Snyk runtime sensor
Release status
The Snyk runtime sensor is available in a Closed Beta state and is applicable only to the Snyk AppRisk Pro version.
Contact your salesperson if you are interested in Snyk AppRisk Pro.
The Runtime Sensor watches your deployments on a Kubernetes cluster and sends the collected data to Snyk.
Installation
There is a Helm chart within this repo in helm/runtime-sensor, that is hosted through GitHub pages in https://snyk.github.io/runtime-sensor
.
Create a Kubernetes secret that contains the API token for the service account. The service account must have one of the following roles:
Group Admin
Custom Group Level Role with
AppRisk edit
permission enabled.
To install the Snyk runtime sensor using Helm Charts, you can follow these steps:
Ensure Helm is installed
Create the
snyk-runtime-sensor
namespace:Create a secret with your service account token, which has the appropriate permissions under the created namespace:
Add the Helm repo:
Install the Helm chart:
Troubleshooting
In case the
is_loaded
risk factor is not properly reported by the sensor, it may be caused by a non-default value of the Linux kernelperf_event_paranoid
configuration. In such cases, install the helm chart with either--set securityContext.privileged=true
or addSYS_ADMIN
as a required Linux capability--set "securityContext.capabilities={SYS_ADMIN}"
.
Release versions can be found on GitHub.
Last updated