Skip to main content

Snyk

Snyk is an application scanning tool used for scanning, prioritizing, and fixing security vulnerabilities in your organization's application, projects, or source code. You can bring code, component, and project data from Snyk into Brinqa to track and manage your open-source dependencies, construct a unified view of your attack surface, and strengthen your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with Snyk and how to obtain that information from Snyk. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select Snyk from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Snyk with Brinqa:

  • API URL: The Snyk API URL. The default URL is https://api.snyk.io.

  • API Token: The access token associated with the Snyk account, which must have permissions to log in to the API server and return data.

Obtain a Snyk API token

For the Snyk connector to use the Snyk API, you must provide the API token from Snyk. To generate an API token, follow these steps.

  1. Log in to your organization's Snyk account.

  2. Navigate to General Account Settings.

  3. Click the KEY field, and then select and copy your API token.

    You can also click Revoke and Regenerate on the same page to create a new API token.

note

If you do not have the permissions to create an API token, contact your Snyk administrator. For additional information, see Snyk documentation.

Additional settings

The Snyk connector contains additional options for specific configuration:

  • Sync only active projects and findings for these projects: Retrieves only active projects and their associated findings. Any findings linked to inactive projects are excluded from the imported data. This option can help streamline your data integration and keep your focus on only active and relevant security concerns.

    Important

    Due to the limitations of the Snyk API filters, this option still syncs static code findings for inactive projects at the moment. If you need to purge your static code findings, please contact Brinqa Support. Brinqa and Snyk are working together to resolve this issue.

  • Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.

  • Parallel requests: The maximum number of parallel API requests. The default setting is 4.

  • Maximum retries: The maximum number of times that the integration attempts to connect to the Snyk API before giving up and reporting a failure. The default setting is 5.

Types of data to retrieve

The Snyk connector can retrieve the following types of data from the Snyk API:

Table 1: Data retrieved from Snyk

Connector ObjectRequiredMaps to Data Model
ComponentYesPackage
IgnoreNoMapped to attributes in Open Source Finding and Static Code Finding
Open Source IssueYesOpen Source Finding
Open Source Issue DefinitionYesOpen Source Finding Definition
ProjectYesCode Project
Static Code IssueYesStatic Code Finding
Static Code Issue DefinitionYesStatic Code Finding Definition
ViolationYesViolation
Violation DefinitionYesViolation Definition
info

For detailed steps on how to view the data retrieved from Snyk in the Brinqa Platform, see How to view your data.

Operation options

The Snyk connector supports the following operation options. See connector operation options for information about how to apply them.

Table 2: Snyk connector operation options

Connector ObjectOptionAll Possible ValuesDescriptionExample
ComponentexcludeOrgAny organization assigned to a Snyk project.Used to retrieve a list of Snyk projects while excluding the projects that belong to a specific organization.Key: excludeOrg Value: myTeam. This key and value combination retrieves all projects and excludes those from the myTeam organization.
project or projectIdAny Snyk project ID.Filters Snyk projects by the specified project ID.Key: projectId Value: 12345. This key and value combination only retrieves projects associated with the Snyk project 12345.
Open source issueincludePathstrueInclude information about the paths where issues were found in the data.Key: includePaths Value: true. This key and value combination retrieves information about the paths where issues reside in the data.
severitieslow, medium, high, or criticalRetrieves issues based on the specified severity level.Key: severities Value: medium. This key and value combination only retrieves issues with a medium severity level.
Open source issue definitionseveritieslow, medium, high, or criticalRetrieves issues based on the specified severity level.Key: severities Value: medium. This key and value combination only retrieves issues with a medium severity level.
typesvuln or licenseRetrieves issues based on whether they are classified as a vulnerability or license issue.Key: types Value: vuln. This key and value combination only retrieves issues that classified as vulnerabilities.
ProjectexcludeOrgAny organization assigned to a Snyk project.Used to retrieve a list of Snyk projects while excluding the projects that belong to a specific organization.Key: excludeOrg Value: myTeam. This key and value combination retrieves all projects and excludes those from the myTeam organization.
project or projectIdAny Snyk project ID.Filters Snyk projects by the specified project ID.Key: projectId Value: 12345. This key and value combination only retrieves projects associated with the Snyk project 12345.
ViolationincludePathstrueInclude information about the paths where violations were found in the data.Key: includePaths Value: true. This key and value combination retrieves information about the paths where violations reside in the data.
note

The option keys and values are case-sensitive as they are shown in this documentation.

APIs

The Snyk connector uses the Snyk API v1. Specifically, it uses the following endpoints:

  • POST https://api.snyk.io/api/v1/org/<orgId>/dependencies

  • POST https://api.snyk.io/api/v1/org/<orgId>/project/<projectId>/aggregated-issues

  • GET https://api.snyk.io/api/v1/org/<orgId>/project/<projectId>/ignores

  • GET https://api.snyk.io/api/v1/org/<orgId>/project/<projectId>/issue/<issueId>/paths

The Synk connector also uses the Snyk REST API, formerly Snyk API v3. Specifically, it uses the following endpoints:

  • GET https://api.snyk.io/rest/orgs/

  • GET https://api.snyk.io/rest/org/{orgId}/projects

  • GET https://api.snyk.io/rest/orgs/{orgId}/issues

  • GET https://api.snyk.io/rest/orgs/{orgId}/issues/detail/code

note

The Snyk API is only available with Enterprise plans. See Snyk documentation for more information.