Third-party integrations for Snyk AppRisk
The Integrations page shows all active integrations, including data from your existing Snyk Organizations that are automatically synced and provides access to the Integration Hub.
The Loaded package risk factor is not supported by Snyk for operating system packages (such as Debian packages), only for packages which are hosted under package managers such as npm, Maven, or PyPI.
You can customize your AppRisk integrations from the Integrations Hub where the following integrations are available:
Data synchronization may take up to two hours after receiving the Connected status from a new integration setup.
Veracode setup guide
Release status
Veracode is in Early Access and available with Snyk AppRisk Pro. If you want to set it up in your Group, contact your Snyk account team.
Prerequisites
The Veracode application concept is matched into the Snyk AppRisk repository assets. You need to create and utilize the Veracode custom field by using the Veracode API. Access the Veracode custom metadata field for more details.
Ensure you are adding a custom field called repoURL:
Required parameters
API ID and API Key - API credentials associated with a user account. For more information, access the Veracode API credentials link.
Integration Hub setup
Open the Integration Hub menu.
Select the SAST tag and search for Veracode.
Click the Add button.
Add the profile name for this integration.
Add the API ID from your Veracode account.
Add the API key from your Veracode account.
Click the Done button.
When the connection is established, the status of the Veracode integration is changed to Connected.
Checkmarx setup guide
Release status
Checkmarx is in Early Access and available with Snyk AppRisk Pro. If you want to set it up in your Group, contact your Snyk account team.
Use the following instructions to set up your Checkmarx SAST integration. Checkmarx SAST integration is only working for the Checkmarx SAST, we are not yet supporting Checkmarx One.
Snyk AppRisk Pro does not support the Checkmarx One integration.
Prerequisites
Install and configure your Snyk Broker connection for Snyk AppRisk.
Ensure you have properly used Git Setting for your Checkmarx Project. Access the Checkmarx Set project's remote source settings as GIT documentation page for more details.
Required parameters
API URL - The URL of Checkmarx API, for example,
checkmarx.customer.com.Username and Password - Credentials for a user account with Checkmarx SAST access.
Integration Hub setup
After you have installed and configured Snyk Broker for AppRisk and you successfully established a connection for Checkmarx SAST, you also need to configure the integration from the Snyk AppRisk Integration Hub.
Open the Integration Hub menu.
Select the SAST tag and search for Checkmarx.
Click the Add button.
Add the profile name for this integration.
Add the Broker token for the Snyk AppRisk Checkmarx integration.
Add the Checkmarx host. For example
checkmarx.customer.comClick the Done button.
When the connection is established, the status of the Checkmarx integration is changed to Connected.
SonarQube setup guide
Release status
SonarQube is in Early Access and available with Snyk AppRisk Pro. If you want to set it up in your Group, contact your Snyk account team.
Required parameters
API Key. Here you can find more details about the SonarQube API Key.
Integration Hub setup
Open the Integration Hub menu.
Select the SAST tag and search for SonarQube.
Click the Add button.
Add the Profile name for this integration.
Add the Host URL for this integration.
Add the API token. Navigate to your SonarQube account, select User, select My Account, select Security, and then User Token. Access the SonarQube generating and using tokens documentation page for more details about the SonarQube API Key.
Click the Done button.
When the connection is established, the status of the SonarQube integration is changed to Connected.
Nightfall setup guide
Release status
Nightfall is in Closed beta and available with Snyk AppRisk Pro. If you want to set it up in your Group, contact your Snyk account team.
Required parameters
API Key. Access the Nightfall Creating an API Key documentation page for more details about how to create a Nightfall API key.
Integration Hub setup
Open the Integration Hub menu.
Select the Secrets tag and search for Nightfall.
Click the Add button.
Add the Profile name for this integration.
Add the Base API URL for this integration.
Add the API Key for this integration.
Click the Done button.
When the connection is established, the status of the Nightfall integration is changed to Connected.
The following video provides an overview of the Nightfall configuration from the Integration Hub:
After you set up your Nightfall integration using the Integration Hub, you can see the secrets detection coverage.
GitGuardian setup guide
Release status
GitGuardian is in Early Access and available with Snyk AppRisk Pro. If you want to set it up in your Group, contact your Snyk account team.
Required parameters
API Key. Access the GitGuardian authentication documentation page for more details about how to create a GitGuardian API Key.
When you create a GitGuardian API Key, remember that it works for both service accounts and personal access token.
Ensure that the following permissions are set as READ:
Incident (
mandatory)Teams (
recommendedfor GitGuardian paid accounts)
Integration Hub setup
Open the Integration Hub menu.
Select the Secrets tag and search for GitGuardian.
Click the Add button.
Add the Profile name for this integration.
Add the API Token for this integration.
Click the Done button.
When the connection is established, the status of the GitGuardian integration is changed to Connected.
The following video provides an overview of the GitGuardian configuration from the Integration Hub:
After you set up your GitGuardian integration using the Integration Hub, you can see the secrets detection coverage:
Jira setup guide
Release status
Jira is in Closed Beta and available with Snyk AppRisk Essentials and Snyk AppRisk Pro. If you want to set it up in your Group, contact your Snyk account team.
Required parameters
API Key - Access the Jira API tokens documentation page for more details about how to generate a Jira API Token.
Ensure you have the correct user permissions before creating the API Token.
Integration Hub setup
Open the Integration Hub menu.
Select the ITSM tag and search for Jira.
Click the Add button.
Add the Profile name for this integration.
Add the API Token for this integration.
Add the User Email used for this integration.
Add the Host URL for this integration.
Click the Done button.
When the connection is established, the status of the Nightfall integration is changed to Connected.
You can add only one Jira profile to the Jira integration.
Types of Jira integrations
Multiple Jira integrations are available when using Snyk, each designed to support specific needs.
Jira - Manually create a ticket for issues from Snyk.
Jira Script - Automatically create tickets for new vulnerabilities.
Security in Jira - View vulnerability information in Jira and create a ticket from Jira. The ticket is not visible in Snyk.
Jira for Snyk AppRisk - As part of the policy action, you can automatically create Jira tickets from Snyk AppRisk Assets.
The following table presents the functionality of all types of Jira integrations available in Snyk, specifies the supported Jira platform, the expected outcome, the authentication type, and the level of availability in Snyk.
| Jira integration type | Functionality | Authentication |
|---|---|---|
Jira | Create a manual ticket for issues from Snyk. Supported for: - Jira On-Cloud - Jira Data Centre Outcome: - Create Issue tickets | Authentication type: Personal Access Token Availability level: Snyk Organization |
Automatically create tickets for new vulnerabilities. Supported for: - Jira On-Cloud - Jira Data Centre Outcome: - Create Issue tickets | Authentication type: Personal Access Token Availability level: Snyk Organization | |
View vulnerability information in Jira and create a ticket from Jira. * Jira ticket is not visible in Snyk. Supported for: - Jira On-Cloud Outcome: - Create Issue tickets | Authentication type: JWT(JSON Web Token) as part of the Connect App framework. Availability level: Snyk Organization | |
Use the "Create Jira ticket" action from a Snyk policy to create Jira tickets from Snyk AppRisk Assets automatically. Supported for: - Jira On-Cloud - Jira Data Centre (coming soon) Outcome: - Create Asset tickets | Authentication type: Personal Access Token Availability level: Snyk Group |
Dynatrace setup guide
Release status
The Dynatrace integration is in Closed Beta and available with Snyk AppRisk Pro.
If you want to set it up in your Group, contact your Snyk account team.
The following risk factors are reported from the Dynatrace runtime integration: Deployed, and Loaded package.
Prerequisites
Use Dynatrace SaaS on the DPS licensing model.
The Dynatrace Kubernetes app is configured to monitor at least one cluster.
The user is associated with a group that has permissions (through policies) to query the entity model. In the Dynayrace policy, set the following permission:
storage:entities:read.
Comply with the following steps before integrating Dynatrace with Snyk AppRisk:
Retrieve the
account-uuidfrom your Dynatrace account. Navigate to the Dynatrace accounts page and select the account whose environment you want to integrate into Snyk. Identify theaccount-uuidin the URL and save it for later use.Ensure you have OneAgent deployed in your Kubernetes environment. Navigate to
SettingsthenEnvironmentsand select the environment you want to integrate into Snyk. Save the environment ID for later use (available in the URL of the new window as well). ClickDeploy OneAgentthenKubernetesand follow the instructions. Ensure OneAgent is running in full-stack mode.Ensure your deployment is activated. On your environment's page, click
Kubernetes, thenRecommendationsand activate the cluster where you deployed OneAgent.Create an OAuth client with the right permissions. Navigate to the Dynatrace accounts page, then to
Identity & access management. SelectOAuth clientsand clickCreate client. Fill in the details and check the following permissions; then clickCreate client:
Save the Client ID and Client secret for later and click
Finish.
Required parameters
Account UUID - the
account-uuidof your Dynatrace account.Environment ID - the ID of the environment monitored in Dynatrace.
OAuth client ID - the ID of the OAuth client created in the prerequisites.
OAuth client secret - the secret of the OAuth client created in the prerequisites.
Integration Hub setup
Open the Integration Hub menu.
Select the Runtime tag and search for Dynatrace.
Click the Add button.
Edit the Profile name of your integration.
Enter the Account UUID.
Enter the Environment ID.
Enter the OAuth client ID.
Enter the OAuth client secret.
Click the Done button.
When the connection is established, the Dynatrace integration status changes to Connected.
After the Dynatrace runtime data becomes available from the runtime integration, it will appear in Snyk AppRisk within a few hours.
Sysdig setup guide
Release status
The Sysdig integration is in Closed Beta and available with Snyk AppRisk Pro.
If you want to set it up in your Group, contact your Snyk account team.
The following risk factors are reported from the Sysdig runtime integration: Deployed, and Loaded package.
Prerequisites
The account must have access to Sysdig Secure product.
Contact your Sysdig representative to activate the in-use packages feature flag.
Required parameters
Account API Token - Navigate to the Retrieve the Sysdig API token page for details on how to retrieve your Sysdig API Token.
The Account API Token must be a Sysdig Secure API token and not a Sysdig Monitor API Token.
Region - Navigate to the Sysdig SAAS regions and IP ranges page for details about the Sysdig region URLs.
Known limitations
If the Sysdig Agent is not deployed on every node of a cluster, runtime data available from this integration may be incomplete.
Various Sysdig scans run at different intervals, which may cause a delay between applying changes to a resource within a cluster and reporting this information through the integration.
Integration Hub setup
Open the Integration Hub menu.
Select the Runtime tag and search for Sysdig.
Click the Add button.
Add the Profile name for this integration.
Add the Account API Token.
Set the Sysdig region.
Click the Done button.
When the connection is established, the status of the Sysdig integration is changed to Connected.
After the Sysdig runtime data becomes available from the runtime integration, it will appear in Snyk AppRisk within a few hours.
Orca Security setup guide
Release status
The Orca Security integration is in Closed Beta and available with Snyk AppRisk Pro.
If you want to set it up in your Group, contact your Snyk account team.
The following risk factors are reported from the Orca runtime integration: Deployed.
Prerequisites
Connect your vendor account to Orca. Navigate to the Connecting Accounts documentation for more details.
Connect your cluster to Orca. Navigate to the Connecting Clusters using Kubernetes Connector documentation for more details.
Required parameters
API Token - generate an API token for Orca.
Create the Orca API Token by following these steps:
Open your Orca account, click Settings, then Users and Permissions, then API.
Click Add API Token.
Fill in the fields Name and Description for the API Token.
Select an Expiration date for the API Token.
Select Integration Configuration as a Role.
Check Scope access to specific resources and Accounts.
Select the account you want to integrate.
Integration Hub setup
Open the Integration Hub menu.
Select the Runtime tag and search for Orca.
Click the Add button.
Add the Profile name for this integration.
Add the API Token.
Set the URL.
Click the Done button.
When the connection is established, the status of the Orca integration is changed to Connected.
CrowdStrike setup guide
Release status
The CrowdStrike integration is in Closed Beta and available with Snyk AppRisk Pro.
If you want to set it up in your Group, contact your Snyk account team.
The following risk factor is reported from the CrowdStrike runtime integration: Deployed risk factor.
Prerequisites
Deploy the Falcon Kubernetes Protection Agent (KPA) to the cluster.
Include the following scopes in the API Client:
Falcon Container CLI - write
Falcon Container Image - read/write
Falcon Images Download - read
Kubernetes Protection Agent - write
Kubernetes Protection - read/write
Sensor Download - read
Required parameters
After generating the API Client following the Falcon Kubernetes Protection Agent (KPA) deployment, the Client ID and the Client Secret are generated.
Client ID - To retrieve the Client ID, follow these steps:
Left side navigation bar -> Support and resources -> API clients and keys.
Under OAuth2 API Clients press on Create API Client.
Select the API Client used in the Falcon Kubernetes Protection Agent (KPA).
You can find the Client ID on the right side, under the details of the API Client.
Client Secret - This value is available only at the first generation and cannot be accessed afterward.
URL - Select the URL based on your network environment.
Integration Hub setup
Open the Integration Hub menu.
Select the CNAPP tag and search for CrowdStrike.
Click the Add button.
Add the Profile name for this integration.
Add the Client ID.
Add the Client Secret.
Set the URL.
Click the Done button.
When the connection is established, the status of the CrowdStrike integration is changed to Connected.
After the CrowdStrike runtime data becomes available from the runtime integration, it will appear in Snyk AppRisk within a few hours.
SentinelOne setup guide
Release status
The SentinelOne integration is in Closed Beta and available with Snyk AppRisk Pro.
If you want to set it up in your Group, contact your Snyk account team.
The following risk factor is reported from the SentinelOne runtime integration: Deployed risk factor.
Prerequisites
You must be a customer of Cloud Workload Protection Platform (CWPP).
Your SentinelOne license needs to include the following SKUs:
CWS for Containers,CWS for Serverless ContainersorCWS for Servers
Required parameters
Navigate to the SentinelOne Community page for more details about the required parameters.
Account IDs
Navigate to Settings, then Accounts.
Select the account you want to integrate.
Navigate to ACCOUNT INFO.
Copy the ACCOUNT ID.
Site IDs
Navigate to Settings, then Sites.
Select the site you want to integrate.
Navigate to SITE INFO.
Copy the SITE ID.
API token
Navigate to Settings, Users, then Service Users.
Click on Actions, then Create New Service User.
Give the new service user a name and a description, and select an Expiration Date for it. When the expiration date is reached, the integration will need to be reset.
Select the desired Sites.
Click on Create User.
Enter your 2FA code.
Copy the API Token.
Alternatively, you can use an existing API Token.
Integration Hub setup
Open the Integration Hub menu.
Select the CWPP tag and search for SentinelOne.
Click the Add button.
Add the Profile name for this integration.
Add the SentinelOne account IDs.
Add the SentinelOne site IDs.
Add the API token.
Click the Done button.
When the connection is established, the status of the SentinelOne integration is changed to Connected.
Last updated