Snyk runtime sensor

Release status

The Snyk runtime sensor is available in a Closed Beta state and is applicable only to the Snyk AppRisk Pro version.

Contact your salesperson if you are interested in Snyk AppRisk Pro.

The Runtime Sensor watches your deployments on a Kubernetes cluster and sends the collected data to Snyk.

Installation

There is a Helm chart within this repo in helm/runtime-sensor, that is hosted through GitHub pages in https://snyk.github.io/runtime-sensor.

Create a Kubernetes secret that contains the API token for the service account. The service account must have one of the following roles:

Group Admin
Custom Group Level Role with AppRisk edit permission enabled.

To install the Snyk runtime sensor using Helm Charts, you can follow these steps:

Ensure Helm is installed

Create the snyk-runtime-sensor namespace:

kubectl create namespace snyk-runtime-sensor

Create a secret with your service account token, which has the appropriate permissions under the created namespace:
```
kubectl create secret generic <<YOUR_SECRET_NAME>> --from-literal=snykToken=<<YOUR_TOKEN>> -n snyk-runtime-sensor
```

Add the Helm repo:

helm repo add runtime-sensor https://snyk.github.io/runtime-sensor

Install the Helm chart:

helm install my-runtime-sensor \
--set secretName=<<YOUR_SECRET_NAME>> \
--set clusterName=<<CLUSTER_NAME>> \
--set snykGroupId=<<YOUR_GROUP_ID>> \
-n snyk-runtime-sensor \
runtime-sensor/runtime-sensor

Troubleshooting

In case the is_loaded risk factor is not properly reported by the sensor, it may be caused by a non-default value of the Linux kernel perf_event_paranoid configuration. In such cases, install the helm chart with either --set securityContext.privileged=true or add SYS_ADMIN as a required Linux capability --set "securityContext.capabilities={SYS_ADMIN}".

Release versions can be found on GitHub.

PreviousConnect a third-party integration NextInventory for Snyk AppRisk

Last updated 3 days ago