Skip to main content

Snyk

CatalogScorecards

Summary​

Snyk is a security platform that allows team sto find and fix vulnerabilities in their code. You can use Snyk to drive insights into values such as:

  • Vulnerabilities

Setup​

In order to connect Cortex to your Snyk instance, you’ll need to create a Snyk API Token, and add it under Settings → Snyk.

Service Registration​

Discovery​

Cortex uses the Git repository attached to the service in the Service Descriptor to automatically discover the associated Snyk projects. It does so by getting a list of all Snyk projects across all Snyk organizations, and finding any projects that are associated with the same repository.

Service Descriptor​

If you need to override the automatic discovery, you can define the following block in your Cortex Service Descriptor.

x-cortex-snyk:
projects:
- organizationId: 01234567-e65f-4b7b-a8b1-5b642894ec37
projectId: 01234567-e65f-4b7b-a8b1-5b642894ec37

The value for organizationId and projectId should be the organizationId and projectId as defined in Snyk.