In this article you will find:

  1. Pre-requisite

  2. How to configure Snyk in the Vulcan platform

  3. How to view data from Snyk in the Vulcan platform

  4. FAQ

1. Pre-requisite

  • The organization must be entitled to API access

2. Configuring Snyk Connector

In the Connectors page, click on Add a Connector.

Click on Snyk connector.

Fill the following field:

API Token - Key to communicate with Snyk API.

To get the API Token, login into your Snyk account --> Go to General Settings --> Copy the API Token

Click on Create

You can view the connector's progress under the Log tab

3. Viewing data from Snyk in Vulcan

Vulcan provides the option to remediate vulnerabilities from 2 different angels:

  • Assets

  • Vulnerabilities


The data from Snyk will be displayed in two tabs in the platform

  • Under the Images tab - This tab gathers all the Snyk assets from the types: rpm, deb, apk, limux, dockerfile

  • Under the Code Projects tab - This tab gathers all data that came from SAST and SCA tools.

To filter only Snyk data, simply use the Search Bar.

Under each tab, you can see the following details:

  • The Project column will indicate the projects you have in Snyk.

  • The Last Report column will indicate the last scanned time in Snyk.

  • The Vulnerabilities column will indicate the number of vulnerabilities that exist in a project.

  • The Top Risk column will indicate the highest risk-value from all risks that exist in a project.

  • The Tags column will indicate all the tags that related to projects.

Clicking on each project will open its Asset Card where you can view in detailed the project's data, including - All related vulnerabilities, affected libraries and packages, details of projects and correlated data from other sources.

If you want to view specific vulnerability, click on it and you will get a representation of that vulnerability and its details.

You can view all data from Snyk in Vulnerabilities. In order to filter only Snyk data, simply use the Search Bar.

You can start the remediation process by clicking on a vulnerability and view all details fetched from your Snyk account.

4. FAQ

Which type of issues are pulled into Vulcan?

Snyk connector will pull issues of type "Vulnerabilities".

Issues of type "License" won't be pulled.

Can I view issues of status "Ignored" in Vulcan?

No, Issues of status "Ignored" are not shown in Vulcan.

Is Snyk SAST supported?

No. Snyk SAST isn't currently supported.

Did this answer your question?