Google Security Command Center

Release status

The Google Cloud Security Command Center integration is in Early Access, and is available to all customers on a Snyk Enterprise plan.

The Google Cloud Security Command Center (SCC) integration sends Snyk issues to SCC, enabling you to view and manage Snyk issues alongside cloud security findings from Google Cloud in a single pane of glass. Snyk issues are represented in SCC as code security findings. When Snyk issues are updated, corresponding SCC findings are automatically updated as well.

Use the following instructions to set up the Google Security Command Center integration:

Access the Google Cloud SCC Console using the Snyk for SCC marketplace listing to create a Finding Source
Set up the integration using either the Snyk Web UI (recommended) or the REST API.

Prerequisites

Snyk: A Snyk user account with permissions to edit and view Group integrations
Google Cloud: A Google Cloud organization with Security Command Center enabled. See the Google Cloud Activate Security Command Center page for more details on how to enable it.

Create the Finding Source using the Google Cloud SCC Console

In the SCC console, navigate to Marketplace and search for Snyk. Alternatively, navigate directly to the Snyk for SCC marketplace listing.
Click SIGN UP WITH PARTNER to install the Snyk for SCC integration. During this process, you will create a Findings Source for Snyk and a Service Account with Security Center Findings Editor permissions.
Navigate to Google Cloud IAM and locate the Service Account you created in the previous step, then create a service account key in JSON format.
Make a note of the Source ID (Findings Source name) and the Service Account Key, as you will need to provide them to the Snyk Web UI.

You can then set up the integration in Snyk using the Snyk Web UI or REST API.

Set up the integration using the Snyk Web UI

Required parameters

Source ID (Finding Source Name) - Identifies the name of the organization source. The Google organization ID is parsed automatically from this field.
JSON Service Account Key File - Authenticates with Google Cloud.

Integration Hub setup

Open the Integration Hub menu.
Select the Issue Forwarding tag and search for Google SCC.
Click the Add button.
Add the Profile name for this integration.
Add the Org ID for the Google Cloud project that holds the Kubernetes cluster.
Add the JSON Service Account Key File.
Add the Source ID (Findings Source Name).
Click the Done button.
When the connection is established, the Google SCC integration status changes to Connected.

Set up the integration using the Snyk REST API

The integration profiles set up with the REST API will not be visible at the Group-level on the Snyk Web UI Integrations page.

Use the following API request template:

curl --location 'https://api.snyk.io/rest/groups/<SNYK_GROUP_ID>/cloud_events/group_registrations?version=2023-01-25~experimental' \
--header 'Content-Type: application/vnd.api+json' \
--header 'Authorization: token <SNYK_API_TOKEN>' \
--data '{
	"data": {
	"type": "group_registration",
	"attributes": {
			"type": "google-securitycommandcenter",
			"name": "Test Google SCC integration",
			"config": {
				"org_id": "<GCP_ORG_ID>",
				"finding_source_name": "<GCP_FINDING_SOURCE_NAME>"
			},
			"credentials": "<GCP_SERVICE_ACCOUNT_KEY>"
		}
	}
}'

Replace the following placeholders:

<SNYK_GROUP_ID> - the group ID for your Snyk Group
<SNYK_API_TOKEN> - the Snyk API token (see Prerequisites above)
<GCP_ORG_ID> - your Google Cloud organization ID. See the Google Cloud Getting your organization resource ID page for more details.
<GCP_FINDING_SOURCE_NAME> - the full relative resource name / Source ID for the finding source created in the previous step
<GCP_SERVICE_ACCOUNT_KEY> - the full JSON service account key (see Prerequisites above).

The JSON service account key must be string encoded, for example, double quotes must be escaped and new lines removed. One way to do this would be to use the javascript function JSON.stringify() in a local javascript environment.

Fetch the integration

To fetch an existing SCC integration, make the following API request. Replace the placeholders with actual values.

curl --location 'https://api.snyk.io/rest/groups/<SNYK_GROUP_ID>/cloud_events/group_registrations?version=2023-01-25~experimental' \

--header 'Authorization: token <SNYK_API_TOKEN>' \

--header 'Content-Type: application/vnd.api+json'

This will return a list of integration registrations, including the SCC integration created earlier.

Delete the integration

You can create an API request to delete the integration. Use the fetch the integration API call to obtain the integration ID, then make the following call, replacing <REGISTRATION_ID> with the ID returned from the fetch request:

curl --location --request DELETE 'https://api.snyk.io/rest/groups/<SNYK_GROUP_ID>/cloud_events/group_registrations/<REGISTRATION_ID>?version=2023-01-25~experimental' \

--header 'Content-Type: application/vnd.api+json' \

--header 'Authorization: token <SNYK_API_TOKEN>'

PreviousAWS Security Hub NextVulnerability management tools

Last updated 16 days ago

Was this helpful?