Support
API docs
Product updates Sign up for free

Connect a third-party integration

The third-party integrations are available in a Closed Beta state and are applicable only to the Snyk AppRisk Pro version. Please contact your salesperson if you are interested in Snyk AppRisk Pro.

The Integrations page shows all active integrations, including data from your existing Snyk Organizations that is automatically synced and provides access to the Integration Hub.

You can customize your AppRisk integrations from the Integrations Hub where the following SAST and Secrets integrations are available:

SAST:

Secrets:

Runtime:

ITSM:

App Context:

Data synchronization may take up to two hours after receiving the Connected status from a new integration setup.

Veracode setup guide

Prerequisites

The Veracode application concept is matched into the Snyk AppRisk repository assets. You need to create and utilize the Veracode custom field by using the Veracode API. More details about the Veracode custom field are available here.

Ensure you are adding a custom field called repoURL:

{
"name": "repoURL", 
"value": <YOUR GITHUB URL>
}

Required parameters

Integration Hub setup

  1. Open the Integration Hub menu.

  2. Select the SAST tag and search for Veracode.

  3. Click the Add button.

  4. Add the profile name for this integration.

  5. Add the API ID from your Veracode account.

  6. Add the API key from your Veracode account.

  7. Click the Done button.

  8. When the connection is established, the status of the Veracode integration is changed to Connected.

Checkmarx setup guide

Use the following instructions to set up your Checkmarx SAST integration. Checkmarx SAST integration is only working for the Checkmarx SAST, we are not yet supporting Checkmarx One.

Snyk AppRisk Pro does not currently support the Checkmarx One integration.

Prerequisites

  • Install and configure your Snyk Broker connection for Snyk AppRisk.

Required parameters

  1. API URL - The URL of Checkmarx API, for example, checkmarx.customer.com.

  2. Username and Password - Credentials for a user account with Checkmarx SAST access.

Integration Hub setup

After you have installed and configured Snyk Broker for AppRisk and you successfully established a connection for Checkmarx SAST, you also need to configure the integration from the Snyk AppRisk Integration Hub.

  1. Open the Integration Hub menu.

  2. Select the SAST tag and search for Checkmarx.

  3. Click the Add button.

  4. Add the profile name for this integration.

  5. Add the Broker token for the Snyk AppRisk Checkmarx integration.

  6. Add the Checkmarx host. For example checkmarx.customer.com

  7. Click the Done button.

  8. When the connection is established, the status of the Checkmarx integration is changed to Connected.

SonarQube setup guide

Required parameters

  • API Key. Here you can find more details about the SonarQube API Key.

Integration Hub setup

  • Open the Integration Hub menu.

  • Select the SAST tag and search for SonarQube.

  • Click the Add button.

  • Add the Profile name for this integration.

  • Add the Host URL for this integration.

  • Add the API token. Navigate to your SonarQube account, select User, select My Account, select Security, and then User Token. Here you can find more details about the SonarQube API Key.

  • Click the Done button.

  • When the connection is established, the status of the SonarQube integration is changed to Connected.

Nightfall setup guide

Required parameters

  • API Key. Here you can find more details about how to create a Nightfall API key.

Integration Hub setup

  1. Open the Integration Hub menu.

  2. Select the Secrets tag and search for Nightfall.

  3. Click the Add button.

  4. Add the Profile name for this integration.

  5. Add the Base API URL for this integration.

  6. Add the API Key for this integration.

  7. Click the Done button.

  8. When the connection is established, the status of the Nightfall integration is changed to Connected.

The following video provides an overview of the Nightfall configuration from the Integration Hub:

Liked the video? Checkout the rest of the course on Snyk Learn!

After you set up your Nightfall integration using the Integration Hub, you can see the secrets detection coverage.

Liked the video? Checkout the rest of the course on Snyk Learn!

GitGuardian setup guide

Required parameters

  • API Key. Here you can find more details about how to create a GitGuardian API Key.

When you create a GitGuardian API Key, remember that it works for both service accounts and personal access token.

Ensure that the following permissions are set as READ:

  • Incident (mandatory)

  • Teams (recommended for GitGuardian paid accounts)

Integration Hub setup

  1. Open the Integration Hub menu.

  2. Select the Secrets tag and search for GitGuardian.

  3. Click the Add button.

  4. Add the Profile name for this integration.

  5. Add the API Token for this integration.

  6. Click the Done button.

  7. When the connection is established, the status of the GitGuardian integration is changed to Connected.

The following video provides an overview of the GitGuardian configuration from the Integration Hub:

Liked the video? Checkout the rest of the course on Snyk Learn!

After you set up your GitGuardian integration using the Integration Hub, you can see the secrets detection coverage:

Liked the video? Checkout the rest of the course on Snyk Learn!

Jira setup guide

Required parameters

Ensure you have the correct user permissions before creating the API Token.

Integration Hub setup

  • Open the Integration Hub menu.

  • Select the ITSM tag and search for Jira.

  • Click the Add button.

  • Add the Profile name for this integration.

  • Add the API Token for this integration.

  • Add the User Email used for this integration.

  • Add the Host URL for this integration.

  • Click the Done button.

  • When the connection is established, the status of the Nightfall integration is changed to Connected.

You can add only one Jira profile to the Jira integration.

Types of Jira integrations

Multiple Jira integrations are available when using Snyk, each designed to support specific needs.

  • Jira - Manually create a ticket for issues from Snyk.

  • Jira Script - Automatically create tickets for new vulnerabilities.

  • Security in Jira - View vulnerability information in Jira and create a ticket from Jira. The ticket is not visible in Snyk.

  • Jira for Snyk AppRisk - As part of the policy action, you can automatically create Jira tickets from Snyk AppRisk Assets.

The following table presents the functionality of all types of Jira integrations available in Snyk, specifies the supported Jira platform, the expected outcome, the authentication type, and the level of availability in Snyk.

Jira integration typeFunctionalityAuthentication

Jira

Create a manual ticket for issues from Snyk. Supported for: - Jira On-Cloud - Jira Data Centre Outcome: - Create Issue tickets

Authentication type: Personal Access Token

Availability level: Snyk Organization

Jira Script

Automatically create tickets for new vulnerabilities. Supported for: - Jira On-Cloud - Jira Data Centre Outcome: - Create Issue tickets

Authentication type: Personal Access Token

Availability level: Snyk Organization

Security in Jira

View vulnerability information in Jira and create a ticket from Jira. * Jira ticket is not visible in Snyk. Supported for: - Jira On-Cloud Outcome: - Create Issue tickets

Authentication type: JWT(JSON Web Token) as part of the Connect App framework.

Availability level: Snyk Organization

Jira for Snyk AppRisk

Use the "Create Jira ticket" action from a Snyk policy to create Jira tickets from Snyk AppRisk Assets automatically. Supported for: - Jira On-Cloud - Jira Data Centre (coming soon) Outcome: - Create Asset tickets

Authentication type: Personal Access Token

Availability level: Snyk Group

Dynatrace setup guide

Prerequisites

  • Use Dynatrace SaaS on the DPS licensing model.

  • The Dynatrace Kubernetes app is configured to monitor at least one cluster.

  • API token from a user with permissions to query entity model.

Comply with the following steps before integrating Dynatrace with Snyk AppRisk:

  1. Retrieve the account-uuid from your Dynatrace account. Navigate to https://myaccount.dynatrace.com/accounts and select the account whose environment you want to integrate into Snyk. Identify the account-uuid in the URL and save it for later use.

  2. Ensure you have OneAgent deployed in your Kubernetes environment. Navigate to Settings -> Environments and select the environment you want to integrate into Snyk. Save the environment ID for later use (available in the URL of the new window as well). Click Deploy OneAgent -> Kubernetes and follow the instructions. Ensure OneAgent is running in full-stack mode.

  3. Ensure your deployment is activated. On your environment's page, click Kubernetes , then Recommendations and activate the cluster where you deployed OneAgent.

  4. An OAuth client with the right permissions. Navigate to https://myaccount.dynatrace.com/accounts, then to Identity & access management , select OAuth clients and click Create client. Fill in the details and check the following permissions, then click Create client:

account-env-read
account-env-write
account-uac-read
account-uac-write
storage:bizevents:read
storage:bizevents:write
storage:bucket-definitions:delete
storage:bucket-definitions:read
storage:bucket-definitions:truncate
storage:bucket-definitions:write
storage:buckets:read
storage:entities:read
storage:events:read
storage:events:write
storage:fieldsets:read
storage:logs:read
storage:logs:write
storage:metrics:read
storage:metrics:write
storage:spans:read
storage:system:read

  1. Save the Client ID and Client secret for later and click Finish.

Required parameters

  1. Account UUID - the account-uuid of your Dynatrace account.

  2. Environment ID - the ID of the environment monitored in Dynatrace.

  3. OAuth client ID - the ID of the OAuth client created in the prerequisites.

  4. OAuth client secret - the secret of the OAuth client created in the prerequisites.

Integration Hub setup

  • Open the Integration Hub menu.

  • Select the Runtime tag and search for Dynatrace.

  • Click the Add button.

  • Edit the Profile name of your integration.

  • Enter the Account UUID.

  • Enter the Environment ID.

  • Enter the OAuth client ID.

  • Enter the OAuth client secret.

  • Click the Done button.

  • When the connection is established, the Dynatrace integration status changes to Connected.

Sysdig setup guide

Prerequisites

  • The account must have access to Sysdig Secure product.

  • Contact your Sysdig representative to activate the in-use packages feature flag

Required parameters

  • Account API Token - Here you can find details on how to retrieve your Sysdig API Token.

The Account API Token must be a Sysdig Secure API token and not a Sysdig Monitor API Token.

  • Region - Here you can find details about the Sysdig region URLs.

Integration Hub setup

  • Open the Integration Hub menu.

  • Select the Runtime tag and search for Sysdig.

  • Click the Add button.

  • Add the Profile name for this integration.

  • Add the Account API Token.

  • Set the Sysdig region.

  • Click the Done button.

  • When the connection is established, the status of the Sysdig integration is changed to Connected.

ServiceNow CMDB setup guide

Required Parameters

  1. Setup the host instance for the ServiceNow CMDB by following this example https://<INSTANCE_NAME>.service-now.com.

  2. Username and Password - Credentials for your ServiceNow CMDB instance.

  3. The CMDB configuration item class. The list can be found here: https://docs.servicenow.com/bundle/washingtondc-servicenow-platform/page/product/configuration-management/reference/cmdb-tables-details.html

  4. Repo URL - Add the URL of the repository.

  • This feature is only for the integration with ServiceNow CMDB

  • The data gathered by Snyk from ServiceNow CMDB will be correlated with the Repository Assets.

Integration Hub setup

  • Open the Integration Hub menu.

  • Select the App Context tag and search for ServiceNow CMDB.

  • Click the Add button.

  • Add the Host URL - this is your ServiceNow instance, use this format: https://<INSTANCE_NAME>.service-now.com

  • Add the Username and the Password- the username and password to access the ServiceNow CMDB instance

  • Add the Table name - select the configuration item class that Snyk AppRisk should onboard. Use this format cmdb_ci_<class>

  • Add the Repo URL - the specific URL that is being referred to in the ServiceNow CMDB record.

  • You can select one or more attributes related to repository assets and configure where Snyk AppRisk can take this attribute in ServiceNow CMDB. Example:

    • Category: application_type

    • Owner: business_unit

  • Click the Done button.

  • When the connection is established, the status of the Sysdig integration is changed to Connected.

PreviousBackstage file for SCM IntegrationsNextSnyk runtime sensor

Last updated

More information

Snyk privacy policy

© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.