open an issue in this repository.
Note: This repository is closed to public contributions.
