Skip to main content
All CollectionsConnectorsOlder Release
Snyk Connector (previous revision)
Snyk Connector (previous revision)

Getting started with Snyk connector

Updated over 3 months ago

Am I reading the right user guide?

Certain connectors have more than one user guide. It depends on the environment's setup and on the connector's available releases (new vs. older revisions).

To access the user guide that is relevant to your environment, simply click on the "How to connect" button located on the connector's setup page. By doing so, you will be directed to the user guide that aligns with your specific environment, ensuring relevancy and accuracy.

Pre-requisite

  • The organization must be entitled to API access

    IMPORTANT NOTE: Users can choose between a User API key (potentially covering multiple organizations) and having distinct keys per organization.

    To work around this limitation, configure a user account that does not have this polling restriction.

Support Note

Currently, Snyk Container Security is not supported.

Configuring Snyk Connector

In the Connectors page, click on Add a Connector.

Click on Snyk connector.

Fill the following field:

API Token - Key to communicate with Snyk API.

To get the API Token, login into your Snyk account --> Go to General Settings --> Copy the API Token

Click on Create

You can view the connector's progress under the Log tab

Viewing data from Snyk in Vulcan

Vulcan provides the option to remediate vulnerabilities from 2 different angels:

  • Assets

  • Vulnerabilities

Assets

The data from Snyk will be displayed in two tabs in the platform

  • Under the Images tab - This tab gathers all the Snyk assets from the types: rpm, deb, apk, linux, dockerfile

  • Under the Code Projects tab - This tab gathers all data that came from SAST and SCA tools.

To filter only Snyk data, simply use the Search Bar.

Under each tab, you can see the following details:

  • The Project column will indicate the projects you have in Snyk.

  • The Last Report column will indicate the last scanned time in Snyk.

  • The Vulnerabilities column will indicate the number of vulnerabilities that exist in a project.

  • The Top Risk column will indicate the highest risk-value from all risks that exist in a project.

  • The Tags column will indicate all the tags that related to projects.

Clicking on each project will open its Asset Card where you can view in detailed the project's data, including - All related vulnerabilities, affected libraries and packages, details of projects and correlated data from other sources.

If you want to view specific vulnerability, click on it and you will get a representation of that vulnerability and its details.

Vulnerabilities
You can view all data from Snyk in Vulnerabilities. In order to filter only Snyk data, simply use the Search Bar.

You can start the remediation process by clicking on a vulnerability and view all details fetched from your Snyk account.

FAQ

Which type of issues are pulled into Vulcan?

Snyk connector will pull issues of type "Vulnerabilities".

Issues of type "License" won't be pulled.

Can I view issues of status "Ignored" in Vulcan?

No, Issues of status "Ignored" are not shown in Vulcan.

Is Snyk SAST supported?

No. Snyk SAST isn't currently supported.

Related Articles
Qualys Connector (previous revision)
Veracode SAST Connector (previous revision)
Checkmarx CxSAST Connector (older revision)
Snyk Connector (new revision)
Did this answer your question?