Snyk Connector (new revision)

Learn all about integrating Snyk into the Vulcan Platform

Updated this week

Am I reading the right user guide?

Certain connectors have more than one user guide. It depends on the environment's setup and on the connector's available releases (new vs. older revisions).

To access the user guide that is relevant to your environment, simply click on the "How to connect" button located on the connector's setup page. By doing so, you will be directed to the user guide that aligns with your specific environment, ensuring relevancy and accuracy.

Overview

About Snyk

Snyk is a platform allowing you to scan, prioritize, and fix security vulnerabilities in your own code, open source dependencies, container images, and Infrastructure as Code (IaC) configurations.

Why Integrate Snyk into the Vulcan platform?

The Snyk Connector by Vulcan integrates with the Snyk platform to pull and ingest Snyk assets type Code Project and Images, and their vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.

Snyk Connector details

Supported products

Category

Application Security (SCA + SAST)

Ingested asset type(s)

Code Projects

Images

Integration type

UNI directional (data is transferred from Detictify to the Vulcan Platform in one direction)

Supported version and type

SaaS (latest)


Connector Setup

Prerequisites and user permissions

Before you begin configuring the connector, make sure you have the following:

Snyk API Token (your Snyk account must be entitled to API access)

IMPORTANT NOTE: Users can choose between a User API key (potentially covering multiple organizations) and having distinct keys per organization.

To work around this limitation, configure a user account that does not have this polling restriction.

Generating Snyk API token:

  1. Go to your Snyk platform

  2. Go to Account > Account Settings

  3. Go to General and click to generate an API Token, or click Revoke & Regenerate

  4. Copy the API token and save it somewhere safe.


Configuring the Snyk Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the Snyk icon.

  4. Set up the Connector as follows:

  5. Check the Snyk asset types you want to fetch into the Vulcan Platform.

  6. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your <X> instance, then click Create (or Save Changes).

  7. Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.

  8. Allow some time for the sync to complete. Then, you can review the sync status under Log on the Connector's setup page.

  9. To confirm the sync is complete, navigate to the Connectors page. Once the X icon shows Connected, the sync is complete.


Snyk in the Vulcan Platform

Viewing Snyk vulnerabilities in the Vulcan Platform

To view vulnerabilities by Connector/Source:

  1. Go to the Vulnerabilities page.

  2. Use the Search or Filter input box to select the Vulnerability Source or Connector filter.

  3. Select Snyk from the vulnerability source/Connector list to filter results.

  4. Click on any vulnerability for more vulnerability details.

Viewing Snyk assets in the Vulcan Platform

To view assets by Connector/Source:

  1. Go to the Assets page.

  2. Click on the relevant asset type tab.

  3. Use the Search or filter input box to select Connector from the drop-down selection.

  4. Select Snyk from the Asset source/Connector list to filter results and view all synced assets.
    See the complete list of available asset filters per asset type

Taking Action on vulnerabilities and assets detected by Snyk

To take remediation action on vulnerabilities and assets detected by Snyk:

  1. Go to Vulnerabilities / Assets Page.

  2. Click on the Search and Filter input box and select Connector from the drop-down selection.

  3. Locate the Snyk option to view all synced vulnerabilities/assets.

  4. Select the relevant Vulnerability/Asset.

  5. Click Take Action.

Automating remediation actions on vulnerabilities detected by Snyk

Large environments quickly become unmanageable if constant manual attention and effort are necessary to remediate vulnerabilities. You can take advantage of the automation capabilities of Vulcan Cyber and the Snyk Connector.


From Snyk to the Vulcan Platform - Data Mapping

The Vulcan Platform integrates with Snyk through API to pull relevant vulnerabilities and assets data and map it into the Vulcan Platform pages and fields.

Images mapping

Snyk field

Vulcan field

id

Uniqueness criteria

name

Asset Name

Image ID

Asset details

Images

Asset type

remoteRepoUrl

Repository

type

Repo type

`tags`

Asset Tags - Vendor’s tags

From organization HTTP endpoint:

Organization name

Group name

Group id

Asset Tags - Additional

lastTestedDate

Last seen

created

Creation date

issueData.package or issue.package

Component - name

issueData.version or issue.version

Component - Type

Active

Asset’s Status

issue.id

Vulnerability instance uniqueness criteria

introducedDate

Vulnerability instance first seen

fixedDate

Vulnerability instance Last seen

Remove THIS

Vulnerability instance score

id or issue.id

Unique Vulnerability uniqueness criteria

issue.title + issue.pacakge + issue.version + issue.identifiers.CVE

Vulnerability title

issueData.cvssScore or issue.cvssScore

Vulnerability score

issueData.description or issue.description

Vulnerability description

package_name - issue.package

package_versions - issue.version

is_upgradable - fixInfo.isUpgradable or issue.isUpgradable

is_patched - isPatched or issue.isPatched

exploit_maturity - issue.exploitMaturity or issueData.exploitMaturity

credit - issue.credit

language - issueData.language or issue.language

issue_url - issueData.url or issue.url

Vulnerability details

issueData.cvssScore or issue.cvssScore

CVSS

issueData.identifiers.CVE or issue.identifiers.CVE

CVE/S

issueData.identifiers.CWE or issue.identifiers.CWE

CWE

Fix from Snyk

Fix title

parse from markdown

Fix descriptions

parse from markdown

Fix references

Code Projects - SAST mapping

Snyk field

Vulcan field

id

Uniqueness criteria

attributes.name

Asset Name

Code Projects

Asset type

attributes.primaryFilePath (from issue endpoint)

Asset codebase - Source (SAST)

attributes.primaryRegion.startLine (from issue endpoint)

Asset codebase - Location (SAST)

Created Date - attributes.created

Project ID - id

Asset details

`tags`

Asset Tags - Vendor’s tags

From organization HTTP endpoint:

Organization name

Group name

Group id

attributes.origin

attributes.targetReference

Asset Tags - Additional

active

Asset’s Status

The current datetime

Last report

attributes.id

Vulnerability instance uniqueness criteria

attributes.primaryFilePath

Vulnerability instance location path

attributes.name

Unique Vulnerability uniqueness criteria

attributes.name (from issue summary endpoint)

Vulnerability title

attributes.severity

Vulnerability score

attributes.name

Vulnerability description

Issue Type: attributes.issueType

Vulnerability details

attributes.cwe

CWE

id - id

severity

fingerprint

fingerprintVersion

primaryRegion

priorityScore

priorityScoreFactors

primaryFilePath

Vulnerability instance connection- additional information

Code Projects - SCA mapping

Snyk field

Vulcan field

id

Uniqueness criteria

name

Asset Name

Code Projects

Asset type

issue.pacakge (issue endpoint)

Asset libraries - Name (SCA)

issue.version (issue endpoint)

Asset libraries - Version (SCA)

Created Date - created

Project Id - id

Asset details

`tags`

Asset Tags - Vendor’s tags

From organization HTTP endpoint: Organization name

Group name

Group id

Asset Tags - Additional

issue.id

Vulnerability instance uniqueness criteria

introducedDate

Vulnerability instance first seen

fixedDate

Vulnerability instance Last seen

id or issue.id

Unique Vulnerability uniqueness criteria

issue.title + issue.pacakge + issue.version + issue.identifiers.CVE

Vulnerability title

issueData.cvssScore or issue.cvssScore

Vulnerability score

issueData.description or issue.description

Vulnerability description

package_name - issue.package

package_versions - issue.version

is_upgradable - fixInfo.isUpgradable or issue.isUpgradable

is_patched - isPatched or issue.isPatched

exploit_maturity - issue.exploitMaturity or issueData.exploitMaturity

credit - issue.credit

language - issueData.language or issue.language

issue_url - issueData.url or issue.url

Vulnerability details

issueData.cvssScore or issue.cvssScore

CVSS

issueData.identifiers.CVE or issue.identifiers.CVE

CVE/S

issueData.identifiers.CWE or issue.identifiers.CWE

CWE

Fix from Snyk

Fix - Title

markdown parsing custom function

Fix - Description

markdown parsing custom function

Fix - References

Vulnerability status mapping

Snyk Status

Vulcan Status

vulnerable

Vulnerable

Fixed

Ignored - false positive

ignored (SCA/Images)

Ignored risk acknowledged (SCA/Images)

attributes.ignored (SAST)

Ignored risk acknowledged (SAST)

Vulnerability score mapping (SAST)

In Snyk, the value of the field attributes.severity can be high, medium, or low.

Snyk score

Vulcan score

High

10

Medium

7

-

5

Low

3

-

0

Status update mechanisms

Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any were added).

The below table lists how the status update mechanism works in the Snyk connector for the existing vulnerabilities and assets in the Vulcan Platform.

Update type

Mechanism

Archiving Assets

- An asset not found on the connector's last sync is archived and no longer presented on the Vulcan platform.

- By X days according to "Last seen". If the Asset hasn’t been seen for X days, it will be archived from the Vulcan Platform.

Change of vulnerability instances status from "Vulnerable" to "Fixed"

- If the vulnerability no longer appears in the scan findings, the Vulcan Platform marks it as "Fixed".

Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).


API

API Endpoints in use

API - SCA/Images

Use in Vulcan

Assets

https://snyk.io/api/v1/org/{{ org_id }}/project/{{ project_id }}/aggregated-issues

Unique vulnerability,

vulnerability instance

API - SAST

Use in Vulcan

https://api.snyk.io/rest/orgs/{{ org_id }}/projects?version=2021-06-04~beta&type=sast

Assets

https://api.snyk.io/rest/orgs/{{ org_id }}/issues/detail/code/{{ issue_id }}?version=2022-04-06~experimental&project_id={{ project_id }}

Unique vulnerability, vulnerability instance


Data Validation

The purpose of this "Data Validation" section is to provide a clear understanding of how data from Snyk appears when ingested into the Vulcan Platform. By following the guidelines mentioned here, you will gain insights into matching unique vulnerabilities, assets, and vulnerability instances.

Matching Assets

In Snyk:

  1. Click on "Projects."

  2. Ensure that you filter only active projects and do not apply any grouping (group by none).

  3. Take note of the projects displayed on the screen.

In Vulcan:

  1. Go to Assets > Code Projects

  2. Apply the following filters:

    • Filter by the Snyk connector.

    • Filter by the tag associated with the relevant organization you are validating.

  3. The projects matching the filters will be displayed on the screen.

Matching Vulnerability Instances

  • For each asset in Snyk's projects view, you will find the count of issues categorized by severity.

  • Note that this number includes all the issues detected by Snyk across various products (such as SCA, SAST, container, IaC, cloud), and not all of them will necessarily be ingested into Vulcan.

  • Clicking on the project name in Snyk will provide you with more details about the issues.


Matching Unique Vulnerabilities

In Snyk:

  1. Navigate to "Reports."

  2. Apply the following filters:

    • Filter by the status "Open."

    • Filter by the relevant Snyk products configured for the integration.

  3. The reports will show the unique vulnerabilities that meet the specified criteria.

Did this answer your question?