Third-party integrations for Snyk AppRisk
Last updated
Last updated
More information
Snyk privacy policy© 2024 Snyk Limited | All product and company names and logos are trademarks of their respective owners.
The Integrations page shows all active integrations, including data from your existing Snyk Organizations that are automatically synced and provides access to the Integration Hub.
The Loaded package risk factor is not supported by Snyk for operating system packages (such as Debian packages), only for packages which are hosted under package managers such as npm, Maven, or PyPI.
You can customize your AppRisk integrations from the Integrations Hub where the following integrations are available:
Data synchronization may take up to two hours after receiving the Connected status from a new integration setup.
After you finish setting up an integration, you can see it listed with a Connected status.
Release status
Veracode for Snyk AppRisk Pro is in Early Access and available only with Snyk Enterprise plans with Snyk AppRisk Pro. If you want to set it up in your Group, contact your Snyk account team.
The Veracode application concept is matched into the Snyk AppRisk repository assets. You need to create and utilize the Veracode custom field by using the Veracode API. Access the Veracode custom metadata field for more details.
Ensure you are adding a custom field called repoURL:
API ID and API Key - API credentials associated with a user account. For more information, access the Veracode API credentials link.
Open the Integration Hub menu.
Select the SAST tag and search for Veracode.
Click the Add button.
Add the profile name for this integration.
Add the API ID from your Veracode account.
Add the API key from your Veracode account.
Click the Done button.
When the connection is established, the status of the Veracode integration is changed to Connected.
Release status
Checkmarx for Snyk AppRisk Pro is in Early Access and available only with Snyk Enterprise plans with Snyk AppRisk Pro. If you want to set it up in your Group, contact your Snyk account team.
Use the following instructions to set up your Checkmarx SAST integration. Checkmarx SAST integration is only working for the Checkmarx SAST, we are not yet supporting Checkmarx One.
Snyk AppRisk Pro does not support the Checkmarx One integration.
Install and configure your Snyk Broker connection for Snyk AppRisk.
Ensure you have properly used Git Setting for your Checkmarx Project. Access the Checkmarx Set project's remote source settings as GIT documentation page for more details.
API URL - The URL of Checkmarx API, for example, checkmarx.customer.com
.
Username and Password - Credentials for a user account with Checkmarx SAST access.
After you have installed and configured Snyk Broker for AppRisk and you successfully established a connection for Checkmarx SAST, you also need to configure the integration from the Snyk AppRisk Integration Hub.
Open the Integration Hub menu.
Select the SAST tag and search for Checkmarx.
Click the Add button.
Add the profile name for this integration.
Add the Broker token for the Snyk AppRisk Checkmarx integration.
Add the Checkmarx host. For example checkmarx.customer.com
Click the Done button.
When the connection is established, the status of the Checkmarx integration is changed to Connected.
Release status
SonarQube for Snyk AppRisk Pro is in Early Access and available only with Snyk Enterprise plans with Snyk AppRisk Pro. If you want to set it up in your Group, contact your Snyk account team.
API Key. Here you can find more details about the SonarQube API Key.
Open the Integration Hub menu.
Select the SAST tag and search for SonarQube.
Click the Add button.
Add the Profile name for this integration.
Add the Host URL for this integration.
Add the API token. Navigate to your SonarQube account, select User, select My Account, select Security, and then User Token. Access the SonarQube generating and using tokens documentation page for more details about the SonarQube API Key.
Click the Done button.
When the connection is established, the status of the SonarQube integration is changed to Connected.
Release status
Nightfall for Snyk AppRisk Pro is in Early Access and available only with Snyk Enterprise plans with Snyk AppRisk Pro. If you want to set it up in your Group, contact your Snyk account team.
API Key. Access the Nightfall Creating an API Key documentation page for more details about how to create a Nightfall API key.
Open the Integration Hub menu.
Select the Secrets tag and search for Nightfall.
Click the Add button.
Add the Profile name for this integration.
Add the Base API URL for this integration.
Add the API Key for this integration.
Click the Done button.
When the connection is established, the status of the Nightfall integration is changed to Connected.
The following video provides an overview of the Nightfall configuration from the Integration Hub:
After you set up your Nightfall integration using the Integration Hub, you can see the secrets detection coverage.
Release status
GitGuardian for Snyk AppRisk Pro is in Early Access and available only with Snyk Enterprise plans with Snyk AppRisk Pro. If you want to set it up in your Group, contact your Snyk account team.
API Key. Access the GitGuardian authentication documentation page for more details about how to create a GitGuardian API Key.
When you create a GitGuardian API Key, remember that it works for both service accounts and personal access token.
Ensure that the following permissions are set as READ:
Incident (mandatory
)
Teams (recommended
for GitGuardian paid accounts)
Open the Integration Hub menu.
Select the Secrets tag and search for GitGuardian.
Click the Add button.
Add the Profile name for this integration.
Add the API Token for this integration.
Click the Done button.
When the connection is established, the status of the GitGuardian integration is changed to Connected.
The following video provides an overview of the GitGuardian configuration from the Integration Hub:
After you set up your GitGuardian integration using the Integration Hub, you can see the secrets detection coverage:
Release status
Dynatrace for Snyk AppRisk Pro is in Early Access and available only with Snyk Enterprise plans with Snyk AppRisk Pro. If you want to set it up in your Group, contact your Snyk account team.
The following risk factors are reported from the Dynatrace runtime integration: Deployed, and Loaded package.
The supported languages for the Loaded package risk factor reported from the Dynatrace integration are detailed on the Dynatrace Supported technologies page.
Use Dynatrace SaaS on the DPS licensing model.
The Dynatrace Kubernetes app is configured to monitor at least one cluster.
The user is associated with a group that has permissions (through policies) to query the entity model. In the Dynayrace policy, set the following permission: storage:entities:read
.
Comply with the following steps before integrating Dynatrace with Snyk AppRisk:
Retrieve the account-uuid
from your Dynatrace account. Navigate to the Dynatrace accounts page and select the account whose environment you want to integrate into Snyk. Identify the account-uuid
in the URL and save it for later use.
Ensure you have OneAgent deployed in your Kubernetes environment. Navigate to Settings
then Environments
and select the environment you want to integrate into Snyk. Save the environment ID for later use (available in the URL of the new window as well). Click Deploy OneAgent
then Kubernetes
and follow the instructions. Ensure OneAgent is running in full-stack mode.
Ensure your deployment is activated. On your environment's page, click Kubernetes
, then Recommendations
and activate the cluster where you deployed OneAgent.
Under account management:
Create a new Permissions Group. Add the following permissions to the group:
Enable View and manage account and billing information
under Account Management permissions.
Add both All Grail data read access
and Read Events
under general permissions.
Create a new, dedicated user to be used by the integration and assign to it the newly created Permissions Group mentioned above.
Create a new OAuth client:
Set the Service User Email as the email address of the newly generated user mentioned above.
Set the Permissions for the client - Under Grail data ingest and query
select View entities (storage:entities:read)
.
Ensure to hold a copy of the Client ID
and Client Secret
to be used in a later phase when configuring the integration in Snyk.
Account UUID - the account-uuid
of your Dynatrace account.
Environment ID - the ID of the environment monitored in Dynatrace.
OAuth client ID - the ID of the OAuth client created in the prerequisites.
OAuth client secret - the secret of the OAuth client created in the prerequisites.
Open the Integration Hub menu.
Select the Runtime tag and search for Dynatrace.
Click the Add button.
Edit the Profile name of your integration.
Enter the Account UUID.
Enter the Environment ID.
Enter the OAuth client ID.
Enter the OAuth client secret.
Click the Done button.
When the connection is established, the Dynatrace integration status changes to Connected.
After the Dynatrace runtime data becomes available from the runtime integration, it will appear in Snyk AppRisk within a few hours.
Release status
Sysdig for Snyk AppRisk Pro is in Early Access and available only with Snyk Enterprise plans with Snyk AppRisk Pro. If you want to set it up in your Group, contact your Snyk account team.
The following risk factors are reported from the Sysdig runtime integration: Deployed, and Loaded package.
The supported languages for the Loaded package risk factor are: Go, Java, JavaScript/TypeScript and Python.
The account must have access to Sysdig Secure product.
Contact your Sysdig representative to activate the in-use packages feature flag.
Service Account API Token - Navigate to the Service Account setup instructions page for details on how to create a Sysdig Service Account in order to obtain an API Token.
Set View Only as the Role for this Service Account.
Set an Expiration Date for the Service Account. After the Service Account expires, the Sysdig integration will no longer be able to pull information until updated with a new Service Account.
The created Service Account must be under Sysdig Secure, not Sysdig Monitor.
Region - Navigate to the Sysdig SAAS regions and IP ranges page for details about the Sysdig region URLs.
If the Sysdig Agent is not deployed on every node of a cluster, runtime data available from this integration may be incomplete.
Various Sysdig scans run at different intervals, which may cause a delay between applying changes to a resource within a cluster and reporting this information through the integration.
Open the Integration Hub menu.
Select the Runtime tag and search for Sysdig.
Click the Add button.
Add the Profile name for this integration.
Add the Account API Token.
Set the Sysdig region.
Click the Done button.
When the connection is established, the status of the Sysdig integration is changed to Connected.
After the Sysdig runtime data becomes available from the runtime integration, it will appear in Snyk AppRisk within a few hours.