Am I reading the right user guide?
Certain connectors have more than one user guide. It depends on the environment's setup and on the connector's available releases (new vs. older revisions).
To access the user guide that is relevant to your environment, simply click on the "How to connect" button located on the connector's setup page. By doing so, you will be directed to the user guide that aligns with your specific environment, ensuring relevancy and accuracy.
The organization must be entitled to API access
IMPORTANT NOTE: Users can choose between a User API key (potentially covering multiple organizations) and having distinct keys per organization.
To work around this limitation, configure a user account that does not have this polling restriction.
Configuring Snyk Connector
In the Connectors page, click on Add a Connector.
Click on Snyk connector.
Fill the following field:
API Token - Key to communicate with Snyk API.
To get the API Token, login into your Snyk account --> Go to General Settings --> Copy the API Token
Click on Create
You can view the connector's progress under the Log tab
Viewing data from Snyk in Vulcan
Vulcan provides the option to remediate vulnerabilities from 2 different angels:
The data from Snyk will be displayed in two tabs in the platform
Under the Images tab - This tab gathers all the Snyk assets from the types:
rpm, deb, apk, limux, dockerfile
Under the Code Projects tab - This tab gathers all data that came from SAST and SCA tools.
To filter only Snyk data, simply use the Search Bar.
Under each tab, you can see the following details:
The Project column will indicate the projects you have in Snyk.
The Last Report column will indicate the last scanned time in Snyk.
The Vulnerabilities column will indicate the number of vulnerabilities that exist in a project.
The Top Risk column will indicate the highest risk-value from all risks that exist in a project.
The Tags column will indicate all the tags that related to projects.
Clicking on each project will open its Asset Card where you can view in detailed the project's data, including - All related vulnerabilities, affected libraries and packages, details of projects and correlated data from other sources.
If you want to view specific vulnerability, click on it and you will get a representation of that vulnerability and its details.
You can view all data from Snyk in Vulnerabilities. In order to filter only Snyk data, simply use the Search Bar.
You can start the remediation process by clicking on a vulnerability and view all details fetched from your Snyk account.
Which type of issues are pulled into Vulcan?
Snyk connector will pull issues of type "Vulnerabilities".
Issues of type "License" won't be pulled.
Can I view issues of status "Ignored" in Vulcan?
No, Issues of status "Ignored" are not shown in Vulcan.
Is Snyk SAST supported?
No. Snyk SAST isn't currently supported.