In this article you will find:
How to configure Snyk in Vulcan platform
How to view data from Snyk in Vulcan platform
Organization must be entitled for API access
2. Configuring Snyk Connector
In the Connectors page, click on Add a Connector.
Click on Snyk connector.
Fill the following field:
API Token - Ket to communicate with Snyk API.
To get the API Token, login into your Snyk account --> Go to General Settings --> Copy the API Token
Click on Create
You can view the connector's progress under the Log tab
3. Viewing data from Snyk in Vulcan
Vulcan provides the option to remediate vulnerabilities from 2 different angels:
The data from Snyk will be displayed under Code Projects - This tab gathers all data came from SAST and SCA tools. To filter only Snyk data, simply use the Search Bar.
The Project column will indicate the projects you have in Snyk.
The Last Report column will indicate the last scanned time in Snyk.
The Vulnerabilities column will indicate the number of vulnerabilities that exist in a project.
The Top Risk column will indicate the highest risk-value from all risks that exist in a project.
The Tags column will indicate all the tags that related to projects.
Clicking on each project will open its Asset Card where you can view in detailed the project's data, including - All related vulnerabilities, affected libraries and packages, details of projects and correlated data from other sources.
If you want to view specific vulnerability, click on it and you will get a representation of that vulnerability and its details.
You can view all data from Snyk in Vulnerabilities. In order to filter only Snyk data, simply use the Search Bar.
You can start the remediation process by clicking on a vulnerability and view all details fetched from your Snyk account.
Which type of issues are pulled into Vulcan?
Snyk connector will pull issues of type "Vulnerabilities".
Issues of type "License" won't be pulled.
Can I view issues of status "Ignored" in Vulcan?
No, Issues of status "Ignored" are not shown in Vulcan.