In this article you will find:

  1. Pre-requisite

  2. How to configure Snyk in Vulcan platform

  3. How to view data from Snyk in Vulcan platform

  4. FAQ

1. Pre-requisite

  • Organization must be entitled for API access

2. Configuring Snyk Connector

In the Connectors page, click on Add a Connector.

Click on Snyk connector.

Fill the following field:

API Token - Ket to communicate with Snyk API.

To get the API Token, login into your Snyk account --> Go to General Settings --> Copy the API Token

Click on Create

You can view the connector's progress under the Log tab

3. Viewing data from Snyk in Vulcan

Vulcan provides the option to remediate vulnerabilities from 2 different angels:

  • Assets

  • Vulnerabilities

Assets

The data from Snyk will be displayed under Code Projects - This tab gathers all data came from SAST and SCA tools. To filter only Snyk data, simply use the Search Bar.

The Project column will indicate the projects you have in Snyk.

The Last Report column will indicate the last scanned time in Snyk.

The Vulnerabilities column will indicate the number of vulnerabilities that exist in a project.

The Top Risk column will indicate the highest risk-value from all risks that exist in a project.

The Tags column will indicate all the tags that related to projects.

Clicking on each project will open its Asset Card where you can view in detailed the project's data, including - All related vulnerabilities, affected libraries and packages, details of projects and correlated data from other sources.

If you want to view specific vulnerability, click on it and you will get a representation of that vulnerability and its details.

Vulnerabilities
You can view all data from Snyk in Vulnerabilities. In order to filter only Snyk data, simply use the Search Bar.

You can start the remediation process by clicking on a vulnerability and view all details fetched from your Snyk account.

4. FAQ

Which type of issues are pulled into Vulcan?

Snyk connector will pull issues of type "Vulnerabilities".

Issues of type "License" won't be pulled.

Can I view issues of status "Ignored" in Vulcan?

No, Issues of status "Ignored" are not shown in Vulcan.

Did this answer your question?