Snyk
Snyk is a cybersecurity platform that scans for and surfaces vulnerabilities across your codebase. By integrating Snyk with Cortex, you can seamlessly map issues back to entities and their owners, driving a more comprehensive understanding of your architecture.
Cortex enhances the Snyk experience by aggregating issues into an entity's event timeline so they can be understood in the context of other events, like deploys and on-call incidents. Cortex can also measure entity quality based on Snyk data and drive quality improvements to your security practices.
Setup and configuration
Getting started
In order to connect Cortex to your Snyk instance, you’ll need to create a Snyk API token.
The token will need the following read permissions:
View Organization Reports: Lists reporting issue counts.View Organization: Allows Cortex to get a flattened list of all projects across all orgs.View Project History: Allows Cortex to get project history.View Project: Lists issues for a project.
Configuration
Once you've created an API token in Snyk, you can create a configuration from Snyk settings.
Enter the following details for your configuration:
API token: The API token you created in Snyk.
Region: The Snyk region in which your data are hosted. Note: the default region is USA.
If you’ve set everything up correctly, you’ll see the option to Remove Integration in settings.
You can also use the Test configuration button to confirm that the configuration was successful. If your configuration is valid, you’ll see a banner that says “Configuration is valid. If you see issues, please see documentation or reach out to Cortex support.”
You'll also see a list of detected organizations pulled from Snyk, along with the unique Snyk ID and internal name associated with each organization.
Registration
Discovery
Cortex uses the Git repository as the "best guess" for the corresponding Snyk project since Snyk projects are connected to repositories. Cortex will search for all Snyk projects across all Snyk organizations and pull in projects associated with the same repository. For example, if the GitHub repo associated with your Snyk instance is my-org/repo, then the entities in Cortex should also be associated with my-org/repo.
Entity descriptor
organization
The organizationID or organizationSlug in Snyk
✓
projectId
The projectID defined in Snyk
✓
source
You can define organization with the organization ID or its slug in Snyk.
Expected results
Once the Snyk integration is set up, you'll be able to find information about vulnerabilities for each entity linked to a discovered repo.
Entity pages
In the Issues and Vulnerabilities block on an entity details page, see an overview of vulnerability and issue information under the Code & Security block. Within this block, issues and vulnerabilities will be grouped by severity into Critical, High, Medium, and Low blocks. Clicking into any of these will open a list of all applicable issues/vulnerabilities.
Each block displays an icon in the corner to indicate the integration(s) that the data is pulled from.
In the left sidebar, click Code and Security > Snyk to view issues and vulnerabilities from Snyk. Because Snyk aggregates problems as "issues," data pulled in from Snyk will be listed as issues, while data pulled in from a Git source will be listed as vulnerabilities.
Vulnerabilities pulled from git sources display the project name and a severity tag. Each issue pulled from Snyk displays the following information, when available:
Title
Issue ID (linked to the issue in Snyk)
Publish date
Severity tag
Priority score tag
The name of the Issues and Vulnerabilities block will change depending on what data Cortex finds. If Cortex only detects vulnerabilities from a Git source, the block will display as Vulnerabilities. If it only finds issues from Snyk, it will display as Issues. When both are detected, you'll see Issues and Vulnerabilities.
Event timeline
Issues from Snyk and vulnerabilities detected in Git will populate in the entity's event timeline, which you can find from the Events tab in the sidebar. Issues and vulnerabilities will display alongside other events, like K8s changes, Git commits, and on-call incidents.
Integrations - Snyk
From the Integrations tab in the sidebar, you can open the Snyk page to find more detailed information about each issue. In addition to the above information, you can find the associated organization name and project name.
Scorecards and CQL
With the Snyk integration, you can create Scorecard rules and write CQL queries based on Snyk projects.
See more examples in the CQL Explorer in Cortex.
Snyk does not currently support aggregated issues in regions outside of the U.S.A. Please use .issues() rather than .numOfIssues() if in a non-U.S.A. region.
Background sync
Cortex fetches issues and vulnerabilities from Snyk and Git sources in real time. Depending on the volume of data, it may take additional time for the data to load on an entity page.
Projects from Snyk are synced every 6 hours.
Still need help?
The following options are available to get assistance from the Cortex Customer Engineering team:
Email: help@cortex.io, or open a support ticket in the in app Resource Center
Chat: Available in the Resource Center
Slack: Users with a connected Slack channel will have a workflow added to their account. From here, you can either @CortexTechnicalSupport or add a
:ticket:reaction to a question in Slack, and the team will respond directly.
Don’t have a Slack channel? Talk with your Customer Success Manager.
Last updated