Snyk is a cybersecurity platform that scans for and surfaces vulnerabilities across your codebase.
Integrating Snyk with Cortex allows you to:
View vulnerabilities on entity pages in Cortex, quickly connecting issues to entities and their owners
Enhance the Snyk experience by aggregating issues into an entity's event timeline so they can be understood in the context of other events, like deploys and on-call incidents
Use to measure entity quality based on Snyk data and drive quality improvements to your security practices
Before getting started:
Create a . The token will need the following read permissions:
View Organization Reports: Lists reporting issue counts.
View Organization: Allows Cortex to get a flattened list of all projects across all orgs.
Once you've created an API token in Snyk, you can create a configuration from .
In Cortex, navigate to the :
Click Integrations from the main nav. Search for and select Snyk.
Click Add configuration.
Configure the integration form:
After saving your configuration, you are redirected to the Snyk integration settings page in Cortex. On this page, you'll see a list of detected organizations pulled from Snyk, along with the unique Snyk ID and internal name associated with each organization.
Cortex uses the Git repository as the "best guess" for the corresponding Snyk project since Snyk projects are connected to repositories. Cortex will search for all Snyk projects across all Snyk organizations and pull in projects associated with the same repository. For example, if the GitHub repo associated with your Snyk instance is my-org/repo, then the entities in Cortex should also be associated with my-org/repo.
You can define projects under the x-cortex-snyk block:
You can define organization with the organization ID or its slug in Snyk.
Once the Snyk integration is set up, you'll be able to find information about vulnerabilities for each entity linked to a discovered repo.
On an overview, see vulnerabilities listed under the Code & security block. Within this block, issues and vulnerabilities are grouped by severity: Critical, High, Medium, and Low. Click into any of these to open a list of all applicable issues and vulnerabilities.
In an entity's sidebar, click Code & security > Snyk to view detected issues and vulnerabilities from Snyk, including the associated organization name and project name.
Because Snyk aggregates problems as "issues," data pulled in from Snyk will be listed as issues, while data pulled in from a Git source will be listed as vulnerabilities.
Vulnerabilities pulled from Git sources display the project name and a severity tag. Each issue pulled from Snyk displays the following information, when available:
Title
Issue ID (linked to the issue in Snyk)
Publish date
Severity tag
Event timeline
Issues from Snyk and vulnerabilities detected in Git appear in the entity's event timeline, which you can find from the Events link in the entity's sidebar. Issues and vulnerabilities display alongside other events, such as K8s changes, Git commits, and on-call incidents.
With the Snyk integration, you can create Scorecard rules and write CQL queries based on Snyk projects.
See more examples in the in Cortex.
Snyk does not currently support aggregated issues in regions outside of the U.S.A. Please use .issues() rather than .numOfIssues() if in a non-U.S.A. region.
Cortex fetches issues and vulnerabilities from Snyk and Git sources in real time. Depending on the volume of data, it may take additional time for the data to load on an entity page.
Projects from Snyk are synced every 6 hours.
The following options are available to get assistance from the Cortex Customer Engineering team:
Email: , or open a support ticket in the in app Resource Center
Slack: Users with a connected Slack channel will have a workflow added to their account. From here, you can either @CortexTechnicalSupport or add a :ticket: reaction to a question in Slack, and the team will respond directly.
Don’t have a Slack channel? Talk with your Customer Success Manager.
View Project History: Allows Cortex to get project history.View Project: Lists issues for a project.
API token: Enter the API token you generated in Snyk.
Region: Enter the Snyk region where your data is hosted. The default region is USA.
Click Save.
CVSS score
Disclosure time
Exploit maturity
Issue ID
Language
Nearest fixed version
Original severity
Package name
Priority score
Publication time
Severity
Type
URL
Boolean characteristics:
Fixable or partially fixable
Ignored
Malicious
Definition: snyk.issues()
Example
The Scorecard's top level might include a rule to ensure that entities have a low number of Snyk issues.
To indicate progress over time and incentivize further improvement, you could set an intermediate rule with a slightly higher count of Snyk issues.
If an entity has a Snyk project set and only one or two issues, it will achieve the highest level by these standards. An entity with a Snyk project set and three or four issues will achieve the next-highest level, while an entity with a Snyk project set and five or more issues will achieve the lowest level. Entities without a Snyk project will not achieve any level, regardless of how many issues they have.
You can also write more complex rules to set more specific standards. Instead of setting a rule for a moderate number of Snyk issues, you could check that entities have no outstanding critical issues.
organization
The organizationID or organizationSlug in Snyk
✓
projectId
The projectID defined in Snyk
✓
source
Enum field that can be set to either CODE or OPEN_SOURCE to indicate the Snyk product type; defaults to OPEN_SOURCE when not set
x-cortex-snyk:
projects:
- organization: org-name
projectId: 01234567-e65f-4b7b-a8b1-5b642894ec37
source: CODEsnyk != nullsnyk.issues() < 3snyk.issues() < 5snyk.issues(severity=["CRITICAL"], fixability=["FIXABLE"]) <= 0Pinnable
Upgradable
On the integration settings page, click the Logs tab to view logs from the last 7 days. Learn more in Troubleshooting with integration logs.